This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Fixed Issues
The following issues have been resolved for this version of Splunk Enterprise Security.
| Defect number | Description |
|---|---|
| SOLNESS-5699 | Correlation searches on the Content Management page no longer display an option to "Convert to real-time." Correlation searches cannot be converted to real-time searches. |
| SOLNESS-6344 | Modifying the email alert action while editing some saved searches could break the Manager page. |
| SOLNESS-6659 | The Network - Certificate Tracker - Lookup Gen search will not run successfully. The log reports: Error in 'extract' command: Failed to parse the key-value pair configuration for transform 'cim_ssl_issuer_common_name’.
|
| SOLNESS-7260 | Action history items could not be added from multiple pages of the Investigator Journal. |
| SOLNESS-7724 | Some settings on the General Settings page did not validate text box input. |
| SOLNESS-7746 | When removing previously selected filters on the Incident Review page and clicking submit, the search would re-run as though the filter was still selected. |
| SOLNESS-7755 | User Agent Distribution panel on the HTTP User Agent Analysis dashboard can negatively affect dashboard performance. The panel now uses a standard deviation of 2 by default. |
| SOLNESS-7777 | Guided Search Creation page did not link to instructions about search creation. Now it does. |
| SOLNESS-7800 | Threat Intelligence feeds can now process PollRequest documents that contain multiple StixPackage items directly. This permits customers who are polling TAXII feeds via external processes to drop those files directly into a threat_intel dropbox. |
| SOLNESS-7804 | The latest versions of the following Threat Intelligence libraries are supported: dateutil, six.py, cybox, libtaxii, stix. |
| SOLNESS-7810 | An embedded quotation mark in a field is removed when the field is written to the output stream in Extreme Search. |
| SOLNESS-7833 | Notable Event Review page can take up to 30 seconds to load on Cloud. |
| SOLNESS-7876 | A custom KSI or swimlane can be saved to an app that doesn't conform to Enterprise Security app naming, preventing its use or further editing. |
| SOLNESS-7879 | An email alert configured to provide a "Link to report" or a "Link to Results" did not contain the link. |
| SOLNESS-7904 | The ess_admin and ess_analyst roles were not assigned the edit_timeline capability.
|
| SOLNESS-7907 | The Incident Review page can be slow to load. |
| SOLNESS-7908 | When upgrading to Splunk Enterprise Security 4.0.0, the installer UI can stop on Installing Apps and will not finish if the ES apps on the search head are managed with a deployment server. |
| SOLNESS-7911 | Can't Add Event to Investigation |
| SOLNESS-7933 | After an upgrade, Enterprise Security can incorrectly report that "Configuration file settings may be duplicated in multiple apps" when no duplication exists. |
| SOLNESS-8154 | A STIX document can fail to import when observables are embedded in the incident. |
Last modified on 19 February, 2016
| Release Notes | Known Issues |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.1
Download manual
Feedback submitted, thanks!