Overview
This node, named "Create Case Soar," is designed to create a case record in a SOAR (Security Orchestration, Automation, and Response) system. It is useful for automating the creation of incident or case records based on input data, which can help streamline security operations, customer support workflows, or any process requiring structured case management.
Typical scenarios include:
- Automatically logging security incidents detected by monitoring tools.
- Creating customer service cases from incoming requests.
- Tracking issues with detailed metadata such as catalog codes, danger levels, SLAs, and attachments.
For example, when a security alert is triggered, this node can be used to create a corresponding case in the SOAR platform with all relevant details, enabling further automated response actions.
Properties
| Name | Meaning |
|---|---|
| Name of Case | The name/title of the case to be created. |
| Catalog Type Code | Code representing the catalog type classification of the case. |
| Customer Code | Identifier code for the customer related to the case. |
| Department Code | Code for the department responsible or related to the case. |
| User Name | Username of the person creating the case. |
| Case Code | Unique code for the case; can be dynamically set from input JSON data. |
| Catalog Danger Level Code | Code indicating the danger or severity level of the case catalog. |
| SLA Code | Service Level Agreement code associated with the case. |
| Catalog Resolution Code | Code representing the resolution category for the case. |
| Description | Text description providing details about the case. |
| Date Detection | Date and time when the case was detected. |
| Date Occurrence | Date and time when the case actually occurred. |
| Attachment IDs | JSON array string of attachment IDs linked to the case (e.g., "[422]"). |
| Type | Numeric value indicating the type of the case (default is 2). |
| Options | Numeric options flag for additional case settings (default is 0). |
| More Information | Additional textual information about the case. |
| Tenancy Code | Code identifying the tenancy or environment context for the case. |
Output
The node outputs an array of JSON objects, each corresponding to one input item processed. Each output object contains:
success: Boolean indicating if the case creation succeeded.response: The full response returned from the SOAR API after creating the case.caseName: The name of the case that was created.error(only if failure): Error message describing why the case creation failed.
No binary data is produced by this node.
Dependencies
- Requires an API key credential for authenticating with the SOAR platform.
- Needs the base URL of the SOAR API endpoint.
- The node uses HTTP POST requests to send case data to the SOAR API.
- The request includes a token header for authentication and sets the language header to Vietnamese (
Accept-Language: vi).
Troubleshooting
Common Issues:
- Invalid or missing API token will cause authentication failures.
- Incorrect or incomplete required fields (e.g., missing
caseName,catalogTypeCode) may result in API errors. - Malformed JSON in the
attachmentIdsproperty can cause parsing errors. - Network connectivity problems to the SOAR API endpoint.
Error Messages:
- Errors thrown during HTTP requests are caught and either stop execution or are added to the output if "Continue On Fail" is enabled.
- Typical error messages include authentication failures, validation errors from the API, or JSON parsing exceptions.
Resolutions:
- Verify API credentials and endpoint URL.
- Ensure all required properties are correctly set.
- Validate JSON formatting for
attachmentIds. - Check network access and firewall rules.
Links and References
- [SOAR Platform API Documentation] (Please refer to your specific SOAR vendor's API docs)
- n8n HTTP Request Node Documentation
- n8n Node Development Guide