The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises).
For documentation on the most recent version, go to the latest release.
Known issues for
Release 6.2.1
| Date filed | Issue number | Description |
|---|---|---|
| 2024-11-06 | PSAAS-20434 | Utility block pin API does not support all pin colors |
| 2024-10-11 | PSAAS-20016 | SOAR upgrade failure: Failed to start Splunk SOAR |
| 2024-09-09 | PSAAS-19325 | Export of playbooks does not work if using the Optional "Path to Playbooks" is specified in source control |
| 2024-08-26 | PSAAS-19171 | Pip packages upgraded during install, old versions still exist missing METADATA files Workaround: See Workaround in [1] |
| 2024-08-13 | PSAAS-19036 | About page shows "Splunk Version" and "Splunk Build", which are not accurate as Splunk no longer ships with SOAR |
| 2024-08-08 | PSAAS-18987 | Splunk SOAR (On-premises) Installer fails due to centos 8 mirror deprecation Workaround:
|
| 2024-07-25 | PSAAS-18799 | Cannot delete container from UI or REST call Workaround: Using command "phenv delete_containers --id <container ID>" to delete those containers. |
| 2024-07-23 | PSAAS-18783 | Limit Total Time and Memory Limits for UWSGI Workers Workaround: None |
| 2024-07-03 | PSAAS-18317 | Cascading deletion of Assets, Users, PlaybookRun, and App data when deleting a Container |
| 2024-05-28 | PSAAS-17869 | SAML auth denied due to duplicate key serial numbers |
| 2024-05-23 | PSAAS-17857 | Update from source control failing due to playbook name with square braket and colon in its name |
| 2024-05-03 | PSAAS-17586 | ClusterUpgradePhase task fails when trying to upgrade a single-node cluster |
| 2024-05-01 | PSAAS-17559 | "0: command not found" error is printed to the console when running start_phantom.sh Workaround: This workaround is optional. The error is cosmetic and does not indicate any deeper issue with the Splunk SOAR system. To stop the error from printing entirely, copy the following code and replace line 13 of the existing start_phantom.sh code.
if remote_db_in_install_conf && ! dev_in_install_conf && [ ${PHANTOM_IS_CLOUD} != 1 ]; then
must_have_minimum_postgresql_version
fi
|
| 2024-04-29 | PSAAS-17481 | Spawn.log does not populate after disabling telemetry and restarting Spunk SOAR |
| 2024-04-25 | PSAAS-17454 | slow API requests lead to missing VPE block outputs upon initial load Workaround: Manually re-generate outputs by deleting and/or reconfiguring the whole block. |
| 2024-04-17 | PSAAS-17299 | Invalid Custom Block Names for Long Playbook Names Workaround: Rename the classic playbook before running it through the converter |
| 2024-04-17 | PSAAS-17305 | REST APIs with pagination now give a 400 error |
| 2024-04-03 | PSAAS-17135 | Investigation page: Playbook run tab is broken for playbook with empty inputs |
| 2024-04-03 | PSAAS-17165 | VPE: Datapath within loop block doesn't reflect block name change Workaround: Before running a playbook that contains a looped block, make sure that all internal datapath configurations of the looped block are accurate and up-to-date by manually checking that each datapath refers to the correct block name. |
| 2024-03-26 | PSAAS-16961 | Licensing extension not available Workaround: Contact Splunk Support at least 30 days before your license is set to expire. |
| 2024-03-25 | PSAAS-16959 | Using secret global variables causes AB Test Connectivity/Poll Now to fail Workaround: Remove the secret flag from all global environment variables for Test Connectivity to work with AB. |
| 2024-03-13 | PSAAS-16695 | VPE: Action block using Splunk app marked unconfigured when optional parameters not specified |
| 2024-03-06 | PSAAS-16641 | Global seach checkbox for "Playbook Run" gets unselected when selecting other options Workaround: If you are selecting multiple search options, select all other options first, then select the Playbook Run option. |
| 2024-03-06 | PSAAS-16642 | VPE: Deleting conditions from a filter block changes the conditions for downstream blocks instead of deleting them Workaround: If you have already deleted multiple conditions in the filter block configuration panel: If you have multiple condition labels on the connections downstream from the filter block, check to see if the labels match the conditions you specified in the filter block configuration panel.
|
| 2024-03-04 | PSAAS-16560, PSAAS-16564 | Git operations on playbook repos fail with "Peer's certificate issuer has been marked as not trusted by the user" when using a custom certificate Workaround: There are two options:
|
| 2024-02-22 | PSAAS-16477 | Podman does not currently work with redirected image URLs due to Docker Hub authentication token changes Workaround: Manually change the image: line in docker-compose.yaml to point to docker.io/phantomsaas/automation_broker:<$SOAR_VERSION>. |
| 2023-07-19 | PSAAS-14125 | Users without the "Administrator" role cannot delete an Automation Broker, even when given appropriate permissions. Workaround: Use an account with the Administrator role to delete any Splunk SOAR Automation Brokers as needed. |
| 2023-04-26 | PSAAS-13255 | Deleting a container with 1000+ artifacts causes UWSGI to run out of memory. Workaround: For Waterspout we have swapped the deletion mechanism of containers in the UI from a django deletion to a raw deletion. This helps us avoid OOMing in Django while preserving audit capability when performing a deletion thanks to a new pg trigger that was added.
In SOAR versions pre 6.3.0, customers running into an OOM when deleting a container with 1000+ artifacts should delete the container via a raw delete using the Template:Delete db containers management command. If this is a cloud customer, then SOAR on-call will need to delete the container for them with their permission. |
| 2023-02-02 | PSAAS-12158 | User filtering is using first/last name to filter events instead of just username Workaround: None |
Last modified on 12 November, 2024
| Welcome to Splunk SOAR (On-premises) 6.2.1 | Fixed issues for |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.1
Download manual
Feedback submitted, thanks!