Release Notes for Splunk Enterprise Security

What's New

Version 4.1.3 of Splunk Enterprise Security adds support for Splunk platform version 6.5.x. This version of Splunk Enterprise Security requires Splunk software version 6.3.3 through 6.5.x. See Splunk Enterprise system requirements in the Installation and Upgrade Manual.
View UBA anomalies on a dedicated dashboard and as a swim lane on the Asset and Identity Investigator dashboards in Splunk Enterprise Security. Anomalies also contribute to asset and identity risk scores. See Analyze Splunk UBA threats and anomalies in Splunk ES in the User Manual
Facebook ThreatExchange is available as a new source for threat intelligence. See About the Splunk Add-on for Facebook ThreatExchange in Splunk Add-on for Facebook ThreatExchange.
View risk scores directly in Incident Review. See Incident Review in the User Manual.
Run a search from the investigation bar. See Investigation Bar in the User Manual.
Add attachments to your investigation timelines, view full search strings in the investigator journal, and easily add all investigators to a timeline. See Investigation Timelines in the User Manual.
A new use case on identifying zero-day attacks and adding threat indicators to Enterprise Security is available in the Use Cases Manual