The NetWitness Platform 18.104.22.168 release provides new features and enhancements for every role in the Security Operation Center as well as addressing several defects. These improvements include, usability improvements to the Respond Incident List, improved identification of HTTP/2 sessions, improved endpoint visibility into remote console events and support for WinRM in UEBA.
|Key Incident Information and Workflow Actions Are More Readily Accessible in the Respond View|
Critical information that analysts need to resolve incidents quickly is now more readily available through improved layout and labeling within Respond.
Usability improvements to the Respond view layout and labeling provide The following benefits:
|Incident Details and List View Usability Improvements|
Clicking on arrow now opens the Overview panel and selects the checkbox so that you can take actions on that row, such as changing the priority, status, or assignee. This reduces clicks and improves consistency with other tables in NetWitness platform.
Both the Journal and Tasks are more visible and easier to locate as well as Related Indicators being easier to access.
Related Indicators are now located on the left-side panel where they are frequently used.
|Network Parsers Identify and Tag HTTP/s Sessions|
NetWitness Platform native network parsers have been improved to identify HTTP/2 sessions and tag them with service=80 meta type. This improves identification only.
|Endpoint Visibility into Remote Console Events|
Analysts can obtain complete visibility into commands remotely executed by an attacker on a compromised host using the reverse shell technique. Analysts can view these events in the Navigate and Event Analysis view.
|Additional Data Source Support for UEBA|
NetWitness UEBA now supports the WinRM (Windows Remote Management) data source, which enables data collection from NetWitness Endpoint agents. This enables the analyst to collect endpoint logs from remote systems and perform analytics to discover, investigate, and monitor risky behaviors across all users and entities in the network environment.
|Upgrade to CentOS 7.6 Version||RSA upgraded the Operating System (OS) version onto which NetWitness 11.3.2 is deployed from CentOS 7.4 to CentOS 7.6. This upgrade was required to keep current with the latest security updates and improvements in 7.6.|
For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.