Summary
NetWitness is pleased to announce the general availability of NetWitness Platform XDR 12.0. This major release highlights the evolution of the NetWitness platform to focus more on threat detection, building on world class visibility which has always been a core capability. Additional improvements have been made to response capabilities and continued improvement and flexibility in deployment.
NetWitness Platform XDR 12.0 includes the following notable enhancements:
Detection:
- Policy Based Centralized Content Management - A unified approach to find, deploy, and manage content through the entire lifecycle based on policies that can be assigned to groups of devices.
- Content Bundles – A logical grouping of content that allows customers to deploy based on detection use cases without requiring knowledge of all the underlying content types.
- Detections using Yara Rules – Endpoint agents run Yara rules locally to find malicious files.
- Endpoint Detections using Imported File Hashes – In addition to analysts isolating files from the user interface, they can import a list of file hashes that will automatically be blocked if seen in the environment.
- Arm Processor Support – Administrators can install endpoint agents on ARM based systems, including Microsoft Surface hosts.
- TLS 1.3 Decryption – Expands the network packet decryption capability to provide customers with the ability to inspect TLS 1.3 encrypted communications using ephemeral session keys.
- Automatic Decompression of HTTP Sessions – Improvement to detection by enabling decompression of HTTP sessions by default so content can examine plaintext payloads.
- Improved Log Parsing – Improvements to Log parsers to handle parsing of structured and unstructured data embedded in variables of structure logs and handling multiple duplicate meta.
Response:
- Reimagined Response to Endpoint Alerts – As analysts triage alerts all the relevant information is made available including a process tree.
- Key Performance Indicators – MTTA, MTTD & MTTR Metrics – Reports to provide operational metrics, including MTTA, MTTD and MTTR, for SOC managers to have an overall perspective.
- Automatic Journaling/History of Incident Changes – Enables tracking throughout the lifecycle of an incident along with controlling the incident workflow.
- Rich OOTB Springboard Panels – Analysts gain immediate insight into what suspicious behaviors the system has detected.
- Custom Springboards – Enables analysts to customize the Springboard so only information they want to focus on is available to them.
- Convert Query into Springboard Panel – During investigations, an analyst can convert a query into a Springboard panel to keep a watch on the results.
- Bulk MFT Download – Analysts reviewing an incident related to multiple endpoint agents save time by doing bulk downloads of all the master file tables.
- Respond Flexible Deployment – Increased visibility into detections inside the Respond component and high value context enrichment throughout the product are more accessible as both components can be deployed in the absence of the Event Stream Analytics.
Deploy:
- Endpoint Agent IP Filtering by CIDR Notation – Administrators can group endpoint agents using CIDR notation as a parameter in addition to individual IP addresses.
- Guidance to Automate Full Stack Cloud & VM Deployments – Customers with virtual or cloud environments can use documented steps to automate their existing infrastructure and manage upgrades.
- Improved Hybrid Performance – The default configuration for network and log hybrids has been optimized to limit resource contention between services.
Have a great idea for Improving the RSA NetWitness Platform? Check out the Ideas for the NetWitness Platform portal and either submit your ideas for improving the NetWitness Platform or vote up previously submitted ideas!
For More Information on the Release and Upgrade Instructions:
Review the NetWitness® Platform XDR 12.0 Update Instructions and Release Notes available on the NetWitness Community before you update. For additional documentation, downloads, and more, visit the NetWitness Platform page.
EOPS Policy:
NetWitness has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.