Splunk SOAR (f.k.a. Phantom)

Is there a way to edit note in a container via the api?

ansir
Explorer

Is there a way to edit note in a container via the api?

if not is there any plan to expose this api in the future?

Labels (1)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@ansir 

{"content": "<updated_note_content>"}

Then POST back to the /rest/note/<id> and it will update. I just tested it using POSTMAN and it worked as expected. If you don't get the original then it will overwrite to be aware of that. 

-- If this resolved your issue please mark as a solution! Happy SOARing! --

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@ansir 

{"content": "<updated_note_content>"}

Then POST back to the /rest/note/<id> and it will update. I just tested it using POSTMAN and it worked as expected. If you don't get the original then it will overwrite to be aware of that. 

-- If this resolved your issue please mark as a solution! Happy SOARing! --

0 Karma

phanTom
SplunkTrust
SplunkTrust

@ansir 

To edit a note in the automation you would need to use REST to get the note id and content, update the content and post back to /rest/note/<id> and that should update the note. 

This is probably best in a custom function.

Docs on note endpoint: https://docs.splunk.com/Documentation/SOARonprem/5.4.0/PlatformAPI/RESTNotes 

Docs on using APIs for REST Calls: https://docs.splunk.com/Documentation/SOARonprem/5.4.0/PlaybookAPI/SessionAPI 

0 Karma

ansir
Explorer

Thanks for the replay, 

can you provide an example of what the body of the post request that updates the note look like?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...