Skip to main content
Skip table of contents

Introduction to Utility Commands

LAST UPDATED: AUG 01, 2024

Utility Commands are used to manipulate system data. While only a portion is currently documented, we are passionately dedicated to expanding this through our ongoing efforts. D3 offers hundreds of built-in utility commands designed to automate data manipulation, enrichment, and various system actions. These built-in utility commands are immediately available for use and cannot be modified.

Conversely, users have the ability to create and customize their own utility commands, allowing for greater control data processing and utility functions. The Utility Commands module features an editor interface that facilitates the creation of custom commands using either Codeless Playbook or Python implementations. See Utility Custom Commands for details.

Utility Commands are of three categories:

  1. Basic Utility: Handles simple data processing on the following data types: Text, Number, Boolean, DateTime, Text Array, Number Array, Boolean Array, DateTime Array, JSON Array, JSON Object, File, and File Array. Examples of basic utility commands include Contains Text, Ends with, Text Equals to, among many others.

  2. Cyber Utility: Focuses on cyber-specific data processing for enriching or extracting information from artifacts such as Email, Event, File, HostName, Port, and Process. Examples of cyber utility commands include Add Tactics & Techniques to Incident, IOCs Extraction, Save and Link Artifacts to Incident, among many others.

  3. System Utility: Performs actions on system objects such as Incident, Context Data, Users, Global List, and SLA. Example system utility commands include Add to Global List, Close Incident, Send Email, among many others.

The D3 platform also supports exporting and importing custom utility commands between different D3 SOAR environments. See Exporting and Importing Utility Commands for more details.

The Command Description section is divided into four key sections. First is the summary section, which includes a basic description of the command, and a table detailing the command implementation, the command category, and relevant tags. Next are the Input and Output sections, which detail the command's input parameters and output categories, respectively. Finally, the Remote Command API section provides detailed information about the HTTP request URL, request header information, request body format, and descriptions of body parameters, along with a sample request, response fields, and a sample response.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close