Welcome to Splunk SOAR (On-premises) 7.1.0
The Splunk SOAR (On-premises) platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools to help you orchestrate security workflows, automate repetitive security tasks, and quickly respond to threats.
If you are new to Splunk SOAR (On-premises), read About Splunk SOAR (On-premises) in the Use Splunk SOAR (On-premises) manual to learn how you can use Splunk SOAR (On-premises) for security automation.
If your Splunk SOAR (On-premises) deployment uses the Splunk SOAR Automation Broker see What's new in Splunk SOAR Automation Broker in the Set up and manage Splunk Automation Broker documentation.
Documentation for earlier versions of Splunk SOAR (On-premises)
Where to find older versions of docs that aren't on the new help portal yet.
We are in the process of moving all versions of Splunk SOAR (On-premises) to this new documentation portal. In the interim, you can reach previous documentation versions in the docs.splunk.com portal. Follow this link to documentation for Splunk SOAR (On-premises) version 6.0.1. From there, use the version selector tool to view documentation for other versions. If you select a version that is already in the new documentation portal, you will be automatically redirected to the new portal.
December 4, 2025 Release 7.1.0
Enhancements for Splunk SOAR (On-premises) version 7.1.0
Important updates
Python version update
Python 3.13 support is now available across Splunk SOAR, helping you stay ahead of the upcoming end-of-life of Python 3.9.
In Splunk SOAR (Cloud) 7.1.0, both Python 3.9 and Python 3.13 are supported. Splunk SOAR will automatically attempt to migrate your automation code in Playbooks and Custom Functions to Python 3.13 within 24 hours of when your deployment is upgraded.
If any of your Python code is not able to be migrated, your automation code remains on Python 3.9. Your Python code might not be able to be migrated if it meets one or more of these criteria:
-
Uses a core Python module that does not exist in Python 3.13
-
Uses a library that does not explicitly list Python 3.13 as a supported version in the
python_classifiersfield in the library package metadata -
Contains linting errors that cannot be safely ignored. For example, a Python Syntax error.
To find Python code that was not able to be migrated, view the new Python update required tab on the Playbooks, Apps, and Custom Function list pages. You can see errors in the respective editor for the automation type (playbooks, custom functions, and apps).
For more information, see How SOAR (On-premises) Uses Python, in Administer Splunk SOAR (Cloud).
Removed feature: Splunk Mobile App for Splunk SOAR (On-premises)
As of this release, the Splunk Mobile App for Splunk SOAR (On-premises) feature is removed.
What's new in Splunk SOAR (Cloud)
| Splunk Idea | Feature | Description |
|---|---|---|
| Improved connector configuration | New guided flow for configuring connectors, including connector documentation on the same page. For details, see Add, edit, or delete a Splunk SOAR (On-premises) asset . | |
|
Automated migration to Python 3.13 |
New button to migrate your playbooks and custom functions to the currently supported Python version by automatically installing Python 3.13-compatible dependencies. This new button is located on the Playbooks and Custom functions lists, under the Python Update Required tab. For details, see Update Python version for existing custom code and Update Python version for existing custom functions in the Build Playbooks documentation. |
This version of Splunk SOAR now uses Splunk Universal Forwarder version 10.0.0.