Skip to main content
Skip table of contents

Search Event

LAST UPDATED: AUG 19, 2024

Search events based on the given search criteria

Implementation

System

Command Category

System Utility

Tags

EVENT EVENT SEARCH

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Time Range

Required

Set the Time Range to fetch. "timeRangeType": 0 - Custom range, 1 - Past hour, 2 - Past 24 hours, 3 - Past week, 4 - Past month

CODE 
{
    "timeRangeType": 4,
    "startTime": "2020-06-04 23:02:11",
    "endTime": "2020-07-04 23:02:11"
}

Top Recent Event Number

Required

Set the number of the most recent Event(s) to fetch

20

Constraint Condition

Required

Conditions for filtering events

[Configured in Playbook Command Task Editor]

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
{
    "EventIDs": [
        60098,
        60097,
        60096
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE 
https:/{base_url}/{api_namespace}/api/Command/SearchEvent

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON 
{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Time Range": {
      "timeRangeType": <Time Range Type here>,
      "startTime": <Start Time here>,
      "endTime": <End Time here>
    },
    "Top Recent Event Number": <Top Recent Event Number here>,
    "Constraint Condition": <Constraint Condition here>
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

string

Required

The username of your D3 SOAR account.

Site

string

Required

The D3 SOAR site to run the remote command.

Time Range

JSON Object

Optional

Set the Time Range to fetch. "timeRangeType": 0 - Custom range, 1 - Past hour, 2 - Past 24 hours, 3 - Past week, 4 - Past month

Top Recent Event Number

Integer

Optional

Set the number of the most recent Event(s) to fetch

Constraint Condition

array<JSON Object>

Optional

Conditions for filtering events

Sample Request

SAMPLE DATA

JSON 
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Time Range": {
      "timeRangeType": 4,
      "startTime": "2020-06-04 23:02:11",
      "endTime": "2020-07-04 23:02:11"
    },
    "Top Recent Event Number": 20,
    "Constraint Condition": "[Configured in Playbook Command Task Editor]"
  }
}

Response

Response Fields

Field Name

Type

Description

error

string

The error message if the API request has failed.

returnData

JSON Object

The return data from the API request.

Sample Response

JSON 
{
    "error": "",
    "returnData": {
        "EventIDs": [
            60098,
            60097,
            60096
        ]
    }
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close