After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Delete Records
Records can be deleted by an authorized user. This can be done by issuing an HTTP DELETE to /rest/<type>/<id>. Deletion can only be done by a user account with the correct privileges and not by a connection authenticated using a REST token. The Python requests module implements both HTTP Basic user auth as well as HTTP DELETE.
/rest/<type>/<id>
Syntax
https://<username>:<password>@<host>/rest/<type>/<id>
DELETE
Delete a record.
Example Python request
Delete container Id 42.
requests.delete('https://192.168.1.1/rest/container/42', auth=('soar_local_admin', 'password'))
Example response
A successful DELETE will return a success message.
{
"success": true
}
Example curl request
Delete the custom CEF Id 151.
curl -k -u soar_local_admin:changeme https://localhost/rest/cef/151 -X DELETE
Example response
A successful DELETE will return the success message.
{
"success": true
}
Failures will return a non-200 response code and JSON with "failed" = true and an appropriate "message".
Delete is only supported for the following record types:
- Apps (/rest/app/<id>)
- Artifacts (/rest/artifact/<id>)
- Assets (/rest/asset/<id>)
- CEF (/rest/cef/<id>)
- Containers (/rest/container/<id>)
- Container Attachments (vault files such as /rest/container_attachment/<id>)
- Custom Lists (/rest/decided_list/<id>)
- Roles (/rest/role/<id>)
- Workbooks (/rest/workbook_template/<id>)
Custom Lists can be deleted with user or token authentication. All others require user authentication.
| Bulk Create and Update Records | Get System Info |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1
Download manual
Feedback submitted, thanks!