Limitations

Following are some of the limitations in Splunk Enterprise Security version 8.0:

• You can't pair Splunk SOAR with Splunk Enterprise Security or run playbooks if you are on the on-premise version of Splunk Enterprise Security 8.0.
• Splunk Enterprise Security version 8.0 supports search head clustering only on Linux operating systems. On Windows, Splunk Enterprise Security 8.0 is supported only on standalone systems.
• Incident Review row expansion is no longer available. Use the side panel view to review information on findings and investigations.
• The Investigation bar, Investigation Workbench, and Investigation dashboard from the Splunk Enterprise Security user interface (UI) is replaced by the Mission Control UI. Data from Mission Control incidents are migrated to Splunk Enterprise Security version 8.0.

  Data from Splunk Enterprise Security from versions 7.3.2 or prior are not migrated to investigations in Splunk Enterprise Security version 8.0.

• Sequence templates are no longer available in Splunk Enterprise Security 8.0.
• Service level agreements (SLAs) and role-based incident type filtering is not available in Splunk Enterprise Security 8.0.
• Splunk Enterprise Security version 8.0 has no accompanying release of Splunk app for PCI Compliance.
• You can only select all findings from a single page instead of selecting all findings from every page using the Select all option.
• Adaptive response actions are not available for investigations.
• The Comments feature available in prior versions of Splunk Enterprise Security is now replaced by an enhanced capability to add notes.

  Splunk Enterprise Security does not support the ability to enforce a note when editing a feature or investigation.

• If you customized your navigation bar in previous versions of Splunk Enterprise Security, you need to reset it in order to see the new navigation bar pages for version 8.0.0.