.png)
Get Related Incidents by Artifact
LAST UPDATED: SEPT 04, 2024
Retrieves related incidents' information.
Implementation | System |
Command Category | Basic Utility |
Tags | INCIDENT INCIDENT MANAGEMENT |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
Artifact Type | Required | The type of artifact to filter by. | Internal Endpoint |
Artifact Name(s) | Required | An array of artifact names to filter by. The artifact in the array should correspond to the artifact type specified in the input above. |
CODE
|
Search Within Last Number of Days | Required | The time frame, in days, before today (using UTC time), within which incidents were created and will be included in the search. | 90 |
Maximum Number of Results | Required | The upper limit on the number of incidents to be returned. | 10 |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetRelatedIncidentsByArtifactHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Artifact Type": "<Artifact Type here>",
"Artifact Name(s)": "<Artifact Name(s) here>,
"Search Within Last Number of Days": "<Search Within Last Number of Days here>",
"Maximum Number of Results": "<Maximum Number of Results here>"
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Artifact Type |
| Required | The type of artifact to filter by. |
Artifact Name(s) |
| Required | An array of artifact names to filter by. The artifact in the array should correspond to the artifact type specified in the input above. |
Search Within Last Number of Days |
| Required | The time frame, in days, before today (using UTC time), within which incidents were created and will be included in the search. |
Maximum Number of Results |
| Required | The upper limit on the number of incidents to be returned. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Artifact Type": "Internal Endpoint",
"Artifact Name(s)": [
"192.168.1.123",
"D3CYBER-DC"
],
"Search Within Last Number of Days": 90,
"Maximum Number of Results": 10
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
Sample Response
{
"error": "",
"returnData": [
{
"Status": "Successful",
"Data": [
{
"Creator": "admin user",
"CreatorID": 1,
"Description": "Description",
"ID": 1,
"IncidentNo": "20221203-1",
"IncidentTypeID": 1,
"IncidentTypeName": "Playbook - Phishing",
"Owner": "admin user",
"OwnerID": 1,
"OwnerSite": "Site",
"OwnerSiteID": 95,
"ReportingDate": "2022-12-03T02:20:05Z",
"ReportingUtcDate": "2022-12-02T18:20:05Z",
"SeverityID": 5,
"SeverityName": "Critical",
"Status": "Closed",
"StatusID": 3,
"TimeZone": "China Standard Time",
"Title": "Title"
}
]
}
]
}