Welcome to Splunk SOAR (On-premises)
The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.
If you are new to Splunk SOAR (On-premises), read About Splunk SOAR (On-premises) in the Use Splunk SOAR (On-premises) manual to learn how you can use Splunk SOAR (On-premises) for security automation.
If your Splunk SOAR (On-premises) deployment uses the Splunk SOAR Automation Broker see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.
Documentation for earlier versions of Splunk SOAR (On-premises)
Where to find older versions of docs that aren't on the new help portal yet.
We are in the process of moving all versions of Splunk SOAR (On-premises) to this new documentation portal. In the interim, you can reach previous documentation versions in the docs.splunk.com portal. Follow this link to documentation for Splunk SOAR (On-premises) version 6.0.1. From there, use the version selector tool to view documentation for other versions. If you select a version that is already in the new documentation portal, you will be automatically redirected to the new portal.
April 22, 2026 Release 8.5.0
enhancements found in Splunk SOAR (On-premises) version 8.5.0
Important updates
Python 3.9 support extended
To provide you with additional time to migrate your Python 3.9 automations, we are extending support for Python 3.9 in Splunk SOAR. Support for Python 3.9 will be removed in a future release. For details on requirements for upgrading Python, see the release notes for Splunk SOAR (On-premises) version 7.1.0.
For details on the self-service migration feature within the SOAR UI, automation scripts, and linting tools, see the list of references in How SOAR (On-premises) uses Python.
What's new in Splunk SOAR (Cloud)
| Splunk Idea | Feature | Description |
|---|---|---|
| System insights |
Gain real-time visibility into your actions and playbook health with SOAR's enhanced event forwarding to Splunk. Splunk App for SOAR has new, intuitive dashboards – including more comprehensive metrics, direct links to run logs, and flexible alerting options – providing you with more precision and agility. For details, see System insights in the Splunk App for SOAR documentation. |
|
|
Automation Integrations in Enterprise Security *Requires Enterprise Security 8.5 or higher |
Bring alerts from third-party apps into Enterprise Security, empowering analysts to triage and investigate with all relevant information in one place. Microsoft 365 and IMAP v2 apps can create findings in the Analyst Queue, so analysts have access to full email content at their fingertips. Use the new Apps page in Enterprise Security to manage and configure apps. Build apps with the SOAR SDK to integrate third-party sources and create findings in the Analyst Queue. For details, see Configure Splunk SOAR apps in Splunk Enterprise Security in the Administer Splunk Enterprise Security documentation |