Get The Least Busy User

Identifies the user with the lowest current workload based on specified criteria.

Implementation	System
Command Category	Basic Utility
Tags	USER

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Online	Optional	Check if the users are online	`Yes`
Least Incidents	Optional	Get users with least incidents	`Yes`
Least Event	Optional	Get users with least events	`Yes`
Least Pending Tasks	Optional	Get users with least pending tasks	`Yes`
Randomize	Optional	If Randomize is Yes, return a list containing only one random qualified user.	`Yes`
Incident Number	Optional	If command not runs under a Playbook, incident number input is required. If command runs under a Playbook, then incident number is optional. If command runs under a Playbook and incident number input provided, then command will use inputted incident case number. Incident number filters users whom has access to the incident.	`20211126-4`

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON

Successful

Context Data

The response data from the utility command.

SAMPLE DATA

JSON

[
    {
        "ID": 1,
        "Email": "test@d3security.com",
        "User Name": "user, admin"
    }
]

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE

https:/{base_url}/{api_namespace}/api/Command/GetTheLeastBusyUser

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Online": "<Online here>",
    "Least Incidents": "<Least Incidents here>",
    "Least Events": "<Least Events here>",
    "Least Pending Tasks": "<Least Pending Tasks here>",
    "Randomize": "<Randomizehere>",
    "Incident Number": "<Incident Numberhere>",
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`Text`	Required	The username of your D3 SOAR account.
Site	`Text`	Required	The D3 SOAR site to run the remote command.
Online	`Boolean`	Optional	Check if the users are online
Least Incidents	`Boolean`	Optional	Get users with least incidents
Least Events	`Boolean`	Optional	Get users with least events
Least Pending Tasks	`Boolean`	Optional	Get users with least pending tasks
Randomize	`Boolean`	Optional	If Randomize is Yes, return a list containing only one random qualified user.
Incident Number	`Text`	Optional	If command not runs under a Playbook, incident number input is required. If command runs under a Playbook, then incident number is optional. If command runs under a Playbook and incident number input provided, then command will use inputted incident case number. Incident number filters users whom has access to the incident.

Sample Request

SAMPLE DATA

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Online": "Yes",
    "Least Incidents": "Yes",
    "Least Events": "Yes",
    "Least Pending Tasks": "Yes",
    "Randommize": "Yes",
    "Incident Number": "20211126-4"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`text`	The error message if the API request has failed.
returnData	`text`	The return data from the API request.
contextData	`JSON Array`	The context data from the API request.

Sample Response

JSON

{
    "error":"",
    "returnData":"Successful",
    "contextData":[
        {
            "ID": 1,
            "Email": "test@d3security.com",
            "User Name": "user, admin"
        }
    ]
}