NetWitness Platform Online Documentation

Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.

Options

Subscribe to RSS Feed

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

Versions

Collections

All Downloads

Release Notes
Getting Started
Install and Upgrade
Configure and Manage
Investigate and Respond
Develop and Integrate
Getting Help with NetWitness

Refining the Results SetRefining the Results Set

When conducting an investigation, results load faster and it is easier to find what you are looking for if you refine the results to get a smaller number of results. In addition, limiting the time range and submitting a good query gives you more relevant results to answer the question at hand. Use a combination of the methods described in the rest of this section to get the information you need quickly.

Use Meta Groups to Focus on Relevant Meta Keys
Use Columns and Column Groups in the Events List
Use Query Profiles to Encapsulate Common Areas for Investigation
Filter Results in the Events View
Filter Results in the Navigate View
Filter Results in the Legacy Events View
Create a Query in the Navigate and Legacy Events Views
View and Modify Queries Using URL Integration
Search for Text Patterns in the Navigate and Legacy Events Views

NetWitness Community

Table of Contents

Product Resources

Refining the Results SetRefining the Results Set

On this page