This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions
  • NetWitness Community
  • Discussions
  • RSA Platform v11.6.1.3 Upgrade
  • Options
    • Subscribe to RSS Feed
    • Mark Topic as New
    • Mark Topic as Read
    • Float this Topic for Current User
    • Bookmark
    • Subscribe
    • Mute
    • Printer Friendly Page

RSA Platform v11.6.1.3 Upgrade

DwayneFryer1
DwayneFryer1 Contributor
Contributor
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎2022-01-19 07:06 AM

RSA recently released the announcement of patch upgrade v11.6.1.3 which is a patch for the Log4j library within the NetWitness platform. We are currently on v11.6.1.0 but do we need to upgrade to v11.6.1.3 if we have already performed the below patch released back in December for the Log4j vulnerability:

Mitigation Steps:
In order to mitigate this in affected NetWitness deployments, NetWitness administrators should perform the following:

On the NetWitness Admin Server Host, append the switches "-Dlog4j2.formatMsgNoLookups=true" & "-Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false" to JAVA_OPTS for the following configuration files:

/etc/netwitness/admin-server/admin-server.conf (also update the same in /var/netwitness/config-management/cookbooks/launch/rsa-admin-server/templates/default/admin-server.conf.erb)
/etc/netwitness/security-server/security-server.conf (also update the same in /var/netwitness/config-management/cookbooks/launch/rsa-security-server/templates/default/security-server.conf.erb)
For jetty, the switches can be appended to JAVA_OPTIONS for the following:
/etc/default/jetty (please edit jetty.user, if this is already in use for overrides)
After performing these actions, restart jetty, admin-server and security-server as follows:

systemctl restart jetty
systemctl restart rsa-nw-admin-server
systemctl restart rsa-nw-security-server

Please advise. Thanks. 

0 Likes
Reply
  • All forum topics
  • Previous Topic
  • Next Topic
2 REPLIES 2

VincentWareham
Frequent Contributor VincentWareham Frequent Contributor
Frequent Contributor
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎2022-01-24 11:40 PM

Hello Dwayne

The patched version of NetWitness should be considered a more complete solution than just using the mitigation measures.

0 Likes
Reply

DwayneFryer1
DwayneFryer1 Contributor
Contributor
In response to VincentWareham
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎2022-01-25 07:05 AM

The release notes indicate this patch of the Log4J library within the
NetWitness Platform. What are the NW libraries and is there more details in
which this patch will mitigate? Thanks.
0 Likes
Reply
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.