NetWitness is pleased to announce the general availability of NetWitness Platform 12.3.1. This release contains features to further enhance visibility, threat detection, response capabilities, and continued security updates.

NetWitness Platform 12.3.1 includes the following notable enhancements.

Visibility:

• NetWitness Insight – Generates alerts for the new assets discovered in the environment for the first time or if an existing asset has not been observed over 30 days, that can be found on the Respond - Alerts page. This is a BETA feature and is disable by default. UI improvements to filter and discover insights easily with output displayed as paginated. Insights users will receive notification if they exceed the daily license limit three or more times within the last 14 days.
• Generic Bi-directional SIEM integration – NetWitness inherently supports the capability of forwarding alerts and incidents via syslog for integration with other security tools such as case management systems. The integration provides a mechanism for the external tools to link back to NetWitness respond page to investigate the threats in detail.
• Core Improvements – Additional Meta keys generated from HTTP2 traffic for improved visibility with checks to avoid duplicate Meta’s. Improved log collection of event sources that include length prefix in Syslog events.
• Log Integrations – NetWitness supports Cisco Unified Computing System Manager, Microsoft Exchange Server 2019, SailPoint IIQ and Amazon CloudFront for security, system, and audit logs ingestion to gain increased visibility across cloud workloads and endpoints.
• User and Entity Behavior Analytics – NetWitness UEBA has added support for Citrix VPN device logs to analyze user activity information. Improved performance and optimization with parallel execution of multiple models and airflow retention direct acyclic graph processing time reduction for faster cleanup of outdated data.

Detection:

• Policy Based Centralized Content Management – Centralized Content Management (CCM) introduces pagination in groups listing, content library listing and policy listing pages. Administrators can update the custom content directly in the content with no need for re-associating the content to the policies and can search through the content using the enhanced search box.
• Endpoint Enhancements –  Administrators can now install NetWitness Endpoint agent on multiple Linux Operating systems – Red Had Enterprise Linux 9.x, Alma Linux 9.2, Oracle Linux 8.8 and SUSE Linux Enterprise Server 12 SP1 and 15 SP4.

Administration:

• Endpoint Failover Support – Administrators can configure endpoint recovery option using the Source Server Explore view for disaster recovery use cases.
• System Health Check Support – Administrators can now take informed decisions to ensure services are in healthy state before they upgrade to new NetWitness version by making use of the new capability to run the nw-precheck-cli tool from Admin-Hosts page and verifying the system upgradability health report that gets generated.

Security:

• Security updates – Improves security of all NetWitness services and scripts by enforcing trusted certificate-based authentication, as well, addresses latest security vulnerabilities reported against various libraries used by the product.

Please refer to NetWitness Platform 12.3.1 Release Notes  for cipher changes and other update instructions.

To learn more about new features and enhancements in NetWitness Platform 12.3.1 release, watch the following video:

https://www.youtube.com/watch?v=rRNevwPXvM4

For additional documentation, downloads, and more, visit the NetWitness Platform page on RSA Link.