Welcome to 5.0.1
As of this release, Splunk Phantom is .
If you are new to , read About in the Use manual to learn how you can use for security automation.
Begin your installation by reviewing the following documentation:
- Known issues in this release of
- How can be installed? in the Install and Upgrade manual.
- General system requirements in the Install and Upgrade manual.
Planning to upgrade to from an earlier Splunk Phantom version?
If you plan to upgrade to this version from an earlier version of , read Prepare your deployment for upgrade in the Install and Upgrade manual.
requires incremental upgrades from earlier Splunk Phantom versions. Do not skip any required versions when upgrading .
For example, if you wish to upgrade to Splunk SOAR 5.0.1 from Splunk Phantom 4.9, you will first need to upgrade Splunk Phantom to 4.10.7.
What's new in 5.0.1
This release of includes the following enhancements.
|Introducing an all new Playbook Editor||This release introduces a new playbook editor. This playbook editor presents a vertical user interface, wider blocks for longer descriptions, labels for descriptions and filters, and UI-based configuration options for playbook APIs. Additionally, the playbook editor introduces "input" playbooks which allow for configuring input parameters supporting modular playbook design. Finally, output parameters can be defined for all playbooks adding to the modularity of playbooks. You have the option to choose between these playbooks and the classic playbooks to ensure existing playbooks can still be edited as necessary.
For more information on playbooks and classic playbooks, see Choose between playbooks and classic playbooks in in Build Playbooks with the Playbook Editor.
|Telemetry for Playbook Editor||The telemetry reports contain the following:
See Share data from .
|JSON logging format||You can configure the logging format for JSON or plaintext.|
|Classic playbook API block||You can fetch updated container data in the classic playbook API block.
See Advanced settings.
|Global action concurrency limit||The global action concurrency limit number now limits the maximum number of concurrent actions across . This number previously functioned in a per-asset way. The default is 150. If you're upgrading an existing instance, you'll notice that this number is automatically increased in your configuration to 150. You can tune this as needed for your environment. After changing this value, needs to be restarted for it to take effect.|
|Display playbook run input and output data in Investigation page||Playbook run result, input and output data will be shown by clicking the playbook name in the Investigation page Activity panel.|
|Updated password requirements||All new installations of require passwords to be at least 8 characters in length.|
|Increased the number of statuses for events and cases||This release supports up to 30 statuses that can be applied to events and cases.|
|New configuration file||During upgrade to this release, a new configuration file /opt/phantom/data/db/pg_ident.conf is created to allow the root user to connect to a local database as the postgres user. This enhancement addresses a permissions issue that exists in earlier releases when performing a privileged installation using a local database.|
|Elasticsearch support||Added support for Elasticsearch version 7 as an external instance for search. See Configure to use an external Elasticsearch instance for search.|
Known issues for
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1
Feedback submitted, thanks!