Change User For Case Soar

Change User For case in Soar

Overview

This node, "Change User For Case Soar," is designed to update the user associated with a case in a SOAR (Security Orchestration, Automation, and Response) system via its API. It sends an HTTP PUT request to the specified SOAR API endpoint to change the user details for a given case, including department code, username, reason for change, and optionally tenancy code.

Common scenarios where this node is useful include automating case management workflows in security operations centers (SOCs), where cases need to be reassigned or updated programmatically based on dynamic conditions or external triggers. For example, when a new analyst takes over a case, this node can update the case owner automatically without manual intervention.

Properties

Name	Meaning
Url of Soar API	The endpoint URL for the SOAR API service where the case update request will be sent.
User Name	Username of the user who will be set as the new owner or responsible person for the case.
Department Code	Code representing the department related to the case.
Reason	Explanation or justification for changing the user on the case.
Tenancy Code	Optional tenancy code associated with the case, if applicable.

Output

The node outputs an array of JSON objects, each corresponding to an input item processed:

success: A boolean indicating whether the update was successful.
response: The full response from the SOAR API after attempting to update the case.
If an error occurs and the node is configured to continue on failure:
- success: false
- error: Error message describing what went wrong.
- statusCode: HTTP status code returned by the API.
- response: Detailed response body or text from the failed API call.
- caseName: (If available) The name of the case involved in the operation.

The node does not output binary data.

Dependencies

Requires access to a SOAR API endpoint that supports updating case user information via HTTP PUT requests.
Needs an API authentication token credential to authorize requests to the SOAR API.
The node expects the environment to provide this token securely through n8n credentials configuration.
The HTTP request includes headers specifying content type as JSON and language preference as Vietnamese (Accept-Language: vi).

Troubleshooting

Common Issues:
- Incorrect or missing SOAR API URL can cause connection failures.
- Invalid or expired API token will result in authorization errors.
- Missing required properties like username, department code, or reason may cause the API to reject the request.
- Network issues or API downtime can lead to request timeouts or failures.
Error Messages:
- Errors include detailed messages with HTTP status codes and response bodies when available.
- Typical errors might mention unauthorized access (401), bad request (400), or server errors (500).
- To resolve, verify the API URL, ensure the API token is valid, and confirm all required parameters are correctly set.
- If continuing on fail is disabled, the node will throw an error stopping execution; enabling it allows processing subsequent items despite failures.

Links and References

[SOAR API Documentation] (Please refer to your specific SOAR platform's API docs for exact endpoint and payload details)
n8n HTTP Request Node Documentation
n8n Credentials Management