Summary

RSA is excited to announce the general availability of NetWitness Platform (NWP) v11.7.1. This release provides further improvements to extend the abilities of both analysts and administrators.

Analyst Capabilities:

Unified Discovery and Interaction of Investigate Metadata

Analysts have a singular way to interact with metadata presented in the Investigate user interface to perform actions or review contextual information.

Improved Ransomware Detection

The logic included in the endpoint agent has been improved to further detect ransomware due to certain Windows registry changes.

Support Offline/Standalone Scans

Ability to execute scans against offline or air gapped Windows systems with the NetWitness Endpoint agent.

Inclusion of Files in Scans

In addition to processes running on the system, any files on disks can be included in a system scan.

Free-form Query Preference

A new preference allows analysts to choose if they want free-form queries to be split into multiple guided filters or remain as a single free-form query.

Enhanced Performance to Retaining Incident Network Data Artifacts

Respond analysts saving artifacts of an incident will notice improved feedback of the tasks running and swifter completion of those tasks.

Better Error Handling for Core Services Messages
Improved error messaging to include the source string and target format when an unrecognized string format exception is generated to help users determine the root cause.

Light Theme Overhaul

The light theme primary and secondary colors have been changed to provide better contrast and shading for an overall improved user experience.

Administrative Enhancements:

Enhanced Centralized Configuration Management

Support has been added to provide default configuration management policies as well as creating a policy from a baseline Concentrator or Decoder service. The use case for deploying 10G Decoders has been added.

Expanded Operating System Support with Endpoint Agent

The NetWitness endpoint agent includes support for new operating systems Mac OS 12 (Monterey) and Windows 11.

Correlation List of Named Windows

In Event Stream Analytics, an administrator can view and edit named windows (dynamic tables for use by the correlation engine) in the user interface in addition to using the nw-shell command line interface.

Backup & Restore CLI Improvements

Administrators can take advantage of further improvements to include backing up Mongo databases for ESA and Endpoint instances, Broker indexes, validation of necessary storage requirements for backup & restore prior to initialization, and handling of custom files.

Better Support for Load Balancing Deployments

Additional support and guidelines are available for administrators when configuring to load balance across multiple network Decoders for meeting throughput and resiliency requirements.

Feed Administration Case Sensitivity

Administrators are able to alter the case sensitivity of values a feed uses as part of the feed wizard in the user interface.

NetWitness Service Topology Enhancement

Service topology has been enhanced to support Correlation-Server, Reporting Engine along with a search capability.

Pre-Stage Upgrade Repositories

Administrators can download and stage upgrade repositories from UI before upgrading the NetWitness stack.

Have a great idea for Improving the RSA NetWitness Platform? Check out the RSA Ideas for the RSA NetWitness Platform portal and either submit your idea for improving the RSA NetWitness Platform or vote up previously submitted ideas!

For More Information on the Release and Upgrade Instructions:

Review the RSA NetWitness® Platform 11.7.1 Update Instructions and Release Notes available on RSA Link before you update. For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.