REST administration

/rest/indicator_cef_filter

/rest/indicator_cef_filter

List all indicator_cef_filter records.

GET

Expand

List all indicator_cef_filter records.

Response values

Field	Type	Description
cef_type	string	Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are `default` or `custom`.
cef	number	The ID of the associated CEF record.
cef_name	string	The name of the associated CEF record.
apply_filter	Boolean	Returns `true` if the associated CEF record will be filtered out during indicator creation.

JSON response

<div>
{
    "count": 155,
    "data": [
        {
            "cef_name": "dmac",
            "cef": 1,
            "cef_type": "default",
            "id": 1,
            "apply_filter": false
        },
        {
            "cef_name": "act",
            "cef": 2,
            "cef_type": "default",
            "id": 2,
            "apply_filter": false
        }
],
    "num_pages": 16
}

/rest/indicator_cef_filter/[ID]

/rest/indicator_cef_filter/[ID]

Get a particular indicator_cef_filter record by ID.

GET

Expand

Get a particular indicator_cef_filter record by ID.

Response values

Field	Type	Description
cef_type	string	Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are `default` or `custom`.
cef	number	The ID of the associated CEF record.
cef_name	string	The name of the associated CEF record.
apply_filter	boolean	Returns `true` if the associated CEF record will be filtered out during indicator creation.

JSON response

<div>
{
    "cef_name": "dmac",
    "cef": 1,
    "cef_type": "default",
    "id": 1,
    "apply_filter": false
}

POST

Expand

Get a particular indicator_cef_filter record by ID.

Request parameters

Field	Required	Type	Description
apply_filter		boolean	Returns `true` if the associated CEF record will be filtered out during indicator creation.

JSON request

<div>
{
    "apply_filter": true
}

/rest/license

/rest/license

Automate loading your Splunk SOAR license.

POST

Expand

Automate loading your Splunk SOAR license.

JSON request

   "license":"<license>"

}

License formatting

The license must be a single line with the \n character encoded for new lines, as in the following example:

"license":"-----------------------BEGIN LICENSE------------------------\nUVpONWpVREV1RXl5WWlvRlMrZDF4T2JYcW1mRkttSGRKZmRPZUNvYWo5bm5Q\nb3hsYWcwRkNNYTJOYUwzdm5WaVhodGZNenFzOVZaSUlWdWtJdFl2THlQU2xm\nVGlYRlRCRy95V2NlUDh1d25XUFJNK2lhNWtmNWNnNlVRR3YzU01FYU8rSWt1\nN3plcDBBSlZwNlpZcTMzMHlwSzA2OWZDUFZm ... "

Related answers from Splunk Community

REST administration

/rest/indicator_cef_filter

GET

/rest/indicator_cef_filter/[ID]

GET

POST

/rest/license

POST

License formatting

Comments

Was this topic useful?