For details, see:
REST administration
List all indicator_cef_filter
List all indicator_cef_filter
Response values
Field | Required | Type | Description |
cef_type | string | Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom .
| |
cef | number | The ID of the associated CEF record. | |
cef_name | string | The name of the associated CEF record. | |
apply_filter | Boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
JSON response
<div> { "count": 155, "data": [ { "cef_name": "dmac", "cef": 1, "cef_type": "default", "id": 1, "apply_filter": false }, { "cef_name": "act", "cef": 2, "cef_type": "default", "id": 2, "apply_filter": false } ], "num_pages": 16 }
Get a particular indicator_cef_filter
record by ID.
Get a particular indicator_cef_filter
record by ID.
Response values
Field | Required | Type | Description |
cef_type | string | Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom .
| |
cef | number | The ID of the associated CEF record. | |
cef_name | string | The name of the associated CEF record. | |
apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
JSON response
<div> { "cef_name": "dmac", "cef": 1, "cef_type": "default", "id": 1, "apply_filter": false }
Get a particular indicator_cef_filter
record by ID.
Request parameters
Field | Required | Type | Description |
apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
JSON request
<div> { "apply_filter": true }
Automate loading your Splunk SOAR license.
Automate loading your Splunk SOAR license.
JSON request
"license":"<license>" }
License formatting
The license must be a single line with the \n
character encoded for new lines, as in the following example:
"license":"-----------------------BEGIN LICENSE------------------------\nUVpONWpVREV1RXl5WWlvRlMrZDF4T2JYcW1mRkttSGRKZmRPZUNvYWo5bm5Q\nb3hsYWcwRkNNYTJOYUwzdm5WaVhodGZNenFzOVZaSUlWdWtJdFl2THlQU2xm\nVGlYRlRCRy95V2NlUDh1d25XUFJNK2lhNWtmNWNnNlVRR3YzU01FYU8rSWt1\nN3plcDBBSlZwNlpZcTMzMHlwSzA2OWZDUFZm ... "
Use a Custom Script | REST Aggregation Rules |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1, 6.4.0
Feedback submitted, thanks!