Compatibility matrix
Splunk Enterprise Security version 8.x is compatible with Splunk Enterprise (on-premises) version 9.2.0 and higher.
Splunk Enterprise Security 8.x is FedRAMP High compliant. FedRAMP Moderate meets Federal Information Processing Standard (FIPS) 199 Moderate Impact Level standards and Splunk Enterprise Security 8.x FedRAMP High meets Federal Information Processing Standard (FIPS) 199 High Impact Level standards. For current compliance information, see Compliance at Splunk.
For more information on the compatibility of Splunk Enterprise Security with Splunk Platform, Splunk IT Service Intelligence (ITSI), and Splunk IT Essentials (ITE) Work, see Splunk products version compatibility matrix.
Splunk SOAR compatibility
Splunk SOAR pairs with Splunk Enterprise Security to let users run actions, run playbooks, and review automation history in Splunk Enterprise Security.
Pairing Splunk SOAR with Splunk Enterprise Security is compatible with the following Splunk Cloud Platform and Splunk Enterprise versions:
| Splunk Cloud Platform | version 10 or higher (version >10) | version 9.3 or lower (<=9.3) |
|---|---|---|
| Pairing | Supported | Supported |
| Splunk Enterprise | later than version 9.4.3 (>9.4.3) | version 9.4.2 or lower (9.4.x<9.4.2) | version 9.3 or lower (<=9.3) |
|---|---|---|---|
| Pairing | Supported | NOT SUPPORTED | Supported |
The following versions of Splunk SOAR are compatible with this version of Splunk Enterprise Security:
| Splunk Enterprise Security deployment type |
Compatible version of Splunk SOAR (Cloud) |
Compatible version of Splunk SOAR (On-premises) |
|---|---|---|
| Cloud | 6.3.0 and higher |
See note about hybrid deployments after the table 7.0.0, 7.1.0 (standalone only) |
| On-premises | --- |
7.0.0, 7.1.0 (including clustering; warm standby; backup and restore) 6.4.1 (standalone only) |
Threat Intelligence Management (Cloud) compatibility and regional availability
Threat Intelligence Management (Cloud) is accessible in Splunk Enterprise Security to provide intelligence support for users.
To access Threat Intelligence Management (Cloud) within Splunk Enterprise Security, you must:
-
Have a compatible licensed version of Splunk Enterprise Security
-
Reside in an available region
Compatibility
Threat Intelligence Management (Cloud) supports search head cluster (SHC) deployments of Splunk Enterprise Security. See the following table for version compatibility with Threat Intelligence Management (Cloud):
| Splunk Enterprise Security deployment type | Compatible version of Splunk Enterprise Security |
|---|---|
| Cloud | 6.6 or higher |
| On-premises | Not available |
Available regions
| AWS region | Geographic area |
|---|---|
| us-east-1 | N. Virginia |
| us-west-2 | Oregon |
| ap-sourtheast-2 | Sydney |
| ap-northeast-1 | Tokyo |
| ap-southeast-1 | Singapore |
| ca-central-1 | Montréal |
| eu-central-1 | Frankfurt |
| eu-west-2 | London |
| eu-west-1 | Ireland |
| eu-west-3 | Paris |
If you meet the above criteria, Threat Intelligence Management (Cloud) is automatically included with Splunk Enterprise Security cloud deployments and can be set up by an admin. See Overview of threat intelligence in Splunk Enterprise Security.
Splunk AI Assistant for Security compatibility and regional availability
The Splunk AI Assistant for Security is accessible in Splunk Enterprise Security for investigation summary, SPL generation, and more. The AI Assistant is not automatically available by default. An admin must contact their account management team to get started.
To get the AI Assistant for Splunk Enterprise Security, you must:
-
Have a compatible licensed version of Splunk Enterprise Security
-
Reside in an available region
Compatibility
| Splunk Enterprise Security deployment type | Compatible version of Splunk Enterprise Security |
|---|---|
| Cloud | 8.2 or higher |
| On-premises | Not available |
Available regions
| AWS region | Geographic area |
|---|---|
| us-east-1 | N. Virginia |
| us-west-2 | Oregon |
| ap-sourtheast-2 | Sydney |
| ap-northeast-1 | Tokyo |
| ap-southeast-1 | Singapore |
| ca-central-1 | Montréal |
| eu-central-1 | Frankfurt |
| eu-west-2 | London |
| eu-west-1 | Dublin |
| eu-west-3 | Paris |
UEBA compatibility and regional availability
User and entity behavior analytics (UEBA) is accessible in Splunk Enterprise Security Premier Edition. With UEBA, threat analysts and SOC analysts can evaluate risky users and assets, ensure compliance with regulatory requirements, and escalate findings with anomalous behavior.
For more details on UEBA, see User and entity behavior analytics (UEBA) overview in Splunk Enterprise Security.
To configure UEBA, reach out to your account management team and see Installing UEBA in Splunk Enterprise Security.
Compatibility
| Splunk Enterprise Security deployment type | Splunk Enterprise Security version | Splunk Enterprise Security edition | Splunk SOAR version | UEBA Content App |
|---|---|---|---|---|
| Cloud | 8.2 or higher | Premier | 6.3.x or higher | n/a |
| On-premises | 8.3 or higher | Premier | 6.3.x or higher | 1.0 or higher |
Available regions
| AWS region | Geographic area |
|---|---|
| us-east-1 | N. Virginia |
| us-west-2 | Oregon |
| ap-sourtheast-2 | Sydney |
| ap-northeast-1 | Tokyo |
| ap-southeast-1 | Singapore |
| ca-central-1 | Montréal |
| eu-central-1 | Frankfurt |
| eu-west-2 | London |
| eu-west-1 | Dublin |
| eu-west-3 | Paris |