Review a data set in Postman
After you create an intel workflow, you might want to review the data set before you use it. Splunk Intelligence Management uses the Postman application to display this data set so that you can review and modify the workflow before sending the data set to a third-party tool.
To start the Postman process and review your intel workflow data, complete the following steps:
- Download the Postman application. See https://www.postman.com/downloads/.
- Open the Postman application and log in using your credentials, or create an account if you don't already have one.
You might need to enter more personal or team information if asked in various dialog boxes.
- Select the Workspaces drop-down list, and choose the workspace where you want to import your data set. If you are a new Postman user, you have only one workspace. Select that one.
- Download the intelworkflowpostman.json.zip file.
- Extract the contents of the zip file to access the JSON configuration file for the intel workflow.
- Import the JSON configuration file into Postman.
- Expand Indicator Prioritization (Intel) Workflow, and then select Intel Workflows Demo to see the script.
- Select the Pre-request Script tab.
- From the intel workflow you just created, copy and paste the API key, API secret, and enclave ID into their designated places in the script. To see your intel workflow description, expand the workflow in Splunk Intelligence Management. You can select the clipboard icon ( ) to copy the enclave ID, API key, or API secret.
- Select Send.
- Select the Visualize tab to view the results.
If you're satisfied with the data as it is, you can change the destination of the intel workflow to a third-party tool. Or, you can edit the intel workflow by changing sources and transformations as needed.
Create and manage an indicator prioritization intelligence workflow
Work with safelist libraries as a transformation
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current