Upgrade the Splunk App for SOAR on Splunk Cloud Platform
This article describes how to upgrade the Splunk App for SOAR to the latest version.
Upgrade the Splunk App for SOAR
To upgrade the Splunk App for SOAR from version 1.0.0 to version 1.0.38 on Splunk Cloud Platform, follow these steps:
- Check the prerequisites and required steps described in Check prerequisites for Splunk App for SOAR.
- Submit a support request to the Splunk Cloud Platform team to assist you with upgrading the Splunk App for SOAR.
To submit a support request, follow the instructions in the Splunk Cloud Requests for Apps and Add-ons Resources section of the Working with Splunk Support document. Note that upgrading the Splunk App for SOAR is considered to be not self service.
Confirm after upgrading
For both single search head and search head cluster installations:
In some cases after upgrading, audit inputs might be disabled. To enable your audit inputs, follow these steps:
- Within the Splunk App for SOAR, navigate to the Configurations tab.
- Toggle the Audit Input Status switch off and then on again.
For search head cluster installations:
In some cases after upgrading, server configurations and audit inputs might not synchronize properly across all search heads. To check synchronization and address improper synchronization, follow these steps:
- Within the Splunk App for SOAR, navigate to the Configurations tab.
- Check your search heads to see if your server configurations and audit inputs are replicating across the search head cluster. If they are synced properly, end the process here. If they are not synced properly across all search heads, continue with the next step.
- In the Configurations tab, locate each of the SOAR server configurations and audit inputs that you want to replicate across the search head cluster.
- For each server configuration you want to replicate: Under the Actions column, click Manage, then click Edit Server. Do not make any changes to the configuration. Then click Save.
- For each audit input replication, first complete the replication step for its corresponding server configuration, then under Manage, select Edit Server. Do not make any changes to the configuration. Then click Save
Changes your admin makes to the IP allow list in Splunk Cloud Platform can affect the integration with Splunk App for SOAR. If your admin makes changes to the IP allow list, test Splunk App for SOAR to make sure it works as expected.
Upgrade Splunk App for SOAR on Splunk Enterprise | Assign roles for Splunk App for SOAR |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.38, 1.0.41, 1.0.57
Feedback submitted, thanks!