Splunk® Enterprise Security

Release Notes

Fixed issues

Date resolved Issue number Description
2025-04-16 SOLNESS-49939, SOLNESS-50415, SOLNESS-50442 Risk values assigned to fields in a detection overwrites risk values assigned using SPL in the same detection.
2025-04-02 SOLNESS-49936 Saving event-based detections causes errors when a new detection is created or edited using a custom domain.
2025-04-01 SOLNESS-49982 The root_endpoint does not work for all configurations (ess_configuration) page when you upgrade from ES v7.3.2 to v8.0.2.
2025-03-24 SOLNESS-48316, SOLNESS-48522 Max_size error occurs for threat input source : Feed discarded despite adjusted settings.
2025-03-04 SOLNESS-49775 Update got to the latest version to remediate CVE-2022-33987.
2025-02-26 SOLNESS-49668 Skip migration script for private searches.
2025-02-20 SOLNESS-49522 Findings can be created even if the entity entered in the UI doesn't match the fields in the search.
2025-02-14 SOLNESS-47198 Severity incorrectly mapped as "Unknown" instead of "High" in the Analyst Queue for a detection that is upgraded when only the finding adaptive response action is configured.
2025-01-28 SOLNESS-44263, SOLNESS-44278 No validation when you select Configurations, then select General Settings, and select Analyst capacity.
2025-01-22 SOLNESS-47689 Leading space added to a detection field with multiline (line breaks) text input when versioning is turned on for the first time.
2025-01-10 SOLNESS-48753 Executive Summary dashboard not displaying values for Mean time to triage and Mean time to resolution.
2025-01-06 SOLNESS-48006, SOLNESS-47293 D for 8.1.0 Fix - Correlation searches "Threat Activity - Systems Impacted By Multiple Threats" and "Threat Activity - Threats Impacting Multiple Systems" were impacted since modifications to threat match searches updated a field.
2024-12-19 SOLNESS-47413 Sorting on the Status column in Content Management doesn't work.
2024-12-11 SOLNESS-48403 Mission Control Build Version is not fetched dynamically for upgrade testing on different cloud environments.
2024-11-26 SOLNESS-47625 Detection Versioning can't save a duplicate version.
2024-11-25 SOLNESS-47420 Detections Editor allows you to leave the page while there are unsaved changes.
2024-11-22 SOLNESS-47028 Ingesting intelligence file does not extract expected lines using the regex rule.
2024-11-15 SOLNESS-47124, BLUERIDGE-12923, SOLNESS-47415 Error message appears when severity is selected as "Unknown" from the available dropdown options.
Date resolved Issue number Description
2025-05-14 BLUERIDGE-16077, BLUERIDGE-15433, BLUERIDGE-16189 Reflect the MC note created_time/updated_time on findings' update_time
2025-04-30 BLUERIDGE-16006, BLUERIDGE-15855 Wrong id sent while bulk update Assign to me for a finding
2025-04-29 BLUERIDGE-13527 Some workflow actions on the side-panel intermittently don't work after you have opened and investigation and go back to AQ without selecting another side-panel
2025-04-29 BLUERIDGE-15433, BLUERIDGE-16077 Last updated field shows N/A after reloading
2025-04-28 BLUERIDGE-15899 Large number of tokens generated during mc soar allowlist validation
2025-04-25 BLUERIDGE-15218 IR Table field "label1" got changed to "Destination" after Upgrade
2025-04-23 BLUERIDGE-12231 The usernames in nested findings do not use the account real-names (unlike the search results)
2025-04-14 BLUERIDGE-15833, MCHELP-548, BLUERIDGE-17038 `All Time` range when drilldown search clicked too fast
2025-04-14 BLUERIDGE-15855, BLUERIDGE-16006 AQ now showing errors and performs optimistic update event when bulk update fails
2025-04-10 BLUERIDGE-15832 Pagination Does Not Reset When Applying New Filters on AQ Table
2025-03-19 BLUERIDGE-13359, BLUERIDGE-11468 Legacy URL parameters are not handled correctly in Analyst Queue (those that start with with "form.")
2025-03-18 BLUERIDGE-15505 SidePanel breaks for findings with variable called `comment`
2025-03-17 BLUERIDGE-15531 MC Title Column Filter only searches Findings and not Investigations
2025-03-11 BLUERIDGE-15515, MCHELP-521 After upgrade of Enterprise Security (ES) to ES 8.0.2, customer's Incident Review (Analyst Queue) filters are broken
2025-03-03 BLUERIDGE-13526 Embedded workbench field action shows on the investigation details page without being requested
2025-02-27 BLUERIDGE-12221 Selecting a time-range on Analyst Queue by clicking the timeline can cause recent changes to findings to appear to be reverted
2025-02-07 BLUERIDGE-14236 Front end checks as part of PO automation.
Date resolved Issue number Description
2025-04-17 SINT-7432 Cloning MITRE is blocked in the UI for several back releases.

See also

For fixed issues in Splunk SOAR (Cloud), see Fixed issues for Splunk SOAR (Cloud).

Last modified on 18 June, 2025
Release notes for Splunk Enterprise Security   Known Issues

This documentation applies to the following versions of Splunk® Enterprise Security: 8.1.0

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters