Clone And Schedule Data Ingestions
LAST UPDATED: AUG 19, 2024
Clones a new schedule from current schedule connection to new schedule connection within the integration. If the current schedule connection is empty, then create a new schedule in the new schedule connection within the integration.
Implementation | System |
Command Category | System Utility |
Tags | INTEGRATION |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Integration Name | Required | The name of the integration. | Test Integration Name |
Is Fetch Incident Or Fetch Event | Required | The type of data intake. The options are:
| Event Intake |
Current Schedule Connection | Optional | The current schedule connection. Creates a new schedule if left empty. | All Sites |
New Schedule Connection | Required | The new schedule connection. | Security Operations - testconnection |
Command Details | Optional | The parameters of the fetch incident or fetch events. When creating a new schedule in a non-custom integration, this parameter should include all details to define the schedule. When cloning a schedule, any missing parameters will be automatically populated from the source schedule. |
CODE
|
Schedule Configuration | Optional | The configuration of a schedule. Missing schedule configuration fields will default to a preset value when creating a new schedule. |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/CloneAndScheduleDataIngestions
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Integration Name": <Integration Name here>,
"Is Fetch Incident Or Fetch Event": <Fetch Incident Or Fetch Event here>,
"Current Schedule Connection": <Current Schedule Connection here>,
"New Schedule Connection": <New Schedule Connection here>,
"Command Details": <Command Details here>,
"Schedule Configurations": <Schedule Configurations here>
}
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Integration Name |
| Required | The name of the integration. |
Is Fetch Incident Or Fetch Event |
| Required | The type of data intake. The options are:
|
Current Schedule Connection |
| Optional | The current schedule connection. Creates a new schedule if left empty. |
New Schedule Connection |
| Required | The new schedule connection. |
Command Details |
| Optional | The parameters of the fetch incident or fetch events. When creating a new schedule in a non-custom integration, this parameter should include all details to define the schedule. When cloning a schedule, any missing parameters will be automatically populated from the source schedule. |
Schedule Configuration |
| Optional | The configuration of a schedule. Missing schedule configuration fields will default to a preset value when creating a new schedule. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Integration Name": "Test Integration Name",
"Is Fetch Incident Or Fetch Event": "Event Intake",
"Current Schedule Connection": "All Sites",
"New Schedule Connection": "Security Operations - testconnection",
"Command Details": {
"Start Time": "2023-01-01 1:00:00",
"End Time": "2023-01-02 3:00:00",
"Top Recent Event Number": "5",
"Search Condition": "search condition"
},
"Schedule Configurations": {
"Interval": 1,
"Tolerance Scope": 15,
"Email Notification": 5,
"Data Formatter": "FormatScript",
"Event Playbook": "TestPlaybook",
"MITRE TTP Search": true,
"Automation Rules": true,
"JSON Path For Site": "$.site",
"Global List For Site Mapping": "SiteMapping"
}
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": "Successful",
}