Understand Maintenance and Administrative Services

The NetWitness Cloud SIEM service subscription provides routine management, maintenance, and updating to enable a high-performance experience with access to current features and functionality for all product users. There are maintenance and administrative activities also required by NetWitness Cloud SIEM product customers. NetWitness and customer-driven maintenance activities and restrictions are outlined in this section.

NetWitness Maintenance And Administration Responsibilities

  • NetWitness application and services are operational.
  • NetWitness core software services have minimal downtime.
  • Timely releases of Upgrades, Patches and Hotfixes.
  • No issues with VPN connectivity between NetWitness Cloud SIEM and log collectors, if used.
  • Search and Reporting functionality work as expected.
  • Alerts generation has minimal delay and Incidents are created for analysis.

Maintenance And Upgrade Experience

NetWitness Cloud SIEM is centrally maintained and upgraded by NetWitness to ensure that all customers are provided with a high-performance solution inclusive of the latest features and functionality.

Each NetWitness Cloud SIEM instance will be upgraded to the previous minor release within 30 days of the most recent minor release. For example, NetWitness Cloud SIEM environments will be upgraded to v11.5.1 within 30 days of the release of NetWitness Platform v. 11.5.2. NetWitness Cloud SIEM end-user environments are purposefully maintained at the most recent previous minor release to ensure a high-quality experience and for any relevant bug-fixes to applied prior to upgrading.

Routine maintenance and upgrade activities require planned downtime during which the NetWitness Cloud SIEM platform will be unavailable. End users will be notified of the planned service outage at least 14 days prior to the event, and will be provided with an option to elect a secondary window in the event of a potential conflict. NetWitness makes a best effort to schedule planned downtime for maintenance and upgrades outside of normal business hours to minimize operational disruption.

If unscheduled emergency maintenance is required, NetWitness will make reasonable efforts to notify customer contacts of a downtime event.

Customer Maintenance And Administration Responsibilities

  • Log Collector or Virtual Log Collector is configured and can successfully communicate to NetWitness Cloud SIEM.
  • Event Sources are configured properly for collection, including network connectivity.
  • If utilized, threat detection content is properly updated.
  • Communication w/ NetWitness support related to planned downtime for maintenance activities.
  • Updating primary points of contact with NetWitness Customer Support.
  • Monitoring storage utilization to ensure adequacy for Customer’s desired retention periods.

Shared Responsibilities

As you consider and evaluate NetWitness Cloud SIEM services, it’s critical to understand the shared responsibility model and which deployment and administration tasks are handled by NetWitness and which tasks are handled by you.

know more about the shared responsibility model

Customer Restrictions

To meet the outlined Service Level Agreements for the NetWitness Cloud SIEM offering, the below Customer Restrictions are in place for the Cloud SIEM environment. These restrictions ensure the appropriate SLA is delivered to the Customer.

  • No use of Linux dsadmin account.
  • No use of NetWitness UI local admin account.
  • No adjustment of Linux LVMs.
  • No adjustment of settings in NetWitness Explore tab.
  • No installation of additional Linux packages or repos on servers.
  • No use of ElasticSearch admin account.
  • No adjustment to OpenVPN Configurations.
  • No data egress beyond allowances outlined in Performance Considerations section.

Technical Support

All NetWitness Cloud SIEM subscriptions include access to NetWitness enhanced technical support plan. Enhanced Support delivers 24 x 7 around-the-clock remote support and access to NetWitness global network of support centers for troubleshooting.

Leverage our Secure Remote Support to ensure your issues are proactively managed in our Global Support Centers.

Please visit Support Plans and Options page for more information.

NetWitness Personalized Support Options

NetWitness Personalized Support Options are designed to complement NetWitness service contracts with access to technical experts any time, day or night, and provide customers with a strategic personalized support relationship. With NetWitness Personalized Support Options, organizations can enjoy a support relationship with NetWitness that encompasses the entire product life cycle—from initial product integration to ongoing utilization.

The following Personalized Support Options offer supplemental services that can be added to any new or existing NetWitness support contract:

  • Service Account Manager (SAM): This option adds a dedicated Service Account Manager(s) to function as an internal advocate who works with primary contacts within a customer organization. The SAM option provides a designated contact responsible for providing weekly reporting, onsite account reviews, priority support, request for enhancement visibility, and more.
  • Designated Support Engineer (DSE): This option provides specialized expertise with a technical contact personally accountable for ensuring the fastest possible remote resolution to questions and problems for product-specific issues.

Please visit the Support Plans and Options page for additional information regarding NetWitness Technical Support and Personalized Support options.

See also

Network Connectivity and Data Transfer