Splunk

Splunk Enterprise Security API

The Splunk Enterprise Security API provides REST endpoints for accessing and modifying findings, investigations, risk scores, assets, and identities in Splunk Enterprise Security. It includes an OpenAPI specification for download.

GitHub

Documentation

📖
Documentation
https://help.splunk.com/en/splunk-enterprise-security-8/api-reference
📖
APIReference
https://help.splunk.com/en/splunk-enterprise-security-8/rest-api-reference
📖
GettingStarted
https://dev.splunk.com/enterprise/docs/devtools/enterprisesecurity
📖
APIReference
Threat Intelligence API
📖
Documentation
Threat Intelligence Framework

API entry from apis.yml

apis.yml Raw ↑ 
aid: splunk:splunk-enterprise-security-api
name: Splunk Enterprise Security API
description: The Splunk Enterprise Security API provides REST endpoints for accessing and modifying findings,
  investigations, risk scores, assets, and identities in Splunk Enterprise Security. It includes an OpenAPI
  specification for download.
humanURL: https://help.splunk.com/en/splunk-enterprise-security-8/api-reference
tags:
- Enterprise Security
- Findings
- Investigations
- Security
- SIEM
properties:
- type: Documentation
  url: https://help.splunk.com/en/splunk-enterprise-security-8/api-reference
- type: APIReference
  url: https://help.splunk.com/en/splunk-enterprise-security-8/rest-api-reference
- type: GettingStarted
  url: https://dev.splunk.com/enterprise/docs/devtools/enterprisesecurity
- type: APIReference
  url: https://help.splunk.com/en/splunk-enterprise-security-8/rest-api-reference/8.0/threat-intelligence-endpoints/threat-intelligence-api-reference
  title: Threat Intelligence API
- type: Documentation
  url: https://dev.splunk.com/enterprise/docs/devtools/enterprisesecurity/threatintelligenceframework/
  title: Threat Intelligence Framework