Update a Case | docs.d3security

Last updated: Feb 27, 2024

Update a case.

Implementation	System
Command Category	System Utility
Tags	Case

Inputs

Parameter Name	Required/Optional	Description	Sample Data
Case Number	Required	The Case Number of the case that will undergo an update.	20230130-156
Case Status	Optional	The desired status to which the case should be changed.	BillingApp
Incident Date	Optional	The date on which the incident occurred.	02/16/2021 00:00
Owner Site	Optional	The site where the case was reported.	Corporate Security
Case Type	Optional	The type of the case.	IT Forensic
Priority	Optional	The Priority of the case.	Level 1
Invesitagtor	Optional	Specifies the name of the Safe where the password is stored.	James
Description	Optional	The Description of the case.	Here is the description of the case created
Title	Optional	The title of the case.	Case Title
Access Level	Optional	The Access Level of the case.	5
User Name	Optional	The User Name of the user that is performing the update.	SecurityAdmin

Output

Return Data

The returned result of this command. If some required parameters are not defined, this returned data could be empty. The returned result can be passed down directly to a subsequent command in playbooks.

Sample Data

JSON

Successful

Raw Data

The response data from the utility command.

Sample Data

JSON

{
    "CaseNumber": "20230130-156"
}

Remote Command API

The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.

Request

POST

https:/{base_url}/{api_namespace}/api/Command/updateCase

Headers

Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.

Request Body

JSON

{
  "Username": "<Username here>",
  "Site": "<Site here>",
  "CommandParams": {
    "Case Number": "<Case Number here>",
    "Case Status": "<Case Status here>",
    "Incident Date": "<Incident Date here>",
    "Owner Site": "<Owner Site here>",
    "Case Type": "<Case Type here>",
    "Priority": "<Priority here>",
    "Invesitagtor": "<Invesitagtor here>",
    "Description": "<Description here>",
    "Title": "<Title here>",
    "Access Level": "<Access Level here>",
    "User Name": "<User Name here>"
  }
}

Body Parameters

Parameter Name	Type	Required/Optional	Description
Username	`String`	Required	The username of your D3 SOAR account.
Site	`String`	Required	The D3 SOAR site to run the remote command.
Case Number	`Text`	Required	The Case Number of the case that will undergo an update.
Case Status	`Text`	Optional	The desired status to which the case should be changed.
Incident Date	`DateTime`	Optional	The date on which the incident occurred.
Owner Site	`Text`	Optional	The site where the case was reported.
Case Type	`Text`	Optional	The type of the case.
Priority	`Text`	Optional	The Priority of the case.
Invesitagtor	`Text`	Optional	Specifies the name of the Safe where the password is stored.
Description	`Text`	Optional	The Description of the case.
Title	`Text`	Optional	The title of the case.
Access Level	`Text`	Optional	The Access Level of the case.
User Name	`Text`	Optional	The User Name of the user that is performing the update.

Sample Request

Sample Data

JSON

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Case Number": "20230130-156",
    "Case Status": "BillingApp",
    "Incident Date": "02/16/2021 00:00",
    "Owner Site": "Corporate Security",
    "Case Type": "IT Forensic",
    "Priority": "Level 1",
    "Invesitagtor": "James",
    "Description": "Here is the description of the case created",
    "Title": "Case Title",
    "Access Level": 5,
    "User Name": "SecurityAdmin"
  }
}

Response

Response Fields

Field Name	Type	Description
error	`Text`	The error message if the API request has failed.
returnData	`Text`	The return data from the API request.
rawData	`JSON Object`	The raw data from the API request.

Sample Response

JSON

{
    "error": "",
    "returnData": "Successful",
    "rawData": {
        "CaseNumber": "20230130-156"
    }
}