RSA Announces the Availability of RSA NetWitness® Endpoint 4.4

Document created by RSA Product Team Employee on Oct 19, 2017Last modified by RSA Product Team Employee on Oct 19, 2017
Version 2Show Document
  • View in full screen mode

RSA, a Dell Technologies business, is pleased to announce the general availability of RSA NetWitness® Endpoint 4.4. Leveraging unique, continuous endpoint behavioral monitoring and advanced machine learning, RSA NetWitness Endpoint provides deep visibility into endpoints to more accurately and rapidly identify new, unknown, and non-malware attacks that other endpoint solutions will miss completely.


This release includes exciting new features and improvements to RSA NetWitness Endpoint that enhance the overall SOC analyst experience.


Endpoint Metadata Integration with RSA NetWitness® Suite:

RSA NetWitness Endpoint 4.4 focuses on expanding its integration capabilities with the RSA NetWitness Suite.  Already an integral part of the Suite, RSA NetWitness Endpoint can now transform its deep endpoint visibility into powerful metadata for even tighter integration and incorporation in the new analyst experience workflows of the RSA NetWitness Suite – providing a single place for detection and response across logs, network and endpoint data. 


When used as part of the RSA NetWitness Suite, the new end-to-end workflow now supports the following:


  • The ability to use alerts generated by RSA NetWitness Endpoint to create and track incidents in the new Respond view of the RSA NetWitness Suite.
  • The ability to combine host-based metadata with metadata from RSA NetWitness® Logs & Packets in the Investigate workflow of the RSA NetWitness Suite to provide more pervasive visibility across the enterprise. (Minimum requirement: RSA NetWitness Endpoint 4.4 and RSA NetWitness Logs & Packets 11.0).
  • Deeper integration with Context Hub in the RSA NetWitness Suite displays more relevant endpoint data in one screen for analysts to preview prior to pivoting to the RSA NetWitness Endpoint user interface for deeper investigations and response actions.



WFP Support

RSA NetWitness Endpoint 4.4 adds support for the Microsoft Windows Filtering Platform (WFP), which is now the default network monitoring module for Microsoft Windows operating systems, starting with Microsoft Windows 7 and Microsoft Windows Server 2003. The legacy system (TDI) remains available as an option. This change improves overall stability in the agent, especially when interacting with 3rd-party monitoring software.


Microsoft SQL Server 2016 Standard Edition Support

For additional customer flexibility, RSA NetWitness Endpoint 4.4 now supports Microsoft SQL Server 2016. Through the use of Microsoft SQL Server 2016 Standard Edition licensing, customers may reduce total cost of ownership.  Microsoft SQL Server 2016 Standard Edition may allow certain customers to run up to 20K endpoints without the need for a Microsoft SQL Server Enterprise license.


Recommendations for RSA NetWitness Endpoint customers:


Review the Release Notes for RSA NetWitness Endpoint 4.4 for more information about the updates made in this version.


Documentation is available for download through the following links:


RSA NetWitness Endpoint 4.4 Installation Guide can be found here.

RSA NetWitness Endpoint 4.4 User Guide can be found here.

RSA NetWitness Endpoint 4.4 Release Notes can be found here.


For additional documentation, downloads, and more, visit the RSA NetWitness Suite page on RSA Link.


For more information about RSA NetWitness Endpoint, visit:


For instructions on obtaining your RSA NetWitness Endpoint license, follow the instructions here:


For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.


EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.