NetWitness 11.7.3.0 provides enhancements and fixes for all products in NetWitness Platform XDR. The instructions in this guide apply to both physical and virtual hosts (including AWS, Azure Public Cloud, and Google Cloud Platform) unless stated to the contrary.

Upgrade Paths

The following upgrade paths are supported for NetWitness 11.7.3.0:

  • 11.7.2.0 to 11.7.3.0
  • 11.7.1.2 to 11.7.3.0
  • 11.7.1.1 to 11.7.3.0
  • 11.7.1.0 to 11.7.3.0
  • 11.7.0.2 to 11.7.3.0
  • 11.7.0.1 to 11.7.3.0
  • 11.7.0.0 to 11.7.3.0
  • 11.6.x.x to 11.7.3.0
  • 11.5.3.3 to 11.7.3.0
  • 11.5.3.2 to 11.7.3.0

Running in Mixed Mode

Running in mixed mode occurs when some services are upgraded to the latest version and some services are on older versions. See "Running in Mixed Mode" in the NetWitness Platform XDR Hosts and Services Getting Started Guide for further information.

Note: If you are running Endpoint Log Hybrid in mixed mode, make sure Endpoint Broker is on the same version as one of the Endpoint Servers.

Upgrade Considerations for ESA Hosts

Mixed mode is not supported for ESA hosts in NetWitness version 11.6 and later.

IMPORTANT: The NetWitness server, ESA primary host, and ESA secondary host must all be on the same NetWitness Platform version.

Upgrade Considerations for STIX Custom Feeds

The custom feeds created before version 11.6 are processed automatically. On upgrade, the data sources created for ADHOC, REST and TAXII server and the feeds are pulled automatically. See "Create a STIX Custom Feed" in the NetWitness Platform XDR Live Service Management Guide and "Configure STIX as a Data Source" in the NetWitness Platform XDR Context Hub Configuration Guide for further information.

Upgrade or install Windows Legacy Collection

Refer to Windows Legacy Collection Guide for NetWitness for NetWitness Legacy Windows Collection Update & Installation Instructions.

Note: After you update or install Windows Legacy Collection, reboot the system to ensure that Log Collection functions correctly.