August 12, 2021
Introduced a New Chart Format
A new and enhanced dotted chart is introduced in Detect AI. The dotted chart provides the analyst with the entities baseline values over time to better understand the context of the modeled behavior and the anomaly in case of an indicator. In order to view the dotted chart and display the Detect AI data in an optimal way, the on-premise version should be upgraded to 11.6.
For more information, see How to read an Indicator Chart.
June 2, 2021
Introducing Cloud Link Overview Dashboard
A new Cloud Link Overview Dashboard is introduced in the New Health & Wellness to monitor the health of the Cloud Link Service. Each visualization on this dashboard will be automatically refreshed with the most recent data, to efficiently manage the service.
The dashboard provides insights on the following:
- Status of all the Cloud Link Services in your deployment (offline and online)
- The sessions aggregation rate, count of sessions behind, and sessions collected for each Cloud Link Service
- Status of the uploads such as the count of sessions uploaded, the rate at which upload took place, and outstanding sessions to be uploaded
- CPU and memory usage of each Cloud Link service
For more information, see How to monitor the health of the Cloud Link Service.
March 16, 2021
Cloud Link Service Enhancements
Cloud Link Service is released as part of NetWitness Platform 11.5.3 with the following enhancements:
February 4, 2021
Introduction of RSA NetWitness Detect AI
RSA NetWitness Detect AI is an add-on to RSA NetWitness® Platform and is offered as a SaaS service.
RSA NetWitness Detect AI is an advanced analytics and machine learning solution that empowers Security Operations Center (SOC) teams to detect, investigate, and respond to advanced internal attacks and behavior-based anomalies.
This helps organizations to:
- Leverage behavior baselining and modeling to uncover anomalous behavior, and insider threats using unsupervised machine learning algorithms.
- Process data to monitor abnormal user behavior to identify risky users.
- Generate alert risk scores to raise severity and priority of high risk alerts, reducing alert fatigue and false positives.
- Leverage User Profile baselines to gain insights on daily user activities.
Users are analyzed for abnormal user activities using the logs data from the RSA NetWitness® Platform.
Detect AI leverages the capabilities of RSA NetWitness® Platform User and Entity Behavior Analytics (UEBA) and is provided as a SaaS application.
As a cloud service, Detect AI has many additional advantages:
- Security teams are better equipped to respond to threats as RSA manages this service for your organization and releases new content and enhancements.
- Organizations can be benefitted by:
- Reduced setup time
- No additional hardware requirements
- Minimal investment for ongoing maintenance
Cloud Link Service for Data Transfer to Detect AI
Cloud Link service is a sensor that transfers data from your on-premise deployment for analytics on NetWitness Detect AI. When you install and register this service it:
- Transfers metadata from the host (such as Log Decoders) in your on-premise deployment to the NetWitness Detect AI.
- Transfer alerts generated in NetWitness Detect AI to your on-premise NetWitness Platform Respond server.
Some key features of Cloud Link Service are:
- Easy Installation and Registration: Installation is easy and can be performed using the NetWitness Platform user interface. Once installed, the activation package can be downloaded to register it.
- Service Notifications: Email and Syslog notifications can be configured to track the status of the service. For example, when a service goes offline or when a service exceeds the resource utilization beyond the set threshold.
For more information, see RSA NetWitness Detect AI for Administrator.