Case Management Integrations with REST API v1.3
Integrating a Case Management tool with Splunk Intelligence Management provides the ability to enrich data in Splunk Intelligence Management and then return that enriched data to the tool as well as share it with other teams in your organization. See Configuration requirements to learn about the configuration details required for all integrations.
Recommended Functionality
Case Management integrations focus on working with reports (or events). Include the following REST API v1.3 commands in your integration:
- Submit a report
- Enrich Observables in a Report using Get Indicator Summaries or Get Indicator Metadata. You can also filter observables using these commands.
- Copy a report to another enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in Splunk Intelligence Management.
- Move a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in Splunk Intelligence Management.
- Add Indicators to Company Safelist
Optional Functionality
You can use these commands to add functionality for Indicators:
You can include two additional commands that support the triage of Phishing emails:
You must have the Phishing Triage feature activated in Splunk Intelligence Management to use these commands.
| Access threat intelligence using the interfaces in Splunk Intelligence Management | Detection Integrations with REST API v1.3 |
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current
Download manual
Feedback submitted, thanks!