
Known issues for Splunk Enterprise Security
Splunk Enterprise Security 7.0.2 was released on October 5, 2022. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.
This release includes the following known issues.
Date filed | Issue number | Description |
---|---|---|
2023-02-22 | SOLNESS-34979 | Threatlists might be re-downloaded every 30-60 seconds. |
2023-01-27 | SOLNESS-34582 | Update the language for field and field description in Correlation Search Editor. |
2022-12-28 | SOLNESS-34278 | Failed to clone search - ES 7.0.2 |
2022-12-19 | SOLNESS-34219 | Workflow action on ES does not populate the $field$ in Incident Review. |
2022-12-16 | SOLNESS-34200 | Workflow actions do not work as expected. |
2022-12-15 | SOLNESS-34193 | Content Management does not show "Search and Reporting" app in ES 7.0.2 and 7.1. Workaround: None |
2022-12-06 | SOLNESS-33999 | Classic Content Management page stuck at "Loading" |
2022-11-17 | SOLNESS-33744 | The eventtype website_watchlist does not exist or is disabled due to empty searches in the default eventtypes from DA-ESS-NetworkProtection.Workaround: *As a workaround, one can disable the eventtypes locally and set a pseudo value for the search: (altrhough only disabling the eventtypes should be necessary)*
[website_watchlist] search = noop DA-ESS-NetworkProtection/local/tags.conf [eventtype=website_watchlist] watchlist = disabled web_watchlist = disabled{noformat}
|
2022-10-31 | SOLNESS-33301 | The collectrisk.py generates risk events that duplicate the origin event. |
2022-10-03 | SOLNESS-32865 | Upgrade "All Investigations" list in Investigation bar uses React instead of the "swc bootstrap" dropdown. |
2022-09-23 | SOLNESS-32806, SOLNESS-32822 | Visual differences seen in the UI while performing Splunk 9.0.2208.2 sanity testing. |
2022-09-21 | SOLNESS-32798 | Special character handling issues for risk objects in Incident Review. Workaround: If a correlation search is handling special characters incorrectly, then the drill-down search within the notable under Adaptive Response Actions must be updated. Change the tokenized value that is wrapped in quotes by removing the quotes and adding the correct token filter, in this case '|s'. For example, within the correlation search: "Risk Threshold Exceeded For Object Over 24 Hour Period", update the risk object within the Adaptive Response Action Drill-down search for the notable. Change the risk object in the SPL from Template:Risk object="$risk object$" to {{risk_object=$risk_object|s$}}. |
2022-09-14 | SOLNESS-32647 | Saved searches created in Content Management with private settings are not displayed on the Content Management page in Splunk Enterprise Security. |
2022-09-14 | SOLNESS-32650 | Clicking on a risk factor in the Content Management always displays the first risk factor. |
2022-09-14 | SOLNESS-32646 | Saved searches in Content Management can be enabled or disabled with a bulk update but not using the Actions column. |
2022-08-11 | SOLNESS-32131 | Unable to edit lookup files in Splunk Enterprise Security using Content Management. |
2022-06-24 | SOLNESS-31447 | Workflow actions for Incident Review open in a new window for an open search in the current window where the setting for type is "search in event_menu". |
2022-03-01 | SOLNESS-30155 | Make Contributing Events Link always work in Risk Event Timeline |
2022-01-31 | SOLNESS-29825 | Short IDs created before upgrading to ES 7.0 do not show up in Incident Review even though the Short ID is in the notable_xref_lookup .Workaround: When you upgrade Splunk Enterprise Security to versions 7.0.0 or higher, the short IDs for notables that were created prior to the upgrade are not displayed on the Incident Review page. However, you can recreate all the short IDs that were available prior to the upgrade. |
PREVIOUS Fixed issues for Splunk Enterprise Security |
NEXT How to find answers and get help with Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.2
Feedback submitted, thanks!