Splunk® Security Essentials

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

What's new in Splunk Security Essentials

The security content delivery endpoint for Splunk Enterprise Security Content Update (ESCU) has been updated to comply with Splunk guidance. If you are using Splunk Security Essentials version 3.7.1 or lower, the last supported ESCU version is 4.22.0. In order to get the latest ESCU version, upgrade Splunk Security Essentials to version 3.8.0. For more information, see What's new in 3.8.0.

This release of Splunk Security Essentials includes the following enhancements.

What's new in 3.7.0

New Feature or Enhancement Description
Add custom threat group lists and custom technique lists to the MITRE ATT&CK Framework dashboard Add custom threat group lists or custom technique lists to track your coverage of these threat groups or techniques in Splunk Security Essentials. See Add custom threat group lists to the MITRE ATT&CK Framework dashboard and Add custom technique lists to the MITRE ATT&CK Framework dashboard in the Use Splunk Security Essentials manual.
Renamed and reorganized Splunk Security Essentials menu items Renamed the Security Content tab to Content, Content Introspection to Content Mapping and updated where some dashboards appear in the menus.
Replaced words on the data availability dashboard Replaced "Good" and "Bad" in the Data Availability column with "Available" and "Unavailable".
Updated the Add Products modal in data inventory Updated the Add Products modal in data inventory so that you can add products if automated introspection found products for the data type. Or, if no products are found, you can mark that you have no data present. See Configure the products you have in your environment with the Data Inventory dashboard in the Use Splunk Security Essentials manual.
Improved the Content page load time The Content page now loads up to three times faster.
Search for content when content mapping Added a search box to search for content when content mapping. See Track active content in Splunk Security Essentials using Content Mapping in the Use Splunk Security Essentials manual.
Added metrics to the Overview dashboard Added metrics to see the amount of content enabled or disabled by data source and the amount of content enabled or disabled by originating app.
Added uberAgent ESA data to data inventory You can now search for uberAgent data sources and sourcetypes in Splunk Security Essentials.
MITRE ATT&CK parsing, lookups, and auto update Added parsing and lookups for MITRE ATT&CK Data Source and Detection and MITRE ATT&CK details are now automatically updated.
Added more information to ES integration tab in System Configuration Added more instructions on how to integrate with Splunk Enterprise Security.
Last modified on 26 March, 2024
  NEXT
Known issues for Splunk Security Essentials

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters