Release Notes

This topic contains information on new features, updates, and known issues released with the Splunk App for Enterprise Security 3.1.

What's New

• Risk Analysis: A new framework for tracking and assessing risk, including new dashboards for analysis and auditing of risk scoring.
• Incident review dashboard: The dashboard has an updated UI to improve the notable event workflow.
• Guided Correlation search: A wizard that provides guidance for building data model based correlation searches.
• Unified Search Manager: A single management page to check the status and edit key search types used in the Enterprise Security app.
• Threat list auditing: A new dashboard to track threat list updates and status.
• Threat list weighing: A scoring system for prioritizing the threat lists based upon their source and value to the organization. The score can be integrated into the Risk Analysis framework.

Add-ons

• Updated add-ons have their own documentation. See the Supported Add-ons manual.

• The Splunk Common Information Model app has been updated. The latest version is shipped with Enterprise Security. It is also available for direct download here.

• The TA-mcafee is no longer included with the Splunk App for Enterprise Security. It has been replaced with the Splunk Add-on for McAfee. The latest version of the Splunk Add-on for McAfee is shipped with Enterprise Security. It is also available for direct download here. See Splunk Add-on for McAfee documentation.

• The Splunk Add-on for Unix and Linux was updated. The latest version is shipped with Enterprise Security. It is also available for direct download here.

• The Splunk Add-on for Microsoft Windows was updated. The latest version is shipped with Enterprise Security. It is also available for direct download here.