What's new in the Splunk Add-on for Splunk Attack Analyzer
This release of the Splunk Add-on for Splunk Attack Analyzer includes the following enhancements.
Compatibility
This app is compatible with Splunk Enterprise 9.0.x or higher and Splunk Cloud Platform. For product details, see Splunk Enterprise and Splunk Cloud Platform.
This app is also compatible with Splunk Enterprise Security 7.2.0 and higher, but the compatibility with Splunk Enterprise Security only applies to the Submit URL to Attack Analyzer adaptive response action.
What's New in 1.2.0
| New Feature or Enhancement | Description |
|---|---|
| Improved forensic events | In some forensic events, the ResourceTaskReferences field contains references to Job resources and tasks with a numeric index, which could not be joined with the corresponding Job resource and task events. In the updated version, the resolved Resource and Task IDs are provided. |
| Improved configuration experience | When setting up a new connection on the Configuration tab, credentials are now validated before saving the connection. Additional validation of the API URL was also added to help prevent misconfiguration. |
| Dark theme support | The configuration pages now respect the theme preferences of the user. This includes a dark theme option. |
| Review in SAA - Workflow action for custom fields in Splunk Enterprise Security Incident Review | A new workflow action was added for the JobID, saa_job_id, and SAA_JOB_ID fields to allow you to easily pivot to Splunk Attack Analyzer. |
What's New in 1.2.1
This release of the Splunk Add-on for Splunk Attack Analyzer includes no new enhancements or known or fixed issues.