View a data set in Postman

After you create an Intel Workflow, you probably want to see the data created before you use it. Splunk Intelligence Management uses the Postman application to display this data so that you can review and modify the workflow as desired before sending the data set to a third-party tool.

Perform the following tasks to start the Postman process:

1. Click this link to open a new browser tab and start the Postman process.
2. Click Run in Postman.
3. Select Postman for Web in the popup window.
4. On the Postman start page, you can either log in (if you already have a Postman account), create a new login or use a Google login. Depending on how you log in, you may need to click through additional screens asking for personal and team information.
5. Select the workspace where your data set (collection) will be imported. If you are new to Postman, you will see a single workspace so just select that one.
6. After you select a workspace, Postman imports the collection and opens it in that workspace. Click Indicator Prioritization (Intel) Workflow to unfold it, then click Intel Workflows Demo to display the script you need to edit.
7. Click the Pre-request Script tab. This displays a generic Splunk Intelligence Management Workflows script.
8. From the intel workflow you just created, copy the API key and paste it into the script. then copy and past the API secret into the script, and, finally, copy and paste the enclave ID into the script. To find your intel workflow information, click on the workflow in Splunk Intelligence Management to expand the description. The right-most box will show the enclave ID, API key, and API secret. Use the clipboard icon to the right of an item to copy it.
9. Click Send.
10. Click the Visualize tab to view the results.

If the results are as expected, then you can change the destination of the intel workflow to a third-party tool. If the results are not what you wanted, you can edit the intel workflow to change sources and/or transformations, as needed.