RSA NetWitness Platform 11.7.1.0

RSA Security, LLC

RSA NetWitness Platform for Azure Increases Visibility, Improves Response Efficiency

See Everything. Fear Nothing. By rapidly detecting and responding to today’s targeted attacks.
NetWitness is an Evolved SIEM and Open XDR platform that accelerates threat detection and response. It can collect and analyze data across all capture points (Logs, Packets, NetFlow, Endpoint, and IoT) and computing platforms (physical, virtual and cloud), enriching data with threat intelligence and business context.
The NetWitness Platform allows security analysts to prioritize, respond, reconstruct, survey, investigate and confirm information about the threats in their environment and take the appropriate response - quickly and precisely.

Key Features

• Unparalleled visibility:

  Gives security teams the visibility they need to detect sophisticated threats hiding in today’s complex, hybrid IT infrastructures. Provides real-time visibility into all network traffic with full packet capture, deep packet inspection, along with on-board decryption, allowing you to detect emerging, targeted, and unknown threats as they traverse the network, monitor attackers’ movement, and reconstruct entire network sessions.

• Improved analyst productivity:

  Orchestration and automation capabilities make it easier for analysts to prioritize and investigate threats faster and coordinate activities across the entire security team. Empowers analysts to hunt the most advanced threats.

• Faster, more advanced threat detection:

  Detects attacks in a fraction of the time of other platforms and connects incidents to expose the full attack scope. Speeds threat detection and investigation by enriching network and endpoint data at capture time with threat intelligence and business context.

• Smarter, faster analytics:

  Analytics powered by machine learning with the scale of cloud delivers early detection of anomalies that lead to external and internal threats.

Analyst Improvements

• Unified Discovery and Interaction of Investigate Metadata:

  Analysts have a singular way to interact with metadata presented in the Investigate user interface to perform actions or review contextual information.

• Improved Ransomware Detection:

  The logic included in the endpoint agent has been improved to further detect ransomware due to certain Windows registry changes.

• Support Offline/Standalone Scans:

  Ability to execute scans against offline or air gapped Windows systems with the NetWitness Endpoint agent.

• Inclusion of Files in Scans:

  In addition to processes running on the system, any files on disks can be included in a system scan.

• Free-form Query Preference:

  A new preference allows analysts to choose if they want free-form queries to be split into multiple guided filters or remain as a single free-form query.

• Enhanced Performance to Retaining Incident Network Data Artifacts:

  Respond analysts saving artifacts of an incident will notice improved feedback of the tasks running and swifter completion of those tasks.

• Better Error Handling for Core Services Messages:

  Improved error messaging to include the source string and target format when an unrecognized string format exception is generated to help users determine the root cause.

• Light Theme Overhaul:

  The light theme primary and secondary colors have been changed to provide better contrast and shading for an overall improved user experience.

Administration Enhancements

• Enhanced Centralized Configuration Management:

  Support has been added to provide default configuration management policies as well as creating a policy from a baseline Concentrator or Decoder service. The use case for deploying 10G Decoders has been added.

• Correlation List of Named Windows:

  In Event Stream Analytics, an administrator can view and edit named windows (dynamic tables for use by correlation engine) in the user interface in addition to using nw-shell command line interface.

• Expanded Operating System Support with Endpoint Agent

• Backup & Restore CLI Improvements:

• Better Support for Load Balancing Deployments

• Feed Administration Case Sensitivity

• NetWitness Service Topology Enhancement

• Pre-Stage Upgrade Repositories

Learn More

• NetWitness Platform for XDR solution brief
• 11 Reasons to Love NetWitness 11
• Resources