Live Search View

The Live Search view provides the ability to browse the configured Live CMS for resources. Once matching resources are found, you can view details, subscribe to resources, and deploy resources to services and service groups.

Note: If you are logged into an Analyst UI, you can only view but cannot enable, disable, edit, or configure NetWitness Live.

This is an example of the Search view.

The Live Search view has a panel for specifying search criteria and a panel that displays matching resources. The Search Criteria panel is collapsible to provide more width for viewing the Matching Resources panel.

Search Criteria Panel

This is an example of the Search Criteria panel.

The following table provides descriptions of the Search Criteria panel features.

Feature	Description
Keyword(s)	Enter a keyword or keywords to browse for resources that have the keyword in the resource name or the resource description. You can use wildcards when you enter a keyword.
Category	The categories mirror the hierarchical Investigation Model that NetWitness uses to organize resources. The purpose of the Investigation model is to deliver an accurate path to information security incident response. For more information, see the Investigation Model topic in the NetWitness Content space on NetWitness Community.
Resource Types	Select resources types from the drop-down list to filter resources by type of resource. Possible values are: Advanced Analytics (Warehouse) Application Rule Bundle Correlation Rule Event Stream Analysis Rule Feed FlexParser Investigation Column Group Investigation Meta Group Investigation Profile Log Collector Log Device Lua Parser Malware Rules NetWitness List NetWitness Report NetWitness Rule (Latest Versions) Health and Wellness Monitors Note: Some rules that have been deployed to an earlier version of NetWitness may not deploy or execute on NetWitness. For more information, see the Troubleshooting Live Services.
Medium	Select one or more mediums from the drop-down list to search for content based on the meta data source. Available values for medium are as follows: endpoint: for NetWitness lates versions: applied to content that uses meta derived from endpoint agent and endpoint server data log: applied to content that uses meta derived from log data packet: applied to content that uses meta derived from network packets log and packet: applied to content that correlates meta derived across log and packet data
Tags	Select meta tags from the drop-down list to browse based on how the meta is tagged. For example, to browse resources for a Log Decoder, select the netwitness for logs tag. Alternatively, you can click a tag in the Matching Resources panel to insert that tag in this field.
Required Meta Key(s)	Enter a specific meta key; for example, threat.source. Alternatively, you can click a meta key in the Matching Resources panel to insert that tag in this field.
Generated Meta Value(s)	Enter a generated meta value; for example, netwitness. Alternatively, you can click a generated meta key in the Matching Resources panel to insert that tag in this field.
Research Created Date	Specify a date range during which resources were created. For example, to browse resources that were created between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in mm/dd/yyyy format or you click and pick dates from a calendar.
Research Modified Date	Specify a date range during which resources were modified. For example, to browse resources that were modified between January 1 and January 4, you select January 1 as the start date and January 4 as the end date. You must enter dates in mm/dd/yyyy format or you click and pick dates from a calendar.
Search	Click Search to send the search request to the Live server. More specific search criteria return matching resources more quickly.
Cancel	Click Cancel to cancel the search in progress.
Include Discontinued Resources	Check Include Discontinued Resources to include the discontinued resources in the search result. For an up-to-date list of resources that have been discontinued, see the Discontinued Content topic.

Matching Resources Panel

The Matching Resources panel displays search results based on the selections made in the Search Criteria panel. Results are initially displayed in a grid, but you can switch between two Show Results options: Detailed or Grid.

Detailed Results

In the detailed results, you can click a tag, meta key, or resource meta value to auto fill the Search Criteria panel and pivot the search results.

The following table describes the elements in the detailed results.

Feature	Description
Resource Type Icon	A graphic representation of the resource type. For example .
Name	The name of the resource, for example, Group Management. Note: (Discontinued) is displayed next to the resource name if a resource is discontinued.
Type	The type of the resource, for example, Rule.
Updated	The date when the resource was last updated, for example, 2015-09-15 4:27 PM.
Version	The version of the resource, for example, 0.1.
Size	The size of the resource, for example, 153 B.
Subscribed	Subscription status: yes: This NetWitness instance is subscribed to this content resource. no: This NetWitness instance has not subscribed to this content resource.
Description	The description of the resource, for example, Compliance Rule-Group Management.
Tags	The tags that apply to the resource. Clicking a tag narrows the search to resources with that tag. For example, .
Meta Keys	The meta keys that apply to the resource. Clicking a meta key narrows the search to resources with that meta key. For example, .
Resource Meta Values	The meta values generated by the resource. Clicking a meta value narrows the search to resources that generated the meta value. For example, .

Grid Results

In the grid view, you can select one or more resources and use additional options in the toolbar to view the details of a single resource, subscribe to resources, and deploy resources.

The following table describes the elements in the grid results.

Feature	Description
Subscribed	Subscription status: yes: This NetWitness instance is subscribed to this content resource. no: This NetWitness instance has not subscribed to this content resource.
Name	The name of the resource, for example, Group Management. Note: The resource name is displayed in red color if it is discontinued.
Created	The date when the resource was created, for example, 2015-08-12 3:11 PM.
Updated	The date when the resource was last updated, for example, 2015-09-15 4:27 PM.
Type	The type of the resource, for example, Rule.
Discontinued	The status of the discontinued resources: yes: The resource that matches the search criteria is discontinued no: The resource is not discontinued --: The Live Server is not checked for the discontinued resources
Description	The description of the resource, for example, Compliance Rule-Group Management.
Toolbar
	This menu offers two ways to view search results: Detailed and Grid.
	This option applies to a single selected resource. Clicking Details opens the selected resource in the Live Resource view.
	This option applies to one or more selected resources.
	This option applies to one or more selected resources. Clicking Subscribe opens a dialog that asks for confirmation that you want to receive notification when the selected resources are updated.
	This menu offers two packaging functions for the selected resources: Create: creates a resourceBundle.zip file that contains the selected resources and opens a dialog in which you can either: open the file, or save the file for subsequent deployment. Deploy: opens the Deployment Wizard, in which you can choose a resourceBundle.zip file and deploy it.

NetWitness Community

Table of Contents

Product Resources

Live Search View

Search Criteria Panel

Matching Resources Panel

Detailed Results

Grid Results

See Also

On this page