This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Highlights from Recent Releases - Here's What's New in NetWitness Platform 11.7 and 11.7.1

RobinCohan
Moderator Moderator
Moderator
‎2022-04-12 03:23 PM

RSA recently released NetWitness Platform v11.7.1 for customer download.

What new threat detection, response and management capabilities have been added?

Here some highlights of both this new release and of v11.7, released in November.

To learn about even more new capabilities, see the links at bottom.

 

For Analysts:

 

Meta only Event Reconstruction Views - As analysts review events, the new compact and expanded metadata views provide an alternative workflow to view only the high-level details of the event and use cases where no raw data is present. This helps analysts more quickly sift through large amounts of data to rapidly identify the source and flow of threat actions.
Learn more from this video:

https://community.netwitness.com/t5/netwitness-community-blog/netwitness-news-bytes-meta-only-event-reconstruction/ba-p/660259

 

Improved Broker Query Experience – Analyst queries at the top-level Broker now, by default, provide partial results when one of the sub-services loses connectivity or times out for some reason. This ensures a more complete view of detection data even under imperfect hunting conditions. In addition, a hierarchical view of what is attached to the broker is available so analysts can exclude certain sub-brokers prior to query when not beneficial to their search. 

Learn more from this video:

https://community.netwitness.com/t5/netwitness-community-blog/netwitness-news-bytes-improved-broker-query-experience/ba-p/660260

 

Improved Endpoint Detection - Find more threats and mitigate their spread and impact. Improved ability to detect Windows Registry-based compromises, including privilege escalation and ransomware threats. Additional detections can be found via OPSWAT integration. We've added offline scans to provide the ability to scan air-gapped hosts. Ability to scan all storage attached to a host provides a more comprehensive scan.

 

For Administrators:

Introduction of Centralized Configuration Management – The management of general NetWitness core service configurations can be administered centrally from a single policy-based interface and distributed to multiple services.   

 

Granular RBAC (Role Based Access Control) for Endpoint Server - Administrators can restrict access to analyst workflows around viewing hosts and files based on the permissions applied to their role. This facilitates better implementation and enforcement of “least privilege” access for users.

 

Expanded Endpoint Agent support - Support for Mac OS Monterey and Windows 11 to ensure all your endpoints can be monitored

 

Extensive Core Services API Documentation – A comprehensive standalone document outlining all the supported application programming interfaces (APIs) is now available. This will help customers understand available integration points and automation options for NetWitness Platform. 

 

And many more.

For further details and information, refer to the following pages and stay tuned for additional blogs on new capabilities.

 

Product Advisory (release announcement):

https://community.netwitness.com/t5/netwitness-platform-product/rsa-announces-the-release-of-netwitness-platform-11-7-1/ta-p/658792

 

https://community.rsa.com/t5/netwitness-platform-product/rsa-announces-the-release-of-netwitness-platform-11-7/ta-p/648715

 

Product Documentation, including Release Notes:

https://community.netwitness.com/t5/-/ct-p/netwitness-documentation

 

Updates to NetWitness Orchestrator, were also released, based on the Threat Connect platform v6.3 (September) and v6.5 (April).  Several great new capabilities are included. For further details, refer to info here:

https://community.netwitness.com/t5/netwitness-orchestrator/ct-p/netwitness-orchestrator

and:
https://threatconnect.com/blog/threatconnect-6-3-adds-new-group-objects-workflow-metrics-and-workflow-attributes-to-powerful-lineup-of-tip-and-soar-capabilities/

 

https://threatconnect.com/blog/supercharge-your-security-operations-with-threatconnect-6-5/

 

In other recent news, our Threat Intelligence research team is, as always, hard at work to scout out new malicious activity “in the wild”.  Please see their most recent Threat Research Intelligence and Content Blog here:

https://community.netwitness.com/t5/netwitness-community-blog/february-2022-installment-of-the-netwitness-threat-research/ba-p/678567

 

We hope you will find our new capabilities helpful to detect and respond to threats in your environment.

 

If you have suggestions for valuable product improvements or just want to review others’ suggestions, please contribute to our IDEAS forum here:

https://community.netwitness.com/t5/netwitness-ideas/idb-p/netwitness-ideas

 

© 2022 RSA Security LLC or its affiliates. All rights reserved.