Splunk® Enterprise Security

Release Notes

Splunk Enterprise Security version 4.2.x is available only to Splunk Cloud subscribers.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Release Notes for Splunk Enterprise Security

What's New

  • Version 4.2.2 of Splunk Enterprise Security requires a Splunk Cloud infrastructure running on Splunk platform version 6.4.x through 6.5.x.
  • Added support for creating search-driven lookups, including a UI and a search building wizard. See Search-driven lookups in the User Manual.
  • Added a new dashboard for auditing modular alert actions. See Modular Action Center in the User Manual.

Add-ons

Deprecated features

  • The search command globedistance.py was replaced with the macro `globedistance` that uses eval search command functions. The globedistance.py command will be removed in a future release.
  • The threat intelligence sources MaxMind GeoIP ASN IPv4 Database and MaxMind GeoIP ASN IPv6 Database have been removed from ES. If these sources are enabled, the upgrade process will ignore them and proceed normally. If you want to continue to utilize the MaxMind sources, it is recommended that you migrate the inputs to a custom app.
  • The supporting script getdatebucket.py was removed from the SA-ThreatIntelligence app.
  • The alert action Include in RSS feed is deprecated and will be removed in a future version of Splunk ES. Correlation searches currently configured to include alerts in RSS feeds will continue to send alerts to RSS feeds in this version.
Last modified on 24 September, 2018
  Fixed issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.2.2 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters