Splunk® Security Essentials

Release Notes

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

What's new in Splunk Security Essentials

The security content delivery endpoint for Splunk Enterprise Security Content Update (ESCU) has been updated to comply with Splunk guidance. If you are using Splunk Security Essentials version 3.7.1 or lower, the last supported ESCU version is 4.22.0. In order to get the latest ESCU version, upgrade Splunk Security Essentials to version 3.8.0. For more information, see What's new in 3.8.0.

This release of Splunk Security Essentials includes the following enhancements.

What's new in 3.6.0

New Feature or Enhancement Description
Create custom content from third-party applications Create custom content from third party applications to better manage your security content all in one place and find any gaps in coverage. See Create custom content from third-party applications in the Use Splunk Security Essentials manual.
Filter content based on the originating app Filter content on the Security Content page and on the the MITRE ATT&CK Framework dashboard based on what application it originated from. View which tactics, techniques, and threat groups are covered by which app on the MITRE ATT&CK Framework dashboard. See The MITRE ATT&CK Framework dashboard and Review your content with the Security Content page in the Use Splunk Security Essentials manual.
Investigate Analytic Stories Use the Analytic Stories dashboard in Splunk Security Essentials. Analytic Stories provide actionable guidance for detecting, analyzing, and addressing security threats. See Use Analytic Stories for actionable guidance in Splunk Security Essentials in the Use Splunk Security Essentials manual.
Filter content based on risk and threat Use two new filters to quickly review content based on its risk or threat. See Review your content with the Security Content page in the Use Splunk Security Essentials manual. This feature improves support for risk-based alerting in Splunk Security Essentials.
View fields for risk-based alerting in Known False Positives New fields for reviewing risk-based alerting are visible in Known False Positives:


  • Risk Objects
  • Threat Objects
  • Risk Score
  • Risk Message

See Review your content with the Security Content page in the Use Splunk Security Essentials manual. This feature improves support for risk-based alerting in Splunk Security Essentials.

See an overview of your data inventory The Data Inventory Overview dashboard allows you to see information about your data inventory at a glance such as Data Sources Observed, Data Source Categories with Data Observed, Products with Data Observed, and Products by Data Source. See See an overview of your data inventory in the Use Splunk Security Essentials manual.
Find content to use in your ransomware defense with the Ransomware Content Browser Plan your ransomware defense by viewing a visualization of the lifecycle of a ransomware attack and then using the Ransomware Content List to find content to protect against a ransomware attack. See Find content to use in your ransomware defense with the Ransomware Content Browser in the Use Splunk Security Essentials manual.
Last modified on 26 March, 2024
  Known issues for Splunk Security Essentials

This documentation applies to the following versions of Splunk® Security Essentials: 3.6.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters