RSA announces the release of RSA NetWitness Platform 11.5.1

Document created by RSA Product Team Employee on Nov 12, 2020Last modified by RSA Product Team Employee on Nov 12, 2020
Version 2Show Document
  • View in full screen mode

Summary:

RSA is pleased to announce the general availability of RSA NetWitness Platform (RNWP) v11.5.1. This release provides users improved platform flexibility and operational performance as well as enhancements to analyst experiences to drive faster threat identification, decision-making, and resolution.

 

**Upgrade Note** Throughput License Calculation Changes: This release includes fixes to the metrics used in reporting for Network (Packet) Throughput usage. License metrics now include network traffic that is being analyzed and creates metadata. Customers should expect their Network Throughput License usage metrics to increase, which may cause License Violation banners in some situations. As part of this release, the product team has temporarily adjusted Out-of-Compliance notifications for Network Throughput licenses to delay by 45-days prior to Customers receiving a License violation banner. For more information on resolving licensing violations, see the RSA Community page on Licensing.

 

Maximize Storage & Performance with Expanded Network Collection Flexibility

Selective Collection includes additional network protocols: Platform administrators can choose to modify their collection and retention preferences for 41 additional protocols. A new detail panel displays previews of the policy that includes data about decoders that published the policy, protocol rules, and last policy update information.

 

Gain Additional Threat Visibility with Improved Log Collection

JSON Log Mapping automatically adds mappings for the JSON nodes in a log: Users now only choose meta values to complete JSON mapping. Once complete, JSON nodes and values are highlighted in the JSON tree, allowing a user to identify which nodes are mapped.

 

Find Threats in More Locations with Improved OS Support for Endpoint Agents

Support for SUSE Linux: SUSE Linux 12 and SUSE Linux Enterprise Server 12 SP5 and later is now supported by the RNWP Endpoint Agent.

 

CPU Throttling for Manual Scans: Analysts can choose the CPU utilization with on-demand host scans to enable a timely system snapshot while balancing performance impacts to the end user / endpoint.

 

Make Decisions on Threats & Risks Faster with Improved Analyst Workflows

Expanded endpoint alert integration with Network Sessions: Network events are further enriched with host information to speed investigation; events now include alerts and process details associated with the enriched host values.

 

User Profile Baselines (UEBA): UEBA now shows modeled behaviors for users within a day of the service configuration. This allows Analysts to explore user behaviors even if they don't rise to a critical level to better understand baseline behaviors.

 

Improved search performance: N-gram functionality is enabled by default to improve the free-text search experience, allowing users to search sub-strings of text providing more accurate results.

 

JSON Viewer in Investigations: Analysts can render the text reconstruction of a log event in easy-to-read JSON format instead of the raw block format using the Render JSON toggle.

 

Investigation using Event Time: Analysts now have the option to use the Event Time of log events in their investigation providing more flexibility in investigation granularity.

 

Manual Column Width Adjustments Automatically Apply: Column width is preserved as a personal preference when and Analyst adjusts the view and is applied every time the column is used in the Events list, overriding any default column width.

 

Gain More Value from Your RNWP Data with Other Improvements including:

Network Export Connector: The RSA NetWitness Export Connector 1.0 is a plugin for Logstash that can be used to export RSA NetWitness Platform events (metadata and/or raw logs) and route the data where you want--all in continuous, streaming fashion. This new connector can replace the Warehouse Connector and provides expanded options.

 

Improved Reporting of Throughput Licensing Usage: Reporting of Throughput usage was corrected to accurately report the network traffic being analyzed and creating metadata. Improvements were also made to enable an administrator to view usage of both traditional network and new meta-only licenses and actual usage. Usage export by device was also improved to report on network traffic analyzed (resulting in metadata) and network traffic retained.

 

RAID Optimizations: When allocating PowerVault storage to a decoder / log decoder, Administrators now have a configuration option to include a hot-spare.

 

Customer Ideas that were Implemented in this Release:

 

This release includes the following customer voted ideas:

 

 

Have a great idea for Improving the RSA NetWitness Platform? Check out the RSA Ideas for the RSA NetWitness Platform portal and either submit your idea for improving the RSA NetWitness Platform or vote up previously submitted ideas!

 

For More Information on the Release and Upgrade Instructions:

 

Review the RSA NetWitness® Platform 11.5.1 Update Instructions and Release Notes available on RSA Link (RSA NetWitness Platform 11.5.1) before you update.

 

For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes