Splunk® Intelligence Management (Legacy)

Developer Guide

REST API v1.3

The Splunk Intelligence Management REST API enables you to easily synchronize report information available in Splunk Intelligence Management with the monitoring tools and analysis workflows you use in your infrastructure. All API access is over HTTPS, and all data is transmitted securely in JSON format.

Version 2.0 of the Splunk Intelligence Management REST API was introduced in May, 2021. While Splunk Intelligence Management still supports version 1.3, you should use version 2.0 when building new custom applications.

Related links

API coverage

The API provides endpoints for these functional areas of the Splunk Intelligence Management platform:

Function Description
Basic commands Endpoints for Ping, Version, and for requesting your API quota information.
Reports Endpoints that manage reports, including submit, update, share (with or without redaction), copy, move, delete, search for reports, find correlated reports, and get report status.
Indicators Endpoints that work with Indicators, including submit, find/search, and summaries.

This section also includes commands for working with safelists (whitelists), including fetching the safelist contents and adding and deleting items from the safelist.

Tags Endpoints for using tags with Reports and Indicators.
Enclaves Fetches the list of all enclaves that the user has access to, as well as whether they can read, create, and update reports in that enclave.
Phishing Triage Endpoints to retrieve prioritized phishing emails and their associated indicators, as well as to set the status of the email.

In addition, the API provides error codes that can help you troubleshoot an integration.

Last modified on 16 March, 2023
Use the Python SDK to interact with the REST API   REST API v2.0

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters