After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
REST Status
You can manage status using REST. Supported methods are GET, POST, and DELETE.
Statuses are grouped into three categories or types: New, Open, and Resolved. Your business processes may require additional statuses, so lets you create additional statuses in each category, up to a maximum of 30 total statuses. Additional app statuses cannot be created.
Rules for status labels:
- There must be at least one active status label for each status type, New, Open, and Resolved.
- You can have a maximum of 30 status labels.
- The labels New, Open, and Closed can be deleted, removing them from the active list. These labels cannot be renamed because they are required for backward compatibility with apps and playbooks.
- The name of a status label can consist only of the ASCII characters A-Z, a-z, numerals 0-9, dash ( - ), or underscore ( _ ).
- A status label cannot be more than 20 characters long.
A status label's JSON object includes an "id" field populated with an integer. The integer can be used in many REST API queries in place of the status label's name, such as in filtering. See Query for Data.
To maintain backwards compatibility with apps and existing playbooks, if the status labels New, Open, or Closed have been deleted, ingestion apps and the REST API can still assign the statuses New, Open, and Closed to containers.
/rest/container_status
List all status labels.
Syntax
https://<username>:<password>@<host>/rest/container_status
GET
Get a list of all status labels.
Example request
Get a list of all status labels.
curl -k -u username:password https://localhost/rest/container_status -G -X GET
Example response
A successful GET will return a 200 response, and a JSON formatted list of statuses.
{ "count": 4, "data": [ { "disabled": false, "name": "closed", "is_mutable": false, "modified_time": "2019-05-29T20:22:09.466124Z", "id": 3, "is_default": true, "create_time": "2019-05-29T20:22:09.465988Z", "order": 0, "status_type": "resolved" }, { "disabled": false, "name": "new", "is_mutable": false, "modified_time": "2019-05-29T20:22:09.464784Z", "id": 1, "is_default": true, "create_time": "2019-05-29T20:22:09.464504Z", "order": 0, "status_type": "new" }, { "disabled": false, "name": "ripe", "is_mutable": true, "modified_time": "2019-05-30T00:06:49.758771Z", "id": 6, "is_default": false, "create_time": "2019-05-30T00:06:49.756331Z", "order": 1, "status_type": "new" }, { "disabled": false, "name": "open", "is_mutable": false, "modified_time": "2019-05-29T20:22:09.465676Z", "id": 2, "is_default": true, "create_time": "2019-05-29T20:22:09.465519Z", "order": 0, "status_type": "open" } ], "num_pages": 1 }
POST
Create a new status label.
Request parameters The "System Settings Edit" permission is required to add statuses. An argument string must include the following parameters:
Field | Required | Type | Description |
---|---|---|---|
name | required | string | The name of the new status. |
status_type | required | string | One of "New", "Open", or "Resolved". |
is_default | required | bool | A status with "is_default'" set to True becomes the default status. |
Example request
You can create a new status label by supplying a JSON formatted body.
curl -k -u username:password https://localhost/rest/container_status \ -d '{ name: "fresh", status_type: "new" }'
Example response
A successful request will result in a 200 response returning the new status id and success as JSON.
{ "id": 4, "success": true }
DELETE
Delete a status label.
Example request
The "System Settings Edit" permission is required to delete statuses. Delete a status label with Id 4.
curl -k -u soar_local_admin:changeme https://localhost/rest/container_status/4 -X DELETE
Example response
A successful request will result in a 200 response returning the new status id and success as JSON.
{ "id": 4, "success": true }
For more information on APIs for containers, see Container endpoints.
/rest/app_status
List the status of apps or connectors based on the results of the "test connectivity" action.
Syntax
https://<username>:<password>@<host>/rest/app_status
GET
Get a list of all apps or connectors and their status by checking "test connectivity."
Example request
Get a list of all apps or connectors statuses.
curl -k -u username:password https://localhost/rest/app_status -G -X GET
Example response
A successful GET returns a JSON formatted list of apps or connectors statuses.
{ "count": 246, "num_pages": 25, "data": [ { "id": 5, "create_time": "2023-01-10T17:56:40.436000Z", "asset": 146, "app": 91, "status": "success", "message": "Testing asset connectivity for 'mongodb' using app 'MongoDB' For Tenant(0) : 1 action succeeded. " }, { "id": 36, "create_time": "2023-01-10T18:00:25.149000Z", "asset": 48, "app": 8, "status": "success", "message": "Testing asset connectivity for 'cloudpassagehalo' using app 'CloudPassage Halo' For Tenant(0) : " }, { "id": 3, "create_time": "2023-01-10T17:56:50.884000Z", "asset": 3, "app": 130, "status": "success", "message": "Testing asset connectivity for 'phishtank' using app 'PhishTank' For Tenant(0) : " }, { "id": 28, "create_time": "2023-01-10T18:00:26.249000Z", "asset": 33, "app": 20, "status": "success", "message": "Testing asset connectivity for 'bigquery' using app 'Big Query' For Tenant(0) : 1 action succeeded. " }, { "id": 17, "create_time": "2023-01-10T17:59:34.690000Z", "asset": 21, "app": 45, "status": "", "message": "Testing asset connectivity for 'autofocus' using app 'AutoFocus' For Tenant(0) : " }, { "id": 16, "create_time": "2023-01-10T17:59:54.297000Z", "asset": 20, "app": 44, "status": "failed", "message": "Testing asset connectivity for 'athena' using app 'AWS Athena' For Tenant(0) : 1 action failed. Test Connectivity Failed. boto3 call to Athena failed. Error string: 'An error occurred (UnrecognizedClientException) when calling the ListNamedQueries operation: The security token included in the request is invalid.'" }, { "id": 20, "create_time": "2023-01-10T18:00:06.103000Z", "asset": 24, "app": 179, "status": "failed", "message": "Testing asset connectivity for 'awssts' using app 'AWS Security Token Service' For Tenant(0) : 1 action failed. Test Connectivity Failed.. boto3 call to STS failed. Error string: 'An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.'" }, { "id": 157, "create_time": "2023-01-10T18:13:46.561000Z", "asset": 175, "app": 116, "status": "failed", "message": "Testing asset connectivity for 'postgres' using app 'PostgreSQL' For Tenant(0) : Failed to import the python connector module. For more details, ask an administrator to download the logs from Administration->System Health->Debugging. You may need to set the log level for the Action Daemon to DEBUG.. " }, { "id": 21, "create_time": "2023-01-10T18:18:44.731000Z", "asset": 26, "app": 185, "status": "failed", "message": "Testing asset connectivity for 'ssm' using app 'AWS Systems Manager' For Tenant(0) : 1 action failed. Test Connectivity Failed.. boto3 call to SSM failed. Error string: 'An error occurred (UnrecognizedClientException) when calling the ListCommands operation: The security token included in the request is invalid.'" }, { "id": 14, "create_time": "2023-01-10T18:00:12.394000Z", "asset": 16, "app": 32, "status": "success", "message": "Testing asset connectivity for 'archer' using app 'RSA Archer' For Tenant(0) : 1 action succeeded. Archer configuration test SUCCESS" } ] }
For more information on APIs for apps, see App endpoints.
REST Source Control Repository | REST System Settings |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1
Feedback submitted, thanks!