This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Known issues for Splunk Enterprise Security
Splunk Enterprise Security 7.3.1 was released on March 27, 2024. For more information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.
This release includes the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2024-09-19 | SOLNESS-47028 | Ingesting intelligence file does not extract expected lines thorugh regex rule |
| 2024-08-08 | SOLNESS-46276, SOLNESS-47314 | Create Notables page only displays error: Cannot read properties of undefined (reading 'value') |
| 2024-06-05 | SOLNESS-44563, SOLNESS-47320 | Displays "Action Forbidden" errors in the Security Posture dashboard for SAML authenticated users. |
| 2024-05-08 | SOLNESS-43753 | Fix Clone dashboard bug for sharing cloned dashboard by role sc_admin on CO2 |
| 2024-04-25 | SOLNESS-43458, SOLNESS-47295 | Notable Event Suppression Descriptions not saving after entering illegal characters in title name |
| 2024-04-19 | SOLNESS-43346, SOLNESS-47298, BLUERIDGE-12191 | IR Timeline is not editing selected filters even though shows that only those will be edited Workaround: Manual and slow Increase the number of results in the IR dashboard to 100. Use the ckebox at the top to selected all the viewable notable in the page Edit the "selected Events" to change all of these 100s in bulk |
| 2024-04-16 | SOLNESS-43255 | Hovering over "Add Selected to Investigation" on the Incident review dashboard displays the message: "You do not have permissions to edit notable events". Workaround: No workaround. |
| 2024-04-15 | SOLNESS-43210 | notable adaptive response action - "Next Steps" - URL action is not properly redirecting with multiple query parameters. Workaround: N/A |
| 2024-04-05 | SOLNESS-43069, SOLNESS-47313 | Incident Review page breaks after Splunk Core upgrade to Python 3.9 module 'time' has no attribute |
| 2024-02-06 | SOLNESS-40942 | IR page stuck in Updating after user with ess_analyst role updates notables. |
| 2024-01-12 | SOLNESS-40632 | Discrepancy in the notable events timeline visualization. Workaround: No workaround |
| 2023-08-16 | SOLNESS-36952, SOLNESS-47316 | Risk Analysis 'Source' drop-down list results truncated Workaround: Searches appear in alphabetical order. To move important searches to the top of the list, rename them to appear earlier in the alphabet. For example, add "AAA -" to the beginning of the search name. |
| 2023-08-08 | SOLNESS-36864 | Timeline on Incident Review page: Cannot zoom in by double clicking |
| 2023-07-27 | SOLNESS-36731 | Timeline on Incident Review page: Cannot activate or deactivate timeline buttons |
| 2023-07-25 | SOLNESS-36660 | Timeline on Incident Review page: Cannot zoom in on a selection of < 1 minute |
| 2023-07-18 | SOLNESS-36563 | Timeline on Incident Review page: cannot select a bar that was previously deselected Workaround: Select, then deselect, a different bar. Then select the bar that you originally wanted to select. |
| 2023-04-12 | SOLNESS-35433, SOLNESS-47334 | Events viewer component: Tags not displayed if there are more than 30 tags Workaround: To view relevant tags, if any, select each individual field value. |
Last modified on 13 November, 2024
| Fixed issues for Splunk Enterprise Security | How to find answers and get help with Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.3.1
Download manual
Feedback submitted, thanks!