Splunk® Security Essentials

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

What's new in Splunk Security Essentials

The security content delivery endpoint for Splunk Enterprise Security Content Update (ESCU) has been updated to comply with Splunk guidance. If you are using Splunk Security Essentials version 3.7.1 or lower, the last supported ESCU version is 4.22.0. In order to get the latest ESCU version, upgrade Splunk Security Essentials to version 3.8.0. For more information, see What's new in 3.8.0.

This release of Splunk Security Essentials includes the following enhancements.

What's new in 3.4.0

This release of Splunk Security Essentials includes the following enhancements:

New Feature or Enhancement Description
MITRE ATT&CK Framework dashboard enhancements
  • You can group the MITRE ATT&CK threat group filter by industry and you can now filter based on techniques that have three or more threat groups associated with them, techniques with content, bookmarked content, or threat group selection.
  • Numbers are shown by certain techniques to indicate how many threat groups are associated with each technique.
  • You can bookmark your filters to come back to later, and filter based on your bookmarks.
  • You can filter by index and sourcetype on the Chart View, Radar View, Sankey View and Security Journey View.

See The MITRE ATT&CK Framework Dashboard in the Use Splunk Security Essentials manual.

Custom content cards are automatically created The correlation searches in your environment are now automatically imported into Splunk Security Essentials as custom content. This means you will see your content on the MITRE ATT&CK Matrix in the Analytic Advisor with minimum input. See Track active content in Splunk Security Essentials using content introspection in the Use Splunk Security Essentials manual.
Correlation searches mapped to custom content in Splunk Security Essentials update automatically Every five minutes, Splunk Security Essentials checks for changes to the description, search string, or annotations in Splunk Enterprise Security and automatically makes those updates in Splunk Security Essentials.
New default products are detected when you run Data Inventory There is now better support for Salesforce, Zscaler, Orca, Dtex, Zeek, various Azure, Google, and AWS data sources, and many databases.
Set Up menu Use the new Set Up menu to review and complete the steps needed to set up Splunk Security Essentials. See Configure Splunk Security Essentials in the Use Splunk Security Essentials manual.
Recommended add-ons On the Security Content page, add-ons that you need to configure to make a detection work are now recommended and linked to from the detection.
Last modified on 26 March, 2024
  NEXT
Known issues for Splunk Security Essentials

This documentation applies to the following versions of Splunk® Security Essentials: 3.4.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters