Release notes for the Splunk Add-on for Juniper¶

The release notes cover compatibility for software, Common Information Model (CIM) versions, and platforms.

Version 1.6.0 (latest)¶

Version 1.6.0 of the Splunk Add-on for Juniper was released on August 2, 2023.

Compatibility¶

Version 1.6.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.2, 9.0, 9.1
CIM	4.18
Platforms	Platform-independent
Vendor products	Junos OS 20.1R1

New features¶

Added support for message tags RT_FLOW_SESSION_CLOSE_LS and RT_ALG_WRN_CFG_NEED_LS for sourcetype juniper:junos:firewall

Fixed issues¶

Version 1.6.0 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.6.0 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.6.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.5.5¶

Version 1.5.5 of the Splunk Add-on for Juniper was released on December 15, 2020.

Compatibility¶

Version 1.5.5 is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.3, 8.0, 8.1
CIM	4.18
Platforms	Platform-independent
Vendor products	Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1.

Note

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to Field alias behavior change in the Splunk Enterprise Release Notes.

New features¶

Added Splunk Connect for Syslog Support for new message tags.
Added support for CIM version 4.18.
Added Add-On support for EX4200 switches and MX80 routers.
The following SNMP tags are supported under a new sourcetype sourcetype=juniper:junos:snmp:
SNMP_TRAP_LINK_UP
SNMP_TRAP_LINK_DOWN
The following event types are added:
juniper_junos_change_network
Support for the following message tags have been added under sourcetype: sourcetype=juniper:junos:firewall:
PFE_FW_SYSLOG_ETH_IP
ESWD_STP_STATE_CHANGE_INFO
ESWD_DAI_FAILED
EVENT

See Source types for the Splunk Add-on for Juniper for more information.

Fixed issues¶

Version 1.5.5 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.5.5 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.5.5 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.4.0¶

Version 1.4.0 of the Splunk Add-on for Juniper was released on June 16, 2020.

Compatibility¶

Version 1.4.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.2, 7.3, 8.0
CIM	4.15
Platforms	Platform-independent
Vendor products	Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1.

New features¶

Removed support of deprecated source types.
Removed unsupported source types.
Added support of netscreen:firewall source type.
The structured events for Firewall and IDP now fall under juniper:junos:firewall:structured and juniper:junos:idp:structured sourcetypes. The unstructured events for Firewall and IDP now fall under juniper:junos:firewall and juniper:junos:idp sourcetypes.
Analyzed and updated Splunk Connect for Syslog filter.
Added support for webfilter_url_permitted and webfilter_url_blocked logs.

Note the following changes:

The CIM mapping won’t work with structured data for juniper:junos:firewall and juniper:junos:idp sourcetypes when those source types were already indexed with Add-on v1.3.0. The CIM mapping will remain as it is for the unstructured data.
CIM data model mapping was removed from the netscreen_restart event type.
CIM data model maps for juniper_junos_aamw and juniper_junos_secintel eventtypes now follow the Intrusion Detection data model instead of the Malware data model.

The following source types are no longer supported:

juniper:idp
juniper:nsm:idp
juniper:nsm
juniper:sslvpn

The following event types are no longer supported:

netscreen_attack
juniper_idp
juniper_idp_attack
juniper_nsm
juniper_nsm_communicate
juniper_sslvpn
juniper_sslvpn_authentication
juniper_sslvpn_authentication_default
juniper_sslvpn_start
juniper_sslvpn_end
juniper_sslvpn_connected
juniper_sslvpn_network_traffic
juniper_junos_firewall_utm_network
juniper_junos_firewall_utm_malware

Following event types have been added:

juniper_junos_firewall_utm_attack
juniper_junos_firewall_utm_web

Fixed issues¶

Version 1.4.0 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.4.0 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Version 1.3.0¶

Version 1.3.0 of the Splunk Add-on for Juniper was released on March 25, 2020.

Compatibility¶

Version 1.3.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.2.x, 7.3.x, 8.0
CIM	4.15
Platforms	Platform-independent
Vendor products	Junos OS 16.2R1, 17.1R1, 17.2R1, 17.3R1, 17.4R1, 17.4RU2, 18.2R1, 18.4R1, 19.1R1, 19.2R1, 19.3R1, 19.4R1, 20.1R1.

New features¶

The Splunk Add-on for Juniper has the following new features:

Support for RT_UTM, RT_AAMW and RT_SECINTEL events for JunOS v20.1R1
New field extractions to support Juniper JunOS 16.2+
Support for Junos firewall and Junos IDP structured data
Support for CIM 4.15.0
For Junos OS, Splunk add-on for Juniper supports the following message tags:
RT_FLOW_SESSION_CREATE
RT_FLOW_SESSION_CLOSE
RT_FLOW_SESSION_DENY
RT_SCREEN_TCP
RT_SCREEN_UDP
RT_SCREEN_ICMP
APPTRACK_SESSION_CREATE
APPTRACK_SESSION_CLOSE
APPTRACK_SESSION_VOL_UPDATE
WEBFILTER_URL_PERMITTED
WEBFILTER_URL_BLOCKED
AV_VIRUS_DETECTED_MT
CONTENT_FILTERING_BLOCKED_MT
IDP_ATTACK_LOG_EVENT
AAMW_ACTION_LOG
AAMW_HOST_INFECTED_EVENT_LOG
SECINTEL_ACTION_LOG
The following source types are deprecated:
netscreen:firewall
juniper:idp
juniper:nsm:idp
juniper:nsm
juniper:sslvpn

Fixed issues¶

Version 1.3.0 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.3.0 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.3.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.2.0¶

Version 1.2.0 of the Splunk Add-on for Juniper was released on July 16, 2019.

Compatibility¶

Version 1.2.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0
CIM	4.13
Platforms	Platform-independent
Vendor products	Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4-12.2, Junos OS 15.1x49-D80 for RT_FLOW_SESSION_CLOSE Event, vSRX

New features¶

The Splunk Add-on for Juniper has the following new feature:

Support for vSRX data parsing

Fixed issues¶

Version 1.2.0 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.2.0 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.2.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.1.0¶

Version 1.1.0 of the Splunk Add-on for Juniper was released on August 30, 2018.

Compatibility¶

Version 1.1.0 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	6.6.x, 7.0.x, 7.1.x, 7.2.0
CIM	4.11
Platforms	Platform-independent
Vendor products	Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4-12.2, Junos OS 15.1x49-D80 for RT_FLOW_SESSION_CLOSE Event

New features¶

The Splunk Add-on for Juniper has the following new feature:

Support for logging changes in Junos Release 15.1x49-D80

Fixed issues¶

Version 1.1.0 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.1.0 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.1.0 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.0.2¶

Version 1.0.2 of the Splunk Add-on for Juniper was released on May 19, 2017.

Compatibility¶

Version 1.0.2 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.4 or higher
CIM	4.2 or higher
Platforms	Platform-independent
Vendor products	Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4+, Junos SRX (SRX 100, SRX110, SRX 210, SRX 220, SRX 240, SRX 550, SRX 650, SRX 3600, SRX 5400, SRX 5600, SRX 5800)

Fixed issues¶

Version 1.0.2 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.0.2 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.0.2 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.0.1¶

Version 1.0.1 of the Splunk Add-on for Juniper was released on September 30, 2015.

Compatibility¶

Version 1.0.1 of the Splunk Add-on for Juniper is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.2.2 or higher
CIM	4.2 or higher
Platforms	Platform-independent
Vendor products	Juniper IDP device (IDP75, IDP250, IDP800, IDP8200), Juniper Netscreen Firewall 6.x, Juniper NSM, Juniper NSM IDP, Juniper SSLVPN series, Junos OS 11.4+, Junos SRX (SRX 100, SRX110, SRX 210, SRX 220, SRX 240, SRX 550, SRX 650, SRX 3600, SRX 5400, SRX 5600, SRX 5800)

Fixed issues¶

Version 1.0.1 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.0.1 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.0.1 of the Splunk Add-on for Juniper does not incorporate any third-party software or libraries.

Version 1.0.0¶

Version 1.0.0 of the Splunk Add-on for Juniper was released on August 21, 2015.

Compatibility¶

Version 1.0.0 of the Splunk Add-on for Juniper has the same compatibility specifications as version 1.0.1.

New features¶

Version 1.0.0 of the Splunk Add-on for Juniper has the following new features:


Date	Issue number	Description
06/12/14	ADDON-1548	Update the Juniper add-on included with the Splunk App for Enterprise Security and make available as a standalone add-on on Splunkbase.

Fixed issues¶

Version 1.0.0 of the Splunk Add-on for Juniper fixes the following issues. If no issue appear, then there are no bug fixes reported:

Known issues¶

Version 1.0.0 of the Splunk Add-on for Juniper contains the following new known issues. If no issues appear, no issues have yet been reported:

Third-party software attributions¶

Version 1.0.0 of the Splunk Add-on for Splunk Add-on for Juniper does not incorporate any third-party software or libraries.