Upgrading to Enterprise Security 8.0.x - Overview
This guide is designed to help you upgrade or migrate pre-8.0.x Splunk Enterprise Security deployments to Splunk Enterprise Security 8.0.x. Before completing an upgrade, review the release notes for Splunk Enterprise Security 8.0.x.
The procedures in this guide provide the following:
- Best practices for working around known upgrade roadblocks or obstacles
- Guidance on when to postpone an upgrade due to roadblocks with no workaround in the current product version
- A technical list of pre-checks to run prior to the upgrade and a test plan that can be used to validate the success of an upgrade
- References and guidance on how to upgrade to Splunk Enterprise Security 8.0.x
For general guidance on differences between <=7.3 and 8.x, supported deployments, compatibility considerations and more, see Installing and upgrading to Splunk Enterprise Security 8x.
Splunk Enterprise Security 8.0.x upgrades are available as an engagement with Splunk Professional Services. If you do not feel comfortable completing these steps on your own, contact our Professional Services experts.
Business value of the upgrade
Splunk Enterprise Security 8.0.x is the latest generation of our premium security solution that is meant to deliver the next generation SIEM experience through changes to the underlying architecture. The new case management lifecycle and Mission Control queue design address storage and performance concerns from previous versions, providing a more scalable and efficient solution for security incident management.
Splunk Enterprise Security 8.0.x has introduced streamlined terminology changes across detection, findings, and investigations workflows that significantly improve the analyst’s experience by aligning to the Open Cybersecurity Schema Framework (OCSF).