Splunk SOAR 6.2 Introduces New Automation Features, Workload Migration, and Firewall Integrations

The Splunk team is proud to announce the release of Splunk SOAR 6.2 (Security Orchestration Automation and Response). We’ve been hard at work developing the latest and greatest features for this update, several of which have come from requests and suggestions from our users over on Splunk Ideas. SOAR 6.2 allows users to configure logic loops directly in the Visual Playbook Editor with an intuitive user interface, eliminating the need for custom code, as well as integrating the Splunk SOAR cloud environment with CyberARK's privileged access management solution. In addition to these features, the release also includes a new set of firewall management apps for two highly requested products and a new user interface that will allow customers to convert playbooks developed in the classic Visual Playbook Editor to modern playbooks.

Let’s take a closer look at some of the new features and updates for Splunk SOAR 6.2

• Logic Loops: This new feature makes it easier than ever for security engineers and analysts to save time and cut down on repetitive manual tasks. This iterative function allows users to automatically retry playbook actions if they fail, or continue executing the rest of the playbook when an action succeeds. Loops can run up to a specified number of times or exit early by specifying an exit condition. In between loops, a pause time can be specified, which introduces a wait time before starting the next iteration in the loop. While waiting for the next iteration of the loop to begin, the playbook will give up its runner to another playbook, meaning a playbook waiting for its next iteration won’t consume a runner resource. This function can be applied to use cases like sandbox engines for malicious URL quarantine and remediation, as well as forensic investigation workflows.

• CyberARK Integration: We’re making it easier than ever for security teams to migrate their workloads to the cloud with support for CyberARK's privileged access management solution in Splunk SOAR cloud. This will help SOAR on-premises customers migrate to the cloud, while also ensuring that security teams have a simplified experience during the installation and upgrade process.

• Firewall Manager Apps: This release features new app integrations for Panorama and FortiManager. We’ve heard your requests for integration options with these powerful firewall tools and we’re happy to add these to our ever growing list of supported apps. Panorama users can draft and deploy custom firewall policies, introduce and manage External Dynamic Lists, manage address groups from creation, modification, deletion and much more. FortiManager users can now easily create, delete, and update ADOM firewall policies as well as quickly block ADOM level IPs and URLs and more!

Over the coming weeks, we’ll provide an in depth look at each of these new features in dedicated blogs and videos. Be sure to check back each week in the month of December for more information.

What’s on the Horizon

The Splunk SOAR team is already hard at work on the next version release and we’ll have more to share about the newest features, playbooks, and much more in 2024. One upcoming change that we want to make sure our users know about involves the classic version of the Visual Playbook Editor.

When version 6.3 of Splunk SOAR arrives next year, we will be removing the classic version of the Visual Playbook Editor. The modern version of the Visual Playbook Editor isn’t going anywhere. Back in version 5.0.1, we introduced the modern version of the Visual Playbook Editor, which made it easier than ever for users to create and modify playbooks, regardless of their level of coding experience. This version added improved readability, vertical orientation, and a slew of new options for creating playbook blocks.

We want to make it as easy as possible for users currently using any playbooks made with the classic editor to be able to convert their playbooks to the modern editor. In our previous release, (6.1.1) we added a command line interface (CLI) tool for on-premises users to migrate their classic playbooks to modern playbooks. With the release of Splunk SOAR 6.2, the same migration capability is available from the Splunk SOAR user interface (UI) and is available for both cloud and on-premises users.

Upgrade to SOAR 6.2 Today

Splunk SOAR 6.2 updates are available today in both cloud and on-prem environments. We are excited to see how users will apply these new features and updates to enhance their approach to automation. Be sure to let us know what you think of Splunk SOAR 6.2 over in the Splunk SOAR Community and if you have an idea or request for a new feature, please let us know by submitting them to Splunk Ideas.

If you didn’t have the chance to join our recent Tech Talk that went over this release, be sure to give the On-Demand recording of the session a watch here.

For more information about Splunk SOAR 6.2, be sure to check out the release notes. Over the coming weeks, we’ll also have individual blogs that take a deeper look at the new features found in this release which you won’t want to miss.

Get out there and get automating!