Skip to main content
Skip table of contents

Clone And Schedule Data Ingestions

Clone a new schedule from current schedule connection to new schedule connection within the integration. If the current schedule connection is empty, then create a new schedule in the new schedule connection within the integration.

Implementation

System

Command Category

System Utility

Tags

INTEGRATION

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Integration Name

Required

Integration Name

Test Integration Name

Is Fetch Incident Or Fetch Event

Required

Intake data type (event or incident)

Event Intake

Current Schedule Connection

Optional

Current Schedule Connection (if current schedule connection is empty, then it will create a new schedule)

All Sites

New Schedule Connection

Required

New Schedule Connection

Security Operations - testconnection

Command Details

Optional

The parameters of the fetch incident or fetch events. (When creating a new schedule in a non-custom integration, this parameter should include all necessary details to define the schedule. When cloning a schedule, missing parameters will be automatically populated from the source schedule)

CODE 
{
    "Start Time": "2023-01-01 1:00:00",
    "End Time": "2023-01-02 3:00:00",
    "Top Recent Event Number": "5",
    "Search Condition": "search condition"
}

Schedule Configuration

Optional

The configuration of a schedule, such as the interval, etc., will default to a preset value if a schedule configuration field is missing when creating a new schedule.

CODE 
{
    "Interval": 1,
    "Tolerance Scope": 15,
    "Email Notification": 5,
    "Data Formatter": "FormatScript",
    "Event Playbook": "TestPlaybook",
    "MITRE TTP Search": true,
    "Automation Rules": true,
    "JSON Path For Site": "$.site",
    "Global List For Site Mapping": "SiteMapping"
}

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
Successful

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE 
https:/{base_url}/{api_namespace}/api/Command/CloneAndScheduleDataIngestions

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON 
{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Integration Name": <Integration Name here>,
    "Is Fetch Incident Or Fetch Event": <Fetch Incident Or Fetch Event here>,
    "Current Schedule Connection": <Current Schedule Connection here>,
    "New Schedule Connection": <New Schedule Connection here>,
    "Command Details": <Command Details here>,
    "Schedule Configurations": <Schedule Configurations here>
   }
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

Text

Required

The username of your D3 SOAR account.

Site

Text

Required

The D3 SOAR site to run the remote command.

Integration Name

Text

Required

Integration Name

Is Fetch Incident Or Fetch Event

Text

Required

Intake data type (Event or Incident)

Current Schedule Connection

Text

Optional

Current Schedule Connection (if current schedule connection is empty, then it will create a new schedule)

New Schedule Connection

Text

Required

New Schedule Connection

Command Details

JSON Object

Optional

The parameters of the fetch incident or fetch events. (When creating a new schedule in a non-custom integration, this parameter should include all necessary details to define the schedule. When cloning a schedule, missing parameters will be automatically populated from the source schedule)

Schedule Configuration

JSON Object

Optional

The configuration of a schedule, such as the interval, etc., will default to a preset value if a schedule configuration field is missing when creating a new schedule.

Sample Request

SAMPLE DATA

JSON 
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Integration Name": "Test Integration Name",
    "Is Fetch Incident Or Fetch Event": "Event Intake",
    "Current Schedule Connection": "All Sites",
    "New Schedule Connection": "Security Operations - testconnection",
    "Command Details": {
      "Start Time": "2023-01-01 1:00:00",
      "End Time": "2023-01-02 3:00:00",
      "Top Recent Event Number": "5",
      "Search Condition": "search condition"
    },
    "Schedule Configurations": {
      "Interval": 1,
      "Tolerance Scope": 15,
      "Email Notification": 5,
      "Data Formatter": "FormatScript",
      "Event Playbook": "TestPlaybook",
      "MITRE TTP Search": true,
      "Automation Rules": true,
      "JSON Path For Site": "$.site",
      "Global List For Site Mapping": "SiteMapping"
    }
  }
}

Response

Response Fields

Field Name

Type

Description

error

Text

The error message if the API request has failed.

returnData

Text

The return data from the API request.

Sample Response

JSON 
{
    "error": "",
    "returnData": "Successful",
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close