RSA announces the release of RSA NetWitness Platform 11.3.2
The NetWitness Platform 220.127.116.11 release provides new features and enhancements for every role in the Security Operation Center as well as addressing several defects. These improvements include, usability improvements to the Respond Incident List, improved identification of HTTP/2 sessions, improved endpoint visibility into remote console events and support for WinRM in UEBA.
Key Incident Information and Workflow Actions Are More Readily Accessible in the Respond View
Critical information that analysts need to resolve incidents quickly is now more readily available through improved layout and labeling within Respond.
Usability improvements to the Respond view layout and labeling provide The following benefits:
Enables analysts to work more quickly and efficiently to resolve incidents.
Reduces the amount of analyst training required.
Incident Details and List View Usability Improvements
Clicking on arrow now opens the Overview panel and selects the checkbox so that you can take actions on that row, such as changing the priority, status, or assignee. This reduces clicks and improves consistency with other tables in NetWitness platform.
Both the Journal and Tasks are more visible and easier to locate as well as Related Indicators being easier to access.
Related Indicators are now located on the left-side panel where they are frequently used.
Network Parsers Identify and Tag HTTP/s Sessions
NetWitness Platform native network parsers have been improved to identify HTTP/2 sessions and tag them with service=80 meta type. This improves identification only.
Endpoint Visibility into Remote Console Events
Analysts can obtain complete visibility into commands remotely executed by an attacker on a compromised host using the reverse shell technique. Analysts can view these events in the Navigate and Event Analysis view.
Additional Data Source Support for UEBA
NetWitness UEBA now supports the WinRM (Windows Remote Management) data source, which enables data collection from NetWitness Endpoint agents. This enables the analyst to collect endpoint logs from remote systems and perform analytics to discover, investigate, and monitor risky behaviors across all users and entities in the network environment.
Upgrade to CentOS 7.6 Version
RSA upgraded the Operating System (OS) version onto which NetWitness 11.3.2 is deployed from CentOS 7.4 to CentOS 7.6. This upgrade was required to keep current with the latest security updates and improvements in 7.6.