Get Tickets

Gets a list of the tickets that match the search keyword.

HTTP Request

GET /api/sonar/tickets
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/tickets
Request Parameters
KeyRequiredTypeDescriptionNote
offsetX32-bit integerNumber of records to skipDefault: 0
limitX32-bit integerMaximum number of records to loadMinimum 0 to maximum 1000. If not specified, 1000
fromXDateStart dateyyyy-MM-dd HH:mm:ssZ format. The start date is included in the range.
toXDateEnd dateyyyy-MM-dd HH:mm:ssZ format. The end date is included in the range.
statusesXList (of strings)StatusComma-separated list. Refer to the below status codes.
keywordsXStringKeyword
prioritiesXList (of 32-bit integers)Priority listHigh (3), Medium (2), Low (1). Comma-sepated list
assigneesXList (of strings)List of assigneesComma-separated user GUID list
approversXList (of strings)List of approversComma-separated user GUID list
sort_typeXStringSorting typeASCor DESC
sort_columnXStringSorting keyid or created_at or updated_at or closed_at

Ticket status code

  • New (NEW)
  • Assigned (ASSIGNED)
  • In process (IN_PROGRESS)
  • Submitted (SUBMITTED)
  • Approved (APPROVED)
  • Rejected (REJECTED)
  • Closed (CLOSED)

Success Response

{
  "total": 15,
  "tickets": [
    {
      "id": 2,
      "repo_guid": "5f0ba741-7551-400d-8bd6-1f14a6e8536d",
      "repo_name": "Threat",
      "guid": "49272877-75f2-4c2f-9301-d21c4f9a106d",
      "title": "Attempt to collect web server settings: 20.0.31.172",
      "priority": "LOW",
      "status": "ASSIGNED",
      "format": "JSON",
      "count": 7,
      "attack": true,
      "incident": false,
      "assignees": [
        {
          "company_guid": "6fbe27b7-f1ae-4d7a-a1a5-76d8fa9aa311",
          "company_name": "Logpresso",
          "user_guid": "bfd00bb0-be99-4fd5-8380-166f544975fa",
          "user_name": "Joshua",
          "task_type": "ASSIGNEE",
          "task_status": "ASSIGNED",
          "x_login": null,
          "x_user": null,
          "x_dept": null
        }
      ],
      "approvers": [],
      "created": "2022-09-14 17:34:19+0900",
      "updated": "2022-09-14 23:55:29+0900",
      "closed": null,
      "x_login": null,
      "x_user": null,
      "x_dept": null
    }
  ]
}
  • (32-bit integer) total
  • (Array) tickets
    • id (32-bit integer): Ticket ID
    • repo_guid (String): Ticket type GUID
    • repo_name (String): Ticket type name
    • site_guid (String): Site GUID
    • site_name (String): Site name
    • guid (String): Ticket GUID
    • title (String): Title
    • priority (String): Ticket priority. One of the following: HIGH, MEDIUM, LOW.
    • status (String): Ticket status. One of the following: NEW, ASSIGNED, IN_PROGRESS, SUBMITTED, APPROVED, REJECTED, CLOSED.
    • format (String): Ticket format. One of the following: JSON, MARKDOWN, PLAIN. Threat detection ticket uses JSON format.
    • count (32-bit integer): Number of merged duplicate ticket
    • attack (Boolean): Whether the detection is false or not, recorded after analysis. Logged as true if the detection is true.
    • incident (Boolean): Whether an incident occurred or not, recorded after analysis. Recorded as true if the incident requires an immediate response, such as an endpoint infection.
    • assignees (Array): Ticket assignee list
      • company_guid (String): Company (tenant) GUID
      • company_name (String): Company (tenant) name
      • user_guid (String): Assignee identifier
      • user_name (String): Assignee GUID
      • task_type (String): Always ASSIGNEE
      • task_status (String): ASSIGNED or IN_PROGRESS or CLOSED
      • x_login (String): Login user name logged when logged when the assignee account is deleted
      • x_user (String): User name logged when logged when the assignee account is deleted
      • x_dept (String): Department name logged when logged when the assignee account is deleted
    • approvers (Array): List of ticker approvers
      • company_guid (String): Company (tenant) GUID
      • company_name (String): Company (tenant) name
      • user_guid (String): Approver GUID
      • user_name (String): Approver name
      • task_type (String): Always APPROVER
      • task_status (String): ASSIGNED or IN_PROGRESS or CLOSED
      • x_login (String): Login user name logged when logged when the approver account is deleted
      • x_user (String): User name logged when logged when the approver account is deleted
      • x_dept (String): Department name logged when logged when the approver account is deleted
    • created (String): Date and time of creation (yyyy-MM-dd HH:mm:ssZ)
    • updated (String): Date and time of last modification (yyyy-MM-dd HH:mm:ssZ)
    • closed (String): Date and time of ticket closing (yyyy-MM-dd HH:mm:ssZ)
    • x_login (String): Login user name logged when logged when the ticket author account is deleted
    • x_user (String): User name logged when logged when the ticket author account is deleted
    • x_dept (String): Department name logged when logged when the ticket author account is deleted
    • x_site (String): Site name logged when logged when the site is deleted

Error Responses

offset or limit value is not an integer

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' parameter should be int type"
}
offset or limit value is negative

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' must be greater than or equal to 0."
}
Invalid from, to date formats

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'from' parameter should be date format (yyyy-MM-dd HH:mm:ss+0000)"
}
Undefined status code

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'statuses' should contain elements that is one of NEW, ASSIGNED, IN_PROGRESS, SUBMITTED, APPROVED, REJECTED, CLOSED."
}
Undefined priority value

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "element of priorities should be one of 1 (LOW), 2 (MEDIUM), 3 (HIGH). input is 4"
}
Undefined sorting type

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "sort_type should be one of ASC or DESC. input is NONE"
}
Invalid sorting key column

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "sort_column should be one of id, created_at, updated_at, closed_at."
}
List of assignees or approvers has non-GUID value

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "assignees should contains only guid values."
}