REST Status
You can manage status using REST. Supported methods are GET, POST, and DELETE.
Statuses are grouped into three categories or types: New, Open, and Resolved. Your business processes may require additional statuses, so Splunk Phantom lets you to create additional statuses in each category, up a to maximum 10 total statuses.
Rules for status labels:
- There must be at least one active status label for each status type, New, Open, and Resolved.
- You can have a maximum of 10 status labels.
- The labels New, Open, and Closed can be deleted, removing them from the active list. These labels cannot be renamed because they are required for backward compatibility with apps and playbooks.
- The name of a status label can consist only of the ASCII characters A-Z, a-z, numerals 0-9, dash ( - ), or underscore ( _ ).
- A status label cannot be more than 20 characters long.
A status label's JSON object includes an "id" field populated with an integer. The integer can be used in many REST API queries in place of the status label's name, such as in filtering. See Query for Data.
To maintain backwards compatibility with apps and existing playbooks, if the status labels New, Open, or Closed have been deleted, ingestion apps and the REST API can still assign the statuses New, Open, and Closed to containers.
/rest/container_status
List all status labels.
Syntax
https://<username>:<password>@<host>/rest/container_status
GET
Get a list of all status labels.
Example request
Get a list of all status labels.
curl -k -u admin:changeme https://localhost/rest/container_status -G -X GET
Example response
A successful GET will return a 200 response, and a JSON formatted list of statuses.
{
"count": 4,
"data": [
{
"disabled": false,
"name": "closed",
"is_mutable": false,
"modified_time": "2019-05-29T20:22:09.466124Z",
"id": 3,
"is_default": true,
"create_time": "2019-05-29T20:22:09.465988Z",
"order": 0,
"status_type": "resolved"
},
{
"disabled": false,
"name": "new",
"is_mutable": false,
"modified_time": "2019-05-29T20:22:09.464784Z",
"id": 1,
"is_default": true,
"create_time": "2019-05-29T20:22:09.464504Z",
"order": 0,
"status_type": "new"
},
{
"disabled": false,
"name": "ripe",
"is_mutable": true,
"modified_time": "2019-05-30T00:06:49.758771Z",
"id": 6,
"is_default": false,
"create_time": "2019-05-30T00:06:49.756331Z",
"order": 1,
"status_type": "new"
},
{
"disabled": false,
"name": "open",
"is_mutable": false,
"modified_time": "2019-05-29T20:22:09.465676Z",
"id": 2,
"is_default": true,
"create_time": "2019-05-29T20:22:09.465519Z",
"order": 0,
"status_type": "open"
}
],
"num_pages": 1
}
POST
Create a new status label.
Request parameters The "System Settings Edit" permission is required to add statuses. An argument string must include the following parameters:
| Field | Required | Type | Description |
|---|---|---|---|
| name | required | string | The name of the new status. |
| status_type | required | string | One of "New", "Open", or "Resolved". |
| is_default | required | bool | A status with "is_default'" set to True becomes the default status. |
Example request
You can create a new status label by supplying a JSON formatted body.
curl -k -u admin:changeme https://localhost/rest/container_status \
-d '{
name: "fresh",
status_type: "new"
}'
Example response
A successful request will result in a 200 response returning the new status id and success as JSON.
{
"id": 4,
"success": true
}
DELETE
Delete a status label.
Example request
The "System Settings Edit" permission is required to delete statuses. Delete a status label with Id 4.
curl -k -u admin:changeme https://localhost/rest/container_status/4 -X DELETE
Example response
A successful request will result in a 200 response returning the new status id and success as JSON.
{
"id": 4,
"success": true
}
| REST Source Control Repository | REST System Settings |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Download manual
Feedback submitted, thanks!