RSA NetWitness Platform 22.214.171.124 provides enhancements and fixes for all products in NetWitness Platform. The instructions in this guide apply to both physical and virtual hosts (including AWS, Azure Public Cloud, and Google Cloud Platform) unless stated to the contrary.
In 11.5, NetWitness Platform has several new features in the user interface. Administrative tasks are consolidated as icons in the upper right corner to keep administration, configuration, notifications, jobs, and user preferences together. The following figure shows the new top-level navigation. For additional information, refer to "NetWitness Platform Basic Navigation" in the NetWitness Platform Getting Started Guide.
The following upgrade paths are supported for NetWitness Platform 126.96.36.199:
- RSA NetWitness Platform 11.3.x.x to 188.8.131.52 *
- RSA NetWitness Platform 11.4.x.x to 184.108.40.206
* If you are upgrading from 11.2.x.x, 220.127.116.11, or 18.104.22.168, you must upgrade to 22.214.171.124 before you can upgrade to 11.5.
If you are upgrading from NetWitness Platform version 10.6.6.x, you must upgrade to 126.96.36.199 before you can upgrade to 11.5.
For upgrading from 10.6.6.x to 188.8.131.52, see the following guides that apply to your environment:
- Physical Host Upgrade Guide for 10.6.6.x to 11.3
- Virtual Host Upgrade Checklist and Guide for 10.6.6.x to 11.3
- AWS Upgrade Guide for 10.6.6.x to 11.3
- Azure Upgrade Guide for RSA NetWitness Platform Version 10.6.6 to 11.3
For upgrading from 11.2.x.x, 184.108.40.206, or 220.127.116.11, see the Upgrade Guide for RSA NetWitness Platform 18.104.22.168. This guide applies to both physical and virtual hosts (including AWS and Azure Public Cloud).
Running in mixed mode occurs when some services are upgraded to the latest version and some services are on older versions. See "Running in Mixed Mode" in the RSA NetWitness Platform Hosts and Services Getting Started Guide for further information.
Upgrade Considerations for ESA Hosts
Mixed mode is not supported for ESA hosts in NetWitness Platform version 11.5 and later.
Upgrade Considerations for ESA Analytics
The Event Stream Analytics Server (ESA Analytics) service is not supported or available in NetWitness Platform version 11.5 and later. The Whois Lookup Configuration and ESA Analytics Mapping panels are no longer in the user interface (Admin > System).
Upgrade Considerations for STIX Custom Feeds
The custom feeds created before version 11.5 are processed automatically. On upgrade, the data sources created for ADHOC, REST and TAXII server and the feeds are pulled automatically. See "Create a STIX Custom Feed" in the RSA NetWitness Platform Live Service Management Guide and "Configure STIX as a Data Source" in the RSA NetWitness Platform Context Hub Configuration Guidefor further information.
Change to Column Groups in the Events View
To improve consistency when loading results in the Events view, the number of columns in a column group is limited to 40.
If you are upgrading from version 11.4 or later, after you upgrade to 11.5, column groups migrated to the Events view from the Legacy Events view still function with more than 40 columns. However, when you edit those groups, you receive a warning that tells you to reduce the number of columns below the limit of 40 columns.
Upgrade or install Windows Legacy Collection
Refer to the Windows Legacy Collection Guide for RSA NetWitness 11.x (https://community.rsa.com/docs/DOC-103165).
Feedback on Product Documentation
You can send an email to firstname.lastname@example.org to provide feedback on NetWitness Platform documentation.