Get Artifact State
LAST UPDATED: AUG 07, 2024
This command takes an array of artifact names and processes each artifact based on the specified type. The output includes detailed information for each artifact, such as its ID, name, state, and a description of its significance.
Implementation | System |
Command Category | Cyber Utility |
Tags | ARITIFACT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Artifact Names | Required | The name of the artifacts |
CODE
|
Artifact Type | Required | The type of the artifact | External Endpoint |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetArtifactState
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Artifact Names": <Artifact Names here>,
"Artifact Type": <Artifact Type here>
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Artifact Names |
| Required | The name of the artifacts |
Artifact Type |
| Required | The type of the artifact |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Artifact Names": [
"216.251.148.1",
"xmr.pool.minergate.com"
],
"Artifact Type": "External Endpoint"
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error": "",
"returnData": "Succeed",
"contextData": {
"states": [
{
"id": "e8c6dad1-0a1a-445c-8f6a-852636556da6",
"name": "216.251.148.1",
"state": "Block",
"description": "Related to crypto currency mining, need to be blocked"
},
{
"id": "d0d89585-363e-4eaf-8615-7fb1f92d633f",
"name": "216.251.148.1",
"state": "Block",
"description": "Related to crypto currency mining, need to be blocked"
},
{
"id": "bf284f29-3577-4fc3-b808-e8bde9895d6d",
"name": "xmr.pool.minergate.com",
"state": "Block",
"description": "Related to crypto currency mining, need to be blocked"
}
]
}
}