Splunk® SOAR (On-premises)

Release Notes

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Welcome to Splunk SOAR (On-premises) 6.2.0

The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

If you are new to , read About in the Use manual to learn how you can use for security automation.

If your deployment uses the Splunk SOAR Automation Broker see see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.

What's new in 6.2.0

Enhancements

This release of includes the following enhancements.

Splunk idea New feature Description
PPSID-I-681 Logic Loops Configure loops directly in the Visual Playbook Editor (VPE) with an intuitive user interface, eliminating the need for custom code. For details, see Repeat actions with logic loops.
Upgraded local PostgreSQL database to 15.3 In this release the PostgreSQL database used by Splunk SOAR (On-premises) has been updated to PostgreSQL version 15.3. Additional steps have been added to the upgrade process as part of this update. See Upgrade a Splunk SOAR (On-premises) instance.
If your deployment uses an external PostgreSQL 11 or 12 database, you can still can still use PostgreSQL 11 or 12, but upgrading to release 15.3 is recommended.
See:
Replaced embedded Splunk Enterprise
with Postgres 15 search
Starting with this release, we have removed the embedded copy of Splunk Enterprise. The embedded copy of Splunk Enterprise handled internal search features for SOAR.

Search for SOAR items is now handled by Postgres 15 search features. See Search within in Use for search syntax.

Added support for Universal Forwarders Universal Forwarders now replace remote search for getting your SOAR data into your Splunk Cloud Platform or Splunk Enterprise deployment.

For details on Universal Forwarders, see Configure forwarders to send SOAR data to your Splunk deployment.
Splunk App for SOAR users: For updated setup instructions, see Set up the universal forwarder using Splunk SOAR version 6.2.0 and higher.

Mutual TLS authentication for forwarders is not yet available. If your Splunk Enterprise or Splunk Cloud deployment requires mutual TLS authentication in order to receive data from Universal Forwarders, do not upgrade to this release.

PPSID-I-365 CyberArk integration Integrate the Splunk SOAR (On-premises) environment with CyberARK's privileged access management (PAM) cloud-based API solution. Support for legacy on-premises CyberArk releases continues for Splunk SOAR (On-premises), available in the SOAR user interface as CyberArk Legacy. For details, see Use CyberArk Vault Privileged Access Manager with Splunk SOAR (On-premises) in the Manage your organization's credentials with a password vault topic.
Classic to modern playbook migration In preparation for the deprecation of the classic mode of the Visual Playbook Editor (VPE), you can now use a new user interface to convert playbooks developed in the classic VPE to modern playbooks.
All users will see a banner about this deprecation when they open . You can remove this banner for all users.
For details on converting playbooks and on removing the banner, see Convert classic playbooks to modern playbooks.
Playbook filter tabs The modern Visual Playbook Editor (VPE) now has tabs to filter for specific types of playbooks: your organization's customized playbooks, community playbooks, active playbooks, and classic playbooks. For details, see Find playbooks by type in the Find existing playbooks article.
Browser tab differentiation It is now easier to clearly identify browser tabs running Splunk SOAR from tabs running other Splunk products.
PPSID-I-627
internal idea
Increased limit on actions per playbooks Increased the default limit on number of actions per playbook from 50 to 500. To update this setting, see set_action_limit in the Session automation API article.
New management commands New management commands have been added for managing indicators, audit logs, and containers. These commands replace earlier standalone scripts.

See:

See also

Last modified on 21 February, 2024
  NEXT
Known issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters