Security & the Enterprise
Much secured. So patch!
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Send notable event variables to external REST API.

deovratdeshmukh
Loves-to-Learn
‎08-14-2020 06:38 AM

I want to send parameters from ES notable events to external SOAR (not Phantom) REST. Is there any addon available or the addon has to be developed. If addon needs to be developed, if there is any readily available framework to develop it quickly.

0 Karma

anm_mporter
Explorer
‎08-31-2020 07:22 AM

Does your SOAR REST API accept a simple POST? Perhaps with an authtoken in the URL? then you can use the Webhook alert action to POST the results of a search to that url

 

Otherwise you are looking at a custom alert action. 

0 Karma
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top