Splunk® SOAR (On-premises)

Release Notes

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Welcome to Splunk SOAR (On-premises) 6.1.1

The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

If you are new to , read About in the Use manual to learn how you can use for security automation.

If your deployment uses the Splunk SOAR Automation Broker see the Release Notes for more information.

What's new in 6.1.1

Action required: Cryptography library update

In version 6.1.1 of , Splunk upgraded the Python cryptography library to version 41.0.1 to address a known security vulnerability in earlier libraries, as described in Splunk SOAR Cryptography Python Package Upgrade Incompatibility.

Check your specified pip dependencies for your connectors (also called apps) and update as needed. Splunk Inc recommends that you do not specify a version number to avoid possible future compatibility issues. If you require a specific version of the Python cryptography library package, specify a version that is at least 40.0.0 or later. See the Specifying pip dependencies section of Configure metadata in a JSON schema to define your app's configuration for details on where you specified the cryptography library.

Action required: GlusterFS repository update

The mirror for GlusterFS packages has moved, changing the URL Splunk SOAR (On-premises) uses download those packages. You will need to update the installer file install_common.py before you can build or upgrade a clustered deployment, or use a GlusterFS external fileshare.

With a text editor, update install_common.py.
On or around line 208, modify the GLUSTER_RPM_SOURCE_BASE_URL_EL8 declaration.
Change the word "mirror" in the URL to the word "vault."

GLUSTER_RPM_SOURCE_BASE_URL_EL8 = ("https://vault.centos.org/centos/8-stream/storage/x86_64/gluster-9/Packages/")

Enhancements

This release of includes the following enhancements.

Feature Description
Classic playbook to modern playbook conversion tool You can now convert your classic playbooks to the modern playbook format with a CLI conversion tool. For details, see Convert classic playbooks to modern playbooks.
Updated telemetry data sharing options Splunk collects and uses data to help with future product development and to better support your deployment. Users may opt in or opt out using the user interface, the command line, or the REST API.

To opt in or opt out, from the main Splunk SOAR menu, select Administration, then Product Settings, then Data Sharing. For details, see Share data from .

Visual Playbook Editor: Update to Decision blocks In the modern Visual Playbook Editor, you can now continue to add Else If conditions even after you have added an Else condition. For information on the Decision block in the modern Visual Playbook Editor, see Use decisions to send artifacts to a specific downstream action in your playbook.
Support for PostgreSQL 15 now supports PostgreSQL version 15 for deployments using an external database. In this release, only external PostgreSQL databases are supported. See Set up an external PostgreSQL server in Install and Upgrade Splunk SOAR (On-premises).
Updated debug logging Available for standalone, non-clustered environments.
Added ability to run the phenv python -m manage diag command to upload a diagnostic TAR file to Splunk Support. See Create and download or upload a diagnostic file.

See also

  • For known issues in this release, see Known issues for .
  • For fixed issues in this release, see Fixed issues for .
  • For release notes for the Splunk SOAR Automation Broker, see Release Notes in the Set up and manage Splunk Automation Broker documentation.
Last modified on 16 August, 2024
  Known issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters