AME Release: 3.8

This release brings targeted improvements for quicker manual workflows, more customizable notifications, expanded vulnerability data sources (including native Microsoft Defender support), enhanced deployment flexibility, and stronger remediation tracking within Vulnerability Intelligence

What's New in 3.8.0

• Custom email subject templating
  Override default email subjects using full AME templating support. Craft precise, context-rich subjects that improve open rates and clarity for recipients.

• Template selection for manual event creation
  When creating events manually, select any template to automatically apply field population, observable extraction, and other template logic - dramatically reducing manual effort and ensuring consistency with automated detections.

• Microsoft Defender vulnerability ingestion
  Native support for pulling vulnerability data from Microsoft Defender — expand your consolidated security view inside Splunk without extra connectors.

• Path-based reverse proxy compatibility
  AME now works seamlessly when served under a sub-path (e.g., https://your-splunk-domain/ame/) for environments with reverse proxies, ingress controllers, or shared gateways.

• Expanded vulnerability reporting KPIs
  New indicators to track remediation performance more precisely:

  • Percentage of open Notable Realizations
  • Number of realizations tied to an event
  • Median time to close notable realizations
  • Percentage closed within a configurable day range
  • Percentage closed after a configurable threshold

Upgrade Guidance

Before upgrading, always review the Before You Upgrade guide to prevent issues.

Full details:

• What's New in 3.8
• Release Notes

Download AME 3.8.0 today from Splunkbase.

Questions or feedback? Reach out via Splunk Answers, the Splunk Usergroup Slack, or contact Datapunctum directly.