Enhanced version management and tracking

What's new in 8.3.0

Splunk Enterprise Security version 8.3.0 was released on November 19, 2025 and includes the following new enhancements:

⭐ Enhanced version management and tracking
Ability to view the active and the latest version of a detection along with the full author names instead of user IDs. For more information, see Create multiple versions of a detection in Splunk Enterprise Security.

⭐ Streamlined UI workflow in detection versioning
Includes sortable columns, dialog flash fixes, panel state persistence, and the ability to download links for version and activity history of detections. For more information, see Create multiple versions of a detection in Splunk Enterprise Security.

⭐ Turning on or off the ability to edit notes
Ability to choose whether users can edit notes that exist for findings and investigations after they're saved. For more information, see Turn on or turn off the ability to edit notes.

⭐ Pairing with Splunk SOAR clusters and warm standby
Ability to pair Splunk Enterprise Security with Splunk SOAR (On-premises) clustered environments, including using warm standby and backup and restore. For more information, see Pair Splunk Enterprise Security with Splunk SOAR in Administer Splunk Enterprise Security and Splunk SOAR Compatibility in the release notes.

⭐ Pinning finding and investigation fields in the analyst queue
Ability to pin specific fields in the side panel of a finding or investigation or on the investigation overview page to keep the information you care about most easily accessible. For more information, see Pin fields for findings and investigations in Splunk Enterprise Security.

⭐ Nested findings in the analyst queue
Ability to navigate complex investigations more efficiently by reducing visual clutter and maintaining context as you drill deeper into related data. Nested findings organize related findings and finding groups into a clear, hierarchical structure across the analyst queue and investigation overview page. For more information, see Navigate nested findings for triage.

⭐ Finishing existing legacy investigations
Ability to finish your existing work, export data for reports, and maintain visibility into past findings with the legacy investigations interface. If you previously created investigations in Splunk Enterprise Security 7.x, you can still review and complete them after upgrading to version 8.x. For more information, see Review and finish existing legacy investigations.

⭐ Entity risk scoring
Includes the new entity risk score (ERS), an enhanced version of the original risk score in Splunk Enterprise Security. It measures the overall risk level of an entity, such as a user or asset, based on findings associated with that entity. For more information, see Entity risk scoring in Splunk Enterprise Security and Using entity risk scores for detections in Splunk Enterprise Security.

⭐ Threat intelligence storage optimization
Ability to optimize data retention for threat intelligence KV Store collections in Splunk Enterprise Security. For more information, see Threat intelligence collections in Splunk Enterprise Security.

⭐ User and Entity Behavior Analytics (UEBA) for Splunk Enterprise Security Premier
Ability to detect insider threats, reduce false positives, and prioritize investigations based on risk with UEBA. UEBA identifies anomalies by comparing current activity against learned baselines for users and assets. See the following documentation to get started:

• User and entity behavior analytics (UEBA) overview in Splunk Enterprise Security
• Installing UEBA for Splunk Enterprise Security
• Configuration checklist for UEBA in Splunk Enterprise Security

⭐ Analyst queue performance improvements
Searching, automating, and interacting with findings on the analyst queue will load them into the KV Store collection for faster retrieval and load times. For more information, see Optimizing storage with KV Store retention policy.

⭐ Updates to hide finding settings for finding groups
Hide findings setting now also hides findings that belong to finding groups. Help text for this feature has been updated to indicate that findings will still appear nested under the investigation or finding group to which they belong.