Overview
This node, named "Create Case Soar," is designed to create a new case record in a SOAR (Security Orchestration, Automation, and Response) system via an HTTP API. It is useful for automating the creation of incident or case records based on input data within an n8n workflow. Typical scenarios include security incident management, customer support ticketing, or any process requiring structured case creation with detailed metadata.
For example, when a security alert is detected, this node can automatically create a corresponding case in the SOAR platform, populating it with relevant details such as catalog codes, customer information, detection dates, and attachments.
Properties
| Name | Meaning |
|---|---|
| Name of Case | The name/title of the case to be created. |
| Catalog Type Code | Code representing the catalog type classification of the case. |
| Customer Code | Identifier code for the customer related to the case. |
| Department Code | Code identifying the department responsible for the case. |
| User Name | Username of the person creating the case. |
| Case Code | Optional code for the case; can be dynamically set from incoming JSON data. |
| Catalog Danger Level Code | Code indicating the danger level associated with the case catalog. |
| SLA Code | Service Level Agreement code applicable to the case. |
| Catalog Resolution Code | Code representing the resolution category for the case. |
| Description | Text description providing details about the case. |
| Date Detection | Date and time when the case was detected. |
| Date Occurrence | Date and time when the case actually occurred. |
| Attachment IDs | JSON string representing an array of attachment IDs linked to the case (e.g., "[422]"). |
| Type | Numeric value indicating the type of the case (default is 2). |
| Options | Numeric options flag for additional case settings (default is 0). |
| More Information | Additional textual information about the case. |
| Tenancy Code | Code specifying tenancy context for the case. |
Output
The node outputs an array of JSON objects, each corresponding to an input item processed. Each output object contains:
success: Boolean indicating if the case creation succeeded.response: The full response object returned by the SOAR API upon successful creation.caseName: The name of the case that was created.error(only if failure): Error message describing why the case creation failed.
No binary data is produced by this node.
Dependencies
- Requires an API key credential for authenticating with the SOAR system's API.
- The base URL for the API is statically set to
http://192.168.143.73:2025. - The node sends requests to the endpoint
/api/camunda/casesusing HTTP POST. - The API expects JSON payloads and returns JSON responses.
- The request includes a custom header
tokenwith the API token and sets theAccept-Languageheader to Vietnamese (vi).
Troubleshooting
Common issues:
- Invalid or missing API token will cause authentication failures.
- Malformed JSON in the
Attachment IDsproperty may cause parsing errors. - Required fields missing or empty will likely result in API validation errors.
- Network connectivity issues to the hardcoded IP address will prevent case creation.
Error messages:
- If the API returns an error, the node logs the error and either continues processing other items (if configured to continue on fail) or throws an operation error stopping execution.
- Parsing errors on
attachmentIdswill throw exceptions; ensure the input is a valid JSON array string.
Resolution tips:
- Verify the API token is correctly configured in credentials.
- Ensure all required properties are provided and valid.
- Confirm the SOAR API endpoint is reachable from the n8n instance.
- Validate the format of
attachmentIdsbefore passing it to the node.
Links and References
- No direct external links are provided in the source code.
- For further details, consult the documentation of the SOAR platform’s API at
/api/camunda/cases. - Refer to n8n documentation on HTTP Request Node for understanding HTTP interactions.