Change User For Case Soar icon

Change User For Case Soar

Change User For case in Soar
Join our community

Overview

This node, named "Change User For Case Soar," is designed to update the user information associated with a case in a SOAR (Security Orchestration, Automation, and Response) system via its API. It sends an HTTP PUT request to a specified SOAR API endpoint to change the user details for a case, including department code, username, reason for the change, and optionally tenancy code.

Common scenarios where this node is beneficial include automating case management workflows in security operations centers (SOCs), where cases need to be reassigned or updated programmatically based on dynamic conditions or external triggers. For example, when a case needs to be transferred to a different analyst or department, this node can automate that update without manual intervention.

Properties

Name Meaning
Url of Soar API The endpoint URL for the SOAR API service where the case update request will be sent.
User Name Username of the user who will be set as the new owner or responsible person for the case.
Department Code Code representing the department related to the case.
Reason Explanation or justification for changing the user on the case.
Tenancy Code Optional tenancy code associated with the case, if applicable.

Output

The node outputs an array with one item per input. Each output item contains a json object with the following structure:

  • success: A boolean indicating whether the update was successful (true) or not (false).
  • response: The full response object returned from the SOAR API upon a successful update.
  • error: If the update failed and the node is configured to continue on failure, this field contains the error message describing what went wrong.

No binary data is produced by this node.

Dependencies

  • Requires access to a SOAR API endpoint that supports updating case user information via HTTP PUT requests.
  • Needs an API authentication token credential to authorize requests to the SOAR API.
  • The node expects the API token to be available through n8n credentials configuration.
  • The HTTP request includes headers specifying content type as JSON and language preference as Vietnamese (Accept-Language: vi).

Troubleshooting

  • Common issues:

    • Incorrect or missing SOAR API URL will cause connection failures.
    • Invalid or expired API token will result in authorization errors.
    • Missing required parameters such as username, department code, or reason will likely cause the API to reject the request.
    • Network connectivity problems between n8n and the SOAR API endpoint.

  • Error messages:

    • Errors thrown during the HTTP request are logged and, depending on the node's "continue on fail" setting, either stop execution or return an error object.
    • Typical error messages may include HTTP status codes like 401 Unauthorized, 404 Not Found, or 400 Bad Request, which indicate authentication issues, incorrect URLs, or invalid payloads respectively.

  • Resolution tips:

    • Verify the SOAR API URL and ensure it is reachable from the n8n environment.
    • Confirm the API token is valid and has sufficient permissions.
    • Double-check all required input properties are correctly set.
    • Enable detailed logging to capture request and response details for debugging.

Links and References

  • No direct links provided in the source code. Users should refer to their SOAR platform’s official API documentation for details on the expected request format and authentication methods.

Discussion