After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Welcome to 6.0.0
If you are new to , read About in the Use manual to learn how you can use for security automation.
If your deployment uses the Splunk SOAR Automation Broker see the Release Notes for the concurrent release.
What's new in 6.0.0
This release of includes the following enhancements.
Feature | Description |
---|---|
Important: New SOAR default administrative user |
Starting with this release, the default administrative user is called soar_local_admin . This change is to support user accounts with the user name admin in single sign-on systems.
|
Find related playbooks | Find existing playbooks associated with your installed apps. You can use an existing playbook from the community or from your instance, so you do not have to create playbooks from scratch. For details, see Find existing playbooks for your apps. |
Custom Functions and Custom Lists location update | Custom Functions and Custom Lists now have their own menu selections under the Home menu. They are no longer located within the Playbooks section. For details, see Add custom code to your playbook with a custom function and Create custom lists for use in playbooks. |
User-based data paths | You can now specify the user who launched the current playbook run, either by id or name, when configuring datapaths in the following playbook blocks: action, code, custom function, decision, and filter. These options appear in the datapath picker under playbook . For details, see Specifying data in your playbook and Understanding datapaths in the Python playbook API Reference. |
Nested values in custom fields | You can now access values nested inside custom fields using datapaths instead of writing custom code. For details, see Important datapaths in the Playbook API in the Python Playbook API Reference for documentation. |
Pending icon for playbooks waiting to run | A new icon helps distinguish between playbooks that are currently running and those that are waiting. In the Sources view/Analyst queue, the Activity panel displays the following icons for the running playbook:
- Playbook is currently running |
New delimiter option for Playbook Automation API | For the condition and decision endpoints, you can now specify any string as a delimiter to split field values in artifacts (CEF fields) by that string and treat the results as a list. For details, see condition and decision in the Playbook API article.
|
Playbook API decision endpoint Boolean values | automatically converts true and false strings to their Boolean values in the Playbook API decision endpoint. For details, see decision in the Playbook API article. |
Performance improvement - loading apps | Default apps that are a part of Splunk SOAR install and upgrade are not fully installed until an asset is configured against them. |
See also
- For known issues in this release, see Known issues for .
- For fixed issues in this release, see Fixed issues for .
- For release notes for the Splunk SOAR Automation Broker, see Release Notes in the Set up and manage Splunk Automation Broker documentation.
Known issues for |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.0.0
Feedback submitted, thanks!