Splunk® Enterprise Security

Release Notes

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Release notes for Splunk Enterprise Security

What's New

  • Version 4.0.4 of Splunk Enterprise Security requires Splunk software version 6.3.x through 6.5.x.
  • Investigation timelines let you track your investigations into attacks, data breaches, large-scale malware infections, and other security incidents. See Investigation Timelines in the User Manual.
  • The Enterprise Security upgrade process has changed. See The Enterprise Security installer in the Installation and Upgrade Manual.
  • You can use the distributed configuration management tool to assemble the ES indexer configurations for distribution. See Distributed Configuration Management in the Installation and Upgrade Manual.
  • UI enhancements for configuration and permissions management. See Adding capabilities to a role in the Installation and Upgrade Manual, and General Settings in the User Manual.
  • Key Indicators on most dashboards now provide statistics from the past 48 hours, rather than the past 24 hours. Security Posture continues to use Key Indicators from the last 24 hours.
  • New use cases leveraging Enterprise Security are available in the Use Cases Manual
  • Ingest TAXII feeds that require certificate-based authentication. See Add a TAXII feed in the User Manual.

Add-ons

Last modified on 13 April, 2020
  Fixed issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters