Splunk® SOAR (Cloud)

Administer Splunk SOAR (Cloud)

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Configure a source control repository for your playbooks

You can save your playbooks in Git repositories. By default, playbooks are managed in a Git repository called local. You can create additional Git repositories as needed. Doing so enables you to perform the following tasks:

  • Import and export playbooks and share facilities among instances. For example, you can use Git to publish playbooks from a development environment to a separate production environment.
  • Edit playbooks using a tool of your choice instead of the web interface.

Once you edit a playbook outside of the Visual Playbook Editor (VPE), you can no longer use drag and drop blocks in the VPE to edit that playbook. Any subsequent edits in the VPE are only possible by editing the full playbook. This is not recommended.

also uses a Git repository to publish company-authored playbooks for customers to download. This repository is called the community repository and is configured on by default. You can restore this repository if you accidentally remove it. See Restore the community playbook repository.

You can transfer playbooks to Git using HTTP, HTTPS, or Git. Other protocols can be authenticated or anonymous if supported by the server.

Access the source control settings in

To access the source control settings, perform the following steps:

  1. From the Home menu, select Administration.
  2. Select Administration Settings > Source Control.

You can also access the source control settings from any Playbooks page by clicking Manage source control.

Set up a playbook repository using HTTP, HTTPS, or Git

To set up a Git repository using HTTP, HTTPS, or Git protocols, perform the following steps:

  1. From the Home menu, select Administration.
  2. Select Administration Settings > Source Control.
  3. Select Configure a new repository from the Repositories drop-down list.
  4. Provide a repository URL, repository name, and branch name. The repository name can be any name that describes your repository.
  5. For HTTP and HTTPS, specify a username and password. attempts to connect anonymously if no username or password is provided. When crafting the URI, converts https://server... to https://username:password@server.... The Git protocol is not authenticated and does not require a username or password.
  6. Click Save Changes.

The repository needs to have at least one commit in it in order to be added to . Additionally, a repository that is added to can't be edited. If you need to make a change, delete the repository and then add it again.

The username and password strings are separated so that the password can be encrypted and stored and not displayed to other administrators. However, passwords are stored as clear text in the Git configuration file for that repository.

Git hooks and the SOAR Playbook Editor

does not directly support Git hooks. If you choose to use git hooks in your system, be aware of the following:

  • There is a risk that the playbook editor will not be able to save or push changes because the Git configuration rejects a commit.
  • To avoid this issue, direct to push to a staging repository or branch that will not reject pushes. This prevents the playbook editor from being blocked from saving and pushing changes. Handle merge conflicts or other issues manually when pushing from the staging repository to the original repository.

If your playbook editor is blocked from pushing to the remote repository, follow these steps:

  1. Delete the repository and recreate it in . The playbook reverts to the last successful push and removes all changes made after the last successful push.
  2. Recreate your changes and try to push again.

Use repositories from the Playbooks page

You can make use of configured repositories on the Playbooks page. See View the list of configured playbooks for more information.

Restore the community playbook repository

The community playbook repository is a collection of playbooks vetted by the community. This repository is configured by default when is installed. Follow the procedure to restore the community repository if it is accidentally altered or deleted.

  1. From the Home menu, select Administration.
  2. Select Source Control.
  3. In the Repositories drop-down list, select Configure a new repository.
  4. In the Repo URL field, type the URL: https://github.com/phantomcyber/playbooks.git
  5. In the Repo Name field, type community.
  6. In the Branch Name field, enter the version of you are running, up to the second set of digits. For example, if you are running version 4.10.3 enter 4.10 in this field.
  7. Check the Read Only check box.
  8. Click Save Changes.
Last modified on 17 May, 2023
View your license
Customize email templates in

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters