Question 71 - SPLK-2003 discussion

Django filter queries in Splunk SOAR are performed by appending filter parameters directly to the REST API URL. This allows users to refine their search and retrieve specific data. For example, to filter containers by tags containing the word 'sumo', the following URL structure would be used: https://<PHANTOM_URL>/rest/container?_filter_tags_contains='sumo'. This format enables users to construct dynamic queries that can filter results based on specified criteria within the Django framework used by Splunk SOAR.

The correct way to perform a Django filter query in Splunk SOAR is to add parameters to the URL similar to the following: phantom/rest/container?_filter_tags_contains=''sumo''. This will return a list of containers that have the tag ''sumo'' in them. You can use various operators and fields to filter the results according to your needs. For more details, see Query for Data and Use filters in your Splunk SOAR (Cloud) playbook to specify a subset of artifacts before further processing. The other options are either incorrect or irrelevant for this question. For example:

* phantom/rest/search/app/contains/''sumo'' is not a valid URL for a Django filter query. It will return an error message saying ''Invalid endpoint''.

* There is no Django Filter Query Editor in the Administration panel of Splunk SOAR. You can use the REST API Tester to test your queries, but not to edit them.

* There is no SOAR Django App that needs to be installed or configured for performing Django filter queries. Splunk SOAR uses the Django framework internally, but you do not need to install or use any additional apps for this purpose.