Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

Fixed Issues

The following issues have been resolved for this release of the Splunk App for Enterprise Security.

Defect number Description
SOLNESS-5401 A threat list download attempt from an HTTPS URL may fail to download if proxy authentication is in use.
SOLNESS-6605 Creating a new TAXII feed requires the field Fields be populated. However, it is not used for defining fields in a TAXII feed.
Workaround: the user needing to supply a dummy value for that field in order to successfully define a TAXII feed.
SOLNESS-6687 On the Threat Activity dashboard, the Group and Category drop-down filters may display comma separated values. If the values are selected, the dashboard will display "No results found."
SOLNESS-6625 A crash will occur on the whois_handler.py script when a Unicode domain name is received for a WHOIS query.
SOLNESS-6670 When the correlation search Potential Gap in Data is enabled, the search will report false positive matches.
SOLNESS-6695 An invalid threat list stanza will leave temporary files in the path $SPLUNK_HOME\var\run\splunk\lookup_tmp and throw errors in the python_modular_input.log
Sample: status="Unknown exception when reading input files" exc='NoneType' object has no attribute 'startswith'.
SOLNESS-6788 The correlation search Default Account at Rest Detected does not properly filter out disabled accounts on Windows.
SOLNESS-6809 While using the "Guided Mode" correlation search builder, if an aggregate is not created in Step 3, the error "Please select a function" is displayed and the builder cannot proceed.
SOLNESS-6858 On the Incident Review dashboard, when attempting to select all Notable Events by using the check box on the header, all Notable Events are not selected.
SOLNESS-6861 If an RT time frame is selected on the Incident Review dashboard while sorting Notable Event results, the UI will display the error "Negative offsets are not allowed when a postprocessing search is specified."
SOLNESS-6893 The SA-Utils App search contentinfo cannot be used in a private saved search.
SOLNESS-6902 A notable event field containing source data with a URL string will automatically linkify the URL.
SOLNESS-6903 Disabling a previously active threat list does not prevent continued matches based upon the disabled threat list contents.
SOLNESS-6905 The Notable Event Suppressions page becomes inaccessible when a suppression entry contains trailing spaces.
SOLNESS-6908 A context generating search may trigger a display of "Errors occurred while the search was executing. Therefore, search results might be incomplete."
SOLNESS-6910 A plain text threat list will be ignored unless the extension is changed to .csv.
SOLNESS-6914 A threat list input path that contains a . will prohibit the modular input from recognizing a valid directory, and prevent the threat list from being loaded.
SOLNESS-6918 A threat list input may be ignored due to a missing ignore_regex parameter in the inputs.conf threat list stanza.
SOLNESS-6952 The macro `inactive_account_usage` used in the correlation search Inactive Account Activity Detected may choose the wrong time when performing time calculations by user. This results in spurious Notable Events.
SOLNESS-6958 A threat list download attempt from an HTTPS URL may fail to download if proxy authentication is in use.
SOLNESS-6968 On the Security Posture dashboard, the panel Notable Events by Urgency displays an incorrect count of Notable Events.
SOLNESS-6989 An updated asset or identities list placed on disk by a scripted process may not trigger the input to read and merge the changes.
SOLNESS-6993 The Threat Artifacts dashboard will not display an arrow or chevron indicator when an artifact has more columns than can be displayed in the browser.
SOLNESS-7073 A threat list download may display a error in the python_modular_input.log ending with
ValueError: fromutc: non-None utcoffset() result required.
Last modified on 14 July, 2015
Release Notes
Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 3.3.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters