Other endpoints support migrating the Company whitelist to a Safelist library, retrieve a Safelist library by its GUID, parse terms from a chunk of text, and get the list of summaries for the Safelist libraries for your organization.Įndpoints to search for Indicators and update tags.Įndpoints to get observables in a submission, search for observables, and remove or add tags to an observable.Įndpoints for submissions (Intelligence Sources, Events, or Indicators) that you can use to get status, search, redact text, or alter tags.Įndpoints to create, update, upsert, find, or delete Events.Įndpoints to create, update, upsert, find, or delete Indicators.Įndpoints to create, update, upsert, find, or delete Intelligence.Įndpoints that support Intel Workflow functionality. For more information about working with the framework, see Notable Event framework in. The Notable Event framework provides a way to identify noteworthy incidents from events and then manage the ownership, triage process, and state of those incidents. Gets a list of Enclaves that the user has permissions to access.Įndpoints to create a new Safelist library, add or delete entries, and delete a Safelist library. Access the Notable Event framework in Splunk Enterprise Security. The API provides endpoints for these functional areas of the Splunk Intelligence Management platform:Įndpoints for Authentication (API Key and API Secret). Splunk Cloud has a different host and management port syntax than Splunk Enterprise. For more information about specifying a namespace, see Namespace in the REST API User Manual. See Splunk Intelligence Management Python SDK to interact with the Splunk Intelligence Management Rest API from within any Python program. Typically, knowledge objects, such as saved searches or event types, have an app/user context that is the namespace.Some endpoints can be used for any Submission, while other endpoints are specific to one type of Submission, for example, Submission Event endpoints. Introduces the term Submission to cover Intelligence Sources, Events, and Indicators.The search results are more than 10k and API call returning only few results. Version 2.0 introduces some changes from previous versions of the Splunk Intelligence Management REST API: Hi Splunkers I'm working with a team where they have to access to one of the saved search results through Splunk API. See also f The Remotely querying Splunk's REST API for unique page views recipe f The Creating a Python. Queries to the API must be authenticated with a PassiveTotal API key. All API access is over HTTPS, and all data is transmitted securely in JSON format. The RiskIQ Community API follows much of the best practices and guidelines for REST APIs. I have a saved search called usernameSearch and want to execute it synchronously using Splunks REST API. I know this question has been asked a few times but none of the answers seem to work for me. The Splunk Intelligence Management REST API enables you to easily synchronize report information available in Splunk Intelligence Management with the monitoring tools and analysis workflows you use in your infrastructure. How to execute a saved search using Splunks REST API subhashishfid.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |