Splunk® SOAR (On-premises)

Release Notes

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Welcome to Splunk SOAR (On-premises) 6.3.1

The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.

If you are new to , read About in the Use manual to learn how you can use for security automation.

If your deployment uses the Splunk SOAR Automation Broker see see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.

November 13, 2024 Release 6.3.1

What's new in

This release of includes the following enhancements.

Splunk idea Feature Description
PPSID-I-180, PPSID-I-483  Guided automation Introducing a new streamlined workflow for building playbooks. The new data preview panel overlays real incident and playbook data directly onto the playbook editor for faster, more accurate automation. For details, see Use Data Preview to build, test, and edit playbooks.
Playbook debugger and Python editor updates The playbook debugger and Python editor have moved; they are now included as tabs in the new Data Preview panel. For details, see Use Data Preview to build, test, and edit playbooks.

The Python editor now has additional functionality, including the ability to wrap lines of code, focus on a specific block, and view looping functionality for a specific block. For details, see View or edit the Python code in playbooks.
Performance improvements This release features up to a 2x improvement in automation throughput. can now handle more playbooks, custom functions, and actions simultaneously.*
Deactivate dashboard widgets You can now deactivate individual home dashboard widgets for all users. For details, see Manage dashboard widgets in .
Home menu Administration section reorganized The Administration menu has been reworked.
  • The Product Settings menu has been changed to better group settings by their function. Some items have been moved.
    • The Investigations menu item consolidates toggling the Authorized Users and Clickable URLs into one page, while adding a new UI toggle for Indicators.
    • New entries for Connectors, Investigations, Manage Widgets, and Playbook Automation have been added.
    • The Telemetry entry has been renamed to Data Sharing and is located under Product Settings.

For details, see the relevant sections of Administer .

New settings toggles You can now toggle many features on or off from the reorganized Product Settings section of the Administration menu. Several new items have been added.
  • Enable Indicators, available under Investigations
  • Enable Multiple Conditions for VPE Blocks, available under Playbook Automation
  • Enable Playbook Resource Scoring, available under Playbook Automation
  • Enable Check SOAR Connector Version, available under Connectors

For details, see the relevant sections of Administer .

* Based on internal testing when compared with Splunk SOAR (Cloud) version 6.2.2. Results cited are for illustration. Performance depends on individual use, configuration, and other factors.


See also

Last modified on 13 November, 2024
  Known issues for

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.3.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters