Splunk® Attack Analyzer

Release Notes

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

What's new in Splunk Attack Analyzer

Splunk Attack Analyzer releases continuously. This list periodically updates with the latest functionality and changes to Splunk Attack Analyzer.

April 30, 2023

New feature Description
Interactive Sandbox default browser You can now select a default browser for all links launched by the Interactive Sandbox, rather than just the initial browser the URL for the interactive sandbox is launched with.
Web Analyzer QR code and OCR support The Web Analyzer engine is now able to analyze QR codes and has improved OCR support.


March 26, 2024

New feature Description
New regional availability Splunk Attack Analyzer is now available in the London, Frankfurt, and Sydney regions.

March 8, 2024

New feature Description
Drag and drop files to upload You can now drag and drop files to upload them to Splunk Attack Analyzer.

February 28, 2024

New feature Description
Interactive web countdown timer A three minute countdown timer now shows how much time you have remaining in the session. See Interactive submission for more information on Interactive web.
New key for Get Job Summary API A new key, "AppURL", has been added to the Get Job Summary API response. This key contains a link to the Splunk Attack Analyzer page for the job.

January 9, 2024

New feature Description
Interactive Web v2 Use the Interactive Web v2 tab to submit a URL or HTML file and interact with it within a virtual web browser hosted by Splunk Attack Analyzer. Interactive Web v2 has similar functionality to Legacy Interactive Web but contains improved website rendering, improved user interface performance including the ability to drag and drop draggable elements, improved resilience to CAPTCHA loops, and is close to parity with detections on Web Analyzer including support for JavaScript event hooking, data URI capture and so on. Additionally, you can select the Internet Region you want to use to access a website. Legacy Interactive Web will eventually be replaced by Interactive Web v2. See Interactive Web v2 in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
Artifact Downloads Use the Artifact Downloads tab visible on the Consolidated job view to gather more information about submitted URLs or files. From this tab, you can download the PCAP or original HAR files where available. See Analyze completed jobs with Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual.

November 6, 2023

New feature Description
Create and manage API keys As an administrator, you can create and manage API keys in Splunk Attack Analyzer to use the API to get data into Splunk Attack Analyzer. Common API integrations include connecting Splunk Attack Analyzer with Splunk SOAR and Splunk Mission Control and connecting the Splunk Add-on for Splunk Attack Analyzer to index job and forensic data from Splunk Attack Analyzer to the Splunk platform. See Create and manage API keys in Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
User interface performance improvements Splunk Attack Analyzer now loads up to 25 percent faster.
QR code improvements Splunk Attack Analyzer now follows all QR codes with a mobile user agent.

September 27, 2023

New feature Description
Create and assign user roles As an administrator, you can create users and assign users to roles to manage their access to functionality and data in Splunk Attack Analyzer. See Manage roles and permissions for users of Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
Support for .ace files in Archive Extractor Archive Extractor now supports the extraction of .ace files for evaluation or inspection.

August 11, 2023

The following table lists the new features included in this release of Splunk Attack Analyzer:

New feature Description
Interactive sandbox browser choice You can now select the browser you want Interactive Sandbox to use to access your submitted content. See Interactive Sandbox in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
Improvements to CHM file extraction Splunk Attack Analyzer now extracts potentially malicious files attached to .chm files for analysis and inspection.


July 28, 2023

The following table lists the new features included in this release of Splunk Attack Analyzer:

New feature Description
Sandbox naming convention update The name of the TwinWave Sandbox (win7) was updated to Windows 7 Sandbox and the name of the associated former JSON key twinwave_cuckoo was updated to sandbox_win7. The name of the TwinWave Sandbox (win10) was updated to Windows 10 Sandbox and the name of the associated former JSON key twinwave_cuckoo_win10 was updated to sandbox_win10.


This has no immediate impact on your integrations. However, note the following:

  • The APIs continue to accept the former JSON Keys as request parameters and output the former JSON Keys in the response to ensure backward compatibility with your integrations in the short term. JSON keys in responses will be updated on August 31, 2023.
  • If you are requesting specific engines through request parameters when making API submissions, we recommend changing your request parameters for the sandbox engines to use the new JSON key values prior to August 31, 2023.
  • If you have written code to parse responses that depends on the former sandbox names, we recommend modifying it to accept either of the former JSON keys or updated JSON key values for sandbox analysis output.

    After August 31, 2023 the former JSON key values will no longer appear in the response output.

Improved URL detection from images Splunk Attack Analyzer has improved optical character recognition (OCR) capabilities to provide improved URL extraction from images. This can improve smishing detection when mobile device messages are submitted as screenshots to Splunk Attack Analyzer.

July 17, 2023

Splunk Attack Analyzer, formerly TwinWave, is a cloud-based application that navigates complex attack chains to detect credential phishing and malware threats, generates actionable insights, and reduces the friction of repetitive manual tasks typically associated with investigating threats.

Use Splunk Attack Analyzer to perform the following tasks:

Last modified on 30 April, 2024
  NEXT
Fixed issues for Splunk Attack Analyzer

This documentation applies to the following versions of Splunk® Attack Analyzer: Current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters