I’m trying to build a dashboard for SOAR Case Data.
I couldn’t find a field in the `case_history` object that will allow me to filter by the environment name. Any suggestions?
Question
Filter by the SOAR Environment Name in the Case History dataset from Dashboards
+5To filter by environment name in Google SecOps SOAR (formerly Siemplify), you typically will not find the field directly within the case_history object itself.
Instead, you must reference the Environment field located on the associated Case object.
Since the Case History is a child dataset of the Case, you must join or reference the parent Case to filter by environment. The exact path depends on where you are performing the search:
// Example logic (pseudocode for Dashboard builder)
match:
$case_id = case.name
$env = case.environment // <--- Use this field
$history = case_history.case_id
outcome:
$current_environment = array_distinct($env)
+9- Silver 2
Or at least, this feature is not enabled on my instance.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.