Welcome to Splunk Phantom 4.10.0
If you are new to Splunk Phantom, read About Splunk Phantom in the Use Splunk Phantom manual to learn how you can use Splunk Phantom for security automation.
Begin your Splunk Phantom installation by reviewing the following documentation:
- Known issues in this release of Splunk Phantom
- How can Splunk Phantom be installed? in the Install and Upgrade Splunk Phantom manual.
- General system requirements in the Install and Upgrade Splunk Phantom manual.
Planning to upgrade from an earlier version?
If you plan to upgrade to this version from an earlier version of Splunk Phantom, read Prepare your Splunk Phantom deployment for upgrade in the Install and Upgrade Splunk Phantom manual.
Splunk Phantom requires incremental upgrades from earlier versions. Do not skip any required versions when upgrading Splunk Phantom.
Migrate a privileged Splunk Phantom deployment to an unprivileged deployment
This release contains tools for converting a privileged Splunk Phantom deployment to an unprivileged one.
This migration should only happen at a major release, such as upgrading from Splunk Phantom 4.9 to Splunk Phantom 4.10.0. See Splunk Phantom upgrade overview and prerequisites for more information.
End of support for iptables
Splunk Phantom 4.10.0 is the final release that supports iptables. Both Red Hat Enterprise Linux 7 and CentOS 7 and later releases use firewalld as their default managed firewall. Splunk Phantom scripts and tools in future releases will only support firewalld.
Customers are encouraged to migrate to firewalld to use with future releases of Splunk Phantom.
CentOS 6 and Red Hat Enterprise Linux 6 are no longer supported
As announced in the release notes for Splunk Phantom 4.9, Splunk Phantom 4.10.0 has removed support for CentOS version 6 and Red Hat Enterprise Linux version 6. Both CentOS 6 and Red Hat Enterprise Linux reached End of Life status on November 30, 2020.
Customers are encouraged to migrate to CentOS 7 or Red Hat Enterprise Linux 7 or newer in order to use Splunk Phantom 4.10.0 and future releases of Splunk Phantom. For assistance on migrating to a supported operating system, see Migrate a Splunk Phantom install from REHL 6 or CentOS 6 to RHEL 7 or CentOS 7 in Install and Upgrade Splunk Phantom.
What's new in 4.10.0
This release of Splunk Phantom includes the following enhancements.
New Feature or Enhancement | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Python 3 playbooks and custom functions | Playbooks and custom functions can now be written in Python 3.
| ||||||||||
App API Deprecations | Due to changes in the playbook API, some App APIs are also deprecated.
| ||||||||||
Accessibility enhancements | Many areas of the Splunk Phantom UI have been made more accessible to screen readers and keyboard navigation. | ||||||||||
Unprivileged installs are now the default | Both virtual machine images (OVA) and Amazon Marketplace Images for Splunk Phantom 4.10.0 have been designed to run as unprivileged instances.
| ||||||||||
Markdown support for prompts in Playbooks | Playbook prompts can now be formatted using markdown. | ||||||||||
Data retention tools | Use the new data retention script to manage Splunk Phantom data.
See Use data retention to schedule and manage your database cleanup scripts in Administer Splunk Phantom. | ||||||||||
Improvements to Hashicorp Vault integration |
|
Known issues in this release of Splunk Phantom |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.10
Feedback submitted, thanks!