Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Reset the admin and root passwords in

You can reset the passwords for the following accounts to meet your organization's hardening requirements, or if you misplace or forget them:

  • The admin user for the web interface. This is a default account in that can't be deleted. It must always be available so that you can access in cases where other authentication methods such as LDAP fail. See Reset the admin password in .
  • The root user for the underlying CentOS Linux operating system. This account is required for maintenance tasks such as upgrades, and is also used to reset the admin password.

Reset the admin password in

To reset the admin user password, perform the following tasks:

  1. Log in to the operating system with your normal user account.
  2. Run the following command:
    phenv change_admin_password <new password>
    
  3. If you do not provide a new password on the command line, you will need to type a new password, then type it again to confirm. Both passwords must match.
  4. To verify, access the web interface and log in as the admin user using the new password.

If the admin account has Duo two factor authentication enabled and is no longer working properly, perform the following steps to temporarily disable the two factor authentication:

  1. Run the following command as root:
    phenv set_preference --disable-admin-2fa
  2. Confirm that you want to disable two factor authentication for the admin account.

Reset the root password in

To reset the root password for the operating system on , perform the following tasks:

  1. Log on to the operating system as the root user.
  2. Change the password using the passwd command.
Last modified on 13 March, 2023
Create custom CEF fields in   Enable clickable URLs in CEF data

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters