Used to locate group data in the SAML assertion, treated as a mapping object, e.g. Not required only if the FQDN has been set in Company Settings.įlag indicating if SSL is required (defaults to FALSE). Users will be redirected here for login when using SAML2.īase URL for the Phantom instance. Answer: Splunk IT Service Intelligence is used for monitoring the health of IT. URL used to gain user consent/authorization from the identity provider. Answer: The Splunk REST API allows you to interact with Splunk data and. This reference describes Splunk IT Service Intelligence (ITSI) REST API endpoints exposed via the splunkd management port 8089. This is used for out-of-band configuration. The XML containing the SAML provider metadata. This is the preferred method of obtaining provider metadata since it should always be up-to-date. The issuer ID (URI) given by your provider SAML2 providers are modified with the following keys. The "group" key should contain the name of the LDAP group that translates to the Phantom group The "role" key should contain the numeric ID of the Phantom role. I've managed to do make some of the options work - like enabling and disabling services, but I'm stuck on creating maintenance windows. Use maintenance mode for services and entities Understand the ITSI REST. The "external_attr" key should contain the name of the LDAP attribute used to populate the django attribute.Įach entry of the array should contain two key-value pairs. 09-14-2020 03:01 AM Have being trying out jkat54 's Web tool add-on to do some maintenance on ITSI objects with the ITSI REST api. Splunk ISI Training Get advice now & book a course Course duration: 4. To see a list of available endpoints and operations for accessing, creating, updating, or deleting resources, see the REST API Reference Manual.
#SPLUNK ITSI MAINTENANCE REST API SOFTWARE#
The "django_attr" key should have one of the following values. The Splunk platform REST API gives you access to the same information and functionality available to core system software and Splunk Web. Requires the test_username to be set.Įach entry of the array should contain two key-value pairs. Used to verify the test_username is in the expected group. Username for testing LDAP access and queries. The Splunk platform authorization allows you to add users, assign users to roles, and assign those roles custom capabilities to provide granular, role-based access control for your organization. Required if using Cyberark as a credential manager. Splunk IT Service Intelligence (ITSI) uses the access control system integrated with the Splunk platform. Identifies the Safe that contains the credentails in Cyberark. Similarly to Splunk Enterprise, it is available on.
#SPLUNK ITSI MAINTENANCE REST API PASSWORD#
Path for identifying the password in the credential manager. Manage Splunkbase apps Enable private connectivity View maintenance windows Manage restarts. Key for identifying the password in the credential manager. Required if not using a credential manager to store your password.įlag indicating if the service account password should be retrieved from the credential manager. The password for the service account used to query the provider. If set to true, will only connect using ldaps. Username for the service account used to query the provider. ID of the provider, this should be a GUID-like entry.įlag indicating if the provider is enabled. Type of provider, should match the section.
The name of the provider configuration entry. LDAP providers are modified with the following keys. Type should match the name of the section. Partial updates are not supported.Įach section is modified with the following keys at the top level.įlag indicating if this section is enabled (applies to all of each ldap/saml2/openid sections).Īn array of the provider configurations. The entirety of "auth_settings" must be submitted in a single post. Possible keys are:Ī complex data structure containing all authentication providers. Key-value pairs indicating which audit trail sections should be enabled. My advice to anyone looking into implementing the solution is to have a clear picture of the integration process and the timeline and have internal and technical capabilities, so you can address any breakdown that could happen while setting up Splunk IT Service Intelligence (ITSI).Īs Splunk IT Service Intelligence (ITSI) has value and potential, I'd rate it eight out of ten.Audit trail settings and authentication providers are modified with the following parameters. There's no plan to increase the usage of Splunk IT Service Intelligence (ITSI), and there won't be for a long time because what my company has right now fits the budget and spending.
I don't remember the Splunk IT Service Intelligence (ITSI) version, but my company signed up for it in June, so it should be the latest version.įive people use Splunk IT Service Intelligence (ITSI) within the company, and the same people take care of the deployment and maintenance of the solution. I'm into IT service intelligence or products focusing on monitoring and understanding systems, such as Splunk IT Service Intelligence (ITSI).
0 kommentar(er)
