What's New

The NetWitness release notes provides information about the changes in NetWitness Platform 11.7.

Fixed Issues

For more information on Fixed Issues, see Fixed Issues.

Security Fixes

The Log4j vulnerability recently discovered in the commonly used open source logging library has been addressed. This applies to CVE-2021-44228. For more information, see the Security Advisory for Log4j.

Note: This patch release of NetWitness addresses log4j vulnerabilities reported till date. The following CVEs were validated and found to be not exploitable.
- CVE-2021-44228
- CVE-2021-44832
- CVE-2021-4104
- CVE-2021-45105
- CVE-2021-45046
NetWitness will continuously monitor this issue for new developments and provide periodic updates.

Note: If you have the Export Connector plugin in your deployment, you must do the following:
- If you have Logstash installed separately, not as part of the NetWitness installation, you must uninstall the Export Connector plugin and install the updated Export Connector plugin after patch upgrade. In this case, the old Export Connector plugin files are not automatically removed after upgrade. You must remove the old plugin files, so the scans do not list them as vulnerabilities. For more information on how to remove the old plugin files and install the updated plugins, see Post-Upgrade Tasks.
- If you have Logstash installed as part of the NetWitness installation on the Log Collector service, the updated Export Connector plugin will be automatically installed during the patch upgrade.

Upgrade Paths

The following upgrade paths are supported for NetWitness

  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to
  • NetWitness to


The following section lists the enhancements to specific capabilities. To locate the document referred to in this section, go to the NetWitness Platform 11.x - All Documents. Product Documentation has links to the documentation for this release.


View Creator Information

The Created By column has been added to the Reports List page. This column enables you to view and analyze the ownership information of all the reports that exist in the system, which includes new, copied, and imported reports. When a report is exported, the owner details are retained. However, when a report is copied, the owner of the report changes to the user who created the copy. For more information, see the Reporting User Guide.

Log Collection

Administrators can now fetch the user information from the logs collected through MSExchange Management channel.

To view the user information:

  1. Navigate to Server Manager > Diagnostics > Event Viewer > Applications and Services Logs > MSExchange Management.

  2. In the MSExchange Management view, select the log file.

  3. Click the Details tab. Select the XML View.

  4. Select EventData. The third row in the <EventData> section displays the required user information.

Note: Alternatively, you can select the Friendly View under the Details tab to view the user information in the EventData section.