Known issues for Splunk Enterprise Security
Following are the known issues for this version of Splunk Enterprise Security:
|Date filed||Issue number||Description|
|2021-09-01||SOLNESS-28019||"src" or "dest" fields of Threat Activity events showing as "unknown" even though "threat_match_fields" is "src" or "dest"|
# Navigate to the threat intelligence management page and click on the threat matching tab
|2021-04-29||SOLNESS-26712||Incident review page loads slowly after an upgrade to Splunk Enterprise Security version 6.4 or higher.|
Add a reasonable time period to the
Otherwise, correlation searches that do not create a notable within that time frame cannot be selected as an option in the filters when the Incident Review page loads.
|2021-03-03||SOLNESS-25956||Next Steps for adaptive response actions do not parse correctly in the Incident Review dashboard.|
Enter each of the adaptive response actions on separate lines in the Next Steps field of the Correlation Search editor.
|2021-01-04||SOLNESS-25051||Asset and Identity Framework: Unable to "delete" from assets / identites lookup tabs|
|2020-12-03||SOLNESS-24926||Threat Intelligence Framework: Setting SPLUNK_DB triggers this error: ValueError: Illegal escape from parent directory "/opt/splunk": /splunkdata/modinputs/threatlist|
Contact support for single line update to threatlist.py
|2020-12-01||SOLNESS-24869||Incident Review: Correlation search list limited to 100 results|
|2020-11-23||SOLNESS-24825||Risk Framework: risk_factors_rest_hander.update_datamodel assumes calculated_risk_score field|
|2020-11-20||SOLNESS-24809||Errors in Risk Analysis Dashboard after ES upgrade|
Local overrides to the Risk datamodel occurring prior to 6.3.0 will be missing the calculated_risk_score field. It is recommended to remove the locally overridden Risk.json datamodel such that the shipped default can take over.
|2019-03-15||SOLNESS-18377, SPL-167855||Workbench: custom visualizations don't work in workbench|
Fixed issues for Splunk Enterprise Security
How to find answers and get help with Splunk Enterprise Security
This documentation applies to the following versions of Splunk® Enterprise Security: 6.4.0