This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Fixed Issues
The following issues have been resolved for this release of the Splunk App for Enterprise Security.
| Defect number | Description |
| SOLNESS-1784 | Contributing events from any notable event in the Incident Review dashboard will default to "All Time" and may take a long time to return results. To workaround this issue, cancel the search and rerun with the desired time window. |
| SOLNESS-6664 | Disabling the SplunkEnterpriseSecuritySuite or SA-ThreatIntelligence apps removes all data collected in the KVStore collections. The KVStore collection data in those apps includes Notable Event status changes created on the Incident Review dashboard. |
| SPL-94414 | The server.conf [kvstore] stanza will not accept environment variables in the caCertPath parameter.
|
| SOLNESS-4256 | Running Splunk Enterprise on Windows with under-provisioned virtualized hardware may cause Enterprise Security setup to fail. If the instance meets the "virtualized hardware" specifications, retry the setup if it fails the first time. |
| SOLNESS-5985 | In a index cluster environment, a Notable Event's rule_id will not match the event_id and prevents the viewing of any status changes made to the Notable Event.
|
Last modified on 26 February, 2016
| Release Notes | Known Issues |
This documentation applies to the following versions of Splunk® Enterprise Security: 3.3.0
Download manual
Feedback submitted, thanks!