Breadcrumbs

Clone And Schedule Data Ingestions

Last updated: Aug 19, 2024

Clones a new schedule from current schedule connection to new schedule connection within the integration. If the current schedule connection is empty, then create a new schedule in the new schedule connection within the integration.

Implementation

System

Command Category

System Utility

Tags

Integration

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Integration Name

Required

The name of the integration.

Test Integration Name

Is Fetch Incident Or Fetch Event

Required

The type of data intake. The options are:

  • Event Intake

  • Incident Intake

Event Intake

Current Schedule Connection

Optional

The current schedule connection. Creates a new schedule if left empty.

All Sites

New Schedule Connection

Required

The new schedule connection.

Security Operations - testconnection

Command Details

Optional

The parameters of the fetch incident or fetch events.

When creating a new schedule in a non-custom integration, this parameter should include all details to define the schedule. When cloning a schedule, any missing parameters will be automatically populated from the source schedule.

 
{

    "Start Time": "2023-01-01 1:00:00",

    "End Time": "2023-01-02 3:00:00",

    "Top Recent Event Number": "5",

    "Search Condition": "search condition"

}

Schedule Configuration

Optional

The configuration of a schedule.

Missing schedule configuration fields will default to a preset value when creating a new schedule.

 
{

    "Interval": 1,

    "Tolerance Scope": 15,

    "Email Notification": 5,

    "Data Formatter": "FormatScript",

    "Event Playbook": "TestPlaybook",

    "MITRE TTP Search": true,

    "Automation Rules": true,

    "JSON Path For Site": "$.site",

    "Global List For Site Mapping": "SiteMapping"

}

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

Sample Data

JSON
Successful

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

https:/{base_url}/{api_namespace}/api/Command/CloneAndScheduleDataIngestions

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON
{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Integration Name": <Integration Name here>,
    "Is Fetch Incident Or Fetch Event": <Fetch Incident Or Fetch Event here>,
    "Current Schedule Connection": <Current Schedule Connection here>,
    "New Schedule Connection": <New Schedule Connection here>,
    "Command Details": <Command Details here>,
    "Schedule Configurations": <Schedule Configurations here>
   }
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

string

Required

The username of your D3 SOAR account.

Site

string

Required

The D3 SOAR site to run the remote command.

Integration Name

string

Required

The name of the integration.

Is Fetch Incident Or Fetch Event

string

Required

The type of data intake. The options are:

  • Event Intake

  • Incident Intake

Current Schedule Connection

string

Optional

The current schedule connection. Creates a new schedule if left empty.

New Schedule Connection

string

Required

The new schedule connection.

Command Details

JSON Object

Optional

The parameters of the fetch incident or fetch events.

When creating a new schedule in a non-custom integration, this parameter should include all details to define the schedule. When cloning a schedule, any missing parameters will be automatically populated from the source schedule.

Schedule Configuration

JSON Object

Optional

The configuration of a schedule.

Missing schedule configuration fields will default to a preset value when creating a new schedule.

Sample Request

Sample Data

JSON
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Integration Name": "Test Integration Name",
    "Is Fetch Incident Or Fetch Event": "Event Intake",
    "Current Schedule Connection": "All Sites",
    "New Schedule Connection": "Security Operations - testconnection",
    "Command Details": {
      "Start Time": "2023-01-01 1:00:00",
      "End Time": "2023-01-02 3:00:00",
      "Top Recent Event Number": "5",
      "Search Condition": "search condition"
    },
    "Schedule Configurations": {
      "Interval": 1,
      "Tolerance Scope": 15,
      "Email Notification": 5,
      "Data Formatter": "FormatScript",
      "Event Playbook": "TestPlaybook",
      "MITRE TTP Search": true,
      "Automation Rules": true,
      "JSON Path For Site": "$.site",
      "Global List For Site Mapping": "SiteMapping"
    }
  }
}

Response

Response Fields

Field Name

Type

Description

error

string

The error message if the API request has failed.

returnData

string

The return data from the API request.

Sample Response

JSON
{
    "error": "",
    "returnData": "Successful",
}