Query Actions
Query a Case Management Table
Query a Case Management Table by filling in the following parameters in the step.
| Parameter | Description |
|---|---|
| Table Name | Type of Table: Case, IOC, Alert, Attachment or Custom Table |
| Fields | Field Types |
| Condition (Optional) | Condition that compares two Case Management table field values. |
| Advanced-Limit (Optional) | Query Limit |
Query a Case Management Table using SQL
Query a Case Management Table using SQL by filling in the following parameters in the step.
| Parameter | Description |
|---|---|
| SQL Query | The SQL Query |
| Output Format | Output Format Types: Table, CSV or JSON |
note
Please note that you need to use table and column names and not display names. Down below, is the full list of table and column names mapped to their display names.
- To query associated cases linked to fields across different tables, employ the following SQL query:
SELECT *
FROM cases c
JOIN <insert_table_name> ON c.id::text = ANY(<inserted_table_name>.<linked_entity_column_name);
note
Replace <insert_table_name> and <inserted_table_name> with the name of the table where the associated cases are linked to fields.
For example, to get all cases and the IOCs attached to them:
SELECT *
FROM cases c
JOIN iocs i ON c.id::text = ANY(i.case_ids);
List of tables
Cases
| Name | Display Name |
|---|---|
| cases | Cases |
| case_id | Case ID |
| name | Name |
| severity | Severity |
| type | Case Type |
| case_tags | Tags |
| sla | SLA |
| case_manager | Case Manager |
| collaborators | Collaborators |
| status | Status |
| overview | Overview |
| created_at | Created At |
IOCS
| Name | Display Name |
|---|---|
| IOCs | IOCs |
| ioc_id | IOC ID |
| case_ids | Linked Cases |
| alerts_ids | Linked Alerts |
| ioc_ids | Linked IOCS |
| name | Name |
| description | Description |
| type | IOC Type |
| value | Value |
| created_at | Created At |
Alerts
| Name | Display Name |
|---|---|
| alerts | Alerts |
| alert_id | Alert ID |
| case_ids | Linked Cases |
| name | Name |
| description | Description |
| severity | Severity |
| type | Alert Type |
| vendor | Vendor |
| event | Event |
| created_at | Created At |
Attachments
| Name | Display Name |
|---|---|
| attachments | Attachments |
| attachment_id | Attachment ID |
| case_ids | Linked Cases |
| name | Name |
| description | Description |
| type | Attachment Type |
| attachment | Attachment |
| created_at | Created At |
Custom Tables
If you're using custom tables, please follow the Query a Table Using SQL docs to fetch the correct table scheme. You can get the full table name via the Copy Table ID button:
