After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
repositories and signing keys packages
You will need to have the correct source repositories and the corresponding signing keys installed on your instance or cluster nodes in order to upgrade.
For a clustered deployment, install these repositories on cluster nodes that run . You do not need to install them on a Shared Services server, or servers providing external services to your cluster, such as load balancers or proxy servers, PostgreSQL database server, or a GlusterFS fileshare.
For privileged deployments with internet access
requires incremental upgrades from earlier versions. Do not skip any required versions when upgrading .
Use these commands to install the correct source repositories and signing keys package when the instructions call for you to install them. Replace the variables with the version numbers for version of to which you are upgrading.
For example, if you are upgrading from version 5.1.0.70187 to version 5.2.1.78411, and your instance is on Red Hat Enterprise Linux 7, use the following command:
rpm -Uvh https://repo.phantom.us/phantom/<major version.minor version>/base/7Server/x86_64/phantom_repo-<major version.minor version.release.build number>-1.x86_64.rpm
For unprivileged deployments, or deployments with limited internet access the repository and signing key contents are delivered in the upgrade tar file.
OS | Command |
---|---|
CentOS 7 | rpm -Uvh https://repo.phantom.us/phantom/<major version.minor version>/base/7/x86_64/phantom_repo-<major version.minor version.release.build number>-1.x86_64.rpm |
RHEL 7 | rpm -Uvh https://repo.phantom.us/phantom/<major version.minor version>/base/7Server/x86_64/phantom_repo-<major version.minor version.release.build number>-1.x86_64.rpm |
Replace <major version.minor version>
and <major version.minor version.release.build number>-1
with the Splunk Phantom release and build numbers provided in this table:
Release Name | Release Major & Minor Version Number | Release & Build Number |
---|---|---|
Splunk Phantom 2.1 | 2.1 | 2.1.486 |
Splunk Phantom 3.0 | 3.0 | 3.0.284 |
Splunk Phantom 3.5 | 3.5 | 3.5.210 |
Splunk Phantom 4.0 | 4.0 | 4.0.1068 |
Splunk Phantom 4.1 | 4.1 | 4.1.94 |
Splunk Phantom 4.2 | 4.2 | 4.2.7532 |
Splunk Phantom 4.5 | 4.5 | 4.5.15922 |
Splunk Phantom 4.6 | 4.6 | 4.6.19142 |
Splunk Phantom 4.8 patch 1 | 4.8 | 4.8.24304 |
Splunk Phantom 4.9 Release 5 | 4.9 | 4.9.39220 |
Splunk Phantom 4.10 | 4.10 | 4.10.0.40961 |
Splunk Phantom 4.10.1 | 4.10 | 4.10.1.45070 |
Splunk Phantom 4.10.2 | 4.10 | 4.10.2.47587 |
Splunk Phantom 4.10.3 | 4.10 | 4.10.3.51237 |
Splunk Phantom 4.10.4 | 4.10 | 4.10.4.56260 |
Splunk Phantom 4.10.6 | 4.10 | 4.10.6.61906 |
Splunk Phantom 4.10.7 | 4.10 | 4.10.7.63984 |
5.0.1 | 5.0 | 5.0.1.66250 |
5.1.0 | 5.1.0 | 5.1.0.70187 |
5.2.1 | 5.2.1 | 5.2.1.78411 |
For deployments without internet access or unprivileged deployments
Contact Splunk Support to get access to the correct installer tar file. Once access has been granted, you can download the file from the Splunk SOAR site.
For deployments with limited internet access
Offline upgrade tar files are available for these operating systems:
- Red Hat Enterprise Linux 7.6 through 7.9
On your instance or on each cluster node:
- Make a directory for the TAR file. mkdir /usr/local/src/upgrade-<version>
- Change to the created directory. cd /usr/local/src/upgrade-<version>
- Download the Official Offline RPMs for your operating system from the Splunk SOAR site to the directory.
- (Conditional) If you do not see the Official Offline RPMs on the product downloads page, you must submit a support request to get access.
- Extract the tar file. tar -xvzf phantom_offline_setup_<OS>-<version>.tgz
For unprivileged deployments
On your instance or on each cluster node:
- Download the Official Unprivileged Tarball file for your operating system from the Splunk SOAR site.
- (Conditional) If you do not see the Official Unprivileged Tarball on the product downloads page, you must submit a support request to get access.
- Copy the installation tar file to the directory where was installed. This is the
PHANTOM_HOME
directory. - Do this step as the user account that runs . On an unprivileged virtual machine image or AMI-based deployment, this user account is "phantom."
Extract the installation tar file.tar -xvzf phantom-<version>.tgz
upgrade overview and prerequisites | Convert a privileged deployment to an unprivileged deployment |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1
Feedback submitted, thanks!