RSA announces the release of RSA NetWitness Orchestrator 6.0

Document created by RSA Product Team Employee on Apr 14, 2020Last modified by RSA Product Team Employee on Apr 14, 2020
Version 2Show Document
  • View in full screen mode


RSA is excited to announce the general availability of RSA NetWitness Orchestrator version 6.0 for both on-premises and cloud deployments. This new version of RSA NetWitness Orchestrator is an evolution of our orchestration and automation capabilities with inherent threat intelligence. RSA NetWitness Orchestrator serves as the connective tissue of the RSA NetWitness Platform and delivers context based on extensive threat-intelligence, shared across security operation teams to identify and more effectively investigate potential threats.


RSA NetWitness Orchestrator allows security operations teams to address threats quickly and consistently, unifying people and technology around the same game plan. This enables better collaboration and response through coordinated efforts and by automating repetitive tasks quickly and consistently. This allows decisions makers to easily communicate risk and act quickly with relevant insight throughout the course of the investigation.


Highlights Include:

RSA NetWitness Orchestrator enables interactive investigation with vast, enriched and contextualized threat-intelligence at the heart of the solution. This ensures that security teams have an immediate understanding of all related indicators to help make faster decisions. This threat intelligence correlates massive amounts of information from broad sources, it identifies relationships amongst indicators, threat actors, campaigns, and your environment, delivering a panoramic view of the threat landscape. RSA NetWitness Orchestrator allows you to:


Orchestrate with Better Speed and Precision

  • Apply analytical processes with vast threat intelligence for more accurate workflows while minimizing time spent chasing false-positives. It’s not as simple as being able to ingest lots of threat intelligence feeds or act from a shared Indicator of Compromise. It’s about making sense of them at scale with adaptable scoring and contextualization to know what action to take, if any, based off it.

Automatically Alert, Block, and Quarantine for Better Operational Efficiency

  • Even for lower level tasks like alerting and blocking, having relevant threat intelligence is important. Automated detection and prevention tasks can be executed without analyst interaction and minimize the amount of resources consumed by repetitive tasks.

Empower Analysts and Teams and Boost Output

  • Security teams spend too much time figuring out how to get the information they need to make an informed decision during an investigation. We give analysts a single point of collaboration and response, automating both data enrichment and response processes. This means that analysts have all the context they need when hunting and responding to threats, letting them focus their time on analysis.

Be Proactive and Act with Confidence

  • Situational awareness and historical context are key to making decisions with confidence. Working directly from threat intelligence allows you to work quicker and prevent attacks from having an impact. The more you can automate up front, the more proactive you can be.

Improve Over Time

  • In order to stay ahead of new and emerging threats you must learn from the past. You can memorialize all information to strategically look at your processes to determine how to improve and be better prepared for the next threat. 


For More Information:
For additional documentation, integrations and more, visit the RSA NetWitness Orchestrator  page on RSA Link.

For data sheets and other similar content, visit the RSA Security Automation and Orchestration page on


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.