Live Search Content View
The Live Search Content view provides the ability to search the configured Live CMS for content. Once matching content are found, you can view the details, and download the content.
This is an example of the Search Content view.
The Live Search Content view has a panel for selecting the source and specifying search content. The matching content are displayed on the right panel.
The following table provides descriptions of the Live Search Content panel features.
| Feature | Description |
|---|---|
| NetWitness |
Select NetWitness from the Source drop-down menu to search for the content that is provided by NetWitness Platform Live. |
| Community | Select Community from the Source drop-down menu to search for the content collected and retrieved from third party and open source communities. |
| New | Select New to retrieve the content which is created in the last 21 days. |
| Recently Updated |
Select Recently Updated to retrieve the content which is updated in the last 21 days. |
FirstWatch Content Panel
This is an example of the FirstWatch Content panel.
The following table provides descriptions of the FirstWatch Content panel features.
| Feature | Description |
|---|---|
| New | Select New to retrieve the FirstWatch content which is created in the last 21 days |
| All |
Select All to retrieve complete list of the FirstWatch content. |
Search Content Panel
This is an example of the Search Content panel.
The following table provides descriptions of the Search Content panel features.
| Feature | Description |
|---|---|
| Show Only FirstWatch Content | Click the Show Only FirstWatch Content checkbox to include only the FirstWatch content in the search results. The Show Only FirstWatch Content option is only applicable for the content displayed in the NetWitness tab. |
| Keywords | Enter a keyword or keywords to browse for content that have the keyword in the resource name or the resource description. You can use wildcards when you enter a keyword. |
| Resource Types |
Select resources types from the drop-down list to filter resources by type of resource. Possible values are:
|
|
Mediums |
Select one or more mediums from the drop-down list to search for content based on the meta data source. Available values for medium are as follows:
|
|
Risk |
Select the level of risk of the content from the drop-down list to view. Available are High, Medium, and Low.
|
|
Tags |
Select meta tags from the drop-down list to browse based on how the meta is tagged. For example, to browse content for a Log Decoder, select the netwitness for logs tag. |
|
Platform Versions |
Select one or more platform versions from the drop-down list to search for content based on the versions. For example, 12.5. |
|
ATT&CK Tactics |
Select one or more platform Mitre ATT&CK tactics from the drop-down list. For example, Command and Control: TA0011. |
| ATT&CK Techniques |
Select one or more platform Mitre ATT&CK techniques from the drop-down list. For example, DNS: T1071.004. |
| Required Meta Keys | Enter a specific meta key. For example, threat.source. |
|
Generated Meta Values |
Enter a generated meta value. For example, rsa-firstwatch. |
| Created Date | Specify a date range during which content were created. For example, to browse content that were created between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in yyyy/mm/dd format or you click  and pick dates from a calendar. |
|
Modified Date |
Specify a date range during which content were modified. For example, to browse content that were modified between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in yyyy/mm/dd format or you click |
| Search | Click Search to send the search request to the Live server. More specific search criteria return matching content more quickly. |
|
Reset Filter |
Click Reset Filter to reset the existing search results and displays all the content on the right panel. |
| Include Discontinued |
Click the Include Discontinued checkbox to include the discontinued content in the search result. For an up-to-date list of content that have been discontinued, see the Discontinued Content topic. |
Search Results Panel
The Search Results panel displays search results based on the selections made in the Search Content panel.
This is an example of the Search Results panel.
The following table describes the elements in the search results panel.
| Feature | Description |
|---|---|
| Name |
The name of the content. For example, Log Parser Pack. |
| Created | The date when the content was created. For example, 04-Aug-2017 15:19:06. |
|
Updated |
The date when the content was last updated. For example, 29-Sep-2020 20:27:14. |
| Type | The type of the content. For example, Bundle. |
|
Min Platform Version |
Platform version that the content supports. For example, 12.5 |
|
Description |
The description of the content. For example, Contains all parser files and log collection files. |
| Discontinued |
The status of the discontinued content:
|
Content Details Panel
In the Search Results panel, you can select any content titles to view the details in the pop-up window and download the content.
Note: NetWitness provides no assurance related to the quality and accuracy of the content provided by the third parties and open source communities.
This is an example of the Content Details panel.
The following table describes the elements in the Content Details section.
| Feature | Description |
|---|---|
| Name |
The name of the content. For example, Log Parser Pack. |
| Type | The type of the content. For example, Bundle. |
| Created | The date when the content was created. For example, 04-Aug-2017 15:19:06. |
|
Updated |
The date when the content was last updated. For example, 29-Sep-2020 20:27:14. |
|
Description |
The description of the content. For example, Contains all parser files and log collection files. |
|
Risk |
The level of severity for the Content. For example, High.
|
|
Tactics |
The particular tactics associated with the content. For example, Command and Control: TA0011. |
|
Techniques |
The particular techniques associated with the content. For example, DNS: T1071.004. |
| Version on Production | The version of the content. For example, 0.5. |
|
Size |
The size of the content. For example, 14.96 KB. |
| Required Resources | A list of resources on which this resource depends. For example, NetWitness Lua Library. Clicking a resource replaces the currently displayed details with the details of the one you clicked in the pop-up window. |
|
Tags |
The tags that apply to the content. For example, threat. Clicking a tag opens the Live Search Content view with the search narrowed to match content with that tag. |
| Required Meta Keys | The meta keys that apply to the content. For example, Threat Category. Clicking a meta key opens the Live Search Content view with the search narrowed to match content with that meta key. |
|
Generated Meta Values |
The meta values that the content generates. For example, rsa-firstwatch. Clicking a meta value opens the Live Search Content view with the search narrowed to match content with that meta value. |
|
OOTB |
The content provided NetWitness Platform Live. |
| Discontinued |
The status of the discontinued content:
|
My Content Panel
Following task you can perform on the My Content panel.
- Upload Content
- Delete Content
- Download Content
This is an example of the My Content panel.
The following table describes the elements in the My Content section.
| Feature | Description |
|---|---|
| Name |
The name of the uploaded content. For example, Logtest. |
| Created | The date when the content was created. For example, 04-Aug-2017 15:19:06. |
| Type | The type of the content. For example, Log Device. |
| Industry Sector | The industry sector the content belongs to. For example, Defense Industrial Base. |
| Status | The status of the uploaded content. Available statuses are Under Review, Published, Rejected, and Failed. |
| Min Platform Version | Platform version that the content supports. For example, 12.5.0.0. |
