Last updated: feb 27, 2024
Returns data ingestion schedule running results
|
Implementation |
Python |
|
Command Category |
System Utility |
|
Tags |
EVENT EVENT INgestion |
Inputs
|
Parameter Name |
Required/Optional |
Description |
Sample Data |
|---|---|---|---|
|
Integration Name |
Required |
Specify the integration name |
Gmail |
|
Data Type |
Optional |
Specify the type of record to fetch |
Event Intake |
|
Connection Name |
Optional |
Specify the connection name |
connection1 |
|
Site Name |
Optional |
Specify the name of the site |
Security Operations |
|
Start Time |
Optional |
The start of the date range (UTC). Note: The start time of the fetched records will be converted from PST time zone to UTC time zone. |
2022-08-01 00:00:00
|
|
End Time |
Optional |
The end of the date range (UTC). Note: The end time of the fetched records will be converted from PST time zone to UTC time zone. |
2022-08-31 00:00:00
|
|
Record Limit |
Optional |
Specify the maximum number of records per schedule to be fetched. Using a positive value will order the records by newest first and using a negative value will order by oldest first. Note: A default of 100 maximum records will be returned if no value is specified. |
3 |
|
Error Only |
Optional |
Only fetch the records with error results |
No |
|
Include Raw Data |
Optional |
Specify whether to include raw data in the output |
Yes |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetDataIngestionScheduleRunningResults
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"Integration Name": <Integration Name here>,
"Data Type": <Data Type here>,
"Connection Name": <Connection Name here>,
"Site Name": <Site Name here>,
"Start Time": <Start Time here>,
"End Time": <End Time here>,
"Record Limit": <Record Limit here>,
"Error Only": <Error Only here>,
"Include Raw Data": <Include Raw Data here>
}
}
Body Parameters
|
Parameter Name |
Type |
Required/Optional |
Description |
|---|---|---|---|
|
Username |
|
Required |
The username of your D3 SOAR account. |
|
Site |
|
Required |
The D3 SOAR site to run the remote command. |
|
Integration Name |
|
Required |
Specify the integration name |
|
Data Type |
|
Optional |
Specify the type of record to fetch |
|
Connection Name |
|
Optional |
Specify the connection name |
|
Site Name |
|
Optional |
Specify the name of the site |
|
Start Time |
|
Optional |
The start of the date range (UTC). Note: The start time of the fetched records will be converted from PST time zone to UTC time zone. |
|
End Time |
|
Optional |
The end of the date range (UTC). Note: The end time of the fetched records will be converted from PST time zone to UTC time zone. |
|
Record Limit |
|
Optional |
Specify the maximum number of records per schedule to be fetched. Using a positive value will order the records by newest first and using a negative value will order by oldest first. Note: A default of 100 maximum records will be returned if no value is specified. |
|
Error Only |
|
Optional |
Only fetch the records with error results |
|
Include Raw Data |
|
Optional |
Specify whether to include raw data in the output |
Sample Request
Sample Data
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Integration Name": "Gmail",
"Data Type": "Event Intake",
"Connection Name": "connection1",
"Site Name": "Security Operations",
"Start Time": "2022-08-01 00:00:00",
"End Time": "2022-08-31 00:00:00",
"Record Limit": 3,
"Error Only": "No",
"Include Raw Data": "Yes"
}
}
Response
Response Fields
|
Field Name |
Type |
Description |
|---|---|---|
|
error |
|
The error message if the API request has failed. |
|
rawData |
|
The raw data from the API request. |
Sample Response
{
"error": "",
"returnData": "Successful",
"rawData": {
"Data Type": "Event Intake",
"Integration Name": "Gmail",
"Connection Name": "connection1",
"Site Name": "Security Operations",
"Records": [
{
"UTCStarttime": "2022-08-04 22:46:36.873000",
"UTCEndtime": "2022-08-04 22:46:37.113000",
"ExecutionDurationInSec": "0.240",
"IntervalDurationInMinute": "",
"State": "Successful",
"Input Data": [
{
"Command Name": "Fetch Event",
"Parameter 1: User Email": "phishing@d3cyberlab.com",
"Parameter 2: Start Time": "2022-08-04 00:00:00",
"Parameter 3: End Time": "2022-08-04 01:00:00",
"Parameter 4: Top Recent Event Number": "5",
"Parameter 5: Search Condition": ""
}
],
"Output Data": {
"EventCount": 0,
"NotifyChanges": false,
"CompositeId": null,
"ConnectionId": 1038,
"SiteId": 2,
"Error": null,
"DataSourceId": 1093,
"Result": {
"Result": "0 event(s) are created.",
"Events": []
},
"OutputModel": {
"result": {
"description": "<table class='cc-table'><tr><th>Result</th></tr><tr><td>No result</td></tr></table>",
"actions": [],
"references": [],
"resultFormatType": 9
},
"error": "",
"returnData": "Successful",
"rawData": "[]",
"contextData": "[]",
"outputData": {
"MessageIDs": "[]"
},
"passdownData": null,
"testingDetailData": null,
"customLog": null,
"others": {}
}
},
"Raw Data": [],
"Error Message": null
},
{
"UTCStarttime": "2022-08-04 22:46:41.890000",
"UTCEndtime": "2022-08-04 22:46:42.150000",
"ExecutionDurationInSec": "0.260",
"IntervalDurationInMinute": "0.080",
"State": "Successful",
"Input Data": [
{
"Command Name": "Fetch Event",
"Parameter 1: User Email": "phishing@d3cyberlab.com",
"Parameter 2: Start Time": "2022-08-04 01:00:00",
"Parameter 3: End Time": "2022-08-04 02:00:00",
"Parameter 4: Top Recent Event Number": "5",
"Parameter 5: Search Condition": ""
}
],
"Output Data": {
"EventCount": 0,
"NotifyChanges": false,
"CompositeId": null,
"ConnectionId": 1038,
"SiteId": 2,
"Error": null,
"DataSourceId": 1093,
"Result": {
"Result": "0 event(s) are created.",
"Events": []
},
"OutputModel": {
"result": {
"description": "<table class='cc-table'><tr><th>Result</th></tr><tr><td>No result</td></tr></table>",
"actions": [],
"references": [],
"resultFormatType": 9
},
"error": "",
"returnData": "Successful",
"rawData": "[]",
"contextData": "[]",
"outputData": {
"MessageIDs": "[]"
},
"passdownData": null,
"testingDetailData": null,
"customLog": null,
"others": {}
}
},
"Raw Data": [],
"Error Message": null
},
{
"UTCStarttime": "2022-08-04 22:46:46.913000",
"UTCEndtime": "2022-08-04 22:46:47.143000",
"ExecutionDurationInSec": "0.230",
"IntervalDurationInMinute": "0.079",
"State": "Successful",
"Input Data": [
{
"Command Name": "Fetch Event",
"Parameter 1: User Email": "phishing@d3cyberlab.com",
"Parameter 2: Start Time": "2022-08-04 02:00:00",
"Parameter 3: End Time": "2022-08-04 03:00:00",
"Parameter 4: Top Recent Event Number": "5",
"Parameter 5: Search Condition": ""
}
],
"Output Data": {
"EventCount": 0,
"NotifyChanges": false,
"CompositeId": null,
"ConnectionId": 1038,
"SiteId": 2,
"Error": null,
"DataSourceId": 1093,
"Result": {
"Result": "0 event(s) are created.",
"Events": []
},
"OutputModel": {
"result": {
"description": "<table class='cc-table'><tr><th>Result</th></tr><tr><td>No result</td></tr></table>",
"actions": [],
"references": [],
"resultFormatType": 9
},
"error": "",
"returnData": "Successful",
"rawData": "[]",
"contextData": "[]",
"outputData": {
"MessageIDs": "[]"
},
"passdownData": null,
"testingDetailData": null,
"customLog": null,
"others": {}
}
},
"Raw Data": [],
"Error Message": null
}
]
}
}