What's New
The following features and enhancements have been introduced in NetWitness Insight:
September 25, 2024
New Assets View for Network Assets Detection and Investigation
NetWitness introduces a new Assets view within the Hosts > Assets menu. This view provides a centralized location where all the Network assets are detected within your environment along with their associated details, such as the asset IP, asset type, asset category, enterprise network exposure, peer network exposure, peer activity exposure, first seen, and last seen. You can use filters to narrow down the assets by different criteria. This view helps analysts to easily identify and prioritize assets behaving abnormally or unfamiliar assets, enabling them to take immediate action to mitigate any potential security risks.
For more information, see the topic Manage Network Assets from Hosts View.
New Insight Alerts for Network Assets
NetWitness introduces two new Insight alerts to help you monitor and respond to changes in your network assets. These alerts are available in the Respond > Alerts view and are based on the asset type and the exported services of each asset.
-
Asset type change over time: This alert is generated when there is a change in an asset’s type (for example, client to server) after the same type was observed for 7 consecutive days.
-
Asset exported services change over time: This alert is generated if there is a change in the services that are exported by an asset after the same services were observed for 7 consecutive days even if the asset category remains unchanged.
These alerts help analysts to identify and investigate any potential anomalies or threats in their environment.
For more information, see the topic View Insight Alerts from Respond View.
June 25, 2024
Improved Network Assets Identification and Classification
This release introduces improvements to the NetWitness Analytics network asset identification process to ensure accurate classification and reduce misconfigurations.
-
If users are running Port Scanners in their environment, it is important to remember that these Port Scanners can generate significant traffic. Such traffic could impact the NetWitness Analytics and result in misclassification of servers as clients, affecting enterprise network exposure, peer network exposure rankings, asset category, and detection accuracy for each asset. To prevent network asset misclassification, contact NetWitness Customer Support and provide them with the list of Port Scanner IPs. Your information will be used by NetWitness Analytics to improve asset identification and classification.
-
If users do not follow the RFC 1918 standard and use a different standard to define their internal IP addresses, NetWitness Analytics may not recognize them correctly. As a result, some internal assets may be classified as external assets or vice versa. To avoid this issue, contact NetWitness Customer Support and provide them with your internal IP ranges. Your information will be used by NetWitness Analytics to improve asset identification and classification.
April 1, 2024
Introducing Sensor Health and Wellness Dashboard
A new Sensor Health and Wellness Dashboard has been introduced for NetWitness Insight to provide visibility into the health of the sensors and monitor their status. Each dashboard visualization will automatically be refreshed with the most recent data to manage the service efficiently. The last 6 months Insight Sensor data will be available for analysis.
The dashboard offers information and analysis regarding the following:
- Daily Decoder Throughput information of individual sensors and all sensors.
- Data uploaded for individual sensors and all sensors.
For more information, see topic Monitor the Health of the Insight Sensor.
March 14, 2024
Whitelist Insight Alerts in Respond View
Administrators and analysts can now whitelist unwanted and recurring Insight alerts generated in the Respond > Alerts view. This enhancement provides the ability to select specific values, such as IP Address and Asset Type, and define a Whitelist condition to prevent unwanted alerts from being generated for these values. Using this enhancement, analysts can streamline the alert management process by excluding specific IP addresses or asset types that are known to be reliable and secure. This optimization minimizes unnecessary alerts generated on the Respond > Alerts view, reducing the time and effort required to review and analyze alerts.
NoteEnsure the NetWitness Platform version is 12.4 or later to use this feature.
For more information, see topic Whitelist Insight Alerts from Respond View.
Email Notification Settings for Sensor Status
NetWitness now includes Email Notification preferences for Sensor Status. With this feature, administrators can choose to turn on or turn off email notifications as needed, giving them more control and flexibility in managing notifications.
For more information, see Configure Email Notification Preferences for Insight.
November 6, 2023
Detect New Assets in Insight (BETA)
NetWitness Insight introduces a new alert named New asset discovered in environment. This alert is generated on the Respond > Alerts page whenever a new asset Server type is detected in the environment for the first time or if an existing asset has not been observed by NetWitness Insight for the last 30 days. This alert is generated for assets identified as server by NetWitness Insight. This feature enhances visibility and provides analysts with an improved understanding of the assets present in the environment, enabling them to better protect them from any potential attacks.
This feature is currently available in BETA mode and is disabled by default. Please contact NetWitness Customer Support team to enable the feature.
NoteEnsure the NetWitness Platform version is 12.3.1 or later to use this feature.
For more information, see topic View Insight Alerts from Respond View.
Historical Service Trend Chart Improvements
The following improvements are made to Historical Service Trend chart in 12.3.1 version:
-
Added a new Service filter feature that allows you to filter services using a searchable drop-down menu. Analysts can now filter services by multiple values simultaneously, making it easier to compare services and discover insights.
-
Improved pagination functionality now allows analysts to navigate between the first and last pages seamlessly.
-
Services in the chart legend are sorted from highest to lowest enterprise traffic using the latest date data. When services have the same percentage value, they are sorted alphabetically.
For more information, see topic View Contextual Information for an Asset.
NoteEnsure the NetWitness Platform version is 12.3.1 or later to use these improvements.
November 2, 2023
Email Notification on Exceeding Daily License Usage
NetWitness Insight customers exceeding the daily license usage limit three or more times within the last 14 days will receive an email notification.
Email Notification Settings for License Usage
NetWitness introduces a new Email Notifications setting option on the NetWitness Cloud Portal. This feature enables administrators to manage email notification preferences for License Usage. With this feature, administrators can choose to turn on or turn off email notifications as needed, giving them more control and flexibility in managing notifications.
For more information, see Configure Email Notification Preferences for Insight.
Check NetWitness Cloud Services Operational Health Status
Users can check the operational health status and service availability of NetWitness Cloud Services such as UEBA, Insight, and Live on
NetWitness Statuspage. The operational health status indicates if all the services and integrations are operational or experiencing any disruptions. These disruptions may be caused by server maintenance activity, regional network outages, or cloud vendor outages. If there are any service disruptions, they are recorded as Incidents and displayed on the Statuspage.
In addition, users can subscribe to receive email or Slack notifications whenever an incident occurs, see
Check System Status.
September 6, 2023
Introducing NetWitness Insight
NetWitness Insight is a SaaS solution available as an extension for a NetWitness Network, Detection & Response (NDR) customer. NetWitness Insight is an advanced analytics solution that leverages unsupervised machine learning to empower the response of the Security Operations Center (SOC) team. NetWitness Insight continuously examines network data collected by the Decoder to discover, profile, categorize, characterize, prioritize, and track all assets.
NetWitness Insight identifies the assets in the enterprise to alert analysts of their presence. The discovered assets are automatically categorized into groups of similar servers and prioritized based on their network profiles. These assets are presented to analysts in a Springboard panel to guide them to focus on certain assets to protect their organization. Contextual information about the asset is available anywhere analysts interact with IP addresses in Respond and Investigate workflows. Incidents and alerts can be created based on asset changes.
This helps organizations to:
- Asset discovery and characterization.
- Monitor critical Assets.
- Leverage the security operations team to triage based on prioritization.
Feedback
Was this page helpful?
Thank you! We appreciate you sending us your feedback.
Thank you for your feedback!
Please Submit your Feedback