After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Welcome to Splunk SOAR (On-premises) 6.3.0
The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.
If you are new to , read About in the Use manual to learn how you can use for security automation.
If your deployment uses the Splunk SOAR Automation Broker see see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.
October 10, 2024 Release 6.3.0
What's new in
This release of includes the following enhancements.
Splunk idea | Feature | Description |
---|---|---|
PPSID-I-69 | Prompt-driven automation (External prompts) | You can now design playbooks to send prompts to individuals and groups who do not use , requiring their response before the playbook continues. Require user input using the Prompt block in your playbook. |
PPSID-I-50 | Prompts questions can require responses or not | You can now specify that questions in prompts either require or do not require a response. For details, see Require user input using the Prompt block in your playbook. |
The Wayfinder | Splunk SOAR's new discovery and navigation experience. Use shortcuts to access destinations within Splunk SOAR and specific information that's important to you. For details, see Navigate with the Wayfinder in the Use documentation. | |
Custom index for universal forwarder | You can now customize into which Splunk indexes you want to forward SOAR data. For details, see Configure forwarding a data type to a specific Splunk index in the Configure forwarders to send SOAR data to your Splunk deployment article. | |
Notes now support all markdown syntax | You can now use all available markdown syntax in notes. For details, see Using Markdown in notes in the Create, sort, and filter notes in article. | |
Sources is now called Events | The Sources page and Sources menu pick from the Home menu are now both called Events, which more closely aligns with the content of that page. | |
Autoscaling playbook execution | Playbook execution now autoscales based on load. For details, see Playbook execution autoscaling in Administer Splunk SOAR (On-premises). | |
Playbooks cannot modify declared global variables | Playbook execution has changed. A playbook can no longer modify declared global variables. For details, see Use local variables instead of global variables in the Write better playbooks by following these guidelines article. | |
Automation broker supports just-in-time credential asset settings | You can create assets that use "just in time" credentials with an Automation Broker. See Configure Just In Time Credentials for a asset in Add and configure apps and assets to provide actions in . |
Deprecated features
Python playbook API phantom.set_action_limit()
- entry in Data management API
- entry in Session automation API
This python playbook API is deprecated. This API no longer applies because there is no longer a limit for the number of actions a playbook can run. Existing playbooks which use this APIs will continue to perform the playbooks' function, but will display a deprecation warning about the API.
End of support for CentOS 7
Splunk SOAR (On-premises) release 6.3.0 is the final release that supports CentOS 7. Users are encouraged to migrate their SOAR deployments to a supported operating system, such as RHEL 8, or Oracle Linux 8.
- CentOS Linux 7 reached end of life (EOL) on June 30, 2024.
- For Splunk's operating system support policy, see the section Operating System Support Status on our Splunk Support Policy page.
For information on migrating an existing CentOS 7 installation to Oracle Linux 8, see Migrate a Splunk SOAR (On-premises) install from CentOS 7 to Oracle Linux 8 in Install and Upgrade Splunk SOAR (On-premises).
See also
- For known issues in this release, see Known issues for .
- For fixed issues in this release, see Fixed issues for .
- For release notes for the Splunk SOAR Automation Broker, see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.
Known issues for |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.3.0
Feedback submitted, thanks!