Release Notes for 12.5.1.0

Enhancements

This section provides information on the latest enhancements for NetWitness® 12.5.1.0.

• Dashboard
  New “What’s New” widget, enhanced FirstWatch Threat Logic & Live Content Updates, and improved configuration options for content widgets.
• Investigate
  • Added Packet Count option in Timeline Settings for better network traffic analysis.
  • Service Search option in Events View for easier navigation in complex environments.
• SASE Capability
  Beta integration with Palo Alto Prisma SASE for network and logs visibility across on-prem, hybrid, and cloud deployments.
• Policy-based Centralized Content Management (CCM)
  • Dynamic Distribution of GeoIP Data for air-gapped customers.
  • “Add to Policy” option for direct addition of Application or Network Rules.
  • Order View for managing rule sequence in policies.
• Administration and Configuration 
  Improved authentication with automatic external provider retry option.
• Event Stream Analysis (ESA)
  Updated to Esper Version 9.0 for new correlation constructs.
• Log Collections
  Transition to open-source JDBC for log collection, with new integrations.
• Log Integrations 
  Support for Netskope V2 Connector, WatchGuard EPDR, Azure DevOps Audit Logs, MSSQL 2022 event sources.

Security Updates

This section addresses critical and major vulnerabilities (CVE-2024-42472 and others).

Network Configuration Updates

This section is about migration from ifcfg format to NetworkManager key file format for fresh installs.

Upgrade Paths

This section provides information related to the different upgrade paths for 12.5.1.0.

• Supported upgrades from versions 12.2.0.0 and above. Versions 12.2 and earlier are End of Life as of March 31, 2024.
• Special instructions for Warehouse Connector credential migration.

Fixed Issues in 12.5.1.0 Release

This section provides information on fixed issues within 12.5.1.0.

• Admin Server Fixes 
  Issues with AD/AD SSO login and SSO logout errors on legacy UI.
• User/Entity Behavioral Analytics (UEBA) Fixes 
  Presidio configserver upgrade issues and watchlist addition failures.
• Respond Fixes
  Incident report creation errors and widget service availability issues.
• Endpoint Fixes 
  Event summary generation for offline agents.
• Event Stream Analysis (ESA) Fixes
  EPL rule issues after upgrading to 12.3.1 due to Esper LIKE functionality.

Known Issues in 12.5.1.0 Release

This section is for any known issues in the 12.5.1.0 version of NetWitness®.

Build Numbers for 12.5.1.0 Components

This section provides detailed table listing build numbers for all major NetWitness® components (Admin Server, Advanced Analytics, Appliance, Archiver, Audit Plugin, Broker, Cloud, Concentrator, Decoder, Endpoint Agents, ESA, etc.).

Getting Help with NetWitness® Platform

This section is for providing necessary resources for getting assistance with NetWitness®.

• Product Documentation
  Links to master documentation, upgrade guides, and cloud analytics updates.
• Self-Help Resources
  Community portal, knowledge base, troubleshooting, and blog posts.
• Contact NetWitness® Support
  Portal and international contacts.
• Educational Services
  Training portal, course catalog, schedule, and support contact.
• Feedback
  Email for documentation feedback.