Create Case Soar icon

Create Case Soar

Create case in Soar

Overview

This node, named "Create Case Soar," is designed to create a case record in a Soar (Security Orchestration, Automation, and Response) system via its API. It sends detailed case information such as case name, catalog codes, customer and department identifiers, user details, dates, attachments, and other metadata to the Soar API endpoint.

Typical use cases include automating the creation of security incident or case records from external systems or workflows, enabling seamless integration between n8n and Soar platforms. For example, when an alert is triggered in a monitoring system, this node can automatically create a corresponding case in Soar for further investigation and tracking.

Properties

Name Meaning
Url of Soar API The endpoint URL for the Soar API service where the case will be created
Name of Case The name/title of the case to be created
Catalog Type Code Code representing the catalog type of the case
Customer Code Identifier code for the customer related to the case
Department Code Identifier code for the department related to the case
User Name Username of the person creating the case
Case Code Optional code for the case; can be dynamically set from input JSON data
Catalog Danger Level Code Danger level classification code for the case catalog
SLA Code Service Level Agreement code associated with the case
Catalog Resolution Code Resolution code for the case catalog
Description Text description providing details about the case
Date Detection Date and time when the case was detected
Date Occurrence Date and time when the case actually occurred
Attachment IDs JSON array string of attachment IDs linked to the case
Type Numeric type identifier for the case (e.g., 2)
Options Numeric options flag for the case
More Information Additional textual information about the case
Tenancy Code Code identifying tenancy context for the case

Output

The node outputs an array of JSON objects, each corresponding to an input item processed. Each output object contains:

  • success: Boolean indicating if the case creation succeeded.
  • response: The body of the HTTP response returned by the Soar API.
  • statusCode: HTTP status code from the API response.
  • caseName: The name of the case that was attempted to be created.
  • If an error occurs and the node is configured to continue on failure, the output includes:
    • success: false
    • error: Error message describing what went wrong.
    • statusCode: HTTP status code if available.
    • response: Response body or error details from the failed request.

The node does not output binary data.

Dependencies

  • Requires access to a Soar API endpoint URL.
  • Requires an API authentication token credential to authorize requests to the Soar API.
  • The node uses HTTP POST requests with JSON payloads to communicate with the Soar API.
  • The node expects the environment to have network access to the specified Soar API URL.

Troubleshooting

  • Common Issues:

    • Invalid or missing API token causing authentication failures.
    • Incorrect or unreachable Soar API URL leading to connection errors.
    • Malformed JSON in the attachmentIds property causing parsing errors.
    • Required fields missing or empty, resulting in API validation errors.

  • Error Messages:

    • "API request failed: <message>. Status: <code>. Response: <body>" indicates the HTTP request to the Soar API failed. Check the API URL, credentials, and request payload.
    • Network errors or timeouts suggest connectivity issues to the Soar API endpoint.
    • JSON parsing errors on attachmentIds indicate invalid JSON format; ensure it is a valid JSON array string.

  • Resolutions:

    • Verify and update the API token credential.
    • Confirm the Soar API URL is correct and accessible.
    • Validate the JSON format of attachmentIds.
    • Ensure all required properties are provided and correctly formatted.
    • Enable "Continue On Fail" option to allow processing of multiple items even if some fail.

Links and References

Discussion