Investigate Quick Start Guide for 12.5

Tags: Documentation, Getting Started, PDF Documentation, Version 12.5

The following article contains a summary of the NetWitness® Investigate Quick Start Guide for 12.5. To see the full guide, go to Attachments on this article and download the associated PDF.

Summary of the NetWitness®Investigate Quick Start Guide for 12.5

This guide provides end-to-end guidelines for SOC teams to configure and use NetWitness® Investigate 12.5 for log and network event analysis. For Endpoint and UEBA investigations, each is covered in a separate document. 

Introduction & Legal Information

This section provides license information and guidance to access the NetWitness® Community for documentation, solutions, and support.

• Trademarks & License: NetWitness® LLC owns the product; usage is governed by strict licensing and distribution terms.
• Third-Party Licenses & Encryption: The product may include third-party software and encryption technologies, with legal restrictions on use and distribution.
• Disclaimer: Information is provided “as is”; users must follow NetWitness® standard terms and conditions.
  
  
  

 What Is NetWitness® Investigate?

This section provides an overview on how NetWitness® audits and monitors network traffic. The Decoder ingests and parses data, creating metadata for investigation. The Concentrator indexes and stores metadata. NetWitness® Investigate enables analysts to analyze data and identify threats to security and infrastructure. 

Getting Help

This section provides Resources and multiple links to documentation, community discussions, knowledge base, troubleshooting, blog posts, and support contacts. It, also, includes additional guides for hardware setup and content configuration (feeds, parsers, rules, reports). 

Getting Started

This section explains how SOC team can view product updates, understand how NetWitness® Investigate works, and access release notes and user guides. It provides information on the setup , installation, and upgrade.

Setup, Installation, or Upgrade

This section highlights that there is no Special Setup. Investigate is part of the NetWitness® Platform; however, setup is required for related components (Malware Analysis, Endpoint, UEBA). Configuration guides for each component are provided. 

System-Level Configuration

This section explains the Administrator Tasks, which include Configuring role-based access control (RBAC), limiting content by user role, and set system-level defaults and limits.

User Preference Configuration

This section focuses on how to configure preferences for Navigate view, Events view, and Malware Analysis view For mainly Analysts & Managers.

Investigation

This section lists different investigation types for Incident Responders (T1), Threat Hunters (T2/T3), Content Experts, and SOC Managers It explains how to use cases, investigate metadata/events, analyze malware, endpoints, and user/entity behavior.

Maintenance

This section explains the Administrator Tasks, which include Maintaining queries, analyzing query patterns, and fine-tuning system-level settings for performance and access control.

The following article contains a summary of the NetWitness® Investigate Quick Start Guide for 12.5. To see the full guide, go to Attachments on this article and download the associated PDF.