RSA announces the release of RSA Security Analytics 10.6.2

Document created by Angela OConnell Employee on Nov 29, 2016
Version 1Show Document
  • View in full screen mode


RSA is pleased to announce the general availability of RSA Security Analytics 10.6.2.


This is a service pack includes new and enhanced features along with 75 fixes. The following are the highlights of the release. Please refer to product documentation for further details. 


Behavior Analytics Automated Threat Detection on web proxy logs allowing Behavior Analytics Automated Threat Detection on supported web proxy logs.


Live Content Starter Bundles is a new feature provided via RSA Live to deliver groups of related content. These include the Starter Logs, Starter Packets, and Hunting Pack.


Content Categorization for Investigation and Hunting can be classified and organized to support Information Security Incident Response. In addition, content is tagged (Application Rules and Parsers) based on proven hunting methodologies for advanced threat detection. By combining categorization and tagging, analysts are now equipped with a more directed discovery and inspection while performing information security investigations.


Updated Detection for high profile Malware / Ransomware to detect expanded malware detection with Cerber and Locky Ransomware variants, the Hunting Pack is available via RSA Live. The Hunting Pack is designed to allow you to quickly hunt for Indicators of Compromise and anomalous network activity by dissecting packet traffic and leveraging the Hunting specific meta-keys.


Support for Microsoft Azure Logs providing for integration Microsoft Azure infrastructure to monitor the administrator activity.


Out-Of-The-Box Dashboards (OOTB) available such as Overview, Identity, Operations-Logs, Operations-Network, Threat-Indicators, Threat-Intrusion.


Report on Alerts and Incidents against Incident Management Alerts and Incidents.


ESA Enhancements to rule logic to make it easier to create rules across different device types and added unique identification number for alerts in Event Stream Analysis Summary view to better track individual alerts, especially when viewing aggregated alerts.


Investigation Enhancements including rt-click copy option available on Meta value in navigate event and reconstruction views and capability to view entire Meta value without truncation.


H&W Visibility improvements for additional insight for administrators to monitor and alert on custom feed issues.

Further, in this release progressive DataDirect ODBC driver is updated to version 7.1.6.



  • 15 issues with Security
  • 10 issues with Server
  • 6 issues with Log Collector
  • 4 issues with Malware Analysis
  • 2 issues with Incident Management
  • 6 issues with Health and Wellness
  • 8 issues with Investigation
  • 2 issues with Administration
  • 3 issue with Reporting
  • 2 issues with Context Hub
  • 6 issues with Event Stream Analysis
  • 11 issues with Core Services



Security fixes like dirty cow and other security fixes are also available. Please refer to RSA Security Analytics Release Notes for details on fixes referenced above and for update instructions.


Affected Products:

RSA Security Analytics 10.5.1 or later

RSA Security Analytics 10.6.0 or later




Customers running Security Analytics 10.5.1.x or 10.6.x.x should apply this patch. For customers of earlier versions, please refer to the upgrade documentation for full details of supported upgrade paths. 


For additional documentation, downloads, and more, visit the RSA NetWitness Suite page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.