Fixed issues for Splunk Enterprise Security

For information on release dates for the major versions of Splunk Enterprise Security, see Software Support Policy page.

Splunk Enterprise Security 7.3.3 was released on February 12, 2025.

This release includes fixes for the following issues:

Date resolved Issue number Description
2025-03-05SOLNESS-45632, SOLNESS-47290ES drilldown could not handle the time value in milliseconds.
2025-01-28SOLNESS-47461ES Investigations Loading Slowly
2025-01-13SOLNESS-47961In ES 7.3.x on Incident Review dashboard, while adding tags the field value associated with each value in the table is showing as undefined
2025-01-13SOLNESS-48285, SOLNESS-47969Threat - Threat List Activity - Rule Search is missing Risk Message
2025-01-09SOLNESS-47324, SOLNESS-40830Security Posture > Top Notable Events drill down not filtering on rule name
2025-01-08SOLNESS-47298, SOLNESS-43346IR Timeline is not editing selected filters even though shows that only those will be edited
2024-12-23SOLNESS-47313, SOLNESS-43069, SOLNESS-49305Incident Review page breaks after Splunk Core upgrade to Python 3.9 module 'time' has no attribute
2024-12-19SOLNESS-47955STIX2 feed download issue with ParserException errors
2024-12-18SOLNESS-47326, SOLNESS-45320Workflow actions are not able to be used correctly from within the incident review dashboard with multi value fields
2024-12-13SOLNESS-47293, SOLNESS-44220, SOLNESS-48006Correlation searches "Threat Activity - Systems Impacted By Multiple Threats" and "Threat Activity - Threats Impacting Multiple Systems" were impacted since modifications to threat match searches updated a field.
2024-12-13SOLNESS-48049, SOLNESS-45992Threat intelligence feed facing download issues with POST configuration errors
2024-12-12SOLNESS-47900, SOLNESS-36603Data Model definition for Identity_Management leads to a bug where DMA summary can't be rebuild
2024-12-12SOLNESS-47332, SOLNESS-434043460846 - New lines and special characters no longer appearing correctly in notable event Next Steps
2024-12-12SOLNESS-45369, SOLNESS-47317Error: Add a disposition other than "Undetermined" to update/close the notable event
2024-12-11SOLNESS-47314, SOLNESS-46276Create Notables page only displays error: Cannot read properties of undefined (reading 'value')

Splunk Enterprise Security 7.3.2 was released on June 11, 2024.

This release includes fixes for the following issues:

Date resolvedIssue numberDescription
2024-11-22SOLNESS-47028Ingesting intelligence file does not extract expected lines thorugh regex rule
2024-05-29SOLNESS-36952, SOLNESS-47316Risk Analysis 'Source' drop-down list results truncated
2024-05-17SOLNESS-43753Fix Clone dashboard bug for sharing cloned dashboard by role sc_admin on CO2
2024-05-14SOLNESS-43726Investigate performance regression in the main search on the Incident Review page.
2024-05-06SOLNESS-43069, SOLNESS-47313Incident Review page breaks after Splunk Core upgrade to Python 3.9 module 'time' has no attribute
2024-05-01SOLNESS-43399Splunk Enterprise Security asset and identity management KV Lookups is broken on Splunk Core version 9.3.0.

Splunk Enterprise Security 7.3.1 was released on March 27, 2024.

This release includes fixes for the following issues:

Date createdIssue numberDescription
2024-03-15SOLNESS-41634IR not applying notable_xref filter from generated URL on ES 7.3
2024-03-07SOLNESS-37062New drill-down searches in the Correlation Editor can show validation errors if they were saved earlier.
2024-02-16SOLNESS-36746, SOLNESS-36748Notable title with non-existent tokens are normalized with "empty strings" in Incident Review page.
2024-02-08SOLNESS-40719Time range settings are not saved successfully on the Incident Review page, irrespective of whether the time range is valid or not.
2024-01-31SOLNESS-32647Saved searches created in the Content Management page with private settings are not displayed.
2024-01-10SOLNESS-40127, SOLNESS-40436Identity Manager with values in the "blacklist" or "blacklist_fields" fields are ignored.
2024-01-09SOLNESS-40066The dialog for suppressing notable events does not open after the first suppression is added on the Incident Review page.
2024-01-09SOLNESS-39996Unable to export custom Analytic Story from Content Management
2024-01-02SOLNESS-31600Using "nobody" as the owner of savedsearches shipped with Splunk Enterprise Security.
2023-12-21SOLNESS-39507Updating notable event actions results in the following error: "The update failed: 'list' object has no attribute 'startswith'"
2023-12-20SOLNESS-39519Saved filters in the Incident Review page results in a blank page after upgrading to version 7.2.
2023-12-13SOLNESS-36590The script 'confcheck_es_bias_language_cleanup' is reported as missing in Splunk Enterprise Security 7.2.0.

Splunk Enterprise Security 7.3.0 was released on December 19, 2023.

This release includes fixes for the following issues:

Column 1Column 2Column 3
2023-11-30SOLNESS-40087In Drilldown Searches, "Latest Offset" UI helper text displays "Earliest Time" instead of "Latest Time".
2023-11-29SOLNESS-38498The Risk Score field is not displayed as a link when you expand the rows in Incident Review and go to Additional Fields.
2023-11-29SOLNESS-36949The handler for managed lookups is slow.
2023-11-28SOLNESS-36801Clicking the

Save

or

Save new filters

twice might cause the Incident Review page page to freeze or remain unresponsive.
2023-11-21SOLNESS-39022No results returned when searching for a notable using the Short ID.
2023-11-14SOLNESS-39506Asset and identity enrichment for "dest" assets causes alignment issue in the Incident Review page.
2023-11-14SOLNESS-38261Unable to filter for events using "event_id=notable_id" in the Incident Review page and getting redirected to default filters.
2023-11-08SOLNESS-36813The threat_match_field value in threat match searches is updated to include the datamodel.
2023-10-23SOLNESS-39223Modular input "confcheck_es_bias_language_cleanup" displays an error after upgrade even when it is disabled.
2023-10-20SOLNESS-38777Error message might be displayed when expanding notables in the Incident Review page.
2023-10-20SOLNESS-36789Uploading and later deleting a threat intelligence management document does not remove the threat intelligence document from threat artifacts.
2023-09-07SOLNESS-32889Creating a correlation search might result in the following error message: "Cannot read properties of undefined (reading 'trim')".

Splunk Enterprise Security 7.2.0 was released on September 6, 2023.

This release includes fixes for the following issues:
Date resolvedIssue numberDescription
2023-09-05SOLNESS-36169The Incident Review page loads entire asset and identity tables into memory.
2023-08-03SOLNESS-35988Macro endpoint links from the General settings in Splunk Enterprise Security results in a broken URL.
2023-07-17SOLNESS-35888Asset and identity data does not merge as expected.
2023-07-10SOLNESS-35485Duplicate risk notables might be created for the same risk object.
2023-06-13SOLNESS-35512, SOLNESS-35031Support for Home Dashboards in ES 7.1.0 and above
2023-05-23SOLNESS-35291Threat Intelligence Framework is not passing the weights of Indicators of Compromise (IOCs).
2023-04-28SOLNESS-35335In Content Management page selecting multiple saved searches and selecting "Enable" or "Disable" causes the entire page to freeze.
2023-04-12SOLNESS-34365Enabling the selection for saved searches breaks the Content Management page.
2023-04-05SOLNESS-34719Performance of Enterprise Security might be impacted if the modular_action_invocations takes too long to run.
2023-04-04SOLNESS-35031, SOLNESS-35512ES Upgrade from 7.0.2 to 7.1.0 broke the Home Dashboard setup for all "rootNode=view"
2023-03-16SOLNESS-35064Search cannot be added to the Splunk Enterprise Security analytic story.
2023-02-28SOLNESS-34979Threatlists might be re-downloaded every 30-60 seconds.