Splunk Enterprise Security

Splunk Enterprise Security: API 'notable_update' error - Invalid method for this endpoint

OBsecurity
Explorer

Hello!

I'm trying to query the notable_update service via api (.../services/notable_update)
and get error of - "Invalid method for this endpoint"

My user has the admin role.
I'm authenticating Splunk with SAML.

  1. I have granted 'edit_notable_events' capability both or ess_user and ess_analyst roles on Splunk Enterprise Security configuration.
  2. I have granted my user both ess_user and ess_analyst roles.

Thanks

0 Karma

ArikSiem
New Member

Your using the wrong method
Probably get instead of post ?

0 Karma

OBsecurity
Explorer

its just a simple as that -
https://:8089/services/notable_update

both web and curl

0 Karma

richgalloway
SplunkTrust
SplunkTrust

@OBsecurity If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

OBsecurity
Explorer

no problem

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...