(Optional) Integrate Endpoint Information Into Reports

You can use the Endpoint data by using the following instructions to add the Endpoint information into Reports. The Endpoint Integration Guide provides an overview of Endpoint integration into NetWitness.

Prerequisites

Make sure that:

  • You have configured the Endpoint alerts via syslog into a Log Decoder. For more information see, "Configure Endpoint Alerts Via Syslog into a Log Decoder" topic in Endpoint Integration Guide).

To integrate Endpoint information into Reports:

  1. In Reporting Engine> View> Config> Sources.
  2. Add the Concentrator that is consuming data from the Log Decoder as a data source.
    Endpoint meta is populated in Reporting Engine.
  3. Run reports by selecting the appropriate meta.