Release Notes for Splunk Enterprise Security
- Version 4.1.3 of Splunk Enterprise Security adds support for Splunk platform version 6.5.x. This version of Splunk Enterprise Security requires Splunk software version 6.3.3 through 6.5.x. See Splunk Enterprise system requirements in the Installation and Upgrade Manual.
- View UBA anomalies on a dedicated dashboard and as a swim lane on the Asset and Identity Investigator dashboards in Splunk Enterprise Security. Anomalies also contribute to asset and identity risk scores. See Analyze Splunk UBA threats and anomalies in Splunk ES in the User Manual
- Facebook ThreatExchange is available as a new source for threat intelligence. See About the Splunk Add-on for Facebook ThreatExchange in Splunk Add-on for Facebook ThreatExchange.
- View risk scores directly in Incident Review. See Incident Review in the User Manual.
- Run a search from the investigation bar. See Investigation Bar in the User Manual.
- Add attachments to your investigation timelines, view full search strings in the investigator journal, and easily add all investigators to a timeline. See Investigation Timelines in the User Manual.
- A new use case on identifying zero-day attacks and adding threat indicators to Enterprise Security is available in the Use Cases Manual
- The Common Information Model Add-on is updated to version 4.4.0.
- TA-websense is replaced with the Splunk Add-on for Websense Content Gateway.
- TA-rsa is replaced with the Splunk Add-on for RSA SecurID.
- This version of Splunk Enterprise Security no longer uses autolinker.js.
- This version of Splunk Enterprise Security no longer uses marked.
Fixed issues for Splunk Enterprise Security
This documentation applies to the following versions of Splunk® Enterprise Security: 4.1.3