RSA announces the release of Security Analytics 10.6.1

Document created by RSA Link Team Employee on Nov 10, 2016
Version 1Show Document
  • View in full screen mode

Originally published on July 20, 2016



RSA is pleased to announce the general availability of RSA Security Analytics 10.6.1


This is a service pack that includes new and enhanced features along with 52 fixes. The following are the highlights of the release. Please refer to product documentation for further details.


RSA Live Connect a community driven cloud based threat intelligence service is introduced. It enables bi-directional sharing of information with trusted circles. With Threat Insights, analysts can now quickly gain IP based insight from peers in the community during investigations. Using Analyst Behaviors analysts can share intelligence with the community.


STIX (Structured Threat Information Expression) is added as a new type of Feed to enable open standards exchange of Intelligence from wide variety of private and public sources.


ESA enhancements include flexible warm-up period control, audit logging of ESA rules and wildcard support for domain whitelisting.


Log Collector now has enhanced log parsing and parser mapping. Specific types of events can be filtered in Windows Legacy Collector and windows event logs can be generated in .evtx format.


Reporting enhancements include sharing dashboards, setting up favorite dashboards, syntax validation enhancements to App rules and custom report output formats.


Investigation enhancements include event reconstruction limit override by analysts during investigation, ranges in IPV6 addresses, out-of-the-box meta groups and profiles.


Administration has enhanced audit log, support for server prefix on the browser, CRL and certificate expiry notifications.


Context Hub now adds community intelligence from RSA Live Connect to its already existing custom lists, ECAT and Incident Management data.


Further, in this release RabbitMQ, MaxMind DB and Esper are upgraded to their latest versions.



  • 1 issue with Security
  • 10 issues with Server
  • 1 general fix
  • 3 issues with Log Collector
  • 1 issue with Malware
  • 1 issue with Event Source Monitoring
  • 1 issue with Health & Wellness
  • 1 issue with Licensing
  • 2 issues with Investigation
  • 3 issues with Administration
  • 7 issues with Reporting
  • 15 issues with Event Stream Analysis
  • 5 issues with Core


Please refer to the RSA Security Analytics 10.6.1 Release Notes for details on fixes referenced above and for update instructions.


Affected Products:

  • RSA Security Analytics 10.5.1 orlater
  • RSA Security Analytics 10.6.0 or later



Customers running Security Analytics 10.5.x.x or 10.6.x.x should apply this patch. For customers of earlier versions, please refer to the upgrade documentation for full details of supported upgrade paths.


For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.