Get Ticket

Retrieves information of a specified ticket.

HTTP Request

GET /api/sonar/tickets/:guid
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/tickets/49272877-75f2-4c2f-9301-d21c4f9a106d
Request Parameter
KeyRequiredTypeDescriptionNote
guidOStringTicket GUID36 characters

Success Response

{
  "ticket": {
    "id": 2,
    "repo_guid": "5f0ba741-7551-400d-8bd6-1f14a6e8536d",
    "repo_name": "Threat",
    "guid": "49272877-75f2-4c2f-9301-d21c4f9a106d",
    "title": "Attempt to collect web server settings: 20.0.31.172",
    "priority": "LOW",
    "status": "APPROVED",
    "format": "JSON",
    "rule_guid": "ad4b9871-d5f0-4a8b-a341-8ac0afcdcddf",
    "rule_type": "STREAM",
    "rule_name": "Attempt to collect web server settings",
    "count": 7,
    "content": "{\"first_seen\":\"2022-09-14 17:34:19+0900\",\"last_seen\":\"2022-09-14 23:55:29+0900\",\"priority\":\"LOW\",\"rule_type\":\"STREAM\",\"rule_id\":27,\"src_ip\":\"20.0.31.172\",\"src_port\":null,\"dst_ip\":null,\"dst_port\":null,\"protocol\":null,\"action\":null,\"count\":1,\"msg\":\"웹 서버 설정 수집 시도: 20.0.31.172\",\"user\":null,\"host_ip\":null,\"mail_from\":null,\"mail_to\":null,\"mail_cc\":null,\"logger_id\":28,\"logger_name\":\"ko.logpresso.com \",\"field_order\":\"_time, src_ip, src_port, dst_ip, dst_port, status, method, path, query, user_agent\",\"url\":null,\"md5\":null,\"src_asn\":\"AS8075 Microsoft Corporation\",\"src_country\":\"US\",\"src_city\":null,\"src_lat\":37.750999450683594,\"src_lng\":-97.8219985961914}",
    "attack": true,
    "incident": false,
    "assignees": [
      {
        "company_guid": "6fbe27b7-f1ae-4d7a-a1a5-76d8fa9aa311",
        "company_name": "Logpresso",
        "user_guid": "bfd00bb0-be99-4fd5-8380-166f544975fa",
        "user_name": "Joshua",
        "task_type": "ASSIGNEE",
        "task_status": "CLOSED",
        "x_login": null,
        "x_user": null,
        "x_dept": null
      }
    ],
    "approvers": [
      {
        "company_guid": "6fbe27b7-f1ae-4d7a-a1a5-76d8fa9aa311",
        "company_name": "Logpresso",
        "user_guid": "ffaf431b-653a-4329-8f83-913cbb00342d",
        "user_name": "Jerry",
        "task_type": "APPROVER",
        "task_status": "APPROVED",
        "x_login": null,
        "x_user": null,
        "x_dept": null
      }
    ],
    "attachments": [
      {
        "guid": "d4390b7a-7d64-4a24-bd3e-af74b4f3c204",
        "user_guid": "ffaf431b-653a-4329-8f83-913cbb00342d",
        "ticket_guid": "49272877-75f2-4c2f-9301-d21c4f9a106d",
        "file_name": "3bc31b3d-bc25-4be5-8dae-d3cb1831da02.png",
        "file_size": 124118
      }
    ],
    "created": "2022-09-14 17:34:19+0900",
    "updated": "2022-09-14 23:55:29+0900",
    "closed": null,
    "x_login": null,
    "x_user": null,
    "x_dept": null,
    "comments": [
      {
        "guid": "b66a31b5-db94-478b-8751-194b5ee5f358",
        "user_guid": "ffaf431b-653a-4329-8f83-913cbb00342d",
        "user_name": "Joshua",
        "type": "TEXT",
        "format": "MARKDOWN",
        "content": "* Blocked the IP address in firewall.",
        "created": "2022-09-14 23:57:34+0900",
        "updated": "2022-09-14 23:57:34+0900",
        "x_login": null,
        "x_user": null,
        "x_dept": null
      }
    ]
  }
}
  • (Map) ticket
    • id (32-bit integer): Ticket ID
    • repo_guid (String): Ticket type GUID
    • repo_name (String): Ticket type name
    • site_guid (String): Site GUID
    • site_name (String): Site name
    • guid (String): Ticket GUID
    • title (String): Ticket title
    • priority (String): Ticket priority. One of the following: HIGH, MEDIUM, LOW.
    • status (String): Ticket status. One of the following: NEW, ASSIGNED, IN_PROGRESS, SUBMITTED, APPROVED, REJECTED, CLOSED.
    • format (String): Ticket format. One of the following: JSON, MARKDOWN, PLAIN. Threat detection ticket uses JSON format.
    • rule_guid (String): Detection rule GUID
    • rule_type (String): Detection rule type. STREAM or BATCH.
    • rule_name (String): Detection rule name
    • count (32-bit integer): Number of merged duplicate tickets
    • content (String): Ticket data. The Event field is written in JSON format for threat detection tickets.
    • attack (Boolean): Whether the detection is false or not, recorded after analysis. Logged as true if the detection is true
    • incident (Boolean): Whether an incident occurred or not, recorded after analysis. Recorded as true if the incident requires an immediate response, such as an endpoint infection.
    • assignees (Array): Ticket assignee list
      • company_guid (String): Company (tenant) GUID
      • company_name (String): Company (tenant) name
      • user_guid (String): Assignee GUID
      • user_name (String): Assignee name
      • task_type (String): Always ASSIGNEE
      • task_status (String): ASSIGNED or IN_PROGRESS or CLOSED
      • x_login (String): Login user name logged when the assignee account is deleted
      • x_user (String): User name logged when the assignee account is deleted
      • x_dept (String): Department name logged when the assignee account is deleted
    • approvers (Array): Ticket approver list
      • company_guid (String): Company (tenant) GUID
      • company_name (String): Company (tenant) name
      • user_guid (String): Approver GUID
      • user_name (String): Approver name
      • task_type (String): Always APPROVER
      • task_status (String): ASSIGNED or IN_PROGRESS or CLOSED
      • x_login (String): Login user name logged when the approver account is deleted
      • x_user (String): User name logged when the approver account is deleted
      • x_dept (String): Department name logged when the approver account is deleted
    • created (String): Date and time of creation (yyyy-MM-dd HH:mm:ssZ)
    • updated (String): Date and time of last modification (yyyy-MM-dd HH:mm:ssZ)
    • closed (String): Date and time of ticket closing (yyyy-MM-dd HH:mm:ssZ)
    • x_login (String): Login user name logged when the ticket author account is deleted
    • x_user (String): User name logged when the ticket author account is deleted
    • x_dept (String): Department name logged when the ticket author account is deleted
    • x_site (String): Site name logged when the site is deleted
    • comments (Array): Ticket comment list
      • guid (String): Ticket comment GUID
      • user_guid (String): Ticket author GUID
      • user_name (String): Ticket author name
      • type (String): Always TEXT
      • format (String): Markdown (MARKDOWN) or plain text (PLAIN)
      • content (String): Comment content
      • created (String): Date and time of creation (yyyy-MM-dd HH:mm:ssZ)
      • updated (String): Date and time of last modification (yyyy-MM-dd HH:mm:ssZ)
      • x_login (String): Login user name logged when logged when the ticket comment author account is deleted
      • x_user (String): User name logged when logged when the ticket comment author account is deleted
      • x_dept (String): Department name logged when logged when the ticket comment author account is deleted

Error Responses

Ticket is not found

HTTP status code 200

{
  "ticket": null
}
Ticket identifier is not in valid GUID format

HTTP status code 400

{
  "error_code": "invalid-param-type",
  "error_msg": "guid should be guid type."
}