Skip to main content
Skip table of contents

Set Incident Fields In Bulk

LAST UPDATED: AUG 29, 2024

Updates the selected fields for multiple incidents.

Implementation

System

Command Category

System Utility

Tags

INCIDENT INCIDENT FIELDS

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Input

Required

A JSON array where each object specifies the built-in and custom fields to update for an incident, identified by the IncidentNumber property.

The built-in incident fields that can be updated are Title, SiteName, IncidentType, Status, SeverityName, Disposition, Tags, DueDate, Description, IncidentCategory, DateEnded, Owner, and DateOccurred.

The custom incident fields will be placed under the Custom Fields section in the incident workspace. They will be retitled with "Custom" prefixed and have any spaces or special characters removed.

The date format should be in the form: yyyy-MM-dd HH:mm:ss.

CODE 
[
  {
    "IncidentNumber": "20221116-6",
    "Input": {
        "Title": "Incident title",
        "SiteName": "test123site",
        "IncidentType": "test",
        "Status": "Closed",
        "SeverityName": "medium",
        "Disposition": "No Action",
        "Tags": "MyTag, MyTag2",
        "Description": "This is for updating incident",
        "DueDate": "2021-08-01 12:00:00",
        "IncidentCategory": "Access",
        "DateEnded": "2021-08-02 12:00:00",
        "Owner": "firstname lastname",
        "DateOccurred": "2021-08-02 12:00:00",
        "CustomAge": "30",
        "CustomSpecialField": "some special text"
    }
  },
  {
    "IncidentNumber": "20221116-7",
    "Input": {
        "Title": "Incident title",
        "SiteName": "test123site",
        "IncidentType": "test",
        "Status": "Closed",
        "SeverityName": "medium",
        "Disposition": "No Action",
        "Tags": "MyTag, MyTag2",
        "Description": "This is for updating incident",
        "DueDate": "2021-08-01 12:00:00",
        "IncidentCategory": "Access",
        "DateEnded": "2021-08-02 12:00:00",
        "Owner": "firstname lastname",
        "DateOccurred": "2021-08-02 12:00:00",
        "CustomAge": "30",
        "CustomSpecialField": "some special text"
    }
  }
]

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

SAMPLE DATA

JSON 
Successful
Context Data

The response data from the utility command.

SAMPLE DATA

JSON 
[
    {
        "Incident Number": "20221116-6",
        "Content": {
            "Title": "Incident title",
            "SiteName": "test123site",
            "IncidentType": "test",
            "Status": "Closed",
            "SeverityName": "medium",
            "Disposition": "No Action",
            "Tags": "MyTag, MyTag2",
            "Description": "This is for updating incident",
            "DueDate": "2021-08-01 12:00:00",
            "IncidentCategory": "Access",
            "DateEnded": "2021-08-02 12:00:00",
            "Owner": "firstname lastname",
            "DateOccurred": "2021-08-02 12:00:00",
            "CustomAge": "30",
            "CustomSpecialField": "some special text"
        }
    },
    {
        "Incident Number": "20221116-7",
        "Content": {
            "Title": "Incident title",
            "SiteName": "test123site",
            "IncidentType": "test",
            "Status": "Closed",
            "SeverityName": "medium",
            "Disposition": "No Action",
            "Tags": "MyTag, MyTag2",
            "Description": "This is for updating incident",
            "DueDate": "2021-08-01 12:00:00",
            "IncidentCategory": "Access",
            "DateEnded": "2021-08-02 12:00:00",
            "Owner": "firstname lastname",
            "DateOccurred": "2021-08-02 12:00:00",
            "CustomAge": "30",
            "CustomSpecialField": "some special text"
        }
    }
]

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

CODE 
https:/{base_url}/{api_namespace}/api/Command/SetIncidentFieldsInBulk

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON 
{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Input": "<Input here>"
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

string

Required

The username of your D3 SOAR account.

Site

string

Required

The D3 SOAR site to run the remote command.

Input

array<JSON Object>

Required

A JSON array where each object specifies the built-in and custom fields to update for an incident, identified by the IncidentNumber property.

The built-in incident fields that can be updated are Title, SiteName, IncidentType, Status, SeverityName, Disposition, Tags, DueDate, Description, IncidentCategory, DateEnded, Owner, and DateOccurred.

The custom incident fields will be placed under the Custom Fields section in the incident workspace. They will be retitled with "Custom" prefixed and have any spaces or special characters removed.

The date format should be in the form: yyyy-MM-dd HH:mm:ss.

Sample Request

SAMPLE DATA

JSON 
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Input": [
      {
        "IncidentNumber": "20221116-6",
        "Input": {
          "Title": "Incident title",
          "SiteName": "test123site",
          "IncidentType": "test",
          "Status": "Closed",
          "SeverityName": "medium",
          "Disposition": "No Action",
          "Tags": "MyTag, MyTag2",
          "Description": "This is for updating incident",
          "DueDate": "2021-08-01 12:00:00",
          "IncidentCategory": "Access",
          "DateEnded": "2021-08-02 12:00:00",
          "Owner": "firstname lastname",
          "DateOccurred": "2021-08-02 12:00:00",
          "CustomAge": "30",
          "CustomSpecialField": "some special text"
        }
      },
      {
        "IncidentNumber": "20221116-7",
        "Input": {
          "Title": "Incident title",
          "SiteName": "test123site",
          "IncidentType": "test",
          "Status": "Closed",
          "SeverityName": "medium",
          "Disposition": "No Action",
          "Tags": "MyTag, MyTag2",
          "Description": "This is for updating incident",
          "DueDate": "2021-08-01 12:00:00",
          "IncidentCategory": "Access",
          "DateEnded": "2021-08-02 12:00:00",
          "Owner": "firstname lastname",
          "DateOccurred": "2021-08-02 12:00:00",
          "CustomAge": "30",
          "CustomSpecialField": "some special text"
        }
      }
    ]
  }
}

Response

Response Fields

Field Name

Type

Description

error

string

The error message if the API request has failed.

returnData

string

The return data from the API request.

contextData

array<JSON Object>

The context data from the API request.

Sample Response

JSON 
{
    "error": "",
    "returnData": "Successful",
    "contextData": [
        {
            "Incident Number": "20221116-6",
            "Content": {
                "Title": "Incident title",
                "SiteName": "test123site",
                "IncidentType": "test",
                "Status": "Closed",
                "SeverityName": "medium",
                "Disposition": "No Action",
                "Tags": "MyTag, MyTag2",
                "Description": "This is for updating incident",
                "DueDate": "2021-08-01 12:00:00",
                "IncidentCategory": "Access",
                "DateEnded": "2021-08-02 12:00:00",
                "Owner": "firstname lastname",
                "DateOccurred": "2021-08-02 12:00:00",
                "CustomAge": "30",
                "CustomSpecialField": "some special text"
            }
        },
        {
            "Incident Number": "20221116-7",
            "Content": {
                "Title": "Incident title",
                "SiteName": "test123site",
                "IncidentType": "test",
                "Status": "Closed",
                "SeverityName": "medium",
                "Disposition": "No Action",
                "Tags": "MyTag, MyTag2",
                "Description": "This is for updating incident",
                "DueDate": "2021-08-01 12:00:00",
                "IncidentCategory": "Access",
                "DateEnded": "2021-08-02 12:00:00",
                "Owner": "firstname lastname",
                "DateOccurred": "2021-08-02 12:00:00",
                "CustomAge": "30",
                "CustomSpecialField": "some special text"
            }
        }
    ]
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close