This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Orchestrator Advisories
  • NetWitness Community
  • Products
  • NetWitness Orchestrator
  • Advisories
  • RSA, a Dell Technologies business, announces the release of RSA NetWitness Orchestrator 4.5
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content
No ratings

RSA, a Dell Technologies business, announces the release of RSA NetWitness Orchestrator 4.5

RSA_PLM_Team
Employee RSA_PLM_Team
Employee
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

on ‎2019-07-15 02:01 PM

Summary:

RSA, a Dell Technologies business, is pleased to announce the release of RSA NetWitness Orchestrator 4.5.

 

RSA NetWitness Orchestrator is a comprehensive security operations and automation technology that combines orchestration, incident management, and interactive investigation. The RSA NetWitness Orchestrator engine automates security product tasks and weaves in the human analyst tasks and workflows. In addition, RSA NetWitness Orchestrator also enables security teams to reduce Mean-Time-To-Respond (MTTR), create playbook-driven automated response actions, and leverage machine-learning powered insights for quicker resolution and greater efficiency.

 

Highlights of the capabilities available in the new RSA NetWitness Orchestrator 4.5 include:

 

• Communication Tasks. Communication tasks enable sending surveys to both NWO users and external users in order to collect data for an incident. The collected data can be used for incident analysis, and also as input for subsequent playbook tasks.

• Pre-Processing Rules. The pre-processing rules feature provides a UI-based workflow for performing certain actions on incidents as they are ingested into NWO. Using the rules, you can select incoming events on which to perform actions, for example, link the incoming incident to an existing incident, or under configured conditions, drop the incoming incident altogether.

• NWO Plugin for PyCharm. Use the NWO plugin for PyCharm to design and author scripts and integrations for NWO directly from PyCharm. The plugin adds a sidebar with Automation and Integration Settings, just like the Settings sidebar in the NWO script editor. When writing code, the plugin provides auto-complete of NWO and Python functions.
• Development and Production Environments. Added several content types to context exports. Widgets, Reports, Dashboards, Lists, and Incident Types.

• Quick Access Incidents List. Mark active incidents as a favorite (the star icon) to quickly identify and access them. The maximum number of investigations in the Favorites list is 100.

• Filter the Active Incidents list. Filter by Favorites, Incidents I Own, or Incidents That I Participated In. Open an investigation without assigning an owner by specifying the investigation.add.creating.user key.

• Incidents and Indicators. Added the taskReopen command, which enables reopening a task by specifying the task ID. Added the Go To button to Incidents list view and summary view, so you can quickly navigate to a specific incident's summary page. Track the first seen and last seen entry for an indicator from the Indicators page and from the Incident quick view. When adding an indicator to a whitelist, specify that the indicator only be whitelisted for a specific indicator type.

Automation. Added the SSDeepReputation automation, which enables you to use an ssdeep hash (fuzzy hash) to identify connections between files seen in different investigations. File connections are identified by automatically detecting the ssdeep of each file (uploaded or attached) to any incident in NWO. The ssdeep hash is then compared to every incident file seen in the previous 24 hours. If a relatively similar file is identified, NWO assigns the malicious score of the original file to the newer file.

Playbooks. When you select an automation for a playbook task, the automation's description inherits and auto-populates the task description, which you can edit. You can now select to run a playbook task without using a worker. Tasks that do not have a parent task are not visible in the work plan.
Demisto Performance. This version introduces several under-the-hood enhancements that improve Demisto performance.

• General Improvements. You can now edit comments for file entries in the War Room. The Contains filter now works on strings (in addition to lists). Made several visual and usability improvements to the Automation Library. Made several visual and usability improvements to War Room entries. You can now filter the Widgets library.

 

For additional information or for assistance integrating RSA NetWitness Orchestrator into your existing Security Operations Center or deployment please contact your local RSA Solution Principal and/or your local RSA Sales Team.

 

For additional documentation, downloads, and more, visit the RSA NetWitness Orchestrator page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Labels:
  • Product Advisories
  • RSA NetWitness Orchestrator
  • 4.5
  • Advisory
  • Announcement
  • NetWitness
  • netwitness logs and packets
  • NetWitness Orchestrator
  • NetWitness Platform
  • netwitness suite
  • NW
  • NWO
  • nwo 4.5
  • NWP
  • Orchestration
  • Orchestrator
  • Product Advisory
  • product announcement
  • Product Communication
  • Product Notification
  • release announcement
  • RSA NetWitness
  • RSA NetWitness Orchestrator
  • RSA NetWitness Platform
  • SCOL Note
  • SOAR
Was this article helpful? Yes No
0 Likes
Share
Version history
Last update:
‎2019-07-15 02:01 PM
Updated by:
Employee RSA_PLM_Team
Contributors
  • RSA_PLM_Team
    RSA_PLM_Team
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.