Actions21
- Digital Footprint Actions
- Dark Web Monitoring Actions
- Incident Actions
- Takedown Actions
- User Audit Logs Actions
- DRP Fraud Protection Actions
- Brand Protection Actions
Overview
This node integrates with the SOCRadar API to perform various security-related operations. Specifically, for the Incident - Add Tag operation, it allows users to add a tag to an existing incident within the SOCRadar platform. This is useful for categorizing or labeling incidents for easier tracking, filtering, and management.
Common scenarios include:
- Automatically tagging incidents based on certain criteria in a security workflow.
- Adding contextual tags to incidents during enrichment or investigation processes.
- Organizing incidents by severity, type, or source using custom tags.
Example: After detecting a phishing attempt, you could use this node to add a "phishing" tag to the related incident for quick identification in dashboards or reports.
Properties
| Name | Meaning |
|---|---|
| Company ID | The unique identifier of the company associated with the incident. |
| Incident ID | The unique identifier of the incident to interact with (used as alarm_id in API calls). |
| Tag | The name of the tag to add to the incident. |
Output
The node outputs JSON data representing the result of the API call to add a tag to the specified incident. The exact structure depends on the SOCRadar API response but generally includes confirmation of the tag addition or details about the updated incident.
If an error occurs, the output JSON will contain an error field with the error message and possibly additional details from the API response.
No binary data output is produced by this operation.
Dependencies
- Requires an active SOCRadar API key credential configured in n8n.
- Needs network access to the SOCRadar API endpoint specified by the base URL in the credentials.
- The node uses HTTP headers including an API key for authentication.
Troubleshooting
Common issues:
- Invalid or missing Company ID or Incident ID will cause the API call to fail.
- Using a tag name that does not conform to SOCRadar's allowed tag format may result in errors.
- Network connectivity problems or incorrect API key configuration can lead to authentication failures.
Error messages:
- Errors returned from the SOCRadar API are captured and included in the output JSON under
erroranddetails. - If the node is set to continue on failure, errors do not stop execution but are reported per item.
- To resolve errors, verify the correctness of input parameters, ensure valid API credentials, and check network connectivity.
- Errors returned from the SOCRadar API are captured and included in the output JSON under
Links and References
- SOCRadar API Documentation (for detailed API usage and tag management)
- n8n documentation on Using Credentials