Skip to content
  • There are no suggestions because the search field is empty.

Orchestrator Release Notes Version 7.11.x

This article contains a summary of the NetWitness® Orchestrator Release Notes Version 7.11. To see the full Release Notes, go to Attachments on this article and download the associated PDF.

 

Summary of the NetWitness® Orchestrator Release Notes for Version 7.11.x

This document will provide a quick summary of the items that can be found within the NetWitness® Orchestrator Release Notes for version 7.11.x.

 

New Features and Functionality

This section provides a list of new features and functionality that is now in NetWitness® Orchestrator 7.11.x.

 

Threat Actor Profiles

  • A unified view that consolidates Adversary, Intrusion Set, and Threat Group objects representing the same actor under different aliases.
  • Uses CAL™ alias data to automatically identify and group related objects.
  • Displays all related attributes and associations on a single Details screen.
  • Supports  custom aliases, which are included in future correlation logic.
  • Unified view is  read‑only and non‑destructive; underlying data remains unchanged.
  • Feature is available to  all 7.11 instances and does not require CAL to be enabled.
  • Initial consolidation may take time after upgrade for large datasets.
 

Actionable Search Updates

  • Consolidated Bulk Indicator Search Results
    • Adds deduplication to bulk Indicator search results across multiple owners.
    • Consolidated view shows  one row per Indicator, reducing noise while preserving traceability.
    • Deduplication can be  enabled or disabled from the Options menu and persists as the default once enabled.
  • Bulk Actions on Consolidated Indicators
    • Enables bulk actions on deduplicated indicators, including the adding of indicators to an organization. applying tags, and exporting to a CSV.
    • Improves efficiency when organizing and sharing indicator data.
 

Dashboard Enhancements

  • Group by ATT&CK Tags
    • Query charts can now group results by MITRE ATT&CK® Tags.
    • Enables analysis of prevalent techniques, actor behavior patterns, and trends over time.
    • Uses existing TQL queries and ATT&CK tagging on objects.
 

Global Dashboard Date Range

  • Introduces a global date range filter that applies across multiple dashboard cards.
  • Supported card types:  Metric Cards and Query Cards (not Widget cards).
  • Preset options include  Today, Last 7/30/60 Days, and Custom Date/Time ranges.
  • Cards that do not inherit the global range are visually indicated
 

Improvements

This section provides a listing of all the latest improvements within NetWitness® Orchestrator 7.11.x.

Threat Intelligence - ThreatAssess

  • Introduces separate monitors for high/medium priority, low priority, and CAL feedback updates.
  • Removes older ThreatAssess interval settings and adds new configurable system settings.
  • Adds View Current Queue and Reinitialize ThreatAssess controls in Account Settings.
  • Improves processing performance and queue visibility.
 

Built-In Enrichment

  • Expands VirusTotal enrichment to support Google Threat Intelligence data.
  • Enrichment source is determined by the configured API key.
  • Adds a Contributing Factors card in Google TI detailed views.
 

Threat Graph

  • Adds Undo and Redo functionality (up to 10 actions per session).
  • Supports undoing pivots and node removals.
  • Adds hover tooltips for truncated node names.
 

Search

  • Allows customization of visible columns in search results.
  • Adds  Tags column with deduplicated tag lists for Indicators.
  • Improves bulk deletion capabilities for Tags, Victims, and Victim Assets.
  • Adds file detail drawer for bulk Indicator uploads.
 

Details Screen and Drawer

  • Displays Known Good labels for safelisted Indicators (via CAL).
  • Consolidates Tags across owners in unified views.
  • Expands unified view configuration controls for Vulnerability Groups.
 

My Account

  • Redesigned interface with reorganized tabs.
  • Adds simplified MFA enablement and a global  Dark Mode toggle.
  • Removes deprecated  Spaces feature.
 

My Pages

  • Increases bookmarks to 25 pages.
  • Adds page management (reorder, rename, remove).
 

Playbooks

  • Adds Status Change trigger for Event Groups
 

Dashboards

  • Revamped card editing UI.
  • Adds  Run Query shortcut from Query card tables to Search results.
 

Services

  • Redesigned Services screen with improved layout and details drawer.
 

Workflow

  • Increases Workflow Case description limit to 4000 characters with character counter.
 

Reporting

  • Adds configurable Time Units for Time to Detect / Respond charts.
 

Installation and Deployment

  • Persists MDB maxsession settings during installation.
  • Improves OpenSearch container configuration flexibility.
 

API & Under the Hood

  • Fixes file status handling for V2 Batch API updates.
  • Adds ThreatAssess score retrieval and ATT&CK tactic/platform fields to v3 API.
  • Improves assignee removal and Indicator summary handling.
 

Bug Fixes

This section reviews the bugs that have been addressed in NetWitness® Orchestrator 7.11.x and associated with the following sections.

  • Attributes
  • Playbooks
  • Services
 

Dependency & Library Changes

This section provides details about any package dependencies or internal libraries utilized by the product and have been changed in this version.

 

Maintenance Releases Changelog

This section contains further improvements and bug fixes that are associated with the latest release.

 

This article contains a summary of the NetWitness® Orchestrator Release Notes Version 7.11. To see the full Release Notes, go to Attachments on this article and download the associated PDF.



Attachments:
Orchestrator 7.11 Release Notes.pdf