Splunk® Enterprise Security

Release Notes

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Release Notes

This topic contains information on new features, updates, and known issues released with the Splunk App for Enterprise Security.

What's New

  • Risk Analysis: A new framework for tracking and assessing risk, including new dashboards for analysis and auditing of risk scoring.
  • Incident review dashboard: The dashboard has an updated UI to improve the notable event workflow.
  • Guided Correlation search: A wizard that provides guidance for building data model based correlation searches.
  • Unified Search Manager: A single management page to check the status and edit key search types used in the Enterprise Security app.
  • Threat list auditing: A new dashboard to track threat list updates and status.
  • Threat list weighing: A scoring system for prioritizing the threat lists based upon their source and value to the organization. The score can be integrated into the Risk Analysis framework.

Add-ons

  • The Splunk Common Information Model app has been updated. The latest version is shipped with Enterprise Security. It is also available for direct download here.
  • The TA-mcafee is no longer included with the Splunk App for Enterprise Security. It has been replaced with the Splunk Add-on for McAfee. The latest version of the Splunk Add-on for McAfee is shipped with Enterprise Security. It is also available for direct download here. See Splunk Add-on for McAfee documentation.
  • The Splunk Add-on for Unix and Linux was updated. The latest version is shipped with Enterprise Security. It is also available for direct download here.
  • The Splunk Add-on for Microsoft Windows was updated. The latest version is shipped with Enterprise Security. It is also available for direct download here.
Last modified on 25 July, 2014
  Fixed Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters