Splunk® Enterprise Security

Release Notes

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Fixed Issues

The following issues have been resolved for this version of Splunk Enterprise Security.

Defect number Description
SOLNESS-5823 The Traffic Size Analysis dashboard errors when using the appendcols command: You can only use appendcols after a reporting command (such as stats, chart, or timechart).
SOLNESS-6630, 6703 Memory leak with splunkd. On Cloud, the memory leak is correlated with the number of enabled correlatuion searches.
SOLNESS-6645 The Vulnerability Center dashboard drilldown "Vulnerabilities by Severity" does not use the correct severity field on the search page.
SOLNESS-6811 The spyeye tracker threat list is obsolete and has been removed from the list of threat lists.
SOLNESS-6887 Customized search objects can be saved into apps that do not meet the Enterprise Security app import naming scheme, but cannot be subsequently edited.
SOLNESS-6894 Customized search objects can be saved into apps that do not meet the Enterprise Security app import naming scheme, but cannot be subsequently edited.
SOLNESS-6907 The risk score object field and type values for the "Threat Activity Detected" correlation search and others that require risk actions were not being properly set.
SOLNESS-7355 An empty copy of the demo_identities.csv file can prevent the identity manager from merging all identity data sources.
SOLNESS-7396 The correlation search "Access - Excessive Failed Logins - Rule" is missing default notable title.
SOLNESS-7413 The splunkd.log reports the warning opt/splunk/etc/apps/SA-IdentityManagement/default/correlationsearches.conf, line 35: Cannot parse into key-value pair: "alert.suppress": "1",\n "alert.suppress.fields": ["user"]\n}
SOLNESS-7414 A search head configured for FIPS compliance might display an error message stating the configuration is unsupported when installing ES.
SOLNESS-7451 The correlation search editor does not display a list of streams available with the Splunk App for Stream installed.
Last modified on 22 October, 2015
Release Notes   Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters