Close Incidents in Bulk
LAST UPDATED: FEB 27, 2024
Close multiple incidents that are given by input incident numbers.
Implementation | System |
Command Category | System Utility |
Tags | INCIDENT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Incident Numbers | Required | The array of incident numbers of incidents that are to be closed. |
CODE
|
Bypass Required Pending Tasks | Required | The option of whether or not to close incidents even there still are required pending tasks. |
|
Bypass All Required Fields | Optional | The option of whether or not to close incidents even required fields are not filled. |
|
Username | Required | The username of user that close the incidents. This username will be used only when the task is run automatically. |
|
Conclusion | Optional | Append the conclusion note to the original conclusion. |
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/CloseIncidentInBulk
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Incident Numbers": "<Incident Numbers here>",
"Bypass Required Pending Tasks": "<Bypass Required Pending Tasks here>",
"Bypass All Required Fields": "<Bypass All Required Fields here>",
"Username": "<Username here>",
"Conclusion": "<Conclusion here>"
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Incident Numbers |
| Required | The array of incident numbers of incidents that are to be closed. |
Bypass Required Pending Tasks |
| Required | The option of whether or not to close incidents even there still are required pending tasks. |
Bypass All Required Fields |
| Optional | The option of whether or not to close incidents even required fields are not filled. |
Username |
| Required | The username of user that close the incidents. This username will be used only when the task is run automatically. |
Conclusion |
| Optional | Append the conclusion note to the original conclusion. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Incident Numbers": [
"20210127-198",
"20210127-197"
],
"Bypass Required Pending Tasks": "Yes",
"Bypass All Required Fields": "Yes",
"Username": "admin user",
"Conclusion": "The incident was closed in bulk."
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
rawData |
| The raw data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error": "",
"returnData": "Successful",
"contextData": "[
{
"Incident Number": "20210127-198",
"Status": "Closed",
"Close Date": "01/27/2021 06:08 AM PST",
"Result": "Successful",
"Closed By": "admin user"
},
{
"Incident Number": "20210127-197",
"Status": "Closed",
"Close Date": "01/27/2021 06:08 AM PST",
"Result": "Successful",
"Closed By": "admin user"
}
]"
}