Tenable Security Center API: Ticket

 

Admins do not have access to this endpoint.

/ticket

Methods
GET

Gets the list of Tickets.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
creator
owner
assignee
ownerGroup
assigneeGroup
queries
classification
status
notes
assignedTime
resolvedTime
closedTime
createdTime
modifiedTime
canUse
canManage
canRespond 

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Parameters

None

Filter Parameters

usable - The response will be an object containing an array of usable Tickets. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Tickets. By default, both usable and manageable objects are returned. 

Example Response
Expand
{
    "type" : "regular",
    "response" : {
        "usable" : [
            {
                "id" : "1",
                "name" : "TestTicket",
                "description" : ""
            }
        ],
        "manageable" : [
            {
                "id" : "1",
                "name" : "TestTicket",
                "description" : ""
            }
        ]
    },
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : {},
    "timestamp" : 1423499298
}

POST

Adds a Ticket.

Request Parameters
Expand
{
    "name": <string>,
    "assignee": {
		"id" : <number>
	},
    "status": <string> (Optional; always "assigned" on add),
    "classification": <string> (Optional; default: "Information"; "Information" | "Configuration" | "Patch" | "Disable" | "Firewall" | "Schedule" | "IDS" | "Other" | "Accept Risk" | "Recast Risk" | "Re-scan Request" | "False Positive" | "System Probe" | "External Probe" | "Investigation Needed" | "Compromised System" | "Virus Incident" | "Bad Credentials" | "Unauthorized Software" | "Unauthorized System" | "Unauthorized User" ),
    "description": <string> (Optional),
    "notes": <string> (Optional),
    "queries": [
        {<query ID Record>}...
    ] (Optional),
    "query": <query Object> (Optional)
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"name" : "test",
		"description" : "Test",
		"classification" : "Unauthorized System",
		"status" : "assigned",
		"notes" : "Created for testing of alerts",
		"assignedTime" : "1424810461",
		"resolvedTime" : "-1",
		"closedTime" : "-1",
		"createdTime" : "1424810461",
		"modifiedTime" : "1424810461",
		"queries" : [],
        "canUse" : "true",
        "canManage" : "true",
        "canRespond" : "true",
		"creator" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
		},
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
		},
		"assignee" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		},
		"assigneeGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1426879889
}

/ticket/{id}

Methods
GET

Gets the Ticket associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
creator
owner
assignee
ownerGroup
assigneeGroup
queries
classification
status
notes
assignedTime
resolvedTime
closedTime
createdTime
modifiedTime
canUse
canManage
canRespond

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Parameters

None

Example Response
Expand
{
    "type" : "regular",
    "response" : {
        "id" : "6",
        "name" : "TestTicket",
        "description" : "",
        "classification" : "Information",
        "status" : "assigned",
        "notes" : "",
        "assignedTime" : "1423501383",
        "resolvedTime" : "-1",
        "closedTime" : "-1",
        "createdTime" : "1423501383",
        "modifiedTime" : "1423501383",
        "canUse" : "true",
        "canManage" : "true",
        "canRespond" : "true",
        "creator" : {
            "id" : "1",
            "username" : "head",
            "firstname" : "hi",
            "lastname" : "User",
			"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
		},
        "owner" : {
            "id" : "1",
            "username" : "head",
            "firstname" : "hi",
            "lastname" : "User",
			"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
		},
        "assignee" : {
            "id" : "1",
            "username" : "head",
            "firstname" : "hi",
            "lastname" : "User",
			"uuid" : "96F2AD1B-1B83-462E-908A-84E6054F6B64"
		},
        "ownerGroup" : {
            "id" : "0",
            "name" : "Full Access",
            "description" : "Full Access group"
		},
        "assigneeGroup" : {
            "id" : "0",
            "name" : "Full Access",
            "description" : "Full Access group"
		}
	},
    "error_code" : 0,
    "error_msg" : "",
    "warnings" : {},
    "timestamp" : 1423501383
}

PATCH

Edits the Ticket associated with {id}, changing only the passed in fields.

NOTE: When a ticket status is changed to "closed", all queries associated with the ticket are deleted.

Request Parameters

(All fields are optional)

See /ticket::POST for parameters.

Example Response
See /ticket/{id}::GET