RSA NetWitness Platform v11.6

 
PROJECT ID
C125
ASSURANCE LEVEL
EAL2 + ALC_FLR.1
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
RSA NetWitness Platform v11.6
PRODUCT TYPE
Network And Network-Related Devices And Systems
PRODUCT SPONSOR / DEVELOPER

NETWITNESS, an RSA Business

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

NETWITNESS, an RSA Business
10700 Parkridge Bvld, Reston, VA 20191, United States of America

The TOE is a collection of appliances that form a security infrastructure for an enterprise network. This architecture provides converged network security monitoring and centralised security information and event management (SIEM). The TOE provides real-time visibility into the monitored network and long-term network data storage to provide detection, investigation, analysis, forensics, and compliance reporting.


The TOE implements additional security functions such as identification and authentication of TOE users; auditing; security management; and trusted path.
The security management functions of the TOE are performed via the NetWitness Platform User Interface (UI), which is a web-based GUI. This interface allows authorised administrators to manage the user accounts, session lockout values and other TSF data, and view the IDS data and alerts. Navigation in the UI is based on Roles and is divided into major functional areas including Respond, Investigate, and Admin. The Respond view consolidates all alerts such as ESA Correlation Rules, Malware Analytics, and Reporting Alerts into one location and is used for incident tracking and triage. The Investigate view presents seven different views into a set of data, allowing authorized users to see metadata, events, and potential indicators of compromise. In the Admin view, Administrators can manage network hosts and services; manage system-level security; and manage Collection Methods/event sources.