Overview
This node, named "Update Case Soar," is designed to update case records in a Soar API service. It sends detailed case information to a specified Soar API endpoint using an HTTP PUT request. This node is useful in scenarios where automated workflows need to synchronize or update case data within a security orchestration, automation, and response (SOAR) platform.
Practical examples include:
- Automatically updating incident cases with new details after enrichment or investigation steps.
- Synchronizing case status and metadata from external systems into the SOAR platform.
- Adding attachments or additional information to existing cases as part of an automated response workflow.
Properties
| Name | Meaning |
|---|---|
| Url of Soar API | The endpoint URL for the Soar API service where the case update request will be sent. |
| Name of Case | The name/title of the case to be updated. |
| Catalog Type Code | The catalog type code categorizing the case. |
| Customer Code | The customer identifier associated with the case. |
| Department Code | The department identifier related to the case. |
| User Name | Username of the user performing the case update. |
| Case Code | Unique code identifying the case; can be dynamically set from input JSON data. |
| Catalog Danger Level Code | Danger level classification code for the case catalog. |
| SLA Code | Service Level Agreement code applicable to the case. |
| Catalog Resolution Code | Resolution code indicating how the case was resolved. |
| Description | Text description providing details about the case. |
| Date Detection | Date and time when the case was detected. |
| Date Occurrence | Date and time when the case actually occurred. |
| Attachment IDs | Array of attachment IDs linked to the case, provided as a JSON string. |
| Type | Numeric type identifier for the case (default is 2). |
| Options | Numeric options flag for additional case settings (default is 0). |
| More Information | Additional textual information about the case. |
| Tenancy Code | Tenancy code associated with the case for multi-tenant environments. |
Output
The node outputs an array of JSON objects, each corresponding to an input item processed. Each output object contains:
success: Boolean indicating if the update was successful.response: The full response returned by the Soar API after the update request.caseName: The name of the case that was updated.error(only if failed): Error message describing why the update failed.
No binary data is output by this node.
Dependencies
- Requires access to a Soar API endpoint URL.
- Requires an API authentication token credential to authorize requests to the Soar API.
- The node uses HTTP PUT requests to communicate with the Soar API.
- The node expects the environment to provide valid credentials and network access to the Soar API service.
Troubleshooting
Common issues:
- Invalid or missing API endpoint URL will cause request failures.
- Incorrect or expired API authentication token will result in authorization errors.
- Malformed JSON in the
attachmentIdsproperty may cause parsing errors. - Required fields missing or empty may lead to validation errors from the API.
Error messages:
- Errors thrown during HTTP requests are logged and can either stop execution or be captured per item if "Continue On Fail" is enabled.
- Typical error messages include network errors, unauthorized access, or invalid payload responses from the Soar API.
Resolutions:
- Verify the Soar API URL and ensure it is reachable.
- Confirm the API token is valid and has sufficient permissions.
- Ensure all required properties are correctly set and formatted.
- Use the node's logging to inspect the exact parameters sent and API responses for debugging.
Links and References
- No direct links are embedded in the source code.
- For more information on the Soar API, consult the official documentation of the specific SOAR platform you are integrating with.
- Refer to n8n documentation on HTTP Request and Credentials for setup guidance.