REST Playbook
/rest/playbook/<id>
Update a playbook.
Syntax
https://<username>:<password>@<host>/rest/playbook/<id>
POST
Toggle the status of a playbook between active and inactive. This determines whether or not the playbook will start automatically when an event is ingested with a label matching the playbook's label.
Request parameters
Playbooks are modified with the following parameters. No other fields may be updated at this time.
Field | Required | Type | Description |
---|---|---|---|
active | optional | boolean | Sets the playbook as active or inactive, when active, the playbook will run on ingested events with a corresponding label. Playbooks in draft mode cannot be marked active. |
cancel_runs | optional | boolean | Setting this to true when transitioning from active to inactive will cancel any current playbook runs associated with the playbook. |
Example request
Set playbook Id 42 as inactive and cancel the playbook runs.
curl -k -u admin:changeme https://localhost/rest/playbook/42 \ -d '{ "active": false, "cancel_runs": true }'
Example response
A successful POST will return back a descriptive message and success indicator.
{ "message": "Operation successful", "success": true }
/rest/import_playbook
POST
Import a playbook.
Request parameters
Field | Required | Type | Description |
---|---|---|---|
playbook | Required | String | The base64 encoded playbook tar file that you want to import. |
scm/scm_id | Required | Name or ID of the repository. | The repository where the playbook is saved. |
force | Optional | Boolean | Set to true to override an existing playbook in the same repository with the same name. |
Example request
Import a playbook.
curl -k -u admin:changeme https://localhost/rest/import_playbook \ -d '{ "playbook": "H4sIAC0zs14C/+1c227bOBD1s76CUB+S7EaOJEu+BG2BohdgX4pFm31qA4GSKFuNTBoUncQN/O9LUpJjObZE2dlkg4hA4wvPcIa30QwPa3QLp7MEebMELnxCrrqzReexi8lLv++IV2vgmuuvoliObXesXt91+j3LcayOafWtntUBZucJyjxlkALQmU0gZmS6E1dXn3dm9fpCiq7rmvinxdMZoQzk3ezSeYJSANPii6L+V0qwFlEyBSFkiMVTBPKa4vMpEH9DlDCohSgCBHtiiNlxQDCDMUb05FwDvBSqQuTPx8dHK9wJCGCSoPDoRJM4iticYq1oLIpxnE7uWzsF6Xw6hXSxs9lcYq1dgXsDLiZxCqI5DlhMMODvs3oAI4Yo4O8BlFV8HCgCAREbhaGwm4vnagGJJJZNUI4HEIdnJGshRNzKJJWgrLFcOoAY+KJVrjLgrYIJoqirldv2xHCDd6s+jRHz8qrjohdxBI4oSucJOwIxLklmA5LBImGQtMDL0JvgH0Url/di9xoK0Tn24lAqKjVWFsnESoB0oxflyuNS8+9KlT82dF+egqzC4ysOvvsCk5SvuSiBjCGcfTzZYk15WZTVlxZa51UVtOn/xVJ4Uv/vWK5tbfp/x+23/v8pyp1c+bqfkOAqWejnIJL7qfStdztNeI3+lr++f3sm/uo5IuBOf0yoENT/wfmn+DcKVwACed3dakPqYtOWvslgCYKYf83oPFd+X0VC5ElLhBJ9ozZEaUDjmdjN26onMJ2I74f2MIR8pTkjFIyCcAT7/YHtO5Zt27DvDsKRFUQjO/I35X+RGLMH5mZ2oSRJedWPB1Wi3G39VgqawqDvG5pKCEsgLqoQtkB8qEL0BOJbFcKp1SK85DUqL4rtQDxOBM6swjBG061DWYJ1fRhcjSmZ47AWLAWiOJGr80228Sr6sxJJGSVXSAq5H/uDQU+vlFme1pjMH+KEGj5sbHLvo+M4nw7UTubsbx6Ape+7Ig4z+Ec1KyiKhBHrA36qJGXciqnuuo9tdv7OJ+FCrQcCroSU6FjMji6G51RNgC1mqBCplVgeNhosZnIH3anPQK+nOF1iNIcKWIZumfRNFx++XRy2KMc8zhLBslqPwjgV8YfQjQlGh6pGlBKqppnMYBAzodk8UGkciBxiCscNZ9FSmcXbJMZX55N8x57FODjjD9azeDo+k09GT2jP0qduej0+dAAxYShtPHXZM1rbb5NUGJU17Ik4QKjZlVP+xGpJ5U+cIbNov+rxJySEc1ypfsOFYGgQnCyANApcx+gG8OEC8JqnedDne1ilQWmTmPwacCrQCs9fPgxYZpEeI6vGH8ZS22REGoThFG2JnnbBC79YCedxNZl6RY9V4flAK0BFZKYIVeledRy5GVN6WcsKM3MPXsWwDUTWhq+BVD40dRLZ89CyrOEA9RwDQTgwnMC1jdHIjwwr9J3AR45ju5VrOsbyKS4C4csKmLDp0faRbIzIyYKJkmaVDcd9LPKQjOEsuw5XNDioAKqsu8LVVoPmUx/Rmvia0FBiqrpYxFw705Z15G5XXjXcs7z9mjBfBJwzxWeMXM2KQZ5allGOvZpFndsj+SiKFMPKlSyPFTCqd9Tbowcx0WZDobW0RyRKysLL06aDyXcwSg4YzWbmaY/YCb256XzJp3H+4GjYYUjHaWMpKbmQC6CR3LLhcincV4Ii9lyzsdfQ7mF5vdUKFuuqqXfrqVpP1Xqqx/dUNB5PXqiramD68tCzqL2ScOXu6fJUw6zZ8vmyMPezhaLrmMxTryBv6wLolYBKSJ5OyI23Crlrsug0/l1/4KNPkJzec+A6NcNyE4dMMBbD/UaGpyXy0E3P8pMa5Lw28yiOJfMzwSpkfigQENj9LpR/rjxP1m8gVUlSf4tlojUYhjri5XMt8fK1lnj51JImL500yY8tcspBMcN8bspk0+gnIUxi3JQv4RL/I7qkYDU+f/3Uchr/LaehRlMgHL4WkqLirtouuuLBZbUMuP9ttUJ+z+tqhfj2+2oFmaJ2Y63AVl1ZyzAZrsmdtXu5ex11l9bKMpncM95a22ZO5bW1lsp6wE21VNbrpbJG0PT9wTA03KHrGw7/a4xQ6Bi2HUE3suDQMXuKVJZWR0jsxY28LBLMdlVJsEq67HlYMFuRBWuprPaAuD0gfi0HxC2VpWhxS2W1nqr1VM/oqVoqS+mc8AmorL7TUlnrydmTU1momkhqSGSJY+DnobHsR6KxGvFGy2c7Nsly8t4wHKLQDI2hb0aGg2DfGDkDxzDNXmQFvm2Go+EjXC9tU7o2UGoDpTala1O6NqVrPVXrqdqUrk3pdqd0tq2S0vX3zFuapVGWOVTMo+yRs5dB6ynNX5j7Lr0mUelpahNzqVWYsMbpaFsg+mzBJjyTuEY0zbNeuztYs0xPgwmaip+KWPsPsvoa3DJHptk1u27XzTQsi5+coIhnjp74FSLZrGmbhukaZv/Cts7d4bnb7w7dgTlw/zTN89XdNz2kMGLeNGPn1n8FQ3qyMiuo/5GpzFMNncFxlnpoy05b2tKWtryM8i/Q857rAFAAAA==", "scm": "local", "force": "true" }'
Example response
A successful POST will returns a success indicator and an import message.
{ "success": true, "message": [ true, "Playbook \"example_playbook\" imported" ] }
/rest/playbook/<id>/export
GET
Export a playbook.
Example request
Export a playbook.
curl -k -u admin:changeme --output <FILE> https://localhost/rest/playbook/1/export
Example response
A successful GET returns an x-gzip file to the location set in the --output
flag.
REST Notification | REST Roles and Permissions |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!