Google Cloud Storage

LAST UPDATED: DECEMBER 24, 2025

Overview

Google Cloud Storage is an enterprise public cloud storage platform that can house large unstructured data sets. This integration enables organizations to manage files, buckets and bucket policies on Google Cloud Storage platform.

D3 SOAR is providing REST operations to function with Google Cloud Storage.

Google Cloud Storage is available for use in:

D3 SOAR	V15.2+
Category	Cloud Services
Deployment Options	Option II, Option IV

Known Limitations

Refer to Quotas & limits | Cloud Storage for information on the most updated quotas and limits.

Connection

Gather the following information to connect D3 SOAR to Google Cloud Storage.

Parameter

Description

Example

Service Account JSON

The content of the Service Account JSON file obtained from the Google Cloud Console. The value of the client_id field must be authorized through the Google Admin Console.

JSON

{
  "type": "service_account",
  "project_id": "*****",
  "private_key_id": "*****",
  "private_key": "-----BEGIN PRIVATE KEY-----\n********\n-----END PRIVATE KEY-----\n",
  "client_email": "*****@*****.*****",
  "client_id": "*****",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gcloudstorage%40*****.*****"
}

API Version

The version of the API to use for the connection.

v1

READER NOTE

The prerequisite for using this guide is access to a Google Workspace administrator account.

Permission Requirements

Each endpoint in the Google Cloud Storage API requires a certain permission scope. The following are required scopes for the commands in this integration:

Command	Required Permissions
Create Bucket	storage.buckets.create
Create Bucket ACL Entries	storage.buckets.setIamPolicy
Create Folders	storage.objects.create or storage.objects.delete
Create Object ACL Entries	storage.objects.setIamPolicy
Delete Bucket ACL Entries	storage.buckets.setIamPolicy
Delete Buckets	storage.buckets.delete
Delete Files	storage.objects.delete
Delete Object ACL Entries	storage.objects.setIamPolicy
Download Files	storage.objects.get
Get Buckets	storage.buckets.get or storage.buckets.getIamPolicy
Get Files	storage.objects.get or storage.objects.getIamPolicy
List Bucket ACL Entries	storage.buckets.getIamPolicy
List Buckets	storage.buckets.list or storage.buckets.getIamPolicy
List Files	storage.objects.list or storage.objects.getIamPolicy
Update Bucket ACL Entries	storage.buckets.setIamPolicy
Update Object ACL Entries	storage.objects.setIamPolicy
Upload Files	storage.objects.create or storage.objects.delete
Test Connection	storage.buckets.list

Configuring Google Cloud Storage to Work with D3 SOAR

Complete the following steps to connect to D3 SOAR. The sections that follow describe each step.

Enabling the Cloud Storage API

Log into Google Cloud Platform (GCP) using an account that has administrator privileges.
Enter Library in the search bar, then click the matching result.
Scroll down and click on the Cloud Storage card.
Click the Enable button.

Creating a Custom Role

Enter Roles in the search bar, then click the matching result.
Click the + Create role button.
Enter a name for the custom role, then select the + Add permissions button.
Use the filter field to locate the required permissions, select them, then click the Add button.
Click the Create button to save the role.

Creating the Service Account JSON

See Creating the Service Account JSON File for detailed instructions. The JSON file contents will be pasted into the Service Account JSON field in the D3 connection form. Refer to step 3.i.1 in Configuring D3 SOAR to Work with Google Cloud Storage.

Assigning the Service Account to the Custom Role

Select the Service Accounts tab, then navigate to the appropriate service account.
Select the Permissions tab, then click the Manage access button.
Click the + Add role button, filter for the custom role created in Creating a Custom Role, then click the Save button.

Built-In Roles Permissions

Although this approach does not align with security best practices, the service account can also be assigned to built-in roles. Refer to the following table for details.

Command	Storage Object Viewer	Storage Object Admin	Storage Admin
Create Bucket	Not Supported		Supported
Create Bucket ACL Entries	Not Supported		Supported
Create Folders	Not Supported	Supported
Create Object ACL Entries	Not Supported	Supported
Delete Bucket	Not Supported		Supported
Delete Bucket ACL Entries	Not Supported		Supported
Delete Files	Not Supported	Supported
Delete Object ACL Entries	Not Supported	Supported
Download File	Supported
Get Bucket	Not Supported		Supported
Get Bucket ACL Entries	Not Supported		Supported
Get Files	Supported
List Buckets	Not Supported		Supported
List Files	Supported
Test Connection	Not Supported		Supported
Update Bucket ACL Entries	Not Supported	Supported
Update Object ACL Entries
Upload File

Configuring Domain-Wide Delegation

Perform steps 1-5 of Authorizing the Client ID from the JSON File on the Google Admin Console.
Paste the copied client_id value from the JSON file obtained in Creating the Service Account JSON into the Client ID field.
Input https://www.googleapis.com/auth/devstorage.full_control in the OAuth scopes field, then click the AUTHORISE button.

Configuring D3 SOAR to Work with Google Cloud Storage

Log in to D3 SOAR.
Find the Google Cloud Storage integration.
1. Navigate to Configuration on the top header menu.
2. Click on the Integration icon on the left sidebar.
3. Type Google Cloud Storage in the search box to find the integration, then click it to select it.
4. Click on the + Connection button on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Google Cloud Storage.
1. Connection Name: The desired name for the connection.
2. Site: The site on which to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
3. Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.
4. Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
5. Description (Optional): The description for the connection.
6. Tenant (Optional): When configuring the connection from a master tenant site, users can choose the specific tenant sites with which to share the connection. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.
7. Configure User Permissions: Defines which users have access to the connection.
8. Active: The checkbox that enables the connection to be used when selected.
9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
  1. Input the content of the Service Account JSON file created from the Google Cloud Console. Refer to Creating the Service Account JSON.
  2. Input the API Version. The default value is v1.
10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
11. Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.
Test the connection.
1. Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.
2. Click OK to close the alert window.
3. Click + Add to create and add the configured connection.

Commands

Google Cloud Storage includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Google Cloud Storage API, refer to the Google Cloud Storage API reference.

READER NOTE

Certain permissions are required for each command. Refer to the Permission Requirements and Configuring Google Cloud Storage to Work with D3 SOAR sections for details.

Create Bucket

Creates a new bucket in Google Cloud Storage.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name assigned to the bucket that will be created. Refer to About Cloud Storage buckets for Google Cloud Storage bucket naming rules.	d3_bket_20221021a
Bucket ACL	Optional	A predefined access-control list applied to the bucket. Valid options are: Project team owners get OWNER access, and allAuthenticatedUsers get READER access Project team owners get OWNER access Project team members get access according to their roles Project team owners get OWNER access, and allUsers get READER access Project team owners get OWNER access, and allUsers get WRITER access By default, the value is set to Project Private, where project team members receive access based on their assigned roles.	Project team owners get OWNER access, and allUsers get READER access
Default Object ACL	Optional	A predefined default access-control list applied to objects created in the bucket. Valid options are: Object owner gets OWNER access, and allAuthenticatedUsers get READER access Object owner gets OWNER access, and project team owners get OWNER access Object owner gets OWNER access, and project team owners get READER access Object owner gets OWNER access Object owner gets OWNER access, and project team members get access according to their roles Object owner gets OWNER access, and allUsers get READER access: publicRead By default, the value is set to Project Private, where the object owner receives OWNER access and project team members receive access based on their roles.	Object owner gets OWNER access, and allAuthenticatedUsers get READER access

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Create Bucket failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 409.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Your previous request to create the named bucket succeeded and you already own it.

Error Sample Data

Create Bucket failed.

Status Code: 409.

Message: Your previous request to create the named bucket succeeded and you already own it.

Create Bucket ACL Entries

Creates access-control list (ACL) entries on a specified Google Cloud Storage bucket. This command is not supported for buckets with uniform bucket-level access enabled, where access is enforced exclusively at the bucket level using storage.buckets.getIamPolicy and storage.buckets.setIamPolicy.

ALERT

This command is not supported for buckets with uniform bucket-level access enabled.

READER NOTE

Bucket Name is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket on which access-control list entries will be created. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Principals	Required	The principals granted permissions on the bucket. Supported formats include user-email, group-groupId, group-email, domain-domain, project-team-projectId, allUsers, and allAuthenticatedUsers.	JSON `[ "***@*.***" ]`
Role	Required	The access permission assigned to the specified principals. Valid options are: Owner Reader Writer	Reader

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Create Bucket ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled.

Error Sample Data

Create Bucket ACL Entries failed.

Status Code: 400.

Message: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled.

Create Folders

Creates folder objects in a specified Google Cloud Storage bucket.

READER NOTE

Bucket Name is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket in which folders will be created. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Folder Paths	Required	The folder paths to create. Each folder path must end with a forward slash. Folders will be created automatically if they do not exist.	JSON `[ "dir1/dir5/dir5c/" ]`
Default Folder ACL	Optional	The access-control list (ACL) applied to the created folders. Valid options are: Object owner gets OWNER access, and allAuthenticatedUsers get READER access Object owner gets OWNER access, and project team owners get OWNER access Object owner gets OWNER access, and project team owners get READER access Object owner gets OWNER access Object owner gets OWNER access, and project team members get access according to their roles Object owner gets OWNER access, and allUsers get READER access By default, the value is set to Authenticated Read, which grants OWNER access to the object owner and READER access to allAuthenticatedUsers.	Object owner gets OWNER access, and allUsers get READER access

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Create Folders failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: The specified bucket does not exist.

Error Sample Data

Create Folders failed.

Status Code: 404.

Message: The specified bucket does not exist.

Create Object ACL Entries

Creates access-control list (ACL) entries for a specified object in a Google Cloud Storage bucket. This command is not supported for buckets with uniform bucket-level access enabled, where access is enforced exclusively at the bucket level using storage.buckets.getIamPolicy and storage.buckets.setIamPolicy.

READER NOTE

Bucket Name and File Name are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the File Name. File Names can be found in the raw data at $.items[*].name.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Files command to retrieve its files.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket containing the object for which ACL entries will be created. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
File Name	Required	The name of the object for which ACL entries will be created. File Name can be obtained using the List Files command.	dir1/bluejay1024.png
Entities	Required	The entities granted permissions on the object. Supported formats include user-email, group-groupId, group-email, domain-domain, project-team-projectId, allUsers, and allAuthenticatedUsers.	JSON `[ "***@*.***" ]`
Role	Required	The access permission assigned to the specified entities. Valid values are: Owner Reader	Reader

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Create Object ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled.

Error Sample Data

Create Object ACL Entries failed.

Status Code: 400.

Message: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled.

Delete Bucket ACL Entries

Permanently deletes access-control list (ACL) entries for specified principals on a Google Cloud Storage bucket.

READER NOTE

Bucket Name and Principals are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Bucket ACL Entries command to obtain the Principals. Principals can be found in the raw data at $.items[*].entity.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Bucket ACL Entries command to retrieve its ACL entries.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket from which ACL entries will be deleted. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Principals	Required	The principals whose ACL entries will be removed from the bucket. Principals can be obtained using the List Bucket ACL Entries command. Supported formats include user-emailAddress, group-groupId, group-emailAddress, allUsers, and allAuthenticatedUsers.	JSON `[ "***@*.***" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Delete Bucket ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: The owner of the resource is required to have OWNER access.

Error Sample Data

Delete Bucket ACL Entries failed.

Status Code: 403.

Message: The owner of the resource is required to have OWNER access.

Delete Buckets

Permanently deletes specified Google Cloud Storage buckets. The command fails if any bucket contains objects. Buckets that contain only incomplete uploads, such as in-progress XML API multipart uploads, can still be deleted.

READER NOTE

Bucket Names is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Names. Bucket Names can be found in the raw data at $.items[*].name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Names	Required	The names of the buckets to delete. Bucket Names can be obtained using the List Buckets command.	JSON `[ "d3_bket_20221021a" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Delete Buckets failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 409.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: The bucket you tried to delete is not empty.

Error Sample Data

Delete Buckets failed.

Status Code: 409.

Message: The bucket you tried to delete is not empty.

Delete Files

Deletes specified objects (files or folders) and their metadata from a Google Cloud Storage bucket.

READER NOTE

Bucket Name and Object Names are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the Object Names. Object Names can be found in the raw data at $.items[*].name.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Files command to retrieve its objects.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket from which objects will be deleted. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Object Names	Required	The names of the objects (files or folders) to delete. Object Names can be obtained using the List Files command.	JSON `[ "dir1/dir1_json/gke_createDeployment_raw_sampleREST" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Delete Files failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: No such object.

Error Sample Data

Delete Files failed.

Status Code: 404.

Message: No such object.

Delete Object ACL Entries

Permanently deletes access-control list (ACL) entries for specified entities on a specified object (file) in a Google Cloud Storage bucket.

READER NOTE

Bucket Name and Object Name are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the Object Name. Object Names can be found in the raw data at $.items[*].name.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Files command to retrieve its objects (files).

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket containing the object. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Object Name	Required	The name of the object from which ACL entries will be deleted. Object Name can be obtained using the List Files command.	dir1/bluejay1024.png
Entities	Required	The entities whose ACL entries will be removed from the object. Supported formats include user-emailAddress, group-groupId, group-emailAddress, allUsers, and allAuthenticatedUsers.	JSON `[ "***@*.***" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Delete Object ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: ***** does not have storage.objects.update access to the Google Cloud Storage object. Permission 'storage.objects.update' denied on resource (or it may not exist).

Error Sample Data

Delete Object ACL Entries failed.

Status Code: 403.

Message: ***** does not have storage.objects.update access to the Google Cloud Storage object. Permission 'storage.objects.update' denied on resource (or it may not exist).

Download Files

Downloads the latest versions of specified files from a Google Cloud Storage bucket.

READER NOTE

Bucket Name and File Names are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the File Names. File Names can be found in the raw data at $.items[*].name.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Files command to retrieve its files.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket from which files will be downloaded. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
File Names	Required	The names of the files to download. File Names can be obtained using the List Files command. For files in subdirectories, provide the full path, such as sub_dir/fileName.	JSON `[ "dir1/blueJay1024.png" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Download Files failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: ***** does not have storage.objects.get access to the Google Cloud Storage object. Permission storage.objects.get denied on resource (or it may not exist).

Error Sample Data

Download Files failed.

Status Code: 403.

Message: Message: ***** does not have storage.objects.get access to the Google Cloud Storage object. Permission storage.objects.get denied on resource (or it may not exist).

Get Buckets

Retrieves metadata for specified Google Cloud Storage buckets.

READER NOTE

Bucket Names is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Names. Bucket Names can be found in the raw data at $.items[*].name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Names	Required	The names of the buckets for which metadata will be retrieved. Bucket Names can be obtained using the List Buckets command.	JSON `[ "d3_bket_20221021a" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Get Buckets failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: The specified bucket does not exist.

Error Sample Data

Get Buckets failed.

Status Code: 404.

Message: The specified bucket does not exist.

Get Files

Retrieves metadata for specified objects (files or folders) in a Google Cloud Storage bucket.

READER NOTE

Bucket Name and File Name are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the File Name. File Names can be found in the raw data at $.items[*].name.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Files command to retrieve its objects.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket from which object metadata will be retrieved. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
File Names	Required	The names of the objects for which metadata will be retrieved. File Names can be obtained using the List Files command.	JSON `[ "dir1/blueJay1024.png" ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Get Files failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Not Found.

Error Sample Data

Get Files failed.

Status Code: 404.

Message: Not Found.

List Bucket ACL Entries

Retrieves access-control list (ACL) entries for a specified Google Cloud Storage bucket.

READER NOTE

Bucket Name is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket for which ACL entries will be retrieved. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Bucket ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: ***** does not have storage.buckets.getIamPolicy access to the Google Cloud Storage bucket. Permission 'storage.buckets.getIamPolicy' denied on resource (or it may not exist).

Error Sample Data

List Bucket ACL Entries failed.

Status Code: 403.

Message: ***** does not have storage.buckets.getIamPolicy access to the Google Cloud Storage bucket. Permission 'storage.buckets.getIamPolicy' denied on resource (or it may not exist).

List Buckets

Retrieves Google Cloud Storage buckets for the project The buckets will be ordered lexicographically by bucket name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name Prefix	Optional	Filters results to include only buckets whose names start with the specified prefix. By default, all buckets are returned.	d3_bket

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Buckets failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: ***** does not have storage.buckets.list access to the Google Cloud project. Permission 'storage.buckets.list' denied on resource (or it may not exist).

Error Sample Data

List Buckets failed.

Status Code: 403.

Message: ***** does not have storage.buckets.list access to the Google Cloud project. Permission 'storage.buckets.list' denied on resource (or it may not exist).

List Files

Retrieves the latest versions of objects (files and folders) in a specified Google Cloud Storage bucket. The results will be ordered lexicographically by object name.

READER NOTE

Bucket Name is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket from which objects will be retrieved. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
File Name Prefix	Optional	Filters results to include only objects whose names begin with the specified prefix. File names are case-sensitive. To list objects under a subdirectory, provide the folder path ending with a forward slash.	dir1/

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Files failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: The specified bucket does not exist.

Error Sample Data

List Files failed.

Status Code: 404.

Message: The specified bucket does not exist.

Update Bucket ACL Entries

Updates access-control list (ACL) roles for specified principals on a Google Cloud Storage bucket.

READER NOTE

Bucket Name and Principals are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Bucket ACL Entries command to obtain the Principals. Principals can be found in the raw data at $.items[*].entity.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Bucket ACL Entries command to retrieve its ACL entries.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket for which ACL entries will be updated. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Principals	Required	The principals whose ACL roles will be updated on the bucket. Principals can be obtained using the List Bucket ACL Entries command. Supported formats include user-emailAddress, group-groupId, group-emailAddress, allUsers, and allAuthenticatedUsers.	JSON `[ "***@*.***" ]`
Role	Required	The access permission assigned to the specified principals. Valid values are: Owner Reader Writer	Writer

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Update Bucket ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: ***** does not have storage.buckets.getIamPolicy access to the Google Cloud Storage bucket. Permission 'storage.buckets.getIamPolicy' denied on resource (or it may not exist).

Error Sample Data

Update Bucket ACL Entries failed.

Status Code: 403.

Message: ***** does not have storage.buckets.getIamPolicy access to the Google Cloud Storage bucket. Permission 'storage.buckets.getIamPolicy' denied on resource (or it may not exist).

Update Object ACL Entries

Updates access-control list (ACL) roles for specified entities on a specified object (file) in a Google Cloud Storage bucket.

READER NOTE

Bucket Name, Object Name, and Entities are required parameters to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the Object Name. Object Names can be found in the raw data at $.items[*].name.
Run the List Files command to obtain the Entities. Entities can be found in the raw data at $.items[*].owner.entity.

Run the List Buckets command to obtain the name of the desired bucket, then use that value with the List Files command to retrieve its objects (files) and their entities.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket containing the object. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
Object Name	Required	The name of the object for which ACL entries will be updated. Object Name can be obtained using the List Files command.	dir1/bluejay1024.png
Entities	Required	The entities whose ACL roles will be updated on the object. Entities can be obtained using the List Files command Supported formats include user-emailAddress, group-groupId, group-emailAddress, allUsers, and allAuthenticatedUsers.	JSON `[ "***@*.***" ]`
Role	Required	The access permission assigned to the specified entities. Valid options are: Owner Reader	Owner

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Update Object ACL Entries failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: No such object.

Error Sample Data

Update Object ACL Entries failed.

Status Code: 404.

Message: No such object.

Upload Files

Uploads specified files to a Google Cloud Storage bucket.

READER NOTE

Bucket Name is a required parameter to run this command.

Run the List Buckets command to obtain the Bucket Name. Bucket Names can be found in the raw data at $.items[*].name.

D3 File IDs and D3 File Source

It is not recommended to use the Test Command feature with the Upload Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:

Navigate to Configuration on the top bar menu.
Click on Utility Commands on the left sidebar menu.
Use the search box to find and select the Create a File from input Text Array command.
Click on the Test tab.
Input the required information for the parameters.
Click on the Test Command button. A D3 File ID will appear in the output data after the file has been successfully created. The D3 File Source of the created file will be Playbook File.

Input

Input Parameter	Required/Optional	Description	Example
Bucket Name	Required	The name of the bucket into which files will be uploaded. Bucket Name can be obtained using the List Buckets command.	d3_bket_20221021a
File Names	Required	The names of the files to upload. For files uploaded to a subdirectory, include the full path, such as sub_dir/fileName. If the specified subdirectory does not exist, it will be created automatically. The order of values in this parameter must match the order of values in the D3 File IDs parameter.	JSON `[ "dir1/blueJay1024.png" ]`
D3 File IDs	Required	The identifiers of the files to upload. The order of values in this parameter must match the order of values in the File Names parameter.	JSON `[ "*****" ]`
D3 File Source	Required	The source location of the files to upload. The options for file sources are: Incident Attachment File: Manually uploaded file from Incident Playbook File: Output from another Task Artifact File: Ingested Artifact in an Event.	Playbook File
Default Object ACL	Optional	The access-control list applied to uploaded files. Valid options are: Object owner gets OWNER access, and allAuthenticatedUsers get READER access Object owner gets OWNER access, and project team owners get OWNER access Object owner gets OWNER access, and project team owners get READER access Object owner gets OWNER access Object owner gets OWNER access, and project team members get access according to their roles Object owner gets OWNER access, and allUsers get READER access By default, the value is Authenticated Read, which grants OWNER access to the object owner and READER access to allAuthenticatedUsers.	Object owner gets OWNER access, and project team members get access according to their roles

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Upload Files failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 404.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: The specified bucket does not exist.

Error Sample Data

Upload Files failed.

Status Code: 404.

Message: The specified bucket does not exist.

Test Connection

Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

A connection issue with the integration
The API returned an error message
No response from the API

More details about an error can be viewed in the Error tab.

String

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Test Connection failed. Failed to check the connector.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Storage portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Forbidden.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 403.

Message: Forbidden.