Create Tenant Data Ingestion Schedule

Last updated: aug 19, 2024

Sync schedule to tenant instance.

Implementation	System
Command Category	System Utility
Tags	Event Event Ingestion

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Integration Name	Required	Integration name which needs create schedule	Test Integration Name
Data Ingestion Connection	Required	Connection to create data ingestion schedule	Test Connection Name
Is Fetch Incident Or Event	Required	Intake data type (event or incident)	Event Intake
Is Shared To Client Connection	Required	Specify if use shared client site. The default value is false.	False
Tenant Region	Required	Region of the tenant	AMER
Tenant Name	Required	Name of the tenant	Test Tenant
Tenant Site	Optional	Site of the tenant	Test Tenant Site
Schedule Interval	Optional	Set the interval minutes for the schedule	5
Event Playbook	Optional	Event playbook name	Event Playbook
Enable Email Notification	Optional	Enable send email notification if schedule failed	False
Max Attempts	Optional	The number of consecutive fetch failed to send email notification	5
Command Details	Optional	The details for command parameters	{ "Start Time": "2023-01-01 1:00:00", "End Time": "2023-01-02 3:00:00", "Top Recent Event Number": "5", "Search Condition": "search condition" }
JSON Path For Site	Optional	JSON path for site	$.Site
Global List For Site Mapping	Optional	Global list for site mapping	Global list

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

Sample Data

JSON

Successful

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

https:/{base_url}/{api_namespace}/api/Command/CreateTenantDataIngestionSchedule

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Integration Name": <Integration Name here>,
    "Data Ingestion Connection": <Data Ingestion Connection here>,
    "Is Fetch Incident Or Event": <Is Fetch Incident Or Event here>,
    "Is Shared To Client Connection": <Is Shared To Client Connection here>,
    "Tenant Region": <Tenant Region here>,
    "Tenant Name": <Tenant Name here>,
    "Tenant Site": <Tenant Site here>,
    "Schedule Interval": <Schedule Interval here>,
    "Event Playbook": <Event Playbook here>,
    "Enable Email Notification": <Enable Email Notification here>,
    "Max Attempts": <Max Attempts here>,
    "Command Details": {
      "Start Time": <Start Time here>,
      "End Time": <End Time here>,
      "Top Recent Event Number": <Top Recent Event Number here>,
      "Search Condition": <Search Condition here>
    },
    "JSON Path For Site": <JSON Path For Site here>,
    "Global List For Site Mapping": <Global List For Site Mapping here>
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`string`	Required	The username of your D3 SOAR account.
Site	`string`	Required	The D3 SOAR site to run the remote command.
Integration Name	`string`	Optional	Integration name which needs create schedule
Data Ingestion Connection	`string`	Optional	Connection to create data ingestion schedule
Is Fetch Incident Or Event	`string`	Required	Intake data type (event or incident)
Is Shared To Client Connection	`string`	Required	Specify if use shared client site. The default value is false.
Tenant Region	`string`	Required	Region of the tenant
Tenant Name	`string`	Required	Name of the tenant
Tenant Site	`string`	Required	Site of the tenant
Schedule Interval	`integer`	Required	Set the interval minutes for the schedule
Event Playbook	`string`	Optional	Event playbook name
Enable Email Notification	`string`	Optional	Enable send email notification if schedule failed
Max Attempts	`integer`	Optional	The number of consecutive fetch failed to send email notification
Command Details	`JSON Object`	Optional	The details for command parameters
JSON Path For Site	`string`	Optional	JSON path for site
Global List For Site Mapping	`string`	Optional	Global list for site mapping

Sample Request

Sample Data

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Integration Name": "Test Integration Name",
    "Data Ingestion Connection": "Test Connection Name",
    "Is Fetch Incident Or Event": "Event Intake",
    "Is Shared To Client Connection": "False",
    "Tenant Region": "AMER",
    "Tenant Name": "Test Tenant",
    "Tenant Site": "Test Tenant Site",
    "Schedule Interval": 5,
    "Event Playbook": "Event Playbook",
    "Enable Email Notification": "False",
    "Max Attempts": 5,
    "Command Details": {
      "Start Time": "2023-01-01 1:00:00",
      "End Time": "2023-01-02 3:00:00",
      "Top Recent Event Number": "5",
      "Search Condition": "search condition"
    },
    "JSON Path For Site": "$.Site",
    "Global List For Site Mapping": "Global list"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`string`	The error message if the API request has failed.
returnData	`string`	The return data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": "Successful"
}