Skip to content

TSI API v2

For testing and additional technical information, we also provide credentials and access on request to the Cyderes Swagger API: https://tsi-api.cyderes.io/docs

The Cyderes Ticket System Integration (TSI) API can be used to integrate third-party systems with the Cyderes Ticket System. This API allows third parties to do the following:

  • Get multiple tickets by type

  • Get ticket information

  • Get a ticket's attachments

  • Add a comment to a ticket

  • Close a ticket

  • Add an attachment to a ticket

  • Create a new service request ticket

  • Fetch MISP IOCs

Get tickets

Returns a list of tickets for a specific type of ticket. The tickets are returned sorted from newest to oldest based on the lookup field of created or updated.

Definition

GET https://tsi-api.cyderes.io/v2/tickets

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Query Parameters

skip integer

Number of tickets to skip.

Default: 0

limit integer

Number of tickets returned.

Range: 1 – 250

Default: 50

created_from date

Date parameter

Format: YYYY-MM-DD (UTC)

created_to date

Date parameter

Format: YYYY-MM-DD (UTC)

updated_from date

Date parameter

Format: YYYY-MM-DD (UTC)

updated_to date

Date parameter

Format: YYYY-MM-DD (UTC)

ticket_type string

Type of ticket to return.

Default: alert

Options:

  • all

  • alert

  • service_task

  • service_proactive

  • service_request

  • phishing

lookup_fields string

Field to sort responses for the search when it comes to date and time. Newest to oldest.

Default: created

Options:

  • created

  • updated

escalated_only boolean

Field to specify whether to only get the escalated tickets.

Default: true

Options:

  • true

  • false

include_raw_event boolean

Options:

  • true

  • false

Example

curl -X 'GET' \
  'https://tsi-api.cyderes.io/v2/tickets?skip=0&limit=50&ticket_type=alert&lookup_fields=created&escalated_only=true' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <authentication_token>'

Response

Returns a list of dictionaries with the data for each ticket. The response body will be different based on the type of ticket selected. Below is a full schema of the response. Returns a status code of 200 if successful.

{
  [
    {
      "number": "string",
      "ticket_id": "string",
      "priority": "string",
      "state": "string",
      "created": "string",
      "updated": "string",
      "ticket_type": "string",
      "category": "string",
      "type": "string",
      "short_description": "string",
      "description": "string",
      "alert_description": "string",
      "soar_case_id": "string",
      "soar_alert_ticket_id": "string",
      "phishing_investigation": "string",
      "analyst_notes": "string",
      "recommendations": "string",
      "alert_insights": "string",
      "alert_insights_html": "string",
      "escalated": "True",
      "comments": [
        {
          "id": "string",
          "created": "string",
          "author": "string",
          "body": "string"
        }
      ]
    }
  ]
}

Response for Alert Tickets

[
  {
    "number": "string",
    "ticket_id": "string",
    "priority": "string",
    "state": "string",
    "created": "string",
    "updated": "string",
    "ticket_type": "string",
    "short_description": "string",
    "alert_description": "string",
    "alert_insights": "string",
    "alert_insights_html": "string",
    "soar_case_id": "string",
    "soar_alert_ticket_id": "string",
    "analyst_notes": "string",
    "recommendations": "string",
    "comments": [
      {
        "id": "string",
        "created": "string",
        "author": "string",
        "body": "string"
      }
    ]
  }
]

Response for Alert Tickets with Cyderes raw event payload

[
  {
    "number": "string",
    "ticket_id": "string",
    "priority": "string",
    "state": "string",
    "created": "string",
    "updated": "string",
    "ticket_type": "string",
    "short_description": "string",
    "alert_description": "string",
    "alert_insights": "string",
    "alert_insights_html": "string",
    "soar_case_id": "string",
    "soar_alert_ticket_id": "string",
    "analyst_notes": "string",
    "recommendations": "string",
    "raw_event_description": "string"
    "comments": [
      {
        "id": "string",
        "created": "string",
        "author": "string",
        "body": "string"
      }
    ]
  }
]

Response for Service Task Tickets

[
  {
    "number": "string",
    "ticket_id": "string",
    "priority": "string",
    "state": "string",
    "created": "string",
    "updated": "string",
    "ticket_type": "string",
    "category": "string",
    "type": "string",
    "escalated": "string",
    "short_description": "string",
    "description": "string",
    "comments": [
      {
        "id": "string",
        "created": "string",
        "author": "string",
        "body": "string"
      }
    ]
  }
]

Response for Service Proactive Tickets

[
  {
    "number": "string",
    "ticket_id": "string",
    "priority": "string",
    "state": "string",
    "created": "string",
    "updated": "string",
    "ticket_type": "string",
    "category": "string",
    "type": "string",
    "escalated": "string",
    "short_description": "string",
    "description": "string",
    "comments": [
      {
        "id": "string",
        "created": "string",
        "author": "string",
        "body": "string"
      }
    ]
  }
]

Response for Service Request Tickets

[
  {
    "number": "string",
    "ticket_id": "string",
    "priority": "string",
    "state": "string",
    "created": "string",
    "updated": "string",
    "ticket_type": "string",
    "category": "string",
    "type": "string",
    "escalated": "string",
    "short_description": "string",
    "description": "string",
    "comments": [
      {
        "id": "string",
        "created": "string",
        "author": "string",
        "body": "string"
      }
    ]
  }
]

Response for Phishing Tickets

[
  {
    "number": "string",
    "ticket_id": "string",
    "priority": "string",
    "state": "string",
    "created": "string",
    "updated": "string",
    "ticket_type": "string",
    "escalated": "string",
    "short_description": "string",
    "soar_case_id": "string",
    "soar_alert_ticket_id": "string",
    "phishing_investigation": "string",
    "analyst_notes": "string",
    "recommendations": "string",
    "comments": [
      {
        "id": "string",
        "created": "string",
        "author": "string",
        "body": "string"
      }
    ]
  }
]

Get ticket

Returns a dictionary of the ticket data.

Definition

GET https://tsi-api.cyderes.io/v2/tickets/{ticket_id}

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Path Parameters

ticket_id string

Ticket ID of the ticket.

Example

curl -X 'GET' \
  'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <authentication_token>'

Response

Returns a dictionary with the data for ticket. The response body will be different based on the type of ticket. Below is a full schema of the response. Returns a status code of 200 if successful.

{
  "number": "string",
  "ticket_id": "string",
  "priority": "string",
  "state": "string",
  "created": "string",
  "updated": "string",
  "ticket_type": "string",
  "category": "string",
  "type": "string",
  "short_description": "string",
  "description": "string",
  "alert_description": "string",
  "alert_investigation": "string",
  "soar_case_id": "string",
  "soar_alert_ticket_id": "string",
  "phishing_investigation": "string",
  "analyst_notes": "string",
  "recommendations": "string",
  "escalated": "string",
  "comments": [
    {
      "id": "string",
      "created": "string",
      "author": "string",
      "body": "string"
    }
  ]
}

Response for Alert Tickets

{
  "number": "string",
  "ticket_id": "string",
  "priority": "string",
  "state": "string",
  "created": "string",
  "updated": "string",
  "ticket_type": "string",
  "short_description": "string",
  "alert_description": "string",
  "alert_investigation": "string",
  "soar_case_id": "string",
  "soar_alert_ticket_id": "string",
  "analyst_notes": "string",
  "recommendations": "string",
  "escalated": "string",
  "comments": [
    {
      "id": "string",
      "created": "string",
      "author": "string",
      "body": "string"
    }
  ]
}

Response for Service Task Tickets

{
  "number": "string",
  "ticket_id": "string",
  "priority": "string",
  "state": "string",
  "created": "string",
  "updated": "string",
  "ticket_type": "string",
  "category": "string",
  "type": "string",
  "escalated": "string",
  "short_description": "string",
  "description": "string",
  "comments": [
    {
      "id": "string",
      "created": "string",
      "author": "string",
      "body": "string"
    }
  ]
}

Response for Service Proactive Tickets

{
  "number": "string",
  "ticket_id": "string",
  "priority": "string",
  "state": "string",
  "created": "string",
  "updated": "string",
  "ticket_type": "string",
  "category": "string",
  "type": "string",
  "escalated": "string",
  "short_description": "string",
  "description": "string",
  "comments": [
    {
      "id": "string",
      "created": "string",
      "author": "string",
      "body": "string"
    }
  ]
}

Response for Service Request Tickets

{
  "number": "string",
  "ticket_id": "string",
  "priority": "string",
  "state": "string",
  "created": "string",
  "updated": "string",
  "ticket_type": "string",
  "category": "string",
  "type": "string",
  "escalated": "string",
  "short_description": "string",
  "description": "string",
  "comments": [
    {
      "id": "string",
      "created": "string",
      "author": "string",
      "body": "string"
    }
  ]
}

Response for Phishing Tickets

{
  "number": "string",
  "ticket_id": "string",
  "priority": "string",
  "state": "string",
  "created": "string",
  "updated": "string",
  "ticket_type": "string",
  "escalated": "string",
  "short_description": "string",
  "soar_case_id": "string",
  "soar_alert_ticket_id": "string",
  "phishing_investigation": "string",
  "analyst_notes": "string",
  "recommendations": "string",
  "comments": [
    {
      "id": "string",
      "created": "string",
      "author": "string",
      "body": "string"
    }
  ]
}

Get ticket attachments

Returns a list of dictionaries with the attachments data of the ticket.

Definition

GET https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Path Parameters

ticket_id string

Ticket ID of the ticket.

Example

curl -X 'GET' \
  'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <authentication_token>'

Response

Returns a list of dictionaries with the attachments data of the ticket. Returns a status code of 200 if successful.

[
  {
    "id": "string",
    "file_name": "string",
    "file_type": "string",
    "attachment_byte_data": "string"
  }
]

Get ticket attachment

Returns a dictionary with the attachment data.

Definition

GET https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments/{attachment_id}

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Path Parameters

ticket_id string

ID of the ticket.

attachment_id string

ID of the attachment.

Query Parameters

string_byte_data boolean

A value of true will return the response format below. If set to false or omitted, only the attachment will be returned.

Example

curl -X 'GET' \
  'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments/{attachment_id}?string_byte_data=true' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <authentication_token>'

Response

Returns a dictionary with the attachment data. Returns a status code of 200 if successful.

{
  "id": "string",
  "ticket_id": "string",
  "file_name": "string",
  "created_at": "string",
  "mime_type": "string",
  "bytes_data": "string"
}

Add a comment to a ticket

Provides the ability to add a comment to a ticket.

Definition

POST https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/comment

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Path Parameters

ticket_id string

Ticket ID of the ticket.

content_type

Set Content-Type to application/json.

Request Body Parameters

author string

Full name of the author of the comment.

body string

Body of the comment to add into the ticket.

Example

curl -X 'POST' \
  'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/comment' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {authentication_token}\
  -H 'Content-Type: application/json' \
  -d '{
  "author": "string",
  "body": "string"
}'

Response

Returns a status code of 201 if successful.

Close a ticket

Provides the ability to flag a ticket as closed.

Definition

POST https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/close

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Path Parameters

ticket_id string

Ticket ID of the ticket.

Query Parameters

comment string

Custom closure comment.

Optional.

Example

curl -X 'POST' \
  'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/close?comment=test' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {authentication_token}

Response

Returns a status code of 200 if successful.

Add an attachment to a ticket

Provides the ability to add an attachment to a ticket.

Definition

POST https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachment

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

content_type

Set Content-Type to multipart/form-data.

Path Parameters

ticket_id string

Ticket ID of the ticket.

Request Body Parameters

file string($binary)

Binary data of the document to be added as an attachment.

Example

curl -X 'POST' \
  'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachment' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {authentication_token} \
  -H 'Content-Type: multipart/form-data' \
  -F 'file={document}

Response

Returns a status code of 200 if successful.

Create a service request

Provides the ability to add a comment to a ticket.

Definition

POST https://tsi-api.cyderes.io/v2/tickets/create

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

content_type

Set Content-Type to application/json.

Request Body Parameters

name string

Full name of the author of the service request.

short_description string

Summary of the service request.

description string

Full description of the service request.

Example

curl -X 'POST' \
  'https://tsi-api.cyderes.io/v2/tickets/create' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {authentication_token} \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "string",
  "priority": "string",
  "category": "string",
  "type": "string",
  "short_description": "string",
  "description": "string"
}'

Response

Returns a status code of 201 if successful.

{
  "status": 201,
  "ticket_id": {ticket_id}
  "message": "Ticket has been created."
}

Get MISP IOCs

Returns a list of IOCs.

Definition

GET https://tsi-api.cyderes.io/misp

Header Parameters

authentication_token

Unique authentication token provided by Cyderes.

Path Parameters

There are two optional URL parameters:

created_from date

Desired start date to fetch IOCs from. The format should be YYYY-MM-DD hh:mm:ss (UTC), and the URL parsed.

created_to date

Desired end date to fetch IOCs until. The format should be YYYY-MM-DD hh:mm:ss (UTC), and the URL parsed.

* If no parameters are provided, then the API will return IOCs for the last 7 days.

Examples

Python

import requests

url = "https://tsi-api.cyderes.io/misp?created_from=2000-01-01 00%3A00%3A00&created_to=2000-01-02 00%3A00%3A00"

payload = {}
headers = {
  'Authorization': 'Bearer {AUTH_TOKEN}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.json())

cURL

curl --location 'https://tsi-api.cyderes.io/misp?created_from=2000-01-01 00%3A00%3A00&created_to=2000-01-02 00%3A00%3A00' \
--header 'Authorization: Bearer {AUTH_TOKEN}'

Sample Response Template

[
    {
        "Event": {
            "distribution": "123",
            "id": "123",
            "info": "Sample response",
            "org_id": "123",
            "orgc_id": "123",
            "uuid": "Sample response"
        },
        "category": "Sample response",
        "comment": "Sample response",
        "deleted": false,
        "disable_correlation": false,
        "distribution": "123",
        "event_id": "123",
        "first_seen": null,
        "id": "123",
        "last_seen": null,
        "object_id": "123",
        "object_relation": null,
        "sharing_group_id": "123",
        "timestamp": "123",
        "to_ids": true,
        "type": "Sample response",
        "uuid": "Sample response",
        "value": "Sample response"
    },
    {...}
  ]