Splunk® App for SOAR Export

Use the Splunk App for SOAR Export to Forward Events

Splunk App for SOAR Export release notes

Welcome to release 4.3.13

This release of Splunk App for SOAR Export, released on June 5, 2024, includes the following enhancements:

Feature Description
New email datatype Added a new CEF data type, email, used in both event forwarding and global field mapping.
Updated search API endpoint to
version 2 		Updated from Splunk search API endpoint version 1.
Increased time to send Adaptive Response Action data Time allotted increased to 10 minutes, to accommodate sending larger amounts of data.
Event forwarding: FIPS mode Splunk App for SOAR Export now uses a call to /services/server/info to check if your Splunk deployment is in FIPS mode.
FIPS mode affects the SOAR container and artifact source_data_identifier hashes:
  • If Splunk is in FIPS mode: These hashes are sha256.
  • If Splunk is in not FIPS mode: These hashes are md5.
Updated libraries Updated the following libraries:
  • axios updated to 0.28.0
  • certifi updated to 2023.07.22
  • cloudconnectlib updated to 3.1.3
  • httplib2 updated to 0.22.0
  • requests updated to 2.31.0
  • setuptools updated to 69.1.0
  • splunklib updated to 1.7.4
  • splunktalib updated to 3.0.4
  • urllib3 updated to 1.26.7

Fixed issues in this release

This version of Splunk App for SOAR Export fixes the following issues:

Date resolved Issue number Description
2024-05-01 PAPP-32468 Failed adaptive response action statuses erroneously display as successful
2024-03-25 PAPP-33359 Improve stability to address missing modules that can cause occasional interruptions
2024-03-06 PAPP-15101 Alert Action config: Account names not replicated across search head cluster
2024-02-28 PAPP-33280 Adaptive Response Action needs more time to send data
2024-02-14 PAPP-32614 If field names mapped, Artifacts tab only needs to display custom mapped field names and not original field names

Known issues in this release

This version of Splunk App for SOAR Export has the following known issues. If there are no issues listed, there are currently no known issues in this release.

Date filed Issue number Description
2024-02-23 PAPP-33268 Custom search does not populate fields to map
Last modified on 29 August, 2024
  About Splunk App for SOAR Export

This documentation applies to the following versions of Splunk® App for SOAR Export: 4.3.13

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters