Actions21
- Digital Footprint Actions
- Dark Web Monitoring Actions
- Incident Actions
- Takedown Actions
- User Audit Logs Actions
- DRP Fraud Protection Actions
- Brand Protection Actions
Overview
This node integrates with the SOCRadar API to perform various security-related operations. Specifically, for the Incident - Add Comment operation, it allows users to add a textual comment to an existing incident within a company’s SOCRadar environment. This is useful for enriching incident records with additional context, notes, or updates from different team members.
Common scenarios include:
- Security analysts adding investigation notes to an incident.
- Collaborators documenting progress or findings related to a specific incident.
- Automated systems appending comments based on triggered alerts or workflows.
Example: After detecting suspicious activity, a user can add a comment describing the mitigation steps taken or requesting further analysis.
Properties
| Name | Meaning |
|---|---|
| Company ID | The unique identifier of the company under which the incident exists. |
| Incident ID | The unique identifier of the incident to which the comment will be added (used as alarm_id in API calls). |
| Comment | The text content of the comment to add to the incident. |
| User Email | The email address of the user who is adding the comment, identifying the commenter. |
Output
The node outputs a JSON object representing the response from the SOCRadar API after adding the comment. This typically includes confirmation details such as the comment ID, timestamp, and possibly the updated incident data reflecting the new comment.
If an error occurs, the output JSON will contain an error field with the error message and optionally additional error details provided by the API.
The node does not output binary data.
Dependencies
- Requires an active SOCRadar API key credential configured in n8n.
- Needs network access to the SOCRadar API endpoint specified by the base URL in the credentials.
- The node uses HTTP headers including an API key for authentication and expects JSON content-type.
Troubleshooting
Common issues:
- Invalid or missing API key credential will cause authentication failures.
- Incorrect Company ID or Incident ID may result in "not found" errors.
- Network connectivity problems can prevent successful API calls.
- Insufficient permissions for the API key to add comments.
Error messages:
"error": "Unauthorized"indicates invalid or expired API credentials; verify and update the API key."error": "Incident not found"suggests the Incident ID or Company ID is incorrect; double-check these values.- Other API errors will include details in the response; review those for troubleshooting.
To handle errors gracefully, enable the node's "Continue On Fail" option to capture error details without stopping the workflow.
Links and References
- SOCRadar API Documentation (general reference for API endpoints and usage)
- n8n documentation on Using Credentials for setting up API keys