NetWitness is pleased to announce the general availability of NetWitness Platform XDR 12.1. This release contains features to further enhance the threat detection, response capabilities and continued security updates.
NetWitness Platform XDR 12.1 includes the following notable enhancements.
· Policy Based Centralized Content Management - A unified approach to find, deploy, manage content and data sources of Event Stream Analysis component through the entire lifecycle based on policies that can be assigned to groups of devices.
· Support for bulk rule deploy operations – Decoder supports new mergeall command for rules bulk merge operation that allows all the valid rules to be merged and return the list of invalid rules in case of an error. This feature avoids redeploying all rules in case of an error.
· Detections using Yara Rules – Endpoint agents run Yara rules locally to find malicious files.
· Endpoint host/file usability improvements – Analysts have an option for remediation actions from the endpoint alert details such as file download, hash look-up, change file status etc.
· Improved Log Parsing – Improvements to Log parsers to handle parsing of structured and unstructured data embedded in variables of structure logs and ability to build regex parse rule that will capture meta anywhere in the log triggered when a specific anchor text appears in the log.
· Export Incident data – An analyst can export the Incidents data including alerts and events in JSON format for future analysis and auditing.
· Roles of a NetWitness user - An admin can view user roles for both internal and external users such as Active Directory.
· Password repetition policy – New option to avoid password repetition has been added to security settings page to enhance password policy.
· Define retention policy for downloaded file – Admins can define a retention policy to automatically clean-up the downloaded files after X days to avoid any potential disk space issues on the server.
· Security updates – Addresses latest security vulnerabilities reported against various libraries used by the product.
Have a great idea for Improving the RSA NetWitness Platform? Check out the Ideas for the NetWitness Platform portal and either submit your ideas for improving the NetWitness Platform or vote up previously submitted ideas!
For More Information on the Release and Upgrade Instructions:
Review the NetWitness® Platform XDR 12.1 Update Instructions and Release Notes available on the NetWitness Community before you update. For additional documentation, downloads, and more, visit the NetWitness Platform page.
NetWitness has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.