Summary

RSA is excited to announce the general availability of NetWitness Platform (NWP) v11.7. This release delivers excellent capabilities to empower analysts to complete investigations and critical enhancements to increase the efficiency of administrators.

Analyst Capabilities:

Meta Only Event Reconstruction Views
As analysts review events, the new compact and expanded metadata views provide an alternative workflow to only view the high-level details of the event and use cases where no raw data is present.

Improved Broker Query Experience
Analyst queries at the top-level Broker now, by default, provide partial results when one of the sub-services loses connectivity or times out for some reason. In addition, a hierarchical view of what is attached to the Broker is available to analysts to exclude certain sub-brokers prior to query if necessary.

Search Text without Limiting Results
An optional index configuration is available on a per meta key basis to extend the default key- value search into an N-gram layout. In addition to enabling query and reporting capabilities, this combination also provides complete, accurate search results, even if a maximum value threshold has been met.

Improvements to Retaining Incident Network Data Artifacts
Respond analysts now can mark alerts and associated events contained in a single incident to make sure the meta and raw data associated are persisted versus rolled out of a Decoder. Additional clarity on when artifacts are being persisted and further error messaging rounds out
the update.

Endpoint Detection Improvements
Additional detections around Persistence techniques using the Windows Registry and improved suspicious thread detection using different methods.

Enhanced Host Tagging
The ability to add tags to a host when creating the agent packager. Users can create, edit, remove global tags across all hosts to help identify the hosts to manage them effectively.

Administrative Enhancements:

Introduction of Centralized Configuration Management
The management of general NetWitness core service configurations can be administered centrally from a single policy-based interface and distributed to multiple services.

Granular RBAC (Role-Based Access Control) for Endpoint Server
Administrators can restrict access to analyst workflows around viewing hosts and files based on the permissions applied to their role.

Pre-Upgrade Automatic Check
A health-check utility can be configured to analyze the current NetWitness setup and identify conditions that may impact the upgrade. Any issues identified can be addressed or mitigated before the upgrade.

Backup and Restore Improvements
Improved NetWitness Recovery tool that performs centralized backup and restores of the individual or multiple hosts. Allows custom files to be incorporated in restorations and handles all supported deployment installations (Physical, Virtual, and Cloud).

Introduction of NetWitness Service Topology Map
A view of the hierarchical layout of all NetWitness core services depicting the collection and aggregation of services in the deployment.

Extensive Core Services API Documentation
A comprehensive standalone document outlining all the supported application programming interfaces (APIs) available to help understand the available integration points and automation options.

Have a great idea for Improving the RSA NetWitness Platform? Check out the RSA Ideas for the RSA NetWitness Platform portal and either submit your idea for improving the RSA NetWitness Platform or vote up previously submitted ideas!

For More Information on the Release and Upgrade Instructions:

Review the RSA NetWitness® Platform 11.7 Update Instructions and Release Notes available on RSA Link before you update. For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.