Welcome to 5.5.0
If you are new to , read About in the Use manual to learn how you can use for security automation.
If your deployment uses the Splunk SOAR Automation Broker see the Release Notes for the concurrent release.
The following features are deprecated as of release 5.5.0. Although these features continue to function, support might be removed in a future release.
- Support for DUO 2FA is deprecated.
- Support for OpenID as a identity provider is deprecated.
What's new in 5.5.0
This release of includes the following enhancements.
|Support for Red Hat Enterprise Linux 8||You can now install 5.5.0 and higher on hosts running Red Hat Enterprise Linux 8.0 through 8.7.
Organizations which use CyberArk for credential management must use RHEL 8 for Splunk SOAR (On-premises) release 5.5.0 or later in order to use CyberArk release 12.6. See Use CyberArk with Splunk SOAR (On-premises).
|Support for Amazon Linux 2||You can now install 5.5.0 and higher on hosts running Amazon Linux 2.|
|Performance improvement for Indicators||To improve performance a change was made to polling and filtering data for the Indicators feature.|
If an event contains an artifact larger than 4KB then no Indicator is created or displayed in Home menu > Indicators for the event.
|User-based data paths||In Prompt playbook blocks, you can now choose to prompt newly defined, dynamic users and roles. New prompt options include Event owner and Playbook run owner. For details, see Require user input using the Prompt block in your playbook and prompt2 in the Playbook automation API article.|
|Custom Functions - List output type||Custom functions now have the concept of output types. There are now two output types:
Existing playbooks and code using existing custom functions are not affected.
|Smart block context for playbooks in the Visual Playbook Editor||If you change the name of a block, that changed name will now automatically update in any downstream datapaths that refer to that block. |
If you make configuration changes to a block that modify its output datapaths, a warning message displays on any downstream blocks that used the affected datapaths before they were modified. The message notifies you that you must update those downstream blocks to account for the affected datapaths.
|Automation Broker key rotation||A new menu item was added to the user interface to get new credentials for Automation Brokers whose credentials have expired. See Rotate the encryption keys for the Splunk SOAR Automation Broker in Set Up and Manage the Splunk SOAR Automation Broker for more information.|
Known issues for
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.5.0