Splunk® SOAR (Cloud)

Migrate from Splunk Phantom to Splunk SOAR (Cloud)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Migrate Splunk Phantom applications to Splunk SOAR (Cloud)

Perform the following steps to migrate Splunk Phantom applications to Splunk SOAR (Cloud):

  1. Convert all apps to use Python 3. See Convert apps from Python 2 to Python 3 in the Develop Apps for Splunk Phantom manual. You might have completed this step as part of the prerequisites for migration. See Prerequisites for migrating from Splunk Phantom to Splunk SOAR (Cloud).
  2. Reinstall community applications. See Add and configure apps and assets to provide actions in in the Administer manual. Any community applications that are not Python 3 compliant must be converted to Python 3 prior to installation.
  3. Configure certified Splunk SOAR (Cloud) applications. Certified Splunk SOAR (Cloud) applications that are Python 3 compliant are pre-installed and can be configured as they exist in your Splunk Phantom instance.
  4. Convert and test custom apps for Python 3. See Convert apps from Python 2 to Python 3 in the Develop Apps for Splunk Phantom manual.
  5. Ensure that custom applications don't have the same product_vendor and appid in the application configuration. This ensures that the application isn't overwritten by existing Splunk community or certified applications during upgrades or application updates. See Top level definition in the Develop Apps for Splunk Phantom manual.
  6. If you have custom apps, be sure that all of the packages that those apps are dependent on are specified in the associated configuration JSON files as either wheel or PyPi dependencies. This might be required if you previously installed extra packages throughout the system using the phenv python pip install command, which is not possible in Splunk SOAR (Cloud) environments. See Specifying pip dependencies in the Develop Apps for Splunk SOAR manual.
  7. If any of your playbooks or custom functions import libraries that were not provided by Splunk Phantom or Splunk SOAR (on-premises), which were likely installed manually via the phenv python pip install command, you must either change those playbooks and custom functions to use only libraries provided by Splunk SOAR (Cloud), or create custom apps instead.

In Splunk SOAR (Cloud), you don't need to submit customized apps to Splunk for review before installing the app.

Last modified on 06 November, 2024
Migrate Splunk Phantom administration settings to Splunk SOAR (Cloud)   Migrate Splunk Phantom playbooks and custom functions to Splunk SOAR (Cloud)

This documentation applies to the following versions of Splunk® SOAR (Cloud): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters