Hello
I'm looking for possible workaround or solution into case search filter in search (CaseSearchEverything) in API or Platform itself.
Objective:
- Create a search filter using parameters in chronicle soar search.
- cases, case status, title, product, timeframe, tag, env, case sources
- along with if playbook attached, and playbook execution status == failed etc.
- Perform a search using above parameters in chronicle soar search.
Now at the moment, there is no support to create the filter in search same which available in case management (there is create and save custom filter in case management, and it can be used for filtering out cases).
The same problem in API level, there is no parameters for filtering out cases associated with attached playbook and playbook execution status (i.e. open or close etc).
So, question here, it there any way to possible any future improvement on
- create filter in search.
- more parameters in search such as playbook attached, playbook execution status etc.
API Request:
Request URL: https://<Chronicle_SOAR_TLD>/api/external/v1/search/CaseSearchEverything?format=camel
Request Method: POST
Payload:
{
"tags": ["<tag>"],
"ruleGenerator": [],
"caseSource": ["System"],
"stage": [],
"environments": ["Default Environment"],
"assignedUsers": [],
"products": ["<product>"],
"ports": [],
"categoryOutcomes": [],
"status": [],
"caseIds": [],
"incident": [],
"importance": [],
"priorities": [],
"pageSize": 50,
"title": "<case title prefix",
"startTime": "<datetime>",
"endTime": "<datetime>",
"requestedPage": 0,
"timeRangeFilter": 1,
"isCaseClosed": true
}
Thanks.
LinkedIn
Twitter
