How can I identify Google SecOps SOAR cases with failed playbook runs?

I'm looking for a way to identify Google SecOps SOAR cases where one or more playbook executions have failed. My goal is to programmatically retrieve a list of these cases, ideally using methods available within the Siemplify SDK (Python), so I can process them further in custom jobs or actions

Is there a specific Siemplify SDK method, API endpoint, or recommended approach to filter cases based on the success/failure status of their associated playbook runs? I'm trying to avoid manually checking the playbook monitor for each case.

Thanks!

Page 1 / 1

Hi @SaitejaKatta,

Does the below endpoint work for you?

/api/external/v1/cases/GetWorkflowInstanceSummary

Kind Regards,

Ayman

@AymanC , when I invoked the API endpoint “/api/external/v1/cases/GetWorkflowInstanceSummary”, I got below response

{
 "errorCode": 2000,
 "errorMessage": "An error has occurred. When reporting the issue to SecOps support, provide the identifier: df856ec04e [removed by moderator] 1664354af and describe the action that has failed.",
 "innerException": null,
 "innerExceptionType": null,
 "correlationId": "df856ec04e [removed by moderator] 1664354af"
}

Hi @SaitejaKatta,

Likely not passing the correct values, the schema is:

Siemplify.Server.Api.DataModel.Playbooks.ApiWorkflowRequestDataModel{

caseId

integer($int64)

alertIdentifier

string
nullable: true

shouldFetchSteps

boolean

definitionIdentifier

string($uuid)

collapseBlocks

boolean

nestedStepIdentifier

string($uuid)
nullable: true

parentWorkflowInstanceId

integer($int64)

loopsRequestedIterations

[
nullable: true

Siemplify.Common.Orchestration.DataModel.Requests.ApiLoopIterationRequest{

startLoopStepIdentifier

string($uuid)

loopIteration

integer($int32)

}]

parentWorkflowLoopIteration

integer($int32)
nullable: true

}

For Example:

{

  "caseId": 0,

  "alertIdentifier": "string",

  "shouldFetchSteps": true,

  "definitionIdentifier": "3fa85f64-5717-4562-b3fc-2c963f66afa6",

  "collapseBlocks": true,

  "nestedStepIdentifier": "3fa85f64-5717-4562-b3fc-2c963f66afa6",

  "parentWorkflowInstanceId": 0,

  "loopsRequestedIterations": [

    {

      "startLoopStepIdentifier": "3fa85f64-5717-4562-b3fc-2c963f66afa6",

      "loopIteration": 0

    }

  ],

  "parentWorkflowLoopIteration": 0

}

Kind Regards,

Ayman

Hi @AymanC ,
I invoked the API from swagger, the request body is in the same schema.

Thanks!

Hi @SaitejaKatta,

I’d suggest using log explorer with the identifier for further information regarding why it has failed, alternatively raising a support ticket with Google may allow them to identify the issue you’re failing, unfortunately it's difficult to troubleshoot the issue you’re facing without further information.

Kind Regards,

Ayman

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded