Search Event | docs.d3security

Last updated: aug 19, 2024

Search events based on the given search criteria

Implementation	System
Command Category	System Utility
Tags	Event Event search

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Time Range	Required	Set the Time Range to fetch. "timeRangeType": 0 - Custom range, 1 - Past hour, 2 - Past 24 hours, 3 - Past week, 4 - Past month	`{ "timeRangeType": 4, "startTime": "2020-06-04 23:02:11", "endTime": "2020-07-04 23:02:11" }`
Top Recent Event Number	Required	Set the number of the most recent Event(s) to fetch	20
Constraint Condition	Required	Conditions for filtering events	[Configured in Playbook Command Task Editor]

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

Sample Data

JSON

{
    "EventIDs": [
        60098,
        60097,
        60096
    ]
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

https:/{base_url}/{api_namespace}/api/Command/SearchEvent

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": <Username here>,
  "Site": <Site here>,
  "CommandParams": {
    "Time Range": {
      "timeRangeType": <Time Range Type here>,
      "startTime": <Start Time here>,
      "endTime": <End Time here>
    },
    "Top Recent Event Number": <Top Recent Event Number here>,
    "Constraint Condition": <Constraint Condition here>
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`string`	Required	The username of your D3 SOAR account.
Site	`string`	Required	The D3 SOAR site to run the remote command.
Time Range	`JSON Object`	Optional	Set the Time Range to fetch. "timeRangeType": 0 - Custom range, 1 - Past hour, 2 - Past 24 hours, 3 - Past week, 4 - Past month
Top Recent Event Number	`Integer`	Optional	Set the number of the most recent Event(s) to fetch
Constraint Condition	`array<JSON Object`>	Optional	Conditions for filtering events

Sample Request

Sample Data

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Time Range": {
      "timeRangeType": 4,
      "startTime": "2020-06-04 23:02:11",
      "endTime": "2020-07-04 23:02:11"
    },
    "Top Recent Event Number": 20,
    "Constraint Condition": "[Configured in Playbook Command Task Editor]"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`string`	The error message if the API request has failed.
returnData	`JSON Object`	The return data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": {
        "EventIDs": [
            60098,
            60097,
            60096
        ]
    }
}