Dismiss Events

This command can only be executed within an event/incident playbook. It is a critical part of the event management workflow, allowing for systematic dismissal of events with appropriate logging, notification, and triggering of subsequent actions based on configurable parameters.

Reader Note

Please note that this command is only applicable within an event Playbook.

Implementation	System
Command Category	System Utility
Tags	EVENT EVENT MANAGEMENT

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Source Event ID	Optional	NOT AVAILABLE	`24345`
Relevant Event IDs	Optional	NOT AVAILABLE	`[` `24328,` `24327` `]`
Reason Code	Optional	NOT AVAILABLE	`2`
Dismissal Reason	Optinal	NOT AVAILABLE	`This is a false positive event`

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON

true

Context Data

The response data from the utility command.

SAMPLE DATA

JSON

{
    "dismissedEvents": [
        {
            "eventId": 24345,
            "eventGuid": "ba551e39-7707-eb11-843a-00155dd3e941",
            "type": "Source Event"
        },
        {
            "eventId": 24327,
            "eventGuid": "bdefe22c-7707-eb11-843a-00155dd3e941",
            "type": "Relevant Event"
        },
        {
            "eventId": 24328,
            "eventGuid": "beefe22c-7707-eb11-843a-00155dd3e941",
            "type": "Relevant Event"
        }
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE

https:/{base_url}/{api_namespace}/api/Command/DismissEvents

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Source Event ID": <Source Event ID here>,
    "Relevant Event IDs": [
      <Relevant Event ID 1 here>,
      <Relevant Event ID 2 here>
    ],
    "Reason Code": <Reason Code here>,
    "Dismissal Reason": <Dismissal Reason here>
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`String`	Required	The username of your D3 SOAR account.
Site	`String`	Required	The D3 SOAR site to run the remote command.
Source Event ID	`Number`	Optional	NOT AVAILABLE
Relevant Event IDs	`Number Array`	Optional	NOT AVAILABLE
Reason Code	`Number`	Optional	NOT AVAILABLE
Dismissal Reason	`Text`	Optional	NOT AVAILABLE

Sample Request

SAMPLE DATA

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Source Event ID": 24345,
    "Relevant Event IDs": [
      24328,
      24327
    ],
    "Reason Code": 2,
    "Dismissal Reason": "This is a false positive event"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`Text`	The error message if the API request has failed.
returnData	`Boolean`	The return data from the API request.
contextData	`JSON Object`	The context data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": "true",
    "contextData": {
        "dismissedEvents": [
            {
                "eventId": 24345,
                "eventGuid": "ba551e39-7707-eb11-843a-00155dd3e941",
                "type": "Source Event"
            },
            {
                "eventId": 24327,
                "eventGuid": "bdefe22c-7707-eb11-843a-00155dd3e941",
                "type": "Relevant Event"
            },
            {
                "eventId": 24328,
                "eventGuid": "beefe22c-7707-eb11-843a-00155dd3e941",
                "type": "Relevant Event"
            }
        ]
    }
}