REST administration
/rest/indicator_cef_filter
/rest/indicator_cef_filter
List all indicator_cef_filter records.
GET
List all indicator_cef_filter records.
Response values
| Field | Required | Type | Description |
|---|---|---|---|
| cef_type | string | Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom.
| |
| cef | number | The ID of the associated CEF record. | |
| cef_name | string | The name of the associated CEF record. | |
| apply_filter | Boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON response
<div>
{
"count": 155,
"data": [
{
"cef_name": "dmac",
"cef": 1,
"cef_type": "default",
"id": 1,
"apply_filter": false
},
{
"cef_name": "act",
"cef": 2,
"cef_type": "default",
"id": 2,
"apply_filter": false
}
],
"num_pages": 16
}
/rest/indicator_cef_filter/[ID]
/rest/indicator_cef_filter/[ID]
Get a particular indicator_cef_filter record by ID.
GET
Get a particular indicator_cef_filter record by ID.
Response values
| Field | Required | Type | Description |
|---|---|---|---|
| cef_type | string | Whether or not the CEF record is created by Splunk SOAR or the customer. The possible CEF types are default or custom.
| |
| cef | number | The ID of the associated CEF record. | |
| cef_name | string | The name of the associated CEF record. | |
| apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON response
<div>
{
"cef_name": "dmac",
"cef": 1,
"cef_type": "default",
"id": 1,
"apply_filter": false
}
POST
Get a particular indicator_cef_filter record by ID.
Request parameters
| Field | Required | Type | Description |
|---|---|---|---|
| apply_filter | boolean | Returns true if the associated CEF record will be filtered out during indicator creation.
|
JSON request
<div>
{
"apply_filter": true
}
/rest/license
/rest/license
Automate loading your Splunk SOAR license.
POST
Automate loading your Splunk SOAR license.
JSON request
"license":"<license>"
}
License formatting
The license must be a single line with the \n character encoded for new lines, as in the following example:
"license":"-----------------------BEGIN LICENSE------------------------\nUVpONWpVREV1RXl5WWlvRlMrZDF4T2JYcW1mRkttSGRKZmRPZUNvYWo5bm5Q\nb3hsYWcwRkNNYTJOYUwzdm5WaVhodGZNenFzOVZaSUlWdWtJdFl2THlQU2xm\nVGlYRlRCRy95V2NlUDh1d25XUFJNK2lhNWtmNWNnNlVRR3YzU01FYU8rSWt1\nN3plcDBBSlZwNlpZcTMzMHlwSzA2OWZDUFZm ... "