This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Fixed Issues
The following issues have been resolved for this release of the Splunk App for Enterprise Security.
| Defect number | Description |
| SOLNESS-7054 | After adding a new swimlane in the Enterprise Security app using the UI, a restart will display a stdout error for savedsearches.conf:Invalid key in stanza [Category - My New Swimlane - MySwimlane] in /etc/apps/DA-ESS-AccessProtection/local/savedsearches.conf, line 24: actions (value: swimlane)
|
| SOLNESS-7132 | The identities list fields startDate and endDate do not handle the date format "%m/%d/%Y" properly.
|
| SOLNESS-7327 | While using the Threat Intelligence Dashboard, changing timerange picker refreshes all panels unnecessarily. |
| SOLNESS-7277 | While using Extreme Search, calling context_stats macro with stdev constraints will not return any data. |
| SOLNESS-7203 | When Splunk Home and Splunk Database are not on the same device, threatlists do not merge successfully. |
| SOLNESS-7152 | The file threatintel_by_file_name_wildcard.csv.default will display an error due to a missing quote in the header. |
| SOLNESS-7094 | When importing an asset table that has Windows-style newlines, an Unknown exception when reading input files exc=new-line character seen in unquoted field - do you need to open the file in universal-newline mode? error message is displayed.
|
| SOLNESS-7090 | Commas in a local threatlist description prevent the file from being parsed. |
| SOLNESS-7041 | When selecting an event under New Attacks in the Security Domains > Network > Intrusion Center navigation, the drill down will not work if the selected event is not within the timerange of the New Attacks view. |
| SOLNESS-6695 | An invalid threat list stanza will leave temporary files in the path $SPLUNK_HOME\var\run\splunk\lookup_tmp and throw errors in the python_modular_input.log Sample: status="Unknown exception when reading input files" exc='NoneType' object has no attribute 'startswith'.
|
| SOLNESS-7399 | On Linux distributions using version of glibc earlier than 2.14, correlation searches using the extreme search libraries return this error message. /opt/splunk/etc/apps/Splunk_SA_ExtremeSearch/bin/Linux/64bit/xsWhere: /lib64/libc.so.6: version `GLIBC_2.14' not found (required by /opt/splunk/etc/apps/Splunk_SA_ExtremeSearch/bin/Linux/64bit/xsWhere)
|
Last modified on 31 August, 2015
| Release Notes | Known Issues |
This documentation applies to the following versions of Splunk® Enterprise Security: 3.3.2
Download manual
Feedback submitted, thanks!