After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Splunk SOAR (Cloud) in restricted environments
Splunk SOAR (Cloud) is available for restricted environments, such as FedRAMP Moderate (IL2), Health Insurance Portability and Accountability Act (HIPAA), Information Security Registered Assessors Program (IRAP), and Payment Card Industry Data Security Standard (PCI DSS).
- For a description of the Splunk SOAR (Cloud) service, see the Splunk SOAR (Cloud) Service Description.
- For current compliance information, see Compliance at Splunk.
Splunk SOAR (Cloud) FedRAMP Moderate
This section applies only to Splunk SOAR (Cloud) in FedRAMP Moderate environments.
Splunk SOAR (Cloud) is available for customers who must meet United States Federal Information Processing Standard (FIPS) 199 Moderate Impact Level requirements.
Splunk SOAR (Cloud) FedRAMP Moderate is different from Splunk SOAR (Cloud) in these areas:
Area | Difference |
---|---|
Hosting | Splunk SOAR (Cloud) FedRAMP Moderate is hosted in AWS GovCloud (US) regions. |
FIPS mode | FIPS mode is turned on for all Splunk SOAR (Cloud) FedRAMP Moderate deployments.
Any Splunk SOAR Automation Brokers that you use in conjunction with your deployment must also run in FIPS mode. |
Playbooks | Splunk SOAR (Cloud) FedRAMP Moderate playbooks have additional restrictions over Splunk SOAR (Cloud) or Splunk SOAR (On-premises) instances.
|
Automation isolation | Playbook code run in Splunk SOAR (Cloud) FedRAMP Moderate environments is run in isolation using dynamically managed containers. These containers are connected to Splunk SOAR (Cloud) FedRAMP Moderate through an internal automation broker. |
Internal automation broker | Splunk SOAR (Cloud) FedRAMP Moderate uses an internal Splunk SOAR Automation Broker to run actions.
For more information about the Splunk SOAR Automation Broker, see About Splunk SOAR Automation Broker. |
Restoring from Splunk SOAR (On-premises) or Splunk SOAR (Cloud) | Splunk SOAR (Cloud) FedRAMP Moderate does not currently allow migration of any native data from Splunk SOAR (On-premises) or existing Splunk SOAR (Cloud) instances. This data includes containers, artifacts, notes, comments, and playbook and action runs data. A recommended alternative method is to use the Splunk App for SOAR to move relevant data to Splunk Cloud Platform for retention. |
security information | About automation isolation in Splunk SOAR |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Feedback submitted, thanks!