This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA announces the release of RSA NetWitness Platform 11.3.2

Summary:

The NetWitness Platform 11.3.2.0 release provides new features and enhancements for every role in the Security Operation Center as well as addressing several defects. These improvements include, usability improvements to the Respond Incident List, improved identification of HTTP/2 sessions, improved endpoint visibility into remote console events and support for WinRM in UEBA.

 

FeatureDescription
Key Incident Information and Workflow Actions Are More Readily Accessible in the Respond View

Critical information that analysts need to resolve incidents quickly is now more readily available through improved layout and labeling within Respond.

 

Usability improvements to the Respond view layout and labeling provide The following benefits:

  • Enables analysts to work more quickly and efficiently to resolve incidents.
  • Reduces the amount of analyst training required.
Incident Details and List View Usability Improvements

Clicking on arrow now opens the Overview panel and selects the checkbox so that you can take actions on that row, such as changing the priority, status, or assignee. This reduces clicks and improves consistency with other tables in NetWitness platform.

 

Both the Journal and Tasks are more visible and easier to locate as well as Related Indicators being easier to access.

 

Related Indicators are now located on the left-side panel where they are frequently used.

Network Parsers Identify and Tag HTTP/s Sessions

NetWitness Platform native network parsers have been improved to identify HTTP/2 sessions and tag them with service=80 meta type. This improves identification only.

Endpoint Visibility into Remote Console Events

Analysts can obtain complete visibility into commands remotely executed by an attacker on a compromised host using the reverse shell technique. Analysts can view these events in the Navigate and Event Analysis view.

Additional Data Source Support for UEBA

NetWitness UEBA now supports the WinRM (Windows Remote Management) data source, which enables data collection from NetWitness Endpoint agents. This enables the analyst to collect endpoint logs from remote systems and perform analytics to discover, investigate, and monitor risky behaviors across all users and entities in the network environment.

Upgrade to CentOS 7.6 VersionRSA upgraded the Operating System (OS) version onto which NetWitness 11.3.2 is deployed from CentOS 7.4 to CentOS 7.6. This upgrade was required to keep current with the latest security updates and improvements in 7.6.

 

For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2019-11-21 09:43 AM
Updated by:
Employee

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.