Splunk® SOAR (Cloud)

REST API Reference for Splunk SOAR (Cloud)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

REST administration

/rest/indicator_cef_filter

/rest/indicator_cef_filter

List all indicator_cef_filter records.

GET

List all indicator_cef_filter records.

Response values

Field Required Type Description
cef_type string Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom.
cef number The ID of the associated CEF record.
cef_name string The name of the associated CEF record.
apply_filter Boolean Returns true if the associated CEF record will be filtered out during indicator creation.

JSON response

<div>
{
    "count": 155,
    "data": [
        {
            "cef_name": "dmac",
            "cef": 1,
            "cef_type": "default",
            "id": 1,
            "apply_filter": false
        },
        {
            "cef_name": "act",
            "cef": 2,
            "cef_type": "default",
            "id": 2,
            "apply_filter": false
        }
],
    "num_pages": 16
}

/rest/indicator_cef_filter/[ID]

/rest/indicator_cef_filter/[ID]

Get a particular indicator_cef_filter record by ID.

GET

Get a particular indicator_cef_filter record by ID.

Response values

Field Required Type Description
cef_type string Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom.
cef number The ID of the associated CEF record.
cef_name string The name of the associated CEF record.
apply_filter boolean Returns true if the associated CEF record will be filtered out during indicator creation.

JSON response

<div>
{
    "cef_name": "dmac",
    "cef": 1,
    "cef_type": "default",
    "id": 1,
    "apply_filter": false
}

POST

Get a particular indicator_cef_filter record by ID.

Request parameters

Field Required Type Description
apply_filter boolean Returns true if the associated CEF record will be filtered out during indicator creation.


JSON request

<div>
{
    "apply_filter": true
}

/rest/license

/rest/license

Automate loading your Splunk SOAR license.

POST

Automate loading your Splunk SOAR license.

JSON request

   "license":"<license>"

}


License formatting

The license must be a single line with the \n character encoded for new lines, as in the following example:

"license":"-----------------------BEGIN LICENSE------------------------\nUVpONWpVREV1RXl5WWlvRlMrZDF4T2JYcW1mRkttSGRKZmRPZUNvYWo5bm5Q\nb3hsYWcwRkNNYTJOYUwzdm5WaVhodGZNenFzOVZaSUlWdWtJdFl2THlQU2xm\nVGlYRlRCRy95V2NlUDh1d25XUFJNK2lhNWtmNWNnNlVRR3YzU01FYU8rSWt1\nN3plcDBBSlZwNlpZcTMzMHlwSzA2OWZDUFZm ... "
Last modified on 18 September, 2024
Use a Custom Script   REST Aggregation Rules

This documentation applies to the following versions of Splunk® SOAR (Cloud): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters