Splunk® Enterprise Security

Release Notes

Limitations

Following are some of the limitations in Splunk Enterprise Security version 8.0:

  • You can't pair Splunk SOAR with Splunk Enterprise Security or run playbooks if you are on the on-premise version of Splunk Enterprise Security 8.0.
  • Splunk Enterprise Security version 8.0 supports search head clustering only on Linux operating systems. On Windows, Splunk Enterprise Security 8.0 is supported only on standalone systems.
  • Incident Review row expansion is no longer available. Use the side panel view to review information on findings and investigations.
  • The Investigation bar, Investigation Workbench, and Investigation dashboard from the Splunk Enterprise Security user interface (UI) is replaced by the Mission Control UI. Data from Mission Control incidents are migrated to Splunk Enterprise Security version 8.0. See Migrating Splunk Mission Control incident data to Splunk Enterprise Security 8.0
  • Investigation data from Splunk Enterprise Security versions 7.3.2 or prior are not migrated to investigations in Splunk Enterprise Security version 8.0.

    To save archives of your investigation data, back up and restore your existing Splunk Enterprise Security instance.

  • Sequence templates are no longer available in Splunk Enterprise Security 8.0.
  • Service level agreements (SLAs) and role-based incident type filtering is not available in Splunk Enterprise Security 8.0.
  • Splunk Enterprise Security version 8.0 has no accompanying release of Splunk app for PCI Compliance.
  • You can only select all findings from a single page instead of selecting all findings from every page using the Select all option.
  • Adaptive response actions are not available for investigations.
  • The Comments feature available in prior versions of Splunk Enterprise Security is now replaced by an enhanced capability to add notes.

    Splunk Enterprise Security does not support the ability to enforce a note when editing a feature or investigation.

  • If you customized your navigation bar in previous versions of Splunk Enterprise Security, you need to reset it in order to see the new navigation bar pages for version 8.0.0.
Last modified on 26 November, 2024
Known Issues   Compatibility matrix

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters