Solved: Is there a way to get all Custom Lists with phanto...

GeorgeOrwell · ‎07-11-2022

I'm looking for a way to collect all custom lists. While I can do so individually for every Custom List with `phantom.get_list()` I still need to have their names to make use of this function. So, is there a way to get all Custom Lists names, or Custom Lists' contents?
As a workaround I tried making request to "/rest/decided_list", but it doesn't return everything that is accessible through phantom itself.

phanTom · ‎07-11-2022

@GeorgeOrwell are you adding any page_size argument to the REST call??

decided_list is the right endpoint for ALL lists on the platform but REST calls usually have a page limit.

Try:

/rest/decided_list?page_size=0

Here is the docs for all the query items you can use for REST:
https://docs.splunk.com/Documentation/SOARonprem/5.3.2/PlatformAPI/RESTQueryData

View solution in original post

phanTom · ‎07-11-2022

@GeorgeOrwell are you adding any page_size argument to the REST call??

decided_list is the right endpoint for ALL lists on the platform but REST calls usually have a page limit.

Try:

/rest/decided_list?page_size=0

Here is the docs for all the query items you can use for REST:
https://docs.splunk.com/Documentation/SOARonprem/5.3.2/PlatformAPI/RESTQueryData

Is there a way to get all Custom Lists with phantom api?

development

troubleshooting

using SOAR ⁄ Phantom

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector