Admin: This is the default admin account and cannot be disabled or deleted.On a new Splunk Phantom instance, the following default users are available: From the main menu, select Administration.Perform the following steps to access the Users page: Cannot be used on assets that perform ingestion.View the Users page to see the users configured on your Splunk Phantom instance, add new users, or edit existing users. At least one asset owner must be selected for actions to succeed if this feature is used. This can be used for sensitive asset credentials. These configuration parameters will not be stored in the database and must be provided each time actions are run by an asset owner or the action will fail. Keys in this object are the names of configuration parameters. This key should reside under "configuration".
passing an empty list will remove all tenants from an asset for which the user has permission to edit. Tenants will only be added or removed based on the acting user's permissions, i.e. Only one tenant is allowed on ingestion assets, trying to add more will return an error. : indicates users in role 7 and user 6 areĬontains the list of tenant IDs which are to be associated with this asset. : indicates users in role 7 are approved to A star may be used in place of action name, users, or roles to indicate all. A simple string can also be used for a single tag.Ī dictionary object which contains actions and who is whitelisted to run the action. Use null to poll immediately.Ġ or more tags associated with the asset. Use 0 to require all votes.įirst poll time as seconds since epoch UTC. Number of "approve" votes required for action to be executed for secondary users.
#Splunk phantom rest api windows
Example: If this asset refers to a Windows Server 2008 machine and an App supports a product_vendor of "Windows" then that is the correct value.Ĭontains the list of user IDs which are the secondary (backup) owners of this asset. Must match the product_vendor provided by one or more Apps. Name of the vendor of the product which this asset describes. Example: If this asset refers to a Windows Server 2008 machine and an App supports a product_name of "Server 2008" then that is the correct value. Must match the product_name provided by one or more Apps. Name of the product which this asset describes. Number of "approve" votes required for action to be executed. Used when invoking an action on this asset.Ĭontains the list of user IDs which are the primary owners of this asset. Not specified or null for assets that do not poll. Polling frequency for new containers/artifacts in minutes. For example, using "incident" here will allow you to find the container by going to Home -> Incidents. This will determine where the container will be found from the main menu. Label for containers created by this asset. See individual App documentation for more information. Required and optional values are defined by Apps which support this asset.
An argument string must include the following fields: name, product_name, product_vendor.Īn argument string must include the following fields for polling: name, product_name, product_vendor, container_label, interval_mins, poll, start_time_epoch_utc.
0 kommentar(er)
