Solved: When trying to filter the endpoint, why replacing ...

joemaz95 · ‎08-23-2018

Using Python to access the rest api, servicesns/{user}/{app}/saved/searches endpoint does not filter by app or user
When trying to filter this endpoint, replacing the user and app fields don't seem to effect the result at all. Is there something I'm missing? I'm using the requests library in Python 3.

joemaz95 · ‎08-23-2018

Looks like the issue is that the endpoint doesn't look for what app the searches are associated with, it looks at the permissions on the searches. I've been getting the searches that are associated with the app as well as the ones that are shared globally. The workaround is to parse the search["acl"]["app"] property.

View solution in original post

joemaz95 · ‎08-23-2018

Looks like the issue is that the endpoint doesn't look for what app the searches are associated with, it looks at the permissions on the searches. I've been getting the searches that are associated with the app as well as the ones that are shared globally. The workaround is to parse the search["acl"]["app"] property.

When trying to filter the endpoint, why replacing the user and app fields don't seem to effect the result at all?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?