The Cloud Link Service is enhanced to support endpoint-related queries. The Cloud Link Service transfers endpoint metadata (process and registry data) from your on-premise deployment for analytics on Detect AI.
Note: To support endpoint-related queries, Cloud Link Service must be on version 11.7.1 or later.
A new and enhanced dotted chart is introduced in Detect AI. The dotted chart provides the analyst with the entities baseline values over time to better understand the context of the modeled behavior and the anomaly in case of an indicator. In order to view the dotted chart and display the Detect AI data in an optimal way, the on-premise version should be upgraded to 11.6.
For more information, see How to read an Indicator Chart.
A new Cloud Link Overview Dashboard is introduced in the New Health & Wellness to monitor the health of the Cloud Link Service. Each visualization on this dashboard will be automatically refreshed with the most recent data, to efficiently manage the service.
The dashboard provides insights on the following:
For more information, see How to monitor the health of the Cloud Link Service.
Cloud Link Service is released as part of NetWitness Platform 11.5.3 with the following enhancements:
RSA NetWitness Detect AI is an add-on to RSA NetWitness® Platform and is offered as a SaaS service. RSA NetWitness Detect AI is an advanced analytics and machine learning solution that empowers Security Operations Center (SOC) teams to detect, investigate, and respond to advanced internal attacks and behavior-based anomalies. This helps organizations to:
Users are analyzed for abnormal user activities using the logs data from the RSA NetWitness® Platform. Detect AI leverages the capabilities of RSA NetWitness® Platform User and Entity Behavior Analytics (UEBA) and is provided as a SaaS application. As a cloud service, Detect AI has many additional advantages:
Cloud Link service is a sensor that transfers data from your on-premise deployment for analytics on NetWitness Detect AI. When you install and register this service it:
Some key features of Cloud Link Service are:
For more information, see RSA NetWitness Detect AI for Administrator.