This topic contains information on new features, updates, and known issues released with the Splunk App for Enterprise Security.
- Version 3.2.1 of The Splunk App for Enterprise Security requires Splunk Enterprise version 6.2.1 through 6.3.x, and a 64-bit OS install on all search heads and indexers.
- Search head clustering support: The Splunk App for Enterprise Security supports installation on a search head cluster. See "Search Head Clustering" in the Enterprise Security Installation and Configuration Manual.
- Splunk App for Stream integration: Facilitates packet data capture into the Enterprise Security app workflows. See "Splunk App for Stream Integration" in the Enterprise Security Installation and Configuration Manual.
- Protocol intelligence for wire data: A collection of new dashboards, correlation searches, key security indicators, and swimlanes that report on the information collected from common network protocols. See "Protocol Intelligence dashboards" in the Enterprise Security User Manual.
- Dynamic Thresholds and Context Awareness: A new set of search commands for creating and maintaining dynamic thresholds, and reporting using common language labels. Set of new and existing correlation searches and key security indicators which leverage this new search capability. See "Extreme Search" in the Enterprise Security User Manual.
- For a list of add-ons included with this release of the Enterprise Security app, see "Add-ons provided with Enterprise Security" in the Enterprise Security Installation and Configuration Manual.
- The latest version of the Splunk Common Information Model app is shipped with the Enterprise Security app. It is also available on Splunkbase "Splunk Common Information Model app".
This documentation applies to the following versions of Splunk® Enterprise Security: 3.2.1