Search Case
LAST UPDATED: FEB 27, 2024
Search cases based on the given search criteria
Implementation | System |
Command Category | System Utility |
Tags | CASE |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Site Name | Optional | The name of the site in which the cases are | Security Operations |
Case Type | Optional | The type of the cases | Criminal Investigation |
Start Time UTC | Optional | The earliest UTC report time of cases | 2021-01-26 00:00:00 |
End Time UTC | Optional | The latest UTC report time of cases | 2021-01-27 00:00:00 |
Case Status | Optional | The status of the cases | Prepare |
Wildcard Search | Optional | A general search string for cases | 20201201-3 |
Username | Optional | The username of user who accesses the cases. This username will be used only when the task is run automatically | admin user |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/SearchCase
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Site Name": <Site Name here>,
"Case Type": <Case Type here>,
"Start Time UTC": <Start Time UTC here>,
"End Time UTC": <End Time UTC here>,
"Case Status": <Case Status here>,
"Wildcard Search": <Wildcard Search here>,
"Username": <Username here>,
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Optional | The username of your D3 SOAR account. |
Site |
| Optional | The name of the site in which the cases are |
Site Name |
| Optional | The name of the site in which the cases are |
Case Type |
| Optional | The type of the cases |
Start Time UTC |
| Optional | The earliest UTC report time of cases |
End Time UTC |
| Optional | The latest UTC report time of cases |
Case Status |
| Optional | The status of the cases |
Wildcard Search |
| Optional | A general search string for cases |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Site Name": "Security Operations",
"Case Type": "Criminal Investigation",
"Start Time UTC": "2021-01-26 00:00:00",
"End Time UTC": "2021-01-27 00:00:00",
"Case Status": "Prepare",
"Wildcard Search": "20201201-3",
"Username": "admin user"
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error":"",
"returnData":["20201201-3"],
"contextData":[
{
"Case Number": "20201201-3",
"Case Site": "Security Operations",
"Case Type": "Criminal Investigation",
"Case Title": "A case title",
"Case Report Date UTC": "2021-01-26 12:45:29.000",
"Case Status": "Prepare",
"Case Creator": "admin user"
}
]
}