Manage Event Source Tab

The Manage Event Source screen has several integrated components that present different perspectives of an event source.

Show Event Source Details
Add attribute values to an event source
Remove attribute values for an event source

To view the Manage Event Source screen for an event source:

Go to (Admin) > Event Sources.
Select the Manage tab.
From the Event Sources pane, select an event source from the list and click + .

Workflow

This workflow shows the end-to-process for modifying, acknowledging, mapping, and configuring event sources, along with viewing and configuring event source alarms and alerts.

What do you want to do?

Role	I want to...	Documentation
Administrator	Create an event source group that contains all the high priority event sources.	Creating Event Source Groups
Administrator	Edit event source attributes.	Creating an Event Source and Editing Attributes

Related Topics

Creating Event Source Groups

Creating an Event Source and Editing Attributes

Quick Look

This is an example of the Event Source tab:

12.1_NewEsTb_1122.png

This table describes event source attribute categories.

Attribute Section	Description
Identification	These attributes are the main attributes that collectively identify an event source. You can only change these attributes when you are specifying the details for a new event source. For an existing event source, the attributes in this section are auto-populated, and cannot be changed while on this screen. Attributes available for a new event source: IP IPv6 Hostname Event Source Type Log Collector Log Decoder The following attributes are displayed when viewing the details for an existing event source: Last Seen Time: this is the last time there was communication between NetWitness and the event source Idle Time: this is the amount of time elapsed since the Last Seen Time. This time can be useful if you want to filter event sources that have been inactive for a certain duration. Total Count: total count of all event sources for this Event Source Type.
Properties	These attributes provide the name and description. Name DNS Hostname Description
Importance	These attributes can be used for grouping by priority. Priority Criticality Compliance
Zone	These attributes can be used for grouping by zone. WAN (Wide Area Network) LAN (Local Area Network) Security Operational
Location	These attributes can be used to group by the physical or geographical location. Country State County Province City Campus Postal Code Building Floor Room
Organization	These attributes can be used to group by organization, and also to provide contact information. Company Division Business Unit Department Group Contact Contact Phone Contact Email
Owner	These attributes specify those responsible for the event source. Manager Primary Administrator Backup Administrator
Physical	These attributes specify the physical properties for the event source. Vendor Serial Number Asset Tag Voltage UPS Protected Rack Height Depth BTU Output Color
Function	These attributes can be used to group by function. Primary Role Sub Role 1 Sub Role 2
System Information	These attributes specify system information. Domain Name System Name Identifier System Description
Custom	This section provides eight custom attributes, for any other attributes that your organization might need.

Features

The settings in the Manage Event Source tab are a combination of auto-populated and user-entered information. When an event source sends log information to NetWitness, it is added to the list of event sources, and some basic information is auto-populated. At any time after that, users can add or edit details for other event source attributes.

This figure shows an example of the Identification, Properties, and Importance sections.

This figure shows an example of the Zone, Location, and Organization sections.

NetWitness Community

Table of Contents

Product Resources

Manage Event Source Tab

On this page