The Response Actions History view consists of a Filters panel, Response Actions History List, and an Overview panel.
Response Actions History Filters Panel
You can apply the following filters to view the history of the Response Actions of your interest.
-
Response Actions Name
-
Meta Value
-
Response Actions execution Status
-
User who executed the Response Action
-
Time duration between which the Response Action was executed
The following table lists all the fields displayed in the Response Actions History Filters Panel.
| Fields | Description |
|---|---|
| Name | Allows you to enter the name of the required Response Action. |
| Meta Value | Allows you to enter the value of the meta key associated with the Response Action. |
| Status | Allows you to filter the Response Action on the basis of the execution status. For example: If you could successfully send the meta and other parameters to the connector after executing the Response Action, you can select Success status to filter the required ResponseAction and vice-versa. |
| Executed By | Allows you to filter the Response Action on the basis of the user who executed the Response Action. |
| Executed On | Allows you to select the time duration between which the Response Action was executed. |
Response Actions History List
The Response Actions History List displays the history of all the Response Actions executed in the NetWitness Platform.
The following table describes the columns in the Response Actions History List.
| Columns | Description |
|---|---|
| Executed On | Displays the date and time when the Response Action was last executed. For example: 12/11/2023 05:06am |
| Name | Displays the name of all the Response Actions executed. |
| Connector | Displays the name of the third party tool for which the particular Response Action was executed. For example: ThreatConnect |
| Meta Key | Displays the list of meta keys for which the Response Action was executed. For example: ip.src |
| Meta Value | Displays the value of the meta key for which the Response Action was executed. For example: 10.125.237.89 |
| Status | Displays the status of the execution of Response Action. For example: Success and Failed. |
| Executed By | Displays the name of the user who executed the Response Action last time. |
Response Actions History Overview panel
When you click any row in the Response Actions History List, the Overview panel is displayed on the right side of the Response Actions History view which shows the basic summary information about the particular Response Action executed. The following fields and parameters are displayed in the Overview panel.
-
Name: This field displays the name of the Response Action executed.
For example: If you provided Block IP as the Response Action name while executing the Response Action, the same Block IP name will be displayed in the Name field in the Response Actions History Overview panel.
-
Connector: This field displays the connector name associated with the Response Action executed.
For example: ThreatConnect.
-
Meta Value: This field displays the meta value associated with the Meta Key.
For example: If the supported Meta Key is ip.src, the meta value will be displayed in the form of an IP address such as 10.125.246.29.
-
Meta Key: This field displays the supported Meta Key for which the particular Response Action was executed.
For example: ip.src and mac_address.
-
Status: This field displays the status of the Response Action executed.
For example: If the meta key and the additional parameters are forwarded to the connector successfully, the Status field displays Success. If the meta key and the additional parameters are not forwarded to the connector after performing the Quick Action, the Status field displays Failed.
-
Executed By: This field displays the name of the user who executed the Response Action last time.
-
Executed On: This field displays the Date and Time when the Response Action was last executed
For example: 12/19/2023 07:32:01 am
-
Additional Parameters such as Parameter Key and Parameter Label that are posted to the connector.
For example: The Data Posted section in the Response Actions History Overview panel displays the meta keys and additional parameters posted to the connector.
-
Comment provided during the execution of the Response Action.
For example: Post the parameters and the meta key to ThreatConnect.
