Splunk® SOAR (On-premises)

Release Notes

The visual editor for classic playbooks was removed from Splunk SOAR in release 6.4.0. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:

Welcome to Splunk SOAR (On-premises) 6.4.0

The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

If you are new to , read About in the Use manual to learn how you can use for security automation.

If your deployment uses the Splunk SOAR Automation Broker see see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.

February 25, 2025 Release 6.4.0

Removed feature

Classic Playbook Editor: As of this release, Splunk SOAR no longer includes the classic visual editor. Your existing classic playbooks still run. To view or edit your classic playbooks visually, convert them to modern mode. For details, see Convert classic playbooks to modern playbooks.

All articles about the classic playbook editor are also removed from the Splunk SOAR product documentation.

Deprecated features

Splunk Mobile App for Splunk SOAR (On-premises): As of this release, this feature is deprecated and will be removed in late 2025.

Amazon Linux 2: As of this release, support for Amazon Linux 2 is deprecated. Amazon Linux 2023 is supported. For migration information, see Migrate a Splunk SOAR (On-premises) install from Amazon Linux 2 to Amazon Linux 2023.

Upgrade information for APIs

If you are upgrading from a previous version, be aware that playbooks you create in Splunk SOAR version 6.4.0 and beyond are not backward compatible with previous versions of Splunk SOAR. In Splunk SOAR version 6.4.0, playbooks introduced two new API endpoints:

The new APIs function similarly to the former APIs, but also provide more information needed for the data preview panel.

What's new in

This release of includes the following enhancements.

Splunk idea Feature Description
Guided automation Guided Automation, also known as Data Preview, now supports additional playbook blocks, including Prompt, Format, Code, and Utility (Custom Function) blocks. For details, see Use Data Preview to build, test, and edit playbooks.
Expanded operating system support Splunk SOAR now includes support for Red Hat Enterprise Linux 9, Oracle Linux 9, and Amazon Linux 2023. For information on migrating Splunk SOAR to a newer operating system see:
Pylint updates In preparation for the future support of Python 3.13, the Python linter in the visual playbook editor (VPE) is updated to include warnings and alerts for features that will change between Python 3.9 (currently supported) and Python 3.13 (supported soon).
Improved throughput All new assets will now have a default concurrency limit of 50. The default limit for your existing assets has been raised to 50. For details, see the Set the global action concurrency limit section of the Set global environment settings for Splunk SOAR article.
Focused playbook debugging The data preview panel now includes a sub-tab called "Logs" for each block within a playbook. The new Logs tab displays a subset of the Debugger output for the highlighted block. For details, see the View logs for a specific playbook block section of the Use Data Preview to build, test, and edit playbooks article.
Python code editor: find and replace New functionality to accurately find and replace strings in the Python Editor tab of Data Preview. The find and replace function supports Python regex patterns and keyboard shortcuts. For details, see View or edit the Python code in Splunk SOAR (Cloud) playbooks.
Data preview block order The Data Preview panel now displays playbook blocks in order of appearance in the playbook, rather than the order in which they were added to the canvas. For details about the Data Preview panel, see Use Data Preview to build, test, and edit playbooks.

This version of Splunk SOAR uses Splunk Universal Forwarder version 9.3.0.


See also

Last modified on 06 March, 2025
  Known issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.4.0

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters