Compatibility and regional availability
Splunk Enterprise Security version 8.x is compatible with Splunk Enterprise (on-premises) version 9.2.0 and higher.
Splunk Enterprise Security 8.x is FedRAMP High compliant. FedRAMP Moderate meets Federal Information Processing Standard (FIPS) 199 Moderate Impact Level standards and Splunk Enterprise Security 8.x FedRAMP High meets Federal Information Processing Standard (FIPS) 199 High Impact Level standards. For current compliance information, see Compliance at Splunk.
For more information on the compatibility of Splunk Enterprise Security with Splunk Platform, Splunk IT Service Intelligence (ITSI), and Splunk IT Essentials (ITE) Work, see Splunk products version compatibility matrix.
Splunk SOAR compatibility
Splunk SOAR pairs with Splunk Enterprise Security to let users run actions, run playbooks, and review automation history in Splunk Enterprise Security.
Splunk Enterprise Security Premier Edition
The following versions of Splunk SOAR are compatible with the current version of Splunk Enterprise Security Premier Edition:
|
Splunk Enterprise Security deployment type |
Compatible version of Splunk SOAR (Cloud) |
Compatible version of Splunk SOAR (On-premises) |
|---|---|---|
|
Cloud versions 8.2 and higher |
6.4.1 and higher (AWS-AWS) |
--- |
|
On-premises versions 8.3 and higher |
--- |
7.1.0 and higher (including clustering; warm standby; backup and restore*) |
* Pairing Splunk Enterprise Security with multi-tenant Splunk SOAR (On-premises) deployments is not supported.
Splunk Enterprise Security paired with Splunk SOAR
The following versions of Splunk SOAR are compatible with this version of Splunk Enterprise Security:
|
Splunk Enterprise Security deployment type |
Compatible version of Splunk SOAR (Cloud) |
Compatible version of Splunk SOAR (On-premises) |
|---|---|---|
|
Cloud version 8.5 |
7.2.0 and higher (AWS-AWS, GCP-GCP) 6.3.0 - 7.1.0 (AWS-AWS only) |
8.5.0 and higher (standalone or clustering*) 7.0.0 - 8.4.0 (standalone only) 7.0.0 - 8.4.0 (standalone only)
Note:
Hybrid pairing requires SSL certificates signed by a Public Certificate Authority (CA). Hybrid pairing is not supported for Splunk Cloud FedRAMP, IL2, and IL5 environments. |
|
On-premises version 8.5 |
--- |
7.0.0 and higher (including clustering; warm standby; backup and restore*) 6.4.1 and higher (standalone only)
Note: Pairing supports SSL certificates signed by Public or Private Certificate Authorities (CAs).
|
* Pairing Splunk Enterprise Security with multi-tenant Splunk SOAR (On-premises) deployments is not supported.
Regional data notice for Splunk Attack Analyzer and Automated Threat Analysis
data usage notice
Certain Splunk Attack Analyzer and Automated Threat Analysis features, such as the AI Malware Reversing Agent, Phishing Analysis Agent, and Translation services, might process data in regions different from your primary environment's provisioning location. You do not need to configure or interact with this data processing as it is managed exclusively in the backend of the product. For details on sub-processors and their geographic locations, see the Cisco Offer Disclosures. To opt out of these AI-driven analytic features, you can submit a Splunk support case. Our support team can assist you to turn off these features on your deployment.
Threat Intelligence Management (Cloud) compatibility and regional availability
Threat Intelligence Management (Cloud) is accessible in Splunk Enterprise Security to provide intelligence support for users.
To access Threat Intelligence Management (Cloud) within Splunk Enterprise Security, you must:
-
Have a compatible licensed version of Splunk Enterprise Security
-
Reside in an available region
Compatibility
Threat Intelligence Management (Cloud) supports search head cluster (SHC) deployments of Splunk Enterprise Security. See the following table for version compatibility with Threat Intelligence Management (Cloud):
| Splunk Enterprise Security deployment type | Compatible version of Splunk Enterprise Security |
|---|---|
| Cloud | 6.6 or higher |
| On-premises | Not available |
Available regions
| AWS region | Geographic area |
|---|---|
| us-east-1 | N. Virginia |
| us-west-2 | Oregon |
| ap-southeast-2 | Sydney |
| ap-northeast-1 | Tokyo |
| ap-southeast-1 | Singapore |
| ca-central-1 | Montréal |
| eu-central-1 | Frankfurt |
| eu-west-2 | London |
| eu-west-1 | Ireland |
| eu-west-3 | Paris |
| eu-south-1 | Milan |
| ap-northeast-2 | Seoul |
| ap-south-1 | Mumbai |
| sa-east-1 | Sau Paulo |
| ap-southeast-3 | Jakarta |
| ca-west-1 | Calgary |
If you meet the above criteria, Threat Intelligence Management (Cloud) is automatically included with Splunk Enterprise Security cloud deployments and can be set up by an admin. See Overview of threat intelligence in Splunk Enterprise Security.
Splunk AI Assistant for Security compatibility and regional availability
The Splunk AI Assistant for Security is accessible in Splunk Enterprise Security for investigation summary, SPL generation, and more. The AI Assistant is not automatically available by default. An admin must contact their account management team to get started.
To get the AI Assistant for Splunk Enterprise Security, you must:
-
Have a compatible licensed version of Splunk Enterprise Security
-
Reside in an available region
Compatibility
| Splunk Enterprise Security deployment type | Compatible version of Splunk Enterprise Security |
|---|---|
| Cloud | 8.2 or higher |
| On-premises | Not available |
Available regions
| AWS region | Geographic area |
|---|---|
| us-east-1 | N. Virginia |
| us-west-2 | Oregon |
| ap-south-1 | India |
| ap-southeast-1 | Singapore |
| ap-southeast-2 | Sydney |
| ap-southeast-3 | Indonesia |
| ap-northeast-1 | Tokyo |
| ap-northeast-2 | Korea |
| ca-central-1 | Montréal |
| eu-central-1 | Frankfurt |
| eu-west-1 | Dublin |
| eu-west-2 | London |
| eu-west-3 | Paris |
UEBA compatibility and regional availability
User and entity behavior analytics (UEBA) is accessible in Splunk Enterprise Security Premier Edition. With UEBA, threat analysts and SOC analysts can evaluate risky users and assets, ensure compliance with regulatory requirements, and escalate findings with anomalous behavior.
For more details on UEBA, see User and entity behavior analytics (UEBA) overview in Splunk Enterprise Security.
To configure UEBA, reach out to your account management team and see Installing UEBA in Splunk Enterprise Security.
Compatibility
| Splunk Enterprise Security deployment type | Splunk Enterprise Security version | Splunk Enterprise Security edition | Splunk SOAR version | UEBA Content App |
|---|---|---|---|---|
| Cloud | 8.2 or higher | Premier | 6.3.x or higher | n/a |
| On-premises | 8.3 or higher | Premier | 6.3.x or higher | 1.0 or higher |
Available regions
| AWS region | Geographic area |
|---|---|
| ap-northeast-1 | Tokyo |
| ap-northeast-2 | Seoul |
| ap-south-1 | Mumbai |
| ap-southeast-1 | Singapore |
| ap-southeast-2 | Sydney |
| ap-southeast-3 | Jakarta |
| ca-central-1 | Montréal |
| ca-west-1 | Calgary |
| eu-central-1 | Frankfurt |
| eu-south-1 | Milan |
| eu-west-1 | Dublin |
| eu-west-2 | London |
| eu-west-3 | Paris |
| me-central-1 | Dubai |
| sa-east-1 | São Paulo |
| us-east-1 | N. Virginia |
| us-west-2 | Oregon |