Solved: Is there a way to edit note in a container via the...

ansir · ‎11-11-2022

Is there a way to edit note in a container via the api?

if not is there any plan to expose this api in the future?

phanTom · ‎11-11-2022

@ansir

{"content": "<updated_note_content>"}

Then POST back to the /rest/note/<id> and it will update. I just tested it using POSTMAN and it worked as expected. If you don't get the original then it will overwrite to be aware of that.

-- If this resolved your issue please mark as a solution! Happy SOARing! --

View solution in original post

phanTom · ‎11-11-2022

@ansir

{"content": "<updated_note_content>"}

Then POST back to the /rest/note/<id> and it will update. I just tested it using POSTMAN and it worked as expected. If you don't get the original then it will overwrite to be aware of that.

-- If this resolved your issue please mark as a solution! Happy SOARing! --

phanTom · ‎11-11-2022

@ansir

To edit a note in the automation you would need to use REST to get the note id and content, update the content and post back to /rest/note/<id> and that should update the note.

This is probably best in a custom function.

Docs on note endpoint: https://docs.splunk.com/Documentation/SOARonprem/5.4.0/PlatformAPI/RESTNotes

Docs on using APIs for REST Calls: https://docs.splunk.com/Documentation/SOARonprem/5.4.0/PlaybookAPI/SessionAPI

ansir · ‎11-11-2022

Thanks for the replay,

can you provide an example of what the body of the post request that updates the note look like?

Is there a way to edit note in a container via the api?

using SOAR ⁄ Phantom

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector