Monitor Case Changes

With the "Monitor Case Changes" Command, you have the ability to monitor any changes made to all D3 cases. To set up regular monitoring, you can simply add this Utility Command to the "Schedules" menu.

Implementation	System
Command Category	System Utility
Tags	CASE

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Start Time	Required	The time at which the monitoring starts from.	`2023-03-30 14:20:00`
User Name	Required	The User Name of the user that is performing the monitoring.	`SecurityAdmin`

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON

{
    "NextStartTime": "2023-04-05T20:42:51.483"
}

Raw Data

The response data from the utility command.

SAMPLE DATA

JSON

{
    "NextStartTime": "2023-04-05T20:42:51.483",
    "CaseList": [
        {
            "CaseData": {
                "Case Number": "20230330-12",
                "Status": "Prepare",
                "Timezone": "(GMT-12:00) International Date Line West",
                "Reported Date": "2023-03-08T00:00:00",
                "Site Name": "APSOC",
                "Case Type": "Alarms",
                "Case Priority": "1",
                "Description": "<p>tt</p>",
                "Case Owner": [
                    {
                        "FIRST_NAME": "admin",
                        "LAST_NAME": "user"
                    }
                ],
                "Is New": "False"
            },
            "NCaseHistoryData": [
                {
                    "CaseID": 7374,
                    "Field Name": "CaseLastModifiedDT",
                    "Previous Value": "Mar 30 2023 12:36PM",
                    "New Value": "Mar 30 2023  1:45PM",
                    "Tab Name": "Summary"
                }
            ]
        }
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE

https:/{base_url}/{api_namespace}/api/Command/monitorCaseChanges

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Start Time": "<Start Time here>",
    "User Name": "<User Name here>"
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`String`	Required	The username of your D3 SOAR account.
Site	`String`	Required	The D3 SOAR site to run the remote command.
Start Time	`DateTime`	Required	The time at which the monitoring starts from.
User Name	`Text`	Required	The User Name of the user that is performing the monitoring.

Sample Request

SAMPLE DATA

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Start Time": "2023-03-30 14:20:00",
    "User Name": "SecurityAdmin"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`String`	The error message if the API request has failed.
returnData	`JSON Object`	The return data from the API request.
rawData	`JSON Object`	The raw data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": {
      "NextStartTime": "2023-04-05T20:42:51.483"
    },
    "rawData": {
      "NextStartTime": "2023-04-05T20:42:51.483",
      "CaseList": [
          {
              "CaseData": {
                  "Case Number": "20230330-12",
                  "Status": "Prepare",
                  "Timezone": "(GMT-12:00) International Date Line West",
                  "Reported Date": "2023-03-08T00:00:00",
                  "Site Name": "APSOC",
                  "Case Type": "Alarms",
                  "Case Priority": "1",
                  "Description": "<p>tt</p>",
                  "Case Owner": [
                      {
                          "FIRST_NAME": "admin",
                          "LAST_NAME": "user"
                      }
                  ],
                  "Is New": "False"
              },
              "NCaseHistoryData": [
                  {
                      "CaseID": 7374,
                      "Field Name": "CaseLastModifiedDT",
                      "Previous Value": "Mar 30 2023 12:36PM",
                      "New Value": "Mar 30 2023  1:45PM",
                      "Tab Name": "Summary"
                  }
              ]
          }
      ]
    }
}