- Version 4.0.1 of Splunk Enterprise Security requires Splunk software version 6.3.x.
- Investigation timelines let you track your investigations into attacks, data breaches, large-scale malware infections, and other security incidents. See Investigation Timelines in the User Manual.
- The Enterprise Security upgrade process has changed. See The Enterprise Security installer in the Installation and Upgrade Manual.
- You can use the distributed configuration management tool to assemble the ES indexer configurations for distribution. See Distributed Configuration Management in the Installation and Upgrade Manual.
- UI enhancements for configuration and permissions management. See Adding capabilities to a role in the Installation and Upgrade Manual, and General Settings in the User Manual.
- Key Indicators on most dashboards now provide statistics from the past 48 hours, rather than the past 24 hours. Security Posture continues to use Key Indicators from the last 24 hours.
- New use cases leveraging Enterprise Security are available in the Use Cases Manual
- Ingest TAXII feeds that require certificate-based authentication. See Add a TAXII feed in the User Manual.
- The Common Information Model Add-on is updated to version 4.3.0.
- TA-bluecoat is replaced with the Splunk Add-on for Blue Coat ProxySG.
- TA-paloalto is replaced with the Splunk Add-on for PaloAlto.
- TA-ossec is replaced with the Splunk Add-on for OSSEC.
- TA-sav and TA-sep are replaced with the Splunk Add-on for Symantec Endpoint Protection.
This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.1