RSA announces the release of RSA NetWitness Platform 11.4.1

Document created by RSA Product Team Employee on Apr 15, 2020Last modified by RSA Product Team Employee on Apr 15, 2020
Version 2Show Document
  • View in full screen mode


RSA is pleased to announce the general availability of RSA NetWitness Platform 11.4.1, which introduces improvements for analyst investigations, log management, and platform administration and other fixes. Highlights Include:


Email Reconstruction Directly Within Events

  • The Email Reconstruction has been redesigned so that analysts can reconstruct email sessions without leaving the Events view.

Improved Threat Aware Authentication Capabilities

  • RSA NetWitness Respond server can now send the Active Directory usernames for high risk users from incidents to RSA SecurID, improving the Threat Aware Authentication capabilities of the platform.

Better Workflow Across Sessions

  • Analysts can now group events in a more powerful manner from split and related sessions to easily detect relationships in captured data.

Query Building Made Easy

  • New Query Building capabilities enable analysts to use powerful features such as auto-completion from typed text, copying queries to clipboard, keyboard commands to define filters, and auto-population of operators to create filters.

New Customer Experience Improvement Program

  • We have revamped our active feedback capabilities so we can get direct application usability feedback. While this is an optional program, the more feedback we get the better we can design and build future versions of the RSA NetWitness Platform.

Other Features & Fixes:

  • Events List Enhancements: New column sorting controls to sort the Events list and preferences to list events without sorting provide a better user experience for analysts.
  • Custom Certificates on Log Decoders and Log Collectors: The platform now enables an ability to use your own trusted certificates instead of pre-installed certificates for the syslog listener on Log Decoders and Log Collectors.
  • Event Source Visualization and Search Improvements: Event sources can now be searched using address (IP/hostname) or Name on Log Collectors to easily view required sources. Historical graphs have been moved to Event Sources Management from Health & Wellness in line with other event source information.
  • Single Sign-On Extended to Multiple-Instances: Powerful Single Sign-On capabilities introduced in version 11.4.0 are now supported for multiple RSA NetWitness Platform User Interface instances.



Additional details about what's included in version 11.4.1 and upgrade instructions can be found in the  Release Notes and Upgrade Guide.  Additional documentation updates for version 11.4.1 are initially available only in PDF and can be found atRSA NetWitness Platform 11.4. The online documentation updates will be available shortly.


For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.