After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
REST Feature Flag
Manage a subset of features.
/rest/feature_flag
Get and manage information about features.
Syntax
https://<username>:<password>@<host>/rest/feature_flag
GET
Returns a JSON formatted list of all features and their database representations. These features support all the optional query parameters listed in Query for Data.
Example request
Get a JSON formatted list of all features and their database representations.
curl -k -u username:password https://localhost/rest/feature_flag -G -X GET
Example response
A successful GET will return the feature's data as JSON in the response body.
{ "count": 10, "num_pages": 1, "data": [ { "name": "mobile", "id": 3, "enabled": false, "immutable": false, "config": { "app_names": [ "com.splunk.mobile.Stargate", "com.splunk.mobile.Alerts", "com.splunk.mobile.ARDemo", "com.splunk.mobile.SplunkAR" ] } }, { "name": "fullstory", "id": 4, "enabled": false, "immutable": false, "config": {} }, ... ] }
/rest/feature_flag/<feature_flag_name>
GET
A successful GET will return the feature's data as JSON in the response body.
Example request
Get a JSON formatted list of all features and their database representations.
curl -k -u username:password https://localhost/rest/feature_flag/{cloud} -G -X GET
Example response
A successful GET will return the feature's data as JSON in the response body.
{ "name": "cloud", "id": 2, "enabled": true, "immutable": false, "config": { "key": true } }
POST
Turn a feature on or off, or modify its configuration.
Request parameters
Field | Required | Type | Description |
---|---|---|---|
id | optional | integer | The number id for the feature flag. |
name | optional | string | The name of the feature flag. |
enabled | optional | boolean | Whether or not the feature flag is set to on or off. Valid values are either "true" for on, or "false" for off. |
immutable | optional | boolean | Whether or not the feature flag can be changed using this API. Valid values are either "true" when the value can be changed, or "false" when the value cannot be changed by this API. |
config | optional | JSON Object | A set of key and value pairs that define the configuration of the feature. Valid values depend on the feature. Use the /rest/feature_flag/{feature_name} REST API endpoint to get the current values for a feature. |
Available feature flags
Id | Feature flag | Description |
---|---|---|
1 | mobile | Whether SOAR can be paired to the Splunk SOAR mobile app.
|
2 | telemetry | Toggles on or off sending telemetry data.
|
3 | cloud | Sets whether this is a SOAR (Cloud) or (On-premises) deployment.
|
4 | automation_broker | Controls whether SOAR is allowed to use an Automation broker to run actions. See About Splunk SOAR Automation Broker in Set Up and Manage the Splunk SOAR Automation Broker. |
5 | resource_scoring | Gain insight into how playbooks consume resources on SOAR |
6 | indicators | Toggles whether SOAR generates indicators for new artifacts. |
7 | rum | Toggles on or off RUM. RUM is a UI telemetry feature.
|
8 | fullstory | Toggles Fullstory on or off. Fullstory is a UI telemetry feature.
|
9 | multi_tenant | Allow multiple tenants per instance.
|
10 | clickable_urls | Enable users to click urls in the SOAR UI. |
11 | whitelist | If enabled, allow setting authorized users lists on containers |
12 | check_min_phantom_version | Check min phantom version when installing SOAR connectors. |
13 | prompt_responses | If enabled, prompts will display the most commonly chosen answers to each question |
14 | generate_playbook_run_report | Whether or not to generate playbook run reports |
15 | clustering | Controls whether SOAR (On Premises) is deployed as a cluster of multiple nodes.
It is better to control clustering from the user interface. See also:
|
16 | multi_condition | If enabled, allow support for multi downstream edges to the same block in VPE |
17 | cyberark_rest | If enabled, allow the use of CyberArk's credential management REST API |
18 | classic_playbook_deprecation_banner | If enabled, show users a banner at the top of most UI pages advertising the deprecation of classic playbooks |
19 | severity_inheritance | If enabled, automatically increase the severity of a container if an artifact is added to the container with a higher severity. |
20 | restrict_global_search | When enabled, restrict which database tables are queried in global searches. Defaults to on or "true", except for the playbook_run table, which is set to "false".
Additional parameter
Database table names
|
Example request
Modify a feature's configuration, or turn a feature on or off.
curl -u username:password -X POST https://localhost/rest/feature_flag/{cloud_feature_id}> -k -d '{"enabled": false}'
Example response
A successful POST will return the feature's data as JSON in the response body.
{ "name": "cloud", "data": { "id": 2, "enabled": false, "immutable": false, "config": { "key": true } } }
Example request
Change global search settings.
curl -u username:password -X POST -d '{"playbook_run": true}' https://localhost/rest/feature_flag/restrict_global_search
Example response
A successful POST will return the new global search settings in JSON in the response body.
{ "success": true, "data": { "id": 20, "name": "restrict_global_search", "enabled": true, "immutable": false, "config": { "app": true, "note": true, "asset": true, "app_run": false, "artifact": false, "playbook": true, "container": true, "action_run": false, "decided_list": true, "max_age_days": 30, "playbook_run": true, "custom_function": true, "container_comment": true, "container_attachment": true } } }
/rest/feature_flag/<feature_flag_name>/<detail>
Returns a single field of the feature flag; enabled, config, immutable, name, or id.
Example request
Returns a single field of the feature flag telemetry and whether or not it is enabled.
curl -k -u username:password https://localhost/rest/feature_flag/{telemetry}/{enabled} -G -X GET
Example response
A successful GET will return the specified feature's data as JSON in the response body.
{ "enabled": true }
REST Evidence | REST HUD |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.1, 6.2.2, 6.3.0, 6.3.1
Feedback submitted, thanks!