Splunk® Enterprise Security

Release Notes

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Release Notes for Splunk Enterprise Security

Version 4.5.0 of Splunk Enterprise Security follows version 4.2.0 of Splunk Enterprise Security.

What's New

Version 4.5.0 of Splunk Enterprise Security requires Splunk platform version 6.4.x or later. To use the updated asset and identity correlation functionality, you need Splunk platform version 6.4.4 or later.


New features in the cloud-only release of Splunk Enterprise Security 4.2.0 that you might have missed.

  • Create search-driven lookups. See Search-driven lookups in the User Manual.
  • Audit adaptive response actions on the Adaptive Response Action Center. See Adaptive Response Action Center in the User Manual.
  • Add, create, or modify threat intelligence sources and asset and identity sources in a search head cluster without using the deployer.

Add-on deprecation

In a future release, Splunk Enterprise Security will no longer include all of the add-ons listed in Add-ons provided with Enterprise Security. Instead, you can download the add-ons that you need directly from Splunkbase. This change improves the performance of Splunk ES by reducing the number of unnecessary enabled add-ons, and allows you to install the most appropriate and updated versions of add-ons when you install Splunk ES.

Add-ons

Deprecated features

  • The `map_notable_fields` macro is deprecated and changed to noop. The notable.py script performs the field transformations for you. Remove `map_notable_fields` from custom correlation searches.
  • The alert action Include in RSS feed has been removed from Enterprise Security. Correlation searches currently configured to include alerts in RSS feeds will stop sending alerts in RSS feeds.
  • The globedistance.py search command is deprecated and will no longer produce search results. Instead, use the `globedistance` macro.
Last modified on 13 August, 2022
  Fixed Issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters