Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Endpoint Config: Agent Modes

Document created by RSA Information Design and Development Employee on Apr 11, 2019Last modified by RSA Information Design and Development Employee on Jul 16, 2020
Version 17Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness Platform Version 11.3 and later.

In NetWitness Platform 11.3 and later, the Endpoint agent can operate either in Insights or Advanced mode depending on the policy configuration. For more information on policy configuration, see the NetWitness Endpoint Configuration Guide. You can have both Insights and Advanced agents in a single deployment.

There is no license required for the Insights agent. However, you must procure a license for an Advanced agent. For more information on licensing, see the Licensing Management Guide.

The following table list the features supported for Insights and Advanced agents:

                                                                                             
FeatureInsights AgentAdvanced Agent

Scan data -

Processes, Autroruns, Files, Drivers, Libraries, and System Information

Yes - Windows, Mac, and Linux

Yes - Windows, Mac, and Linux

Tracking data -

Process, File, Registry, Network, and Console

No

Yes - Windows and Mac

Registry and Console events are applicable only for Windows.

Anomaly detection -

Image Hooks, Kernel Hooks, Registry Discrepancies, and Suspicious Threads

No

Yes - Windows

Windows log collection

Yes

Yes

File log collection

Yes - Windows

Yes - Windows

Threat detection content -

ESA, Application Rules

Yes

Yes

Analysis of downloaded file

No

Yes

File status -

Whitelist, Blacklist, Graylist, and Neutral

Yes

(View only)

Yes

(View and modify)

File remediate (Block)

No

Yes - Windows

Process visualization

No

Yes

Live connectYesYes

File reputation service

(Third-party lookup)

YesYes

Risk score for hosts

No

Yes

MFT, process dump, and system dump download

No

Yes - Windows

Network Isolation

No

Yes - Windows

Relay Server YesYes

You are here
Table of Contents > Agent Modes

Attachments

    Outcomes