Last updated: Sept 04, 2024
Retrieves related incidents' information.
|
Implementation |
System |
|
Command Category |
Basic Utility |
|
Tags |
Incident Incident management |
Inputs
|
Parameter Name |
Required/Optional |
Description |
Sample Data |
|---|---|---|---|
|
Artifact Type |
Required |
The type of artifact to filter by. |
Internal Endpoint |
|
Artifact Name(s) |
Required |
An array of artifact names to filter by. The artifact in the array should correspond to the artifact type specified in the input above. |
|
|
Search Within Last Number of Days |
Required |
The time frame, in days, before today (using UTC time), within which incidents were created and will be included in the search. |
90 |
|
Maximum Number of Results |
Required |
The upper limit on the number of incidents to be returned. |
10 |
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetRelatedIncidentsByArtifact
Headers
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": "<Username here>",
"Site": "<Site here>",
"CommandParams": {
"Artifact Type": "<Artifact Type here>",
"Artifact Name(s)": "<Artifact Name(s) here>,
"Search Within Last Number of Days": "<Search Within Last Number of Days here>",
"Maximum Number of Results": "<Maximum Number of Results here>"
}
}
Body Parameters
|
Parameter Name |
Type |
Required/Optional |
Description |
|---|---|---|---|
|
Username |
|
Required |
The username of your D3 SOAR account. |
|
Site |
|
Required |
The D3 SOAR site to run the remote command. |
|
Artifact Type |
|
Required |
The type of artifact to filter by. |
|
Artifact Name(s) |
|
Required |
An array of artifact names to filter by. The artifact in the array should correspond to the artifact type specified in the input above. |
|
Search Within Last Number of Days |
|
Required |
The time frame, in days, before today (using UTC time), within which incidents were created and will be included in the search. |
|
Maximum Number of Results |
|
Required |
The upper limit on the number of incidents to be returned. |
Sample Request
Sample Data
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"Artifact Type": "Internal Endpoint",
"Artifact Name(s)": [
"192.168.1.123",
"D3CYBER-DC"
],
"Search Within Last Number of Days": 90,
"Maximum Number of Results": 10
}
}
Response
Response Fields
|
Field Name |
Type |
Description |
|---|---|---|
|
error |
|
The error message if the API request has failed. |
|
returnData |
|
The return data from the API request. |
Sample Response
{
"error": "",
"returnData": [
{
"Status": "Successful",
"Data": [
{
"Creator": "admin user",
"CreatorID": 1,
"Description": "Description",
"ID": 1,
"IncidentNo": "20221203-1",
"IncidentTypeID": 1,
"IncidentTypeName": "Playbook - Phishing",
"Owner": "admin user",
"OwnerID": 1,
"OwnerSite": "Site",
"OwnerSiteID": 95,
"ReportingDate": "2022-12-03T02:20:05Z",
"ReportingUtcDate": "2022-12-02T18:20:05Z",
"SeverityID": 5,
"SeverityName": "Critical",
"Status": "Closed",
"StatusID": 3,
"TimeZone": "China Standard Time",
"Title": "Title"
}
]
}
]
}