RSA announces the release of RSA NetWitness Platform 11.3.1
This latest version of the RSA NetWitness® Platform continues to strengthen the platform’sthreat detection capabilities by enabling offline endpoint visibility and expanding the detection of encrypted network sessions and anomalous user behaviors. In addition, a number of improvements to general performance, stability, and platform-wide user auditing are addressed in this release.
Relay Servers (referred to as RAR in prior versions of RSA NetWitness Endpoint) extend the RSA NetWitness Platform’s visibility into endpoints while connected outside the corporate network. By configuring a relay in either the cloud or DMZ, any RSA NetWitness Endpoint-protected hosts can connect to the Relay Server to send updates on host activity and receive any time-sensitive response actions.
Expanded Detection of Encrypted Channels
To aid in identification of encrypted channels, the Network Decoder can produce the JA3 value of TLS clients and the JA3S value of TLS servers that are observed in a Network session.
RSA NetWitness UEBA adds support for RedHat Linux logs & Windows Network Failed Logons.
Improved RSA NetWitness UEBA Scale and Performance
RSA NetWitness UEBA has increased its scale of support for customers with large numbers of users (for example, 100,000 users) who generate large quantities of log and endpoint events.
Centralized & ExpandedAuditLogging
Version 11.3.1 now collects audit logs from all services and aggregates the logs into a single file in a centralized location for faster access and easy analysis. Audit logging is also improved to provide further granularity on the action taken or the recipient of the action when that context is necessary. Audit logging descriptions for users logging on and off hosts have also been improved.
Performance Optimizations for ESA
To avoid unnecessary processing overhead, the Ignore Case option has been removed from the ESA Rule Builder - Build a Statement dialog for meta keys that do not contain text data values. ESA also now Automatically Adjusts the Rule Statement Operator if an ESA Rule References a Meta Key that Changed from String to String Array.
Apply Version Updates From UI Without Direct Internet Access
After you update the RSA NetWitness Platform to 11.3.1, you can apply future version updates from Hosts view in the User Interface (UI) without a direct connection to the Internet.
Save Interval for Core Service Indexes Has Been Reduced to Improve Memory Consumption
The Event Source Monitoring View Moved from Health & Wellness section to the Event Sources admin section
Health & Wellness monitoring enabled for NW Endpoint Risk and Relay processes
Health & Wellness monitoring expanded for Virtual Log Collectors & Log Collectors
Error Messages for Disabled ESA Rules are visible in the RSA NetWitness Platform User Interface
Result Messaging Provides Clarity on the Reason that Events were not Found in Investigate
Configurable Event Analysis View Event Limit in the ADMIN > System > Investigation Panel
Configurable Clearing of the Reconstruction Cache for the Event Analysis View to save disk space