Actions21
- Digital Footprint Actions
- Dark Web Monitoring Actions
- Incident Actions
- Takedown Actions
- User Audit Logs Actions
- DRP Fraud Protection Actions
- Brand Protection Actions
Overview
This node integrates with the SOCRadar API to manage incidents and other related resources. Specifically, for the Incident - Remove Tag operation, it removes a specified tag from an existing incident within a company’s security monitoring context. This is useful in scenarios where tags are used to categorize or mark incidents and need to be updated or cleaned up as investigations progress.
Practical examples include:
- Removing outdated or incorrect tags from an incident to maintain accurate incident metadata.
- Automating incident management workflows by dynamically updating tags based on investigation results or status changes.
Properties
| Name | Meaning |
|---|---|
| Company ID | The unique identifier of the company under which the incident exists. |
| Incident ID | The unique identifier of the incident to interact with (used as alarm_id in API calls). |
| Tag | The name of the tag to remove from the specified incident. |
Output
The node outputs JSON data representing the result of the tag removal operation on the incident. This typically includes confirmation of the tag removal or details about the updated incident state. If an error occurs, the output JSON contains error messages and additional details returned by the API.
No binary data output is produced by this operation.
Dependencies
- Requires an active connection to the SOCRadar API.
- Needs an API key credential configured in n8n for authentication.
- The base URL and API key are retrieved from the node credentials at runtime.
Troubleshooting
Common issues:
- Invalid or missing Company ID, Incident ID, or Tag values will cause the API call to fail.
- Network connectivity problems or incorrect API key configuration can prevent successful communication with the SOCRadar API.
- Attempting to remove a tag that does not exist on the incident may result in an error or no change.
Error messages:
- Errors returned from the API are captured and included in the node output under an
errorfield with optionaldetails. - Typical errors include authorization failures (invalid API key), resource not found (wrong incident or company ID), or bad request (invalid tag format).
- Errors returned from the API are captured and included in the node output under an
Resolution tips:
- Verify all input parameters are correct and correspond to existing entities in SOCRadar.
- Ensure the API key credential is valid and has sufficient permissions.
- Use the node’s "Continue On Fail" option to handle errors gracefully in workflows.
Links and References
- SOCRadar API Documentation (for detailed API endpoints and payloads)
- n8n documentation on API Credentials and Error Handling