.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Agent Modes
Agent ModesAgent Modes
Note: The information in this topic applies to NetWitness Version 11.3 and later.
In NetWitness 11.3 and later, the Endpoint agent can operate either in Insights or Advanced mode depending on the policy configuration. For more information on policy configuration, see the NetWitness Endpoint Configuration Guide. You can have both Insights and Advanced agents in a single deployment.
There is no license required for the Insights agent. However, you must procure a license for an Advanced agent. For more information on licensing, see the Licensing Management Guide.
The following table list the features supported for Insights and Advanced agents:
- Feature:
Full System Scan
- Insights Agent:
No
- Advanced Agent:
Yes (agent version 11.6.1 or higher)
- Feature:
Scan data -
Processes, Autoruns, Files, Drivers, Libraries, and System Information
- Insights Agent:
Yes - Windows, Mac, and Linux
- Advanced Agent:
Yes - Windows, Mac, and Linux
- Feature:
Tracking data -
Process, File, Registry, Network, and Console
- Insights Agent:
No
- Advanced Agent:
Yes - Windows and Mac
Registry and Console events are applicable only for Windows.
- Feature:
Expanded network visibility
- Insights Agent:
Yes - Windows
- Advanced Agent:
Yes - Windows
- Feature:
Anomaly detection -
Image Hooks, Kernel Hooks, Registry Discrepancies, and Suspicious Threads
- Insights Agent:
No
- Advanced Agent: Yes - Windows
- Feature:
Windows log collection
- Insights Agent:
Yes
- Advanced Agent:
Yes
- Feature:
File log collection
- Insights Agent:
Yes - Windows
- Advanced Agent:
Yes - Windows
- Feature:
Threat detection content -
ESA, Application Rules
- Insights Agent:
Yes
- Advanced Agent:
Yes
- Feature:
Analysis of downloaded file
- Insights Agent:
Yes
- Advanced Agent:
Yes
- Feature:
File status -
Whitelist, Blacklist, Graylist, and Neutral
- Insights Agent:
Yes
- Advanced Agent:
Yes
- Feature: File remediate (Block)
- Insights Agent:
No
- Advanced Agent:
Yes - Windows
- Feature:
Process visualization
- Insights Agent:
No
- Advanced Agent:
Yes
- Feature: Live connect
- Insights Agent: Yes
- Advanced Agent: Yes
- Feature:
File reputation service
(Third-party lookup)
- Insights Agent: Yes
- Advanced Agent: Yes
- Feature:
Risk score for hosts
- Insights Agent:
No
- Advanced Agent:
Yes
- Feature:
MFT, process dump, and system dump download
- Insights Agent:
No
- Advanced Agent:
Yes - Windows
- Feature: Automatic file download
- Insights Agent: Yes
- Advanced Agent: Yes
- Feature:
Automatic Memory DLL Download
- Insights Agent:
No
- Advanced Agent:
Yes
- Feature:
Manual file download
- Insights Agent:
No
- Advanced Agent:
Yes
- Feature:
Network isolation
- Insights Agent:
No
- Advanced Agent:
Yes - Windows
- Feature: Relay server
- Insights Agent: Yes
- Advanced Agent: Yes