Skip to main content
Skip table of contents

Get Related Incidents by Artifact

Get Related Incident's Information.

Implementation

System

Command Category

Basic Utility

Tags

INCIDENT INCIDENT MANAGEMENT

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Artifact Type

Required

Artifact type to be filtered by.

Internal Endpoint

Artifact Name(s)

Required

An array of artifact name(s) to be filtered by. The artifact in the array should match the artifact type specified in the above input.

CODE 
[
    "192.168.1.123",
    "D3CYBER-DC"
]

Search Within Last Number of Days

Required

The day range relative to the incident's created date (UTC). For example, incidents created in the last 90 days.

90

Maximum Number of Results

Required

The maximum number of incidents to be returned.

10

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
[
    {
        "Status": "Successful",
        "Data": [
            {
                "Creator": "admin user",
                "CreatorID": 1,
                "Description": "Description",
                "ID": 1,
                "IncidentNo": "20221203-1",
                "IncidentTypeID": 1,
                "IncidentTypeName": "Playbook - Phishing",
                "Owner": "admin user",
                "OwnerID": 1,
                "OwnerSite": "Site",
                "OwnerSiteID": 95,
                "ReportingDate": "2022-12-03T02:20:05Z",
                "ReportingUtcDate": "2022-12-02T18:20:05Z",
                "SeverityID": 5,
                "SeverityName": "Critical",
                "Status": "Closed",
                "StatusID": 3,
                "TimeZone": "China Standard Time",
                "Title": "Title"
            }
        ]
    }
]

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE 
https:/{base_url}/{api_namespace}/api/Command/GetRelatedIncidentsByArtifact

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON 
{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Artifact Type": "<Artifact Type here>",
    "Artifact Name(s)": "<Artifact Name(s) here>,
    "Search Within Last Number of Days": "<Search Within Last Number of Days here>",
    "Maximum Number of Results": "<Maximum Number of Results here>"
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

String

Required

The username of your D3 SOAR account.

Site

String

Required

The D3 SOAR site to run the remote command.

Artifact Type

Number

Required

Artifact type to be filtered by.

Artifact Name(s)

Text Array

Required

An array of artifact name(s) to be filtered by. The artifact in the array should match the artifact type specified in the above input.

Search Within Last Number of Days

Number

Required

The day range relative to the incident's created date (UTC). For example, incidents created in the last 90 days.

Maximum Number of Results

Number

Required

The maximum number of incidents to be returned.

Sample Request

SAMPLE DATA

JSON 
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Artifact Type": "Internal Endpoint",
    "Artifact Name(s)": [
      "192.168.1.123",
      "D3CYBER-DC"
    ],
    "Search Within Last Number of Days": 90,
    "Maximum Number of Results": 10
  }
}

Response

Response Fields

Field Name

Type

Description

error

String

The error message if the API request has failed.

returnData

JSON Array

The return data from the API request.

Sample Response

JSON 
{
    "error": "",
    "returnData": [
      {
          "Status": "Successful",
          "Data": [
              {
                  "Creator": "admin user",
                  "CreatorID": 1,
                  "Description": "Description",
                  "ID": 1,
                  "IncidentNo": "20221203-1",
                  "IncidentTypeID": 1,
                  "IncidentTypeName": "Playbook - Phishing",
                  "Owner": "admin user",
                  "OwnerID": 1,
                  "OwnerSite": "Site",
                  "OwnerSiteID": 95,
                  "ReportingDate": "2022-12-03T02:20:05Z",
                  "ReportingUtcDate": "2022-12-02T18:20:05Z",
                  "SeverityID": 5,
                  "SeverityName": "Critical",
                  "Status": "Closed",
                  "StatusID": 3,
                  "TimeZone": "China Standard Time",
                  "Title": "Title"
              }
          ]
      }
    ]
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close