What's new in Splunk Security Essentials
The security content delivery endpoint for Splunk Enterprise Security Content Update (ESCU) has been updated to comply with Splunk guidance. If you are using Splunk Security Essentials version 3.7.1 or lower, the last supported ESCU version is 4.22.0. In order to get the latest ESCU version, upgrade Splunk Security Essentials to version 3.8.0. For more information, see What's new in 3.8.0.
This release of Splunk Security Essentials includes the following enhancements.
What's new in 3.5.0
New Feature or Enhancement | Description |
---|---|
Snapshot feature renaming | The Snapshot feature has been renamed to Backup and Restore. |
Updated Splunk Phantom references | Splunk Phantom references in Splunk Security Essentials now reflect the new name, Splunk SOAR. |
MITRE ATT&CK Matrix improvements | Performance improvements for the MITRE ATT&CK Matrix. |
Improvements to the datasource autodetect feature | When you manually add custom content or use the Content Introspection feature to add custom content, the correct data source is automatically attached to the custom content. |
Data source updates | Added support for many data models in the latest 5.0.0 version of the Splunk Common Information Model (CIM) app. |
Better support for Splunk Enterprise Security Annotations when adding Custom Content | When custom content is manually or automatically created, the annotations in Splunk Enterprise Security are automatically mapped to the corresponding fields in Splunk Security Essentials. The data source is also now automatically detected. |
Python update | Splunk Security Essentials now only uses Python 3. |
Content accessible without internet | The most updated content is now accessible in the app for those that do not have an active internet connection. |
Known issues for Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.5.0
Feedback submitted, thanks!