Welcome to Splunk Phantom 4.8

If you are new to Splunk Phantom, read About Splunk Phantom in the Use Splunk Phantom manual to learn how you can use Splunk Phantom for security automation.

Begin your Splunk Phantom installation by reviewing the following documentation:

Known issues in this release of Splunk Phantom
How can Splunk Phantom be installed? in the Install and Upgrade Splunk Phantom manual.
General system requirements in the Install and Upgrade Splunk Phantom manual.

Planning to upgrade from an earlier version?

If you plan to upgrade to this version from an earlier version of Splunk Phantom, read Upgrade a single Splunk Phantom instance or Upgrade a Splunk Phantom cluster in the Install and Upgrade Splunk Phantom manual.

Splunk Phantom requires incremental upgrades from earlier versions. Do not skip any required versions when upgrading Splunk Phantom.

What's new in 4.8

This release of Splunk Phantom includes the following enhancements.

New Feature or Enhancement	Description
Backup and restore	A new tool for creating backups, ibackup.pyc has been created. This tool allows the creation of: full backups incremental backups backups of only the deployment configuration backups of individual components, such as as the database, playbooks, and more. The new ibackup.pyc tool supports backing up a Splunk Phantom cluster, and does not require Splunk Phantom to be offline in order to create backups. See Backup and restore overview in Administer Splunk Phantom.
Python 2 and Python 3 support	Python 2 and Python 3 runtime environments, so that you can develop Python 2 or 3 compatible apps for the platform. See Platform installation for Python 2 and Python 3 in the Develop Apps for Splunk Phantom manual. The new `/opt/phantom/bin/spawn3` daemon instantiates the new interpreter that runs Python 3 app actions, without losing the ability for the existing `/opt/phantom/bin/spawn` daemon to run actions for Python 2 apps. See Splunk Phantom daemons in Administer Splunk Phantom. The spawn and spawn3 logs are both located in `/var/log/phantom/spawn.log`. The actiond daemon is responsible for the debug log that shows if Python version 2 or 3 is being used. See Debug for information about setting debug log levels. A `python_version` parameter has been added to the `/rest/app/<id>` endpoint and is reflected in the asset configuration screen. See /rest/app/<app-id>. Some Splunk Phantom apps are already available as Python 3 apps. To upgrade your app from Python 2 to Python 3, see Convert apps from Python 2 to Python 3 in the Develop Apps for Splunk Phantom manual.
Documentation enhancements	Splunk Phantom product documentation for version 4.8 is available on the Splunk website. See the Splunk Phantom documentation. Splunk Phantom's online documentation is searchable using search engines. Splunk Phantom documentation is available without a Phantom community login. You can set a default choice for viewing documentation in online mode or offline mode. See View Splunk Phantom product documentation in Use Splunk Phantom to configure documentation options in the web interface. See /rest/user_settings in the REST API Reference for Splunk Phantom to configure documentation options using the REST API.
Command line interface	Analysts can now perform a number of tasks from either the command line of the nix shell or from the comments field of a container through the PhBot CLI interpreter in Splunk Phantom. The command-line interface in Splunk Phantom supports a number of tasks: Run an action Run a playbook Add a note to a container Update or edit a container Get datapath information for use with other actions See Splunk Phantom command-line interface overview in Use Splunk Phantom*.
Telemetry	Send anonymized usage data to Splunk to help improve Splunk Phantom in future releases. See Share data in Splunk Phantom in the Administer Splunk Phantom manual.

Welcome to Splunk Phantom 4.8

Planning to upgrade from an earlier version?

What's new in 4.8

Comments

Welcome to Splunk Phantom 4.8

Was this topic useful?