Splunk® SOAR (Cloud)

Migrate from Splunk Phantom to Splunk SOAR (Cloud)

Acrobat logo Download manual as PDF


The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Acrobat logo Download topic as PDF

Migrate Splunk Phantom playbooks and custom functions to Splunk SOAR (Cloud)

Perform the following steps to migrate Splunk Phantom playbooks and custom functions to Splunk SOAR (Cloud):

  1. Convert playbooks and custom functions to Python 3 in your Splunk Phantom instance before importing them to Splunk SOAR (Cloud). You might have completed this step as part of the prerequisites for migration. See Prerequisites for migrating from Splunk Phantom to Splunk SOAR (Cloud).
    Ensure any import modules that require standalone phenv python pip install installations have been either removed or migrated to an appropriate application wheels module. See Convert playbooks or custom functions from Python 2 to Python 3 in the Python Playbook API Reference for Splunk Phantom. Error notifications are present for playbooks or custom functions trying to import standalone pip libraries.
  2. (Optional) Configure a cloud based or internet facing HTTP or HTTPS Git compliant repository for playbook use and development. Use a private repository to help ensure that your playbook code is not public or internet facing, and use common continuous improvement and continuous development models to improve development and roll out of production playbooks.
  3. Test and validate converted playbooks and custom functions in Splunk SOAR (Cloud).
Last modified on 27 March, 2024
PREVIOUS
Migrate Splunk Phantom applications to Splunk SOAR (Cloud) 		  NEXT
Onboard Splunk Cloud Platform or Splunk Enterprise Security data

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters