Overview
This node, named "Update Case Soar," is designed to update case records in a Soar API service. It sends an HTTP PUT request to the specified Soar API endpoint with detailed case information, allowing users to modify existing cases or add additional data to them.
Common scenarios where this node is beneficial include:
- Automating updates to incident or case management systems within security orchestration and response workflows.
- Integrating case updates from external systems or processes into a centralized Soar platform.
- Enriching case data dynamically based on workflow results or user inputs.
For example, after analyzing an alert, a security analyst could use this node to update the corresponding case in the Soar system with new findings, attachments, or status changes.
Properties
| Name | Meaning |
|---|---|
| Url of Soar API | The endpoint URL for the Soar API service where the case update request will be sent. |
| Name of Case | The name/title of the case to be updated. |
| Catalog Type Code | The catalog type code categorizing the case. |
| Customer Code | The customer identifier associated with the case. |
| Department Code | The department identifier related to the case. |
| User Name | Username of the person performing the update. |
| Case Code | Unique code of the case; can be dynamically set from input JSON data. |
| Catalog Danger Level Code | Danger level classification code for the case catalog (optional). |
| SLA Code | Service Level Agreement code applicable to the case (optional). |
| Catalog Resolution Code | Resolution code indicating how the case was resolved (optional). |
| Description | Text description providing details about the case (optional). |
| Date Detection | Date and time when the case was detected (optional). |
| Date Occurrence | Date and time when the case occurred (optional). |
| Attachment IDs | JSON array string of attachment IDs linked to the case (e.g., "[422]"). |
| Type | Numeric type identifier for the case (default is 2). |
| Options | Numeric options flag for the case (default is 0). |
| More Information | Additional textual information about the case (optional). |
| Tenancy Code | Tenancy code related to the case context (optional). |
Output
The node outputs an array of JSON objects, each representing the result of updating a case for each input item. Each output object contains:
success: Boolean indicating if the update was successful.response: The full response body returned by the Soar API.statusCode: HTTP status code from the API response.caseName: The name of the case that was updated.- In case of failure, it also includes:
error: Error message describing what went wrong.response: Response body or text from the failed request.
No binary data output is produced by this node.
Dependencies
- Requires access to a Soar API service endpoint.
- Needs an API authentication token credential configured in n8n (referred generically as "an API key credential").
- The node uses HTTP PUT requests with JSON payloads to communicate with the Soar API.
- The node expects the Soar API to accept a JSON object under a
fieldsproperty containing case details.
Troubleshooting
Common issues:
- Invalid or missing API token causing authentication failures.
- Incorrect or unreachable Soar API URL leading to network errors.
- Malformed JSON in the
attachmentIdsproperty causing parsing errors. - Missing required fields resulting in API validation errors.
Error messages:
- Errors during the HTTP request are logged with details including status code and response body.
- If the node is set to not continue on fail, it throws a detailed error including the HTTP status and response content.
Resolutions:
- Verify the API token credential is correctly configured and valid.
- Confirm the Soar API URL is correct and accessible from the n8n environment.
- Ensure
attachmentIdsis a valid JSON array string. - Provide all required properties as per the node configuration.
Links and References
- No direct external links provided in the source code.
- For more information on Soar APIs, consult your Soar platform's official API documentation.
- Refer to n8n documentation on HTTP Request node for similar HTTP interaction patterns.