This documentation does not apply to the most recent version of Splunk® Security Essentials.
For documentation on the most recent version, go to the latest release.
What's new in Splunk Security Essentials
The security content delivery endpoint for Splunk Enterprise Security Content Update (ESCU) has been updated to comply with Splunk guidance. If you are using Splunk Security Essentials version 3.7.1 or lower, the last supported ESCU version is 4.22.0. In order to get the latest ESCU version, upgrade Splunk Security Essentials to version 3.8.0. For more information, see What's new in 3.8.0.
This release of Splunk Security Essentials includes the following enhancements.
What's new in 3.7.0
| New Feature or Enhancement | Description |
|---|---|
| Add custom threat group lists and custom technique lists to the MITRE ATT&CK Framework dashboard | Add custom threat group lists or custom technique lists to track your coverage of these threat groups or techniques in Splunk Security Essentials. See Add custom threat group lists to the MITRE ATT&CK Framework dashboard and Add custom technique lists to the MITRE ATT&CK Framework dashboard in the Use Splunk Security Essentials manual. |
| Renamed and reorganized Splunk Security Essentials menu items | Renamed the Security Content tab to Content, Content Introspection to Content Mapping and updated where some dashboards appear in the menus. |
| Replaced words on the data availability dashboard | Replaced "Good" and "Bad" in the Data Availability column with "Available" and "Unavailable". |
| Updated the Add Products modal in data inventory | Updated the Add Products modal in data inventory so that you can add products if automated introspection found products for the data type. Or, if no products are found, you can mark that you have no data present. See Configure the products you have in your environment with the Data Inventory dashboard in the Use Splunk Security Essentials manual. |
| Improved the Content page load time | The Content page now loads up to three times faster. |
| Search for content when content mapping | Added a search box to search for content when content mapping. See Track active content in Splunk Security Essentials using Content Mapping in the Use Splunk Security Essentials manual. |
| Added metrics to the Overview dashboard | Added metrics to see the amount of content enabled or disabled by data source and the amount of content enabled or disabled by originating app. |
| Added uberAgent ESA data to data inventory | You can now search for uberAgent data sources and sourcetypes in Splunk Security Essentials. |
| MITRE ATT&CK parsing, lookups, and auto update | Added parsing and lookups for MITRE ATT&CK Data Source and Detection and MITRE ATT&CK details are now automatically updated. |
| Added more information to ES integration tab in System Configuration | Added more instructions on how to integrate with Splunk Enterprise Security. |
Last modified on 26 March, 2024
| Known issues for Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.0
Download manual
Feedback submitted, thanks!