RSA announces the release of RSA NetWitness Platform 11.3.2

Document created by RSA Product Team Employee on Nov 21, 2019Last modified by RSA Product Team Employee on Nov 21, 2019
Version 2Show Document
  • View in full screen mode


The NetWitness Platform release provides new features and enhancements for every role in the Security Operation Center as well as addressing several defects. These improvements include, usability improvements to the Respond Incident List, improved identification of HTTP/2 sessions, improved endpoint visibility into remote console events and support for WinRM in UEBA.


Key Incident Information and Workflow Actions Are More Readily Accessible in the Respond View

Critical information that analysts need to resolve incidents quickly is now more readily available through improved layout and labeling within Respond.


Usability improvements to the Respond view layout and labeling provide The following benefits:

  • Enables analysts to work more quickly and efficiently to resolve incidents.
  • Reduces the amount of analyst training required.
Incident Details and List View Usability Improvements

Clicking on arrow now opens the Overview panel and selects the checkbox so that you can take actions on that row, such as changing the priority, status, or assignee. This reduces clicks and improves consistency with other tables in NetWitness platform.


Both the Journal and Tasks are more visible and easier to locate as well as Related Indicators being easier to access.


Related Indicators are now located on the left-side panel where they are frequently used.

Network Parsers Identify and Tag HTTP/s Sessions

NetWitness Platform native network parsers have been improved to identify HTTP/2 sessions and tag them with service=80 meta type. This improves identification only.

Endpoint Visibility into Remote Console Events

Analysts can obtain complete visibility into commands remotely executed by an attacker on a compromised host using the reverse shell technique. Analysts can view these events in the Navigate and Event Analysis view.

Additional Data Source Support for UEBA

NetWitness UEBA now supports the WinRM (Windows Remote Management) data source, which enables data collection from NetWitness Endpoint agents. This enables the analyst to collect endpoint logs from remote systems and perform analytics to discover, investigate, and monitor risky behaviors across all users and entities in the network environment.

Upgrade to CentOS 7.6 VersionRSA upgraded the Operating System (OS) version onto which NetWitness 11.3.2 is deployed from CentOS 7.4 to CentOS 7.6. This upgrade was required to keep current with the latest security updates and improvements in 7.6.


For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.