Splunk® Phantom (Legacy)

Release Notes

This documentation does not apply to the most recent version of Splunk® Phantom (Legacy). For documentation on the most recent version, go to the latest release.

Known issues in this release of Splunk Phantom

The following are issues and workarounds for this version of Splunk Phantom.


Date filed Issue number Description
2021-04-09 PPS-25693 Python3 playbook converter fails when there is custom function block without custom code

Workaround:
Either remove the empty function block or add temporary code to the empty function block before converting the playbook.
2021-03-25 PPS-25634, PSAAS-2292, PORT-484 "Error" in web interface and "ERROR: App install failed" in wsgi.log when updating Apps on a release of Splunk Phantom with a lower minor version number than the final release for that version.

Workaround:
If you receive this error, take the following steps:

1. Upgrade to the latest Splunk Phantom platform release. Use the --without-apps option. See:

2. Once the Splunk Phantom platform upgrade is complete, upgrade your installed Apps upgraded using the Main Menu > Apps, then clicking the APP UPDATES button.

2021-02-25 PPS-25550 Cannot add Severity when Audit Trail is enabled in multi-tenancy environment
2021-02-25 PPS-25551 During Phantom cluster upgrade from 4.9 to 4.10 releases does not generate correct certificates

Workaround:
Restore the certificates from the backup made during the upgrade.

Do these steps on each Splunk Phantom node.

  1. SSH to the Splunk Phantom node.
  2. Stop Splunk Phantom.
    /<PHANTOM_HOME>/bin/stop_phantom.sh
  3. Change directory to <PHANTOM_HOME>/etc/consul/ssl/ca/
  4. Rename cacert.pem.bak.<date/time> to cacert.pem
    mv cacert.pem.bak.<date/time> cacert.pem
  5. Rename privkey.pem.bak.<date/time> to privkey.pem
    mv privkey.pem.bak.<date/time> privkey.pem
  6. Restart Splunk Phantom.
    /<PHANTOM_HOME>/bin/start_phantom.sh

2021-02-18 PPS-25507 ibackup incorrectly identifies space requirements
2021-02-17 PPS-25501 Workbook task won't restart or reassign when it is assigned to a role with multiple users and Audit Trail is enabled
2021-01-18 PPS-25333 Search index 'phantom_app_run' is indexing duplicate records.
2021-01-12 PPS-25300 Large number of prompt notifications could reach database connection limit

Workaround:
unknown
2021-01-11 PPS-25294, PAPP-13589 Some Python3 apps time out when trying to load the correct version of libpython

Workaround:
First, to verify the problem exists, you can run the following:

$ ldconfig -p | grep libpython libpython2.7.so.1.0 (libc6,x86-64) => /lib64/libpython2.7.so.1.0

It will look something like this. It will not show libpython3.6

To resolve the problem, you should add a configuration file on disc pointing the ld cache to the correct directory

$ cd /etc/ld.so.conf.d/ $ echo "$PHANTOM_HOME/usr/python36/lib64/" > python3.6.conf $ ldconfig

$PHANTOM_HOME might not be defined. This will be (/opt/phantom) on a normal privileged install.

Verify it is fixed by rerunning ldconfig -p | grep libpython. libpython3.6 should be present.


To validate the issue use the following command instead.

# readelf -d /opt/phantom/bin/spawn3 | grep RPATH
 0x000000000000000f (RPATH)              Library rpath: [$ORIGIN/../usr/python36/lib64/:/opt/phantom/usr/python36/lib64]


2020-12-22 PPS-25249 Warm Standby : --status "DB replication currently not streaming" incorrect
2020-12-22 PPS-25250 In the Investigation screen, the Action overlay loads very slowly, and is not paginated
2020-12-21 PPS-25246 Filter block and decision block do not return correct result when called multiple times on the same chain of action results
2020-12-16 PPS-25235 Decision block does not work correctly when using 'is not in' and 'is in' operator
2020-12-14 PPS-25220 "phenv diag" shows traceback for license info
2020-12-11 PPS-25216 When using the "Related Event" item from the artifact info screen in Investigation, produces error 'indicator_value 404 Not found' then displays a never-ending 'loading history' message
2020-12-08 PPS-25187 Python2 to Python3 converted playbooks show pre-converted code for custom function block in VPE edit mode; The actual code is shown correctly in VPE non Edit mode
2020-12-08 PPS-25184, PPS-24958 Disabling a node in a cluster may crash the system health page if the page is loaded before disabling the node is processed.
2020-12-07 PPS-25176 Adding a file to the vault counts as a licensed event.
2020-11-30 PPS-25111 Creating an artifacts with a cef_name that contains a space crashes JS when viewing the artifact.
2020-11-20 PPS-25071 Artifacts pulldown menu is partially hidden by MANAGE WIDGETS bar
2020-11-18 PPS-25038 Boolean parameter 'Verify server certificate' is treated as 'None' by the Splunk Phantom platform.
2020-09-09 PPS-24480 Scheduled reports do not run
2020-08-20 PPS-24285 Child playbook or Custom Function error can cause parent playbook to hang
2020-06-15 PPS-23462 Playbook API collect_from_contains fails to return data from user-defined and regular CEF types
Last modified on 13 August, 2022
Welcome to Splunk Phantom 4.10.0   Fixed issues in this release of Splunk Phantom

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters