Before upgrading Splunk App for SOAR Export, back up your files from the command line by copying the complete directory $SPLUNK_HOME/etc/apps/phantom to another location that's not under $SPLUNK_HOME/etc/apps.

To upgrade to Splunk App for SOAR version 4.3.21, complete the following steps in order:

1. Upgrade to Splunk CIM (Splunk Common Information Model) version 6.0.x or install Splunk Enterprise Security version 8.0.x.
2. Upgrade to Splunk App for SOAR version 4.3.21.

Detailed steps:

1. From Splunkbase, download version 6.0.x of Splunk CIM or version 8.0.x of Splunk Enterprise Security.
2. Go to your Splunk Enterprise instance.
3. In the apps panel, click the gear icon.
4. Select Install app from file.
5. Upload the app file you downloaded from Splunkbase.
6. Select the checkbox to upgrade the add-on. Making this selection overwrites the add-on if it already exists.
7. Your Splunk Enterprise instance restarts to complete the upgrade.
8. Repeat the previous steps, downloading version 4.3.21 of Splunk App for SOAR Export from Splunkbase.