Breadcrumbs

Search Case

Last updated: Feb 27, 2024

Search cases based on the given search criteria

Implementation

System

Command Category

System Utility

Tags

Case

Inputs

Parameter Name

Required/Optional

Description

Sample Data

Site Name

Optional

The name of the site in which the cases are

Security Operations

Case Type

Optional

The type of the cases

Criminal Investigation

Start Time UTC

Optional

The earliest UTC report time of cases

2021-01-26 00:00:00

End Time UTC

Optional

The latest UTC report time of cases

2021-01-27 00:00:00

Case Status

Optional

The status of the cases

Prepare

Wildcard Search

Optional

A general search string for cases

20201201-3

Username

Optional

The username of user who accesses the cases. This username will be used only when the task is run automatically

admin user

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

Sample Data

JSON
[
    "20201201-3"
]
Context Data

The response data from the utility command.

Sample Data

JSON
[
    {
        "Case Number": "20201201-3",
        "Case Site": "Security Operations",
        "Case Type": "Criminal Investigation",
        "Case Title": "A case title",
        "Case Report Date UTC": "2021-01-26 12:45:29.000",
        "Case Status": "Prepare",
        "Case Creator": "admin user"
    }
]

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

https:/{base_url}/{api_namespace}/api/Command/SearchCase

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON
{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Site Name": <Site Name here>,
    "Case Type": <Case Type here>,
    "Start Time UTC": <Start Time UTC here>,
    "End Time UTC": <End Time UTC here>,
    "Case Status": <Case Status here>,
    "Wildcard Search": <Wildcard Search here>,
    "Username": <Username here>,
  }
}

Body Parameters

Parameter Name

Type

Required/Optional

Description

Username

Text

Optional

The username of your D3 SOAR account.

Site

Text

Optional

The name of the site in which the cases are

Site Name

Text

Optional

The name of the site in which the cases are

Case Type

Text

Optional

The type of the cases

Start Time UTC

DateTime

Optional

The earliest UTC report time of cases

End Time UTC

DateTime

Optional

The latest UTC report time of cases

Case Status

Text

Optional

The status of the cases

Wildcard Search

Text

Optional

A general search string for cases

Sample Request

Sample Data

JSON
{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Site Name": "Security Operations",
    "Case Type": "Criminal Investigation",
    "Start Time UTC": "2021-01-26 00:00:00",
    "End Time UTC": "2021-01-27 00:00:00",
    "Case Status": "Prepare",
    "Wildcard Search": "20201201-3",
    "Username": "admin user"
  }
}

Response

Response Fields

Field Name

Type

Description

error

string

The error message if the API request has failed.

returnData

String

The return data from the API request.

contextData

JSON Array

The context data from the API request.

Sample Response

JSON
{
    "error":"",
    "returnData":["20201201-3"],
    "contextData":[
        {
            "Case Number": "20201201-3",
            "Case Site": "Security Operations",
            "Case Type": "Criminal Investigation",
            "Case Title": "A case title",
            "Case Report Date UTC": "2021-01-26 12:45:29.000",
            "Case Status": "Prepare",
            "Case Creator": "admin user"
        }
    ]
}