Clone And Schedule Data Ingestions
Clone a new schedule from current schedule connection to new schedule connection within the integration. If the current schedule connection is empty, then create a new schedule in the new schedule connection within the integration.
Implementation | System |
Command Category | System Utility |
Tags | INTEGRATION |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Integration Name | Required | Integration Name |
|
Is Fetch Incident Or Fetch Event | Required | Intake data type (event or incident) |
|
Current Schedule Connection | Optional | Current Schedule Connection (if current schedule connection is empty, then it will create a new schedule) |
|
New Schedule Connection | Required | New Schedule Connection |
|
Command Details | Optional | The parameters of the fetch incident or fetch events. (When creating a new schedule in a non-custom integration, this parameter should include all necessary details to define the schedule. When cloning a schedule, missing parameters will be automatically populated from the source schedule) |
CODE
|
Schedule Configuration | Optional | The configuration of a schedule, such as the interval, etc., will default to a preset value if a schedule configuration field is missing when creating a new schedule. |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/CloneAndScheduleDataIngestions
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Integration Name": <Integration Name here>,
"Is Fetch Incident Or Fetch Event": <Fetch Incident Or Fetch Event here>,
"Current Schedule Connection": <Current Schedule Connection here>,
"New Schedule Connection": <New Schedule Connection here>,
"Command Details": <Command Details here>,
"Schedule Configurations": <Schedule Configurations here>
}
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Integration Name |
| Required | Integration Name |
Is Fetch Incident Or Fetch Event |
| Required | Intake data type (Event or Incident) |
Current Schedule Connection |
| Optional | Current Schedule Connection (if current schedule connection is empty, then it will create a new schedule) |
New Schedule Connection |
| Required | New Schedule Connection |
Command Details |
| Optional | The parameters of the fetch incident or fetch events. (When creating a new schedule in a non-custom integration, this parameter should include all necessary details to define the schedule. When cloning a schedule, missing parameters will be automatically populated from the source schedule) |
Schedule Configuration |
| Optional | The configuration of a schedule, such as the interval, etc., will default to a preset value if a schedule configuration field is missing when creating a new schedule. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Integration Name": "Test Integration Name",
"Is Fetch Incident Or Fetch Event": "Event Intake",
"Current Schedule Connection": "All Sites",
"New Schedule Connection": "Security Operations - testconnection",
"Command Details": {
"Start Time": "2023-01-01 1:00:00",
"End Time": "2023-01-02 3:00:00",
"Top Recent Event Number": "5",
"Search Condition": "search condition"
},
"Schedule Configurations": {
"Interval": 1,
"Tolerance Scope": 15,
"Email Notification": 5,
"Data Formatter": "FormatScript",
"Event Playbook": "TestPlaybook",
"MITRE TTP Search": true,
"Automation Rules": true,
"JSON Path For Site": "$.site",
"Global List For Site Mapping": "SiteMapping"
}
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": "Successful",
}