This service pack includes new and enhanced features along with 36 fixes. The following are the highlights of the release. Please refer to product documentation for further details.
Improvements for Log Identification and Indexing
Better Flexibility for Syslog Source Support
Enhancements for Endpoint Integration
There are significant improvements to facilitate Log Parsing and capture more valuable information. By automatically recognizing and parsing common fields – this will deliver immediate value to analysts who rely on meta but may not be parsing experts. This will speed the time to value when there are new sources feeding the RSA NetWitness Logs solution.
Highlights for Log Identification and Indexing:
Improvements to Log Text Indexing
Detect and parse patterns in logs not matching a parser
Ability to send both IP and hostname for logs configured for collection from a destination hostname
Ability to accept logs from event sources that do not fully conform to syslog rfcs
Allows saving custom parser modifications to parser.custom file, allowing the updating of the parser from Live without losing customizations
Customers running Security Analytics 10.5.1.x or 10.6.x.x should apply this Service Pack. For customers on earlier versions, please refer to the upgrade documentation for full details of supported upgrade paths.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.