Skip to main content
Skip table of contents

Get Incident Investigation Details

READER NOTE

Please note that this command is not publicly available. To request access, please contact D3 support.

Get incident investigation details.

Implementation

System

Command Category

System Utility

Tags

N/A

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Incident Numbers

Required

Identify which incidents to query the investigation data.

CODE
[
    "20240202-1",
    "20240202-2"
]

Investigation Section Names

Required

Identify which section on the investigation tab to query the data. Value(s) shall be chosen from "Summary", "Finding", "Remediations and Mitigations", or "Recommendations".

CODE
[
    "Summary",
    "Findings",
    "Remediations and Mitigations",
    "Recommendations"
]

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON
{
    "Status": "Successful",
    "Data": [
        {
            "IncidentNo": "20240202-1",
            "Summary": {
                "Content": "",
                "Data": {}
            },
            "Finding": [
                {
                    "Type": "",
                    "Content": "",
                    "Data": {}
                },
                {
                    "Type": "",
                    "Content": "",
                    "Data": {}
                }
            ],
            "Remediations and Mitigations": [
                {
                    "Content": "",
                    "Data": {}
                },
                {
                    "Content": "",
                    "Data": {}
                }
            ],
            "Recommendations": [
                {
                    "Content": "",
                    "Data": {}
                },
                {
                    "Content": "",
                    "Data": {}
                }
            ]
        },
        {
            "IncidentNo": "20240202-2",
            "Summary": {
                "Content": "",
                "Data": {}
            },
            "Finding": [
                {
                    "Type": "",
                    "Content": "",
                    "Data": {}
                },
                {
                    "Type": "",
                    "Content": "",
                    "Data": {}
                }
            ],
            "Remediations and Mitigations": [
                {
                    "Content": "",
                    "Data": {}
                },
                {
                    "Content": "",
                    "Data": {}
                }
            ],
            "Recommendations": [
                {
                    "Content": "",
                    "Data": {}
                },
                {
                    "Content": "",
                    "Data": {}
                }
            ]
        }
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE
https://{base_url}/{api_namespace}//api/Command/getIncidentInvestigationDetails

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON
{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Incident Numbers": "<Incident Numbers here>",
    "Investigation Section Names": "<Investigation Section Names here>"
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

String

Required

The username of your D3 SOAR account.

Site

String

Required

The D3 SOAR site to run the remote command.

Incident Numbers

Text Array

Required

Identify which incidents to query the investigation data.

Investigation Section Names

Text Array

Required

Identify which section on the investigation tab to query the data. Value(s) shall be chosen from "Summary", "Finding", "Remediations and Mitigations", or "Recommendations".

Sample Request

SAMPLE DATA

JSON
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Incident Numbers": [
      "20240202-1",
      "20240202-2"
    ],
    "Investigation Section Names": [
      "Summary",
      "Findings",
      "Remediations and Mitigations",
      "Recommendations"
    ]
  }
}

Response

Response Fields

Field Name

Type

Description

error

Text

The error message if the API request has failed.

returnData

JSON Object

The return data from the API request.

Sample Response

JSON
{
    "error": "",
    "returnData": {
    "Status": "Successful",
        "Data": [
            {
                "IncidentNo": "20240202-1",
                "Summary": {
                    "Content": "",
                    "Data": {}
                },
                "Finding": [
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Remediations and Mitigations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Recommendations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ]
            },
            {
                "IncidentNo": "20240202-2",
                "Summary": {
                    "Content": "",
                    "Data": {}
                },
                "Finding": [
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Type": "",
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Remediations and Mitigations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ],
                "Recommendations": [
                    {
                        "Content": "",
                        "Data": {}
                    },
                    {
                        "Content": "",
                        "Data": {}
                    }
                ]
            }
        ]
    }
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.