Splunk® SOAR (On-premises)

Release Notes

This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Known issues for

Release 5.0.1

Date filed Issue number Description
2023-07-19 PSAAS-14125 Users without the "Administrator" role cannot delete an Automation Broker, even when given appropriate permissions.

Workaround:
Use an account with the Administrator role to delete any Splunk SOAR Automation Brokers as needed.
2022-09-26 PSAAS-10411 ibackup stores the entire PostgreSQL database in every incremental backup.
2022-09-07 PSAAS-10107 Status of Case is missing from Report

Workaround:
None known
2022-07-01 PSAAS-9413 Generating container report gets timeout with high CPU utilization or creating 9000+ page long report
2022-06-16 PSAAS-9217 Apps params in VPE 2.0 do not match the order in the app code or app actions

Workaround:
None
2022-03-17 PSAAS-8132 Saving an event without change increases/decreases event SLA
2022-03-11 PSAAS-7978 Rest API response is different when using _filter and _exclude

Workaround:
Use the input that the exclude function will operate with, which makes no sense as filter behaves with either "open", "closed", or "new".
2022-01-20 PSAAS-7300 Investigation page Workbook pane: "run playbook" dialog box incorrectly placed upon clicking 2nd and subsequent playbooks to launch

Workaround:
even though the "run playbook" dialog box's placement is incorrect and the dialog box's 'cancel' button does not function, the "run playbook" button does function and does launch the designated playbook
2022-01-12 PSAAS-7215 Prompts are not canceled/disabled under the Approvals tab after Playbooks are canceled by the user
2021-12-17 PSAAS-7042 Search: Checking category box on result does not work
2021-12-16 PSAAS-7020 Investigation page: permitted_users_roles calls DB excessively causing poor performance
2021-12-15 PSAAS-7007 Automation does not begin on closed events cloned from artifact being added to them

Workaround:
n/a
2021-12-06 PSAAS-6865 Playbook Listing page crashes in Chrome & Edge browsers when filtering

Workaround:
Use firefox or safari.
2021-12-02 PSAAS-6822 VPE 2: Custom block name actual character limit and limit error message don't match

Workaround:
type custom name less than 51 characters
2021-11-23 PSAAS-6709 Rest API /rest/search query categories not filtering properly when container is specified.
2021-11-22 PSAAS-6673 Data paths that reference a code block with a name ending in "container" generate incorrect code in VPE 2.0

Workaround:
As a workaround customer are requiring people not end block names in the word "container"
2021-11-19 PSAAS-6653 VPE 2: Under certain circumstances, playbook editor will display blank screen

Workaround:
no workaround applicable
2021-10-21 PSAAS-6036 app_interface process causing uwsgi processes to hang indefinitely

Workaround:
restart uwsgi
2021-10-18 PSAAS-5850, PSAAS-5940 During platform upgrade HTTP post requests fail, then return error 405 instead of error 503.
2021-10-18 PSAAS-5904 In SAML, OIDC and LDAP Auth, group delimiter was not applied if group list was provided by the IDP as a comma separated string

Workaround:
None
2021-10-17 PSAAS-5841 VPE 2.0 - Playbook history shows current time instead of commit time
2021-10-15 PSAAS-5768 phantom.get_run_data() sometimes returns invalid JSON

Workaround:
Compare the output of phantom.get_run_data to the empty string, and set the value to "null" if they match. Requires custom code.
2021-10-13 PSAAS-5722 Child Playbook failed and its parent gets hung

Workaround:
No workaround so far
2021-10-12 PSAAS-5674, PSAAS-8570 VPE 2.0 - Only shows first 19 custom functions in the Utility block custom function list

Workaround:
Change the order of "sort-by". Changing it once, you'll see Z-A. If you want to see A-Z, change the sort order again.  

You can also use "search" to search for a specific custom function.

2021-10-07 PSAAS-5573, PSAAS-6581 Investigation page: Related Events modal has Permission Error
2021-10-06 PSAAS-5509 VPE 2: Block mode Python code should show the actual line number
2021-10-06 PSAAS-5542 Issue with allowing roles to pass permission checks in unauthorized areas when performing reporting operations
2021-10-04 PSAAS-5451 Updating container's severity from playbook doesn't update SLA

Workaround:
Change capitalization of values to all lower case.
2021-09-23 PSAAS-5303 When multi-tenancy is enabled, Home dashboard shows the filter buttons in 2 lines
2021-09-17 PSAAS-3593 After upgrading to 5.0.1, the web interface may show Authentication Errors (HTTP 401)

Workaround:
Re login to the instance web page.
2021-09-17 PSAAS-3594 Upgrades to 5.0.1 may show errors with "role_id not found" which are benign and can be ignored
2021-09-16 PSAAS-4075 VPE 2.0: Imported playbook does not show block configuration in visual editor, but the Python code is correct.
2021-09-16 PSAAS-3964 VPE 2.0 - Filtered artifacts datapaths do not add artifact id to action parameter context

Workaround:
Manually update the generated action block generated to code to include the filtered artifact id datapath in the collect2 call.

Update the parameters to include the context. Context should be a dictionary with the key 'artifact_id'.

2021-09-14 PSAAS-3687 VPE 2.0 - HTTP app configuration missing required argument in execution
2021-09-13 PSAAS-3824 VPE 2.0 - Icon on Audit trails is open link, it should be a download
2021-09-08 PSAAS-3819 VPE 2: Correct documentation path
2021-09-08 PSAAS-3504 LDAP duplicate entry is created when configuring 2 providers

Workaround:
* Remove the second LDAP settings entry
  • Re-enter the password of the first LDAP setting
  • Save
2021-08-31 PSAAS-4012 VPE 2.0: Cancelling change to playbook custom code can lead to duplicated custom code

Workaround:
If you noticed your custom code is looking incorrect, either on a specific block/global code.

Can fix the problem by reverting the custom code. The revert custom code button can be found at the bottom of the right hand side menu of the code editor.

If part of the custom code is still correct you may want to copy that custom code before reverting, then can paste back the custom code that should exist.

2021-08-27 PSAAS-3363 Spawn log getting sent to docker console
2021-07-21 PSAAS-3827 VPE 2.0: Changing block name doesn't change its downstream datapath
2021-07-16 PSAAS-2591 Asset Proxy Settings: Previously configured HTTP or HTTPS Proxy not working as intended

Workaround:
* Determine if your proxy is an HTTP or HTTPS proxy.
  • If you have an HTTP proxy and your asset settings have proxy variables starting with https://<proxy_ip>, replace them with http://<proxy_ip>
  • If you have an HTTPS proxy and your asset settings have proxy variables starting with http://<proxy_ip>, replace them with https://<proxy_ip>


Date filed Issue number Description
2023-11-29 PSAAS-15638 Paginating REST APIs without sorting may give duplicate results across pages. Also affects phantom.get_tasks() and phantom.get_notes() playbook APIs, when containers have >10 tasks or >10 notes, respectively

Workaround:
If using the REST API directly, add a sort parameter to the URL: 
https://example-soar.com/rest/resource?page=X&sort=id

If using the phantom.get_tasks() or phantom.get_notes() playbook APIs, you can use phantom.requests instead to query the REST API directly: 


# Instead of phantom.get_tasks(), use
url = phantom.build_phantom_rest_url('workbook_task')



# Or, instead of phantom.get_notes(), use
url = phantom.build_phantom_rest_url('note')

params = {'_filter_container': container['id'], 'page_size': 0, 'sort': 'id'}
response = phantom.requests.get(url, params=params)
tasks = response.json()['data']

2023-07-19 PSAAS-14125 Users without the "Administrator" role cannot delete an Automation Broker, even when given appropriate permissions.

Workaround:
Use an account with the Administrator role to delete any Splunk SOAR Automation Brokers as needed.
2023-06-26 PSAAS-13898 Splunk SOAR's cron jobs generate output, which fills up mail boxes over time

Workaround:
Empty the Splunk SOAR user's mailbox. For example, if the Splunk SOAR user is phantom, you can empty the mailbox by running
rm /var/mail/phantom

For each of the cron jobs installed during soar installation, edit the soar user's crontab (with "crontab -e") and append the following to the end of each command line: {{> /dev/null 2>&1}}

2022-09-26 PSAAS-10411 ibackup stores the entire PostgreSQL database in every incremental backup.
2021-10-15 PSAAS-5768 phantom.get_run_data() sometimes returns invalid JSON

Workaround:
Compare the output of phantom.get_run_data to the empty string, and set the value to "null" if they match. Requires custom code.
2021-09-30 PSAAS-5408 /rest/widget_data/top_playbooks_actions endpoint returns invalid playbook_name field with tags

Workaround:
Parse the result manually to exclude the span tags around the playbook name.
2021-08-24 PSAAS-3311 VPE - Classic editor throws uncaught reference. Clear cache and refresh to fix.

Workaround:
Empty cache and hard reload
Last modified on 20 November, 2024
Welcome to 5.0.1   Fixed issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters