After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Remediate directory changes
As of this release, Splunk SOAR (On-premises) features new methods for installing and upgrading.
The new installation and upgrade process includes changes to the directory structure for Splunk SOAR (On-premises). To determine whether the new structure requires remediation, ensuring your applications and playbooks run correctly, reference the following tables.
Remediate directory changes in privileged and unprivileged installations
Reference the directory schema and check for remediation actions in the following table for both privileged and unprivileged installations of .
Files | Remediation |
---|---|
All local conf files for the internal Splunk instance
|
No action required. doesn't support customization of the configuration for the internal Splunk instance. |
<PHANTOM_HOME>/etc/supervisord.conf | We recommend that you don't change the supervisord configuration. However, you may define a file at <PHANTOM_HOME>/usr/local/supervisord.conf and the application will read that file. |
Remediate directory changes in privileged installations
Reference the directory schema and check for remediation actions in the following table for privileged installations of .
Files | Remediation |
---|---|
pgbouncer configuration
|
If you need to customize pgbouncer configuration, create a file at <PHANTOM_HOME>/usr/local/pgbouncer.ini. |
PostgeSQL configuration
|
If you need to customize postgresql configuration, create a file at <PHANTOM_HOME>/usr/local/postgresql.conf. |
NGINX configuration
|
NGINX reads all files matching /etc/nginx/conf.d/*.conf. |
UWSGI configuration
|
If you need to customize UWSGI configuration, create a file at /etc/nginx/uwsgi_local.ini. |
/etc/logrotate.d/phantom_logrotate.conf | If you need to customize the logrotate configuration, create a custom conf file at <PHANTOM_HOME>/usr/local/logrotate.conf. |
/usr/lib/tmpfiles.d/phantom.conf | No action required. doesn't support modification of this configuration. |
/etc/fonts/conf.d/33-phantom-fonts.conf | No action required. doesn't support modification of this configuration. |
/etc/cron.d/phantom | Use crontab instead. |
Remediate directory changes in unprivileged installations
Reference the directory schema and check for remediation actions in the following table for unprivileged installations of .
Files | Remediation |
---|---|
pgbouncer configuration
|
If you need to customize pgbouncer configuration, create a file at <PHANTOM_HOME>/usr/local/pgbouncer.ini. |
PostgeSQL configuration
|
If you need to customize postgresql configuration, create a file at <PHANTOM_HOME>/usr/local/postgresql.conf |
NGINX configuration
|
NGINX reads all files matching <PHANTOM_HOME>/usr/nginx/conf/conf.d/*.conf. |
UWSGI configuration
|
If you need to customize UWSGI configuration, create a file at <PHANTOM_HOME>/etc/uwsgi_local.ini. |
<PHANTOM_HOME>/etc/logrotate.d/phantom_logrotate.conf | If you need to customize the logrotate configuration, create a custom conf file at <PHANTOM_HOME>/usr/local/logrotate.conf. |
default credentials, script options, and sample configuration files |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0
Feedback submitted, thanks!