Services View

You set up and maintain the NetWitness services in the Services view. In the Services view, you can:

• Quickly search for and locate a specific service or type of service, such as Log Decoder or Warehouse Connector.
• Use shortcuts to get to administration tasks.
• Add, edit, and remove services.
• Sort services by name and host.
• Filter services by type, name, and host.
• Start, stop, and restart services.

A service performs a unique function, such as collecting logs or archiving data. Each service runs on a dedicated port and is modeled as a plug-in to enable or disable, according to the function of the host. You must configure the following Core services first.

Services	Notes
NW Server
Admin Config Content Integration Investigate License Orchestration Reporting Engine Respond Security Response Actions	Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server Resides within the NW Server
Analyst UI
Broker Investigate Server NetWitness UI Reporting Engine Respond Server	Implemented with the Analyst UI Implemented with the Analyst UI Implemented with the Analyst UI Implemented with the Analyst UI Implemented with the Analyst UI
Archiver
Archiver Workbench	Core Service
Broker
Broker	Core Service
Concentrator
Concentrator	Core Service
Endpoint
Endpoint Server
Endpoint Broker
Endpoint Broker Server
Endpoint Log Hybrid
Log Collector Log Decoder Endpoint Server Concentrator	Core Service Core Service Core Service
ESA Primary
Contexthub ESA Correlation
ESA Secondary
ESA Correlation
Log Collector
Log Collector	Core Service
Log Decoder
Log Collector Log Decoder	Core Service
Log Hybrid
Log Collector Log Decoder Concentrator	Core Service Core Service
Log Hybrid - Retention	Deployed on Series 6 Hybrid hardware with Log Hybrid-Retention Optimization.
Log Collector Log Decoder	Core Service
Malware Analysis
Malware Analysis Broker	Core Service
Network Decoder
Decoder (Packets)	Core Service
Network Hybrid
Concentrator Network Decoder	Core Service Core Service
New Health and Wellness
Metrics Server
UEBA
UEBA
Warehouse Connector
Warehouse Connector	Command line installation

You must configure hosts and services to communicate with the network and each other so they can perform their functions such as storing or capturing data. For information about ports and a comprehensive list of ports for all services, see "Network Architecture and Ports" in the Deployment Guide for NetWitness Platform. Go to the NetWitness All Versions Documents page and find NetWitness Platform guides to troubleshoot issues.

Workflow

This workflow shows the procedures you complete to set up and maintain a service. Adding a service to a host is the first task in this workflow. The hosts with Core services are set up out-of-the-box. After that, you can set up additional services on hosts to enhance your NetWitness deployment.

What do you want to do?

User Role	I want to...	Documentation
Administrator	set up a host.	Setting Up a Host
Administrator	maintain a host.	Maintaining Hosts
Administrator	maintain a service.*	Maintaining Services

* You can perform these tasks in the current view.

Related Topics

• View Topology Details
• Hosts View
• Hosts and Services Set Up Procedures
• Hosts and Services Maintenance Procedures

See the following NetWitness guides for detailed information on individual services. Go to the NetWitness All Versions Documents page and find NetWitness Platform guides to troubleshoot issues.

Archiver Configuration Guide

Broker and Concentrator Configuration Guide

Context Hub Configuration Guide

Decoder Configuration Guide

Endpoint Configuration Guide

Event Stream Analysis (ESA) Configuration Guide

Malware Analysis Configuration Guide

Log Collection Configuration Guide

Malware Analysis Configuration Guide

Reporting Engine User Guide

NetWitness Respond Configuration Guide

NetWitness UEBA User Guide

Workbench Configuration Guide

Warehouse Connector Configuration Guide

Response Actions Configuration Guide

Quick Look

This is an example of the Services view.

1	Groups Panel Toolbar - Provides options to work with service groups in the list.
2	Groups Panel - Lists all service groups currently in your deployment.
3	Services List Toolbar - Provides options to work with the Services list.
4	Services List - Lists all services currently in your deployment.

Groups Panel Toolbar

Feature	Description
	Displays a new row in the Groups panel in which you enter the name of a new group.
	Asks for confirmation that you want to delete the group. You can confirm or cancel the deletion.
	Opens the field for renaming the selected preexisting group. You can also double click on the group name in the Groups panel to rename the group. Changes take effect immediately.
	Refreshes the Groups panel to reflect the changes and goes back to the All group view. Changes take effect immediately.

Groups Panel

The Groups panel provides a logical way to manage groups of services, such as by function, geography, or project. After you create a group, you can drag individual services from the Services panel into the group. A service may belong to more than one group.

Column Title	Description
Name	The service groups are displayed in the Groups panel. The number next to each group name displays the number of hosts that added to the group.

 

Services List Toolbar

This topic introduces the options in Services list toolbar to add, remove, edit, and get a license for services. You can also filter the services listed in the Services list.

To access the Admin Services view, in NetWitness, go to (Admin) > Services. The Services list toolbar is at the top of the Services list in the Services view.

Feature	Description
	Adds a service for your deployment of NetWitness to manage. See Step 2. Install a Service on a Host.
	Deletes a service from your deployment of NetWitness. See Edit or Delete a Service.
	Edits service identification and basic communication settings.
	Filters the services listed in Services view. In the Filter drop-down list, you can filter the services by one or more selected service types. In the Filter field, you can filter the services by Name and Host. You can use the Filter drop-down list and the Filter field at the same time to filter the services listed in the Services view.

Services List

Column	Description
	Select the service by clicking the corresponding checkbox in this column. To select all of the services, select the checkbox in the header.
Online/Offline Indicator	Displays if the service is online. Displays if the service is offline.
Name	Displays the name of the service that was given when the service was installed. This column is organized in alphabetical order by default. Click the Name column title to view in reverse alphabetical order.
Licensed	Displays if the service is licensed. Displays if the service is not licensed. If one or more services are not licensed, a red banner will appear at the top of the screen that will prompt you to fix this.
Host	Displays the host name that the service belongs to.
Type	Displays the service type.
Version	Displays the version that the service is currently on.
Actions	Use drop-down list to: Navigate to the different service views (System, Stats, Config, Explore, Logs, Security) See View Topology Details for more information. Delete, edit, start, stop, and restart a service. See Start, Stop, or Restart a Service for more information.

Topics

• Edit Service Dialog
• Services Config View
• Services Explore View
• Services Logs View
• Services Security View
• Services Stats View
• Services System View