.png)
Get Data Ingestion Schedules
LAST UPDATED: SEPT 18, 2024
Retrieves information regarding the currently running data ingestion schedules, including schedule and command configurations, as well as event or incident field mappings.
READER NOTE
This utility command is targeted for versions 16.8 and above. If you are in a lower version, you may experience limitations in accessing this command. Please contact D3 for assistance in obtaining access if needed.
Implementation | Python |
Command Category | System Utility |
Tags | DATA INGESTION EVENT INCIENT SCHEDULE |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
Integration Names | Optional | The names of integrations used to filter data ingestion schedules. |
CODE
|
Data Ingestion Types | Optional | The types of data ingestion used to filter data ingestion schedules. The options include:
|
CODE
|
Connection Names | Optional | The names of connections used to filter data ingestion schedules. |
CODE
|
Site Names | Optional | The names of sites used to filter data ingestion schedules. |
CODE
|
READER NOTE
If no input is provided, all currently running data ingestion schedules, including both event and incident schedules, will be returned.
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https://{base_url}/{api_namespace}/api/Command/getDataIngestionSchedulesHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Integration Names": "<Integration Names here>",
"Data Ingestion Types": "<Data Ingestion Types here>",
"Connection Names": "<Connection Names here>",
"Site Names": "<Site Names here>"
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Integration Names |
| Optional | The names of integrations used to filter data ingestion schedules. |
Data Ingestion Types |
| Optional | The types of data ingestion used to filter data ingestion schedules. The options include:
|
Connection Names |
| Optional | The names of connections used to filter data ingestion schedules. |
Site Names |
| Optional | The names of sites used to filter data ingestion schedules. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Integration Names": [
"Integration 1",
"Integration 2"
],
"Data Ingestion Types": [
"Event Intake",
"Incident Intake"
],
"Connection Names": [
"Connection 1",
"Connection 2"
],
"Site Names": [
"Site 1",
"Site 2"
]
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": {
"Status": "Successful",
"Data": {
"BasicInfo": [
{
"DataIngestionType": "Event Intake",
"ConnectionId": "*****"
}
],
"DetailInfo": [
{
"IntegrationName": "IntegrationName",
"Data IngestionType": "Event Intake",
"ScheduledConnection": "ConnectionName1",
"ConnectionId": "*****",
"Site": "SiteName1",
"SiteId": "*****",
"ScheduleConfigurations": {
"Interval(Minutes)": 10,
"SendEmailNotification": 5,
"BufferTimeOfDataReacquire": 30,
"ToleranceScope(Minutes)": 20,
"EventPlaybook": "PlaybookName1",
"RunPlaybookSequentially": true,
"RunTTPSearch": true,
"RunEventAutomationRules": true
},
"CommandDetails": {
"StartTime": "2024-04-01 23:40:00",
"EndTime": "2024-04-02 01:00:00",
"queryTimeType": "updated",
"topN": "30",
"searchCondition": "{\"age\": 3}",
"toleranceScope": "40"
},
"EventFieldMappings": [
{
"EventSourceName": "Default Event Source",
"MainJsonPath": "$",
"Fields": [
{
"FieldType": "Built-in",
"FieldName": "Status",
"SystemName": "Status",
"SourceField": "$.fields.status.name",
"SourceType": "Text",
"ShowInIncidentSummary": false,
"LinkWithArtifact": true,
"ArtifactType": "ArtifactTypeName1",
"ArtifactRole": "ArtifactRoleName1"
}
]
}
]
}
]
}
}
}