Actions21
- Digital Footprint Actions
- Dark Web Monitoring Actions
- Incident Actions
- Takedown Actions
- User Audit Logs Actions
- DRP Fraud Protection Actions
- Brand Protection Actions
Overview
This node integrates with the SOCRadar API to retrieve security incident data related to a specified company. The "Incident - Get All" operation fetches multiple incidents filtered and sorted according to various criteria such as status, severity, date range, and tags.
Typical use cases include:
- Security analysts retrieving all relevant incidents for a company to monitor ongoing threats.
- Automated workflows that aggregate incident data for reporting or alerting.
- Filtering incidents by severity or type to prioritize response efforts.
For example, a user can configure the node to get all open high-severity phishing incidents tagged with specific keywords within a certain date range, sorted by creation date descending.
Properties
| Name | Meaning |
|---|---|
| Company ID | The unique identifier of the company whose incidents are to be retrieved. This is required. |
| Additional Fields | Optional filters and pagination controls: • Page: Page number for paginated results. • Limit: Maximum number of incidents to return (up to 100). • Status: Filter by incident status (Open, Closed, On Hold, In Progress). • Severities: Filter by one or more severity levels (Low, Medium, High, Critical). • Is Resolved: Return only resolved incidents if true. • Is False Positive: Return only false positive incidents if true. • Start Date / End Date: Date range filter for incidents. • Incident Types: Filter by types such as Data Leak, Phishing, Malware, Vulnerability. • Tags: Filter incidents by associated tags. • Sort By: Field to sort results by (Created At, Updated At, Severity). • Sort Order: Ascending or Descending order for sorting. |
Output
The node outputs an array of incident objects in the json field. Each object represents an incident with details as returned by the SOCRadar API, including but not limited to:
- Incident identifiers
- Status and resolution state
- Severity level
- Type of incident
- Associated tags
- Timestamps (created at, updated at)
- Other metadata relevant to the incident
No binary data output is indicated for this operation.
Dependencies
- Requires an active SOCRadar API key credential configured in n8n.
- The node makes HTTP requests to the SOCRadar API base URL using the provided API key.
- Proper network connectivity to SOCRadar's API endpoints is necessary.
Troubleshooting
Common issues:
- Invalid or missing API key credential will cause authentication failures.
- Providing an incorrect or empty Company ID will result in no data or errors.
- Exceeding the maximum limit per page (100) may cause API errors.
- Date filters must be valid ISO date-time strings; invalid formats may cause request failures.
Error messages:
- Errors from the API are captured and returned in the output JSON under an
errorfield with optional additional details. - If the node is set to continue on failure, it will output error information per item instead of stopping execution.
- Common error messages include authentication errors, invalid parameters, or rate limiting notices.
- Errors from the API are captured and returned in the output JSON under an
Resolution tips:
- Verify API credentials and permissions.
- Ensure all required parameters like Company ID are correctly set.
- Use valid values for filters and respect API limits.
- Check network connectivity and SOCRadar service status.
Links and References
- SOCRadar API Documentation (for detailed API usage and parameters)
- n8n documentation on creating and using API credentials
- General guidance on pagination and filtering in APIs