Live Search Content View

The Live Search Content view provides the ability to search the configured Live CMS for content. Once matching content are found, you can view the details, and download the content.

This is an example of the Search Content view.

netwitness_121_rsapanel_1122_1193x524.png

netwitness_121_communitypanel_1122_1193x344.png

The Live Search Content view has a panel for selecting the source and specifying search content. The matching content are displayed on the right panel.

The following table provides descriptions of the Live Search Content panel features.

Feature Description
NetWitness

Select NetWitness from the Source drop-down menu to search for the content that is provided by NetWitness Platform XDR Live.
Community Select Community from the Source drop-down menu to search for the content collected and retrieved from third party and open source communities.

Only Opensource

Select the Only Opensource checkbox to retrieve the content from the open-source communities.

Note: When the community is selected as the source, the Only Opensource option will be displayed under the Search Content Panel to select and search for open source-related content.
New Select New to retrieve the content which is created in the last 21 days.
Recently Updated

Select Recently Updated to retrieve the content which is updated in the last 21 days.

Search Content Panel

This is an example of the Search Content panel.

netwitness_121_livecloudsearch_1122_310x757.png

The following table provides descriptions of the Search Content panel features.

Feature Description
Keywords Enter a keyword or keywords to browse for content that have the keyword in the resource name or the resource description. You can use wildcards when you enter a keyword.
Resource Types

Select resources types from the drop-down list to filter resources by type of resource. Possible values are:

  • Application Rule
  • Feed
  • Log Device
  • Correlation Rule
  • NetWitness Rule
  • NetWitness Report
  • Lua Parser
  • Log Collector
  • NetWitness List
  • Malware Rules
  • Event Stream Analysis Rule
  • Advanced Analytics (Warehouse)
  • Bundle
  • Health and Wellness Dashboards
  • Health and Wellness Monitors
  • Investigate Profile
  • Investigate Column Group
  • Investigate Meta Group

Mediums

Select one or more mediums from the drop-down list to search for content based on the meta data source.

Available values for medium are as follows:

  • endpoint: for 11.3 and higher): applied to content that uses meta derived from endpoint agent and endpoint server data

  • log: applied to content that uses meta derived from log data

  • packet: applied to content that uses meta derived from network packets

  • log and packet: applied to content that correlates meta derived across log and packet data.

Tags

Select meta tags from the drop-down list to browse based on how the meta is tagged. For example, to browse content for a Log Decoder, select the netwitness for logs tag.

Platform Versions

Select one or more platform versions from the drop-down list to search for content based on the versions. For example, 11.5.
Required Meta Keys Enter a specific meta key. For example, threat.source.

Generated Meta Values

Enter a generated meta value. For example, rsa-firstwatch.
Created Date Specify a date range during which content were created. For example, to browse content that were created between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in yyyy/mm/dd format or you click netwitness_dateformat1_14x13.png and pick dates from a calendar.

Modified Date

Specify a date range during which content were modified. For example, to browse content that were modified between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in yyyy/mm/dd format or you click netwitness_dateformat1_14x13.png and pick dates from a calendar.
Search Click Search to send the search request to the Live server. More specific search criteria return matching content more quickly.

Reset Filter

Click Reset Filter to reset the existing search results and displays all the content on the right panel.
Include Discontinued

Check Include Discontinued to include the discontinued content in the search result. For an up-to-date list of content that have been discontinued, see the Discontinued Content topic.

Search Results Panel

The Search Results panel displays search results based on the selections made in the Search Content panel.

This is an example of the Search Results panel.

netwitness_121_plt1_1122_1576x548.png

The following table describes the elements in the search results panel.

Feature Description
Name

The name of the content. For example, Log Parser Pack.
Created The date when the content was created. For example, 04-Aug-2017 15:19:06.

Updated

The date when the content was last updated. For example, 29-Sep-2020 20:27:14.
Type The type of the content. For example, Bundle.

Min Platform Version

Platform version that the content supports. For example, 11.5 and higher.

Note: Min Platform Version is not applicable for Community content.

Description

The description of the content. For example, Contains all parser files and log collection files.
Discontinued

The status of the discontinued content:

  • Yes: The content that matches the search criteria is discontinued
  • No: The content is not discontinued

Content Details Panel

In the Search Results panel, you can select any content titles to view the details in the pop-up window and download the content.

Note: NetWitness provides no assurance related to the quality and accuracy of the content provided by the third parties and open source communities.

This is an example of the Content Details panel.

netwitness_detailresultspanel2_402x430.png

The following table describes the elements in the Content Details section.

Feature Description
Name

The name of the content. For example, Log Parser Pack.
Type The type of the content. For example, Bundle.
Created The date when the content was created. For example, 04-Aug-2017 15:19:06.

Updated

The date when the content was last updated. For example, 29-Sep-2020 20:27:14.

Description

The description of the content. For example, Contains all parser files and log collection files.
Version on Production The version of the content. For example, 0.5.

Size

The size of the content. For example, 14.96 KB.
Required Resources A list of resources on which this resource depends. For example, NetWitness Lua Library. Clicking a resource replaces the currently displayed details with the details of the one you clicked in the pop-up window.

Tags

The tags that apply to the content. For example, threat. Clicking a tag opens the Live Search Content view with the search narrowed to match content with that tag.
Required Meta Keys The meta keys that apply to the content. For example, Threat Category. Clicking a meta key opens the Live Search Content view with the search narrowed to match content with that meta key.

Generated Meta Values

The meta values that the content generates. For example, rsa-firstwatch. Clicking a meta value opens the Live Search Content view with the search narrowed to match content with that meta value.
Discontinued

The status of the discontinued content:

  • Yes: The content that matches the search criteria is discontinued
  • No: The content is not discontinued