Get incident investigation details
READER NOTE
This utility command is for 16.8+, if you are in a lower version, you may encounter limitations in accessing this command. Kindly reach out to D3 for assistance in obtaining access if such a situation arises.
Get incident investigation details.
Implementation | Python |
Command Category | System Utility |
Tags | N/A |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
Incident Numbers | Required | Identify which incidents to query the investigation data |
|
Investigation Section Names | Required | Identify which section on the investigation tab to query the data. Value(s) shall be chosen from "Summary", "Finding", "Remediations and Mitigations", or "Recommendations" |
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https://{base_url}/{api_namespace}/api/Command/getIncidentInvestigationDetailsHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Incident Numbers": <Incident Numbers here>,
"Investigation Section Names": <Investigation Section Names here>,
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Incident Numbers |
| Required | Identify which incidents to query the investigation data |
Investigation Section Names |
| Required | Identify which section on the investigation tab to query the data. Value(s) shall be chosen from "Summary", "Finding", "Remediations and Mitigations", or "Recommendations" |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Incident Numbers": [
"20240202-1",
"20240202-2"
],
"Investigation Section Names": [
"Summary",
"Findings",
"Remediations and Mitigations",
"Recommendations"
]
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": {
"Status": "Successful",
"Data": [
{
"IncidentNo": "20240202-1",
"Summary": {
"Content": "",
"Data": {}
},
"Finding": [
{
"Type": "",
"Content": "",
"Data": {}
},
{
"Type": "",
"Content": "",
"Data": {}
}
],
"Remediations and Mitigations": [
{
"Content": "",
"Data": {}
},
{
"Content": "",
"Data": {}
}
],
"Recommendations": [
{
"Content": "",
"Data": {}
},
{
"Content": "",
"Data": {}
}
]
},
{
"IncidentNo": "20240202-2",
"Summary": {
"Content": "",
"Data": {}
},
"Finding": [
{
"Type": "",
"Content": "",
"Data": {}
},
{
"Type": "",
"Content": "",
"Data": {}
}
],
"Remediations and Mitigations": [
{
"Content": "",
"Data": {}
},
{
"Content": "",
"Data": {}
}
],
"Recommendations": [
{
"Content": "",
"Data": {}
},
{
"Content": "",
"Data": {}
}
]
}
]
}
}