Release notes for the Splunk Common Information Model Add-on
Version 4.20.0 of the Splunk Common Information Model Add-on was released on June 30, 2021.
Version 4.20.0 of the Splunk Common Information Model Add-on includes the following new features.
|New Data Access data model.||The Data Access data model is for monitoring shared data access user activity. It helps you detect a user's unauthorized data access, misuse, exfiltration, and more. See Data Access.|
|The Endpoint data model has a new field.||The new field in the data model is |
|jQuery 3.5.0 migration.||Starting in CIM 4.20.0 to enhance product security, jQuery is migrated from 2.1.0 to 3.5.0 and some Splunk Web Core UI components are deprecated. Library updates have been made that may impact some dashboards with CustomJS.|
|Splunk platform version||Upgrade activity|
|8.0.x or later||If you apply custom tags to data mapped to CIM data models and you use these tags in searches and search filters, add these tags to the whitelists for those models. See Set up the Splunk Common Information Model Add-on for details about the tags whitelist field.|
Version 4.20.x of the Splunk Common Information Model Add-on requires Splunk platform version 8.0.x or later. Some workarounds, such as the datamodels spec workaround for tags_whitelist and poll_buckets, are no longer available in version 7.0.x and later. This might lead to btool check warnings at startup.
This version of the Splunk Common Information Model Add-on fixes the following issues. If this section is empty, this release has no reported fixed issues.
|Date resolved||Issue number||Description|
|2021-06-29||CIM-1033, CIM-978||CIM Setup: "An error occurred fetching assets"|
|2021-03-16||CIM-990||Adaptive response actions creates duplicate Invocations.|
This version of the Splunk Common Information Model Add-on has the following reported known issues. If this section is empty, this release has no reported known issues.
|Date filed||Issue number||Description|
|2021-07-02||CIM-1040||CIM 4.20.0 Setup link returns 404|
Access the setup page directly by going to https://<URL of your Splunk deployment>/en-US/app/search/cim_setup
Deprecated or removed features
The following are deprecated or removed features for the last seven versions.
As of version 4.20.0:
As of version 4.19.0:
As of version 4.18.0:
bodyfield is deprecated in favor of the
descriptionfield in the Alerts data model and will be removed in a future version.
subjectfield is deprecated in favor of the
signaturefield in the Alerts data model and will be removed in a future version.
As of version 4.15.0:
- The Predictive Analytics dashboard is removed in favor of Machine Learning Toolkit functionality.
As of version 4.14.0:
- The Predictive Analytics dashboard is deprecated in favor of Machine Learning Toolkit functionality and will be removed in a future version.
As of version 4.13.0:
As of version 4.12.0:
- The modaction_invocations_rest_handler.py (alerts/modaction_invocations) is deprecated and will be removed in a future version.
- The following previously deprecated configurations are removed.
- Deprecated data models: Application State and Change Analysis
Third-party software attributions
The Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.
Set up the Splunk Common Information Model Add-on
Support and resource links for the Splunk Common Information Model Add-on
This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.20.0