Skip to main content
Skip table of contents

Create Tenant Data Ingestion Schedule

Sync schedule to tenant instance.

Implementation

System

Command Category

System Utility

Tags

EVENT EVENT INGESTION

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Integration Name

Required

Integration name which needs create schedule

Test Integration Name

Data Ingestion Connection

Required

Connection to create data ingestion schedule

Test Connection Name

Is Fetch Incident Or Event

Required

Intake data type (event or incident)

Event Intake

Is Shared To Client Connection

Required

Specify if use shared client site. The default value is false.

False

Tenant Region

Required

Region of the tenant

AMER

Tenant Name

Required

Name of the tenant

Test Tenant

Tenant Site

Optional

Site of the tenant

Test Tenant Site

Schedule Interval

Optional

Set the interval minutes for the schedule

5

Event Playbook

Optional

Event playbook name

Event Playbook

Enable Email Notification

Optional

Enable send email notification if schedule failed

False

Max Attempts

Optional

The number of consecutive fetch failed to send email notification

5

Command Details

Optional

The details for command parameters

JSON 
{

    "Start Time": "2023-01-01 1:00:00",

    "End Time": "2023-01-02 3:00:00",

    "Top Recent Event Number": "5",

    "Search Condition": "search condition"

}

JSON Path For Site

Optional

JSON path for site

$.Site

Global List For Site Mapping

Optional

Global list for site mapping

Global list

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
Successful

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE 
https:/{base_url}/{api_namespace}/api/Command/CreateTenantDataIngestionSchedule

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON 
{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Integration Name": <Integration Name here>,
    "Data Ingestion Connection": <Data Ingestion Connection here>,
    "Is Fetch Incident Or Event": <Is Fetch Incident Or Event here>,
    "Is Shared To Client Connection": <Is Shared To Client Connection here>,
    "Tenant Region": <Tenant Region here>,
    "Tenant Name": <Tenant Name here>,
    "Tenant Site": <Tenant Site here>,
    "Schedule Interval": <Schedule Interval here>,
    "Event Playbook": <Event Playbook here>,
    "Enable Email Notification": <Enable Email Notification here>,
    "Max Attempts": <Max Attempts here>,
    "Command Details": {
      "Start Time": <Start Time here>,
      "End Time": <End Time here>,
      "Top Recent Event Number": <Top Recent Event Number here>,
      "Search Condition": <Search Condition here>
    },
    "JSON Path For Site": <JSON Path For Site here>,
    "Global List For Site Mapping": <Global List For Site Mapping here>
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

String

Required

The username of your D3 SOAR account.

Site

String

Required

The D3 SOAR site to run the remote command.

Integration Name

Text

Optional

Integration name which needs create schedule

Data Ingestion Connection

Text

Optional

Connection to create data ingestion schedule

Is Fetch Incident Or Event

Text

Required

Intake data type (event or incident)

Is Shared To Client Connection

Text

Required

Specify if use shared client site. The default value is false.

Tenant Region

Text

Required

Region of the tenant

Tenant Name

Text

Required

Name of the tenant

Tenant Site

Text

Required

Site of the tenant

Schedule Interval

Number

Required

Set the interval minutes for the schedule

Event Playbook

Text

Optional

Event playbook name

Enable Email Notification

Text

Optional

Enable send email notification if schedule failed

Max Attempts

Number

Optional

The number of consecutive fetch failed to send email notification

Command Details

JSON Object

Optional

The details for command parameters

JSON Path For Site

Text

Optional

JSON path for site

Global List For Site Mapping

Text

Optional

Global list for site mapping

Sample Request

SAMPLE DATA

JSON 
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Integration Name": "Test Integration Name",
    "Data Ingestion Connection": "Test Connection Name",
    "Is Fetch Incident Or Event": "Event Intake",
    "Is Shared To Client Connection": "False",
    "Tenant Region": "AMER",
    "Tenant Name": "Test Tenant",
    "Tenant Site": "Test Tenant Site",
    "Schedule Interval": 5,
    "Event Playbook": "Event Playbook",
    "Enable Email Notification": "False",
    "Max Attempts": 5,
    "Command Details": {
      "Start Time": "2023-01-01 1:00:00",
      "End Time": "2023-01-02 3:00:00",
      "Top Recent Event Number": "5",
      "Search Condition": "search condition"
    },
    "JSON Path For Site": "$.Site",
    "Global List For Site Mapping": "Global list"
  }
}

Response

Response Fields

Field Name

Type

Description

error

Text

The error message if the API request has failed.

returnData

Text

The return data from the API request.

Sample Response

JSON 
{
    "error": "",
    "returnData": "Successful"
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close