After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Known issues for
Release 5.4.0
Date filed | Issue number | Description |
---|---|---|
2024-02-22 | PSAAS-16477 | Podman does not currently work with redirected image URLs due to Docker Hub authentication token changes Workaround: Manually change the image: line in docker-compose.yaml to point to docker.io/phantomsaas/automation_broker:<$SOAR_VERSION>. |
2023-09-20 | PSAAS-14855 | The migration tool for privileged to unprivileged SOAR does not retain known_hosts file. Workaround: If any git repos are failing to sync after an privileged to unprivileged migration, follow the steps in Set up a playbook repository using SSH from Configure a source control repository for your Splunk SOAR (On-premises) playbooks in Administer Splunk SOAR (On-premises). These steps will add the git server to the known_hosts file of the phantom user in SOAR. |
2023-09-14 | PSAAS-14784 | SOAR gives a "502 bad gateway" error for all SAML logins if a metadata endpoint fails to respond. |
2023-08-11 | PSAAS-14413 | Special characters are removed while downloading the file from Vault |
2023-07-24 | PSAAS-14158 | In a SOAR cluster, playbook blocks using the playbook API that are downstream from a block using the HTTP connector may fail with status 401. Workaround: Due to a change in how SOAR user sessions are handled, if the HTTP connector authenticates using different credentials than the playbooks' automation user, the playbook runs' session token is logged out, resulting in further API requests getting a status of 401. This affects active playbooks triggered by ingestion. There are four possible workarounds.
|
2023-07-19 | PSAAS-14125 | Users without the "Administrator" role cannot delete an Automation Broker, even when given appropriate permissions. Workaround: Use an account with the Administrator role to delete any Splunk SOAR Automation Brokers as needed. |
2023-04-28 | PSAAS-13290 | Toggling delay timer in one block causes all other action blocks to toggle delay timer. Workaround: Avoid toggling delay timer for blocks that do not want delays. Instead, reduce the delay to 0 minutes. |
2023-04-27 | PSAAS-13280 | app editor: "Error in 'python3': free(): invalid pointer:" when running test connectivity; similar code does not throw error when run from command line via phenv Workaround: Edit the code without the app editor. |
2023-04-26 | PSAAS-13255 | Deleting a container with 1000+ artifacts causes UWSGI to run out of memory. Workaround: For Waterspout we have swapped the deletion mechanism of containers in the UI from a django deletion to a raw deletion. This helps us avoid OOMing in Django while preserving audit capability when performing a deletion thanks to a new pg trigger that was added.
In SOAR versions pre 6.3.0, customers running into an OOM when deleting a container with 1000+ artifacts should delete the container via a raw delete using the Template:Delete db containers management command. If this is a cloud customer, then SOAR on-call will need to delete the container for them with their permission. |
2023-04-06 | PSAAS-12976 | VPE: Manually selecting an asset deletes block configuration Workaround: Create a new block and copy the datapaths from the python editor view. |
2023-03-09 | PSAAS-12621 | Missing cluster_phase handling in 5.3.5 and 5.4.0 installers Workaround: On all nodes: Edit the following file:
Run the installer again with the following flag:
If the |
2023-03-02 | PSAAS-12433 | Priv to unpriv migration script can fail if the phantom log folder is/contains symlinks or resides on a different volume than the one /opt/phantom is on |
2023-03-02 | PSAAS-12434, PSAAS-12851, PSAAS-12548, PSAAS-12549 | Priv to unpriv migration can fail if root is not allowed to sudo or if sudo is not present on the system |
2023-03-02 | PSAAS-12427, PSAAS-12635 | Python2 deprecation notice task in the installer fails if there are pipe characters in the repo/playbook/cf names. Workaround: Disable/delete any python 2 playbooks before upgrading to >= 5.3.4 or rename the playbooks/repos so that they no longer contain the pipe character. |
2023-02-16 | PSAAS-12333 | Playbooks that open with smart block context warnings will disable the debugger and display 'Discard Changes' button Workaround: Save the playbook. The debugger is re-enabled and the Discard Changes button no longer displays. |
2023-02-15 | PSAAS-12311, PSAAS-12328 | Prompt block icon disappear after creating more than one empty questions |
2023-01-26 | PSAAS-12057 | Automation Broker (AB) configuration is ignored in the app editor Workaround: If the asset you're using while debugging in the App Editor is configured to use an Automation Broker this setting is ignored. Launching the app/debugging will not route to the automation broker, instead it always runs locally in the cloud instance. To work around this issue:
|
2023-01-10 | PSAAS-11799 | Forwarding data to Elastic Search does not work |
2023-01-09 | PSAAS-11797 | App actions fail due to unescaped null characters (PSAAS-10127) |
2022-12-09 | PSAAS-11423 | Custom Function Editor: Not saving data type change Workaround: Changing the code forces the type update. |
2022-12-05 | PSAAS-11328 | VPE Empty Variables with inconsistent use of quotes |
2022-11-30 | PSAAS-11293 | VPE: Debugger crashed in 5.4.0; Playbook run fails if it has an action with a 2+ minutes timer Workaround: No workaround, you could not use the timer but there are actions taking more than 2 minutes to complete and that cannot be changed. |
2022-11-29 | PSAAS-11272 | Upgrade: nginx failed to start due to dhparams file being deleted during upgrade Workaround:
|
2022-11-28 | PSAAS-11235 | SOAR mobile feature is not FIPS compliant Workaround: If you require FIPS compliance, turn off the the SOAR Mobile feature in the SOAR Administration settings. From the Home menu, select Administration, then Mobile. |
2022-11-23 | PSAAS-11233 | Cannot register mobile devices on SOAR instances running RHEL8 |
2022-11-18 | PSAAS-11190 | VPE: Block Names with Container - A block name with "container" cannot share its results in other blocks in the Visual Editor Workaround: Do not use the word 'container' in playbook block names. |
2022-11-09 | PSAAS-11073 | Action run limit not enforced before server restart |
2022-11-08 | PSAAS-11121 | AppUpdate should continue to work with custom apps that have invalid versions Workaround: Uninstall the custom apps that are causing the blockage.
Repeat these steps each time you want to upgrade certified apps. |
2022-11-03 | PSAAS-11049 | Search setting failing on test connection. |
2022-10-31 | PSAAS-11004, PSAAS-11658 | VPE: Values entered into custom function/Utility input arguments are deleted or modified Workaround:
|
2022-10-31 | PSAAS-11001 | Wrong results in PB: "NOT IN" clause wrongly returns FALSE in SOAR when there is a null value in its condition |
2022-10-19 | PSAAS-10818 | Clicking "Learn more" link in playbook bulk edit modal opens generic doc link Workaround: Follow this link to learn more about on-premises playbooks and the move from Python 2 to Python 3: |
2022-10-19 | PSAAS-10817 | Bulk edit of Python 2 playbook properties is not blocked |
2022-10-17 | PSAAS-10745 | Cleaning up containers via Data Retention or the delete_containers.pyc script doesn't work Workaround: No current workaround. |
2022-10-13 | PSAAS-10703 | Default workbook is reset on upgrade if the original default has been removed |
2022-10-09 | PSAAS-10655 | Automation Broker: On-premises: failing to pair AB with global egress proxy |
2022-09-26 | PSAAS-10454 | UI error when navigating to case evidence tab caused by linked container that was removed by retention. Workaround: None. |
2022-09-07 | PSAAS-10107 | Status of Case is missing from Report Workaround: None known |
2022-09-07 | PSAAS-10127 | Playbooks using Threat Grid or urlscan.io app hang on the detonation action Workaround: Upgrade the app you are using.
|
2022-08-17 | PSAAS-9891 | Indicators are visible with labels that roles do not allow |
2022-04-29 | PSAAS-8776 | Investigation page: Widget layout and visibility is not saved via "manage widgets" Workaround: none known at this time |
2022-04-08 | PSAAS-8541 | Unreadable characters sporadically appear in UI Workaround: Refresh the browser to reload the page. |
2021-09-30 | PSAAS-5408 | /rest/widget_data/top_playbooks_actions endpoint returns invalid playbook_name field with tags Workaround: Parse the result manually to exclude the span tags around the playbook name. |
Welcome to 5.4.0 | Fixed issues for |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.4.0
Feedback submitted, thanks!