Splunk® Enterprise Security

Release Notes

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Fixed Issues

The following issues have been resolved for this release of the Splunk App for Enterprise Security.

Defect number Description
SOLNESS-7054 After adding a new swimlane in the Enterprise Security app using the UI, a restart will display a stdout error for savedsearches.conf:
Invalid key in stanza [Category - My New Swimlane - MySwimlane] in /etc/apps/DA-ESS-AccessProtection/local/savedsearches.conf, line 24: actions (value: swimlane)
SOLNESS-7132 The identities list fields startDate and endDate do not handle the date format "%m/%d/%Y" properly.
SOLNESS-7327 While using the Threat Intelligence Dashboard, changing timerange picker refreshes all panels unnecessarily.
SOLNESS-7277 While using Extreme Search, calling context_stats macro with stdev constraints will not return any data.
SOLNESS-7203 When Splunk Home and Splunk Database are not on the same device, threatlists do not merge successfully.
SOLNESS-7152 The file threatintel_by_file_name_wildcard.csv.default will display an error due to a missing quote in the header.
SOLNESS-7094 When importing an asset table that has Windows-style newlines, an Unknown exception when reading input files exc=new-line character seen in unquoted field - do you need to open the file in universal-newline mode? error message is displayed.
SOLNESS-7090 Commas in a local threatlist description prevent the file from being parsed.
SOLNESS-7041 When selecting an event under New Attacks in the Security Domains > Network > Intrusion Center navigation, the drill down will not work if the selected event is not within the timerange of the New Attacks view.
SOLNESS-6695 An invalid threat list stanza will leave temporary files in the path $SPLUNK_HOME\var\run\splunk\lookup_tmp and throw errors in the python_modular_input.log
Sample: status="Unknown exception when reading input files" exc='NoneType' object has no attribute 'startswith'.
SOLNESS-7399 On Linux distributions using version of glibc earlier than 2.14, correlation searches using the extreme search libraries return this error message. /opt/splunk/etc/apps/Splunk_SA_ExtremeSearch/bin/Linux/64bit/xsWhere: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /opt/splunk/etc/apps/Splunk_SA_ExtremeSearch/bin/Linux/64bit/xsWhere)
Last modified on 31 August, 2015
Release Notes   Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 3.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters