This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Known issues for Splunk Enterprise Security
Following are the known issues for this version of Splunk Enterprise Security:
Date filed | Issue number | Description |
---|---|---|
2023-03-28 | SOLNESS-35291 | Threat Intelligence Framework is not passing the weights of Indicators of Compromise (IOCs). |
2022-08-12 | SOLNESS-32134 | Correlation search for ES Threat Activity Detected is incorrect.
|
2022-02-22 | SOLNESS-30041 | Multiple owners are displayed on the Incident Review page when selecting Owner. |
2021-09-01 | SOLNESS-28019 | "src" or "dest" fields of Threat Activity events showing as "unknown" even though "threat_match_fields" is "src" or "dest" Workaround: # Navigate to the threat intelligence management page and click on the threat matching tab
|
2021-08-31 | SOLNESS-28002 | . ES Traffic centre dashboard is still using the deprecated saved search. |
2021-05-12 | SOLNESS-26883 | Annotations configured on correlation search editor do not display on the Incident Review page. |
2021-04-29 | SOLNESS-26712 | Incident review page loads slowly after an upgrade to Splunk Enterprise Security version 6.4 or higher. Workaround: Add a reasonable time period to the get_active_correlations macro. For example, earliest = -90d .Otherwise, correlation searches that do not create a notable within that time frame cannot be selected as an option in the filters when the Incident Review page loads. The macro should look something like this after editing: tstats values(source) as source where {{get_notable_index}} earliest = -90d | mvexpand source | lookup correlationsearches_lookup _key as source OUTPUTNEW rule_name |
2021-03-03 | SOLNESS-25956 | Next Steps for adaptive response actions do not parse correctly in the Incident Review dashboard. Workaround: Enter each of the adaptive response actions on separate lines in the Next Steps field of the Correlation Search editor.
|
2021-01-04 | SOLNESS-25051 | Asset and Identity Framework: Unable to "delete" from assets / identites lookup tabs |
2020-12-03 | SOLNESS-24926 | Threat Intelligence Framework: Setting SPLUNK_DB triggers this error: ValueError: Illegal escape from parent directory "/opt/splunk": /splunkdata/modinputs/threatlist Workaround: Contact support for single line update to threatlist.py |
2020-12-01 | SOLNESS-24869 | Incident Review: Correlation search list limited to 100 results |
2020-11-23 | SOLNESS-24825 | Risk Framework: risk_factors_rest_hander.update_datamodel assumes calculated_risk_score field |
2020-11-20 | SOLNESS-24809 | Errors in Risk Analysis Dashboard after ES upgrade Workaround: Local overrides to the Risk datamodel occurring prior to 6.3.0 will be missing the calculated_risk_score field. It is recommended to remove the locally overridden Risk.json datamodel such that the shipped default can take over. |
2019-03-15 | SOLNESS-18377, SPL-167855 | Workbench: custom visualizations don't work in workbench |
Last modified on 28 August, 2023
PREVIOUS Fixed issues for Splunk Enterprise Security |
NEXT How to find answers and get help with Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 6.4.0
Feedback submitted, thanks!