Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

Enhancements

The Splunk App for Enterprise Security version 3.0 includes new dashboards, views, and tools to help security analysts detect malicious activity by analyzing the meta-characteristics of their data. Using the statistical command language in the Splunk platform, security analysts can evaluate their real-time and historical data to find patterns and detect unknown threats that exhibit anomalous behavior not detectable using pattern-based tools.

What's New

  • Extended data source access (packet capture and netflow improvements) allow greater breadth of input
  • Improved performance and scalability from the Splunk Enterprise 6.0 backend
  • New visualizations for key security metrics and predictive analytics
  • Easy visual correlation of events related to a given asset or identity
  • Improved integration of external data sources for threat intelligence and data enrichment
  • Reporting improvements through data models and pivot tables

Add-ons

  • The deployment apps linux_base, osx_base, solaris_base are no longer included with the app. They are replaced by the Splunk Add-on for Unix and Linux, which provides backwards compatibility for those still using the *_base apps.
  • The Nessus add-on has been updated to support indexing of the data using the ReportHost StopTime field as an option. See the FAQ in the Data Source Integration Manual for more information.
  • The Nessus add-on now extracts by default the signature_family" field.
  • TA-checkpoint has been removed from the Enterprise Security distribution in favor of the new Splunk Add-on for Check Point OPSEC LEA. The existing add-on will not be removed during upgrade. To upgrade, see the Splunk Technology Add-on for Check Point OPSEC LEA.
Last modified on 25 March, 2014
  NEXT
Fixed Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters