The RSA NetWitness Platform 11.5.2 release provides new features and enhancements for every role in the Security Operation Center.
The following upgrade paths are supported for NetWitness Platform 18.104.22.168:
- RSA NetWitness Platform 11.3.x.x to 22.214.171.124*
- RSA NetWitness Platform 11.4.x.x to 126.96.36.199
- RSA NetWitness Platform 11.5.x.x to 188.8.131.52
* If you are upgrading from 184.108.40.206, or 220.127.116.11, you must upgrade to 18.104.22.168 before you can upgrade to 22.214.171.124.
If you are upgrading from NetWitness Platform version (10.6.6.x) or (11.2.x.x or below), you must upgrade to 126.96.36.199 before you can upgrade to 188.8.131.52. For more information, see the guides that apply to your environment.
For more information on upgrading to 184.108.40.206, see Upgrade Guide for RSA NetWitness Platform 11.5.2.
The following sections are a complete list and description of enhancements to specific capabilities:
- Endpoint Investigation
- Investigation - SIEM and Network Detection & Response
- Broker, Concentrator, Decoder and Log Decoder Services
To locate the documents referred to in this section, go to the RSA NetWitness Platform 11.x Master Table of Contents. Product Documentation has links to the documentation for this release.
Enhanced License Status
If your deployment is in a breach state, you can bring the state back to normal by keeping the usage in a compliant state for 7 consecutive days.
Extended Windows Agent Support for Windows 10 version 20H2
Extended agent support for Windows 10 version 20H2 (32 and 64-bit). For more information, see the NetWitness Endpoint Agent Installation Guide.
Investigation - SIEM and Network Detection & Response
Enhanced Query Builder UI
The following UI enhancements make the query bar more responsive and user friendly. These enhancements provide a visual aid that helps analysts to utilize filters more efficiently.
A filter awaiting input is highlighted with a blue color border. You can click X to delete the filter in the edit mode.
An invalid filter is highlighted with a red color border.
Guided filters display the associated new meta key icons.
Filters display unique icons that help analysts to distinguish among them. For example, in the following figure, the text search filter and the free-form filter are prefixed with unique icons.
For more information on how to use filters and query bar, see the "Filter Results in the Events View" topic in the NetWitness Investigate User Guide.
Broker, Concentrator, Decoder and Log Decoder Services
Network Virtualization Enhancements
To further support enterprises that use network virtualization to segment their networks, the Decoder automatically performs decapsulation of the Virtual Extensible LAN (VXLAN) protocol. There is no configuration required to enable this functionality. When Decoder ingests network traffic available on UDP-4789, it analyzes the traffic for VXLAN and parses the decapsulated Ethernet frames.