Skip to main content
Skip table of contents

Get Artifact State

LAST UPDATED: AUG 07, 2024

This command takes an array of artifact names and processes each artifact based on the specified type. The output includes detailed information for each artifact, such as its ID, name, state, and a description of its significance.

Implementation

System

Command Category

Cyber Utility

Tags

ARITIFACT

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Artifact Names

Required

The name of the artifacts

CODE
[

    "216.251.148.1",

    "xmr.pool.minergate.com"

]

Artifact Type

Required

The type of the artifact

External Endpoint

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON
Succeed
Context Data

The response data from the utility command.

SAMPLE DATA

JSON
{
    "states": [
        {
            "id": "e8c6dad1-0a1a-445c-8f6a-852636556da6",
            "name": "216.251.148.1",
            "state": "Block",
            "description": "Related to crypto currency mining, need to be blocked"
        },
        {
            "id": "d0d89585-363e-4eaf-8615-7fb1f92d633f",
            "name": "216.251.148.1",
            "state": "Block",
            "description": "Related to crypto currency mining, need to be blocked"
        },
        {
            "id": "bf284f29-3577-4fc3-b808-e8bde9895d6d",
            "name": "xmr.pool.minergate.com",
            "state": "Block",
            "description": "Related to crypto currency mining, need to be blocked"
        }
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE
https:/{base_url}/{api_namespace}/api/Command/GetArtifactState

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON
{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Artifact Names": <Artifact Names here>,
    "Artifact Type": <Artifact Type here>
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

string

Required

The username of your D3 SOAR account.

Site

string

Required

The D3 SOAR site to run the remote command.

Artifact Names

array<string>

Required

The name of the artifacts

Artifact Type

string

Required

The type of the artifact

Sample Request

SAMPLE DATA

JSON
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Artifact Names": [
      "216.251.148.1",
      "xmr.pool.minergate.com"
    ],
    "Artifact Type": "External Endpoint"
  }
}

Response

Response Fields

Field Name

Type

Description

error

string

The error message if the API request has failed.

returnData

string

The return data from the API request.

contextData

JSON Object

The context data from the API request.

Sample Response

JSON
{
    "error": "",
    "returnData": "Succeed",
    "contextData": {
      "states": [
          {
              "id": "e8c6dad1-0a1a-445c-8f6a-852636556da6",
              "name": "216.251.148.1",
              "state": "Block",
              "description": "Related to crypto currency mining, need to be blocked"
          },
          {
              "id": "d0d89585-363e-4eaf-8615-7fb1f92d633f",
              "name": "216.251.148.1",
              "state": "Block",
              "description": "Related to crypto currency mining, need to be blocked"
          },
          {
              "id": "bf284f29-3577-4fc3-b808-e8bde9895d6d",
              "name": "xmr.pool.minergate.com",
              "state": "Block",
              "description": "Related to crypto currency mining, need to be blocked"
          }
       ]
     }
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.