Known issues in this release of Splunk Phantom

The following are known issues and workarounds for this release of Splunk Phantom.

Date filed	Issue number	Description
2021-06-04	PPS-25852	Container deletion fails if Files contains duplicate files
2021-06-02	PPS-25847	Automation is not run when adding duplicate artifact from same batch/post
2021-05-22	PPS-25826	Custom Function Converter: Added "import" statement is inserted in the wrong place
2021-04-29	PPS-25772	Non-default App numeric asset configurations are stored as strings
2021-02-18	PPS-25507	ibackup incorrectly identifies space requirements
2020-12-21	PPS-25246	Filter block and decision block do not return correct result when called multiple times on the same chain of action results
2020-12-11	PPS-25216	When using the "Related Event" item from the artifact info screen in Investigation, produces error 'indicator_value 404 Not found' then displays a never-ending 'loading history' message
2020-11-18	PPS-25038	Boolean parameter 'Verify server certificate' is treated as 'None' by the Splunk Phantom platform.
2020-06-15	PPS-23462	Playbook API collect_from_contains fails to return data from user-defined and regular CEF types

Date filed	Issue number	Description
2022-07-20	PSAAS-9535	after --standby-mode --off postgresql.phantom.conf not cleaned up Workaround: manually disable archive_mode by removing postgresql.phantom.conf and editing postgresql.conf to delete the include_if_exists 'postgresql.phantom.conf' (for thoroughness). restart postgresql
2021-08-25	PSAAS-3346	Warm standby missing logging in 4.10 as compared to 4.8
2021-08-25	PSAAS-3342, PSAAS-9527	Warm standby: After --primary-mode --off archive_mode is still on, potentially filling up disk space and crashing postgresql and system Workaround: manually disable archive_mode by removing postgresql.phantom.conf and editing postgresql.conf to delete the include_if_exists 'postgresql.phantom.conf' (for thoroughness). restart postgresql
2021-08-23	PSAAS-3289	Can't Delete Value from Org Id/Set Domain for Thycotic password vault
2021-08-13	PSAAS-2953	Phantom upgrade: Fix incompatible pysaml2 issue with Error message: djangosaml2 0.16.11 requires pysaml2==4.4.0, but you'll have pysaml2 5.0.0 which is incompatible. Workaround: Uninstall djangosaml2 before running the upgrade: Run `phenv pip3 uninstall djangosaml2` To verify that the djangosaml2 package has been removed, run: `phenv pip3 freeze \| grep djangosaml` `The djangosaml2 package should not appear.` Why is this workaround necessary?* djangosaml2 was removed as a dependency between 4.9 and 4.10.0. Platform upgrades do not attempt to clear out old pip dependencies that have been removed from the product: Platform upgrades don't have a list of dependencies installed during the previous version Users are free to install their own packages These factors mean that Splunk Phantom's upgrades are incapable of distinguishing between packages removed from Phantom and packages added by customers. Therefore, the upgrade errs on the side of caution and leaves old dependencies on the system, rather than risk removing dependencies that users may rely upon.
2021-08-04	PSAAS-2796	Case Fields not updating upon label change Workaround: They can edit the case, change it's label and click save. Click edit again, select the advanced dropdown toggle, and it will display the correct info.
2021-08-04	PSAAS-2795	BaseConnector save_progress messages not showing up in Playbook Debugger
2021-07-14	PSAAS-2556	RCA - Upgrade : UWSGI fails to start with RuntimeError: populate() isn't reentrant Workaround: Set the permissions on the file /tmp/uwsgi_invalidate_ss_cache_trigger. `chmod 664 /tmp/uwsgi_invalidate_ss_cache_trigger` `/opt/phantom/bin/phsvc restart uwsgi`
2021-07-14	PSAAS-2588, PSAAS-2691	The platform unable to properly kill off a runner, causing playbooks to get stuck running if playbook killed by timeout Workaround: Yes, customer knows they can work on the Anomali app to return fewer lines, or truncate somehow the REGEX, or use another method for the REGEX... but that is not what cx is reporting. The child PB is stopping gracefully and the parent should be notified and be able to handle that. Maybe the block that call the subplaybook could return a -1 or something... just an idea.
2021-07-08	PSAAS-2509	Playbook: Filtering an IP address against a value with a "/" fails
2021-07-02	PSAAS-2507	After upgrading to Splunk Phantom version 4.10, the ibackup tool silently fails due to incorrect permissions set on its log files Workaround: Manually changing ownership of the log files in /var/log/phantom/backup with the command resolves the issue: Log in to your Splunk Phantom instance as either root or a user with sudo permissions. Go to the /var/log/phantom/backup directory. cd /var/log/phantom/backup Change the ownership of all the log files to postgres:postgres. chown postgres:postgres *.log
2021-06-25	PSAAS-2405, PSAAS-2690	DECIDED daemon hangs after all the actions in the parent and child playbooks are finished Workaround: work around at this moment
2021-06-24	PSAAS-2373	Exception (AttributeError: 'bool' object has no attribute 'lower') raised when running make_cluster_node.pyc with a response.json file
2021-06-24	PSAAS-2378	Activity timeout does not take activity into account Workaround: set activity timeout to 0.
2021-06-14	PSAAS-2186, MALT-2266	Events widgets data does not match analyst queue data
2021-05-05	PSAAS-2436	Changing an artifact's tenancy will not update it in the indicator table
2021-03-22	PSAAS-2359	Analyst Queue: Blank screen with "TypeError: e.reduce is not a function" because of improperly created tags
2021-03-05	PSAAS-2281	Containers are being opened even if an artifact submission fails

Related answers from Splunk Community

Known issues in this release of Splunk Phantom

Comments

Was this topic useful?