This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Products
- NetWitness Platform
- Advisories
- Product Advisories
- RSA announces the release of RSA NetWitness Platform 11.3.1.1
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
RSA announces the release of RSA NetWitness Platform 11.3.1.1
RSA announces the release of RSA NetWitness Platform 11.3.1.1
RSA NetWitness 11.3.1.1 is the latest version of the RSA NetWitness Platform and contains a number of important fixes for the 11.3.1 version of the system in addition to the capabilities originally introduced in 11.3.1. RSA recommends all 11.3 customers to upgrade to this release. Please refer to the 11.3.1.1 Release Notes for more information on these fixes.
Customers upgrading from the 10.6.x release should upgrade to the newest version of 11.3 before installing 11.3.1.1.
This latest version of RSA NetWitness Platform (NWP) continues to strengthen the platform’s threat detection capabilities by enabling offline endpoint visibility and expanding the detection of encrypted network sessions and anomalous user behaviors. In addition, numerous improvements to general performance, stability and platform-wide user auditing are addressed in this release.
BEFORE YOU UPGRADE: Review the RSA NetWitness Platform 11.3.1.1 Update Instructions and Release Notes available on RSA Link.
Highlights
| Feature or Enhancement | Description |
|---|---|
| RSA NetWitness Relay enables offline reporting of NWE protected hosts | Relay Servers (referred to as RAR in prior versions of RSA NetWitness Endpoint) extend RSA NetWitness Platform’s visibility into endpoints while connected outside the corporate network. By configuring a relay in either the cloud or DMZ, any NWE protected hosts can connect to the Relay Server to send updates on host activity and receive any time sensitive response actions. |
| Expanded detection of encrypted channels | To aid in identification of encrypted channels, the Network Decoder can produce the JA3 value of TLS clients and the JA3S value of TLS servers that are observed in a network session. |
| Expanded RSA NetWitness UEBA detection capabilities | RSA NetWitness UEBA adds support for RedHat Linux logs & Windows Network failed logons. |
| Improved RSA NetWitness UEBA scale and performance | RSA NetWitness UEBA has increased its scale of support for customers with large numbers of users (for example, 100,000 users) who generate large quantities of log and endpoint events. |
| Centralized & expanded audit logging | v11.3.1 now collects audit logs from all services and aggregates the logs into a single file in a centralized location for faster access and easy analysis. Audit logging is also improved to provide further granularity on the action taken or the recipient of the action when that context is necessary. Audit logging descriptions for users logging on and off hosts have also been improved. |
| Performance optimizations for ESA | To avoid unnecessary processing overhead, the Ignore Case option has been removed from the ESA Rule Builder - Build a Statement dialog for meta keys that do not contain text data values. ESA also now automatically adjusts the rule statement operator if an ESA rule references a meta key that changed from string to string array. |
| Apply version updates from UI without direct Internet access | After you update NetWitness Platform to 11.3.1, you can apply future version updates from the Hosts view in the user interface without a direct connection to the Internet. |
Other Improvements:
• Save interval for Core Service indexes has been reduced to improve memory consumption.
• The Event Source Monitoring view is moved from Health & Wellness to the Event Sources Admin section.
• Health & Wellness monitoring is enabled for RSA NetWitness Endpoint Risk and Relay processes.
• Health & Wellness monitoring is expanded for Virtual Log Collectors & Log Collectors.
• Error messages for disabled ESA Rules are viewable in the RSA NetWitness Platform user
interface.
• Result messaging provides clarity for the reasons that events were not found in Investigate.
• New configurable Event Analysis view event limit in the ADMIN > System > Investigation panel.
• Configurable clearing of the reconstruction cache for the Event Analysis view to save disk space.
• Mitigated critical Python Security Vulnerability (RHSA-2019:0710).
For a full list of improvements and fixes in v11.3.1.1, please reference the RSA NWP v11.3.1.1 Release Notes.
For More Information:
Additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.
Have a Great Idea for Improving RSA NetWitness Platform?
Check out RSA Ideas for the RSA NetWitness Platform and either submit your idea for improving RSA NetWitness Platform or vote up other's ideas!
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
Tags (28)
- 11.3
- 11.3.1
- 11.3.1.1
- Advisory
- Announcement
- logs & network
- logs and network
- NetWitness
- netwitness logs
- netwitness logs & network
- netwitness logs & packets
- netwitness logs and network
- netwitness logs and packets
- netwitness network
- netwitness packets
- netwitness suite
- NW
- NWP
- Product Advisory
- product announcement
- Product Communication
- Product Notification
- release announcement
- RSA NetWitness
- RSA NetWitness Platform
- sa
- SCOL Note
- Security Analytics
No ratings
