Splunk Enterprise Security version 4.2.x is available only to Splunk Cloud subscribers.
This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Release Notes for Splunk Enterprise Security
What's New
- Version 4.2.1 of Splunk Enterprise Security requires a Splunk Cloud infrastructure running on Splunk platform version 6.4.x through 6.5.x.
- Added support for creating search-driven lookups, including a UI and a search building wizard. See Search-driven lookups in the User Manual.
- Added a new dashboard for auditing modular alert actions. See Modular Action Center in the User Manual.
Add-ons
- The Common Information Model Add-on is updated to version 4.5.0.
Deprecated features
- The search command
globedistance.pywas replaced with the macro`globedistance`that uses eval search command functions. Theglobedistance.pycommand will be removed in a future release. - The threat intelligence sources MaxMind GeoIP ASN IPv4 Database and MaxMind GeoIP ASN IPv6 Database have been removed from ES. If these sources are enabled, the upgrade process will ignore them and proceed normally. If you want to continue to utilize the MaxMind sources, it is recommended that you migrate the inputs to a custom app.
- The supporting script
getdatebucket.pywas removed from theSA-ThreatIntelligenceapp. - The alert action Include in RSS feed is deprecated and will be removed in a future version of Splunk ES. Correlation searches currently configured to include alerts in RSS feeds will continue to send alerts to RSS feeds in this version.
Last modified on 02 October, 2016
| Fixed issues for Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.2.1 Cloud only
Download manual
Feedback submitted, thanks!