Known issues in this release of Splunk Phantom
The following are issues and workarounds for this version of Splunk Phantom.
Date filed | Issue number | Description |
---|---|---|
2021-04-09 | PPS-25693 | Python3 playbook converter fails when there is custom function block without custom code Workaround: Either remove the empty function block or add temporary code to the empty function block before converting the playbook. |
2021-03-25 | PPS-25634, PSAAS-2292, PORT-484 | "Error" in web interface and "ERROR: App install failed" in wsgi.log when updating Apps on a release of Splunk Phantom with a lower minor version number than the final release for that version. Workaround: If you receive this error, take the following steps: 1. Upgrade to the latest Splunk Phantom platform release. Use the
2. Once the Splunk Phantom platform upgrade is complete, upgrade your installed Apps upgraded using the Main Menu > Apps, then clicking the APP UPDATES button. |
2021-02-25 | PPS-25550 | Cannot add Severity when Audit Trail is enabled in multi-tenancy environment |
2021-02-25 | PPS-25551 | During Phantom cluster upgrade from 4.9 to 4.10 releases does not generate correct certificates Workaround: Restore the certificates from the backup made during the upgrade. Do these steps on each Splunk Phantom node.
|
2021-02-18 | PPS-25507 | ibackup incorrectly identifies space requirements |
2021-02-17 | PPS-25501 | Workbook task won't restart or reassign when it is assigned to a role with multiple users and Audit Trail is enabled |
2021-01-18 | PPS-25333 | Search index 'phantom_app_run' is indexing duplicate records. |
2021-01-12 | PPS-25300 | Large number of prompt notifications could reach database connection limit Workaround: unknown |
2021-01-11 | PPS-25294, PAPP-13589 | Some Python3 apps time out when trying to load the correct version of libpython Workaround: First, to verify the problem exists, you can run the following: $ ldconfig -p | grep libpython libpython2.7.so.1.0 (libc6,x86-64) => /lib64/libpython2.7.so.1.0 It will look something like this. It will not show libpython3.6 To resolve the problem, you should add a configuration file on disc pointing the ld cache to the correct directory $ cd /etc/ld.so.conf.d/ $ echo "$PHANTOM_HOME/usr/python36/lib64/" > python3.6.conf $ ldconfig $PHANTOM_HOME might not be defined. This will be (/opt/phantom) on a normal privileged install. Verify it is fixed by rerunning
To validate the issue use the following command instead. # readelf -d /opt/phantom/bin/spawn3 | grep RPATH 0x000000000000000f (RPATH) Library rpath: [$ORIGIN/../usr/python36/lib64/:/opt/phantom/usr/python36/lib64]
|
2020-12-22 | PPS-25249 | Warm Standby : --status "DB replication currently not streaming" incorrect |
2020-12-22 | PPS-25250 | In the Investigation screen, the Action overlay loads very slowly, and is not paginated |
2020-12-21 | PPS-25246 | Filter block and decision block do not return correct result when called multiple times on the same chain of action results |
2020-12-16 | PPS-25235 | Decision block does not work correctly when using 'is not in' and 'is in' operator |
2020-12-14 | PPS-25220 | "phenv diag" shows traceback for license info |
2020-12-11 | PPS-25216 | When using the "Related Event" item from the artifact info screen in Investigation, produces error 'indicator_value 404 Not found' then displays a never-ending 'loading history' message |
2020-12-08 | PPS-25187 | Python2 to Python3 converted playbooks show pre-converted code for custom function block in VPE edit mode; The actual code is shown correctly in VPE non Edit mode |
2020-12-08 | PPS-25184, PPS-24958 | Disabling a node in a cluster may crash the system health page if the page is loaded before disabling the node is processed. |
2020-12-07 | PPS-25176 | Adding a file to the vault counts as a licensed event. |
2020-11-30 | PPS-25111 | Creating an artifacts with a cef_name that contains a space crashes JS when viewing the artifact. |
2020-11-20 | PPS-25071 | Artifacts pulldown menu is partially hidden by MANAGE WIDGETS bar |
2020-11-18 | PPS-25038 | Boolean parameter 'Verify server certificate' is treated as 'None' by the Splunk Phantom platform. |
2020-09-09 | PPS-24480 | Scheduled reports do not run |
2020-08-20 | PPS-24285 | Child playbook or Custom Function error can cause parent playbook to hang |
2020-06-15 | PPS-23462 | Playbook API collect_from_contains fails to return data from user-defined and regular CEF types |
Welcome to Splunk Phantom 4.10.0 | Fixed issues in this release of Splunk Phantom |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.10
Feedback submitted, thanks!