Skip to main content
Skip table of contents

GitHub

LAST UPDATED: 01/25/2024

Overview

GitHub API.

D3 SOAR is providing REST operations to function with GitHub.

GitHub is available for use in:

D3 SOAR

V12.7.241+

Category

DevOps

Deployment Options

Option II, Option IV

Known Limitations

Unauthenticated clients

60 requests per hour

GitHub.com

Minimum 5,000 requests per hour. Installations that have more than 20 repositories receive another 50 requests per hour for each repository. The maximum rate limit for an installation is 12,500 requests per hour.

GitHub Enterprise Cloud

15,000 requests per hour

Please refer to Rate limits for GitHub Apps for detailed information.

Connection

To connect to GitHub from D3 SOAR, please follow this part to collect the required information below:

Parameter

Description

Example

Server URL

The server URL of the Github API.

https://api.github.com

Username

The user name to authenticate the connection.

d*********!

Authorization Token

The authorization token to authenticate the connection.

gho_**********-****-****Iz0kc81V

Permission Requirements

Each endpoint in the GitHub API requires a certain permission scope. The following are required scopes for the commands in this integration:

Command

Required Permission

Checkin File

public_repo: Access public repositories (under repo section)

Create Branch

public_repo: Access public repositories (under repo section)

Create Comment

public_repo: Access public repositories (under repo section)

Create Issue

public_repo: Access public repositories (under repo section)

Delete Branch

public_repo: Access public repositories (under repo section)

Get Latest File

No scope needed

List Issues

No scope needed

Search Issues

No scope needed

Update Issue

public_repo: Access public repositories (under repo section)

Configuring GitHub to Work with D3 SOAR

  1. Log in to Github (https://github.com/login).

  2. Once logged in, locate the profile icon at the top right corner and select Settings from the dropdown menu.

  3. In the Settings menu, navigate to the bottom of the left sidebar and select Developer settings.

  4. On the left side menu, click Personal access tokens on the left.

  5. At the top right corner of the Personal access tokens page, click on the Generate new token button. Ensure to select the classic option.

  6. Enter a descriptive note for the token then select an expiration date for the token. Enable the required scopes as outlined in the Permission Requirements section. Finally, click Generate Token.

  7. Copy and store the generated access token in a secure location. It will be used to establish a connection between Github and D3 SOAR.

Configuring D3 SOAR to Work with GitHub

  1. Log in to D3 SOAR.

  2. Find the GitHub integration.

a. Navigate to Configuration on the top header menu.

b. Click on the Integration icon on the left sidebar.

c. Type GitHub in the search box to find the integration, then click it to select it.

d. Click + Connection, on the right side of the Connections section. A new connection window will appear.

  1. Configure the following fields to create a connection to GitHub.

a. Connection Name: The desired name for the connection.

b. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

c. Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.

d. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

e. Description (Optional): Add your desired description for the connection.

f. Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.

g. Configure User Permissions: Defines which users have access to the connection.

h. Active: Check the tick box to ensure the connection is available for use.

i. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

1. Input the Server URL. The default value is https://api.github.com.

2. Input your Username.

3. Input the Authorization Token. Refer to step 7 of Configuring GitHub to Work with D3 SOAR for more details.

j. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.

  1. Test the connection.

a. Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.

b. Click OK to close the alert window.

c. Click + Add to create and add the configured connection.

Commands

GitHub includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the GitHub API, please refer to the GitHub API reference.

READER NOTE

Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring GitHub to Work with D3 SOAR for details.

Checkin File

Creates a new file or replaces the content of an existing file in a repository.

READER NOTE

The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public , as choosing a private one will result in a 404 not found error.

Input

Input Parameter

Required/Optional

Description

Example

Repository Name

Required

The name of the repository to check in a file.

******-***-*******-***-*****

Path

Required

The file path or directory to check in the file. If the path exists, the file content will be updated. If the path does not exist, a new path will be created and a new file will be checked in.

*******

Message

Required

The commit message.

************

Content

Required

The new file content.

************

Branch

Optional

The name of the branch to check in the file. The repository's default branch (typically main) is used by default.

****

Committer Name

Optional

The name of the author or committer. If this parameter is not defined, the default committer is the authenticated user.

*****

Committer Email

Optional

The email address of the author or committer. If this parameter is not defined, the default value is the email address of the authenticated user.

******@**********.***

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "content": {
        "name": "*******",
        "path": "*******",
        "sha": "****************************************",
        "size": 12,
        "url": "https://***.github.com/*****/********/******-***-*******-***-****/********/****************",
        "html_url": "https://github.com/********/******-***-*******-***-*****/****/****/*******",
        "git_url": "https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/****************************************",
        "download_url": "https://***.githubusercontent.com/********/******-***-*******-***-*****/****/*******?*****=*****************************",
        "type": "file",
        "_links": {
            "self": "https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=****",
            "git": "https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/****************************************",
            "html": "https://github.com/********/******-***-*******-***-*****/****/****/*******"
        }
    },
    "commit": {
        "sha": "****************************************",
        "node_id": "*********************************************************************",
        "url": "https://***.github.com/*****/********/******-***-*******-***-*****/***/*******/****************************************",
        "html_url": "https://github.com/********/******-***-*******-***-*****/*******/****************************************",
        "author": {
            "name": "*****",
            "email": "******@**********.***",
            "date": "2022-02-25T21:53:32Z"
        },
        "committer": {
            "name": "*****",
            "email": "******@**********.***",
            "date": "2022-02-25T21:53:32Z"
        },
        "tree": {
            "sha": "****************************************",
            "url": "https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/****************************************"
        },
        "message": "************",
        "parents": [
            {
                "sha": "****************************************",
                "url": "https://***.github.com/*****/********/******-***-*******-***-*****/***/******/****************************************",
                "html_url": "https://github.com/********/******-***-*******-***-*****/******/****************************************"
            }
        ],
        "verification": {
            "verified": false,
            "reason": "unsigned",
            "signature": null,
            "payload": null
        }
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "FileSHA": "****************************************", 
    "Type": "file"
}
Return Data

Indicates one of the possible command execution states: Successful, or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

content

{'name': '*******', 'path': '*******', 'sha': '****************************************', 'size': 12, 'url': 'https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=**** ', 'html_url': 'https://github.com/********/******-***-*******-***-*****/****/****/******* ', 'git_url': 'https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/**************************************** ', 'download_url': 'https://***.githubusercontent.com/********/******-***-*******-***-*****/****/*******?*****=*****************************', 'type': 'file', '_links': {'self': 'https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=**** ', 'git': 'https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/**************************************** ', 'html': 'https://github.com/********/******-***-*******-***-*****/****/****/******* '}}

commit

{'sha': '****************************************', 'node_id': '*********************************************************************', 'url': 'https://***.github.com/*****/********/******-***-*******-***-*****/***/******/**************************************** ', 'html_url': 'https://github.com/********/******-***-*******-***-*****/******/**************************************** ', 'author': {'name': '*****', 'email': '******@**********.***', 'date': '2022-02-25T21:53:32Z'}, 'committer': {'name': '*****', 'email': '******@**********.***', 'date': '2022-02-25T21:53:32Z'}, 'tree': {'sha': '****************************************', 'url': 'https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/**************************************** '}, 'message': '************', 'parents': [{'sha': '****************************************', 'url': 'https://***.github.com/*****/********/******-***-*******-***-*****/***/******/**************************************** ', 'html_url': 'https://github.com/********/******-***-*******-***-*****/******/**************************************** '}], 'verification': {'verified': False, 'reason': 'unsigned', 'signature': None, 'payload': None}}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Checkin File failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Not Found.

Error Sample Data

Checkin File failed.

Status Code: 404.

Message: Not Found.

Create Branch

Creates a new branch.

READER NOTE

The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public repository, as choosing a private one will result in a 404 not found error.

Input

Input Parameter

Required/Optional

Description

Example

Repository

Required

The repository to create a new branch.

*******

Branch Name

Required

The name of the new branch.

***

Commit SHA

Required

The SHA of the commit to create the branch from.

****************************************

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

JSON
{
    "ref": "****/*****/***",
    "node_id": "****************************************",
    "url": "https://***.github.com/*****/********/*******/***/****/*****/***",
    "object": {
        "sha": "****************************************",
        "type": "commit",
        "url": "https://***.github.com/*****/********/*******/***/******/****************************************"
    }
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "ref": "****/*****/***",
    "node_id": "****************************************",
    "url": "https://***.github.com/*****/********/*******/***/****/*****/***",
    "object": {
        "sha": "****************************************",
        "type": "commit",
        "url": "https://***.github.com/*****/********/*******/***/******/****************************************"
    }
}
Key Fields

Raw Data

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "Ref": "****/*****/***",
    "Url": "https://***.github.com/*****/********/*******/***/****/*****/***"
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

ref

****/*****/***

node_id

****************************************

url

https://***.github.com/*****/********/*******/***/****/*****/***

object

{

"sha": "****************************************",

"type": "commit",

"url": "https://***.github.com/*****/********/*******/***/******/**************************************** "

}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Branch failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 422.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unprocessable Entity.

Error Sample Data

Create Branch failed.

Status Code: 422.

Message: Unprocessable Entity.

Create Comment

Creates a new comment in a repository.

READER NOTE

Repository and Issue Number are required parameters to run this command.

  • The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public repository, as choosing a private one will result in a 404 not found error.

  • Run the List Issues command to obtain the Issue Number. Issue Number can be found in the returned raw data at the path $.number.

  • Ensure that the issue number corresponds to the repository you enter. It is recommended to first run the List Issues command. From the response data, locate the specific issue you wish to update, and use this repository-issue pair to run the command.

Input

Input Parameter

Required/Optional

Description

Example

Repository

Required

The repository to create a new comment.

*******

Issue Number

Required

The number of the issue to create a comment.

1

Body

Required

The contents of the comment.

******

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

AUTOIT
{
    "url": "https://***.github.com/*****/********/*******/******/********/*********",
    "html_url": "https://github.com/********/*******/******/*#*************-*********",
    "issue_url": "https://***.github.com/*****/********/*******/******/*",
    "id": *********,
    "node_id": "************************************",
    "user": {
        "login": "********",
        "id": ********,
        "node_id": "********************",
        "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
        "gravatar_id": "",
        "url": "https://***.github.com/*****/********",
        "html_url": "https://github.com/********",
        "followers_url": "https://***.github.com/*****/********/*********",
        "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
        "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
        "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
        "subscriptions_url": "https://***.github.com/*****/********/*************",
        "organizations_url": "https://***.github.com/*****/********/****",
        "*****_url": "https://***.github.com/*****/********/*****",
        "events_url": "https://***.github.com/*****/********/******{/*******}",
        "received_events_url": "https://***.github.com/*****/********/********_******",
        "type": "User",
        "site_admin": false
    },
    "created_at": "2020-07-29T07:25:37Z",
    "updated_at": "2020-07-29T07:25:37Z",
    "author_association": "OWNER",
    "body": "******",
    "performed_via_github_app": null
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "url": "https://***.github.com/*****/********/*******/******/********/*********",
    "html_url": "https://github.com/********/*******/******/*#*************-*********",
    "issue_url": "https://***.github.com/*****/********/*******/******/*",
    "id": *********,
    "node_id": "************************************",
    "user": {
        "login": "********",
        "id": ********,
        "node_id": "********************",
        "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
        "gravatar_id": "",
        "url": "https://***.github.com/*****/********",
        "html_url": "https://github.com/********",
        "followers_url": "https://***.github.com/*****/********/*********",
        "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
        "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
        "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
        "subscriptions_url": "https://***.github.com/*****/********/*************",
        "organizations_url": "https://***.github.com/*****/********/****",
        "*****_url": "https://***.github.com/*****/********/*****",
        "events_url": "https://***.github.com/*****/********/******{/*******}",
        "received_events_url": "https://***.github.com/*****/********/********_******",
        "type": "User",
        "site_admin": false
    },
    "created_at": "2020-07-29T07:25:37Z",
    "updated_at": "2020-07-29T07:25:37Z",
    "author_association": "OWNER",
    "body": "******",
    "performed_via_github_app": null
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "ID": "*********",
    "UrlList": "https://***.github.com/*****/********/*******/******/********/*********"
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

url

https://***.github.com/*****/********/*******/******/********/*********

html_url

https://github.com/********/*******/******/*#*************-*********

issue_url

https://***.github.com/*****/********/*******/******/*

id

*********

node_id

************************************

user

{

"login": "********",

"id": ********,

"node_id": "********************",

"avatar_url": "https://********.githubusercontent.com/*/********?*=*",

"gravatar_id": "",

"url": "https://***.github.com/*****/******** ",

"html_url": "https://github.com/******** ",

"followers_url": "https://***.github.com/*****/********/********* ",

"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",

"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",

"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",

"subscriptions_url": "https://***.github.com/*****/********/************* ",

"organizations_url": "https://***.github.com/*****/********/**** ",

"*****_url": "https://***.github.com/*****/********/***** ",

"events_url": "https://***.github.com/*****/********/******{/*******} ",

"received_events_url": "https://***.github.com/*****/********/********_****** ",

"type": "User",

"site_admin": false

}

created_at

7/29/2020 7:25:37 AM

updated_at

7/29/2020 7:25:37 AM

author_association

OWNER

body

******

performed_via_github_app

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Comment failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Must have admin rights to repository.

Error Sample Data

Create Comment failed.

Status Code: 403.

Message: Must have admin rights to repository.

Create Issue

Creates an issue in a repository.

READER NOTE

The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public repository, as choosing a private one will result in a 404 not found error.

Input

Input Parameter

Required/Optional

Description

Example

Repository

Required

The name of the repository to create an issue.

*******

Title

Required

The title of the issue.

*********

Body

Optional

The contents of the issue.

0.0

Labels

Optional

The labels to associate with this issue.

["labelA"]

Assignee

Optional

The assignee of the issue.

["********"]

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "url": "https://***.github.com/*****/********/*******/******/*",
    "repository_url": "https://***.github.com/*****/********/*******",
    "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
    "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
    "events_url": "https://***.github.com/*****/********/*******/******/*/******",
    "html_url": "https://github.com/********/*******/******/*",
    "id": *********,
    "node_id": "************************",
    "number": 5,
    "title": "*********",
    "user": {
        "login": "********",
        "id": ********,
        "node_id": "********************",
        "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
        "gravatar_id": "",
        "url": "https://***.github.com/*****/********",
        "html_url": "https://github.com/********",
        "followers_url": "https://***.github.com/*****/********/*********",
        "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
        "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
        "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
        "subscriptions_url": "https://***.github.com/*****/********/*************",
        "organizations_url": "https://***.github.com/*****/********/****",
        "*****_url": "https://***.github.com/*****/********/*****",
        "events_url": "https://***.github.com/*****/********/******{/*******}",
        "received_events_url": "https://***.github.com/*****/********/********_******",
        "type": "User",
        "site_admin": false
    },
    "labels": [],
    "state": "open",
    "locked": false,
    "assignee": null,
    "assignees": [],
    "milestone": null,
    "comments": 0,
    "created_at": "2020-07-28T22:39:46Z",
    "updated_at": "2020-07-28T22:39:46Z",
    "closed_at": null,
    "author_association": "OWNER",
    "active_lock_reason": null,
    "body": "0.0",
    "closed_by": null,
    "performed_via_github_app": null
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "url": "https://***.github.com/*****/********/*******/******/*",
    "repository_url": "https://***.github.com/*****/********/*******",
    "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
    "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
    "events_url": "https://***.github.com/*****/********/*******/******/*/******",
    "html_url": "https://github.com/********/*******/******/*",
    "id": *********,
    "node_id": "************************",
    "number": 5,
    "title": "*********",
    "user": {
        "login": "********",
        "id": ********,
        "node_id": "********************",
        "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
        "gravatar_id": "",
        "url": "https://***.github.com/*****/********",
        "html_url": "https://github.com/********",
        "followers_url": "https://***.github.com/*****/********/*********",
        "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
        "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
        "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
        "subscriptions_url": "https://***.github.com/*****/********/*************",
        "organizations_url": "https://***.github.com/*****/********/****",
        "*****_url": "https://***.github.com/*****/********/*****",
        "events_url": "https://***.github.com/*****/********/******{/*******}",
        "received_events_url": "https://***.github.com/*****/********/********_******",
        "type": "User",
        "site_admin": false
    },
    "labels": [],
    "state": "open",
    "locked": false,
    "assignee": null,
    "assignees": [],
    "milestone": null,
    "comments": 0,
    "created_at": "2020-07-28T22:39:46Z",
    "updated_at": "2020-07-28T22:39:46Z",
    "closed_at": null,
    "author_association": "OWNER",
    "active_lock_reason": null,
    "body": "0.0",
    "closed_by": null,
    "performed_via_github_app": null
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "IssueNumber": "5",
    "Url": "https://***.github.com/*****/********/*******/***/****/*****/***",
    "Title": "********"
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

url

https://***.github.com/*****/********/*******/******/*

repository_url

https://***.github.com/*****/********/*******

labels_url

https://***.github.com/*****/********/*******/******/*/******{/****}

comments_url

https://***.github.com/*****/********/*******/******/*/********

events_url

https://***.github.com/*****/********/*******/******/*/******

html_url

https://github.com/********/*******/******/*

id

*********

node_id

************************

number

5

title

IssueBBB

user

{

"login": "********",

"id": ********,

"node_id": "********************",

"avatar_url": "https://********.githubusercontent.com/*/********?*=*",

"gravatar_id": "",

"url": "https://***.github.com/*****/******** ",

"html_url": "https://github.com/******** ",

"followers_url": "https://***.github.com/*****/********/********* ",

"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",

"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",

"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",

"subscriptions_url": "https://***.github.com/*****/********/************* ",

"organizations_url": "https://***.github.com/*****/********/**** ",

"*****_url": "https://***.github.com/*****/********/***** ",

"events_url": "https://***.github.com/*****/********/******{/*******} ",

"received_events_url": "https://***.github.com/*****/********/********_****** ",

"type": "User",

"site_admin": false

}

labels

state

open

locked

False

assignee

assignees

milestone

comments

0

created_at

7/28/2020 10:39:46 PM

updated_at

7/28/2020 10:39:46 PM

closed_at

author_association

OWNER

active_lock_reason

body

0.0

closed_by

performed_via_github_app

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Create Issue failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: at BuildInIntegrations.GitHubIntegration.createIssue(Object[] parameters).

Error Sample Data

Create Issue failed.

Status Code: 400.

Message: at BuildInIntegrations.GitHubIntegration.createIssue(Object[] parameters).

Delete Branch

Deletes a branch from a repository.

READER NOTE

The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public repository, as choosing a private one will result in a 404 not found error.

Input

Input Parameter

Required/Optional

Description

Example

Repository

Required

The repository to remove a branch.

*******

Branch Name

Required

The name of the branch to remove.

NNN

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
No Sample Data
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

CODE
No Sample Data

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Delete Branch failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 422.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Unprocessable Entity.

Error Sample Data

Delete Branch failed.

Status Code: 422.

Message: Unprocessable Entity.

Get Latest File

Retrieves the contents of a file or directory within a repository. Use the Path parameter to specify the file path or directory. If the Path is not provided, it defaults to returning the contents of the repository's root directory.

READER NOTE

The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public repository, as choosing a private one will result in a 404 not found error.

Input

Input Parameter

Required/Optional

Description

Example

Repository Name

Required

The name of the repository to retrieve file content.

******-***-*******-***-*****

Path

Optional

The file path or directory to retrieve file content. If this parameter is not defined, the contents of the repository's root directory will be returned.

*******

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "name": "*******",
    "path": "*******",
    "sha": "****************************************",
    "size": 12,
    "url": "https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=****",
    "html_url": "https://github.com/********/******-***-*******-***-*****/****/****/*******",
    "git_url": "https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/****************************************",
    "download_url": "https://***.githubusercontent.com/********/******-***-*******-***-*****/****/*******?*****=*****************************",
    "type": "file",
    "content": "******************",
    "encoding": "base64",
    "_links": {
        "self": "https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=****",
        "git": "https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/****************************************",
        "html": "https://github.com/********/******-***-*******-***-*****/****/****/*******"
    }
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "FileSHA": "****************************************",
    "Type": "file"
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

name

*******

path

*******

sha

****************************************

size

12

url

https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=****

html_url

https://github.com/********/******-***-*******-***-*****/****//****/*******

git_url

https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/****************************************

download_url

https://***.githubusercontent.com/********/******-***-*******-***-*****/****/*******?*****=*****************************

type

file

content

Y29udGVudDAyMjVj

encoding

base64

_links

{'self': 'https://***.github.com/*****/********/******-***-*******-***-*****/********/*******?***=**** ', 'git': 'https://***.github.com/*****/********/******-***-*******-***-*****/***/*****/**************************************** ', 'html': 'https://github.com/********/******-***-*******-***-*****/****//****/******* '}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Latest File failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Not Found.

Error Sample Data

Get Latest File failed.

Status Code: 404.

Message: Not Found.

List Issues

Lists issues from a repository.

READER NOTE

The list of repositories is accessible from the GitHub user interface in the left-side navigation menu. For this command, ensure to select a public repository, as choosing a private one will result in a 404 not found error. If there are no issues in the repository you select, it will return a success message but no results. You have the option to create a new repository and your own issue either through the Github user interface or by using the Create Issue command.

Input

Input Parameter

Required/Optional

Description

Example

Repository

Required

The repository to list issues from.

*******

State

Optional

The state to filter listed issues. The available options are open and closed. The default value is open.

open

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
[
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 5,
        "title": "*********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T22:39:46Z",
        "updated_at": "2020-07-28T22:39:46Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "0.0",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 4,
        "title": "*********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T21:32:24Z",
        "updated_at": "2020-07-28T21:32:24Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "xixixi",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 3,
        "title": "*********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T21:32:21Z",
        "updated_at": "2020-07-28T21:32:21Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "xixixi",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 2,
        "title": "*********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T18:57:09Z",
        "updated_at": "2020-07-28T18:57:09Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "0.0",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 1,
        "title": "**********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 4,
        "created_at": "2020-07-25T00:03:55Z",
        "updated_at": "2020-07-28T22:50:45Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "******",
        "performed_via_github_app": null
    }
]
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
[
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 5,
        "title": "********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T22:39:46Z",
        "updated_at": "2020-07-28T22:39:46Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "0.0",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 4,
        "title": "********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T21:32:24Z",
        "updated_at": "2020-07-28T21:32:24Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "xixixi",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 3,
        "title": "********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T21:32:21Z",
        "updated_at": "2020-07-28T21:32:21Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "xixixi",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 2,
        "title": "********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 0,
        "created_at": "2020-07-28T18:57:09Z",
        "updated_at": "2020-07-28T18:57:09Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "0.0",
        "performed_via_github_app": null
    },
    {
        "url": "https://***.github.com/*****/********/*******/******/*",
        "repository_url": "https://***.github.com/*****/********/*******",
        "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
        "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
        "events_url": "https://***.github.com/*****/********/*******/******/*/******",
        "html_url": "https://github.com/********/*******/******/*",
        "id": *********,
        "node_id": "************************",
        "number": 1,
        "title": "**********",
        "user": {
            "login": "********",
            "id": ********,
            "node_id": "********************",
            "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
            "gravatar_id": "",
            "url": "https://***.github.com/*****/********",
            "html_url": "https://github.com/********",
            "followers_url": "https://***.github.com/*****/********/*********",
            "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
            "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
            "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
            "subscriptions_url": "https://***.github.com/*****/********/*************",
            "organizations_url": "https://***.github.com/*****/********/****",
            "*****_url": "https://***.github.com/*****/********/*****",
            "events_url": "https://***.github.com/*****/********/******{/*******}",
            "received_events_url": "https://***.github.com/*****/********/********_******",
            "type": "User",
            "site_admin": false
        },
        "labels": [],
        "state": "open",
        "locked": false,
        "assignee": null,
        "assignees": [],
        "milestone": null,
        "comments": 4,
        "created_at": "2020-07-25T00:03:55Z",
        "updated_at": "2020-07-28T22:50:45Z",
        "closed_at": null,
        "author_association": "OWNER",
        "active_lock_reason": null,
        "body": "******",
        "performed_via_github_app": null
    }
]
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "IssueNumberList" : 
[
      "5",
      "4",
      "3",
      "2",
      "1"
],
    "IssueNumberList" :
[
      "IssueBBB",
      "IssueAAA",
      "IssueAAA",
      "IssueBBB",
      "IssueCCCCC"
],
    "UrlList" : 
[     
      "https://***.github.com/*****/********/*******/******/*",
      "https://***.github.com/*****/********/*******/******/*",
      "https://***.github.com/*****/********/*******/******/*",
      "https://***.github.com/*****/********/*******/******/*",
      "https://***.github.com/*****/********/*******/******/*"
],
    "IssueNumberList" : 
[
      "5",
      "4",
      "3",
      "2",
      "1"
],    
    "IssueNumberList" : 
[
      "IssueBBB",
      "IssueAAA",
      "IssueAAA",
      "IssueBBB",
      "IssueCCCCC"
]    
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

url

repository_url

labels_url

comments_url

events_url

html_url

id

node_id

number

title

user

labels

state

locked

assignee

assignees

milestone

comments

created_at

updated_at

closed_at

author_association

active_lock_reason

body

performed_via_github_app

https://***.github.com/*****/********/*******/******/*

https://***.github.com/*****/********/*******

https://***.github.com/*****/********/*******/******/*/******{/****}

https://***.github.com/*****/********/*******/******/*/********

https://***.github.com/*****/********/*******/******/*/******

https://github.com/********/*******/******/*

*********

************************

5

IssueBBB

{
"login": "********",
"id": ********,
"node_id": "********************",
"avatar_url": "https://********.githubusercontent.com/*/********?*=*",
"gravatar_id": "",
"url": "https://***.github.com/*****/******** ",
"html_url": "https://github.com/******** ",
"followers_url": "https://***.github.com/*****/********/********* ",
"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",
"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",
"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",
"subscriptions_url": "https://***.github.com/*****/********/************* ",
"organizations_url": "https://***.github.com/*****/********/**** ",
"*****_url": "https://***.github.com/*****/********/***** ",
"events_url": "https://***.github.com/*****/********/******{/*******} ",
"received_events_url": "https://***.github.com/*****/********/********_****** ",
"type": "User",
"site_admin": false
}

[]

open

False

[]

0

7/28/2020 10:39:46 PM

7/28/2020 10:39:46 PM

OWNER

0.0

https://***.github.com/*****/********/*******/******/*

https://***.github.com/*****/********/*******

https://***.github.com/*****/********/*******/******/*/******{/****}

https://***.github.com/*****/********/*******/******/*/********

https://***.github.com/*****/********/*******/******/*/******

https://github.com/********/*******/******/*

*********

************************

4

IssueAAA

{
"login": "********",
"id": ********,
"node_id": "********************",
"avatar_url": "https://********.githubusercontent.com/*/********?*=*",
"gravatar_id": "",
"url": "https://***.github.com/*****/******** ",
"html_url": "https://github.com/******** ",
"followers_url": "https://***.github.com/*****/********/********* ",
"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",
"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",
"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",
"subscriptions_url": "https://***.github.com/*****/********/************* ",
"organizations_url": "https://***.github.com/*****/********/**** ",
"*****_url": "https://***.github.com/*****/********/***** ",
"events_url": "https://***.github.com/*****/********/******{/*******} ",
"received_events_url": "https://***.github.com/*****/********/********_****** ",
"type": "User",
"site_admin": false
}

[]

open

False

[]

0

7/28/2020 9:32:24 PM

7/28/2020 9:32:24 PM

OWNER

xixixi

https://***.github.com/*****/********/*******/******/*

https://***.github.com/*****/********/*******

https://***.github.com/*****/********/*******/******/*/******{/****}

https://***.github.com/*****/********/*******/******/*/********

https://***.github.com/*****/********/*******/******/*/******

https://github.com/********/*******/******/*

*********

************************

3

IssueAAA

{
"login": "********",
"id": ********,
"node_id": "********************",
"avatar_url": "https://********.githubusercontent.com/*/********?*=*",
"gravatar_id": "",
"url": "https://***.github.com/*****/******** ",
"html_url": "https://github.com/******** ",
"followers_url": "https://***.github.com/*****/********/********* ",
"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",
"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",
"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",
"subscriptions_url": "https://***.github.com/*****/********/************* ",
"organizations_url": "https://***.github.com/*****/********/**** ",
"*****_url": "https://***.github.com/*****/********/***** ",
"events_url": "https://***.github.com/*****/********/******{/*******} ",
"received_events_url": "https://***.github.com/*****/********/********_****** ",
"type": "User",
"site_admin": false
}

[]

open

False

[]

0

7/28/2020 9:32:21 PM

7/28/2020 9:32:21 PM

OWNER

xixixi

https://***.github.com/*****/********/*******/******/*

https://***.github.com/*****/********/*******

https://***.github.com/*****/********/*******/******/*/******{/****}

https://***.github.com/*****/********/*******/******/*/********

https://***.github.com/*****/********/*******/******/*/******

https://github.com/********/*******/******/*

*********

************************

2

IssueBBB

{
"login": "********",
"id": ********,
"node_id": "********************",
"avatar_url": "https://********.githubusercontent.com/*/********?*=*",
"gravatar_id": "",
"url": "https://***.github.com/*****/******** ",
"html_url": "https://github.com/******** ",
"followers_url": "https://***.github.com/*****/********/********* ",
"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",
"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",
"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",
"subscriptions_url": "https://***.github.com/*****/********/************* ",
"organizations_url": "https://***.github.com/*****/********/**** ",
"*****_url": "https://***.github.com/*****/********/***** ",
"events_url": "https://***.github.com/*****/********/******{/*******} ",
"received_events_url": "https://***.github.com/*****/********/********_****** ",
"type": "User",
"site_admin": false
}

[]

open

False

[]

0

7/28/2020 6:57:09 PM

7/28/2020 6:57:09 PM

OWNER

0.0

https://***.github.com/*****/********/*******/******/*

https://***.github.com/*****/********/*******

https://***.github.com/*****/********/*******/******/*/******{/****}

https://***.github.com/*****/********/*******/******/*/********

https://***.github.com/*****/********/*******/******/*/******

https://github.com/********/*******/******/*

*********

************************

1

**********

{
"login": "********",
"id": ********,
"node_id": "********************",
"avatar_url": "https://********.githubusercontent.com/*/********?*=*",
"gravatar_id": "",
"url": "https://***.github.com/*****/******** ",
"html_url": "https://github.com/******** ",
"followers_url": "https://***.github.com/*****/********/********* ",
"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",
"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",
"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",
"subscriptions_url": "https://***.github.com/*****/********/************* ",
"organizations_url": "https://***.github.com/*****/********/**** ",
"*****_url": "https://***.github.com/*****/********/***** ",
"events_url": "https://***.github.com/*****/********/******{/*******} ",
"received_events_url": "https://***.github.com/*****/********/********_****** ",
"type": "User",
"site_admin": false
}

[]

open

False

[]

4

7/25/2020 12:03:55 AM

7/28/2020 10:50:45 PM

OWNER

******

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

List Issues failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Not Found.

Error Sample Data

List Issues failed.

Status Code: 404.

Message: Not Found.

Search Issues

Searches issues.

Input

Input Parameter

Required/Optional

Description

Example

QueryString

Required

The query string to search issues.

**********+user:********

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "total_count": 1,
    "incomplete_results": false,
    "items": [
        {
            "url": "https://***.github.com/*****/********/*******/******/*",
            "repository_url": "https://***.github.com/*****/********/*******",
            "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
            "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
            "events_url": "https://***.github.com/*****/********/*******/******/*/******",
            "html_url": "https://github.com/********/*******/******/*",
            "id": *********,
            "node_id": "************************",
            "number": 1,
            "title": "**********",
            "user": {
                "login": "********",
                "id": ********,
                "node_id": "********************",
                "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
                "gravatar_id": "",
                "url": "https://***.github.com/*****/********",
                "html_url": "https://github.com/********",
                "followers_url": "https://***.github.com/*****/********/*********",
                "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
                "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
                "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
                "subscriptions_url": "https://***.github.com/*****/********/*************",
                "organizations_url": "https://***.github.com/*****/********/****",
                "*****_url": "https://***.github.com/*****/********/*****",
                "events_url": "https://***.github.com/*****/********/******{/*******}",
                "received_events_url": "https://***.github.com/*****/********/********_******",
                "type": "User",
                "site_admin": false
            },
            "labels": [],
            "state": "open",
            "locked": false,
            "assignee": null,
            "assignees": [],
            "milestone": null,
            "comments": 4,
            "created_at": "2020-07-25T00:03:55Z",
            "updated_at": "2020-07-28T22:50:45Z",
            "closed_at": null,
            "author_association": "OWNER",
            "active_lock_reason": null,
            "body": "******",
            "performed_via_github_app": null,
            "score": 1
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

CODE
{
    "total_count": 1,
    "incomplete_results": false,
    "items": [
        {
            "url": "https://***.github.com/*****/********/*******/******/*",
            "repository_url": "https://***.github.com/*****/********/*******",
            "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
            "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
            "events_url": "https://***.github.com/*****/********/*******/******/*/******",
            "html_url": "https://github.com/********/*******/******/*",
            "id": *********,
            "node_id": "************************",
            "number": 1,
            "title": "**********",
            "user": {
                "login": "********",
                "id": ********,
                "node_id": "********************",
                "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
                "gravatar_id": "",
                "url": "https://***.github.com/*****/********",
                "html_url": "https://github.com/********",
                "followers_url": "https://***.github.com/*****/********/*********",
                "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
                "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
                "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
                "subscriptions_url": "https://***.github.com/*****/********/*************",
                "organizations_url": "https://***.github.com/*****/********/****",
                "*****_url": "https://***.github.com/*****/********/*****",
                "events_url": "https://***.github.com/*****/********/******{/*******}",
                "received_events_url": "https://***.github.com/*****/********/********_******",
                "type": "User",
                "site_admin": false
            },
            "labels": [],
            "state": "open",
            "locked": false,
            "assignee": null,
            "assignees": [],
            "milestone": null,
            "comments": 4,
            "created_at": "2020-07-25T00:03:55Z",
            "updated_at": "2020-07-28T22:50:45Z",
            "closed_at": null,
            "author_association": "OWNER",
            "active_lock_reason": null,
            "body": "******",
            "performed_via_github_app": null,
            "score": 1
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "IssueNumberList": "1",
    "UrlList" : ["https://***.github.com/*****/********/*******/******/*"],
    "TitleList" : ["**********"]
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

total_count

1

incomplete_results

False

items

{

"url": "https://***.github.com/*****/********/*******/******/* ",

"repository_url": "https://***.github.com/*****/********/******* ",

"labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****} ",

"comments_url": "https://***.github.com/*****/********/*******/******/*/******** ",

"events_url": "https://***.github.com/*****/********/*******/******/*/****** ",

"html_url": "https://github.com/********/*******/******/* ",

"id": *********,

"node_id": "************************",

"number": 1,

"title": "**********",

"user": {

"login": "********",

"id": ********,

"node_id": "********************",

"avatar_url": "https://********.githubusercontent.com/*/********?*=*",

"gravatar_id": "",

"url": "https://***.github.com/*****/******** ",

"html_url": "https://github.com/******** ",

"followers_url": "https://***.github.com/*****/********/********* ",

"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",

"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",

"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",

"subscriptions_url": "https://***.github.com/*****/********/************* ",

"organizations_url": "https://***.github.com/*****/********/**** ",

"*****_url": "https://***.github.com/*****/********/***** ",

"events_url": "https://***.github.com/*****/********/******{/*******} ",

"received_events_url": "https://***.github.com/*****/********/********_****** ",

"type": "User",

"site_admin": false

},

"labels": [],

"state": "open",

"locked": false,

"assignee": null,

"assignees": [],

"milestone": null,

"comments": 4,

"created_at": "2020-07-25T00:03:55Z",

"updated_at": "2020-07-28T22:50:45Z",

"closed_at": null,

"author_association": "OWNER",

"active_lock_reason": null,

"body": "******",

"performed_via_github_app": null,

"score": 1.0

}

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Search Issues failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: at BuildInIntegrations.GitHubIntegration.searchIssues(Object[] parameters).

Error Sample Data

Search Issues failed.

Status Code: 400.

Message: at BuildInIntegrations.GitHubIntegration.searchIssues(Object[] parameters).

Update Issue

Updates an issue.

READER NOTE

Repository and Issue Number are required parameters to run this command.

  • Run the List Issues command to obtain the Issue Number. Issue Number can be found in the returned raw data at the path $.number.

  • Make sure the issue number is under the repository you input. It is suggested to use the repository you choose to run the list issue command, select the issue you want to update, use that pair to run this command.

Input

Input Parameter

Required/Optional

Description

Example

Repository

Required

The repository containing the issue to update.

*******

Issue Number

Required

The number that identifies the issue to update. Issue Number can be obtained using the List Issues command.

1

Title

Required

The updated title of the issue.

**********

Body

Optional

The updated contents of the issue.

******

Labels

Optional

The updated labels to associate with this issue.

["labelA"]

Assignee

Optional

The updated assignee of the issue.

********

State

Optional

The updated state of the issue.

open

Output

Raw Data

The primary response data from the API request.

SAMPLE DATA

CODE
{
    "total_count": 1,
    "incomplete_results": false,
    "items": [
        {
            "url": "https://***.github.com/*****/********/*******/******/*",
            "repository_url": "https://***.github.com/*****/********/*******",
            "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
            "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
            "events_url": "https://***.github.com/*****/********/*******/******/*/******",
            "html_url": "https://github.com/********/*******/******/*",
            "id": *********,
            "node_id": "************************",
            "number": 1,
            "title": "**********",
            "user": {
                "login": "********",
                "id": ********,
                "node_id": "********************",
                "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
                "gravatar_id": "",
                "url": "https://***.github.com/*****/********",
                "html_url": "https://github.com/********",
                "followers_url": "https://***.github.com/*****/********/*********",
                "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
                "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
                "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
                "subscriptions_url": "https://***.github.com/*****/********/*************",
                "organizations_url": "https://***.github.com/*****/********/****",
                "*****_url": "https://***.github.com/*****/********/*****",
                "events_url": "https://***.github.com/*****/********/******{/*******}",
                "received_events_url": "https://***.github.com/*****/********/********_******",
                "type": "User",
                "site_admin": false
            },
            "labels": [],
            "state": "open",
            "locked": false,
            "assignee": null,
            "assignees": [],
            "milestone": null,
            "comments": 4,
            "created_at": "2020-07-25T00:03:55Z",
            "updated_at": "2020-07-28T22:50:45Z",
            "closed_at": null,
            "author_association": "OWNER",
            "active_lock_reason": null,
            "body": "******",
            "performed_via_github_app": null,
            "score": 1
        }
    ]
}
Context Data

The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.

It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.

SAMPLE DATA

CODE
{
    "total_count": 1,
    "incomplete_results": false,
    "items": [
        {
            "url": "https://***.github.com/*****/********/*******/******/*",
            "repository_url": "https://***.github.com/*****/********/*******",
            "labels_url": "https://***.github.com/*****/********/*******/******/*/******{/****}",
            "comments_url": "https://***.github.com/*****/********/*******/******/*/********",
            "events_url": "https://***.github.com/*****/********/*******/******/*/******",
            "html_url": "https://github.com/********/*******/******/*",
            "id": *********,
            "node_id": "************************",
            "number": 1,
            "title": "**********",
            "user": {
                "login": "********",
                "id": ********,
                "node_id": "********************",
                "avatar_url": "https://********.githubusercontent.com/*/********?*=*",
                "gravatar_id": "",
                "url": "https://***.github.com/*****/********",
                "html_url": "https://github.com/********",
                "followers_url": "https://***.github.com/*****/********/*********",
                "following_url": "https://***.github.com/*****/********/*********{/*****_****}",
                "gists_url": "https://***.github.com/*****/********/*****{/****_**}",
                "starred_url": "https://***.github.com/*****/********/*******{/*****}{/****}",
                "subscriptions_url": "https://***.github.com/*****/********/*************",
                "organizations_url": "https://***.github.com/*****/********/****",
                "*****_url": "https://***.github.com/*****/********/*****",
                "events_url": "https://***.github.com/*****/********/******{/*******}",
                "received_events_url": "https://***.github.com/*****/********/********_******",
                "type": "User",
                "site_admin": false
            },
            "labels": [],
            "state": "open",
            "locked": false,
            "assignee": null,
            "assignees": [],
            "milestone": null,
            "comments": 4,
            "created_at": "2020-07-25T00:03:55Z",
            "updated_at": "2020-07-28T22:50:45Z",
            "closed_at": null,
            "author_association": "OWNER",
            "active_lock_reason": null,
            "body": "******",
            "performed_via_github_app": null,
            "score": 1
        }
    ]
}
Key Fields

Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.

The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.

SAMPLE DATA

CODE
{
    "IssueNumber": "1",
    "Url" : "https://***.github.com/*****/********/*******/******/*",
    "Title" : "**********"
}
Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

You can view more details about an error in the Error tab.

Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.

SAMPLE DATA

CODE
Successful
Result

Provides a brief summary of outputs in an HTML formatted table.

SAMPLE DATA

url

https://***.github.com/*****/********/*******/******/*

repository_url

https://***.github.com/*****/********/*******

labels_url

https://***.github.com/*****/********/*******/******/*/******{/****}

comments_url

https://***.github.com/*****/********/*******/******/*/********

events_url

https://***.github.com/*****/********/*******/******/*/******

html_url

https://github.com/********/*******/******/*

id

*********

node_id

************************

number

1

title

**********

user

{

"login": "********",

"id": ********,

"node_id": "********************",

"avatar_url": "https://********.githubusercontent.com/*/********?*=*",

"gravatar_id": "",

"url": "https://***.github.com/*****/******** ",

"html_url": "https://github.com/******** ",

"followers_url": "https://***.github.com/*****/********/********* ",

"following_url": "https://***.github.com/*****/********/*********{/*****_****} ",

"gists_url": "https://***.github.com/*****/********/*****{/****_**} ",

"starred_url": "https://***.github.com/*****/********/*******{/*****}{/****} ",

"subscriptions_url": "https://***.github.com/*****/********/************* ",

"organizations_url": "https://***.github.com/*****/********/**** ",

"*****_url": "https://***.github.com/*****/********/***** ",

"events_url": "https://***.github.com/*****/********/******{/*******} ",

"received_events_url": "https://***.github.com/*****/********/********_****** ",

"type": "User",

"site_admin": false

}

labels

state

open

locked

False

assignee

assignees

milestone

comments

4

created_at

7/25/2020 12:03:55 AM

updated_at

7/28/2020 10:50:45 PM

closed_at

author_association

OWNER

active_lock_reason

body

******

closed_by

performed_via_github_app

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Update Issue failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the GitHub portal. Refer to the HTTP Status Code Registry for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Not Found.

Error Sample Data

Update Issue failed.

Status Code: 404.

Message: Not Found.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.