Release notes for the Splunk Add-on for Okta Identity Cloud

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud was released on April 30, 2024.

Compatibility

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud is compatible with the following software, CIM versions, and platforms.

New Features

• Enhanced CIM support to a few important security eventTypes which are described below:
  • Added CIM support to the eventTypes - system.email.new_device_notification.sent_message, security.behavior.settings.update, user.account.report_suspicious_activity_by_enduser, device.user.remove, user.account.expire_password, system.idp.lifecycle.read_client_secret, system.idp.lifecycle.delete, system.idp.lifecycle.deactivate, system.idp.lifecycle.activate, system.idp.lifecycle.create, policy.rule.delete
  • Enhanced CIM data model tagging from Alerts DM to Authentication DM for the eventType - system.push.send_factor_verify_push
• Updated cron schedule of all the savedsearches.
  • All the savedsearch would run at a gap of 10 mins and not at the same time. This will resolve the search concurrency issue.
• Multi-line logs and error tracebacks logged in the add-on's log file will now be ingested in Splunk as a single event
  • This will let users have better visibility of the error tracebacks and will resolve the issue of timestamping of the add-on logs
• Introduced a System Log Streaming Dashboard, which monitors the data ingestion of system logs in the add-on.
  • This will enable users to know about the system logs events being missed between a specific time range, and they can recollect the system logs using the modular input and fill the data gap
• Introduced a new parameter "End Date" for Logs Metric in modular input
  • Utilizing this parameter, users will be able to collect the system logs between a time range by providing appropriate values in "Start Date" and "End Date" fields
• Enhanced KVStore lookups with the entities' names and the IDs.
  • A new event schema for the sourcetypes as mentioned in the following table:

• • Because of this, the KVStore lookups and field extractions will also be enhanced for respective sourcetypes
• Introduced Monitoring Dashboards, which enabled the users to have an insight into the count of events ingested and the volume of data ingested based on various parameters like - Host, Source, Index, Input, Sourcetype, Account
• Verified IPv6 compliance checks for the add-on and enhanced TA functionality accordingly
• Enhanced the UI experience of the add-on for the users
• Provided CIM support of the latest version - 5.3.1
• Backlog enhancements and library updates

Fixed issues

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud has the following fixed issues:

Known issues

Version 2.2.0 of the Splunk Add-on for Okta Identity Cloud has the following reported known issues. If no issues appear below, no issues have yet been reported.

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects. Third party contributions.