Tree View

A NetWitness service, such as security-server or investigate-server, is a collection of components working together to implement the goals of the service. This topic describes the support for exposing these components and their associated elements (for example, configuration parameters, metrics, API methods, health checks, and so on) in a tree-view. The tree-view is a hierarchically-nested arrangement of tree-nodes, each of which corresponds to a distinct functional area of the service. The arrangement enables the end-user to navigate the nodes at run-time and to explore the current state of the service. See Shell for an interactive tool that uses the tree-view.


The tree-view implements the following features:

  • Supports encapsulation of functionally related elements under the same tree-node.

  • Supports hierarchical linkage of tree-node s to enable navigation from one node to another.


The current implementation of the tree-view is described in the following sections.

Node Types

The tree-view is comprised of tree-node instances taken from the following types.

Type Represents
Component A service component with associated configurations, metrics, health, APIs, etc.
Configuration A configuration parameter that controls some aspect of the service behavior (for example, rsa.filesystem.prefix).
Metric A quantitative measure of some aspect of the component operations (for example, Requests Processed).
Health A qualitative assessment of some aspect of the component (for example, "Using too much memory").
Method An API that can be invoked remotely to interact with the component (for example, /rsa/security/pki/setCertificate)
Parameter A payload parameter that is an input or an output from an API.
Folder A logical grouping of nodes that are related to one another but are not a component (for example, the root /rsa).

Node Structure

All tree-nodes have the same structure. In particular, they include the following elements:

Item Information
path The node path is a backslash (/) separated path, for example, /rsa/security/pki/api-secure.
type The type of the node, taken from the previous table.
attributes A map of string keys to attribute values. The available keys depend on the type of the node.
value The value of this node. This can be null if the node has no associated value (or if it has a null value).
children A list of child nodes, if the node has any.
parent The parent node. This is only null for the root node.