Create a Case
Add Incident Tags to the current incident.
Implementation | System |
Command Category | System Utility |
Tags | CASE |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
Time Zone | Required | The Time Zone of the case created. |
|
Case Status | Required | The desired status to which the case |
|
Incident Date | Optional | The date on which the incident occurred. |
|
Reported Date | Required | The date on which the case was reported. |
|
Owner Site | Required | The site where the case was reported. |
|
Case Type | Optional | The type of the case. |
|
Priority | Optional | The Priority of the case. |
|
Investigator | Optional | The name of the owners. |
|
Description | Optional | The Description of the case. |
|
Title | Optional | The title of the case. |
|
Access Level | Optional | The Access Level of the case. |
|
User Name | Required | The User Name of the user create the case. |
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/createCaseHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Time Zone": "<Time Zonehere>",
"Case Status": "<Case Status here>",
"Incident Date": "<Incident Date here>",
"Reported Date": "<Reported Date here>",
"Owner Site": "<Owner Site here>",
"Case Type": "<Case Type here>",
"Priority": "<Priority here>",
"Invesitagtor": "<Invesitagtor here>",
"Description": "<Description here>",
"Title": "<Title here>",
"Access Level": "<Access Level here>",
"User Name": "<User Name here>"
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Time Zone |
| Required | The Time Zone of the case created. |
Case Status |
| Required | The desired status to which the case |
Incident Date |
| Optional | The date on which the incident occurred. |
Reported Date |
| Required | The date on which the case was reported. |
Owner Site |
| Required | The site where the case was reported. |
Case Type |
| Optional | The type of the case. |
Priority |
| Optional | The Priority of the case. |
Investigator |
| Optional | The name of the owners. |
Description |
| Optional | Here is the description of the case created |
Title |
| Optional | The title of the case. |
Access Level |
| Optional | The Access Level of the case. |
User Name |
| Required | The User Name of the user create the case. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Time Zone": "PST",
"Case Status": "Active",
"Incident Date": "02/16/2021 00:00",
"Reported Date": "02/16/2021 00:00",
"Owner Site": "Corporate Security",
"Case Type": "IT Forensic",
"Priority": "Level 1",
"Invesitagtor": "James",
"Description": "Here is the description of the case created",
"Title": "Case Title",
"Access Level": 5,
"User Name": "SecurityAdmin"
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
rawData |
| The raw data from the API request. |
Sample Response
{
"error":"",
"returnData":"Successful",
"rawData":"{
"CaseNumber": "20230130-156"
}",
"contextData":"",
"outputData":""
}