Authentication¶
All requests to the TSI API Require an AUTH_TOKEN that can be requested via your Customer Success Manager. This token should be added to all API requests as an Authorization header and be prepended with Bearer. For example:
Authorization: Bearer {AUTH_TOKEN}
Swagger¶
For testing and technical information, visit the Cyderes TSI Swagger: https://tsi-api.cyderes.io/docs
⚠️ NOTE: Swagger is a front end testing tool for the TSI API, therefore access to the Swagger and the TSI API use the same authentication mechanism. Your Customer Success Manager can provide you with a bearer token to be used to authenticate to both services.
Endpoints Overview¶
The Cyderes Ticket System Integration (TSI) API enables third-party systems to interact with the Cyderes Ticket System, allowing them to:
- Retrieve tickets
- Access ticket information and attachments
- Add comments and close tickets
- Add attachments to tickets
- Create service request tickets
- Fetch MISP IOCs
Get Tickets¶
Retrieve a list of tickets based on specified parameters. Tickets are sorted from newest to oldest by default.
Path¶
GET /v2/tickets
Query Parameters¶
skip(integer): Number of tickets to skip. Default:0.limit(integer): Number of tickets returned. Range:1–250. Default:50.created_from(date): Start date filter, formatted asYYYY-MM-DD (UTC).created_to(date): End date filter, formatted asYYYY-MM-DD (UTC).updated_from(date): Start update date filter, formatted asYYYY-MM-DD (UTC).updated_to(date): End update date filter, formatted asYYYY-MM-DD (UTC).ticket_type(string): Type of ticket. Default:alert. Options:all,alert,service_task,service_proactive,service_request,phishing.lookup_fields(string): Sorting field for date and time. Default:created. Options:created,updated.escalated_only(boolean): Filter to return only escalated tickets. Default:true.include_raw_event(boolean): Option to include raw event details. Default:false.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets?skip=0&limit=50&ticket_type=alert&lookup_fields=created&escalated_only=true' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN}'
Response¶
Returns a list tickets with a status code of 200 if successful. The response body will be different based on the type of ticket selected. Below is a full schema of the response.
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"short_description": "string",
"description": "string",
"raw_event_description": "string",
"alert_description": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"phishing_investigation": "string",
"analyst_notes": "string",
"recommendations": "string",
"alert_insights": "string",
"alert_insights_html": "string",
"escalated": "True",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Get Ticket¶
Retrieves detailed information about a specific ticket.
Path¶
GET /v2/tickets/{ticket_id}
Path Parameters¶
ticket_id(string): The ID of the ticket to retrieve.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN}'
Response¶
Returns a specific ticket with a status code of 200 if successful. The response body will be different based on the type of ticket. Below is a full schema of the response.
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"short_description": "string",
"description": "string",
"raw_event_description": "string",
"alert_description": "string",
"alert_investigation": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"phishing_investigation": "string",
"analyst_notes": "string",
"recommendations": "string",
"escalated": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Get Ticket Attachments¶
Returns a list of attachments on the ticket.
Path¶
GET /v2/{ticket_id}/attachments
Path Parameters¶
ticket_id(string) Ticket ID of the ticket.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN}'
Response¶
Returns a list of attachments on a given ticket with a status code of 200 if successful.
[
{
"id": "string",
"file_name": "string",
"file_type": "string",
"attachment_byte_data": "string"
}
]
⚠️ NOTE:
attachment_byte_datais a field specific to ServiceNow integrations. For other integrations, it is recommended to use this endpoint to gather attachment IDs from a ticket, then use the/v2/{ticket_id}/attachmentendpoint to get the actual attachment files.
Get Ticket Attachment¶
Returns a single attachment file as byte data.
Path¶
GET /v2/tickets/{ticket_id}/attachments/{attachment_id}
Path Parameters¶
ticket_id(string): ID of the ticket.attachment_id(string): ID of the attachment.
Query Parameters¶
string_byte_data(boolean): A value oftruewill return the response format below. If set tofalseor omitted, only the attachment will be returned.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments/{attachment_id}?string_byte_data=true' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN}'
Add Ticket Attachment¶
Adds an attachment to a ticket.
Path¶
POST /v2/tickets/{ticket_id}/attachment
Headers¶
Content_Type(string):multipart/form-data
Path Parameters¶
ticket_id(string): ID of the ticket.
Request Body¶
filestring($binary): Binary data of the document to be added as an attachment.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachment' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN} \
-H 'Content-Type: multipart/form-data' \
-F 'file={document}
Response¶
Returns the following attachment data and a status code of 200 if successful.
{
"id": "string",
"ticket_id": "string",
"file_name": "string",
"created_at": "string",
"mime_type": "string",
"bytes_data": "string"
}
Create Comment¶
Creates a comment on a given ticket.
Path¶
POST /v2/tickets/{ticket_id}/comment
Path Parameters¶
ticket_id(string): ID of the ticket.
Request Body¶
author(string): Full name of the author of the comment.body(string): Body of the comment to add into the ticket.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/comment' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN}\
-H 'Content-Type: application/json' \
-d '{
"author": "string",
"body": "string"
}'
Response¶
Returns a status code of 201 if successful.
Close Ticket¶
Provides the ability to mark a ticket as closed.
Path¶
POST /v2/tickets/{ticket_id}/close
Path Parameters¶
ticket_id(string): ID of the ticket.
Query Parameters¶
comment(string): Custom closure comment. (Optional)
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/close?comment=test' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {AUTH_TOKEN}
Response¶
Returns a status code of 200 if successful.
Create Service Request¶
Provides the ability to create a service request ticket.
Path¶
POST /v2/tickets/create
Request Body Parameters¶
name(string): Full name of the author of the service request.short_description(string): Summary of the service request.description(string): Full description of the service request.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {authentication_token} \
-H 'Content-Type: application/json' \
-d '{
"name": "string",
"priority": "string",
"category": "string",
"type": "string",
"short_description": "string",
"description": "string"
}'
Response¶
Returns a status code of 201 if successful.
{
"status": 201,
"ticket_id": {ticket_id}
"message": "Ticket has been created."
}
Get MISP IOCs¶
Returns a list of IOCs.
Definition¶
GET /misp
Path Parameters¶
There are two optional URL parameters:
created_from(date): Desired start date to fetch IOCs from. The format should beYYYY-MM-DD hh:mm:ss (UTC), and the URL parsed.created_to(date): Desired end date to fetch IOCs until. The format should beYYYY-MM-DD hh:mm:ss (UTC), and the URL parsed.
⚠️ NOTE: If no parameters are provided, then the API will return IOCs for the last 7 days.
Examples¶
Python¶
import requests
url = "https://tsi-api.cyderes.io/misp?created_from=2000-01-01 00%3A00%3A00&created_to=2000-01-02 00%3A00%3A00"
payload = {}
headers = {
'Authorization': 'Bearer {AUTH_TOKEN}'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.json())
cURL¶
curl --location 'https://tsi-api.cyderes.io/misp?created_from=2000-01-01 00%3A00%3A00&created_to=2000-01-02 00%3A00%3A00' \
--header 'Authorization: Bearer {AUTH_TOKEN}'
Sample Response Template¶
[
{
"Event": {
"distribution": "123",
"id": "123",
"info": "Sample response",
"org_id": "123",
"orgc_id": "123",
"uuid": "Sample response"
},
"category": "Sample response",
"comment": "Sample response",
"deleted": false,
"disable_correlation": false,
"distribution": "123",
"event_id": "123",
"first_seen": null,
"id": "123",
"last_seen": null,
"object_id": "123",
"object_relation": null,
"sharing_group_id": "123",
"timestamp": "123",
"to_ids": true,
"type": "Sample response",
"uuid": "Sample response",
"value": "Sample response"
},
{...}
]