Get incident investigation details ‎‎ ‎‎

POST /Command/getIncidentInvestigationDetails

Get incident investigation details.

Request

Authentication: API keys or JSON web tokens (JWT)

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`string`	Required	The username of your D3 SOAR account.
Site	`string`	Required	The D3 SOAR site to run the remote command.
Incident Numbers	`array<string>`	Required	Identify which incidents to query the investigation data
Investigation Section Names	`array<string>`	Required	Identify which section on the investigation tab to query the data. Value(s) shall be chosen from "Summary", "Finding", "Remediations" and Mitigations", or "Recommendations"

Body Sample Data

application/json

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Incident Numbers": [
      "20240202-1",
      "20240202-2"
    ],
    "Investigation Section Names": [
      "Summary",
      "Findings",
      "Remediations and Mitigations",
      "Recommendations"
    ]
  }
}

Response

200 OK

application/json

Response Fields

Field Name	Type	Description
error	`string`	The error message if the API request has failed.
returnData	`JSON Object`	The return data from the API request.

Sample Data

{
    "error": "",
    "returnData": {
        "Status": "Successful",
        "Data": [
            {
                "IncidentNo": "20240202-1",
                "Summary": {
                    "Content": "",
                    "Data": {}
                },
                "Finding": [
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Remediations and Mitigations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Recommendations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ]
            },
            {
                "IncidentNo": "20240202-2",
                "Summary": {
                    "Content": "",
                    "Data": {}
                },
                "Finding": [
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Remediations and Mitigations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Recommendations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ]
            }
        ]
    }
}

400 BadRequest

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

JSON

{"Error": "The body of the request must be a valid JSON object"}

401 Unauthorized

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

JSON

{"Error": "Invalid authentication key."}

429 TooManyRequests

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

JSON

{"Error": "The request exceeds rate limits or is otherwise blocked by rate limiting policies."}

500 InternalServerError

application/json

Response Fields

Field Name	Type	Description
Error	`string`	A error message when the API request fails.

Sample Data

JSON

{"Error": "Unexpected Error."}