![]() Choose one or more roles for the new user.Use any for unrestricted access, a single IP or a single netmask. Provide a user name and fill in the Allowed IPs.From the Main Menu, select Administration.Log in to Splunk Phantom as an administrative user.This user and any other automation type users are service accounts that provide access to the REST API with customizable restrictions. Use the automation user provided in Splunk Phantom by default to acquire an authorization token. See the sample Python script below in the "Provisioning an Authorization Token" section for an example using requests with ph-auth-token in the HTTP headers.Ĭurl -u ":authToken" Provisioning an authorization token ![]() Using the token in the password field of the request with no username allows rest access without requiring a valid Splunk Phantom user. Requests.get('', auth=('admin', 'password'))Īuthentication can also be provided in the -u "username:password" įor token based authentication, the token can be provided in the URL, or ph-auth-token must be present in the HTTP headers. HTTP Basic auth for user based authentication can be easily performed by the Python requests module: Some REST API calls require user based authentication, for example, deleting records. User and token based authentication methods exist. ![]() REST API requests must be performed over HTTPS, and only authorized users and devices are allowed. The Splunk Phantom platform supports RESTful APIs in order to create, update, and selectively remove objects from the system. Using the REST API reference for Splunk Phantom
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |