sonar-ticket
Retrieves detailed information about the ticket with the specified GUID. Outputs details including the ticket title, status, scenario information, assignees, approvers, and event timestamps.
Command properties
| Item | Description |
|---|---|
| Command type | Driver query |
| Required permission | Login required |
| License usage | N/A |
| Parallel execution | Not supported |
| Distributed execution | Not supported |
Syntax
sonar-ticket guid=STR
Options
guid=STR- GUID of the ticket to retrieve
Output fields
| Field | Type | Description |
|---|---|---|
id | long | Ticket ID |
priority | string | Priority. LOW, MEDIUM, HIGH |
guid | string | Ticket GUID |
title | string | Title |
first_seen | timestamp | First detected time. Minimum _time value of the logs. |
last_seen | timestamp | Last detected time. Maximum _time value of the logs. |
rule_type | string | Scenario type. STREAM or BATCH |
rule_name | string | Scenario name |
status | string | Status. NEW, ASSIGNED, IN_PROGRESS, SUBMITTED, APPROVED, REJECTED, CLOSED |
attack | boolean | Whether the detection is a true positive |
incident | boolean | Whether an incident occurred |
count | integer | Duplicate suppression count |
first_event | timestamp | Time of the first event |
last_event | timestamp | Time of the most recent event |
repo_name | string | Ticket repository name |
site_name | string | Site name |
owner_name | string | Creator name. null if system-generated. |
format | string | Ticket format. JSON, MARKDOWN, PLAIN |
content | string | Ticket content. JSON or text. |
assignees | array | List of assignees |
approvers | array | List of approvers |
tags | string | Tag list, separated by newlines (\n) |
created | timestamp | Creation time |
updated | timestamp | Last update time |
closed | timestamp | Completion time |
x_login | string | Login name of a deleted account |
x_user | string | Name of a deleted user |
x_dept | string | Name of a deleted department |
x_site | string | Name of a deleted site |
repo_guid | string | Ticket repository GUID |
site_guid | string | Site GUID |
owner_guid | string | Creator GUID |
Error codes
Parse errors
| Error code | Message | Description |
|---|---|---|
| 300101 | 유효하지 않은 세션입니다. | The session is invalid or the user cannot be found. |
| 300139 | sonar-ticket 명령어에 guid 옵션을 지정하세요. | The guid option is not specified. |
| 300140 | sonar-ticket 명령어의 guid 옵션 값은 GUID 형식이어야 합니다. | The guid option value is not in GUID format. |
| 300141 | 지정된 티켓이 존재하지 않습니다. | No ticket exists for the specified GUID. |
Runtime errors
N/A
Description
The sonar-ticket command looks up the ticket with the specified GUID at parse time and outputs its details as a single record. If the ticket does not exist, a parse error occurs.
The tag list is serialized as a string separated by newline characters (\n).
Examples
-
Retrieve detailed information about a specific ticket
sonar-ticket guid="550e8400-e29b-41d4-a716-446655440000"Retrieves detailed information about the ticket with the specified GUID.
-
Extract assignees from ticket details
sonar-ticket guid="550e8400-e29b-41d4-a716-446655440000" | explode assigneesSplits the ticket's assignee list into individual records.