swagger: "2.0" info: { version: "", title: "" } paths: /tickets: get: tags: [ "tickets" ] summary: "List tickets" operationId: "listTickets" parameters: - { name: "type", in: "query", description: "Ticket Type", type: string } - { name: "offset", in: "query", description: "Offset of the list", type: integer, default: 0 } - { name: "count", in: "query", description: "Number of tickets", type: integer, maximum: 100, default: 25 } - { name: "sort", in: "query", description: "Sort columns", type: array, items: { type: string } } #, example: [ "name", "id" ] - { name: "desc", in: "query", description: "Sort descending", type: array, items: { type: boolean } } #, example: [ false, true ] - { name: "query", in: "query", description: "Search query", type: string } responses: "200": description: "successful operation" schema: { $ref: '#/definitions/TicketList' } examples: test: count: 3 tickets: - id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } - { id: 8125, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z",name: "phishing from selenafadel@von.com detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ],"schema": "{}", status: "closed", type: "alert" } - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:read" ] } ] post: tags: [ "tickets" ] summary: "Create a new ticket" operationId: "createTicket" parameters: - { name: "ticket", in: "body", description: "New ticket", required: true, schema: { $ref: "#/definitions/TicketForm" }, x-example: { id: 123, owner: bob, name: "Wannacry infection", status: "open", type: "incident" } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketResponse" } examples: test: id: 123 name: "Wannacry infection" type: "incident" status: "open" created: "2021-12-12T12:12:12.000000012Z" modified: "2021-12-12T12:12:12.000000012Z" owner: "bob" schema: "{}" security: [ { roles: [ "ticket:write" ] } ] /tickets/batch: post: tags: [ "tickets" ] summary: "Create a new tickets in batch" operationId: "createTicketBatch" parameters: - { name: "ticket", in: "body", description: "New ticket", required: true, schema: { $ref: "#/definitions/TicketFormArray" }, x-example: [ { id: 123, owner: bob, name: "Wannacry infection", status: "open", type: "incident" } ] } responses: "204": { description: "successful operation" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}: get: tags: [ "tickets" ] summary: "Get a single ticket" operationId: "getTicket" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8125 created: "2021-10-02T16:04:59.078186Z" modified: "2021-10-02T16:04:59.078186Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: - href: "https://www.seniorleading-edge.name/users/efficient" name: "recovery" - href: "http://www.dynamicseamless.com/clicks-and-mortar" name: "force" - href: "http://www.leadscalable.biz/envisioneer" name: "fund" schema: "{}" status: "closed" type: "alert" tickets: - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:read" ] } ] put: tags: [ "tickets" ] summary: "Update an existing ticket" operationId: "updateTicket" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } - { name: "ticket", in: "body", description: "Updated ticket", required: true, schema: { $ref: "#/definitions/Ticket" }, x-example: { "created": "2021-12-12T12:12:12.000000012Z",modified: "2021-12-12T12:12:12.000000012Z", name: "phishing from selenafadel@von.org detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ], schema: "{}", status: "closed", type: "alert" } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8125 created: "2021-12-12T12:12:12.000000012Z" modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.org detected" owner: "demo" references: - href: "https://www.seniorleading-edge.name/users/efficient" name: "recovery" - href: "http://www.dynamicseamless.com/clicks-and-mortar" name: "force" - href: "http://www.leadscalable.biz/envisioneer" name: "fund" schema: "{}" status: "closed" type: "alert" tickets: - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] delete: tags: [ "tickets" ] summary: "Delete an ticket" operationId: "deleteTicket" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } responses: "204": { description: "successful operation" } security: [ { roles: [ "ticket:delete" ] } ] /tickets/{id}/tickets: patch: tags: [ "tickets" ] summary: "Link an ticket to an ticket" operationId: "linkTicket" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8126 } - { name: "linkedID", in: "body", description: "Added ticket ID", required: true, schema: { type: integer, format: "int64" }, x-example: 8123 } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8126 created: "2021-10-02T16:04:59.078186Z" modified: "2021-10-02T16:04:59.078186Z" name: "Surfaceintroduce virus detected" owner: "demo" references: - { "href": "http://www.centralworld-class.io/synthesize", "name": "university" } - { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" } - { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } schema: "{}" status: "closed" type: "alert" tickets: - id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } - id: 8125 created: "2021-10-02T16:04:59.078186Z" modified: "2021-10-02T16:04:59.078186Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: - { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" } - { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" } - { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } "schema": "{}" status: "closed" type: "alert" security: [ { roles: [ "ticket:write" ] } ] delete: tags: [ "tickets" ] summary: "Unlink an ticket to an ticket" operationId: "unlinkTicket" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8126 } - { name: "linkedID", in: "body", description: "Added ticket ID", required: true, schema: { type: integer, format: "int64" }, x-example: 8125 } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8126 created: "2021-10-02T16:04:59.078186Z" modified: "2021-10-02T16:04:59.078186Z" name: "Surfaceintroduce virus detected" owner: "demo" references: - { href: "http://www.centralworld-class.io/synthesize", name: "university" } - { href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" } - { href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } "schema": "{}" status: "closed" type: "alert" security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/comments: post: tags: [ "tickets" ] summary: "Add ticket comment" operationId: "addComment" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } - { name: "comment", in: "body", description: "Ticket comment", required: true, schema: { $ref: "#/definitions/CommentForm" } , x-example: { message: "My first comment" } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8125 created: "2021-10-02T16:04:59.078186Z" modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.com detected" owner: "demo" comments: - created: "2021-12-12T12:12:12.000000012Z" creator: "bob" message: "My first comment" references: - { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" } - { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" } - { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } "schema": "{}" status: "closed" type: "alert" tickets: - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/comments/{commentID}: delete: tags: [ "tickets" ] summary: "Remove an comment from an ticket" description: "Comment will be removed from the ticket." operationId: "removeComment" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "commentID", in: "path", description: "Comment ID to remove", required: true, type: integer, x-example: 0 } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/references: put: tags: [ "tickets" ] summary: "Set ticket references" operationId: "setReferences" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } - { name: "references", in: "body", description: "All ticket references", required: true, schema: { $ref: "#/definitions/ReferenceArray" }, x-example: [ { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ] } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8125 created: "2021-10-02T16:04:59.078186Z" modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: [ { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ] "schema": "{}" status: "closed" type: "alert" tickets: - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/schema: put: tags: [ "tickets" ] summary: "Set ticket schema" operationId: "setSchema" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } - { name: "schema", in: "body", description: "New ticket schema", required: true, schema: { type: string }, x-example: "{}" } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8125 created: "2021-10-02T16:04:59.078186Z" modified: "2021-10-02T16:04:59.078186Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: - { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" } - { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" } - { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } "schema": "{}" status: "closed" type: "alert" tickets: - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/playbooks: post: tags: [ "tickets" ] summary: "Add a new ticket playbook" operationId: "addTicketPlaybook" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } - { name: "playbook", in: "body", description: "Ticket playbook object that needs to be added", required: true, schema: { $ref: "#/definitions/PlaybookTemplateForm" }, x-example: { yaml: "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8125 name: phishing from selenafadel@von.com detected owner: demo type: "alert" status: "closed" created: "2021-10-02T16:04:59.078186Z" modified: "2021-12-12T12:12:12.000000012Z" schema: "{}" tickets: - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } references: - { href: "https://www.seniorleading-edge.name/users/efficient", name: recovery } - { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: force } - { href: "http://www.leadscalable.biz/envisioneer", name: fund } playbooks: simple: name: Simple tasks: input: active: true done: false created: "2021-12-12T12:12:12.000000012Z" order: 0 name: Upload malware if possible type: input schema: title: Malware type: object properties: malware: type: string title: Select malware default: "" next: hash: "malware != ''" hash: active: false done: false created: "2021-12-12T12:12:12.000000012Z" order: 1 name: Hash the malware type: automation automation: hash.sha1 payload: default: "playbook.tasks['input'].data['malware']" next: escalate: "" escalate: active: false done: false created: "2021-12-12T12:12:12.000000012Z" order: 2 name: Escalate to malware team type: task security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/playbooks/{playbookID}: delete: tags: [ "tickets" ] summary: "Remove an ticket playbook" operationId: "removeTicketPlaybook" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 name: "live zebra" type: "incident" status: "closed" created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" owner: "demo" references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: performance } - { href: "http://www.corporateinteractive.name/rich", name: autumn } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: suggest } schema: | { "definitions": {}, "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://example.com/object1618746510.json", "title": "Event", "type": "object", "required": [ "severity", "description", "tlp" ], "properties": { "severity": { "$id": "#root/severity", "title": "Severity", "type": "string", "default": "Medium", "nx-enum": [ "Low", "Medium", "High" ], "x-cols": 6, "x-class": "pr-2", "x-display": "icon", "x-itemIcon": "icon", "oneOf": [ { "const": "Low", "title": "Low", "icon": "mdi-chevron-up" }, { "const": "Medium", "title": "Medium", "icon": "mdi-chevron-double-up" }, { "const": "High", "title": "High", "icon": "mdi-chevron-triple-up" } ] }, "tlp": { "$id": "#root/tlp", "title": "TLP", "type": "string", "nx-enum": [ "White", "Green", "Amber", "Red" ], "x-cols": 6, "x-class": "pr-2", "x-display": "icon", "x-itemIcon": "icon", "oneOf": [ { "const": "White", "title": "White", "icon": "mdi-alpha-w" }, { "const": "Green", "title": "Green", "icon": "mdi-alpha-g" }, { "const": "Amber", "title": "Amber", "icon": "mdi-alpha-a" }, { "const": "Red", "title": "Red", "icon": "mdi-alpha-r" } ] }, "description": { "$id": "#root/description", "title": "Description", "type": "string", "x-display": "textarea", "x-class": "pr-2" } } } artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/playbooks/{playbookID}/task/{taskID}: put: tags: [ "tickets" ] summary: "Set a ticket playbook task data" operationId: "setTaskData" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" } - { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" } - { name: "data", in: "body", description: "Task data", required: true, schema: { type: object }, x-example: { boardInvolved: true } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/playbooks/{playbookID}/task/{taskID}/owner: put: tags: [ "tickets" ] summary: "Set a ticket playbook task owner" operationId: "setTaskOwner" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" } - { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" } - { name: "owner", in: "body", description: "Task owner", required: true, schema: { type: string }, x-example: "eve" } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", owner: "eve" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/playbooks/{playbookID}/task/{taskID}/complete: put: tags: [ "tickets" ] summary: "Complete ticket playbook task" operationId: "completeTask" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" } - { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" } - { name: "data", in: "body", description: "Ticket playbook object that needs to be added", required: true, schema: { type: object }, x-example: { boardInvolved: true } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", closed: "2021-12-12T12:12:12.000000012Z", done: true, "active": false, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/playbooks/{playbookID}/task/{taskID}/run: post: tags: [ "tickets" ] summary: "Run ticket playbook task" operationId: "runTask" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" } - { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" } responses: "204": { description: "successful operation" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/artifacts: post: tags: [ "tickets" ] summary: "Add a single artifact" operationId: "addArtifact" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "artifact", in: "body", description: "Artifact object that needs to be added", required: true, schema: { $ref: "#/definitions/Artifact" }, x-example: { name: "2.2.2.2" } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } - { name: "2.2.2.2", status: "unknown", type: "ip" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/artifacts/{name}: get: tags: [ "tickets" ] summary: "Get a single artifact" operationId: "getArtifact" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/Artifact" } examples: test: { name: "leadreintermediate.io", status: "malicious" } security: [ { roles: [ "ticket:write" ] } ] put: tags: [ "tickets" ] summary: "Set a single artifact" operationId: "setArtifact" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" } - { name: "artifact", in: "body", required: true, schema: { $ref: "#/definitions/Artifact" }, x-example: { name: "leadreintermediate.io", status: "clean" } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "clean" } security: [ { roles: [ "ticket:write" ] } ] delete: tags: [ "tickets" ] summary: "Remove an artifact" operationId: "removeArtifact" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/artifacts/{name}/run/{automation}: post: tags: [ "tickets" ] summary: "Run automation on a single artifact" operationId: "runArtifact" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" } - { name: "automation", in: "path", required: true, type: string, x-example: "hash.sha1" } responses: "204": { description: "successful operation" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/artifacts/{name}/enrich: post: tags: [ "tickets" ] summary: "Enrich a single artifact" operationId: "enrichArtifact" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 } - { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" } - { name: "data", in: "body", required: true, schema: { $ref: "#/definitions/EnrichmentForm" }, x-example: { name: "hash.sha1", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } responses: "200": description: "successful operation" schema: { $ref: "#/definitions/TicketWithTickets" } examples: test: id: 8123 created: "2021-10-02T16:04:59.078206Z" modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } - { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" } "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" status: "closed" type: "incident" artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious", enrichments: { hash.sha1: { name: "hash.sha1", created: "2021-12-12T12:12:12.000000012Z", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } } security: [ { roles: [ "ticket:write" ] } ] definitions: TicketFormArray: type: array items: { $ref: "#/definitions/TicketForm" } TicketForm: type: object required: [ name, type, status ] properties: id: { type: integer, format: int64, example: 123 } name: { type: string, example: WannyCry } type: { type: string, example: incident } status: { type: string, example: "open" } owner: { type: string, example: "bob" } write: { type: array, items: { type: string }, example: [ "alice" ] } read: { type: array, items: { type: string }, example: [ "bob" ] } schema: { type: string, example: "{}" } details: { type: object, example: { "description": "my little incident" } } references: { type: array, items: { $ref: '#/definitions/Reference' } } playbooks: { type: array, items: { $ref: '#/definitions/PlaybookTemplateForm' } } files: { type: array, items: { $ref: '#/definitions/File' } } comments: { type: array, items: { $ref: '#/definitions/Comment' } } artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } } created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } Ticket: type: object required: [ name, type, status, created, modified, schema ] properties: name: { type: string, example: WannyCry } type: { type: string, example: incident } status: { type: string, example: "open" } owner: { type: string, example: "bob" } write: { type: array, items: { type: string }, example: [ "alice" ] } read: { type: array, items: { type: string }, example: [ "bob" ] } schema: { type: string, example: "{}" } details: { type: object, example: { "description": "my little incident" } } references: { type: array, items: { $ref: '#/definitions/Reference' } } playbooks: { type: object, additionalProperties: { $ref: '#/definitions/Playbook' } } files: { type: array, items: { $ref: '#/definitions/File' } } comments: { type: array, items: { $ref: '#/definitions/Comment' } } artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } } created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } TicketResponse: type: object required: [ id, name, type, status, created, modified, schema ] properties: id: { type: integer, format: int64, example: 123 } name: { type: string, example: WannyCry } type: { type: string, example: incident } status: { type: string, example: "open" } owner: { type: string, example: "bob" } write: { type: array, items: { type: string }, example: [ "alice" ] } read: { type: array, items: { type: string }, example: [ "bob" ] } schema: { type: string, example: "{}" } details: { type: object, example: { "description": "my little incident" } } references: { type: array, items: { $ref: '#/definitions/Reference' } } playbooks: { type: object, additionalProperties: { $ref: '#/definitions/PlaybookResponse' } } files: { type: array, items: { $ref: '#/definitions/File' } } comments: { type: array, items: { $ref: '#/definitions/Comment' } } artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } } created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } TicketSimpleResponse: type: object required: [ id, name, type, status, created, modified, schema ] properties: id: { type: integer, format: int64, example: 123 } name: { type: string, example: WannyCry } type: { type: string, example: incident } status: { type: string, example: "open" } owner: { type: string, example: "bob" } write: { type: array, items: { type: string }, example: [ "alice" ] } read: { type: array, items: { type: string }, example: [ "bob" ] } schema: { type: string, example: "{}" } details: { type: object, example: { "description": "my little incident" } } references: { type: array, items: { $ref: '#/definitions/Reference' } } playbooks: { type: object, additionalProperties: { $ref: '#/definitions/Playbook' } } files: { type: array, items: { $ref: '#/definitions/File' } } comments: { type: array, items: { $ref: '#/definitions/Comment' } } artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } } created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } TicketWithTickets: type: object required: [ id, name, type, status, created, modified, schema ] properties: id: { type: integer, format: int64, example: 123 } name: { type: string, example: WannyCry } type: { type: string, example: incident } status: { type: string, example: "open" } owner: { type: string, example: "bob" } write: { type: array, items: { type: string }, example: [ "alice" ] } read: { type: array, items: { type: string }, example: [ "bob" ] } schema: { type: string, example: "{}" } details: { type: object, example: { "description": "my little incident" } } references: { type: array, items: { $ref: '#/definitions/Reference' } } playbooks: { type: object, additionalProperties: { $ref: '#/definitions/PlaybookResponse' } } files: { type: array, items: { $ref: '#/definitions/File' } } comments: { type: array, items: { $ref: '#/definitions/Comment' } } artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } } logs: { type: array, items: { $ref: '#/definitions/LogEntry' } } created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" } tickets: { type: array, items: { $ref: "#/definitions/TicketSimpleResponse" } } correlated_tickets: { type: array, items: { $ref: "#/definitions/TicketSimpleResponse" } } TicketList: type: object required: [ tickets, count ] properties: tickets: { type: array, items: { $ref: "#/definitions/TicketSimpleResponse" } } count: { type: number, example: 3 } CommentForm: type: object required: [ message ] properties: creator: { type: string } created: { type: string, format: "date-time" } message: { type: string } Comment: type: object required: [ creator, created, message ] properties: creator: { type: string } created: { type: string, format: "date-time" } message: { type: string } ReferenceArray: type: array items: { $ref: '#/definitions/Reference' } Reference: type: object required: [ name, href ] properties: name: { type: string, example: "CVE-2017-0144" } href: { type: string, example: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0144" } File: type: object required: [ key, name ] properties: key: { type: string, example: "myfile" } name: { type: string, example: "notes.docx" } Playbook: type: object required: [ name, tasks ] properties: name: { type: string, example: "Phishing" } tasks: { type: object, additionalProperties: { $ref: '#/definitions/Task' } } PlaybookResponse: type: object required: [ name, tasks ] properties: name: { type: string, example: "Phishing" } tasks: { type: object, additionalProperties: { $ref: '#/definitions/TaskResponse' } }