Splunk® SOAR (Cloud)

REST API Reference for Splunk SOAR (Cloud)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

REST Command Run

Administer your system with system management commands.

/rest/command_run

Syntax

https://<username>:<password>@<instance_name>/rest/command_run

Usage details
The account used must have the following permissions depending on the type of request:

  • GET - View System Settings permissions
  • POST - Edit System Settings permissions

POST

Runs the specified command in the background, providing a run ID to check the status.

Request parameters
See Create a container for the full parameters.

Example request
JSON body:

  • name: name of command to run (for example, diag)
  • args: Array of argument values, as you would pass them when running a command on the terminal, with each array element being a space separated terminal argument.
curl -k -u soar_local_admin:changeme https://localhost/rest/command_run \
-d '[
{
"name": "playbooks_to_py3",
"args": ["local/testplaybook", "local"]
}
]'

Example response
A successful POST returns a success indicator and the Id of the updated container.

[
{
"success": true,
"id": <id>;
}
]

GET

Get the status of all command runs executed.

Request parameters
A GET request to the /rest/command_run endpoint requires no arguments and returns a list.

Example request
Get the status of all command runs executed.

curl -X GET -u 'https://<username>:<password>@<instance_name>/rest/command_run

Example response
A successful GET will return a 200 response, and a JSON formatted list of the installed and launched automation brokers and their settings.

{
tbd
}

/rest/command_run/<id>

Syntax

https://<username>:<password>@<instance_name>/rest/command_run/<id>

Usage details
The account used must have the following permissions depending on the type of request:

  • GET - View System Settings permissions
  • POST - Edit System Settings permissions


GET

Get the status of all command runs executed.

Request parameters
A GET request to the /rest/command_run/<id> endpoint requires no arguments and returns a list.

Example request
Get the status of a particular command run by its ID.

curl -X GET -u 'https://<username>:<password>@<instance_name>/rest/command_run/<id>

Example response
A successful GET will return a 200 response, and a JSON formatted list with fields for id, status, start_time, end_time, command_name, and output.

{
tbd
}
Last modified on 06 November, 2024
REST Tenant   REST Feature Flag

This documentation applies to the following versions of Splunk® SOAR (Cloud): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters