REST administration
/rest/indicator_cef_filter
/rest/indicator_cef_filter
List all indicator_cef_filter
records.
GET
List all indicator_cef_filter
records.
Response values
Field | Required | Type | Description |
---|---|---|---|
cef_type | string | Whether or not the CEF record is created by Splunk Phantom or the customer. The possible CEF types are default or custom .
| |
cef | number | The ID of the associated CEF record. | |
cef_name | string | The name of the associated CEF record. | |
apply_filter | Boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON response
<div> { "count": 155, "data": [ { "cef_name": "dmac", "cef": 1, "cef_type": "default", "id": 1, "apply_filter": false }, { "cef_name": "act", "cef": 2, "cef_type": "default", "id": 2, "apply_filter": false } ], "num_pages": 16 }
/rest/indicator_cef_filter/[ID]
/rest/indicator_cef_filter/[ID]
Get a particular indicator_cef_filter
record by ID.
GET
Get a particular indicator_cef_filter
record by ID.
Response values
Field | Required | Type | Description |
---|---|---|---|
cef_type | string | Whether or not the CEF record is created by Splunk Phantom or the customer. The possible CEF types are default or custom .
| |
cef | number | The ID of the associated CEF record. | |
cef_name | string | The name of the associated CEF record. | |
apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON response
<div> { "cef_name": "dmac", "cef": 1, "cef_type": "default", "id": 1, "apply_filter": false }
POST
Get a particular indicator_cef_filter
record by ID.
Request parameters
Field | Required | Type | Description |
---|---|---|---|
apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON request
<div> { "apply_filter": true }
/rest/license
/rest/license
Automate loading your Splunk Phantom license.
POST
Automate loading your Splunk Phantom license.
JSON request
"license":"<license>" }
License formatting
The license must be a single line with the \n
character encoded for new lines, as in the following example:
"license":"-----------------------BEGIN LICENSE------------------------\nUVpONWpVREV1RXl5WWlvRlMrZDF4T2JYcW1mRkttSGRKZmRPZUNvYWo5bm5Q\nb3hsYWcwRkNNYTJOYUwzdm5WaVhodGZNenFzOVZaSUlWdWtJdFl2THlQU2xm\nVGlYRlRCRy95V2NlUDh1d25XUFJNK2lhNWtmNWNnNlVRR3YzU01FYU8rSWt1\nN3plcDBBSlZwNlpZcTMzMHlwSzA2OWZDUFZm ... "
Use a Custom Script | REST Aggregation Rules |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!