This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Fixed Issues
The following issues have been resolved for this release of the Splunk App for Enterprise Security.
Defect number | Description |
SOLNESS-5401 | A threat list download attempt from an HTTPS URL may fail to download if proxy authentication is in use. |
SOLNESS-6605 | Creating a new TAXII feed requires the field Fields be populated. However, it is not used for defining fields in a TAXII feed. Workaround: the user needing to supply a dummy value for that field in order to successfully define a TAXII feed. |
SOLNESS-6687 | On the Threat Activity dashboard, the Group and Category drop-down filters may display comma separated values. If the values are selected, the dashboard will display "No results found." |
SOLNESS-6625 | A crash will occur on the whois_handler.py script when a Unicode domain name is received for a WHOIS query.
|
SOLNESS-6670 | When the correlation search Potential Gap in Data is enabled, the search will report false positive matches. |
SOLNESS-6695 | An invalid threat list stanza will leave temporary files in the path $SPLUNK_HOME\var\run\splunk\lookup_tmp and throw errors in the python_modular_input.log Sample: status="Unknown exception when reading input files" exc='NoneType' object has no attribute 'startswith' .
|
SOLNESS-6788 | The correlation search Default Account at Rest Detected does not properly filter out disabled accounts on Windows. |
SOLNESS-6809 | While using the "Guided Mode" correlation search builder, if an aggregate is not created in Step 3, the error "Please select a function" is displayed and the builder cannot proceed. |
SOLNESS-6858 | On the Incident Review dashboard, when attempting to select all Notable Events by using the check box on the header, all Notable Events are not selected. |
SOLNESS-6861 | If an RT time frame is selected on the Incident Review dashboard while sorting Notable Event results, the UI will display the error "Negative offsets are not allowed when a postprocessing search is specified." |
SOLNESS-6893 | The SA-Utils App search contentinfo cannot be used in a private saved search.
|
SOLNESS-6902 | A notable event field containing source data with a URL string will automatically linkify the URL. |
SOLNESS-6903 | Disabling a previously active threat list does not prevent continued matches based upon the disabled threat list contents. |
SOLNESS-6905 | The Notable Event Suppressions page becomes inaccessible when a suppression entry contains trailing spaces. |
SOLNESS-6908 | A context generating search may trigger a display of "Errors occurred while the search was executing. Therefore, search results might be incomplete." |
SOLNESS-6910 | A plain text threat list will be ignored unless the extension is changed to .csv .
|
SOLNESS-6914 | A threat list input path that contains a . will prohibit the modular input from recognizing a valid directory, and prevent the threat list from being loaded.
|
SOLNESS-6918 | A threat list input may be ignored due to a missing ignore_regex parameter in the inputs.conf threat list stanza.
|
SOLNESS-6952 | The macro `inactive_account_usage` used in the correlation search Inactive Account Activity Detected may choose the wrong time when performing time calculations by user. This results in spurious Notable Events.
|
SOLNESS-6958 | A threat list download attempt from an HTTPS URL may fail to download if proxy authentication is in use. |
SOLNESS-6968 | On the Security Posture dashboard, the panel Notable Events by Urgency displays an incorrect count of Notable Events. |
SOLNESS-6989 | An updated asset or identities list placed on disk by a scripted process may not trigger the input to read and merge the changes. |
SOLNESS-6993 | The Threat Artifacts dashboard will not display an arrow or chevron indicator when an artifact has more columns than can be displayed in the browser. |
SOLNESS-7073 | A threat list download may display a error in the python_modular_input.log ending with ValueError: fromutc: non-None utcoffset() result required .
|
Last modified on 14 July, 2015
PREVIOUS Release Notes |
NEXT Known Issues |
This documentation applies to the following versions of Splunk® Enterprise Security: 3.3.1
Feedback submitted, thanks!