Skip to content
  • There are no suggestions because the search field is empty.

Orchestrator Release Notes - 7.9.x

The following article contains a summary of the NetWitness Orchestrator 7.9 Release Notes. To see the full release notes, go to Attachments on this article and download the associated PDF.

Summary of NetWitness Orchestrator 7.9 Release

This advisory is to announce the release of NetWitness Orchestrator Version 7.9, detailing new features, improvements, and bug fixes, with a focus on Service Level Agreement (SLA) tracking and management for cases.

Service Level Agreement (SLA) Tracking and Management

NetWitness Orchestrator 7.9 introduces features for tracking and managing SLAs for incident response, enhancing accountability and efficiency for organizations and MSSPs.

  • SLA evaluation is based on Time to Detect (TTD) and Time to Respond (TTR) benchmarks.
  • System Administrators can configure TTD calculations based on two methods: Time of Detection minus Time of Occurrence or Case Open Time minus Time of Detection.
  • Organizations can enable and configure SLA due dates for different Case severity levels (Low, Medium, High, Critical).
  • The Case Details card provides real-time SLA insights, including Detection Due and Response Due fields.
  • Users can view SLA insights on the Cases screen and sort Cases by Detection Due and Response Due values.
  • Two out-of-the-box Metric cards for dashboards visualize SLA metrics: SLA: Time to Detect and SLA: Time to Respond.
  • Custom Query cards can track Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) for SLAs.

Enhanced Search and Data Browsing

The updated Search screen in NetWitness Orchestrator 7.9 combines browsing and searching capabilities into a single interface for improved user experience.

  • The new Search screen allows users to search the entire dataset or filter by object type.
  • Users can refine searches using NetWitness Orchestrator Query Language (TQL) and various metadata filters.
  • The legacy Browse screen remains accessible but is planned for future sunset.
  • Feedback on the new Search screen is encouraged for continuous improvement.

Indicator Status Management Enhancements

NetWitness Orchestrator 7.9 adds owner-level Indicator Status locks to enhance control over status changes and improve activity logging.

  • System Administrators can enable Indicator Status locks to prevent automation from changing statuses.
  • Two new options for status locks are available: CAL Status Lock and synchronization status lock.
  • Detailed activity logs now capture the method and user responsible for status changes.

Improvements in Threat Intelligence and Dashboards

The release includes various improvements to threat intelligence features and dashboard functionalities.

  • A new Details screen is available for Signature Group objects.
  • The My Intel Sources selector now retains user selections across sessions.
  • Dashboard cards now include a View Details option for configuration insights.
  • Added columns for Added and Modified dates in dashboard Query cards.

Bug Fixes and Performance Enhancements

NetWitness Orchestrator 7.9 addresses several bugs and performance issues to enhance overall functionality.

  • Performance issues related to Tag lookups and Organization-level Attributes have been resolved.
  • icate execution of Playbooks with Case Triggers has been fixed.
  • Improvements in Playbook Designer and API responses have been implemented.
  • Various issues affecting data import and synchronization have been corrected.

Maintenance Releases and Updates

The maintenance release 7.9.2 introduces new features and bug fixes to enhance user experience and functionality.

  • A new system setting allows control over how ThreatAssess updates affect an Indicator's "last modified" date.
  • Deprecated Apps are now clearly marked and sorted in the TC Exchange Settings screen.
  • Markdown support has been added for Intelligence Requirement descriptions.
  • Performance improvements have been made on the Enrichment tab of Indicator Details.

For More Information:
For the full Release Notes and Documentation on NetWitness Orchestrator 7.9, please see visit our NetWitness Orchestrator page on the NetWitness Community.
For data sheets and other similar content, visit the Security Automation and Orchestration page on NetWitness.com.



Attachments:
Orchestrator 7.9 Release Notes.pdf