Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Fixed Issues

The following issues have been resolved for this version of Splunk Enterprise Security.

Defect number Description
SOLNESS-5699 Correlation searches on the Content Management page no longer display an option to "Convert to real-time." Correlation searches cannot be converted to real-time searches.
SOLNESS-6344 Modifying the email alert action while editing some saved searches could break the Manager page.
SOLNESS-6659 The Network - Certificate Tracker - Lookup Gen search will not run successfully. The log reports: Error in 'extract' command: Failed to parse the key-value pair configuration for transform 'cim_ssl_issuer_common_name’.
SOLNESS-7260 Action history items could not be added from multiple pages of the Investigator Journal.
SOLNESS-7724 Some settings on the General Settings page did not validate text box input.
SOLNESS-7746 When removing previously selected filters on the Incident Review page and clicking submit, the search would re-run as though the filter was still selected.
SOLNESS-7755 User Agent Distribution panel on the HTTP User Agent Analysis dashboard can negatively affect dashboard performance. The panel now uses a standard deviation of 2 by default.
SOLNESS-7777 Guided Search Creation page did not link to instructions about search creation. Now it does.
SOLNESS-7800 Threat Intelligence feeds can now process PollRequest documents that contain multiple StixPackage items directly. This permits customers who are polling TAXII feeds via external processes to drop those files directly into a threat_intel dropbox.
SOLNESS-7804 The latest versions of the following Threat Intelligence libraries are supported: dateutil, six.py, cybox, libtaxii, stix.
SOLNESS-7810 An embedded quotation mark in a field is removed when the field is written to the output stream in Extreme Search.
SOLNESS-7833 Notable Event Review page can take up to 30 seconds to load on Cloud.
SOLNESS-7876 A custom KSI or swimlane can be saved to an app that doesn't conform to Enterprise Security app naming, preventing its use or further editing.
SOLNESS-7879 An email alert configured to provide a "Link to report" or a "Link to Results" did not contain the link.
SOLNESS-7904 The ess_admin and ess_analyst roles were not assigned the edit_timeline capability.
SOLNESS-7907 The Incident Review page can be slow to load.
SOLNESS-7908 When upgrading to Splunk Enterprise Security 4.0.0, the installer UI can stop on Installing Apps and will not finish if the ES apps on the search head are managed with a deployment server.
SOLNESS-7911 Can't Add Event to Investigation
SOLNESS-7933 After an upgrade, Enterprise Security can incorrectly report that "Configuration file settings may be duplicated in multiple apps" when no duplication exists.
SOLNESS-8154 A STIX document can fail to import when observables are embedded in the incident.
Last modified on 19 February, 2016
Release Notes
Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 4.0.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters