The Whitelists List view (Respond > Whitelists) enables you to view all the Endpoint Whitelists with the Rule Name, Creation Date, and the Summary associated with the respective Whitelisted Endpoint Alerts.

Related Topics

Whitelist Endpoint Alerts

Quick Look

To access the Whitelists List view, go to Respond > Whitelists. The Whitelists List view consists of the Whitelists List and a Filters panel.

whitelists_view_respond.PNG

Whitelists List

The Whitelists List displays all the Endpoint Whitelists in the NetWitness Platform XDR. You can filter this list to view only the Whitelists of interest.

whitelists_list.PNG

The following table describes the columns in the Whitelists List.

Columns Description
Whitelist Name Displays the name of the Whitelist you provided during the whitelisting of the selected alert.

Rule Name

Displays the rule name associated with the whitelisted alert.

Summary Displays the details of the entities selected during the whitelisting of the selected alert. For Example: File name: cmd.exe, Host name: win34.

Comment

Displays the comment added during the whitelisting of the selected alert.

Created Date Displays the Whitelist creation date and time.

Created By

Displays the name of the user who created the Whitelist.

Alerts Matched Displays the number of new matching alerts that are not triggered for the selected entities in the Respond > Alerts view after whitelisting the selected alert.

The following parameters are displayed at the bottom of the list.

  • The count of the Whitelists displayed on the current page.

  • The total number of Whitelists created.

  • The number of Whitelists selected in the list.

  • The current page number.

  • Total number of pages available.

  • The maximum number of Whitelists displayed in each page.

The values of the above mentioned parameters vary depending upon the filters you apply.

For example, consider the existing count of the Whitelists displayed on page 1 is 1 - 3 and the total number of Whitelists created is 3.

whitelistslist_bottom_2265x1244.png

After entering the Whitelist name (completely or partially) in the Filters panel and filtering the required Whitelist, the count of the Whitelists displayed on page 1 changes to 1 - 1 and the total number of Whitelists created is displayed as 1 since only 1 Whitelist matches the filter applied.

whitelistslist_bottom_filters_applied_2104x1163.png

Whitelists Filters Panel

The following figure shows the filters available in the Whitelists Filters panel.

WhitelistEPA_12.3_10_343x608.png

You can filter the Whitelists based on the following parameters.

  • Time Range

  • Whitelist Name

  • Rule Name

  • Summary associated with the Whitelists

  • User who created the Whitelists

The following table lists all the fields displayed in the Filters panel.

Fields Description
Time Range

Allows you to select the required time duration and view the Whitelists created in the time duration selected.

Note: Turn On the Custom Date Range Toggle to select a custom date range of your choice.

Whitelist Name Allows you to enter the name of required Whitelist.
Rule Name Allows you to enter the name of the rule associated with the Whitelists created.
Summary Allows you to enter the complete value or a part of the value of the entities associated with the required Whitelist. For example: cmd.exe or win34 or analyst1.
Created By

Allows you to filter the Whitelists on the basis of the user who created them.

You can click Reset at the bottom of the Filters panel to remove the filters applied.

When you navigate away from the Filters panel, the Whitelists List view retains your filter selections.

Toolbar Actions

This table lists the toolbar actions available in the Whitelists List view.

Option Description
WhitelistEPA_12.3_7_46x39.png Select this option and access the Filters panel to filter the required Whitelists.
WhitelistEPA_12.3_8_90x33.png Select this option to delete the selected Whitelist.