Update Incident Dynamic Field Values with Event Data‎

POST /Command/UpdateIncidentDynamicFieldValuesWithEventData

Update Incident Dynamic Field Values with Event Data.

Request

Authentication: API keys or JSON web tokens (JWT)

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`string`	Required	The username of your D3 SOAR account.
Site	`string`	Required	The D3 SOAR site to run the remote command.
Event Field Names	`array<string>`	Required	Event Field Names.
Dynamic Section Name	`string`	Required	The name of the dynamic section.
Section Field Name	`string`	Required	Section Field Name.

Body Sample Data

application/json

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Event Field Names": [
      "Severity",
      "Event name",
      "Direction",
      "Device volume",
      "Source translated IP address"
    ],
    "Dynamic Section Name": "All Activities 123",
    "Section Field Name": "Text Area",
    "Incident Number": "20230206-2"
  }
}

Response

200 OK

application/json

Field Name	Type	Description
error	`string`	The error message if the API request has failed.
keyFields	`JSON Object`	The key fields from the API request.
returnData	`string`	The return data from the API request.
contextData	`JSON Object`	The context data from the API request.

JSON

{
    "error": "",
    "keyFields": {
      "IncidentNumber": "20230206-2",
      "ModifiedDate": "2/6/2023 5:39:38 PM",
      "ModifiedBy": "admin user"
    },
    "returnData": "Succeed",
    "contextData": {
        "incidentNumber": "20230206-2",
        "sectionName": "All Activities 123",
        "fieldAndValue": {
            "Text Area": "<table class='cc-table vertical-table'><tr><th>Severity</th><td>[<br>  &quot;60&quot;<br>]</td></tr><tr><th>Event name</th><td>[<br>  &quot;Bitcoin-related domain name queried by EC2 instance i-0406e39fb469745c9.&quot;,<br>  &quot;Task 40117 DT_2961 (D3MainApp.15.3) Details of 100 detections and 10 (later 100+) automation rules&quot;<br>]</td></tr><tr><th>Direction</th><td>[]</td></tr><tr><th>Device volume</th><td>[<br>  &quot;arn:aws:ec2:us-east-2:391501681688:instance/i-0406e39fb469745c9&quot;<br>]</td></tr><tr><th>Source translated IP address</th><td>[<br>  &quot;18.191.205.203, 10.10.0.116&quot;<br>]</td></tr></table>"
        },
        "modifiedDate": "2/6/2023 5:39:38 PM",
        "result": "Succeed",
        "modifiedBy": "admin user"
    }
}

401 Unauthorized

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

CODE

{"Error": "Invalid authentication key."}

429 TooManyRequests

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

CODE

{"Error": "The request exceeds rate limits or is otherwise blocked by rate limiting policies."}

500 InternalServerError

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

CODE

{"Error": "Unexpected Error."}