After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Known issues for
Release 6.2.0
Date filed | Issue number | Description |
---|---|---|
2024-03-13 | PSAAS-16695 | VPE: Action block using Splunk app marked unconfigured when optional parameters not specified |
2024-03-04 | PSAAS-16565 | Upgrade failed at step GitRepos -- Failed to bootstrap playbook repos |
2024-03-04 | PSAAS-16560, PSAAS-16564 | Git operations on playbook repos fail with "Peer's certificate issuer has been marked as not trusted by the user" when using a custom certificate Workaround: There are two options:
|
2024-02-28 | PSAAS-16529 | When navigating back from investigation page to the analyst queue, stale filters are selected |
2024-02-22 | PSAAS-16476 | Logs download doesn't work for On-Prem Cluster setup |
2024-02-20 | PSAAS-16452, PSAAS-16372 | Classic to Modern Playbook conversion errors Workaround: * Layout completely jumbled in Modern playbook (MINOR, But annoying) this can should be resolved by clicking auto-arrange |
2024-02-15 | PSAAS-16431, PSAAS-16963, PSAAS-16962 | Automation Broker: Actions intermittently hang for Automation Broker when there are connection issues Workaround: # Check if the action completed successfully
|
2024-02-14 | PSAAS-16416 | Failed to add custom field in UI Workaround: Refresh the page to get latest update in the custom fields and try to add field again. In the future, avoid multiple users are modifying the custom fields at the same time. |
2024-02-12 | PSAAS-16368 | Copying playbook from remote repository to local repository fails |
2024-02-09 | PSAAS-16355 | VPE: Renamed blocks do not reflect changed names in End block |
2024-02-09 | PSAAS-16357 | Playbook Converter: Datapaths not present in modern datapath picker for custom function and playbook blocks Workaround: Rename the affected block to be the same as the function name. For example, if the function name is "cf_local_generated_1", change the block name to "cf_local_generated_1". |
2024-01-30 | PSAAS-16210 | VPE: "Reconfigure Invalid Datapath" warnings on blocks after upgrade |
2024-01-30 | PSAAS-16206 | Global Environment Variables are incorrectly applied by the Automation Broker when the variable is named in all lowercase letters. Workaround: Use uppercase letters only. |
2024-01-25 | PSAAS-16157 | Upgrade to 6.2.0 failed with error "Failed to move /opt/phantom/data/db to /opt/phantom/data/db.old" when DB is on its own disk partition Workaround: After you run the upgrade script, follow these steps:
|
2024-01-22 | PSAAS-16122 | Saving playbooks to a local repo fails with 'Push master failed: (branch is currently checked out)' Workaround: Operate in repo configured with external resources |
2024-01-19 | PSAAS-16089 | Missing notification for inactivity timeout |
2024-01-16 | PSAAS-16048 | Fix asset name for playbook converter |
2024-01-16 | PSAAS-16049 | Fix asset name for playbook converter |
2024-01-03 | PSAAS-15959 | ForwarderGroup TCP token can be accidentally cleaned up if forwarder group is inactive Workaround: If a SOAR Cloud customer has a Splunk Enterprise forwarder group which is not working due to a deleted tcp token they can recreate the group and the tcp token will be recreated |
2023-12-20 | PSAAS-15916 | Under some conditions, Splunk SOAR's global search can quickly consume huge amounts of memory in uwsgi processes Workaround: If you experience high levels of memory usage while using the main search bar in Splunk SOAR, contact Splunk Support. |
2023-12-13 | PSAAS-15828 | After upgrading to version of SOAR running Postgres 15, 'ibackup --setup' fails Workaround:
|
2023-12-12 | PSAAS-15821 | Global search not working for custom fields |
2023-12-11 | PSAAS-15750 | VPE: Downstream block invoked twice from two upstream code blocks join Workaround: Detach one of the upstream blocks and run the blocks in sequence to avoid a join. |
2023-12-06 | PSAAS-15695 | JSON viewer for input playbooks - analyst view- has clickable URLs Workaround: None |
2023-12-06 | PSAAS-15694 | Indicators page shows empty table for non-admin users |
2023-12-05 | PSAAS-15685 | Naming a forwarder group "splunk" breaks forwarding Workaround: Delete the forwarder group named "splunk" and recreate it with some other name. |
2023-11-29 | PSAAS-15638 | Paginating REST APIs without sorting may give duplicate results across pages. Also affects phantom.get_tasks() and phantom.get_notes() playbook APIs, when containers have >10 tasks or >10 notes, respectively Workaround: If using the REST API directly, add a sort parameter to the URL:
https://example-soar.com/rest/resource?page=X&sort=id If using the # Instead of phantom.get_tasks(), use url = phantom.build_phantom_rest_url('workbook_task') # Or, instead of phantom.get_notes(), use url = phantom.build_phantom_rest_url('note') params = {'_filter_container': container['id'], 'page_size': 0, 'sort': 'id'} response = phantom.requests.get(url, params=params) tasks = response.json()['data'] |
2023-11-22 | PSAAS-15543 | Test connectivity for asset might result in "failed to send" and HTTP 500 "internal server" error for POST to /rest/asset/{id} Workaround: If your connectivity test runs longer than 30 seconds:
|
2023-11-07 | PSAAS-15338 | The Repo Permissions in the user modal does not show permissions Workaround: Check for the assigned roles permissions for the repos |
2023-10-27 | PSAAS-15202 | Password Vault: Asset not removed from "Assets with enabled password manager" table if all credential fields removed Workaround: No workaround. If an asset in the "Assets with enabled password manager" table is empty, it is not available for use. It still exists in the table because a credential management field was deleted, preventing deletion of the asset from the table. |
2023-10-27 | PSAAS-15201 | Password Vault: "Assets with enabled password manager" table can lead to Apps page without an asset selected Workaround: This issue occurs when you select the Edit button to view an asset from the "Assets with enabled password manager" table, then, after viewing its App configuration page, you use the browser's back button to return to the table. When you select Edit to view another asset from the table, the Apps configuration page for that asset is not pre-filled with the asset name and information. After you have viewed one asset configuration page, use one of the following workarounds to avoid the issue:
|
2023-10-26 | PSAAS-15199 | If the CyberArk instance is down and an action is run, the response message is not clear |
2023-10-25 | PSAAS-15176 | VPE Playbook Conversion: Opening some of the converted PBs show "Discard Changes" button without changes made Workaround: When you open a newly converted playbook, select Save to regenerate and save the new code. If you select Discard Changes before you have made any changes, the playbook code and JSON files are not changed. |
2023-10-20 | PSAAS-15120 | Adding an empty repository on SOAR fails Workaround: Ensure that at least one commit is pushed to the playbook repo before adding it to SOAR |
2023-10-20 | PSAAS-15119 | VPE Playbook conversion: Extra path added when converting classic VPE playbook to modern playbook Workaround: If your classic playbook has connections that are very close to each other, the modern playbook might create an extra connection. Before you convert a playbook, spread out your playbook blocks so your connections are not close or overlapping. Then convert the playbook. Review and test newly converted playbooks before marking them as active to ensure blocks and connectors appear and work correctly. |
2023-10-18 | PSAAS-15086 | cluster upgrade failing on DatabaseSchema with 'Failed to apply database migrations' Workaround: Contact Splunk Support. |
2023-09-05 | PSAAS-14697, PSAAS-14655, PAPP-32725 | Images are not appearing in action's custom view on SOAR (Cloud) and (On-premises) versions 6.1.1 and higher |
2023-07-19 | PSAAS-14125 | Users without the "Administrator" role cannot delete an Automation Broker, even when given appropriate permissions. Workaround: Use an account with the Administrator role to delete any Splunk SOAR Automation Brokers as needed. |
2023-06-27 | PSAAS-13913 | VPE: After clicking Discard Changes button, blocks show error "Reconfigure Invalid Data Path" Workaround: Need to not save the playbook and refresh the page |
2023-05-22 | PSAAS-13496 | App Editor: Setting default app action booleans to 'false' does not work. |
2022-04-08 | PSAAS-8541 | Unreadable characters sporadically appear in UI Workaround: Refresh the browser to reload the page. |
Welcome to Splunk SOAR (On-premises) 6.2.0 | Fixed issues for |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.0
Feedback submitted, thanks!