After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
REST administration
/rest/indicator_cef_filter
/rest/indicator_cef_filter
List all indicator_cef_filter
records.
GET
List all indicator_cef_filter
records.
Response values
Field | Required | Type | Description |
---|---|---|---|
cef_type | string | Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom .
| |
cef | number | The ID of the associated CEF record. | |
cef_name | string | The name of the associated CEF record. | |
apply_filter | Boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON response
<div> { "count": 155, "data": [ { "cef_name": "dmac", "cef": 1, "cef_type": "default", "id": 1, "apply_filter": false }, { "cef_name": "act", "cef": 2, "cef_type": "default", "id": 2, "apply_filter": false } ], "num_pages": 16 }
/rest/indicator_cef_filter/[ID]
/rest/indicator_cef_filter/[ID]
Get a particular indicator_cef_filter
record by ID.
GET
Get a particular indicator_cef_filter
record by ID.
Response values
Field | Required | Type | Description |
---|---|---|---|
cef_type | string | Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom .
| |
cef | number | The ID of the associated CEF record. | |
cef_name | string | The name of the associated CEF record. | |
apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON response
<div> { "cef_name": "dmac", "cef": 1, "cef_type": "default", "id": 1, "apply_filter": false }
POST
Get a particular indicator_cef_filter
record by ID.
Request parameters
Field | Required | Type | Description |
---|---|---|---|
apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON request
<div> { "apply_filter": true }
/rest/license
/rest/license
Automate loading your Splunk SOAR license.
POST
Automate loading your Splunk SOAR license.
JSON request
"license":"<license>" }
License formatting
The license must be a single line with the \n
character encoded for new lines, as in the following example:
"license":"-----------------------BEGIN LICENSE------------------------\nUVpONWpVREV1RXl5WWlvRlMrZDF4T2JYcW1mRkttSGRKZmRPZUNvYWo5bm5Q\nb3hsYWcwRkNNYTJOYUwzdm5WaVhodGZNenFzOVZaSUlWdWtJdFl2THlQU2xm\nVGlYRlRCRy95V2NlUDh1d25XUFJNK2lhNWtmNWNnNlVRR3YzU01FYU8rSWt1\nN3plcDBBSlZwNlpZcTMzMHlwSzA2OWZDUFZm ... "
Use a Custom Script | REST Aggregation Rules |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Feedback submitted, thanks!