Manage Event Source Tab

The Manage Event Source screen has several integrated components that present different perspectives of an event source.

  • Show Event Source Details
  • Add attribute values to an event source
  • Remove attribute values for an event source

To view the Manage Event Source screen for an event source:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Event Sources.
  2. Select the Manage tab.
  3. From the Event Sources pane, select an event source from the list and click + .


This workflow shows the end-to-process for modifying, acknowledging, mapping, and configuring event sources, along with viewing and configuring event source alarms and alerts.


What do you want to do?

Role I want to... Documentation


Create an event source group that contains all the high priority event sources.

Creating Event Source Groups


Edit event source attributes.

Creating an Event Source and Editing Attributes

Related Topics

Creating Event Source Groups

Creating an Event Source and Editing Attributes

Quick Look

This is an example of the Event Source tab:


This table describes event source attribute categories.

Attribute Section Description


These attributes are the main attributes that collectively identify an event source.

You can only change these attributes when you are specifying the details for a new event source.

For an existing event source, the attributes in this section are auto-populated, and cannot be changed while on this screen.

Attributes available for a new event source:

  • IP
  • IPv6
  • Hostname
  • Event Source Type
  • Log Collector
  • Log Decoder

The following attributes are displayed when viewing the details for an existing event source:

  • Last Seen Time: this is the last time there was communication between NetWitness and the event source
  • Idle Time: this is the amount of time elapsed since the Last Seen Time. This time can be useful if you want to filter event sources that have been inactive for a certain duration.
  • Total Count: total count of all event sources for this Event Source Type.


These attributes provide the name and description.

  • Name
  • DNS Hostname
  • Description


These attributes can be used for grouping by priority.

  • Priority
  • Criticality
  • Compliance


These attributes can be used for grouping by zone.

  • WAN (Wide Area Network)
  • LAN (Local Area Network)
  • Security
  • Operational


These attributes can be used to group by the physical or geographical location.

  • Country
  • State
  • County
  • Province
  • City
  • Campus
  • Postal Code
  • Building
  • Floor
  • Room

These attributes can be used to group by organization, and also to provide contact information.

  • Company
  • Division
  • Business Unit
  • Department
  • Group
  • Contact
  • Contact Phone
  • Contact Email


These attributes specify those responsible for the event source.

  • Manager
  • Primary Administrator
  • Backup Administrator


These attributes specify the physical properties for the event source.

  • Vendor
  • Serial Number
  • Asset Tag
  • Voltage
  • UPS Protected
  • Rack Height
  • Depth
  • BTU Output
  • Color


These attributes can be used to group by function.

  • Primary Role
  • Sub Role 1
  • Sub Role 2

System Information

These attributes specify system information.

  • Domain Name
  • System Name
  • Identifier
  • System Description


This section provides eight custom attributes, for any other attributes that your organization might need.


The settings in the Manage Event Source tab are a combination of auto-populated and user-entered information. When an event source sends log information to NetWitness, it is added to the list of event sources, and some basic information is auto-populated. At any time after that, users can add or edit details for other event source attributes.

This figure shows an example of the Identification, Properties, and Importance sections.


This figure shows an example of the Zone, Location, and Organization sections.