Set Incident Fields In Bulk
Updates fields for multiple incidents with specified values in a JSON object.
Implementation | System |
Command Category | System Utility |
Tags | INCIDENT INCIDENT FIELDS |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
---|---|---|---|
Input | Optional | A JSON array of incidents with fields to be updated. Fields could be Title, SiteName, IncidentType, Status, SeverityName, Disposition, Tags, DueDate, Description, IncidentCategory, DateEnded, Owner, DateOccurred and CustomFields. Date format: yyyy-mm-dd hh:mm:ss. |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/SetIncidentFieldsInBulk
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Input": "<Input here>"
}
}
Body Parameters
Parameter Name | Type | Required/Optional | Description |
---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
Input |
| Optional | A JSON array of incidents with fields to be updated. Fields could be Title, SiteName, IncidentType, Status, SeverityName, Disposition, Tags, DueDate, Description, IncidentCategory, DateEnded, Owner, DateOccurred and CustomFields. Date format: yyyy-mm-dd hh:mm:ss. |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Input": [
{
"IncidentNumber": "20221116-6",
"Input": {
"Title": "Incident title",
"SiteName": "test123site",
"IncidentType": "test",
"Status": "Closed",
"SeverityName": "medium",
"Disposition": "No Action",
"Tags": "MyTag, MyTag2",
"Description": "This is for updating incident",
"DueDate": "2021-08-01 12:00:00",
"IncidentCategory": "Access",
"DateEnded": "2021-08-02 12:00:00",
"Owner": "firstname lastname",
"DateOccurred": "2021-08-02 12:00:00",
"CustomAge": "30",
"CustomSpecialField": "some special text"
}
},
{
"IncidentNumber": "20221116-7",
"Input": {
"Title": "Incident title",
"SiteName": "test123site",
"IncidentType": "test",
"Status": "Closed",
"SeverityName": "medium",
"Disposition": "No Action",
"Tags": "MyTag, MyTag2",
"Description": "This is for updating incident",
"DueDate": "2021-08-01 12:00:00",
"IncidentCategory": "Access",
"DateEnded": "2021-08-02 12:00:00",
"Owner": "firstname lastname",
"DateOccurred": "2021-08-02 12:00:00",
"CustomAge": "30",
"CustomSpecialField": "some special text"
}
}
]
}
}
Response
Response Fields
Field Name | Type | Description |
---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error": "",
"returnData": "Successful",
"contextData": [
{
"Incident Number": "20221116-6",
"Content": {
"Title": "Incident title",
"SiteName": "test123site",
"IncidentType": "test",
"Status": "Closed",
"SeverityName": "medium",
"Disposition": "No Action",
"Tags": "MyTag, MyTag2",
"Description": "This is for updating incident",
"DueDate": "2021-08-01 12:00:00",
"IncidentCategory": "Access",
"DateEnded": "2021-08-02 12:00:00",
"Owner": "firstname lastname",
"DateOccurred": "2021-08-02 12:00:00",
"CustomAge": "30",
"CustomSpecialField": "some special text"
}
},
{
"Incident Number": "20221116-7",
"Content": {
"Title": "Incident title",
"SiteName": "test123site",
"IncidentType": "test",
"Status": "Closed",
"SeverityName": "medium",
"Disposition": "No Action",
"Tags": "MyTag, MyTag2",
"Description": "This is for updating incident",
"DueDate": "2021-08-01 12:00:00",
"IncidentCategory": "Access",
"DateEnded": "2021-08-02 12:00:00",
"Owner": "firstname lastname",
"DateOccurred": "2021-08-02 12:00:00",
"CustomAge": "30",
"CustomSpecialField": "some special text"
}
}
]
}