Get Users by Site

LAST UPDATED: AUG 08, 2024

Retrieves users associated with a particular site.

Implementation	System
Command Category	Cyber Utility
Tags	`User`

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Site Name	Required	The site of the queried user.	Security Operations
Online	Required	Only show online users	Yes

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

CODE

[
    {
        "userID": 3,
        "userName": "demoUserName",
        "firstName": "demoFirstName",
        "lastName": "demoLastName",
        "fullName": "demoFullName",
        "timezone": "Pacific Standard Time",
        "timezoneId": 5,
        "roleDescription": "System Administrator",
        "email": "demoUserName@d3security.com",
        "phone": "6041234567",
        "role": "admin"
    },
    {
        "userID": 8,
        "userName": "demoUserName2",
        "firstName": "demoFirstName2",
        "lastName": "demoLastName2",
        "fullName": "demoFullName2",
        "timezone": "Pacific Standard Time",
        "timezoneId": 5,
        "roleDescription": "",
        "email": "demoUserName2@d3security.com",
        "phone": "6047654321",
        "role": "2factor_Role"
    }
]

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE

https:/{base_url}/{api_namespace}/api/Command/GetUsersBySite

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Site Name": <SiteName here>,
    "Online": <Online here>,
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`string`	Required	The username of your D3 SOAR account.
Site	`string`	Required	The D3 SOAR site to run the remote command.
Site Name	`string`	Required	The site of the queried user.
Online	`boolean`	Required	Only Show Online Users

Sample Request

SAMPLE DATA

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Site Name": "Security Operations",
    "Online": "Yes"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`string`	The error message if the API request has failed.
returnData	`array<JSON Object>`	The return data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": [
        {
            "userID": 3,
            "userName": "demoUserName",
            "firstName": "demoFirstName",
            "lastName": "demoLastName",
            "fullName": "demoFullName",
            "timezone": "Pacific Standard Time",
            "timezoneId": 5,
            "roleDescription": "System Administrator",
            "email": "demoUserName@d3security.com",
            "phone": "6041234567",
            "role": "admin"
        },
        {
            "userID": 8,
            "userName": "demoUserName2",
            "firstName": "demoFirstName2",
            "lastName": "demoLastName2",
            "fullName": "demoFullName2",
            "timezone": "Pacific Standard Time",
            "timezoneId": 5,
            "roleDescription": "",
            "email": "demoUserName2@d3security.com",
            "phone": "6047654321",
            "role": "2factor_Role"
        }
    ]
}