AME Release: 3.9
AME 3.9.0 focuses on making event investigation faster, adding more context directly inside AME, improving observable mapping workflows, and tightening reliability across ticketing, vulnerability ingestion, and event handling.
What's New in 3.9.0
-
Event annotations for richer analyst context Add arbitrary annotations directly to events so teams can capture investigation notes, operational context, or handoff details without leaving AME.
-
More powerful event filtering Filter events by active ticketing integrations, remote ticket IDs, and failed sync states. AME also adds SPL post-search support and optimized filtering across data fields, notable fields, and AME fields for faster triage.
-
Saved-search observable mapping improvements Build observable mappings directly from saved searches with template configuration merging, and reorder observable mapping rows more easily during template configuration.
-
Restartable failed ticketing sync If an initial ticketing integration sync fails, it can now be restarted cleanly instead of forcing a more manual recovery path.
-
Cleaner exports from the UI Export only the fields currently shown in the interface, making downstream review and sharing easier for analysts and stakeholders.
Upgrade Guidance
Before upgrading, always review the Before You Upgrade guide to prevent issues.
Full details:
Download AME 3.9.0 today from Splunkbase.