Skip to content

Splunk App for Detection Insights

Release Notes

Detection Insights - Release Notes

Version 1.2.0

Enhancements/New features

Make the Security Domains Filter Dynamic (#58)
Allow users to see current data sent to data models + suggested index allowlist (#106)
Change the default display for ES Content Update - Macros (#124, Thanks Dean Luxton!)
Add the ability to see lookups used in a detection (#127)
Add new tab for Triggering Trends and related work (#33, #126)

New checks

Add check for use of ESCU detection marked Deprecated (#107)
Add check for SPL comments (#111)
Add check for "Search has tokens with incorrect syntax" (#112)
Add check to see which ESCU detection filters have been modified/used (#114)
Add check to look for raw detections not using an index (#125)

Fixed issues

Bug with prerequisites Tab on Splunk Cloud (#108)
Ensure MITRE techniques with covered subtechniques are also marked covered (#109)
A&I based detections struggling to cater for IN clauses (#120, Thanks Dean Luxton!)
Fix data issue with Risk Object panel (#113)
Fix wrong field recommendations for Risk Objects (#122)

Others / Code Quality

Improve Cell Renderer classes code quality (#31)
Implement using ESLint and correcting any errors found (#110)
Rework MKDocs configuration to improve documentation (#115)