Start Using New Features

There are many exciting new features that you can enable after you have upgraded to The following is a list of the new features for each area of NetWitness. For a detailed description of the new features in this release, see the Release Notes for RSA NetWitness Platform Go to the NetWitness All Versions Documents page and find NetWitness Platform guides to troubleshoot issues.

The following sections are a complete list and description of enhancements to specific capabilities:


  • Pre-stage the upgrade repo to minimize downtime

  • Support for Additional Pre-Upgrade Check Utility

Investigation - SIEM and Network Traffic Analysis

  • Investigation Enhancements

Endpoint Investigation

  • Capabilities for Detecting Ransomware That Use the Registry

  • Endpoint Agent Support for macOS Monterey and Windows 11

  • Support for Offline or Standalone Scans on Air-gapped Windows Hosts

  • Support for Full System Scan

  • Redesigned Alerts Tab for Optimized Navigation

Concentrator, Decoder, and Log Decoder Services

  • Centralized Configuration Management Enhancements

  • Enhanced Network Decoder to Support Load Balancing Deployments

Event Stream Analysis (ESA)

  • Enhanced Performance when Retaining Incident Network Data Artifacts

Configuration Updates

  • Feed Case Sensitivity

  • NetWitness Topology Feature


  • Backup and Restore CLI Improvements

  • Better Error Handling for Core Services Messages