This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Release Notes
What's New
- Version 4.0.0 of Splunk Enterprise Security requires Splunk software version 6.3.x.
- Investigation timelines let you track your investigations into attacks, data breaches, large-scale malware infections, and other security incidents. See "Investigation Timelines" in the User Manual.
- The Enterprise Security upgrade process has changed. See "The Enterprise Security installer" in the Installation and Upgrade Manual.
- You can use the distributed configuration management tool to assemble the ES indexer configurations for distribution. See "Distributed Configuration Management" in the Installation and Upgrade Manual.
- UI enhancements for configuration and permissions management. See "Adding capabilities to a role" in the Installation and Upgrade Manual, and "General Settings" in the User Manual.
- Key Indicators on most dashboards now provide statistics from the past 48 hours, rather than the past 24 hours. Security Posture continues to use Key Indicators from the last 24 hours.
- New use cases leveraging Enterprise Security are available in the "Use Cases Manual"
Add-ons
- The "Common Information Model Add-on" is updated to version 4.3.0.
- TA-bluecoat is replaced with the "Splunk Add-on for Blue Coat ProxySG".
- TA-paloalto is replaced with the Splunk Add-on for PaloAlto.
- TA-ossec is replaced with the "Splunk Add-on for OSSEC".
- TA-sav and TA-sep are replaced with the "Splunk Add-on for Symantec Endpoint Protection".
Last modified on 13 April, 2016
| Fixed Issues |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.0
Download manual
Feedback submitted, thanks!