.png)
Get The Least Busy User
LAST UPDATED: AUG 08, 2024
Identifies the online user(s) with the lowest current workload based on specified criteria.
READER NOTE
Execute this command under an incident playbook with an incident. For testing scenarios, (when not using an incident playbook), you must input a valid incident number.
Implementation | System |
Command Category | Basic Utility |
Tags | USER |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
Online | Optional | Checks whether the users are online | Yes |
Least Incidents | Optional | Retrieves the user(s) with the smallest number of assigned incidents. | Yes |
Least Event | Optional | Retrieves the user(s) with the smallest number of assigned events. | Yes |
Least Pending Tasks | Optional | Retrieves the user(s) with the smallest number of assigned pending tasks. | Yes |
Randomize | Optional | Return a list containing only one randomly selected qualified user if the Randomize option is set to Yes. Otherwise, return a list containing all qualified users. | Yes |
Incident Number | Required | A unique number associated with an incident. If both a playbook is used and an incident number is provided, the command will use the specified incident number. The incident number serves to filter users who have access to the incident. | 20211126-4 |
READER NOTE
D3 recommends that users select only one of the following options at a time: Least Incidents, Least Event, or Least Pending Tasks. This is due to an overriding effect, where the last specified option will take precedence over the previous ones. For instance, if both Least Incidents and Least Event are selected, the result will reflect the Least Event option. If all three options are selected, only the Least Pending Tasks option will be applied.
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetTheLeastBusyUserHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Online": "<Online here>",
"Least Incidents": "<Least Incidents here>",
"Least Events": "<Least Events here>",
"Least Pending Tasks": "<Least Pending Tasks here>",
"Randomize": "<Randomizehere>",
"Incident Number": "<Incident Numberhere>",
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Online |
| Optional | Check if the users are online |
Least Incidents |
| Optional | Get users with least incidents |
Least Events |
| Optional | Get users with least events |
Least Pending Tasks |
| Optional | Get users with least pending tasks |
Randomize |
| Optional | If Randomize is Yes, return a list containing only one random qualified user. |
Incident Number |
| Required | A unique number associated with an incident. If both a playbook is used and an incident number is provided, the command will use the specified incident number. The incident number serves to filter users who have access to the incident. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Online": "Yes",
"Least Incidents": "Yes",
"Least Events": "Yes",
"Least Pending Tasks": "Yes",
"Randommize": "Yes",
"Incident Number": "20211126-4"
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error":"",
"returnData":"Successful",
"contextData":[
{
"ID": 1,
"Email": "test@d3security.com",
"User Name": "user, admin"
}
]
}