1. Contextual Drill-down
1.1. Concept
Contextual drill-down is a NEXThink Finder feature allowing you to further analyze the investigation results while keeping the context of the original investigation, such as retrieving the users of some applications you've just got as the output of an investigation.
1.2. Example
Here is an example of a contextual drill-down analysis:
- The user retrieves the sources having done some HTTP traffic
He's wondering which applications where used on a particular source to generate HTTP traffic. Therefore he right-click on that source and selects Drill-down to -> Applications
He's pretty surprised to see one application generating HTTP traffic and would like to have more information by displaying the incriminated connections. He right-clicks on that application and selects Drill-down to -> Connections
- The connections are displayed. As the analysis is contextual, it means that previous conditions are kept for the new investigation. In this particular example, we end up with the HTTP connections from one source (NXT-D08) with one application (NEXThink Finder).
1.3. Contextual drill-down vs. one-click investigations
The main difference between the contextual drill-down and the one-click investigations is about the context. The drill-down keeps the context but the one-click investigation launches a completely new investigation. For instance, if you'd have used a one-click investigation (such as "List applications for source") in the 2nd step of the above example, we'd have ended up with the list of all applications used on the source and not only the ones which generated HTTP traffic.