Splunk® Enterprise Security

Detect Unknown Threats with Behavioral Analytics Service

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Enable or disable a detection for a tenant

Use the following REST endpoints to enable or disable a detection for a tenant:

Enable a detection for a tenant

 {tenant}/ssa-tenant-management/v1alpha1/detections/{detectionId}/enable

Use this endpoint to enable a detection for a tenant.

Authentication and authorization
ssa.cms.detection.policies.write

Usage details

POST

tenant (String): Name of tenant

detectionId (String): ID of the detection to enable

Request parameters
None

Returned parameters
None.

Example request and response

XML request

curl --location --request POST 'https://app.playground.scs.splunk.com/ssatest/ssa-tenant-management/v1alpha1/detections/dbc30554-d27e-11eb-9e5e-acde48001122/enable' \
--header 'Authorization: Bearer $BEARER_TOKEN'

XML response


HTTP/2 200
x-request-id: 36757ff0-44db-9ab7-95c5-b4e125ce6bcf
content-length: 0
date: Wed, 08 Jun 2022 00:42:08 GMT
x-envoy-upstream-service-time: 17
server: istio-envoy
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Authorization
x-content-type-options: nosniff
x-frame-options: DENY

Disable a detection for a tenant

 {tenant}/ssa-tenant-management/v1alpha1/detections/{detectionId}/disable

Use this endpoint to disable a detection for a tenant.

Authentication and authorization
ssa.cms.detection.policies.write

Usage details

POST

tenant (String): Name of tenant

detectionId (String): ID of the detection to enable

Request parameters

tenant (String): Name of tenant

detectionId (String): ID of detection to disable

Returned parameters
None.

Example request and response

XML request

curl --location --request POST 'https://app.playground.scs.splunk.com/ssatest/ssa-tenant-management/v1alpha1/detections/dbc30554-d27e-11eb-9e5e-acde48001122/disable' \
--header 'Authorization: Bearer $BEARER_TOKEN'

XML response


HTTP/2 200
x-request-id: 36757ff0-44db-9ab7-95c5-b4e125ce6bcf
content-length: 0
date: Wed, 08 Jun 2022 00:42:08 GMT
x-envoy-upstream-service-time: 17
server: istio-envoy
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Authorization
x-content-type-options: nosniff
x-frame-options: DENY
Last modified on 11 August, 2022
How behavioral analytics service calculates risk scores   Install and configure Splunk Connect for Mission Control

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters