The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises).
For documentation on the most recent version, go to the latest release.
Known issues for
Release 6.2.2
| Date filed | Issue number | Description |
|---|---|---|
| 2024-11-06 | PSAAS-20434 | Utility block pin API does not support all pin colors |
| 2024-11-01 | PSAAS-20358 | Reporting : "Events resolved" and "Closed events" logic mismatch |
| 2024-10-28 | PSAAS-20310 | Deleting role and recreating it with the same name caused issue in playbook prompt block Workaround: On SOAR on-prem, the duplicate entries for the same role name can be removed from the table "role" and ensure the remained one is not disabled. |
| 2024-10-21 | PSAAS-20142 | VPE Discard changes doesn't reset the playbook editor for unconfigured action block |
| 2024-10-04 | PSAAS-19942 | /opt/phantom/var/log/nginx/error.log possibly hard coded in config leads to error: No such file or directory |
| 2024-10-02 | PSAAS-19905 | Filter condition fails to process empty list if it comes from action block |
| 2024-09-27 | PSAAS-19836 | Input playbooks, missing menu to provide the inputs to test the playbook in the debugger Workaround: The feature is missing, user cannot test the playbook |
| 2024-09-12 | PSAAS-19457 | phantom.get_notes() fails with "failed to retrieve note Error: That page contains no results" when number of notes is multiple of page size |
| 2024-09-06 | PSAAS-19321 | Non Root Installs: Do not allow phantom services to be run with root on non-root installs |
| 2024-09-06 | PSAAS-19320 | warm-standby: "--standby-mode --convert-to-primary" results in "File exists" when keystore is a mounted filesystem, and leaves soar instance in an unusable state with the potential for data loss |
| 2024-08-16 | PSAAS-19075 | warm-standby: hot_standby parameter still on after "--standby-mode --off", resulting in unexpected behavior Workaround: After turning off warm standby using the command phenv python setup_warm_standby.pyc --standby-mode --off use the command phsvc restart postgresql to restart PostgreSQL. |
| 2024-08-13 | PSAAS-19036 | About page shows "Splunk Version" and "Splunk Build", which are not accurate as Splunk no longer ships with SOAR |
| 2024-08-08 | PSAAS-18987 | Splunk SOAR (On-premises) Installer fails due to centos 8 mirror deprecation Workaround:
|
| 2024-08-05 | PSAAS-18888 | warm-standby: "--standby-mode --convert-to-primary" results in "File exists" when keystore is a mounted filesystem, and leaves soar instance in an unusable state with the potential for data loss |
| 2024-07-25 | PSAAS-18798 | Missing data paths in prompt block |
| 2024-06-28 | PSAAS-18272 | Classic to Modern playbook conversion should have warnings for invalid playbook block name and customer code revert |
| 2024-06-10 | PSAAS-17997 | Playbook Listing page tabs show incorrect list, except "All" tab |
| 2024-05-14 | PSAAS-17715 | VPE CF block resource warning not being removed upon reconfiguring Workaround: The warning is only cosmetic and will not impact playbook run. To remove the warning, instead of reconfiguring the block just completely delete and re-add a utility block. |
| 2024-05-06 | PSAAS-17617 | VPE: 'matches regex' comparison values 'true' and 'false' should not evaluate to boolean in the codegen Workaround: Precede true and false strings in the RHS of the comparison with *. For example: *.true |
| 2024-02-22 | PSAAS-16477 | Podman does not currently work with redirected image URLs due to Docker Hub authentication token changes Workaround: Manually change the image: line in docker-compose.yaml to point to docker.io/phantomsaas/automation_broker:<$SOAR_VERSION>. |
| 2023-08-25 | PSAAS-14609 | AB: Broker status should be updated if the broker directory is no longer present |
| 2023-04-26 | PSAAS-13255 | Deleting a container with 1000+ artifacts causes UWSGI to run out of memory. Workaround: For Waterspout we have swapped the deletion mechanism of containers in the UI from a django deletion to a raw deletion. This helps us avoid OOMing in Django while preserving audit capability when performing a deletion thanks to a new pg trigger that was added.
In SOAR versions pre 6.3.0, customers running into an OOM when deleting a container with 1000+ artifacts should delete the container via a raw delete using the Template:Delete db containers management command. If this is a cloud customer, then SOAR on-call will need to delete the container for them with their permission. |
Last modified on 13 December, 2024
| Welcome to Splunk SOAR (On-premises) 6.2.2 | Fixed issues for |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.2
Download manual
Feedback submitted, thanks!