RSA announces the release of RSA NetWitness Platform 11.4

Document created by RSA Product Team Employee on Jan 31, 2020Last modified by RSA Product Team Employee on Jan 31, 2020
Version 2Show Document
  • View in full screen mode


RSA is excited to announce the general availability of RSA NetWitness Platform version 11.4 that delivers expanded machine learning and threat detection capabilities along with powerful analyst usability improvements that enable security teams to identify and respond faster to threats against their enterprise.


RSA NetWitness Platform version 11.4 introduces new features in analyst investigation, UEBA, Respond, administrative functions, and RSA NetWitness Endpoint, that collectively make security teams more efficient and arm them with the most relevant and actionable security data.


Highlights Include:


Enhanced Investigation Capabilities: Fully integrated free-text search, auto-suggestion, & search profiles

  • The RSA NetWitness Investigate view now includes an improved initial workflow for Analysts that combines the Events and Event Analysis views into a single optimized experience. Analysts can seamlessly integrate meta-key and free-text searches in a query during investigations. These features also use auto-suggestion to help construct relevant queries during an investigation and use built-in profiles to quickly refine investigations.

Smarter Network Threat & Anomaly Detection: UEBA expanded to analyze packet data with 24 new indicators

  • RSA NetWitness UEBA now uses network packet metadata as a key data source for machine learning and applies this data to anomaly detection models in order to detect malicious attacker activity – minimizing blind spots for security teams. Twenty-four new indicators across multiple network session identifiers provide alerts and risk scores to analysts for a faster response.

Improved Visualization of Incidents: Respond visualizations are clearer with enhanced relationship mapping

  • RSA NetWitness Respond’s nodal visualization of incidents has been improved to clearly highlight entity relationships, group like-nodes, and layout entities in a more logical manner to improve analysts initial understanding of an incident. Additional enhancements include improvements to search functions in the Alert and Incident views, richer incident notifications, and access restrictions for Incidents.

Expanded Functions for Endpoint Response: Powerful Host forensic actions and dynamic analysis directly from the RSA NetWitness Platform

  • Analysts can now investigate a suspicious host and rapidly respond to control the spread of an attack by isolating the host from the network. Files can be automatically downloaded to capture attacker executables before they can be deleted and the host process viewer now provides dynamic context about risk scores, event types, process execution, and file properties. Analysts can also download the Master File Table from suspicious hosts to perform additional forensics.

Simplified File Collection from Endpoint Agents

  • RSA NetWitness Endpoint agents now support collection of File Logs in addition to current capabilities to forward Windows Logs and monitor hosts for advanced threats. This new File Collection capability is available in both the RSA NetWitness Endpoint and Endpoint Insights (free) agent (Windows only).

Single Sign-on Capability

  • Single Sign-On streamlines authentication for the RSA NetWitness Platform. The product supports Active Directory Federation Services (ADFS) as an Identity Provider (IdP) and uses SAML 2.0 as the protocol for single sign-on.

Distributed Analyst User Interfaces

  • Multiple RSA NetWitness Platform UI instances can be deployed for analyst purposes across multiple geographic locations to reduce latency.

New Health and Wellness (BETA)

  • New Health and Wellness (BETA) monitoring functionality enhances administrator capabilities to monitor RSA NetWitness hosts and services for problems, performance challenges, and resource utilization. Health and Wellness provides customizable dashboards and enables administrators to easily identify anomalies on critical hosts and services in a large deployment. Administrators will need to install this BETA capability after upgrading to version 11.4.


For More Information 

  • Please review the RSA NetWitness® Platform 11.4 Update Instructions and Release Notes available here on RSA Link before you update.


For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.