TSI API v2¶
For testing and additional technical information, we also provide credentials and access on request to the Cyderes Swagger API: https://tsi-api.cyderes.io/docs
The Cyderes Ticket System Integration (TSI) API can be used to integrate third-party systems with the Cyderes Ticket System. This API allows third parties to do the following:
-
Get multiple tickets by type
-
Get ticket information
-
Get a ticket's attachments
-
Add a comment to a ticket
-
Close a ticket
-
Add an attachment to a ticket
-
Create a new service request ticket
-
Fetch MISP IOCs
Get tickets¶
Returns a list of tickets for a specific type of ticket. The tickets are returned sorted from newest to oldest based on the lookup field of created or updated.
Definition¶
GET https://tsi-api.cyderes.io/v2/tickets
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Query Parameters¶
skip integer
Number of tickets to skip.
Default: 0
limit integer
Number of tickets returned.
Range: 1 – 250
Default: 50
created_from date
Date parameter
Format: YYYY-MM-DD (UTC)
created_to date
Date parameter
Format: YYYY-MM-DD (UTC)
updated_from date
Date parameter
Format: YYYY-MM-DD (UTC)
updated_to date
Date parameter
Format: YYYY-MM-DD (UTC)
ticket_type string
Type of ticket to return.
Default: alert
Options:
-
all
-
alert
-
service_task
-
service_proactive
-
service_request
-
phishing
lookup_fields string
Field to sort responses for the search when it comes to date and time. Newest to oldest.
Default: created
Options:
-
created
-
updated
escalated_only boolean
Field to specify whether to only get the escalated tickets.
Default: true
Options:
-
true
-
false
include_raw_event boolean
Options:
-
true
-
false
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets?skip=0&limit=50&ticket_type=alert&lookup_fields=created&escalated_only=true' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <authentication_token>'
Response¶
Returns a list of dictionaries with the data for each ticket. The response body will be different based on the type of ticket selected. Below is a full schema of the response. Returns a status code of 200 if successful.
{
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"short_description": "string",
"description": "string",
"alert_description": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"phishing_investigation": "string",
"analyst_notes": "string",
"recommendations": "string",
"alert_insights": "string",
"alert_insights_html": "string",
"escalated": "True",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
}
Response for Alert Tickets¶
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"short_description": "string",
"alert_description": "string",
"alert_insights": "string",
"alert_insights_html": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"analyst_notes": "string",
"recommendations": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Response for Alert Tickets with Cyderes raw event payload¶
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"short_description": "string",
"alert_description": "string",
"alert_insights": "string",
"alert_insights_html": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"analyst_notes": "string",
"recommendations": "string",
"raw_event_description": "string"
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Response for Service Task Tickets¶
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"escalated": "string",
"short_description": "string",
"description": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Response for Service Proactive Tickets¶
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"escalated": "string",
"short_description": "string",
"description": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Response for Service Request Tickets¶
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"escalated": "string",
"short_description": "string",
"description": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Response for Phishing Tickets¶
[
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"escalated": "string",
"short_description": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"phishing_investigation": "string",
"analyst_notes": "string",
"recommendations": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
]
Get ticket¶
Returns a dictionary of the ticket data.
Definition¶
GET https://tsi-api.cyderes.io/v2/tickets/{ticket_id}
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Path Parameters¶
ticket_id string
Ticket ID of the ticket.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <authentication_token>'
Response¶
Returns a dictionary with the data for ticket. The response body will be different based on the type of ticket. Below is a full schema of the response. Returns a status code of 200 if successful.
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"short_description": "string",
"description": "string",
"alert_description": "string",
"alert_investigation": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"phishing_investigation": "string",
"analyst_notes": "string",
"recommendations": "string",
"escalated": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Response for Alert Tickets¶
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"short_description": "string",
"alert_description": "string",
"alert_investigation": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"analyst_notes": "string",
"recommendations": "string",
"escalated": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Response for Service Task Tickets¶
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"escalated": "string",
"short_description": "string",
"description": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Response for Service Proactive Tickets¶
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"escalated": "string",
"short_description": "string",
"description": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Response for Service Request Tickets¶
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"category": "string",
"type": "string",
"escalated": "string",
"short_description": "string",
"description": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Response for Phishing Tickets¶
{
"number": "string",
"ticket_id": "string",
"priority": "string",
"state": "string",
"created": "string",
"updated": "string",
"ticket_type": "string",
"escalated": "string",
"short_description": "string",
"soar_case_id": "string",
"soar_alert_ticket_id": "string",
"phishing_investigation": "string",
"analyst_notes": "string",
"recommendations": "string",
"comments": [
{
"id": "string",
"created": "string",
"author": "string",
"body": "string"
}
]
}
Get ticket attachments¶
Returns a list of dictionaries with the attachments data of the ticket.
Definition¶
GET https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Path Parameters¶
ticket_id string
Ticket ID of the ticket.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <authentication_token>'
Response¶
Returns a list of dictionaries with the attachments data of the ticket. Returns a status code of 200 if successful.
[
{
"id": "string",
"file_name": "string",
"file_type": "string",
"attachment_byte_data": "string"
}
]
Get ticket attachment¶
Returns a dictionary with the attachment data.
Definition¶
GET https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments/{attachment_id}
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Path Parameters¶
ticket_id string
ID of the ticket.
attachment_id string
ID of the attachment.
Query Parameters¶
string_byte_data boolean
A value of true
will return the response format below. If set to false
or omitted, only the attachment will be returned.
Example¶
curl -X 'GET' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachments/{attachment_id}?string_byte_data=true' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <authentication_token>'
Response¶
Returns a dictionary with the attachment data. Returns a status code of 200 if successful.
{
"id": "string",
"ticket_id": "string",
"file_name": "string",
"created_at": "string",
"mime_type": "string",
"bytes_data": "string"
}
Add a comment to a ticket¶
Provides the ability to add a comment to a ticket.
Definition¶
POST https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/comment
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Path Parameters¶
ticket_id string
Ticket ID of the ticket.
content_type
Set Content-Type to application/json.
Request Body Parameters¶
author string
Full name of the author of the comment.
body string
Body of the comment to add into the ticket.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/comment' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {authentication_token}\
-H 'Content-Type: application/json' \
-d '{
"author": "string",
"body": "string"
}'
Response¶
Returns a status code of 201 if successful.
Close a ticket¶
Provides the ability to flag a ticket as closed.
Definition¶
POST https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/close
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Path Parameters¶
ticket_id string
Ticket ID of the ticket.
Query Parameters¶
comment string
Custom closure comment.
Optional.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/close?comment=test' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {authentication_token}
Response¶
Returns a status code of 200 if successful.
Add an attachment to a ticket¶
Provides the ability to add an attachment to a ticket.
Definition¶
POST https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachment
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
content_type
Set Content-Type to multipart/form-data
.
Path Parameters¶
ticket_id string
Ticket ID of the ticket.
Request Body Parameters¶
file string($binary)
Binary data of the document to be added as an attachment.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/{ticket_id}/attachment' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {authentication_token} \
-H 'Content-Type: multipart/form-data' \
-F 'file={document}
Response¶
Returns a status code of 200 if successful.
Create a service request¶
Provides the ability to add a comment to a ticket.
Definition¶
POST https://tsi-api.cyderes.io/v2/tickets/create
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
content_type
Set Content-Type to application/json.
Request Body Parameters¶
name string
Full name of the author of the service request.
short_description string
Summary of the service request.
description string
Full description of the service request.
Example¶
curl -X 'POST' \
'https://tsi-api.cyderes.io/v2/tickets/create' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {authentication_token} \
-H 'Content-Type: application/json' \
-d '{
"name": "string",
"priority": "string",
"category": "string",
"type": "string",
"short_description": "string",
"description": "string"
}'
Response¶
Returns a status code of 201 if successful.
{
"status": 201,
"ticket_id": {ticket_id}
"message": "Ticket has been created."
}
Get MISP IOCs¶
Returns a list of IOCs.
Definition¶
GET https://tsi-api.cyderes.io/misp
Header Parameters¶
authentication_token
Unique authentication token provided by Cyderes.
Path Parameters¶
There are two optional URL parameters:
created_from date
Desired start date to fetch IOCs from. The format should be YYYY-MM-DD hh:mm:ss (UTC)
, and the URL parsed.
created_to date
Desired end date to fetch IOCs until. The format should be YYYY-MM-DD hh:mm:ss (UTC)
, and the URL parsed.
* If no parameters are provided, then the API will return IOCs for the last 7 days.
Examples¶
Python¶
import requests
url = "https://tsi-api.cyderes.io/misp?created_from=2000-01-01 00%3A00%3A00&created_to=2000-01-02 00%3A00%3A00"
payload = {}
headers = {
'Authorization': 'Bearer {AUTH_TOKEN}'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.json())
cURL¶
curl --location 'https://tsi-api.cyderes.io/misp?created_from=2000-01-01 00%3A00%3A00&created_to=2000-01-02 00%3A00%3A00' \
--header 'Authorization: Bearer {AUTH_TOKEN}'
Sample Response Template¶
[
{
"Event": {
"distribution": "123",
"id": "123",
"info": "Sample response",
"org_id": "123",
"orgc_id": "123",
"uuid": "Sample response"
},
"category": "Sample response",
"comment": "Sample response",
"deleted": false,
"disable_correlation": false,
"distribution": "123",
"event_id": "123",
"first_seen": null,
"id": "123",
"last_seen": null,
"object_id": "123",
"object_relation": null,
"sharing_group_id": "123",
"timestamp": "123",
"to_ids": true,
"type": "Sample response",
"uuid": "Sample response",
"value": "Sample response"
},
{...}
]