Splunk® Enterprise Security

Release Notes

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Known issues for Splunk Enterprise Security

Splunk Enterprise Security 7.1.0 was released on January 11, 2023. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.

This release includes the following known issues.


Date filed Issue number Description
2023-03-07 SOLNESS-35073 Regression of SOLNESS-28926 - Editing risk factors with a custom user with the edit_risk_factors permission shows an error

Workaround:
Edit etc/apps/SA-ThreatIntelligence/metadata/local.meta and add write permissions for your user under the risk_factors and datamodels/Risk stanzas:

{noformat}[risk_factors] 

access = read : [ * ], write : [ admin, my_user ]

[datamodels/Risk] access = read : [ * ], write : [ admin, my_user ]{noformat}

2023-02-27 SOLNESS-35022 Udf page loading needs to account for the fact customer could turn off all write permissions

Workaround:
Customer can add a write permission in effected app (SplunkEnterpriseSecurity suite) to any role to cause api response to have "write" in its response.
2023-02-14 SOLNESS-34918 "Threat - Correlation Searches - Lookup Gen" requests all fields from /saved/searches endpoint
2023-02-08 SOLNESS-34842 "Learn more" link on UDF modal points to wrong location

Workaround:
Customer should create a support ticket and TO can remove the copies of simpleXML definitions from local folder as per these instructions - [1] .
2023-02-07 SOLNESS-34766 User with role sc_admin unable to edit UDF dashboards

Workaround:
To enable editing UDF dashboard for non admin users (like sc_admin) in Enterprise Security, do the following.
  1. On the Splunk Enterprise menu bar, select *Settings > Knowledge > User Interface*.
  2. Click *Views*.
  3. Search for the dashboard you want to edit. Example: *ess_security_posture*.
  4. Click *permissions* for the view
  5. Select *sc_admin* under the *Write*
  6. Click *Save*.
  7. Now you can load the dashboard page and edit the definition.
2023-01-11 SOLNESS-34429 Initial values for the Urgency field in Incident Review shows as 'unknown' until it gets re-rendered.

Workaround:
Users can hover over affected rows or click any checkbox on the table to re-render entire table which refreshes + shows values properly.
2023-01-10 SOLNESS-34381, SOLNESS-34324 Risk Events Timeline might not display contributing risk events for risk notables when changes are made to CIM entity zones or the A&I framework.

Workaround:
Use the risk_object or the all_risk_objects fields in the risk notable event and run a search on the risk data model to view the data that would populate the risk notable.
2023-01-09 SOLNESS-34351 LinkGraph (Threat-Topology) unable to render special characters.

Workaround:
The special characters are replaced by underscore character to allow rendering threat-topology viz
2022-02-07 SOLNESS-34215 Recent risk modifiers drill down show no results after five minutes.
Last modified on 08 March, 2023
PREVIOUS
Fixed issues for Splunk Enterprise Security 		  NEXT
How to find answers and get help with Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters