What's New
The following features and enhancements have been introduced in NetWitness Insight:
April 1, 2024
Introducing Sensor Health and Wellness Dashboard
A new Sensor Health and Wellness Dashboard has been introduced for NetWitness Insight to provide visibility into the health of the sensors and monitor their status. Each dashboard visualization will automatically be refreshed with the most recent data to manage the service efficiently. The last 6 months Insight Sensor data will be available for analysis.
The dashboard offers information and analysis regarding the following:
- Daily Decoder Throughput information of individual sensors and all sensors.
- Data uploaded for individual sensors and all sensors.
For more information, see topic Monitor the Health of the Insight Sensor.
March 14, 2024
Whitelist Insight Alerts in Respond View
Administrators and analysts can now whitelist unwanted and recurring Insight alerts generated in the Respond > Alerts view. This enhancement provides the ability to select specific values, such as IP Address and Asset Type, and define a Whitelist condition to prevent unwanted alerts from being generated for these values. Using this enhancement, analysts can streamline the alert management process by excluding specific IP addresses or asset types that are known to be reliable and secure. This optimization minimizes unnecessary alerts generated on the Respond > Alerts view, reducing the time and effort required to review and analyze alerts.
NoteEnsure the NetWitness Platform version is 12.4 or later to use this feature.
For more information, see topic Whitelist Insight Alerts from Respond View.
Email Notification Settings for Sensor Status
NetWitness now includes Email Notification preferences for Sensor Status. With this feature, administrators can choose to turn on or turn off email notifications as needed, giving them more control and flexibility in managing notifications.
For more information, see Configure Email Notification Preferences for Insight.
November 6, 2023
Detect New Assets in Insight (BETA)
NetWitness Insight introduces a new alert named New asset discovered in environment. This alert is generated on the Respond > Alerts page whenever a new asset Server type is detected in the environment for the first time or if an existing asset has not been observed by NetWitness Insight for the last 30 days. This alert is generated for assets identified as server by NetWitness Insight. This feature enhances visibility and provides analysts with an improved understanding of the assets present in the environment, enabling them to better protect them from any potential attacks.
This feature is currently available in BETA mode and is disabled by default. Please contact NetWitness Customer Support team to enable the feature.
NoteEnsure the NetWitness Platform version is 12.3.1 or later to use this feature.
For more information, see topic View Insight Alerts from Respond View.
Historical Service Trend Chart Improvements
The following improvements are made to Historical Service Trend chart in 12.3.1 version:
-
Added a new Service filter feature that allows you to filter services using a searchable drop-down menu. Analysts can now filter services by multiple values simultaneously, making it easier to compare services and discover insights.
-
Improved pagination functionality now allows analysts to navigate between the first and last pages seamlessly.
-
Services in the chart legend are sorted from highest to lowest enterprise traffic using the latest date data. When services have the same percentage value, they are sorted alphabetically.
For more information, see topic View Contextual Information for an Asset.
NoteEnsure the NetWitness Platform version is 12.3.1 or later to use these improvements.
November 2, 2023
Email Notification on Exceeding Daily License Usage
NetWitness Insight customers exceeding the daily license usage limit three or more times within the last 14 days will receive an email notification.
Email Notification Settings for License Usage
NetWitness introduces a new Email Notifications setting option on the NetWitness Cloud Portal. This feature enables administrators to manage email notification preferences for License Usage. With this feature, administrators can choose to turn on or turn off email notifications as needed, giving them more control and flexibility in managing notifications.
For more information, see Configure Email Notification Preferences for Insight.
Check NetWitness Cloud Services Operational Health Status
Users can check the operational health status and service availability of NetWitness Cloud Services such as UEBA, Insight, and Live on
NetWitness Statuspage. The operational health status indicates if all the services and integrations are operational or experiencing any disruptions. These disruptions may be caused by server maintenance activity, regional network outages, or cloud vendor outages. If there are any service disruptions, they are recorded as Incidents and displayed on the Statuspage.
In addition, users can subscribe to receive email or Slack notifications whenever an incident occurs, see
Check System Status.
September 6, 2023
Introducing NetWitness Insight
NetWitness Insight is a SaaS solution available as an extension for a NetWitness Network, Detection & Response (NDR) customer. NetWitness Insight is an advanced analytics solution that leverages unsupervised machine learning to empower the response of the Security Operations Center (SOC) team. NetWitness Insight continuously examines network data collected by the Decoder to discover, profile, categorize, characterize, prioritize, and track all assets.
NetWitness Insight identifies the assets in the enterprise to alert analysts of their presence. The discovered assets are automatically categorized into groups of similar servers and prioritized based on their network profiles. These assets are presented to analysts in a Springboard panel to guide them to focus on certain assets to protect their organization. Contextual information about the asset is available anywhere analysts interact with IP addresses in Respond and Investigate workflows. Incidents and alerts can be created based on asset changes.
This helps organizations to:
- Asset discovery and characterization.
- Monitor critical Assets.
- Leverage the security operations team to triage based on prioritization.
Feedback
Was this page helpful?
Thank you! We appreciate you sending us your feedback.
Thank you for your feedback!
Please Submit your Feedback