The visual editor for classic playbooks was removed from Splunk SOAR in release 6.4.0. Convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:
For details, see:
Configure how events are resolved
Set any tags needed before an event can be marked as resolved. Setting a custom field as a required tag updates the settings for the custom field.
To configure how an event is resolved, follow these steps:
- From the Home menu, select Administration.
- Select Event Settings > Resolution.
- Check the Require the Following Tags on Resolve checkbox.
- Type the names of any tags needed before an event or container can be marked as resolved. Tags can be removed by clicking the x next to the tag name.
- Set the action takes when artifacts are added to a resolved event. Select an action from the drop-down list that matches your business process.
- Select Keep Event Resolved to keep events resolved when new artifacts are added.
- Select Reopen Event to reopen any event that has a new artifact added.
- Select Duplicate Event to create a duplicate event, and then add the new artifact to the new event.
- Click Save Changes.
Last modified on 31 January, 2023
| Configure the response times for service level agreements | Configure labels to apply to containers |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1, 6.4.0
Download manual
Feedback submitted, thanks!