Splunk® Intelligence Management (Legacy)

Developer Guide

Case Management Integrations with REST API v1.3

Integrating a Case Management tool with Splunk Intelligence Management provides the ability to enrich data in Splunk Intelligence Management and then return that enriched data to the tool as well as share it with other teams in your organization. See Configuration requirements to learn about the configuration details required for all integrations.

Recommended Functionality

Case Management integrations focus on working with reports (or events). Include the following REST API v1.3 commands in your integration:

Optional Functionality

You can use these commands to add functionality for Indicators:

You can include two additional commands that support the triage of Phishing emails:

You must have the Phishing Triage feature activated in Splunk Intelligence Management to use these commands.

Last modified on 21 April, 2022
Access threat intelligence using the interfaces in Splunk Intelligence Management   Detection Integrations with REST API v1.3

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters