Skip to main content
Skip table of contents

Get Data Ingestion Schedules

READER NOTE

This utility command is for 16.8+, if you are in a lower version, you may encounter limitations in accessing this command. Kindly reach out to D3 for assistance in obtaining access if such a situation arises.

Get current running data ingestion schedules which includes schedule configuration, data ingestion command settings, event field mappings and incident field mappings.

Implementation

Python

Command Category

System Utility

Tags

N/A

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Integration Names

Optional

Integration names to filter data ingestion schedules

[ "Integration 1", "Integration 2" ]

Data Ingestion Types

Optional

Data ingestion types to filter data ingestion shedules. Options: Event Intake, Incident Intake.

[ "Event Intake", "Incident Intake" ]

Connection Names

Optional

Connection names to filter data ingestion schedules

[ "Connection 1", "Connection 2" ]

Site Names

Optional

Site names to filter data ingestion schedules

[ "Site 1", "Site 2" ]

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON
{
    "Status": "Successful",
    "Data": {
        "BasicInfo": [
            {
                "DataIngestionType": "Event Intake",
                "ConnectionId": *****
            }
        ],
        "DetailInfo": [
            {
                "IntegrationName": "IntegrationName",
                "Data IngestionType": "Event Intake",
                "ScheduledConnection": "ConnectionName1",
                "ConnectionId": *****,
                "Site": "SiteName1",
                "SiteId": *****,
                "ScheduleConfigurations": {
                    "Interval(Minutes)": 10,
                    "SendEmailNotification": 5,
                    "BufferTimeOfDataReacquire": 30,
                    "ToleranceScope(Minutes)": 20,
                    "EventPlaybook": "PlaybookName1",
                    "RunPlaybookSequentially": true,
                    "RunTTPSearch": true,
                    "RunEventAutomationRules": true
                },
                "CommandDetails": {
                    "StartTime": "2024-04-01 23:40:00",
                    "EndTime": "2024-04-02 01:00:00",
                    "queryTimeType": "updated",
                    "topN": "30",
                    "searchCondition": "{\"age\": 3}",
                    "toleranceScope": "40"
                },
                "EventFieldMappings": [
                    {
                        "EventSourceName": "Default Event Source",
                        "MainJsonPath": "$",
                        "Fields": [
                            {
                                "FieldType": "Built-in",
                                "FieldName": "Status",
                                "SystemName": "Status",
                                "SourceField": "$.fields.status.name",
                                "SourceType": "Text",
                                "ShowInIncidentSummary": false,
                                "LinkWithArtifact": true,
                                "ArtifactType": "ArtifactTypeName1",
                                "ArtifactRole": "ArtifactRoleName1"
                            }
                        ]
                    }
                ]
            }
        ]
    }
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE
https://{base_url}/{api_namespace}/api/Command/getDataIngestionSchedules

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON
{
    "Username": "<Username here>",
    "Site": "<Site here>",
    "CommandParams": {
        "Integration Names": "<Integration Names here>",
        "Data Ingestion Types": "<Data Ingestion Types here>",
        "Connection Names": "<Connection Names here>",
        "Site Names": "<Site Names here>"
    }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

Text

Required

The username of your D3 SOAR account.

Site

Text

Required

The D3 SOAR site to run the remote command.

Integration Names

Text Array

Optional

Integration names to filter data ingestion schedules

Data Ingestion Types

Text Array

Optional

Data ingestion types to filter data ingestion shedules. Options: Event Intake, Incident Intake.

Connection Names

Text Array

Optional

Connection names to filter data ingestion schedules

Site Names

Text Array

Optional

Site names to filter data ingestion schedules

Sample Request

SAMPLE DATA

JSON
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Integration Names": [
      "Integration 1",
      "Integration 2"
    ],
    "Data Ingestion Types": [
      "Event Intake",
      "Incident Intake"
    ],
    "Connection Names": [
      "Connection 1",
      "Connection 2"
    ],
    "Site Names": [
      "Site 1",
      "Site 2"
    ]
  }
}

Response

Response Fields

Field Name

Type

Description

error

Text

The error message if the API request has failed.

returnData

Text

The return data from the API request.

Sample Response

JSON
{
    "error": "",
    "returnData": {
        "Status": "Successful",
        "Data": {
            "BasicInfo": [
                {
                    "DataIngestionType": "Event Intake",
                    "ConnectionId": "*****"
                }
            ],
            "DetailInfo": [
                {
                    "IntegrationName": "IntegrationName",
                    "Data IngestionType": "Event Intake",
                    "ScheduledConnection": "ConnectionName1",
                    "ConnectionId": "*****",
                    "Site": "SiteName1",
                    "SiteId": "*****",
                    "ScheduleConfigurations": {
                        "Interval(Minutes)": 10,
                        "SendEmailNotification": 5,
                        "BufferTimeOfDataReacquire": 30,
                        "ToleranceScope(Minutes)": 20,
                        "EventPlaybook": "PlaybookName1",
                        "RunPlaybookSequentially": true,
                        "RunTTPSearch": true,
                        "RunEventAutomationRules": true
                    },
                    "CommandDetails": {
                        "StartTime": "2024-04-01 23:40:00",
                        "EndTime": "2024-04-02 01:00:00",
                        "queryTimeType": "updated",
                        "topN": "30",
                        "searchCondition": "{\"age\": 3}",
                        "toleranceScope": "40"
                    },
                    "EventFieldMappings": [
                        {
                            "EventSourceName": "Default Event Source",
                            "MainJsonPath": "$",
                            "Fields": [
                                {
                                    "FieldType": "Built-in",
                                    "FieldName": "Status",
                                    "SystemName": "Status",
                                    "SourceField": "$.fields.status.name",
                                    "SourceType": "Text",
                                    "ShowInIncidentSummary": false,
                                    "LinkWithArtifact": true,
                                    "ArtifactType": "ArtifactTypeName1",
                                    "ArtifactRole": "ArtifactRoleName1"
                                }
                            ]
                        }
                    ]
                }
            ]
        }
    }
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.