Splunk® App for SOAR

Release Notes

This documentation does not apply to the most recent version of Splunk® App for SOAR. For documentation on the most recent version, go to the latest release.

Known issues

If you are new to Splunk App for SOAR, read the Learn about Splunk App for SOAR topic in the Install and Configure Splunk App for SOAR manual before the release notes.

Release 1.0.41

The following known issues have been identified in this release. If no issues are listed, there are no known issues.

Date filed Issue number Description
April 11, 2023 PAPP-30092 Not all available indexes listed for audit input configurations

Workaround

  1. Create a temporary index called "aaa_soar_temp_index".
  2. In Splunk App for SOAR, navigate to the Configuration tab.
  3. Click the Manage button for the server you want to add an audit input configuration to, and click Add Audit input.
  4. Set the Index as "aaa_soar_temp_index", complete the other required fields, then click Save.
  5. Immediately disable the Audit input.
  6. Go to go to Settings → Data Inputs → audit
  7. Click on your Audit input, click More settings, and select your desired index.

Notes: Do not create new Audit inputs directly in Settings → Data Inputs → audit
The dummy/temp index "aaa_soar_temp_index" is essentially supposed to be an index that will show up early in the index list in the SAS app (aaa for alphabetical ordering).

Last modified on 10 November, 2023
Welcome to Splunk App for SOAR   Fixed issues

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.41


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters