Monitor Case Changes
LAST UPDATED: FEB 27, 2024
With the "Monitor Case Changes" Command, you have the ability to monitor any changes made to all D3 cases. To set up regular monitoring, you can simply add this Utility Command to the "Schedules" menu.
Implementation | System |
Command Category | System Utility |
Tags | CASE |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Start Time | Required | The time at which the monitoring starts from. | 2023-03-30 14:20:00 |
User Name | Required | The User Name of the user that is performing the monitoring. | SecurityAdmin |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/monitorCaseChanges
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Start Time": "<Start Time here>",
"User Name": "<User Name here>"
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Start Time |
| Required | The time at which the monitoring starts from. |
User Name |
| Required | The User Name of the user that is performing the monitoring. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Start Time": "2023-03-30 14:20:00",
"User Name": "SecurityAdmin"
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
rawData |
| The raw data from the API request. |
Sample Response
{
"error": "",
"returnData": {
"NextStartTime": "2023-04-05T20:42:51.483"
},
"rawData": {
"NextStartTime": "2023-04-05T20:42:51.483",
"CaseList": [
{
"CaseData": {
"Case Number": "20230330-12",
"Status": "Prepare",
"Timezone": "(GMT-12:00) International Date Line West",
"Reported Date": "2023-03-08T00:00:00",
"Site Name": "APSOC",
"Case Type": "Alarms",
"Case Priority": "1",
"Description": "<p>tt</p>",
"Case Owner": [
{
"FIRST_NAME": "admin",
"LAST_NAME": "user"
}
],
"Is New": "False"
},
"NCaseHistoryData": [
{
"CaseID": 7374,
"Field Name": "CaseLastModifiedDT",
"Previous Value": "Mar 30 2023 12:36PM",
"New Value": "Mar 30 2023 1:45PM",
"Tab Name": "Summary"
}
]
}
]
}
}