Complete the following tasks to prepare for the upgrade to NetWitness Platform XDR 11.7.2.0.

Task 1. (Conditional) Upgrade External Repository

Note: Perform the following step only if you are using an external repository for 11.7.2.0

To upgrade the external repository which is an externally managed server:

Upgrade the external repository with the latest upgrade content for the netwitness-11.7.2.0.zip.

For information about setting up an external repository, see "Appendix B. Set Up External Repo" in the 11.7.0.0 Upgrade Guide for NetWitness Platform XDR.

Task 2 (Optional). Remove Legacy Package Repositories

Perform this task to free up space by removing unused repositories from previous releases.

  1. Determine the version of the oldest NetWitness Platform host in your environment by doing one of the following:

    • Review the host list in the Admin user interface.

    • Run the following command on the NW Server:

      upgrade-cli-client --list

  2. You can safely remove all legacy package repository folders located at /var/netwitness/common/repo/<version> on the NW Server for all versions prior the baseline major release version of the oldest active host in the environment.
    • If the oldest host version is 11.6.x.x (for example, 11.6.1.0), you can safely remove 11.0.x.x, 11.1.x.x, 11.2.x.x, 11.3.x.x, and 11.4.x.x, and 11.5.x.x repository folders. However, do not remove repository versions greater than or equal to 11.7.0.0.
    • If the oldest host version is 11.7.x.x, you can safely remove 11.0.x.x, 11.1.x.x, 11.2.x.x, 11.3.x.x, 11.4.x.x, 11.5.x.x, and 11.6.x.x repository folders. However, do not remove repository versions greater than or equal to 11.7.0.0.

Task 3. Uninstall the Security Analytics l10n language pack

Before you upgrade from 11.5.x.x to 11.6.x.x or 11.7.x.x version, you must uninstall the Security Analytics l10n language pack.

Task 4 (Optional). Disable STIG-based FIPS Kernel Controls

If you enabled STIG-based FIPS Kernel controls, you must disable them before initiating the NetWitness Platform XDR upgrade process to avoid boot errors. To disable STIG-based FIPS Kernel controls, run the following commands:

manage-stig-controls --disable-control-groups 3 --host-all

grub2-mkconfig -o /boot/grub2/grub.cfg

After you upgrade NetWitness Platform XDR, ensure that you enable STIG-based FIPS Kernel controls.

Note: STIG-based FIPS Kernel controls which require modifications to kernel boot options are not enabled by NetWitness Platform XDR out-of-the-box.