NetWitness Platform XDR

RSA Security, LLC

NetWitness Platform XDR

RSA Security, LLC

NetWitness Platform XDR on Azure

NetWitness Platform XDR

RSA Security, LLC

NetWitness Platform XDR for Azure Increases Visibility, Improves Response Efficiency

See Everything.Fear Nothing. By rapidly detecting and responding to today’s targeted attacks

NetWitness is an Evolved SIEM and Open XDR platform that accelerates threat detection and response.It can collect and analyze data across all capture points (Logs, Packets, NetFlow, Endpoint, and IoT) and computing platforms (physical, virtual and cloud), enriching data with threatintelligence and business context.
The NetWitness Platform XDR allows security analysts to prioritize, respond, reconstruct, survey, investigate and confirm information about the threatsin their environment and take the appropriate response—quickly and precisely.

Key Features:

  • Unparalleled visibility

    Gives security teams the visibility they need to detect sophisticated threats hiding in today’s complex, hybrid IT infrastructures. Provides real-time visibility into all network traffic with full packet capture, deep packet inspection, along with on-board decryption, allowing you to detect emerging, targeted, and unknown threats as they traverse the network, monitor attackers’ movement, and reconstruct entire network sessions.
  • Improved analyst productivity

    Orchestration and automation capabilities make it easier for analysts to prioritize and investigate threats faster and coordinate activities across the entire security team. Empowers analysts to hunt the most advanced threats.
  • Faster, more advanced threat detection

    Detects attacks in a fraction of the time of other platforms and connects incidents to expose the full attack scope. Speeds threat detection and investigation by enriching network and endpoint data at capture time with threat intelligence and business context.
  • Smarter, faster analytics

    Analytics powered by machine learning with the scale of cloud delivers early detection of anomalies that lead to external and internal threats.

Platform XDR v12.1 Improvements:


  • Policy Based Centralized Content Management

    A unified approach to find, deploy, manage content and data sources of Event Stream Analysis component through the entire lifecycle based on policies that can be assigned to groups of devices.
  • Support for bulk rule deploy operations

    Decoder supports new mergeall command for rules bulk merge operation that allows all the valid rules to be merged and return the list of invalid rules in case of an error. This feature avoids redeploying all rules in case of an error.
  • Detections using Yara Rules

    Endpoint agents run Yara rules locally to find malicious files
  • Endpoint host/file usability improvements

    Analysts have an option for remediation actions from the endpoint alert details such as file download, hash look-up, change file status etc.
  • Improved Log Parsing

    Improvements to Log parsers to handle parsing of structured and unstructured data embedded in variables of structure logs and ability to build regex parse rule that will capture meta anywhere in the log triggered when a specific anchor text appears in the log.


  • Export Incident data

    An analyst can export the Incidents data including alerts and events in JSON format for future analysis and auditing.


  • Roles of a NetWitness user

    An admin can view user roles for both internal and external users such as Active Directory.
  • Password repetition policy

    New option to avoid password repetition has been added to security settings page to enhance password policy.
  • Define retention policy for downloaded file

    Admins can define a retention policy to automatically clean-up the downloaded files after X days to avoid any potential disk space issues on the server


  • Security updates

    Addresses latest security vulnerabilities reported against various libraries used by the product

Learn More