Non-admin ES users cannot update Automation Rules

What's new in 8.4.0

Splunk Enterprise Security version 8.4.0 was released on February 4, 2026 and includes the following new enhancements:

Fixed issues

Splunk Enterprise Security 8.4 fixed issues

Date resolved: 2026-01-14
Issue number: SOLNESS-52556
Description: Backwards compatibility for action.notable.param.drilldown_search was silently removed in ES 8

Date resolved: 2026-01-07
Issue number: SOLNESS-52759
Description: Non-admin ES users cannot update Automation Rules

Date resolved: 2025-12-11
Issue number: SOLNESS-52853
Description: Unnecessary MITRE Fields in the Risk DM

Date resolved: 2026-01-26
Issue number: BLUERIDGE-20237
Description: SOAR update finding or investigation not respecting Note enforcement setting

Date resolved: 2026-01-25
Issue number: BLUERIDGE-20790
Description: Notable_type column in Splunk ES 8.3 Analytic Queue (AQ) incorrectly filters only on "Findings" and "Investigations" instead of "Risk Notable" and "Regular Notable"

Date resolved: 2026-01-22
Issue number: BLUERIDGE-19445, SOLNESS-52726
Description: ES 8.2.3 - Edit multiple finding notes does not work

Date resolved: 2026-01-21
Issue number: BLUERIDGE-19205
Description: ES Investigation API does not return response plan information

Date resolved: 2026-01-06
Issue number: BLUERIDGE-20892
Description: ES 8.3: Findings in Analyst Queue visible after hard browser refresh despite "hide findings in investigations" configuration

Date resolved: 2025-12-09
Issue number: BLUERIDGE-20190, MCHELP-742
Description: get phase id in Enterprise Security on custom Response plan with similar names errors with 40