Automation & SOAR • Room 2

Splunk REST API

Modern security relies on programmatic integration. The Splunk REST API allows external tools to trigger searches, update notable event statuses, or query data without using the UI.

Engineers use the REST API to integrate custom automation scripts directly into the Splunk backend.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

In SPL, you can query REST API endpoints directly for auditing. Write a search pulling from `rest` querying `/services/authentication/users`.

Splunk Search Bar