Set Incident Fields
Updates fields for an incident with specified values in a JSON object.
Implementation | System |
Command Category | System Utility |
Tags | INCIDENT INCIDENT FIELDS |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Incident Number | Optional | The incident number to set the fields to. |
|
Input | Optional | A JSON object of an incident with fields to be updated. Fields could be Title, SiteName, IncidentType, Status, SeverityName, Disposition, Tags, DueDate, Description, IncidentCategory, DateEnd, Owner, DateOccurred and CustomFields. Date format: yyyy-mm-dd hh:mm:ss. |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/SetIncidentFields
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Incident Number": "<Incident Number here>",
"Input": "<Input here>"
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Incident Number |
| Optional | The incident number to set the fields to. |
Input |
| Optional | A JSON object of an incident with fields to be updated. Fields could be Title, SiteName, IncidentType, Status, SeverityName, Disposition, Tags, DueDate, Description, IncidentCategory, DateEnd, Owner, DateOccurred and CustomFields. Date format: yyyy-mm-dd hh:mm:ss. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Incident Number": "20110803-1",
"Input": {
"Title": "Incident title",
"SiteName": "APSOC",
"IncidentType": "Phishing",
"Status": "Closed",
"SeverityName": "medium",
"Disposition": "No Action",
"Tags": "MyTag, MyTag2",
"Description": "This is for updating incident",
"DueDate": "2021-08-01 12:00:00",
"IncidentCategory": "Access",
"DateEnded": "2021-08-02 12:00:00",
"Owner": "firstname lastname",
"DateOccurred": "2021-08-02 12:00:00",
"CustomAge": "30",
"CustomSpecialField": "some special text"
}
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error": "",
"returnData": "Successful",
"contextData": {
"Title": "Incident title",
"SiteName": "APSOC",
"IncidentType": "Phishing",
"Status": "Closed",
"SeverityName": "medium",
"Disposition": "No Action",
"Tags": "MyTag, MyTag2",
"Description": "This is for updating incident",
"DueDate": "2021-08-01 12:00:00",
"IncidentCategory": "Access",
"DateEnded": "2021-08-02 12:00:00",
"Owner": "firstname lastname",
"DateOccurred": "2021-08-02 12:00:00",
"CustomAge": "30",
"CustomSpecialField": "some special text"
}
}