Splunk® SOAR (On-premises)

Release Notes

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Welcome to Splunk SOAR (On-premises) 6.1.0

The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

If you are new to , read About in the Use manual to learn how you can use for security automation.

If your deployment uses the Splunk SOAR Automation Broker see the Release Notes for more information.

What's new in 6.1.0

This release of includes the following enhancements.

Splunk idea New feature Description
PPSID-I-146 Paste images from clipboard into notes You can now paste an image within the text area of the note editor component, so that the image is automatically uploaded and added to the note, and is visible in the note preview. For details, see View and create notes in .
PPSID-I-613 Remove nodes from a cluster You can now remove nodes from a Splunk SOAR (On-premises) cluster without requiring assistance from Splunk Support. See Add or remove a cluster node from Splunk SOAR (On-premises).
PPSID-I-6 Additional playbook triggers Added new conditions to trigger a playbook to run automatically. The new conditions that can trigger a playbook to run automatically are creating an event and changing a container status to Resolved. These conditions are in addition to using an event label to determine whether a playbook should run. For details, see Manage settings for a playbook in .
Improved upgrade experience Unprivileged deployments of Splunk Phantom 4.10.7 and Splunk SOAR (On-premises) can upgrade directly from their currently deployed release to release 6.1.0. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
Separate directory for playbooks You can now specify the path to a separate directory for playbooks and custom functions within your repository. For details, see Configure a source control repository for your playbooks.
Extended version support with apps You can now install an unsupported version of an application with the current version. For details, see Add and configure apps and assets to provide actions in .
Sample data added to data path picker Added the option to preview possible data values for each artifact and container field in the data path picker. For details, see Specify data in your playbook.
Rabbit MQ compatibility Upgraded RabbitMQ to a more current release.
Splunk SOAR Automation Broker supports FIPS Splunk SOAR Automation Broker now supports FIPS mode at Security Level 1. For additional information on Splunk SOAR Automation Broker, see About Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.
Splunk SOAR Automation Broker based in Ubuntu Splunk SOAR Automation Broker is now based in Ubuntu, not Centos. For additional information on Splunk SOAR Automation Broker, see About Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.

See also

  • For known issues in this release, see Known issues for .
  • For fixed issues in this release, see Fixed issues for .
  • For release notes for the Splunk SOAR Automation Broker, see Release Notes in the Set up and manage Splunk Automation Broker documentation.
Last modified on 20 November, 2024
  Known issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters