Skip to main content
Meet NetWitness at RSA Conference 2024!
Stop by our booth #254 or book a meeting with an expert. Reserve Your Spot Today!
Products & Solutions

NetWitness Orchestrator 6.2: New Features, Better Threat Intelligence

  • by Brian Robertson

NetWitness Orchestrator 6.2

In this unending battle against new—and more sophisticated—threats, security teams must be able to leverage threat intelligence from everywhere. They must act fast, often through trusted automated processes. So to help security teams manage threat intelligence more efficiently, NetWitness Orchestrator has implemented two new features that are part of our 6.2 release:

  1. Browser Extensions
  2. Interactive Next Generation Playbook Creation

Browser Extensions

Security analysts are constantly investigating and researching emerging threats. Technical research available online is often a main source for knowledge, providing valuable pieces to put the cybersecurity puzzle together. But cutting and pasting information into the threat library is inefficient and archaic.

The process of getting information into the threat library needs to be streamlined.

The new Browser Extension capabilities of NetWitness Orchestrator instantly scan and identify relevant pieces of information from any web-based resource with just one click. Browser Extensions give your operations a deeper understanding about an Indicator, so you can add it to your threat library for future analysis and investigation efforts.

With the NetWitness Orchestrator Browser Extension, users can scan an online resource for potential Indicators, query NetWitness Orchestrator for information about scan results, and import Indicators and Group Indicators directly into NetWitness Orchestrator from a supported web browser.

The Browser Extension can scan various online resources for potential Indicators, including static and dynamic webpages, social media platforms, Google Docs files, email messages, and even ThreatConnect itself.

Browser Extensions give your security team:

  1. Instant access to the insights of NetWitness Orchestrator. 
    Direct from the web browser being used, fewer clicks mean less frustration—and quicker results.
  2. Immediate leverage of the global context from the Connected Analytics Layer. 
    This includes classifiers from our analytics, anonymized observations/sightings of IOCs, and trending impressions information.
  3. Faster import of disparate single Indicators or batches of unstructured data. 
    This includes associated source information into ThreatConnect—without disrupting investigative processes. Simply tag and import as a group when you’re ready.

As organizations rely more on SOAR solutions, the Browser Extension capabilities add enhanced value, providing on-the-fly access to high-fidelity intelligence. This vital information can be shared across the team without exiting the investigation process.

These Browser Extensions can increase the value of your threat intelligence program. More users gain access at no additional cost and without the burden of learning and regularly accessing a new system.

Interactive Next Generation Playbooks

All organizations regardless of size can benefit from automation. However, when the management of playbooks is clunky and difficult, it often impedes the adoption of automation.

With new Playbooks 2.0, organizations of all sizes can reap the benefits of intelligent automation and orchestration. These new interactive playbook management capabilities are designed to minimize management blockers and remove complexity for easier playbooks adoption.

In addition to multiple updates and improvements, Interactive Playbooks offer new ways of interacting with and collaborating around playbooks. 

Interactive Playbooks give your security team:

  1. Increased confidence in the playbook build with more granulated testing and improved troubleshooting. 
    Users can now view the results of running an app in-line without running a full playbook. Every app runs as a self-contained unit of work that can be edited and checked for output at any time during a session. This is superior to testing playbooks end-to-end because it enables exploratory debugging and data analysis. Additionally, if a playbook fails, users are now able to better investigate and understand what went wrong.
  2. Better mechanisms for documentation and collaboration with interactive note-taking capabilities.
    Users can now develop playbooks collaboratively with notes. Each trigger and app in interactive mode can be marked up with notes and then shared when the playbook is exported. Notes are a great place to explain the app logic, results, and analysis. The notes section provides a living document for each playbook.

Design and implement playbooks with higher confidence

Playbook developers can now more clearly understand how the playbook build is progressing, with the ability to run tests at the App level and not at the time of completion. (Users now save both time and frustration by not having to design a playbook start to finish, only to find there is an issue somewhere.) Proactive notification of playbook failure gives you confidence that things are running smoothly, eliminating the need to do status checks. Additionally, Playbook 2.0 helps teams improve collaboration through interactive playbooks notes and enhanced playbook sharing capabilities. 

With NetWitness Orchestrator 6.2, your security teams can now make repeatable and scalable automation effortless.

Want to learn more? Visit our NetWitness Orchestrator page or contact us here.