Welcome to Splunk SOAR (On-premises) 6.0.2
If you are new to , read About in the Use manual to learn how you can use for security automation.
If your deployment uses the Splunk SOAR Automation Broker see the Release Notes for the concurrent release.
What's new in 6.0.2
This release of is a patch release, fixing an issue found in 6.0.0 and 6.0.1.
Along with the fixed issue, this release includes the enhancements present in versions 6.0.0 and 6.0.1, listed in the next sections.
What's new in 6.0.1
|Updated encryption algorithm
Action might be required
|Encryption algorithm for SAML updated from |
|On-premises upgrade improvements||You can now upgrade directly to the latest SOAR version to get the latest SOAR features. For details on the upgrade process, see Splunk SOAR (On-premises) upgrade overview and prerequisites.|
|New behavior in asset configuration when changing app versions||As part of an app upgrade, downgrade, or reinstall, automatically performs the following actions for any asset configurations associated with that app:
Note when switching back and forth between versions: If you set a configuration setting to a custom value, then switch to a version of the app that removes that configuration setting, then switch back to the original version, your custom value will either:
For more information on app configurations see Configure metadata in a JSON schema to define your app's configuration in Develop Apps for Splunk SOAR (On-premises).
|Comma splitting in Decision and Filter playbook blocks||When configuring Decision and Filter blocks, you can now choose whether you want to use a delimiter and, if so, specify the string you want to use as a delimiter. For additional details, see Specify a datapath in your playbook in the Build Playbooks with the Playbook Editor manual.|
|Custom status label length increased||Custom status labels can now be up to 128 characters long. For additional details, see Create custom status labels in in Administer .|
|Improved visual playbook editor experience||Additional background block output calculations run automatically when you open a playbook, providing increased reliability.|
What's new in 6.0.0
This release of includes the following enhancements.
New SOAR default administrative user
|Starting with this release, the default administrative user is called |
|Find related playbooks||Find existing playbooks associated with your installed apps. You can use an existing playbook from the community or from your instance, so you do not have to create playbooks from scratch. For details, see Find existing playbooks for your apps.|
|Custom Functions and Custom Lists location update||Custom Functions and Custom Lists now have their own menu selections under the Home menu. They are no longer located within the Playbooks section. For details, see Add custom code to your playbook with a custom function and Create custom lists for use in playbooks.|
|User-based data paths||You can now specify the user who launched the current playbook run, either by id or name, when configuring datapaths in the following playbook blocks: action, code, custom function, decision, and filter. These options appear in the datapath picker under playbook . For details, see Specifying data in your playbook and Understanding datapaths in the Python playbook API Reference.|
|Nested values in custom fields||You can now access values nested inside custom fields using datapaths instead of writing custom code. For details, see Important datapaths in the Playbook API in the Python Playbook API Reference for documentation.|
|Pending icon for playbooks waiting to run||A new icon helps distinguish between playbooks that are currently running and those that are waiting. In the Sources view/Analyst queue, the Activity panel displays the following icons for the running playbook:
- Playbook is currently running
|New delimiter option for Playbook Automation API||For the |
|Playbook API decision endpoint Boolean values||automatically converts true and false strings to their Boolean values in the Playbook API decision endpoint. For details, see decision in the Playbook API article.|
|Performance improvement - loading apps||Default apps that are a part of Splunk SOAR install and upgrade are not fully installed until an asset is configured against them.|
Known issues for
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.0.2