Splunk® Enterprise Security

Release Notes

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Fixed issues for Splunk Enterprise Security

Splunk Enterprise Security 7.1.0 was released on January 11, 2023. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.

This release includes fixes for the following issues:


Date resolved Issue number Description
2023-01-11 SOLNESS-30749 Excessively large threat intelligence sources are not ingested by the Splunk Enterprise Security Threat Intelligence framework.
2023-01-11 SOLNESS-32604 Incident Review doesn't send "search" workflow actions to Search page
2023-01-11 SOLNESS-30750 Some portion of UI renders white in ES dark mode
2023-01-11 SOLNESS-33999 Classic Content Management page stuck at "Loading"
2022-12-19 SOLNESS-34193 Content Management does not show "Search and Reporting" app in ES 7.0.2 and 7.1.
2022-12-09 SOLNESS-32782 DA-ESS-AccessProtection searches "Change - Account Lockouts" and "Change - Number Of Account Lockouts" must use All_Changes.action instead of All_Changes.result.
2022-12-06 SOLNESS-33744 The eventtype website_watchlist does not exist or is disabled due to empty searches in the default eventtypes from DA-ESS-NetworkProtection.
2022-11-29 SOLNESS-33301 The collectrisk.py generates risk events that duplicate the origin event.
2022-11-23 SOLNESS-33486 Identity investigator dashboard not filtering_escaping mydomain/username
2022-10-31 SOLNESS-32131 Unable to edit lookup files in Splunk Enterprise Security using Content Management.
2022-10-13 SOLNESS-32886 Use original time as the basis for the risk event timeline while using risk based alerting in Splunk Enterprise Security.
2022-10-13 SOLNESS-32798 Special character handling issues for risk objects in Incident Review.
2022-10-10 SOLNESS-29283 The stix parser in threat intelligence doesn't detect indicators or observables in "report" objects.
2022-10-04 SOLNESS-31605, SOLNESS-32641 Lookups must have maximum size limit specified in threatlist.py.
2022-09-30 SOLNESS-32650 Clicking on a risk factor in the Content Management always displays the first risk factor.
2022-08-09 SOLNESS-31447 Workflow actions for Incident Review open in a new window for an open search in the current window where the setting for type is "search in event_menu".
2021-12-07 SOLNESS-28141 Incident Review - Event Attributes, add new field does not contain a "Save" or "Add" option, just edit.
Last modified on 08 September, 2023
Release notes for Splunk Enterprise Security   Known issues for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters