Dismiss Events
This command can only be executed within an event/incident playbook. It is a critical part of the event management workflow, allowing for systematic dismissal of events with appropriate logging, notification, and triggering of subsequent actions based on configurable parameters.
Reader Note
Please note that this command is only applicable within an event Playbook.
Implementation | System |
Command Category | System Utility |
Tags | EVENT EVENT MANAGEMENT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Source Event ID | Optional | NOT AVAILABLE |
|
Relevant Event IDs | Optional | NOT AVAILABLE |
|
Reason Code | Optional | NOT AVAILABLE |
|
Dismissal Reason | Optinal | NOT AVAILABLE |
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/DismissEvents
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Source Event ID": <Source Event ID here>,
"Relevant Event IDs": [
<Relevant Event ID 1 here>,
<Relevant Event ID 2 here>
],
"Reason Code": <Reason Code here>,
"Dismissal Reason": <Dismissal Reason here>
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Source Event ID |
| Optional | NOT AVAILABLE |
Relevant Event IDs |
| Optional | NOT AVAILABLE |
Reason Code |
| Optional | NOT AVAILABLE |
Dismissal Reason |
| Optional | NOT AVAILABLE |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Source Event ID": 24345,
"Relevant Event IDs": [
24328,
24327
],
"Reason Code": 2,
"Dismissal Reason": "This is a false positive event"
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error": "",
"returnData": "true",
"contextData": {
"dismissedEvents": [
{
"eventId": 24345,
"eventGuid": "ba551e39-7707-eb11-843a-00155dd3e941",
"type": "Source Event"
},
{
"eventId": 24327,
"eventGuid": "bdefe22c-7707-eb11-843a-00155dd3e941",
"type": "Relevant Event"
},
{
"eventId": 24328,
"eventGuid": "beefe22c-7707-eb11-843a-00155dd3e941",
"type": "Relevant Event"
}
]
}
}