Last updated: Feb 27, 2024
Add Incident Tags to the current incident.
|
Implementation |
System |
|
Command Category |
System Utility |
|
Tags |
Case |
Inputs
|
Parameter Name |
Required/Optional |
Description |
Sample Data |
|---|---|---|---|
|
Time Zone |
Required |
The Time Zone of the case created. |
PST |
|
Case Status |
Required |
The desired status to which the case |
Active |
|
Incident Date |
Optional |
The date on which the incident occurred. |
02/16/2021 00:00 |
|
Reported Date |
Required |
The date on which the case was reported. |
02/16/2021 00:00 |
|
Owner Site |
Required |
The site where the case was reported. |
Corporate Security |
|
Case Type |
Optional |
The type of the case. |
IT Forensic |
|
Priority |
Optional |
The Priority of the case. |
Level 1 |
|
Investigator |
Optional |
The name of the owners. |
James |
|
Description |
Optional |
The Description of the case. |
Here is the description of the case created |
|
Title |
Optional |
The title of the case. |
Case Title |
|
Access Level |
Optional |
The Access Level of the case. |
5 |
|
User Name |
Required |
The User Name of the user create the case. |
SecurityAdmin |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/createCase
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Time Zone": "<Time Zonehere>",
"Case Status": "<Case Status here>",
"Incident Date": "<Incident Date here>",
"Reported Date": "<Reported Date here>",
"Owner Site": "<Owner Site here>",
"Case Type": "<Case Type here>",
"Priority": "<Priority here>",
"Invesitagtor": "<Invesitagtor here>",
"Description": "<Description here>",
"Title": "<Title here>",
"Access Level": "<Access Level here>",
"User Name": "<User Name here>"
}
}
Body Parameters
|
Parameter Name |
Type |
Required/Optional |
Description |
|---|---|---|---|
|
Username |
|
Required |
The username of your D3 SOAR account. |
|
Site |
|
Required |
The D3 SOAR site to run the remote command. |
|
Time Zone |
|
Required |
The Time Zone of the case created. |
|
Case Status |
|
Required |
The desired status to which the case |
|
Incident Date |
|
Optional |
The date on which the incident occurred. |
|
Reported Date |
|
Required |
The date on which the case was reported. |
|
Owner Site |
|
Required |
The site where the case was reported. |
|
Case Type |
|
Optional |
The type of the case. |
|
Priority |
|
Optional |
The Priority of the case. |
|
Investigator |
|
Optional |
The name of the owners. |
|
Description |
|
Optional |
Here is the description of the case created |
|
Title |
|
Optional |
The title of the case. |
|
Access Level |
|
Optional |
The Access Level of the case. |
|
User Name |
|
Required |
The User Name of the user create the case. |
Sample Request
Sample Data
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Time Zone": "PST",
"Case Status": "Active",
"Incident Date": "02/16/2021 00:00",
"Reported Date": "02/16/2021 00:00",
"Owner Site": "Corporate Security",
"Case Type": "IT Forensic",
"Priority": "Level 1",
"Invesitagtor": "James",
"Description": "Here is the description of the case created",
"Title": "Case Title",
"Access Level": 5,
"User Name": "SecurityAdmin"
}
}
Response
Response Fields
|
Field Name |
Type |
Description |
|---|---|---|
|
error |
|
The error message if the API request has failed. |
|
rawData |
|
The raw data from the API request. |
Sample Response
{
"error":"",
"returnData":"Successful",
"rawData":"{
"CaseNumber": "20230130-156"
}",
"contextData":"",
"outputData":""
}