Skip to main content
Skip table of contents

Monitor Case Changes

LAST UPDATED: FEB 27, 2024

With the "Monitor Case Changes" Command, you have the ability to monitor any changes made to all D3 cases. To set up regular monitoring, you can simply add this Utility Command to the "Schedules" menu.

Implementation

System

Command Category

System Utility

Tags

CASE

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Start Time

Required

The time at which the monitoring starts from.

2023-03-30 14:20:00

User Name

Required

The User Name of the user that is performing the monitoring.

SecurityAdmin

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON
{
    "NextStartTime": "2023-04-05T20:42:51.483"
}
Raw Data

The response data from the utility command.

SAMPLE DATA

JSON
{
    "NextStartTime": "2023-04-05T20:42:51.483",
    "CaseList": [
        {
            "CaseData": {
                "Case Number": "20230330-12",
                "Status": "Prepare",
                "Timezone": "(GMT-12:00) International Date Line West",
                "Reported Date": "2023-03-08T00:00:00",
                "Site Name": "APSOC",
                "Case Type": "Alarms",
                "Case Priority": "1",
                "Description": "<p>tt</p>",
                "Case Owner": [
                    {
                        "FIRST_NAME": "admin",
                        "LAST_NAME": "user"
                    }
                ],
                "Is New": "False"
            },
            "NCaseHistoryData": [
                {
                    "CaseID": 7374,
                    "Field Name": "CaseLastModifiedDT",
                    "Previous Value": "Mar 30 2023 12:36PM",
                    "New Value": "Mar 30 2023  1:45PM",
                    "Tab Name": "Summary"
                }
            ]
        }
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE
https:/{base_url}/{api_namespace}/api/Command/monitorCaseChanges

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON
{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Start Time": "<Start Time here>",
    "User Name": "<User Name here>"
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

String

Required

The username of your D3 SOAR account.

Site

String

Required

The D3 SOAR site to run the remote command.

Start Time

DateTime

Required

The time at which the monitoring starts from.

User Name

Text

Required

The User Name of the user that is performing the monitoring.

Sample Request

SAMPLE DATA

JSON
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Start Time": "2023-03-30 14:20:00",
    "User Name": "SecurityAdmin"
  }
}

Response

Response Fields

Field Name

Type

Description

error

String

The error message if the API request has failed.

returnData

JSON Object

The return data from the API request.

rawData

JSON Object

The raw data from the API request.

Sample Response

JSON
{
    "error": "",
    "returnData": {
      "NextStartTime": "2023-04-05T20:42:51.483"
    },
    "rawData": {
      "NextStartTime": "2023-04-05T20:42:51.483",
      "CaseList": [
          {
              "CaseData": {
                  "Case Number": "20230330-12",
                  "Status": "Prepare",
                  "Timezone": "(GMT-12:00) International Date Line West",
                  "Reported Date": "2023-03-08T00:00:00",
                  "Site Name": "APSOC",
                  "Case Type": "Alarms",
                  "Case Priority": "1",
                  "Description": "<p>tt</p>",
                  "Case Owner": [
                      {
                          "FIRST_NAME": "admin",
                          "LAST_NAME": "user"
                      }
                  ],
                  "Is New": "False"
              },
              "NCaseHistoryData": [
                  {
                      "CaseID": 7374,
                      "Field Name": "CaseLastModifiedDT",
                      "Previous Value": "Mar 30 2023 12:36PM",
                      "New Value": "Mar 30 2023  1:45PM",
                      "Tab Name": "Summary"
                  }
              ]
          }
      ]
    }
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.