Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Update 11.5: Enable New Features

Document created by RSA Information Design and Development Employee on Sep 9, 2020Last modified by RSA Information Design and Development Employee on Nov 24, 2020
Version 5Show Document
  • View in full screen mode

There are many exciting new features that you can enable after you have upgraded to 11.5. The following is a list of the new features for each area of NetWitness Platform. For a detailed description of the new features in this release, see the Release Notes for RSA NetWitness Platform 11.5. Go to the Master Table of Contents to find all RSA NetWitness Platform 11.x documents.

Investigation - SIEM and Network Traffic Analysis

  • Springboard - Unified View for Detections and Signals
  • Expanded Network Visibility with Endpoint Data
  • Improved Navigation to Help Analysts Quickly Detect and Respond to Threats
  • A Powerful New Way to Filter Events in the Events View by Pivoting Through the Associated Metadata (BETA)
  • Separation of Each User's Private Investigate Content and Content That Is Shared between Users
  • Meta Groups Allow Analysts to Optimize the Attributes per Event in the Events View
  • Added Protection When Downloading Email Attachments and Files
  • Updated Context Menu Actions When Right-Clicking a Meta Value in the Events View
  • Added Ability to Download All Metadata in the Events View for Further Analysis or Evidence
  • Added Convenience with Optional Human-Readable Time Format in Downloads from the Events View
  • Details in the Jobs Queue Identify the Action or Query That Initiated a Failed Job

User Entity Behavior Analytics

  • Pivot from UEBA to view Network Events
  • Support for additional indicators for VPN Logs and Azure Active Directory
  • Enhanced Performance For Physical Deployments
  • New network indicators

Incident Response

  • Saved Filters are Available for the Incidents and Alerts Lists in the Respond View

Health and Wellness

  • Enhanced Health Monitoring and Visualization

Endpoint Investigation

  • Extended Linux Agent Support with Ubuntu
  • Extended Windows Agent Support for Windows 10, version 2004
  • Improved Visibility for Files on the Host
  • Ability to View Agent History
  • Support to Download Any Files

Endpoint Configuration

  • Throttle Network Bandwidth Parameter

Broker, Concentrator, Decoder and Log Decoder Services

  • Selective Network Data Collection
  • Expanded Coverage of Snort Rules
  • Network and Log Decoders Import Data While Capturing
  • Multiple Adapter Packet Capture
  • User Account and Aggregation Account Information Available in Audit Logs
  • Decoders Include the Decoder Identifier Value in Session Metadata Lists
  • Configure Packets and Logs to be Parsed Without Being Written

Event Stream Analysis (ESA)

  • Configure Memory Thresholds Individually for Each ESA Rule
  • Validate ESA rules within the Rule Builder or Advanced EPL Rule Builder
  • Esper Version Upgraded from version 8.2.0 to 8.4.0
  • A Filter Option is Available for ESA Rule Deployment Data Sources
  • Advanced EPL Rules Can Dynamically Update Context Hub Lists

Administration and Configuration

  • New Permissions for Investigate to Filter Events and Manage Meta Groups in the Events View
  • Manage Permissions for the New Respond Saved Filters for Incidents and Alerts Lists
  • Reporting Engine Content Administrator Role for Deploying Reporting Engine Content
  • New Tool for Reporting Engine Service Auto-Recovery
  • Option to Stop a Running Scheduled Reporting Engine Report
  • Improved Process for Changing IP Addresses
  • Warm Standby NW Server Can Have Different IP Address Than Active NW Server

Context Hub

  • Expand Threat Detection With Improved Threat Intel (Via STIX) Integrations

Log Collection

  • Native JSON Log Support & BETA UI
  • Raw Pass-through Options for Log Collector Plugins

Logstash Integration

  • Logstash Support

Previous Topic:Endpoint Upgrade Tasks
You are here
Table of Contents > Enable New Features