RSA NetWitness Platform 18.104.22.168 provides enhancements and fixes for all products in the Platform. The components of the platform are: The NetWitness Server (Admin server, Config server, Integration server, Investigate server, Orchestration server, Respond server, Security sever, and Source server), Archiver, Broker, Concentrator, Context Hub, Decoder, Endpoint Broker, Endpoint Log Hybrid, ESA Primary, ESA Secondary, Health & Wellness Beta, Log Collector, Log Decoder, Log Hybrid, Log Hybrid Retention, Malware Analysis, Network Decoder, Network Hybrid, Reporting Engine, UEBA, and Warehouse Connector.
The instructions in this guide apply to both physical and virtual hosts (including AWS and Azure Public Cloud) unless stated to the contrary.
The following upgrade paths are supported for NetWitness Platform 22.214.171.124:
- RSA NetWitness Platform 11.2.x.x to 126.96.36.199
- RSA NetWitness Platform 11.3.0.x to 188.8.131.52
- RSA NetWitness Platform 11.3.1.x to 184.108.40.206
- RSA NetWitness Platform 11.3.2.x to 220.127.116.11
Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.
If you are upgrading from NetWitness Platform version 10.6.6.x, you must upgrade to 18.104.22.168 before you can upgrade to 11.4. See the RSA NetWitness Platform 10.6.6.x to 11.3 Physical Host Upgrade Guide and RSA NetWitness Platform 10.6.6.x to 11.3 Virtual Host Upgrade Guide for instructions on how to upgrade 10.6.6.x to 22.214.171.124.
The following matrix shows all the supported upgrade paths.
Running in mixed mode occurs when some services are upgraded to the latest version and some services are on older versions. See "Running in Mixed Mode" in the RSA NetWitness Platform Hosts and Services Getting Started Guide for further information.
Upgrade Considerations for ESA Rule Deployments
If you are upgrading from 11.2.x.x to 11.4, migrated ESA rule deployments have the following changes.
- If an ESA rule deployment contains two services before you upgrade to 11.4, the deployment splits into two deployments. You can only have one ESA Correlation service in an ESA rule deployment in version 11.4.
- If an ESA service has multiple ESA rule deployments before you upgrade to 11.4, they are combined into one deployment in version 11.4.
You can still access your old deployments. For a detailed example, see the ESA Configuration Guide for RSA NetWitness Platform 11.4.
Change to Column Groups in the Events View
To improve consistency when loading results in the Events view, the number of columns in a column group is limited to 40.
After you upgrade to 11.4, column groups migrated to the Events view from the Legacy Events view still function with more than 40 columns. However, when you edit those groups, you receive a warning that tells you to reduce the number of columns below the limit of 40 columns.
Feedback on Product Documentation
You can send an email to email@example.com to provide feedback on NetWitness Platform documentation.
Use the following contact information if you have any questions or need assistance.
|Phone||1-800-995-5095, option 3|
|Basic Support|| |
Technical Support for your technical issues is available from 8 AM to 5 PM your local time, Monday through Friday.
|Enhanced Support||Enhanced Support Technical Support is available by phone 24 x 7 x 365 for Severity 1 and Severity 2 issues only.|