icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

Thank You

Downloading Splunk Security Essentials
SHA256 checksum (splunk-security-essentials_360.tgz) d17ca3c5b81740be9ad19e8ab759c65ff1fcc0e9c74cf469e0bf580ddd539b94 SHA256 checksum (splunk-security-essentials_351.tgz) 03cb79f0798aa05e15aacbe9ed5e4f9c66642c1d4414a6aee4eac92820e17e28 SHA256 checksum (splunk-security-essentials_340.tgz) c01821ec37e4c3802f99d8c0f7e626bd2a55ebbdb4439bf97c6b837b22ddf9fa SHA256 checksum (splunk-security-essentials_334.tgz) 6dcb1944cc48ae13aa518ccdaf70416c2f3393f092c9e11d0abc793240842218 SHA256 checksum (splunk-security-essentials_333.tgz) a071b3993fc23da8d64c72a8590877fa298368a2388984e98d7b0bc0396b94ce SHA256 checksum (splunk-security-essentials_332.tgz) 020a791beec4de82db969b0c738587b7b87d51a4f7e80b9181d815b302663159 SHA256 checksum (splunk-security-essentials_330.tgz) 3c34b5234dc664ef4027238a5142811dc14268a113715f5b87aebaba62023b2d SHA256 checksum (splunk-security-essentials_322.tgz) 28ea65a1c5002f0419616386c2924c077c74f3091687ad50be27b3bdb0058fa0 SHA256 checksum (splunk-security-essentials_321.tgz) 5da17340a7b6a9e3ec7f8164fa0e3d1625dd7bfb060c4dff6b1285ab52baeb91 SHA256 checksum (splunk-security-essentials_320.tgz) 0adc726457ae364157720ff4869e59d2146ffab47ac75d7337e82a4286172f59 SHA256 checksum (splunk-security-essentials_312.tgz) 9b2e89a0313d9c7bcb9259c1eeda81959bb136e72367d52e6e9d2201a51cec5b SHA256 checksum (splunk-security-essentials_311.tgz) ccf876f232773d279d60bdbe3c2c95d792788abd19b70373abf491a152a8afad SHA256 checksum (splunk-security-essentials_310.tgz) 56215527c29a5a667569a65d099cb2a00fe8b0f28d5086bde08efca116b039be SHA256 checksum (splunk-security-essentials_306.tgz) d26efd7f58661407b9bbb9cb5878e20a259451543cd5674d252b6f70739612b6 SHA256 checksum (splunk-security-essentials_305.tgz) 79f33d17a70d8be35e27d23e2b42c0faf389ba791f083de4c0e3a88d471fb6a3 SHA256 checksum (splunk-security-essentials_303.tgz) 58363e10e6f5e53580485de0da9b91144b3e7c9c12f76825a3eb711661446749 SHA256 checksum (splunk-security-essentials_302.tgz) f06ba63a897cd8c4a093b092b21852bf21d93e00d641f191401c11a775753629 SHA256 checksum (splunk-security-essentials_301.tgz) 9b31eb45f615383c73f0ad61ef0247f8655964a1ad0106b0cc13343c1e404104 SHA256 checksum (splunk-security-essentials_300.tgz) 6f3880dd570315e55e9634b5040b64416227a1f3d4468250b585ff461b3ea930 SHA256 checksum (splunk-security-essentials_252.tgz) 1efc2c217d6b58975e205e8aacbdd503c07605b47859d0d94ddcfcef20ec55d4 SHA256 checksum (splunk-security-essentials_251.tgz) 58a5a7ec8d29fba77f71e9c45c1908d54c673432b424abf6e64d689ea4674906 SHA256 checksum (splunk-security-essentials_250.tgz) 60ae53daaad68530155d545dea3db1ce5258a0e403e59006571ea52807762a53 SHA256 checksum (splunk-security-essentials_242.tgz) 70a64eb09f38d107a70e0a4bad2c806be0d720211299bc641e2a3f0c00b010f1 SHA256 checksum (splunk-security-essentials_241.tgz) 4a2dfba362a497213bfaa169ac02191056823b75d859dc0ea7ab44402b54575b SHA256 checksum (splunk-security-essentials_240.tgz) 01097dcd611bdee77a7847e78b431b1c060a044d982f4a327caee743f83a655c SHA256 checksum (splunk-security-essentials_231.tgz) 800105405e7c415e77a4d4d6c6abd4785d2cab65a59b0b170cc33daf05d95a9d SHA256 checksum (splunk-security-essentials_230.tgz) def48e7b8e6496ff0b9eb358c4ae6dc3dd00e93a08d731d048be238ad6e97591 SHA256 checksum (splunk-security-essentials_220.tgz) 31ef2a753fbe6d42b5a6cd2aec88f2aa2359cf2eaff07644ae1d73fe190d31ce SHA256 checksum (splunk-security-essentials_211.tgz) 8a026f0170765c1734424ae9fee76c7dbed340cba8f186e6e632e411dd5e3457 SHA256 checksum (splunk-security-essentials_210.tgz) e0bfa5a47daf18d60c448896fa9a6f54a564f05d5c42d4ae9cc5edbda78a9991 SHA256 checksum (splunk-security-essentials_200.tgz) 8451d019ffccf0351d9a154429fefbe0660107f455536f317598c1b82a3a1cf0 SHA256 checksum (splunk-security-essentials_146.tgz) 4070b2496a9a0c44855a51b9e11d6829fe7c5250f45515cfcd4af6df70b90282 SHA256 checksum (splunk-security-essentials_145.tgz) c179793f0583183fdaa80a1dc5884ad8fe84421a73c961e44aa3698035991124 SHA256 checksum (splunk-security-essentials_144.tgz) 1cfcfda27be99509e708e02ce513f321963c433d51c120926247e463b1f54002 SHA256 checksum (splunk-security-essentials_143.tgz) 74c2fa7b6e40136c9e5509d7602d4527e4e8d72ce6a7e1ff6e742d7948d05c8f SHA256 checksum (splunk-security-essentials_142.tgz) f15cb15fb73ff078957464c4e694565b833cc2777c13d636f932d3b8e91fbc3b SHA256 checksum (splunk-security-essentials_141.tgz) 9397e859762db20ccb663052231f46946e3eb458acdb8684aa4cf93c0b4c6185 SHA256 checksum (splunk-security-essentials_140.tgz) c1905c4c869d3d3931162bbdbd809212a4acbaa43df8c38e5c039e33706a118d SHA256 checksum (splunk-security-essentials_132.tgz) 0d238553ca70bd6c48b181b61f310b474caf963020206c0cb98944ee4efd26f3 SHA256 checksum (splunk-security-essentials_131.tgz) 736191c519fb16c353219e15a5cf938bd566f8820f2dbda31b4694745e914662 SHA256 checksum (splunk-security-essentials_130.tgz) 2b2581b14b30e52c49ad9712fe05090684557104fea97b38dddcdc13588c59c5 SHA256 checksum (splunk-security-essentials_120.tgz) d19d494b97fd0bfc9ab7b1a119a210dee1fa59a8b7c5c5d9eef5f5c588c349ba SHA256 checksum (splunk-security-essentials_111.tgz) 30e947853e11e9097c8cc1d25eb8bf20e5012ec67fe63915c79a500de6c31cb5 SHA256 checksum (splunk-security-essentials_110.tgz) 553e8555cf4b39072d92695d0cfec814117e0fcf7d620ea57665e86276af1f76 SHA256 checksum (splunk-security-essentials_103.tgz) c6458f8fa26037fd9d8381682f352fe5220893117e2b8ce6b2a4e6b04a0d7abf SHA256 checksum (splunk-security-essentials_102.tgz) 029be885a35ca959ecf9891bbc359c73274907ad7f2a08037a6ce42ca164f46e SHA256 checksum (splunk-security-essentials_101.tgz) c712b72c1e6140e09c63c4c7a9fe4d8afa53ecccd8f89a212a183b959125d5d1 SHA256 checksum (splunk-security-essentials_10.tgz) 7bb56022e6633794a9d2b3b03b95107dcdd62652d5177f76fbc641c0cae2312c
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Splunk Security Essentials

Splunk Cloud
Splunk Built
Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.

Security Content Library
Find security content for Splunk Cloud and Splunk's SIEM and SOAR offerings and deploy out-of-the-box security detections and analytic stories to enhance your investigations and improve your security posture.

Cybersecurity Frameworks
Identify gaps in your defenses and take control of your security posture with automatic mapping of data and security detections to MITRE ATT&CK® and Cyber Kill Chain® framework.

Data and Content Introspection
Gain visibility of the data coming into your environment to add context and telemetry to security events. Enrich your security detections with metadata and tags from the Security Content Library.

Security Data Journey
Get prescriptive security and data recommendations and establish a data strategy to develop a security maturity roadmap.

Learn more:
Download the Product Brief : https://www.splunk.com/pdfs/product-briefs/splunk-security-essentials.pdf
Try out Splunk Security Essentials: https://www.splunk.com/en_us/form/splunk-security-essentials-online-demo.html
Check out the Documentation site: https://docs.splunk.com/Documentation/SSE

Release Notes

Version 3.6.0
July 19, 2022
Version 3.5.1
March 29, 2022
Version 3.4.0
Oct. 6, 2021
Version 3.3.4
July 19, 2021

This release of Splunk Security Essentials included adding the latest Security Content and MITRE ATT&CK Enterprise JSON to Splunk Security Essentials and fixing the following issues:
- Custom Content modal is missing two options for Bookmark status.
- When adding a custom data source, option 1 and 2 in the modal do not work.
- After configuring Data Inventory and later revisiting, it looks like it is incomplete with some searches still outstanding.
- Local searches are missing from the list when adding Custom Content.
- Risk searches are not automatically mapped to local saved searches.
- Local Search mappings edit link directs to the Edit Alert interface rather than Edit Correlation Search.
- Add/Edit Custom Content modal is missing the bottom half.
- False positives in the Detect Credit Card Numbers SPL.

Version 3.3.3
May 18, 2021

In this release of Splunk Security Essentials, JQuery was migrated to version 3.5.1. This release also included fixes for the following issues:
-Label tooltips not working on Analytics Advisor
-MITRE Platform not updating to the latest values in the Analytics Advisor dropdown
-Automatic Posture Dashboards not being created
-Custom Content generates an error on the Data Inventory page
-Removed deprecated dashboards from Splunk Security Essentials

Version 3.3.2
April 8, 2021

-Added latest Security Content and ATT&CK Enterprise JSON to the build.
-Added analytic_story as a field on the ES Incident Review page.

Bug Fixes
-Changing bookmark status deletes existing bookmark notes
-MITRE Overview page tabs do not work
-Dropdowns on Security Content page can only be expanded once
-When using the multi-technique search on the Security Content page, the Technique dropdown isn't pre-selected with the entered Technique IDs
-On the Security Content drill down page, the "Line-by-Line SPL Documentation" action is broken
-Changing bookmark status on Showcase page not reflected in GUI

Version 3.3.0
Jan. 21, 2021
  • New visualization for ESCU/Splunk Security Research content. The visualization has a new look and there are added options to easily deploy all necessary lookups, macros, and schedule searches.
  • Custom bookmark statuses. All bookmarks are now stored in the kvstore and you can set custom bookmark statuses for the Manage Bookmarks dashboard.
  • New location for Splunk Security Essentials documentation: https://docs.splunk.com/Documentation/SSE
  • Additional documentation and offline documentation has been added to SSE.
  • Added new data sources, detections, and categories

Bug Fixes
- Fixed a bug in Data Introspection if there wasn’t any data available
- Modified export reports to include new fields
- Fixed a permissions issue for the Mission Control dashboard
- Error with MITRE matrix where attack groups would not render an icon on the table
- Fix logic error in local search mapping
- Numerous other small fixes

Version 3.2.2
Nov. 19, 2020
  • We’ve added the Software object from the ATT&CK Framework. This now appears on the Security Content page and the Analytics Advisor MITRE ATT&CK Overview dashboard.
  • Incorporated the updates released in ATT&CK v8. The PRE-ATT&CK matrix have now been deprecated and merged into the standard Enterprise matrix.
  • You can now browse and filter detections to the new “Network" matrix.
  • An option to force a content update has been added under the Configuration page.
  • The ATT&CK Technique dropdown on the Security Content page now includes the ID for the technique.
  • The MITRE ATT&CK Matrix is now backwards compatible with Splunk v7 but without the Sub-Techniques being rendered. The Sub-Techniques will not be nested as they are on v8 as this is a limitation of Splunk v7.
  • A new filter is available in Security Content to find Phantom playbooks mapped to content.

Bug Fixes
- ATT&CK Sub-Techniques nesting appeared in the wrong order on the ATT&CK Matrix panel.
- Fixed bug with cim_vladiator in the Suggested Apps.

Version 3.2.1
Oct. 23, 2020

• Mitre ATT&CK Updates - Added support for MITRE ATT&CK Sub-Techniques
• Better Industry Framework Support - Included support for CIS and NIST
• Automatic updates for Security Research Content - Security Content from the Splunk Research team (i.e. ESCU) is now automatically downloaded into SSE using the Splunk Security Content API
•Support for ES 6.3+ Annotations Framework - Enabling detections through SSE will now populate the Annotations Framework with MITRE ATT&CK, Killchain, NIST, CIS and some SSE fields.
• Major UI Improvements for Content Mapping - It's now easier than ever to maintain all your Content in SSE and have it mapped with what is actually enabled in your environment. You can now also map multiple saved searches to a single piece of content in SSE and still have enrichment for Notables and Risk Objects.
• Bug Fixes - As with every release we have squashed numerous bugs.

Version 3.2.0
Sept. 28, 2020

This release comes with some great new capabilities and a ton of new content:
• MITRE ATT&CK Sub-Techniques in the Analytics Advisor as well as a new and improved look.
• All Security Research Content is now available and we’ve included the actual search string in the SSE UI in the detection showcase page.
• NIST/CIS filtering for the detections.
• More datasources are detected by the Data Inventory (Windows DNS, Windows DHCP, Azure AD Sign-in)
• New Timeline visualization on the “Analyze ES Risk Attributions” dashboard. This will show notables and risk modifiers on a timeline with links to ATT&CK Tactics and Techniques. (Requires the Timeline Viz)
• 4 new native detections and 40+ detections from the Security Research team.
• Plenty of general improvements and bug fixes

Version 3.1.2
July 14, 2020

Added Data Inventory support for many new data sources that are not linked to CIM data models yet
Azure, GCP, AWS logs
Kubernetes audit logs from Azure, GCP, AWS
Splunk Connect for Kubernetes
Sysmon DNS
Stability improvements for Data Introspection
Added a new filter in the content page for industry mapping
Updated content with the latest content from Splunk Research
Various bug fixes

Version 3.1.1
May 15, 2020

Added updated content
Few small bug fixes

Version 3.1.0
April 6, 2020
  • New Mitre Mappings - Added support for MITRE platform mappings when filtering content.
  • Improved content mapping features to more easily find in SSE and export to ES
  • Word Doc Export - We've added in the ability to export your bookmarked content as a Word document
  • Updated ESCU content - Updated to the latest version of the ES Content Update (1.0.53)
  • Bug Fixes - Fixed bugs relating to partner content update, and a few other smaller bugs
Version 3.0.6
Feb. 5, 2020

Fix for mitremap command content_available flag
Fix for loading partner content from external sources

Version 3.0.5
Jan. 10, 2020
  • Fixed a bug relating to introspection button not appearing
  • Fixed DS mapping bug
  • Fixed bug loading partner content from external sources
  • Few other small fixes and tweaks
Version 3.0.3
Dec. 10, 2019

Version 3.0.3 Release Notes:
Hopefully knocked out the last big data introspection bug, which impacted environments with lots of cardinality in the source field. Please see the troubleshooting link below if your system is in an unhappy state.
Also knocked out lots of other bugs!

If your data inventory wouldn't complete successfully with version 3.0.2 or earlier, upgrade to 3.0.3 and then reset your configuration by walking through the steps detailed here: https://docs.splunksecurityessentials.com/technical-details/troubleshooting/#data-inventory-introspection

Version 3.0.2
Nov. 29, 2019

3.0.2 Release Notes:
Critical Bug Fix for Older Splunk Releases (Linux/OSX 7.0 and earlier, Win maybe all 7.3 and earlier)
Fix for minor error that threw a warning on all releases
* Improved debugging capability

Version 3.0.1
Nov. 18, 2019

3.0.1 Release Notes
Python3 Compatibility in anticipation of future Splunk releases
Numerous bug fixes
* A Partner Framework

Version 3.0.0
Oct. 11, 2019

Release Notes:
SSE 3.0 is a huge release! Check https://docs.splunksecurityessentials.com/whatsnew for all the details, and check out https://www.splunksecurityessentials.com/ for the new website!

Here are some of the highlights:
New Home Page and major UX overhaul, with tours showing you how to configure everything in the app
Extensive documentation and detail of UBA and ESCU content
Content recommendation dashboards for MITRE ATT&CK and RBA
Azure and GCP content
Promoting Beta functionality, including the Analytics Advisor dashboards, and Data Inventory
MLTK-powered Data Availability Dashboard
CIM Compliance Check Dashboard
Enough bug fixes to qualify us as entomologists
* Docs site and Web Site! https://www.splunksecurityessentials.com

This release had a ton of contributors. Thank you to all of them! https://docs.splunksecurityessentials.com/release-notes/contributors/

Version 2.5.2
Aug. 19, 2019

Release Notes:
* 2.5.1 introduced a bug that slowed page load significantly. 2.5.2 undoes that, and also halves earlier page load times!
* Misc other small bug fixes

Version 2.5.1
Aug. 13, 2019

2.5.1 Release Notes:
- Two important bug fixes related to data introspection (issue with migration from 2.4, and a race condition if you clicked Start Introspection very quickly)
- Ten new sourcetypes auto-detected!
- Modal from the showcase pages for MITRE tactics / techniques / groups. Click on the MITRE buttons to get details and drill-downs.
- Fix for ESCU drilldown if ES was version 5.0 or 5.1
- Fix for auto-update navigation. (Previously would have missed “custom content” and maybe not worked for some edge cases)

Version 2.5.0
Aug. 2, 2019

Release Notes for 2.5.0:
- Updated Data Inventory Dashboard
- Correlation Search Introspection
- Data Availability Dashboard (MLTK!)
- Inclusion of Phantom Content
- Updates to the Analytics Advisor Content
- MITRE ATT&CK Integration into ES
- Automatic Update of MITRE ATT&CK
- Setup Menu

Version 2.4.2
May 26, 2019

2.4.2 Release Notes:
Added MITRE Threat Groups as a custom filter on the main contents page! This is based on MITRE ATT&CK Techniques -> Groups, defined in MITRE Enterprise ATT&CK
Several bug fixes:
* One user reported that no content would load across the entire app due to kvstore query issues
* Three users reported that some javascript would not load due to inexplicably requesting files over http instead of https
* Also fixed the cosmetic on-restart warnings created by the sankey app
* Add a check for local default.xml and manually add beta content if present
* Other small fixes
* Added support for users who host Splunk on a custom root endpoint e.g. https://ssloffload/splunk/ (you whacky kids)

Version 2.4.1
April 23, 2019

SSE 2.4 Release Notes:
Major New Feature (Beta): Data Inventory
Major New Feature (Beta): Analytics Advisor Dashboards
Major Enhancements: Bookmarking
MITRE ATT&CK Technique-level Mapping
Improved the Security Contents local Search Engine
Re-implementation of | sseanalytics search command
Security Data Journey now goes up and to the right!
Numerous bugs fixed
* 2.4.1: Accidental Google Translated Japanese files removed!
See full release notes: https://davidveuve.com/apps/splunk-security-essentials/release-notes/ or the "What's New in 2.4" in the app!

Major thank you to everyone who contributed to this release!

Version 2.4.0
April 22, 2019

SSE 2.4 Release Notes:
Major New Feature (Beta): Data Inventory
Major New Feature (Beta): Analytics Advisor Dashboards
Major Enhancements: Bookmarking
MITRE ATT&CK Technique-level Mapping
Improved the Security Contents local Search Engine
Re-implementation of | sseanalytics search command
Security Data Journey now goes up and to the right!
Numerous bugs fixed
See full release notes: https://davidveuve.com/apps/splunk-security-essentials/release-notes/ or the "What's New in 2.4" in the app!

Major thank you to everyone who contributed to this release!

Version 2.3.1
Jan. 3, 2019

2.3.1 Release Notes
Numerous Windows TA 5 bug fixes (missed a specific format before, thank you to those on answers who pointed out the problem!)
Few Bug Fixes for the new 2.3 Dashboarding feature
* The main page no longer says "What's New in 2.2" with outdated info, it now says "What's New in 2.3" with updated info!

Version 2.3.0
Nov. 2, 2018

Version 2.3 Release:
Dashboard Panels! Not only will you find a collection of dashboard panels on several commonly used examples, but from the Data Source Check you can click the new "Create Posture Dashboards" button and it will guide you through creating a series of dashboards that provide visibility into your environment based on the data sources you already have. Great for those who want to periodically look at dashboards instead of getting alerts!
More complete mapping of Mitre and Kill Chain
* Several bug fixes

Version 2.2.0
Aug. 31, 2018

Version 2.2 Release Notes:
* 25 New Detections, many focused around Insider Threat, but including two for ES Risk, and that new Microsoft Scheduler Zero-Day reported on twitter!
* Improved Print-to-PDF Export from the Bookmarked Content page!
* Improved integrations with ES and ESCU, and content from UBA, for users who also have those products.
* Many bugs resolved and functionality improved!

Version 2.1.1
April 18, 2018

Version 2.1.1 Release Notes:
- Splunk 7.1 Compatibility!
- New search bar (type in the name of something you're looking for, such as "lockout" to find everything related to Account Lockouts) courtesy of elasticlunr.js add-in.
- Bookmark "Print" view now dramatically cleaner and better
- Several UI tweaks
- Several bugs squashed

Version 2.1.0
April 9, 2018

Version 2.1.0 Release Notes:
- New Bookmark Feature! Track content that you would like to implement, and even your implemenation status. Security Essentials is no replacement for a full project tracking system, but we'll help you remember what you care about, and help you get started with building it out!
- Four New Examples:
- Public S3 Buckets (CloudTrail)
- Connection to a new Domain
- Old Passwords in Use
- Unusual AWS Regions
- New Use Case Analytics dashboard (called simply: Overview)
- Expanded GDPR Content (description, screenshots, visualizations, oh my!)
- Many bug fixes and formatting improvements

Version 2.0.0
Feb. 22, 2018

Major overhaul for Splunk Security Essentials 2.0.
* All content mapped to meaningful use cases. No more looking at log sources, now focus based on Security Monitoring or Insider Threat!
* 10+ Data Onboarding Guides to walk you through getting data in, including the configuration of third party systems
* 40+ new examples, with live and usable searches covering AWS, GDPR, basic Security Monitoring, and Ransomware!
* Integrated mapping of entire Splunk Security ecosystem, including analytics in ES, ESCU, UBA, and Professional Services.
* All examples oriented to a Security Journey, to help you focus on what to do first, second, and after that.
* Complete overhaul of the UI to be more usable and intuitive.

Note: There are a ton of code changes in this release, and sometimes splunkweb gets funny with that. If you do notice any behavior that doesn't seem right, try telling Splunk to use the latest copy by going to /en-US/_bump.

Version 1.4.6
Sept. 29, 2017

Version 1.4.6 Release Notes:
Fixed a couple of major 7.0 bugs (sorry)
One outstanding issue with saving High Cardinality use cases

Version 1.4.5
June 20, 2017

Splunk 7.0 Note: There are a couple of big bugs with the app in Splunk 7.0. 1.4.5 doesn't work in 7.0, but 1.4.6 will! It's awaiting review at the moment, and we will have it out shortly.

Version 1.4.5 Release Notes:
* Several small bug fixes, including the pre-requisite checks for the demo data on distributed environments (thank you to tkreiner on answers for the bug report!)
* A checkbox now requires that you acknowledge "I Understand" instead of "I Do Not Understand" before continuing, in one of the most unusual bug reports of my career.

Version 1.4.4
June 13, 2017

Version 1.4.4 Release Notes:
* Several small bug fixes, including the pre-requisite checks for the demo data on distributed environments (thank you to tkreiner on answers for the bug report!)
* A checkbox now requires that you acknowledge "I Understand" instead of "I Do Not Understand" before continuing, in one of the most unusual bug reports of my career.

Version 1.4.3
May 23, 2017

1.4.3 Release Notes:
* Now doesn't trigger virus scanners! (Turns out a lot of vbscript can confuse some scanners)
* Adjusted the user for SFDC data to Chris, instead of Chuck
* Few small bug fixes

Version 1.4.2
April 18, 2017

1.4.2 Release Notes
* Fixed a bug with the Schedule Alert functionality in the Search Based Use Cases where the expected box didn't appear.

Version 1.4.1
March 19, 2017

1.4.1 Release Notes:
* Added anonymized_box_logs.csv -- this is an orphaned dataset you can use to generate a custom Detect Spikes use case. Go explore, or come to SplunkLive DC this Thursday (03/23) to walk through it with me live.
* Fixed a few live searches, and many pre-req searches that were missing index=* -- thank you {I didn't ask permission to use your name} for reporting that bug on the recent downloader survey!
* Fixed the broken pre-reqs for the Emails with Lookalike Domains use case.

Version 1.4.0
March 6, 2017

1.4.0 Release Notes
- New Data Source Check dashboard showcased! See what use cases you can run with the data you have today -- explore if there are use cases you can't run that you would like to!
- Added Docs + Support to the Nav Menu
- Wide array of small fixes and adjustments.

Version 1.3.2
Feb. 28, 2017

1.3.2 Release Notes:
- Added a debug capability to the new Data Source Check dashboard -- just add ?debug=true to the URL (e.g., /app/Splunk_Security_Essentials/data_source_check?debug=true) to get a text box that you can send me to help debug. (SSE Diags are on the roadmap)
- Added docs and support links to the nav -- support just pointing to Splunk Answers
- Small bug fixes to six pre-req searches (Thank you Andreas!)

1.3.1 New Features:
- Six new use cases for Salesforce.com Event Log Format data!
- New Data Check dashboard (currently in beta) that will look through all of your data and then run all of the data source pre-req checks. It's not currently on the dashboard, but if you're interested check out the details page to see more. https://splunkbase.splunk.com/app/3435/#/details

1.3.0 New Features:
- Added Filters that breakdown use cases not just by security domain, but also by data source, alert volume, and the app version when that use case was added.

Version 1.3.1
Feb. 23, 2017

1.3.1 Release Notes:
- Six new use cases for Salesforce.com Event Log Format data!
- New Application Accessing Salesforce.com API for User
- New High Risk Event Types for Salesforce.com User
- New Tables Queried by Salesforce.com Peer Group
- New Tables Queried by Salesforce.com User
- Spike in Downloaded Documents Per User from Salesforce.com
- Spike in Exported Records Per User from Salesforce.com
- New Data Check dashboard (currently in beta) that will look through all of your data and then run all of the data source pre-req checks. It's not currently on the dashboard, but if you're interested check out the details page to see more. https://splunkbase.splunk.com/app/3435/#/details
- Misc Bug Fixes

Version 1.3.0
Feb. 13, 2017

Happy #RSAC Everyone!

Version 1.3.0 Release Notes:
- Added Filters that breakdown use cases not just by security domain, but also by data source, alert volume, and the app version when that use case was added.
- Fixed a few small display bugs
- Fixed a bug where the app had an embarrassingly error leading to pre-req checks marked as present when they weren't

Version 1.2.0
Feb. 6, 2017

1.2.0 Release:
* Four new email use cases centered around phishing victims
* One new use case that detects if a particular sourcetype (e.g., security software) goes offline while the rest of the system is online.
* Major enhancement to the new lookup caching, in the form of the "Create Blank Lookup" button
* Several small bug fixes

Version 1.1.1
Jan. 30, 2017

1.1.1 Release Notes:
* Changed the Success/Error/Processing for the data checks to icons, so that people won't accidentally miss them!
* Fixed bug with the demo lookup cache, along with a few other small UI bugs.

Version 1.1.0
Jan. 20, 2017

1.1.0 Release Notes:
* Major New Feature: For First Seen Detections, you can cache historical results in a lookup, allowing searches to run dramatically faster in exchange for disk space. (30x performance improvement would be common)
* Several bugs fixed (thank you to andreasz for finding, and also proposing fixes to a few errors!)

Version 1.0.3
Jan. 17, 2017

1.0.3 Release Notes:
* Removed two features that weren't actually implemented. Thank you andreasz for the discovery!

Version 1.0.2
Jan. 12, 2017

1.0.2 Release Notes:
* New Logo
* Enhancement: you can now click Show SPL even if you don't have the data models (or data) present, to make it easy to copy-paste searches into production.

Version 1.0.1
Jan. 11, 2017

1.0.1 Release Notes:
* Fixed a bug that affected distributed deployments (no impact to the deployment, but prevented the app from working)
* New Logo

Version 1.0
Jan. 7, 2017

Initial Release

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.