RSA NetWitness Platform 126.96.36.199 provides enhancements and fixes for all products in the Platform. The components of the platform are: The NetWitness Server (Admin server, Config server, Integration server, Investigate server, Orchestration server, Respond server, Security sever, and Source server), Archiver, Broker, Concentrator, Context Hub, Decoder, Endpoint Broker, Endpoint Log Hybrid, ESA Primary, ESA Secondary, Health & Wellness Beta, Log Collector, Log Decoder, Log Hybrid, Log Hybrid Retention, Malware Analysis, Network Decoder, Network Hybrid, Reporting Engine, UEBA, and Warehouse Connector.
The instructions in this guide apply to both physical and virtual hosts (including AWS and Azure Public Cloud) unless stated to the contrary.
The following upgrade paths are supported for NetWitness Platform 188.8.131.52:
- RSA NetWitness Platform 11.2.x.x to 184.108.40.206
- RSA NetWitness Platform 11.3.0.x to 220.127.116.11
- RSA NetWitness Platform 11.3.1.x to 18.104.22.168
- RSA NetWitness Platform 11.3.2.x to 22.214.171.124
Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.
If you are upgrading from NetWitness Platform version 10.6.6.x, you must upgrade to 126.96.36.199 before you can upgrade to 11.4. See the RSA NetWitness Platform 10.6.6.x to 11.3 Physical Host Upgrade Guide and RSA NetWitness Platform 10.6.6.x to 11.3 Virtual Host Upgrade Guide for instructions on how to upgrade 10.6.6.x to 188.8.131.52.
Running in mixed mode occurs when some services are upgraded to the latest version and some services are on older versions. See "Running in Mixed Mode" in the RSA NetWitness Platform Hosts and Services Getting Started Guide for further information.
Upgrade Considerations for ESA Rule Deployments
If you are upgrading from 11.2.x.x to 11.4, migrated ESA rule deployments have the following changes.
- If an ESA rule deployment contains two services before you upgrade to 11.4, the deployment splits into two deployments. You can only have one ESA Correlation service in an ESA rule deployment in version 11.4.
- If an ESA service has multiple ESA rule deployments before you upgrade to 11.4, they are combined into one deployment in version 11.4.
You can still access your old deployments. For a detailed example, see the ESA Configuration Guide for RSA NetWitness Platform 11.4.
Change to Column Groups in the Events View
To improve consistency when loading results in the Events view, the number of columns in a column group is limited to 40.
After you upgrade to 11.4, column groups migrated to the Events view from the Legacy Events view still function with more than 40 columns. However, when you edit those groups, you receive a warning that tells you to reduce the number of columns below the limit of 40 columns.
Feedback on Product Documentation
You can send an email to email@example.com to provide feedback on NetWitness Platform documentation.
Use the following contact information if you have any questions or need assistance.