Release Notes for 12.5

Summary of the NetWitness® Release Notes for 12.5.0.0

The NetWitness® 12.5.0.0 Release Notes describe new features, enhancements, security updates, upgrade paths, fixed issues, known issues, end-of-life functionality, build numbers, and self-help resources.

Enhancements

This section provides information on the latest enhancements for NetWitness® 12.5.0.0.

Dashboard

• New Home Pages for Admin, Analyst, and Manager roles, each with tailored widgets for endpoints, users, assets, incidents, alerts, and more.

Investigate

• Web Reconstruction from Events View: Analysts can reconstruct web pages from event data for deeper investigation.
• Improved Web View Reconstruction: Enhanced user preferences for more accurate event reconstructions.
• Web View Reconstruction Settings: Admins can configure advanced settings for multi-event web reconstructions.
• Custom Events Widget: Create widgets from queries for real-time monitoring.
• Sort Meta Key Results: Sort results by packet count for better analysis.

Respond

• Alerts View Enhancement: Export up to 1000 alerts in JSON for offline investigation.
• OOTB Response Actions: Out-of-the-box actions for CrowdStrike integration.
• Whitelist Enhancement: Improved alert whitelisting for unwanted or recurring alerts.

Insight

• New Assets View: Centralized detection and investigation of network assets.
• New Insight Alerts: Alerts for asset type and exported services changes.

User and Entity Behavior Analytics (UEBA)

• Day of the Week anomaly detection.
• MITRE ATT&CK mapping for alerts/incidents.
• JA4 support for improved client identification.
• Enhanced detection for Kerberos and explicit logon activity.

SASE Capability

• Integration with Netskope SASE (Private Preview) for network and log visibility across hybrid/cloud deployments.

Endpoint

• Exclusion of specific files/folders from agent scans.
• Load balancing for endpoint servers.
• Monitoring endpoint agents’ last-seen details.
• Support for Windows 11 (up to version 23H2).

Policy-based Centralized Content Management (CCM)

• Support for native parsers, enhanced parser metadata configuration, and filtering capabilities.

Services (Concentrator, Decoder, Log Collector, Archiver)

• JA4 TLS fingerprinting for threat detection.
• Logstash plugin support for MSSQL, IBMDB2, Oracle.
• Extended Meta: Support for longer meta values (up to 4096 bytes).
• Application Rule Tracking.

Log Integrations & Context Hub

• AWS CloudWatch and Okta Workforce Identity Cloud integrations.
• STIX 2.x integration for improved threat intelligence feeds.

Live Cloud Service

• “My Content” feature for managing custom community content directly from the UI.

Security Updates

This section is focusing on critical, major, moderate, and minor vulnerabilities and provides links to advisories for more details.

Upgrade Paths

This section provides a list of supported upgrade paths from previous versions, and important notes on End of Life (EOL) for versions up to 12.2 and migration steps for Warehouse connector credentials.

What's New in Previous Releases

This section provides links to new features and enhancements in earlier releases.

Fixed Issues in 12.5.0.0 Release

This section lists endpoint, home page, platform, and decoder fixes with tracking numbers and descriptions.

Known Issues in 12.5.0.0 Release

This section is for unresolved issues documented on the NetWitness® community portal.

Build Numbers for 12.5.0.0 Components

This section provides a detailed table of build numbers for all major components in the release.

Getting Help with NetWitness® Platform

This section lists product documentation, self-help resources, support contacts, educational services, and feedback channels.