Fixed Issues

The following issues have been resolved for this release of the Splunk App for Enterprise Security.

Defect number	Description
SOLNESS-5401	A threat list download attempt from an HTTPS URL may fail to download if proxy authentication is in use.
SOLNESS-6605	Creating a new TAXII feed requires the field Fields be populated. However, it is not used for defining fields in a TAXII feed. Workaround: the user needing to supply a dummy value for that field in order to successfully define a TAXII feed.
SOLNESS-6687	On the Threat Activity dashboard, the Group and Category drop-down filters may display comma separated values. If the values are selected, the dashboard will display "No results found."
SOLNESS-6625	A crash will occur on the `whois_handler.py` script when a Unicode domain name is received for a WHOIS query.
SOLNESS-6670	When the correlation search Potential Gap in Data is enabled, the search will report false positive matches.
SOLNESS-6695	An invalid threat list stanza will leave temporary files in the path `$SPLUNK_HOME\var\run\splunk\lookup_tmp` and throw errors in the `python_modular_input.log` Sample: `status="Unknown exception when reading input files" exc='NoneType' object has no attribute 'startswith'`.
SOLNESS-6788	The correlation search Default Account at Rest Detected does not properly filter out disabled accounts on Windows.
SOLNESS-6809	While using the "Guided Mode" correlation search builder, if an aggregate is not created in Step 3, the error "Please select a function" is displayed and the builder cannot proceed.
SOLNESS-6858	On the Incident Review dashboard, when attempting to select all Notable Events by using the check box on the header, all Notable Events are not selected.
SOLNESS-6861	If an RT time frame is selected on the Incident Review dashboard while sorting Notable Event results, the UI will display the error "Negative offsets are not allowed when a postprocessing search is specified."
SOLNESS-6893	The SA-Utils App search `contentinfo` cannot be used in a private saved search.
SOLNESS-6902	A notable event field containing source data with a URL string will automatically linkify the URL.
SOLNESS-6903	Disabling a previously active threat list does not prevent continued matches based upon the disabled threat list contents.
SOLNESS-6905	The Notable Event Suppressions page becomes inaccessible when a suppression entry contains trailing spaces.
SOLNESS-6908	A context generating search may trigger a display of "Errors occurred while the search was executing. Therefore, search results might be incomplete."
SOLNESS-6910	A plain text threat list will be ignored unless the extension is changed to `.csv`.
SOLNESS-6914	A threat list input path that contains a `.` will prohibit the modular input from recognizing a valid directory, and prevent the threat list from being loaded.
SOLNESS-6918	A threat list input may be ignored due to a missing `ignore_regex` parameter in the `inputs.conf` threat list stanza.
SOLNESS-6952	The macro `inactive_account_usage` used in the correlation search Inactive Account Activity Detected may choose the wrong time when performing time calculations by user. This results in spurious Notable Events.
SOLNESS-6958	A threat list download attempt from an HTTPS URL may fail to download if proxy authentication is in use.
SOLNESS-6968	On the Security Posture dashboard, the panel Notable Events by Urgency displays an incorrect count of Notable Events.
SOLNESS-6989	An updated asset or identities list placed on disk by a scripted process may not trigger the input to read and merge the changes.
SOLNESS-6993	The Threat Artifacts dashboard will not display an arrow or chevron indicator when an artifact has more columns than can be displayed in the browser.
SOLNESS-7073	A threat list download may display a error in the `python_modular_input.log` ending with `ValueError: fromutc: non-None utcoffset() result required`.

Release Notes

Related Answers

Fixed Issues

Comments