Splunk App for SOAR Export release notes
The 4.1.135 version of the Splunk App for SOAR Export includes the following enhancements:
- When sending notable events to Splunk SOAR using either Send to SOAR or Run Playbook in SOAR, you can now use the Grouping setting to select whether you want events passed to Splunk SOAR to be grouped into one container, rather than in separate containers. See Run adaptive response actions in Splunk ES to send notable events to Splunk Phantom or Splunk SOAR. This functionality requires that the Splunk Common Information Model (CIM), Splunk Enterprise Security (ES), or both are also installed in your Splunk instance.
- The install/update process for Splunk App for SOAR Export no longer needs to check for updated versions. The check_for_updates flag has been removed from
phantom/default/app.conf
.
Fixed issues in this release
This version of the Splunk App for SOAR Export was released on August 25, 2022 and fixes the following issues.
Date resolved | Issue number | Description |
---|---|---|
2022-07-29 | PAPP-25896 | Event forwarding configuration UI is limited to 100 results. |
2022-07-27 | PAPP-26065 | Alert action account entries require page refresh to be visible in UI after update. |
2022-06-09 | PAPP-19281 | When creating a new event forwarding configuration, the configuration sometimes does not show up in the UI. |
Known issues in this release
This version of the Splunk App for SOAR Export was released on August 25, 2022 and has the following known issues.
Date filed | Issue number | Description |
---|---|---|
2023-08-08 | PAPP-31554 | Artifact title missing in SOAR when posting via scheduled alert actions |
2023-07-19 | PAPP-31340 | ES Notable multiline comments are not exported to SOAR Workaround: No workaround is available. |
2021-11-26 | PAPP-21689 | Send to SOAR sometime throws "IndexError: list index out of range". |
2021-05-19 | PAPP-17108 | Adaptive Response Relay produces error message in Cloud Workaround: Create a saved search report to invoke Send to SOAR or Run SOAR Playbook actions, as described in these steps:
If the key word | eval _phantom_workaround_description = [| rest /services/saved/searches/Test%20Alert%20Title | eval desc="\"".description."\"" |return $desc] |
About the Splunk App for SOAR Export | Check prerequisites for Splunk App for SOAR Export on Splunk Enterprise |
This documentation applies to the following versions of Splunk® App for SOAR Export: 4.1.135
Feedback submitted, thanks!