Splunk® Intelligence Management (Legacy)

User Guide

Review a data set in Postman

After you create an intel workflow, you might want to review the data set before you use it. Splunk Intelligence Management uses the Postman application to display this data set so that you can review and modify the workflow before sending the data set to a third-party tool.

To start the Postman process and review your intel workflow data, complete the following steps:

  1. Download the Postman application. See https://www.postman.com/downloads/.
  2. Open the Postman application and log in using your credentials, or create an account if you don't already have one.

    You might need to enter more personal or team information if asked in various dialog boxes.

  3. Select the Workspaces drop-down list, and choose the workspace where you want to import your data set. If you are a new Postman user, you have only one workspace. Select that one.
  4. Download the intelworkflowpostman.json.zip file.
  5. Extract the contents of the zip file to access the JSON configuration file for the intel workflow.
  6. Import the JSON configuration file into Postman.
    1. Select Import.
    2. Select files.
    3. Select the JSON configuration file from the location you downloaded.
    4. Select Open to see your Collections folder.
  7. Expand Indicator Prioritization (Intel) Workflow, and then select Intel Workflows Demo to see the script.
    This figure displays a screenshot of the Intel Workflows Demo to display the script you need to edit
  8. Select the Pre-request Script tab.
    This figure is a screenshot of the Pre-request Script tab to display a generic TruSTAR Workflows script.
  9. From the intel workflow you just created, copy and paste the API key, API secret, and enclave ID into their designated places in the script. To see your intel workflow description, expand the workflow in Splunk Intelligence Management. You can select the clipboard icon ( clipboard ) to copy the enclave ID, API key, or API secret.
  10. Select Send.
  11. Select the Visualize tab to view the results. Visualize tab.png

If you're satisfied with the data as it is, you can change the destination of the intel workflow to a third-party tool. Or, you can edit the intel workflow by changing sources and transformations as needed.

Last modified on 19 April, 2023
Create and manage an indicator prioritization intelligence workflow   Work with safelist libraries as a transformation

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters