How to append/update the Data table whenever a case is closed with the SOAR Data such as Case ID, Case name, Analyst name and Closure Comments as such?
Is it possible via API ? or is there any other way?
Solved
SOAR Data to Data table
+3- Bronze 1
Best answer by ylandovskyy
Hey
It’s possible, but you would need to create a custom Job that will monitor for all the cases that were closed and then invoke Chronicle API to add entries to the specific Data Table.
Latest version of Google Chronicle integration has actions that interact with Data Tables, so they can be taken as a reference and for the Job, you can refer to the Sample Integration for the inspiration.
+16Hey
It’s possible, but you would need to create a custom Job that will monitor for all the cases that were closed and then invoke Chronicle API to add entries to the specific Data Table.
Latest version of Google Chronicle integration has actions that interact with Data Tables, so they can be taken as a reference and for the Job, you can refer to the Sample Integration for the inspiration.
+3- Bronze 1
Hey
It’s possible, but you would need to create a custom Job that will monitor for all the cases that were closed and then invoke Chronicle API to add entries to the specific Data Table.
Latest version of Google Chronicle integration has actions that interact with Data Tables, so they can be taken as a reference and for the Job, you can refer to the Sample Integration for the inspiration.
Can’t this be achieved through a playbook? For example, when a case is closed, a playbook could be triggered, and using actions, the required data could be appended into the datatable. Is this approach not possible?
+16
As of today, you can’t triggered playbook or execute actions on closed Cases/Alerts.
+3- Bronze 1
Hey
It’s possible, but you would need to create a custom Job that will monitor for all the cases that were closed and then invoke Chronicle API to add entries to the specific Data Table.
Latest version of Google Chronicle integration has actions that interact with Data Tables, so they can be taken as a reference and for the Job, you can refer to the Sample Integration for the inspiration.
How do I download the Datatable to my machine ?
+16
Can you elaborate what you mean by download Data Table to the machine? Do you want to fetch the Data Table and it’s content and store it somewhere?
+3- Bronze 1
Can you elaborate what you mean by download Data Table to the machine? Do you want to fetch the Data Table and it’s content and store it somewhere?
Yes, I want to download it as a csv file for report
+16
To export the Data Tables, you would need to create a script that will invoke this method and convert it into a CSV. As of now, there is no native way to do this.
You can also build a playbook that will use action “Get Data Tables” (Google Chronicle) → Save JSON To CSV (CSV)
The challenge with second method is that you will only have at max 1000 rows returned, which may not be the full content of Data Table.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.