Splunk® SOAR (On-premises)

Release Notes

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Welcome to Splunk SOAR (On-premises) 6.2.0

The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

If you are new to , read About in the Use manual to learn how you can use for security automation.

If your deployment uses the Splunk SOAR Automation Broker see see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.

What's new in 6.2.0


This release of includes the following enhancements.

Splunk idea New feature Description
PPSID-I-681 Logic Loops Configure loops directly in the Visual Playbook Editor (VPE) with an intuitive user interface, eliminating the need for custom code. For details, see Repeat actions with logic loops.
PPSID-I-365 CyberArk integration Integrate the Splunk SOAR (On-premises) environment with CyberARK's privileged access management (PAM) cloud-based API solution. Support for legacy on-premises CyberArk releases continues for Splunk SOAR (On-premises), available in the SOAR user interface as CyberArk Legacy. For details, see Use CyberArk Vault Privileged Access Manager with Splunk SOAR (On-premises) in the Manage your organization's credentials with a password vault topic.
Replaced embedded Splunk Enterprise
with Postgres 15 search
Starting with this release, we have removed the embedded copy of Splunk Enterprise. The embedded copy of Splunk Enterprise handled internal search features for SOAR.

Search for SOAR items is now handled by Postgres 15 search features. See Search within in Use for search syntax.

Added support for Universal Forwarders Universal Forwarders have been added to facilitate getting your SOAR data into your Splunk Cloud Platform or Splunk Enterprise deployment.

For details on Universal Forwarders, see Configure forwarders to send SOAR data to your Splunk deployment.

Mutual TLS authentication for forwarders is not yet available. If your Splunk Enterprise or Splunk Cloud deployment requires mutual TLS authentication in order to receive data from Universal Forwarders, do not upgrade to this release.

Classic to modern playbook migration In preparation for the deprecation of the classic mode of the Visual Playbook Editor (VPE), you can now use a new user interface to convert playbooks developed in the classic VPE to modern playbooks.
All users will see a banner about this deprecation when they open . You can remove this banner for all users.
For details on converting playbooks and on removing the banner, see Convert classic playbooks to modern playbooks.
Playbook filter tabs The modern Visual Playbook Editor (VPE) now has tabs to filter for specific types of playbooks: your organization's customized playbooks, community playbooks, active playbooks, and classic playbooks. For details, see Find playbooks by type in the Find existing playbooks article.
internal idea
Browser tab differentiation It is now easier to clearly identify browser tabs running Splunk SOAR from tabs running other Splunk products.
Increased limit on actions per playbooks Increased the default limit on number of actions per playbook from 50 to 500. To update this setting, see set_action_limit in the Session automation API article.
New management commands New management commands have been added for managing indicators, audit logs, and containers. These commands replace earlier standalone scripts.


See also

Last modified on 06 December, 2023
Known issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters