This documentation does not apply to the most recent version of Splunk® Security Essentials.
For documentation on the most recent version, go to the latest release.
What's new in Splunk Security Essentials
The security content delivery endpoint for Splunk Enterprise Security Content Update (ESCU) has been updated to comply with Splunk guidance. If you are using Splunk Security Essentials version 3.7.1 or lower, the last supported ESCU version is 4.22.0. In order to get the latest ESCU version, upgrade Splunk Security Essentials to version 3.8.0. For more information, see What's new in 3.8.0.
This release of Splunk Security Essentials includes the following enhancements.
What's new in 3.7.1
| New Feature or Enhancement | Description |
|---|---|
| Total active count improvements on the MITRE ATT&CK Framework dashboard | The tooltip count calculation on the MITRE ATT&CK Framework dashboard has changed so that it includes the total of all sub-techniques in the technique cell. This can make it easier to find cells with content in the sub-technique cells. See Available Content in Use Splunk Security Essentials. |
| Custom Content dashboard enhancement | The Custom Content dashboard now supports multi-select for the category field. See Create custom content from third-party applications in Use Splunk Security Essentials. |
| Removal of biased language | As part of an ongoing process, user-interface mentions of the terms "blacklist", "whitelist", "master", and "slave" are changed as follows:
For more information, see Biased Language Has No Place in Tech. |
| Added support for new data sources | Added support for new data sources including Amazon Security Lake. |
Last modified on 26 March, 2024
| Known issues for Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1
Download manual
Feedback submitted, thanks!