Hey ​@hisoofun ,

It’s possible, but you would need to create a custom Job that will monitor for all the cases that were closed and then invoke Chronicle API to add entries to the specific Data Table.

Latest version of Google Chronicle integration has actions that interact with Data Tables, so they can be taken as a reference and for the Job, you can refer to the Sample Integration for the inspiration.

Can’t this be achieved through a playbook? For example, when a case is closed, a playbook could be triggered, and using actions, the required data could be appended into the datatable. Is this approach not possible?

​@hisoofun ,

As of today, you can’t triggered playbook or execute actions on closed Cases/Alerts.

How do I download the Datatable to my machine ?

​@hisoofun ,

Can you elaborate what you mean by download Data Table to the machine? Do you want to fetch the Data Table and it’s content and store it somewhere?

Yes, I want to download it as a csv file for report 

​@hisoofun ,

To export the Data Tables, you would need to create a script that will invoke this method and convert it into a CSV. As of now, there is no native way to do this.

You can also build a playbook that will use action “Get Data Tables” (Google Chronicle) → Save JSON To CSV (CSV)

The challenge with second method is that you will only have at max 1000 rows returned, which may not be the full content of Data Table.