February 2, 2022
Updating On-premises Sensors
Administrators can now easily keep all their sensors (Cloud Link Service) up to date with ease by setting up automatic updates or scheduled updates to save time and avoid manual sensor tracking. Administrators can set up update options on the Sensor Configuration tab:
- Manual Update: This option allows you to update each sensor manually.
- Automatic Update: Cloud Link Service is automatically updated when an update is available, and it is selected by default.
- Scheduled Update: This option allows you to specify (day of the week and time) when all sensors must be updated. This helps you to schedule updates outside the peak working hours.
NOTE: Make sure to update your sensor regularly to have all the latest capabilities, improvements, and security fixes.
November 11, 2021
Detect AI support for Endpoint queries
The Cloud Link Service is enhanced to support endpoint-related queries. The Cloud Link Service transfers endpoint metadata (process and registry data) from your on-premise deployment for analytics on Detect AI.
NOTE: To support endpoint-related queries, Cloud Link Service must be on version 11.7.1 or later.
August 12, 2021
Introduced a New Chart Format
A new and enhanced dotted chart is introduced in Detect AI. The dotted chart provides the analyst with the entities baseline values over time to better understand the context of the modeled behavior and the anomaly in case of an indicator. In order to view the dotted chart and display the Detect AI data in an optimal way, the on-premise version should be upgraded to 11.6.
For more information, see Read an Indicator Chart.
June 2, 2021
Introducing Cloud Link Overview Dashboard
A new Cloud Link Overview Dashboard is introduced in the New Health & Wellness to monitor the health of the Cloud Link Service. Each visualization on this dashboard will be automatically refreshed with the most recent data, to efficiently manage the service.
The dashboard provides insights on the following:
- Status of all the Cloud Link Services in your deployment (offline and online)
- The sessions aggregation rate, count of sessions behind, and sessions collected for each Cloud Link Service
- Status of the uploads such as the count of sessions uploaded, the rate at which upload took place, and outstanding sessions to be uploaded
- CPU and memory usage of each Cloud Link service
For more information, see Monitor the health of the Cloud Link Service.
March 16, 2021
Cloud Link Service Enhancements
Cloud Link Service is released as part of NetWitness Platform 11.5.3 with the following enhancements:
- Faster data uploads to the Detect AI.
- Data transfer to Detect AI using a proxy is supported. For more information, see Configure the proxy for the Cloud Link Service.
February 4, 2021
Introduction of NetWitness Detect AI
NetWitness Detect AI is an add-on to NetWitness® Platform and is offered as a SaaS service. NetWitness Detect AI is an advanced analytics and machine learning solution that empowers Security Operations Center (SOC) teams to detect, investigate, and respond to advanced internal attacks and behavior-based anomalies. This helps organizations to:
- Leverage behavior baselining and modeling to uncover anomalous behavior, and insider threats using unsupervised machine learning algorithms.
- Process data to monitor abnormal user behavior to identify risky users.
- Generate alert risk scores to raise severity and priority of high risk alerts, reducing alert fatigue and false positives.
- Leverage User Profile baselines to gain insights on daily user activities.
Users are analyzed for abnormal user activities using the logs data from the NetWitness® Platform. Detect AI leverages the capabilities of NetWitness® Platform User and Entity Behavior Analytics (UEBA) and is provided as a SaaS application. As a cloud service, Detect AI has many additional advantages:
- Security teams are better equipped to respond to threats as NetWitness manages this service for your organization and releases new content and enhancements.
- Organizations can be benefitted by:
- Reduced setup time
- No additional hardware requirements
- Minimal investment for ongoing maintenance
Cloud Link Service for Data Transfer to Detect AI
Cloud Link service is a sensor that transfers data from your on-premise deployment for analytics on NetWitness Detect AI. When you install and register this service it:
- Transfers metadata from the host (such as Log Decoders) in your on-premise deployment to the NetWitness Detect AI.
- Transfer alerts generated in NetWitness Detect AI to your on-premise NetWitness Platform Respond server.
Some key features of Cloud Link Service are:
- Easy Installation and Registration: Installation is easy and can be performed using the NetWitness Platform user interface. Once installed, the activation package can be downloaded to register it.
- Service Notifications: Email and Syslog notifications can be configured to track the status of the service. For example, when a service goes offline or when a service exceeds the resource utilization beyond the set threshold.