Summary

NetWitness is pleased to announce the general availability of NetWitness Platform 12.5.1. This release contains features to enhance further visibility, threat detection, response capabilities, and critical security patches for vulnerabilities reported.

NetWitness Platform 12.5.1 includes the following notable enhancements.

• Dashboard
  • Home View Widgets - NetWitness introduces the Whats New widget and enhanced FirstWatch Threat Logic & Live Content Updates, and Content Available widgets with new configuration options. Administrators, Analysts, and SOC Managers can access the respective widgets that display certain data in the graphical form. Updated and new NetWitness content, messages outlining campaigns, threats, or content life cycle updates, and many more are displayed in these widgets.

• Investigate
  • Added Packet Count Option in Timeline Settings - Analysts can now set the Packet Count option in the Timeline Settings of the Investigate > Events view. This enhancement allows analysts to easily track the total number of packets captured at specific times, providing crucial data for network traffic analysis and investigation on the Timeline view. This enhancement further helps analysts to gain valuable insights into network behavior patterns.
  • Service Search Option in Events View - Analysts can now easily locate specific services using the service search option in the Investigate > Events view. This enhancement is particularly useful in environments with a complex service hierarchy, enabling analysts to easily identify and focus on the specific service of interest among many deployed services. For example, in environments with numerous Concentrator services, analysts can now easily find a specific Concentrator by using the service search option instead of manually scrolling through a long list of services. This option significantly enhances the efficiency of service-related investigations and analysis workflows.

• Administration and Configuration
  • Improved Authentication with New Automatic External Provider Retry Option - NetWitness Platform 12.5.1 introduces a new configuration parameter that enhances user authentication resiliency. Previously, when a user was registered with multiple external authentication providers and their primary provider became unavailable, login attempts would fail. With this enhancement, administrators can now enable automatic authentication attempts across all configured external authentication providers. To use this feature, the retry-failed-external-authentication-with-all-available-external-providers parameter must be enabled, and the user must log in using the same username that is present on other external authentication providers as well. This improvement ensures uninterrupted access even if the primary authentication method becomes unavailable, providing users with a more robust and flexible authentication experience.

• SASE Capability

• NetWitness SASE Integration with Palo Alto Networks - Introduces Beta NetWitness integration with Palo Alto Prisma SASE to provide complete network and logs visibility.  With this custom technical integration, NetWitness users gain insight into behavior and communication among devices and services in remote and distributed networks across on-premises, hybrid, and cloud deployments. The NetWitness-Palo Alto SASE integration enables customers to leverage SASE flexibility and its inherent security advantages while retaining complete visibility for threat detection and response.

Note: NetWitness Platform SASE deployments with Palo Alto Networks support up to 800 Mbps and can accommodate 1,500 users per region. On average, this translates to approximately 0.53 Mbps of data per user.

• CCM
  • Dynamic Distribution of GeoIP Data - Introduces an approach to import GeoIP files on the Content Library page for customers not connected to NetWitness Live. This feature empowers the users with detailed geographical insights while maintaining optimal system performance. By identifying the geographical origins of network traffic, users can protect sensitive data and systems, ensuring that only authorized personnel from specific regions can access certain resources. Users connected to NetWitness Live will continue to receive automatic updates with the latest GeoIP files as usual. Note: The distribution of GeoIP contextual data daily does not require CCM usage and supports air-gapped customers.
  • Add to Policy Option - The Policies tab in CCM is enhanced with the Add to Policy option. Users can directly add Application or Network Rules to a policy if it does not exist. All dependents and their corresponding content are also included in the policy.
  • Order View - When creating a new policy or editing an existing one, users can view the order of the selected Application or Network Rules. The selected rules are displayed sequentially under the Order column in the Selected Content view under the Define Policy option. This order will be maintained while being published to the Decoders.

• ESA
• ESA Esper Version 9.0 Update - The ESA Correlation server is updated from Esper version 8.8 to 9.0. NetWitness Platform now supports the new constructs available in the Esper 9.0 release.
• New JDBC Integrations for Log Collection - The ongoing transition from ODBC drivers to an open-source JDBC solution for Log Collection continues. The transition is currently underway, with several new integrations included in this 12.5.1 release. This change ensures efficient and reliable data collection for users.
• Log Integrations - Supports the integration of the Netskope V2 Connector to capture Events, Alerts, and Incidents, WatchGuard EDR, Azure DevOps Audit Logs, MSSQL 2022, RHEL 9.x event sources to collect and parse logs.
• Security Updates - Addresses the latest security vulnerabilities reported against various libraries the NetWitness Platform uses, including one critical (CVE-2024-42472), 29 major, 177 Moderate, and 9 minor vulnerabilities.

Please refer to NetWitness Platform 12.5.1. Release Notes for detailed information about new features, enhancements, Known Issues, and Build Numbers.

For additional documentation, downloads, and more, visit the NetWitness Platform page on the NetWitness Community.

For more information about online help, Community Forum, and Advisories, visit https://community.netwitness.com.