**UPDATE 09JUN2021**
- NW-Endpoint Quick Start
- NW-Endpoint 11.6 Agent Install Guide: Endpoint Agent Installation Guide for 11.6
- NW-Endpoint 11.6 Configuration Guide: Endpoint Configuration Guide for 11.6
- NW-Endpoint 11.6 User Guide: NetWitness Endpoint User Guide for 11.6
**UPDATE 22FEB2021**
- changing from 11.3 specific capabilities to more general, multi-version 11.x capabilities
- RSA Live Endpoint Content: Endpoint Content
- NW-Endpoint Ports, Protocols, & Architectures: Network Architecture and Ports
- NW-Endpoint Quick Start Guide: NetWitness Endpoint Quick Start Guide
- NW-Endpoint 11.x Configuration Guide: NetWitness Endpoint Configuration Guide - Table of Contents
- NW-Endpoint 11.x User Guide: NetWitness Endpoint User Guide for NetWitness Platform 11.x - Table of Contents
- NW-Endpoint 11.5 Agent Install Guide: NetWitness Endpoint Agent Installation Guide for RSA NetWitness Platform 11.5 - Table of Contents
- NW-Endpoint 11.4 Agent Install Guide: NetWitness Endpoint Agent Installation Guide for RSA NetWitness Platform 11.4 - Table of Contents
**END UPDATE**
** - New Capabilities; these do not exist in 4.x
Planned - These features are in development and coming soon (PM would tase me if I unilaterally announce some non-GA feature before it's actually GA, so coming soon is the best I can do for these ones...)
Future - These features are in the backlog and need to be evaluated for development in upcoming cycles/product releases
(**EDIT 23FEB2021** -- PM has tased me for this verbiage, so removing it **END EDIT**)
| Feature |
Comments |
Insights |
Advanced |
Operating Systems Support |
Release |
|||
| Windows |
MacOS |
Linux |
||||||
| Basic scans |
Inventor |
 |
|
|
|
|
11.3 |
4.x |
| Tracking scans |
Continuous file,network,process,thread monitors Registry monitor(Specific to windows) |
|
|
|
11.3 |
4.x |
||
| Anomaly detection |
Inline hooks, kernel hooks,suspicious threads,registry discrepancies |
|
|
11.3 |
4.x |
|||
| Windows Log Collection |
Collect Windows Event Logs |
|
|
|
11.3** |
|||
| Threat Detection Content |
Detection Rules /Reports |
|
|
|
|
|
11.3 |
|
| Risk score |
Based on Threat Content Pack |
|
|
|
|
11.3 |
4.x |
|
| File Reputation Service |
File Intel ( 3rd Party Lookup) |
|
|
|
|
|
11.3 |
4.x |
| Live Connect |
Community Intel |
|
|
|
|
|
11.3 |
4.x |
| Automatic File Download |
Analysis of downloaded file |
|
|
|
|
11.3 |
4.x |
|
| Analyze module |
Analysis of downloaded file |
|
|
|
|
11.3 |
4.x |
|
| Blocking |
Block an executable |
|
|
11.3 |
4.x |
|||
| Agent Protection |
Driver Registry Protection / User Mode Kill Protection |
|
|
|
11.3** |
|||
| Powershell, Command-line ( input) |
Report user interactions within a console session |
|
|
11.3** |
||||
| Process Visualization |
Unique identifier (VPID) for process that uniquely identifies the entire process event chain |
|||||||