Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Install as a privileged user

Use this method to install on local hardware or a cloud service, such as AWS or Azure. Use your Community credentials during the installation.

As of version 5.3.0, RPM files are no longer available for Splunk SOAR (On-premises) installations. Follow the updated instructions for privileged and unprivileged installations. Unique TAR files are available for privileged and unprivileged installations.

Prerequisites

The following operating systems are supported:

  • Red Hat Enterprise Linux 7.6 through 7.9.
  • CentOS 7.6 through 7.9.

Add the required additional YUM repositories for your operating system.

Some users may need to edit the /etc/yum.repos.d/redhat-rhui.repo file to enable the additional Red Hat Enterprise Linux repository. AWS users must do so on their AWS instance.

Operating System Repositories
CentOS 7.6 -7.9 os
updates
Red Hat Enterprise Linux 7.6 - 7.9 rhel-7-server-rpms
rhel-7-server-optional-rpms
rhel-server-rhscl-7-rpms
Red Hat Enterprise Linux on AWS rhui-<region>-rhel-server-optional

Update the operating system and dependencies

Perform the following actions either as the root user or a user with sudo permissions:

  1. Clear YUM's caches.
    yum clean all
  2. Update the operating system and all installed packages.
    yum update
  3. Restart the operating system.
    shutdown -r now

Install

Perform the following tasks to install :

  1. Download the unprivileged installer from the web site. The installer is packaged with static versions of the product's dependencies when the product is built. The installer is named in the format splunk_soar-priv-<major>.<minor>.<patch>.<build>-<commit_short_sha>-el7-x86_64.tgz.
  2. Create the /opt/phantom directory: sudo mkdir -p /opt/phantom.
  3. Extract the TGZ file you downloaded into a subdirectory of the /opt/phantom directory using tar -xf <installer>.tgz -C /opt/phantom/<installer-version>.
  4. Change directory to the /opt/phantom/<installer-version> directory.
  5. The installer package you extracted creates a file called soar-install in the /opt/phantom/<installer-version> directory. Run that as root:
    sudo ./soar-install
    1. Running this file installs Splunk SOAR at /opt/phantom.
    2. The installer performs a series of compatibility checks before doing anything to ensure the installation will be successful. If any compatibility checks fail, you see an error message with instructions on how to resolve the problem.

Run the sudo ./soar-install --help command to see all optional arguments available.

Last modified on 19 September, 2023
Install using the Amazon Marketplace Image   Install as an unprivileged user

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters