Investigate Quick Start Guide for 12.5.1.0

Tags: Documentation, Getting Started, PDF Documentation, Version 12.5.1

The following article contains a summary of the investigate Quick Start Guide for 12.5.1.0. To see the full guide, go to Attachments on this article and download the associated PDF.

Summary of the Investigate Quick Start Guide For 12.5.1.0

This guide is designed for SOC teams, offering step-by-step instructions to configure and use NetWitness® Investigate for log and network event analysis. Separate guides are available for endpoint and user entity behavior investigations. for 12.5.1.0 

What Is NetWitness® Investigate?

This section provides explanation on the NetWitness® Investigate, which is a tool that monitors and analyzes all network traffic. It uses Decoders to collect and process packets, logs, and endpoint data, generating metadata that analysts use to investigate security events. The Concentrator indexes and stores this metadata, enabling analysts to identify potential threats to the network and infrastructure.

Setup, Installation, or Upgrade

This section explains how SOC team members can perform various tasks such as viewing product updates and understanding how NetWitness® Investigate works. These tasks are flexible and can be done in any order. NetWitness® Investigate doesn’t require special installation since it’s part of the NetWitness® Platform. However, setup is needed for related components like Malware Analysis, NetWitness® Endpoint, and UEBA depending on the analysis requirements.

System-Level Configuration

This section focuses on how administrators configure system preferences including role-based access control, content visibility for different user roles, and default system settings. SOC Managers should be familiar with these options.

User Preference Configuration

This section shows that Threat Hunters, Content Experts, Incident Responders, and SOC Managers can customize their views and analysis preferences. This includes settings for Navigate view, Events view, and Malware Analysis view.

Investigation

This section provides different types of investigations are handled by analysts based on their roles. Incident Responders use Investigate for incident details, Threat Hunters analyze events and metadata, Content Experts work with threat intelligence and correlation rules, and SOC Managers oversee use cases and workflows.

Maintenance

This section explains how administrators maintain the system by managing queries and analyzing usage patterns. They also fine-tune system-level settings to improve performance and control data access.

The following article contains a summary of the investigate Quick Start Guide for 12.5.1.0. To see the full guide, go to Attachments on this article and download the associated PDF.