Overview
This node, Change User For Case Soar, is designed to update the user information associated with a case in a SOAR (Security Orchestration, Automation, and Response) system via its API. It sends a PUT request to the specified SOAR API endpoint to change the user details for a given case, including department code, username, reason for the change, and optionally tenancy code.
Common scenarios where this node is beneficial:
- Automating updates of case ownership or responsibility within a SOAR platform.
- Integrating case management workflows where user assignments need to be changed programmatically.
- Ensuring audit trails by providing reasons for user changes on cases.
Practical example:
An incident response team wants to reassign a security case from one analyst to another due to shift changes. This node can be used in an n8n workflow to update the case owner automatically, specifying the new user, department, and reason for the reassignment.
Properties
| Name | Meaning |
|---|---|
| Url of Soar API | The endpoint URL for the SOAR API service where the case user change request is sent. |
| User Name | Username of the user who will be assigned to the case. |
| Department Code | Department code related to the case, indicating which department the case belongs to. |
| Reason | Explanation or justification for changing the user on the case. |
| Tenancy Code | Optional tenancy code associated with the case, if applicable in the SOAR environment. |
Output
The node outputs an array of JSON objects, each corresponding to an input item processed:
success: A boolean indicating whether the user change operation was successful.response: The full response object returned from the SOAR API after the PUT request.error(only if failure and continueOnFail is enabled): The error message describing what went wrong during the request.
If the node encounters an error and continueOnFail is not enabled, it throws an error stopping execution.
No binary data output is produced by this node.
Dependencies
- Requires access to a SOAR API endpoint that supports updating case user information via HTTP PUT requests.
- Needs an API authentication token credential configured in n8n (referred generically as "an API key credential").
- The node uses HTTP headers including the token for authorization and sets content type to JSON.
- The node expects the SOAR API to accept parameters:
department_code,username,reason, and optionallytenancy_code.
Troubleshooting
Common issues:
- Incorrect or missing API endpoint URL (
soarUrl) causing connection failures. - Invalid or expired API token leading to authorization errors.
- Missing required parameters like
userName,departmentCode, orreason. - Network connectivity problems between n8n and the SOAR API server.
- Incorrect or missing API endpoint URL (
Error messages:
- Errors thrown by the node include detailed messages from the HTTP request failure.
- If the node fails and
continueOnFailis disabled, the workflow stops with a descriptive error. - To handle intermittent failures gracefully, enable
continueOnFailto allow processing subsequent items.
Resolution tips:
- Verify the SOAR API URL and credentials are correct and active.
- Ensure all required fields are provided and valid.
- Check network access and firewall rules allowing n8n to reach the SOAR API.
- Review SOAR API documentation for expected request format and authentication method.
Links and References
- SOAR Platform API Documentation (Replace with actual SOAR API docs link)
- n8n HTTP Request Node Documentation
- n8n Error Handling Guide