Hi all, I want to attach an playbook to a number of cases via API or rerun a playbook respectively via API. I thought this would be pretty easy, but it looks like I need an parameter called "alertGroupIdentifier" besides the "cyberCaseId" and the "originalWorkflowDefinitionIdentifier". Anybody knows if this is possible without that value or how to query it easily based on case IDs?
Attach an playbook to a number of cases via API or rerun a playbook respectively via API
+5
+1Hi @Michael Schepp , By using the endpoint - "api/external/v1/dynamic-cases/GetCaseDetails/{caseId}"
You can get AlertCards with the case's alerts. Each alert has alertGroupIdentifier value that you can use with the other endpoint.
You can use for re run - api/external/v1/playbooks/RerunPlaybook
fill it with the parameters you got from here, api/external/v1/dynamic-cases/GetCaseDetails/{caseId} and
to get the id of the playbook - api/external/v1/playbooks/GetEnabledWFCards .
For even more option of Api you can go into https://app.siemplify-soar.com/swagger/index.html
+5
Hi
@Tomtomfridman
, thanks for your feedback. We're still on version 6.2.7.5 and I guess those API endpoints aren't available in there (not tested). Before you answered, I found another way by using the following endpoints:
This works for our environment.
+1@Michael Schepp Happy to hear that you managed to find something that work for you.
if there is anything else you need please let us know
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.