Splunk® Automation Broker

Set Up and Manage the Splunk SOAR Automation Broker

What's new in Splunk SOAR Automation Broker

Splunk SOAR Automation Broker allows you to run playbooks, actions, or connect to applications or assets in your on-premises environment from your Splunk SOAR (Cloud) deployment.

Splunk SOAR Automation Broker can be used to run playbooks, actions, or connect to applications or assets in segregated segments of your organization's network from your Splunk SOAR (On-premises) deployment.

May 29, 2024

Feature Description
Added environment variables to docker-compose.yaml Added two new environment variables:
  • PUID - This variable is the UI of the account that should run the Automation Broker. The default is 1000.
  • PGID - This variable is the GID of the account that should run the Automation Broker. The default is 1000.

March 28, 2024

This release of the Splunk SOAR Automation Broker updates the operating system inside the container to Ubuntu 20.04.

Feature Description
Replaced the operating system inside the container The operating system inside the Splunk SOAR Automation Broker's container has been replaced with Ubuntu 20.04.

November 30, 2023

This release of Splunk SOAR Automation Broker includes expanded support for privileged access managers such as CyberArk.

Feature Description
Improved support for CyberArk privileged access manager CyberArk integration with Splunk SOAR (Cloud) and Splunk SOAR (On-premises) was improved with their release 6.2.0. This Splunk SOAR Automation Broker supports those enhancements. For details, see Use CyberArk Vault Privileged Access Manager with Splunk SOAR (On-premises) in the Manage your organization's credentials with a password vault topic.

September 07, 2023

This release of Splunk SOAR Automation Broker includes bug fixes for known issues.

July 12, 2023

This release of Splunk SOAR Automation Broker includes the following enhancements:

Feature Description
Support for FIPS Splunk SOAR Automation Broker now supports FIPS mode at Security Level 1.
Based in Ubuntu Splunk SOAR Automation Broker is now based in Ubuntu, not Centos.

May 17, 2023

This release of Splunk SOAR Automation Broker includes the following enhancements:

Feature Description
Support for Podman The containerization solution Podman can be used to install, run, and manage your Splunk SOAR Automation Broker. See these topics for additional information:

February 22, 2023

This release of Splunk SOAR Automation Broker includes the following enhancements:

Feature Description
Automatic rotation for authentication keys User authentication keys (also referred to as tokens) are now automatically rotated every 30 days. A process runs at 10 PM (of the paired SOAR deployment's local time) to identify and mark any of the user authentication keys which need to be reauthenticated, then new keys are sent via websocket from SOAR to the Automation Broker. No user intervention is required.

Enhancements for 2022 releases

Expand to see all enhancements for 2022 releases.

December 14, 2022

This release of Splunk SOAR Automation Broker includes the following enhancements:

Feature Description
New UI for reauthorizing authentication keys A new menu item was added to the user interface to get new credentials for Automation Brokers whose credentials have expired. See Rotate the encryption keys for the Splunk SOAR Automation Broker in Set Up and Manage the Splunk SOAR Automation Broker for more information.

October 27, 2022

This release of Splunk SOAR Automation Broker includes the following enhancements:

Feature Description
Automatic update for Splunk SOAR Automation Broker Once upgraded to this release, the Splunk SOAR Automation Broker can automatically upgrade itself when new versions are released. See Upgrade or update the Splunk SOAR Automation Broker in Set Up and Manage the Splunk SOAR Automation Broker.
Simplified install process The process for installing and configuring the Splunk SOAR Automation Broker has been simplified. See Install Splunk SOAR Automation Broker.
Splunk SOAR Automation Broker available for Splunk SOAR (On-premises) You can now use the Splunk SOAR Automation Broker in Splunk SOAR (On-premises) deployments. The Splunk SOAR Automation Broker acts to connect assets in complex network configurations to your Splunk SOAR (On-premises) instance. See About Splunk SOAR Automation Broker.

September 28, 2022

This release of Splunk SOAR Automation Broker includes the following enhancements:

Feature Description
Removed Splunk Cloud Gateway dependency The Splunk SOAR Automation Broker no longer requires Splunk Cloud Gateway to connect your on-premises services to your Splunk SOAR (Cloud) deployment.
Simplified the process for adding trusted certificates If you have previously installed custom CA certificates for your Splunk SOAR Automation Broker, you must add them again. See: Add a Certificate Authority to the Splunk SOAR Automation Broker.
Notifications The Splunk SOAR Automation Broker establishes a direct connection to your Splunk SOAR deployment to receive action notifications.
Configuration updates The Splunk SOAR Automation Broker configuration will be automatically updated when a Docker image with a new version of Automation Broker is started.
Last modified on 29 May, 2024
  Known issues for Splunk SOAR Automation Broker

This documentation applies to the following versions of Splunk® Automation Broker: current, current, current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters