// Code generated by go-swagger; DO NOT EDIT. package restapi // This file was generated by the swagger tool. // Editing this file might prove futile when you re-run the swagger generate command import ( "encoding/json" ) var ( // SwaggerJSON embedded version of the swagger document used at generation time SwaggerJSON json.RawMessage // FlatSwaggerJSON embedded flattened version of the swagger document used at generation time FlatSwaggerJSON json.RawMessage ) func init() { SwaggerJSON = json.RawMessage([]byte(`{ "consumes": [ "application/json" ], "produces": [ "application/json" ], "schemes": [ "http" ], "swagger": "2.0", "info": { "description": "API for the catalyst incident response platform." }, "host": ".", "basePath": "/api", "paths": { "/automations": { "get": { "security": [ { "roles": [ "automation:read" ] } ], "tags": [ "automations" ], "summary": "List automations", "operationId": "listAutomations", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/AutomationResponse" } }, "examples": { "test": [ { "id": "comment", "image": "docker.io/python:3", "script": "", "type": [ "playbook" ] }, { "id": "hash.sha1", "image": "docker.io/python:3", "schema": "{\"title\":\"Input\",\"type\":\"object\",\"properties\":{\"default\":{\"type\":\"string\",\"title\":\"Value\"}},\"required\":[\"default\"]}", "script": "", "type": [ "global", "artifact", "playbook" ] }, { "id": "thehive", "image": "docker.io/python:3", "schema": "{\"title\":\"TheHive credentials\",\"type\":\"object\",\"properties\":{\"thehiveurl\":{\"type\":\"string\",\"title\":\"TheHive URL (e.g. 'https://thehive.example.org')\"},\"thehivekey\":{\"type\":\"string\",\"title\":\"TheHive API Key\"},\"skip_files\":{\"type\":\"boolean\", \"default\": true, \"title\":\"Skip Files (much faster)\"},\"keep_ids\":{\"type\":\"boolean\", \"default\": true, \"title\":\"Keep IDs and overwrite existing IDs\"}},\"required\":[\"thehiveurl\", \"thehivekey\", \"skip_files\", \"keep_ids\"]}", "script": "", "type": [ "global" ] }, { "id": "vt.hash", "image": "docker.io/python:3", "schema": "{\"title\":\"Input\",\"type\":\"object\",\"properties\":{\"default\":{\"type\":\"string\",\"title\":\"Value\"}},\"required\":[\"default\"]}", "script": "", "type": [ "global", "artifact", "playbook" ] } ] } } } }, "post": { "security": [ { "roles": [ "automation:write" ] } ], "tags": [ "automations" ], "summary": "Create a new automation", "operationId": "createAutomation", "parameters": [ { "x-example": { "id": "hash-sha-256", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))\n return {'hash': sha256.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global" ] }, "description": "New automation", "name": "automation", "in": "body", "required": true, "schema": { "$ref": "#/definitions/AutomationForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/AutomationResponse" }, "examples": { "test": { "id": "hash-sha-256", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))\n return {'hash': sha256.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global" ] } } } } } }, "/automations/{id}": { "get": { "security": [ { "roles": [ "automation:read" ] } ], "tags": [ "automations" ], "summary": "Get a single automation", "operationId": "getAutomation", "parameters": [ { "type": "string", "x-example": "hash.sha1", "description": "Automation ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/AutomationResponse" }, "examples": { "test": { "id": "hash.sha1", "image": "docker.io/python:3", "schema": "{\"title\":\"Input\",\"type\":\"object\",\"properties\":{\"default\":{\"type\":\"string\",\"title\":\"Value\"}},\"required\":[\"default\"]}", "script": "#!/usr/bin/env python\n\nimport sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha1 = hashlib.sha1(msg['payload']['default'].encode('utf-8'))\n return {\"hash\": sha1.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global", "artifact", "playbook" ] } } } } }, "put": { "security": [ { "roles": [ "automation:write" ] } ], "tags": [ "automations" ], "summary": "Update an existing automation", "operationId": "updateAutomation", "parameters": [ { "type": "string", "x-example": "hash.sha1", "description": "Automation ID", "name": "id", "in": "path", "required": true }, { "x-example": { "id": "hash.sha1", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))\n return {'hash': sha1.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global", "artifact", "playbook" ] }, "description": "Automation object that needs to be added", "name": "automation", "in": "body", "required": true, "schema": { "$ref": "#/definitions/AutomationForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/AutomationResponse" }, "examples": { "test": { "id": "hash.sha1", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))\n return {'hash': sha1.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global", "artifact", "playbook" ] } } } } }, "delete": { "security": [ { "roles": [ "automation:write" ] } ], "tags": [ "automations" ], "summary": "Delete a automation", "operationId": "deleteAutomation", "parameters": [ { "type": "string", "x-example": "hash.sha1", "description": "Automation ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/currentuser": { "get": { "security": [ { "roles": [ "currentuser:read" ] } ], "tags": [ "users" ], "summary": "Get current user", "operationId": "currentUser", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserResponse" }, "examples": { "test": { "apikey": false, "blocked": false, "id": "bob", "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } } } } } }, "/currentuserdata": { "get": { "security": [ { "roles": [ "currentuserdata:read" ] } ], "tags": [ "userdata" ], "summary": "Get current user data", "operationId": "currentUserData", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } }, "put": { "security": [ { "roles": [ "currentuserdata:write" ] } ], "tags": [ "userdata" ], "summary": "Update current user data", "operationId": "updateCurrentUserData", "parameters": [ { "x-example": { "email": "bob@example.org", "name": "Bob Bad" }, "description": "User data object that needs to be added", "name": "userdata", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserData" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } } }, "/jobs": { "get": { "security": [ { "roles": [ "job:read" ] } ], "tags": [ "jobs" ], "summary": "List jobs", "operationId": "listJobs", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/JobResponse" } }, "examples": { "test": [ { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "created" } ] } } } }, "post": { "security": [ { "roles": [ "job:write" ] } ], "tags": [ "jobs" ], "summary": "Start a new job", "operationId": "runJob", "parameters": [ { "x-example": { "automation": "hash.sha1", "message": { "payload": "test" } }, "description": "New job", "name": "job", "in": "body", "required": true, "schema": { "$ref": "#/definitions/JobForm" } } ], "responses": { "204": { "description": "successful operation" } } } }, "/jobs/{id}": { "get": { "security": [ { "roles": [ "job:read" ] } ], "tags": [ "jobs" ], "summary": "Get a single job", "operationId": "getJob", "parameters": [ { "type": "string", "x-example": "99cd67131b48", "description": "Job ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/JobResponse" }, "examples": { "test": { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "created" } } } } }, "put": { "security": [ { "roles": [ "job:write" ] } ], "tags": [ "jobs" ], "summary": "Update an existing job", "operationId": "updateJob", "parameters": [ { "type": "string", "x-example": "99cd67131b48", "description": "Job ID", "name": "id", "in": "path", "required": true }, { "x-example": { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "failed" }, "description": "Job object that needs to be added", "name": "job", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Job" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/JobResponse" }, "examples": { "test": { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "failed" } } } } } }, "/logs/{reference}": { "get": { "security": [ { "roles": [ "log:read" ] } ], "tags": [ "logs" ], "summary": "Get log entries", "operationId": "getLogs", "parameters": [ { "type": "string", "x-example": "tickets%2F294511", "description": "Reference", "name": "reference", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/LogEntry" } }, "examples": { "test": [ { "created": "2021-10-02T18:05:00.333535+02:00", "creator": "bob", "message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference": "tickets/294511" } ] } } } } }, "/playbooks": { "get": { "security": [ { "roles": [ "playbook:read" ] } ], "tags": [ "playbooks" ], "summary": "List playbooks", "operationId": "listPlaybooks", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/PlaybookTemplateResponse" } }, "examples": { "test": [ { "id": "malware", "name": "Malware", "yaml": "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score \u003e 5\"\n # sandbox: \"score \u003c 6\" # unknown-malware\n" }, { "id": "phishing", "name": "Phishing", "yaml": "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n" }, { "id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n" } ] } } } }, "post": { "security": [ { "roles": [ "playbook:write" ] } ], "tags": [ "playbooks" ], "summary": "Create a playbook", "operationId": "createPlaybook", "parameters": [ { "x-example": { "yaml": "name: Simple2\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" }, "description": "New playbook", "name": "playbook", "in": "body", "required": true, "schema": { "$ref": "#/definitions/PlaybookTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/PlaybookTemplateResponse" } }, "examples": { "test": { "id": "simple-2", "name": "Simple2", "yaml": "name: Simple2\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } } } } } }, "/playbooks/{id}": { "get": { "security": [ { "roles": [ "playbook:read" ] } ], "tags": [ "playbooks" ], "summary": "Get a single playbook", "operationId": "getPlaybook", "parameters": [ { "type": "string", "x-example": "simple", "description": "Playbook name", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/PlaybookTemplateResponse" }, "examples": { "test": { "id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n" } } } } }, "put": { "security": [ { "roles": [ "playbook:write" ] } ], "tags": [ "playbooks" ], "summary": "Update an existing ticket playbook", "operationId": "updatePlaybook", "parameters": [ { "type": "string", "x-example": "simple", "description": "Playbook ID", "name": "id", "in": "path", "required": true }, { "x-example": { "yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" }, "description": "Updated playbook", "name": "playbook", "in": "body", "required": true, "schema": { "$ref": "#/definitions/PlaybookTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/PlaybookTemplateResponse" }, "examples": { "test": { "id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } } } } }, "delete": { "security": [ { "roles": [ "playbook:write" ] } ], "tags": [ "playbooks" ], "summary": "Delete a playbook", "operationId": "deletePlaybook", "parameters": [ { "type": "string", "x-example": "simple", "description": "Playbook name", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/settings": { "get": { "security": [ { "roles": [ "settings:read" ] } ], "tags": [ "settings" ], "summary": "Get settings", "operationId": "getSettings", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Settings" }, "examples": { "test": { "artifactStates": [ { "color": "info", "icon": "mdi-help-circle-outline", "id": "unknown", "name": "Unknown" }, { "color": "error", "icon": "mdi-skull", "id": "malicious", "name": "Malicious" }, { "color": "success", "icon": "mdi-check", "id": "clean", "name": "Clean" } ], "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], "ticketTypes": [ { "default_playbooks": null, "default_template": "default", "icon": "mdi-alert", "id": "alert", "name": "Alerts" }, { "default_playbooks": null, "default_template": "default", "icon": "mdi-radioactive", "id": "incident", "name": "Incidents" }, { "default_playbooks": null, "default_template": "default", "icon": "mdi-fingerprint", "id": "investigation", "name": "Forensic Investigations" }, { "default_playbooks": null, "default_template": "default", "icon": "mdi-target", "id": "hunt", "name": "Threat Hunting" } ], "tier": "community", "timeformat": "YYYY-MM-DDThh:mm:ss", "version": "0.0.0-test" } } } } } }, "/statistics": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "statistics" ], "summary": "Get statistics", "operationId": "getStatistics", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Statistics" }, "examples": { "test": { "open_tickets_per_user": {}, "tickets_per_type": { "alert": 2, "incident": 1 }, "tickets_per_week": { "2021-39": 3 }, "unassigned": 0 } } } } } }, "/tasks": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "tasks" ], "summary": "List tasks", "operationId": "listTasks", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/TaskResponse" } }, "examples": { "test": null } } } } }, "/templates": { "get": { "security": [ { "roles": [ "template:read" ] } ], "tags": [ "templates" ], "summary": "List templates", "operationId": "listTemplates", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/TicketTemplateResponse" } }, "examples": { "test": [ { "id": "default", "name": "Default", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Default\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } ] } } } }, "post": { "security": [ { "roles": [ "template:write" ] } ], "tags": [ "templates" ], "summary": "Create a new template", "operationId": "createTemplate", "parameters": [ { "x-example": { "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" }, "description": "New template", "name": "template", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTemplateResponse" }, "examples": { "test": { "id": "my-template", "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } } } } } }, "/templates/{id}": { "get": { "security": [ { "roles": [ "template:read" ] } ], "tags": [ "templates" ], "summary": "Get a single template", "operationId": "getTemplate", "parameters": [ { "type": "string", "x-example": "default", "description": "Template ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTemplateResponse" }, "examples": { "test": { "id": "default", "name": "Default", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Default\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } } } } }, "put": { "security": [ { "roles": [ "template:write" ] } ], "tags": [ "templates" ], "summary": "Update an existing template", "operationId": "updateTemplate", "parameters": [ { "type": "string", "x-example": "default", "description": "Template ID", "name": "id", "in": "path", "required": true }, { "x-example": { "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" }, "description": "Template object that needs to be added", "name": "template", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTemplateResponse" }, "examples": { "test": { "id": "default", "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } } } } }, "delete": { "security": [ { "roles": [ "template:write" ] } ], "tags": [ "templates" ], "summary": "Delete a template", "operationId": "deleteTemplate", "parameters": [ { "type": "string", "x-example": "default", "description": "Template ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "tickets" ], "summary": "List tickets", "operationId": "listTickets", "parameters": [ { "type": "string", "description": "Ticket Type", "name": "type", "in": "query" }, { "type": "integer", "default": 0, "description": "Offset of the list", "name": "offset", "in": "query" }, { "maximum": 100, "type": "integer", "default": 25, "description": "Number of tickets", "name": "count", "in": "query" }, { "type": "array", "items": { "type": "string" }, "description": "Sort columns", "name": "sort", "in": "query" }, { "type": "array", "items": { "type": "boolean" }, "description": "Sort descending", "name": "desc", "in": "query" }, { "type": "string", "description": "Search query", "name": "query", "in": "query" } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketList" }, "examples": { "test": { "count": 3, "tickets": [ { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "type": "task" }, "board": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" }, { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "type": "alert" }, { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ] } } } } }, "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Create a new ticket", "operationId": "createTicket", "parameters": [ { "x-example": { "id": 123, "name": "Wannacry infection", "owner": "bob", "status": "open", "type": "incident" }, "description": "New ticket", "name": "ticket", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "1985-04-12T23:20:50.52Z", "id": 123, "modified": "1985-04-12T23:20:50.52Z", "name": "Wannacry infection", "owner": "bob", "schema": "{}", "status": "open", "type": "incident" } } } } } }, "/tickets/batch": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Create a new tickets in batch", "operationId": "createTicketBatch", "parameters": [ { "x-example": [ { "id": 123, "name": "Wannacry infection", "owner": "bob", "status": "open", "type": "incident" } ], "description": "New ticket", "name": "ticket", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/TicketForm" } } } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "tickets" ], "summary": "Get a single ticket", "operationId": "getTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } }, "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Update an existing ticket", "operationId": "updateTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "created": "2021-10-02T18:04:59.078186+02:00", "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "type": "alert" }, "description": "Updated ticket", "name": "ticket", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Ticket" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } }, "delete": { "security": [ { "roles": [ "ticket:delete" ] } ], "tags": [ "tickets" ], "summary": "Delete an ticket", "operationId": "deleteTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}/artifacts": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Add a single artifact", "operationId": "addArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "name": "2.2.2.2" }, "description": "Artifact object that needs to be added", "name": "artifact", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Artifact" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" }, { "name": "2.2.2.2", "status": "unknown", "type": "ip" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/artifacts/{name}": { "get": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Get a single artifact", "operationId": "getArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Artifact" }, "examples": { "test": { "name": "leadreintermediate.io", "status": "malicious" } } } } }, "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set a single artifact", "operationId": "setArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true }, { "x-example": { "name": "leadreintermediate.io", "status": "clean" }, "name": "artifact", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Artifact" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "clean" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } }, "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Remove an artifact", "operationId": "removeArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/artifacts/{name}/enrich": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Enrich a single artifact", "operationId": "enrichArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true }, { "x-example": { "data": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" }, "name": "hash.sha1" }, "name": "data", "in": "body", "required": true, "schema": { "$ref": "#/definitions/EnrichmentForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Artifact" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "enrichments": { "hash.sha1": { "created": "2021-10-03T18:44:06.488923+02:00", "data": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" }, "name": "hash.sha1" } }, "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/artifacts/{name}/run/{automation}": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Run automation on a single artifact", "operationId": "runArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true }, { "type": "string", "x-example": "hash.sha1", "name": "automation", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}/comments": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Add ticket comment", "operationId": "addComment", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "message": "My first comment" }, "description": "Ticket comment", "name": "comment", "in": "body", "required": true, "schema": { "$ref": "#/definitions/CommentForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "comments": [ { "created": "2021-10-02T18:04:59.078186+02:00", "creator": "bob", "message": "My first comment" } ], "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/comments/{commentID}": { "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "description": "Comment will be removed from the ticket.", "tags": [ "tickets" ], "summary": "Remove an comment from an ticket", "operationId": "removeComment", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "integer", "x-example": 0, "description": "Comment ID to remove", "name": "commentID", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/files": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "description": "Link files to an ticket. The files themself will be stored in object storage.", "tags": [ "tickets" ], "summary": "Link files to an ticket", "operationId": "linkFiles", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": [ { "key": "myfile", "name": "document.doc" } ], "description": "Added files", "name": "files", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/File" } } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "files": [ { "key": "myfile", "name": "document.doc" } ], "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/playbooks": { "post": { "tags": [ "tickets" ], "summary": "Add a new ticket playbook", "operationId": "addTicketPlaybook", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" }, "description": "Ticket playbook object that needs to be added", "name": "playbook", "in": "body", "required": true, "schema": { "$ref": "#/definitions/PlaybookTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "1985-04-12T23:20:50.52Z", "id": 8125, "modified": "1985-04-12T23:20:50.52Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "playbooks": { "simple": { "name": "Simple", "tasks": { "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to malware team", "order": 2, "type": "task" }, "hash": { "active": false, "automation": "hash.sha1", "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Hash the malware", "next": { "escalate": "" }, "order": 1, "payload": { "default": "playbook.tasks['input'].data['malware']" }, "type": "automation" }, "input": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Upload malware if possible", "next": { "hash": "malware != ''" }, "order": 0, "schema": { "properties": { "malware": { "default": "", "title": "Select malware", "type": "string" } }, "title": "Malware", "type": "object" }, "type": "input" } } } }, "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/playbooks/{playbookID}": { "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Remove an ticket playbook", "operationId": "removeTicketPlaybook", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "1985-04-12T23:20:50.52Z", "id": 8123, "modified": "1985-04-12T23:20:50.52Z", "name": "live zebra", "owner": "demo", "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/playbooks/{playbookID}/task/{taskID}": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set a ticket playbook task", "operationId": "setTask", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true }, { "type": "string", "x-example": "board", "description": "Task ID", "name": "taskID", "in": "path", "required": true }, { "x-example": { "active": true, "data": { "boardInvolved": true }, "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "description": "Task", "name": "task", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Task" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "data": { "boardInvolved": true }, "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/playbooks/{playbookID}/task/{taskID}/complete": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Complete ticket playbook task", "operationId": "completeTask", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true }, { "type": "string", "x-example": "board", "description": "Task ID", "name": "taskID", "in": "path", "required": true }, { "x-example": { "boardInvolved": true }, "description": "Ticket playbook object that needs to be added", "name": "data", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": false, "closed": "2021-10-02T18:04:59.078186+02:00", "created": "2021-10-02T18:04:59.078186+02:00", "data": { "boardInvolved": true }, "done": true, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/playbooks/{playbookID}/task/{taskID}/run": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Run ticket playbook task", "operationId": "runTask", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true }, { "type": "string", "x-example": "board", "description": "Task ID", "name": "taskID", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}/references": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set ticket references", "operationId": "setReferences", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": [ { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "description": "All ticket references", "name": "references", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/Reference" } } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/schema": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set ticket schema", "operationId": "setSchema", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": "{}", "description": "New ticket schema", "name": "schema", "in": "body", "schema": { "type": "string" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/tickets": { "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Unlink an ticket to an ticket", "operationId": "unlinkTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8126, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": 8125, "description": "Added ticket ID", "name": "linkedID", "in": "body", "required": true, "schema": { "type": "integer", "format": "int64" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } } } } }, "patch": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Link an ticket to an ticket", "operationId": "linkTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8126, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": 8123, "description": "Added ticket ID", "name": "linkedID", "in": "body", "required": true, "schema": { "type": "integer", "format": "int64" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "tickets": [ { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "type": "task" }, "board": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" }, { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickettypes": { "get": { "security": [ { "roles": [ "tickettype:read" ] } ], "tags": [ "tickettypes" ], "summary": "List tickettypes", "operationId": "listTicketTypes", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/TicketTypeResponse" } }, "examples": { "test": [ { "default_playbooks": null, "default_template": "default", "icon": "mdi-alert", "id": "alert", "name": "Alerts" }, { "default_playbooks": null, "default_template": "default", "icon": "mdi-radioactive", "id": "incident", "name": "Incidents" }, { "default_playbooks": null, "default_template": "default", "icon": "mdi-fingerprint", "id": "investigation", "name": "Forensic Investigations" }, { "default_playbooks": null, "default_template": "default", "icon": "mdi-target", "id": "hunt", "name": "Threat Hunting" } ] } } } }, "post": { "security": [ { "roles": [ "tickettype:write" ] } ], "tags": [ "tickettypes" ], "summary": "Create a new tickettype", "operationId": "createTicketType", "parameters": [ { "x-example": { "default_playbooks": null, "default_template": "default", "icon": "mdi-newspaper-variant-outline", "name": "TI Tickets" }, "description": "New tickettype", "name": "tickettype", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTypeForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTypeResponse" }, "examples": { "test": { "default_playbooks": null, "default_template": "default", "icon": "mdi-newspaper-variant-outline", "id": "ti-tickets", "name": "TI Tickets" } } } } } }, "/tickettypes/{id}": { "get": { "security": [ { "roles": [ "tickettype:read" ] } ], "tags": [ "tickettypes" ], "summary": "Get a single tickettype", "operationId": "getTicketType", "parameters": [ { "type": "string", "x-example": "alert", "description": "TicketType ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTypeResponse" }, "examples": { "test": { "default_playbooks": null, "default_template": "default", "icon": "mdi-alert", "id": "alert", "name": "Alerts" } } } } }, "put": { "security": [ { "roles": [ "tickettype:write" ] } ], "tags": [ "tickettypes" ], "summary": "Update an existing tickettype", "operationId": "updateTicketType", "parameters": [ { "type": "string", "x-example": "alert", "description": "TicketType ID", "name": "id", "in": "path", "required": true }, { "x-example": { "default_playbooks": null, "default_template": "default", "icon": "mdi-bell", "id": "alert", "name": "Alerts" }, "description": "TicketType object that needs to be added", "name": "tickettype", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTypeForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTypeResponse" }, "examples": { "test": { "default_playbooks": null, "default_template": "default", "icon": "mdi-bell", "id": "alert", "name": "Alerts" } } } } }, "delete": { "security": [ { "roles": [ "tickettype:write" ] } ], "tags": [ "tickettypes" ], "summary": "Delete a tickettype", "operationId": "deleteTicketType", "parameters": [ { "type": "string", "x-example": "alert", "description": "TicketType ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/userdata": { "get": { "security": [ { "roles": [ "userdata:read" ] } ], "tags": [ "userdata" ], "summary": "List userdata", "operationId": "listUserData", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/UserDataResponse" } }, "examples": { "test": [ { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } ] } } } } }, "/userdata/{id}": { "get": { "security": [ { "roles": [ "userdata:read" ] } ], "tags": [ "userdata" ], "summary": "Get a single user data", "operationId": "getUserData", "parameters": [ { "type": "string", "x-example": "bob", "description": "User Data ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } }, "put": { "security": [ { "roles": [ "userdata:write" ] } ], "tags": [ "userdata" ], "summary": "Update an existing user data", "operationId": "updateUserData", "parameters": [ { "type": "string", "x-example": "bob", "description": "User Data ID", "name": "id", "in": "path", "required": true }, { "x-example": { "blocked": false, "email": "bob@example.org", "name": "Bob Bad" }, "description": "User data object that needs to be added", "name": "userdata", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserData" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } } }, "/users": { "get": { "security": [ { "roles": [ "user:read" ] } ], "tags": [ "users" ], "summary": "List users", "operationId": "listUsers", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/UserResponse" } }, "examples": { "test": [ { "apikey": false, "blocked": false, "id": "bob", "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] }, { "apikey": true, "blocked": false, "id": "script", "roles": [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } ] } } } }, "post": { "security": [ { "roles": [ "user:write" ] } ], "tags": [ "users" ], "summary": "Create user", "operationId": "createUser", "parameters": [ { "x-example": { "id": "syncscript", "roles": [ "analyst" ] }, "description": "user object that needs to be added", "name": "user", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/NewUserResponse" }, "examples": { "test": { "blocked": false, "id": "syncscript", "roles": [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read" ], "secret": "v39bOuobnlEljfWzjAgoKzhmnh1xSMxH" } } } } } }, "/users/{id}": { "get": { "security": [ { "roles": [ "user:read" ] } ], "tags": [ "users" ], "summary": "Get a single user", "operationId": "getUser", "parameters": [ { "type": "string", "x-example": "script", "description": "user ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserResponse" }, "examples": { "test": { "apikey": true, "blocked": false, "id": "script", "roles": [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } } } } }, "put": { "security": [ { "roles": [ "user:write" ] } ], "tags": [ "users" ], "summary": "Update user", "operationId": "updateUser", "parameters": [ { "type": "string", "x-example": "bob", "description": "Template ID", "name": "id", "in": "path", "required": true }, { "x-example": { "roles": [ "analyst", "admin" ] }, "description": "user object that needs to be added", "name": "user", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserResponse" }, "examples": { "test": { "apikey": false, "blocked": false, "id": "bob", "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } } } } }, "delete": { "security": [ { "roles": [ "user:write" ] } ], "tags": [ "users" ], "summary": "Delete user", "operationId": "deleteUser", "parameters": [ { "type": "string", "x-example": "script", "description": "user ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } } }, "definitions": { "Artifact": { "type": "object", "required": [ "name" ], "properties": { "enrichments": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Enrichment" } }, "name": { "type": "string", "example": "2.2.2.2" }, "status": { "type": "string", "example": "Unknown" }, "type": { "type": "string" } } }, "ArtifactOrigin": { "type": "object", "required": [ "ticket_id", "artifact" ], "properties": { "artifact": { "type": "string" }, "ticket_id": { "type": "integer", "format": "int64" } } }, "Automation": { "type": "object", "required": [ "image", "script", "type" ], "properties": { "image": { "type": "string" }, "schema": { "type": "string", "example": "{}" }, "script": { "type": "string" }, "type": { "type": "array", "items": { "type": "string", "enum": [ "artifact", "playbook", "global" ] } } } }, "AutomationForm": { "type": "object", "required": [ "id", "image", "script", "type" ], "properties": { "id": { "type": "string" }, "image": { "type": "string" }, "schema": { "type": "string", "example": "{}" }, "script": { "type": "string" }, "type": { "type": "array", "items": { "type": "string", "enum": [ "artifact", "playbook", "global" ] } } } }, "AutomationResponse": { "type": "object", "required": [ "id", "image", "script", "type" ], "properties": { "id": { "type": "string" }, "image": { "type": "string" }, "schema": { "type": "string", "example": "{}" }, "script": { "type": "string" }, "type": { "type": "array", "items": { "type": "string", "enum": [ "artifact", "playbook", "global" ] } } } }, "Comment": { "type": "object", "required": [ "creator", "created", "message" ], "properties": { "created": { "type": "string", "format": "date-time" }, "creator": { "type": "string" }, "message": { "type": "string" } } }, "CommentForm": { "type": "object", "required": [ "message" ], "properties": { "created": { "type": "string", "format": "date-time" }, "creator": { "type": "string" }, "message": { "type": "string" } } }, "Context": { "type": "object", "properties": { "artifact": { "$ref": "#/definitions/Artifact" }, "playbook": { "$ref": "#/definitions/PlaybookResponse" }, "task": { "$ref": "#/definitions/TaskResponse" }, "ticket": { "$ref": "#/definitions/TicketResponse" } } }, "Enrichment": { "type": "object", "required": [ "name", "data", "created" ], "properties": { "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object", "example": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } }, "name": { "type": "string", "example": "hash.sha1" } } }, "EnrichmentForm": { "type": "object", "required": [ "name", "data" ], "properties": { "data": { "type": "object", "example": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } }, "name": { "type": "string", "example": "hash.sha1" } } }, "File": { "type": "object", "required": [ "key", "name" ], "properties": { "key": { "type": "string", "example": "myfile" }, "name": { "type": "string", "example": "notes.docx" } } }, "Job": { "type": "object", "required": [ "automation", "running", "status" ], "properties": { "automation": { "type": "string" }, "container": { "type": "string" }, "log": { "type": "string" }, "origin": { "$ref": "#/definitions/Origin" }, "output": { "type": "object" }, "payload": {}, "running": { "type": "boolean" }, "status": { "type": "string" } } }, "JobForm": { "type": "object", "required": [ "automation" ], "properties": { "automation": { "type": "string" }, "origin": { "$ref": "#/definitions/Origin" }, "payload": {} } }, "JobResponse": { "type": "object", "required": [ "id", "automation", "status" ], "properties": { "automation": { "type": "string" }, "container": { "type": "string" }, "id": { "type": "string" }, "log": { "type": "string" }, "origin": { "$ref": "#/definitions/Origin" }, "output": { "type": "object" }, "payload": {}, "status": { "type": "string" } } }, "LogEntry": { "type": "object", "required": [ "reference", "creator", "created", "message" ], "properties": { "created": { "type": "string", "format": "date-time" }, "creator": { "type": "string" }, "message": { "type": "string" }, "reference": { "type": "string" } } }, "Message": { "type": "object", "properties": { "context": { "$ref": "#/definitions/Context" }, "payload": { "type": "object" }, "secrets": { "type": "object", "additionalProperties": { "type": "string" } } } }, "NewUserResponse": { "type": "object", "required": [ "id", "blocked", "roles" ], "properties": { "blocked": { "type": "boolean" }, "id": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } }, "secret": { "type": "string" } } }, "Origin": { "type": "object", "properties": { "artifact_origin": { "$ref": "#/definitions/ArtifactOrigin" }, "task_origin": { "$ref": "#/definitions/TaskOrigin" } } }, "Playbook": { "type": "object", "required": [ "name", "tasks" ], "properties": { "name": { "type": "string", "example": "Phishing" }, "tasks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Task" } } } }, "PlaybookResponse": { "type": "object", "required": [ "name", "tasks" ], "properties": { "name": { "type": "string", "example": "Phishing" }, "tasks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/TaskResponse" } } } }, "PlaybookTemplate": { "type": "object", "required": [ "name", "yaml" ], "properties": { "name": { "type": "string" }, "yaml": { "type": "string" } } }, "PlaybookTemplateForm": { "type": "object", "required": [ "yaml" ], "properties": { "id": { "type": "string" }, "yaml": { "type": "string" } } }, "PlaybookTemplateResponse": { "type": "object", "required": [ "id", "name", "yaml" ], "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "yaml": { "type": "string" } } }, "Reference": { "type": "object", "required": [ "name", "href" ], "properties": { "href": { "type": "string", "example": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0144" }, "name": { "type": "string", "example": "CVE-2017-0144" } } }, "Settings": { "type": "object", "required": [ "version", "tier", "timeformat", "ticketTypes", "artifactStates" ], "properties": { "artifactStates": { "type": "array", "title": "Artifact States", "items": { "$ref": "#/definitions/Type" } }, "roles": { "type": "array", "title": "Roles", "items": { "type": "string" } }, "ticketTypes": { "type": "array", "title": "Ticket Types", "items": { "$ref": "#/definitions/TicketTypeResponse" } }, "tier": { "type": "string", "title": "Tier", "enum": [ "community", "enterprise" ] }, "timeformat": { "type": "string", "title": "Time Format" }, "version": { "type": "string", "title": "Version" } } }, "Statistics": { "type": "object", "required": [ "unassigned", "open_tickets_per_user", "tickets_per_week", "tickets_per_type" ], "properties": { "open_tickets_per_user": { "type": "object", "additionalProperties": { "type": "integer" } }, "tickets_per_type": { "type": "object", "additionalProperties": { "type": "integer" } }, "tickets_per_week": { "type": "object", "additionalProperties": { "type": "integer" } }, "unassigned": { "type": "integer" } } }, "Task": { "type": "object", "required": [ "name", "type", "done", "created" ], "properties": { "automation": { "type": "string" }, "closed": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object" }, "done": { "type": "boolean" }, "join": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Inform user" }, "next": { "type": "object", "additionalProperties": { "type": "string" } }, "owner": { "type": "string" }, "payload": { "type": "object", "additionalProperties": { "type": "string" } }, "schema": { "type": "object" }, "type": { "type": "string", "enum": [ "task", "input", "automation" ], "example": "task" } } }, "TaskForm": { "type": "object", "required": [ "name", "type" ], "properties": { "automation": { "type": "string" }, "closed": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object" }, "done": { "type": "boolean" }, "join": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Inform user" }, "next": { "type": "object", "additionalProperties": { "type": "string" } }, "owner": { "type": "string" }, "payload": { "type": "object", "additionalProperties": { "type": "string" } }, "schema": { "type": "object" }, "type": { "type": "string", "enum": [ "task", "input", "automation" ], "example": "task" } } }, "TaskOrigin": { "type": "object", "required": [ "ticket_id", "playbook_id", "task_id" ], "properties": { "playbook_id": { "type": "string" }, "task_id": { "type": "string" }, "ticket_id": { "type": "integer", "format": "int64" } } }, "TaskResponse": { "type": "object", "required": [ "name", "type", "done", "created", "order", "active" ], "properties": { "active": { "type": "boolean", "example": false }, "automation": { "type": "string" }, "closed": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object" }, "done": { "type": "boolean" }, "join": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Inform user" }, "next": { "type": "object", "additionalProperties": { "type": "string" } }, "order": { "type": "number", "format": "int64", "example": 2 }, "owner": { "type": "string" }, "payload": { "type": "object", "additionalProperties": { "type": "string" } }, "schema": { "type": "object" }, "type": { "type": "string", "enum": [ "task", "input", "automation" ], "example": "task" } } }, "TaskWithContext": { "type": "object", "required": [ "ticket_id", "ticket_name", "playbook_id", "playbook_name", "task_id", "task" ], "properties": { "playbook_id": { "type": "string" }, "playbook_name": { "type": "string" }, "task": { "$ref": "#/definitions/TaskResponse" }, "task_id": { "type": "string" }, "ticket_id": { "type": "number", "format": "int64" }, "ticket_name": { "type": "string" } } }, "Ticket": { "type": "object", "required": [ "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Playbook" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketForm": { "type": "object", "required": [ "name", "type", "status" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "array", "items": { "$ref": "#/definitions/PlaybookTemplateForm" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketList": { "type": "object", "required": [ "tickets", "count" ], "properties": { "count": { "type": "number", "example": 3 }, "tickets": { "type": "array", "items": { "$ref": "#/definitions/TicketSimpleResponse" } } } }, "TicketResponse": { "type": "object", "required": [ "id", "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/PlaybookResponse" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketSimpleResponse": { "type": "object", "required": [ "id", "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Playbook" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketTemplate": { "type": "object", "required": [ "name", "schema" ], "properties": { "name": { "type": "string" }, "schema": { "type": "string" } } }, "TicketTemplateForm": { "type": "object", "required": [ "name", "schema" ], "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "schema": { "type": "string" } } }, "TicketTemplateResponse": { "type": "object", "required": [ "id", "name", "schema" ], "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "schema": { "type": "string" } } }, "TicketType": { "type": "object", "required": [ "name", "icon", "default_template", "default_playbooks" ], "properties": { "default_groups": { "type": "array", "items": { "type": "string" } }, "default_playbooks": { "type": "array", "items": { "type": "string" } }, "default_template": { "type": "string" }, "icon": { "type": "string" }, "name": { "type": "string" } } }, "TicketTypeForm": { "type": "object", "required": [ "name", "icon", "default_template", "default_playbooks" ], "properties": { "default_groups": { "type": "array", "items": { "type": "string" } }, "default_playbooks": { "type": "array", "items": { "type": "string" } }, "default_template": { "type": "string" }, "icon": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } } }, "TicketTypeResponse": { "type": "object", "required": [ "id", "name", "icon", "default_template", "default_playbooks" ], "properties": { "default_groups": { "type": "array", "items": { "type": "string" } }, "default_playbooks": { "type": "array", "items": { "type": "string" } }, "default_template": { "type": "string" }, "icon": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } } }, "TicketWithTickets": { "type": "object", "required": [ "id", "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/PlaybookResponse" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "tickets": { "type": "array", "items": { "$ref": "#/definitions/TicketSimpleResponse" } }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "Type": { "type": "object", "required": [ "id", "name", "icon" ], "properties": { "color": { "type": "string", "title": "Color", "enum": [ "error", "info", "success", "warning" ], "x-cols": 3 }, "icon": { "type": "string", "title": "Icon (https://materialdesignicons.com)", "x-class": "pr-2", "x-cols": 3 }, "id": { "type": "string", "title": "ID", "x-class": "pr-2", "x-cols": 3 }, "name": { "type": "string", "title": "Name", "x-class": "pr-2", "x-cols": 3 } } }, "User": { "type": "object", "required": [ "blocked", "apikey", "roles" ], "properties": { "apikey": { "type": "boolean" }, "blocked": { "type": "boolean" }, "roles": { "type": "array", "items": { "type": "string" } }, "sha256": { "type": "string" } } }, "UserData": { "type": "object", "properties": { "email": { "type": "string", "x-example": "bob@example.org" }, "image": { "type": "string", "x-display": "custom-avatar" }, "name": { "type": "string", "x-example": "Robert Smith" }, "timeformat": { "type": "string", "title": "Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)" } } }, "UserDataResponse": { "type": "object", "required": [ "id" ], "properties": { "email": { "type": "string", "x-example": "bob@example.org" }, "id": { "type": "string" }, "image": { "type": "string", "x-display": "custom-avatar" }, "name": { "type": "string", "x-example": "Robert Smith" }, "timeformat": { "type": "string", "title": "Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)" } } }, "UserForm": { "type": "object", "required": [ "id", "blocked", "roles", "apikey" ], "properties": { "apikey": { "type": "boolean" }, "blocked": { "type": "boolean" }, "id": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } } } }, "UserResponse": { "type": "object", "required": [ "id", "blocked", "roles", "apikey" ], "properties": { "apikey": { "type": "boolean" }, "blocked": { "type": "boolean" }, "id": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } } } } } }`)) FlatSwaggerJSON = json.RawMessage([]byte(`{ "consumes": [ "application/json" ], "produces": [ "application/json" ], "schemes": [ "http" ], "swagger": "2.0", "info": { "description": "API for the catalyst incident response platform." }, "host": ".", "basePath": "/api", "paths": { "/automations": { "get": { "security": [ { "roles": [ "automation:read" ] } ], "tags": [ "automations" ], "summary": "List automations", "operationId": "listAutomations", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/AutomationResponse" } }, "examples": { "test": [ { "id": "comment", "image": "docker.io/python:3", "script": "", "type": [ "playbook" ] }, { "id": "hash.sha1", "image": "docker.io/python:3", "schema": "{\"title\":\"Input\",\"type\":\"object\",\"properties\":{\"default\":{\"type\":\"string\",\"title\":\"Value\"}},\"required\":[\"default\"]}", "script": "", "type": [ "global", "artifact", "playbook" ] }, { "id": "thehive", "image": "docker.io/python:3", "schema": "{\"title\":\"TheHive credentials\",\"type\":\"object\",\"properties\":{\"thehiveurl\":{\"type\":\"string\",\"title\":\"TheHive URL (e.g. 'https://thehive.example.org')\"},\"thehivekey\":{\"type\":\"string\",\"title\":\"TheHive API Key\"},\"skip_files\":{\"type\":\"boolean\", \"default\": true, \"title\":\"Skip Files (much faster)\"},\"keep_ids\":{\"type\":\"boolean\", \"default\": true, \"title\":\"Keep IDs and overwrite existing IDs\"}},\"required\":[\"thehiveurl\", \"thehivekey\", \"skip_files\", \"keep_ids\"]}", "script": "", "type": [ "global" ] }, { "id": "vt.hash", "image": "docker.io/python:3", "schema": "{\"title\":\"Input\",\"type\":\"object\",\"properties\":{\"default\":{\"type\":\"string\",\"title\":\"Value\"}},\"required\":[\"default\"]}", "script": "", "type": [ "global", "artifact", "playbook" ] } ] } } } }, "post": { "security": [ { "roles": [ "automation:write" ] } ], "tags": [ "automations" ], "summary": "Create a new automation", "operationId": "createAutomation", "parameters": [ { "x-example": { "id": "hash-sha-256", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))\n return {'hash': sha256.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global" ] }, "description": "New automation", "name": "automation", "in": "body", "required": true, "schema": { "$ref": "#/definitions/AutomationForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/AutomationResponse" }, "examples": { "test": { "id": "hash-sha-256", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))\n return {'hash': sha256.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global" ] } } } } } }, "/automations/{id}": { "get": { "security": [ { "roles": [ "automation:read" ] } ], "tags": [ "automations" ], "summary": "Get a single automation", "operationId": "getAutomation", "parameters": [ { "type": "string", "x-example": "hash.sha1", "description": "Automation ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/AutomationResponse" }, "examples": { "test": { "id": "hash.sha1", "image": "docker.io/python:3", "schema": "{\"title\":\"Input\",\"type\":\"object\",\"properties\":{\"default\":{\"type\":\"string\",\"title\":\"Value\"}},\"required\":[\"default\"]}", "script": "#!/usr/bin/env python\n\nimport sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha1 = hashlib.sha1(msg['payload']['default'].encode('utf-8'))\n return {\"hash\": sha1.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global", "artifact", "playbook" ] } } } } }, "put": { "security": [ { "roles": [ "automation:write" ] } ], "tags": [ "automations" ], "summary": "Update an existing automation", "operationId": "updateAutomation", "parameters": [ { "type": "string", "x-example": "hash.sha1", "description": "Automation ID", "name": "id", "in": "path", "required": true }, { "x-example": { "id": "hash.sha1", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))\n return {'hash': sha1.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global", "artifact", "playbook" ] }, "description": "Automation object that needs to be added", "name": "automation", "in": "body", "required": true, "schema": { "$ref": "#/definitions/AutomationForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/AutomationResponse" }, "examples": { "test": { "id": "hash.sha1", "image": "docker.io/python:3", "script": "import sys\nimport json\nimport hashlib\n\n\ndef run(msg):\n sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))\n return {'hash': sha1.hexdigest()}\n\n\nprint(json.dumps(run(json.loads(sys.argv[1]))))\n", "type": [ "global", "artifact", "playbook" ] } } } } }, "delete": { "security": [ { "roles": [ "automation:write" ] } ], "tags": [ "automations" ], "summary": "Delete a automation", "operationId": "deleteAutomation", "parameters": [ { "type": "string", "x-example": "hash.sha1", "description": "Automation ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/currentuser": { "get": { "security": [ { "roles": [ "currentuser:read" ] } ], "tags": [ "users" ], "summary": "Get current user", "operationId": "currentUser", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserResponse" }, "examples": { "test": { "apikey": false, "blocked": false, "id": "bob", "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } } } } } }, "/currentuserdata": { "get": { "security": [ { "roles": [ "currentuserdata:read" ] } ], "tags": [ "userdata" ], "summary": "Get current user data", "operationId": "currentUserData", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } }, "put": { "security": [ { "roles": [ "currentuserdata:write" ] } ], "tags": [ "userdata" ], "summary": "Update current user data", "operationId": "updateCurrentUserData", "parameters": [ { "x-example": { "email": "bob@example.org", "name": "Bob Bad" }, "description": "User data object that needs to be added", "name": "userdata", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserData" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } } }, "/jobs": { "get": { "security": [ { "roles": [ "job:read" ] } ], "tags": [ "jobs" ], "summary": "List jobs", "operationId": "listJobs", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/JobResponse" } }, "examples": { "test": [ { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "created" } ] } } } }, "post": { "security": [ { "roles": [ "job:write" ] } ], "tags": [ "jobs" ], "summary": "Start a new job", "operationId": "runJob", "parameters": [ { "x-example": { "automation": "hash.sha1", "message": { "payload": "test" } }, "description": "New job", "name": "job", "in": "body", "required": true, "schema": { "$ref": "#/definitions/JobForm" } } ], "responses": { "204": { "description": "successful operation" } } } }, "/jobs/{id}": { "get": { "security": [ { "roles": [ "job:read" ] } ], "tags": [ "jobs" ], "summary": "Get a single job", "operationId": "getJob", "parameters": [ { "type": "string", "x-example": "99cd67131b48", "description": "Job ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/JobResponse" }, "examples": { "test": { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "created" } } } } }, "put": { "security": [ { "roles": [ "job:write" ] } ], "tags": [ "jobs" ], "summary": "Update an existing job", "operationId": "updateJob", "parameters": [ { "type": "string", "x-example": "99cd67131b48", "description": "Job ID", "name": "id", "in": "path", "required": true }, { "x-example": { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "failed" }, "description": "Job object that needs to be added", "name": "job", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Job" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/JobResponse" }, "examples": { "test": { "automation": "hash.sha1", "id": "99cd67131b48", "payload": "test", "status": "failed" } } } } } }, "/logs/{reference}": { "get": { "security": [ { "roles": [ "log:read" ] } ], "tags": [ "logs" ], "summary": "Get log entries", "operationId": "getLogs", "parameters": [ { "type": "string", "x-example": "tickets%2F294511", "description": "Reference", "name": "reference", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/LogEntry" } }, "examples": { "test": [ { "created": "2021-10-02T18:05:00.333535+02:00", "creator": "bob", "message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference": "tickets/294511" } ] } } } } }, "/playbooks": { "get": { "security": [ { "roles": [ "playbook:read" ] } ], "tags": [ "playbooks" ], "summary": "List playbooks", "operationId": "listPlaybooks", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/PlaybookTemplateResponse" } }, "examples": { "test": [ { "id": "malware", "name": "Malware", "yaml": "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score \u003e 5\"\n # sandbox: \"score \u003c 6\" # unknown-malware\n" }, { "id": "phishing", "name": "Phishing", "yaml": "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n" }, { "id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n" } ] } } } }, "post": { "security": [ { "roles": [ "playbook:write" ] } ], "tags": [ "playbooks" ], "summary": "Create a playbook", "operationId": "createPlaybook", "parameters": [ { "x-example": { "yaml": "name: Simple2\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" }, "description": "New playbook", "name": "playbook", "in": "body", "required": true, "schema": { "$ref": "#/definitions/PlaybookTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/PlaybookTemplateResponse" } }, "examples": { "test": { "id": "simple-2", "name": "Simple2", "yaml": "name: Simple2\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } } } } } }, "/playbooks/{id}": { "get": { "security": [ { "roles": [ "playbook:read" ] } ], "tags": [ "playbooks" ], "summary": "Get a single playbook", "operationId": "getPlaybook", "parameters": [ { "type": "string", "x-example": "simple", "description": "Playbook name", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/PlaybookTemplateResponse" }, "examples": { "test": { "id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n" } } } } }, "put": { "security": [ { "roles": [ "playbook:write" ] } ], "tags": [ "playbooks" ], "summary": "Update an existing ticket playbook", "operationId": "updatePlaybook", "parameters": [ { "type": "string", "x-example": "simple", "description": "Playbook ID", "name": "id", "in": "path", "required": true }, { "x-example": { "yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" }, "description": "Updated playbook", "name": "playbook", "in": "body", "required": true, "schema": { "$ref": "#/definitions/PlaybookTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/PlaybookTemplateResponse" }, "examples": { "test": { "id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } } } } }, "delete": { "security": [ { "roles": [ "playbook:write" ] } ], "tags": [ "playbooks" ], "summary": "Delete a playbook", "operationId": "deletePlaybook", "parameters": [ { "type": "string", "x-example": "simple", "description": "Playbook name", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/settings": { "get": { "security": [ { "roles": [ "settings:read" ] } ], "tags": [ "settings" ], "summary": "Get settings", "operationId": "getSettings", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Settings" }, "examples": { "test": { "artifactStates": [ { "color": "info", "icon": "mdi-help-circle-outline", "id": "unknown", "name": "Unknown" }, { "color": "error", "icon": "mdi-skull", "id": "malicious", "name": "Malicious" }, { "color": "success", "icon": "mdi-check", "id": "clean", "name": "Clean" } ], "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ], "ticketTypes": [ { "default_playbooks": [], "default_template": "default", "icon": "mdi-alert", "id": "alert", "name": "Alerts" }, { "default_playbooks": [], "default_template": "default", "icon": "mdi-radioactive", "id": "incident", "name": "Incidents" }, { "default_playbooks": [], "default_template": "default", "icon": "mdi-fingerprint", "id": "investigation", "name": "Forensic Investigations" }, { "default_playbooks": [], "default_template": "default", "icon": "mdi-target", "id": "hunt", "name": "Threat Hunting" } ], "tier": "community", "timeformat": "YYYY-MM-DDThh:mm:ss", "version": "0.0.0-test" } } } } } }, "/statistics": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "statistics" ], "summary": "Get statistics", "operationId": "getStatistics", "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Statistics" }, "examples": { "test": { "open_tickets_per_user": {}, "tickets_per_type": { "alert": 2, "incident": 1 }, "tickets_per_week": { "2021-39": 3 }, "unassigned": 0 } } } } } }, "/tasks": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "tasks" ], "summary": "List tasks", "operationId": "listTasks", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/TaskResponse" } }, "examples": { "test": [] } } } } }, "/templates": { "get": { "security": [ { "roles": [ "template:read" ] } ], "tags": [ "templates" ], "summary": "List templates", "operationId": "listTemplates", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/TicketTemplateResponse" } }, "examples": { "test": [ { "id": "default", "name": "Default", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Default\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } ] } } } }, "post": { "security": [ { "roles": [ "template:write" ] } ], "tags": [ "templates" ], "summary": "Create a new template", "operationId": "createTemplate", "parameters": [ { "x-example": { "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" }, "description": "New template", "name": "template", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTemplateResponse" }, "examples": { "test": { "id": "my-template", "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } } } } } }, "/templates/{id}": { "get": { "security": [ { "roles": [ "template:read" ] } ], "tags": [ "templates" ], "summary": "Get a single template", "operationId": "getTemplate", "parameters": [ { "type": "string", "x-example": "default", "description": "Template ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTemplateResponse" }, "examples": { "test": { "id": "default", "name": "Default", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Default\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } } } } }, "put": { "security": [ { "roles": [ "template:write" ] } ], "tags": [ "templates" ], "summary": "Update an existing template", "operationId": "updateTemplate", "parameters": [ { "type": "string", "x-example": "default", "description": "Template ID", "name": "id", "in": "path", "required": true }, { "x-example": { "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" }, "description": "Template object that needs to be added", "name": "template", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTemplateResponse" }, "examples": { "test": { "id": "default", "name": "My Template", "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n" } } } } }, "delete": { "security": [ { "roles": [ "template:write" ] } ], "tags": [ "templates" ], "summary": "Delete a template", "operationId": "deleteTemplate", "parameters": [ { "type": "string", "x-example": "default", "description": "Template ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "tickets" ], "summary": "List tickets", "operationId": "listTickets", "parameters": [ { "type": "string", "description": "Ticket Type", "name": "type", "in": "query" }, { "type": "integer", "default": 0, "description": "Offset of the list", "name": "offset", "in": "query" }, { "maximum": 100, "type": "integer", "default": 25, "description": "Number of tickets", "name": "count", "in": "query" }, { "type": "array", "items": { "type": "string" }, "description": "Sort columns", "name": "sort", "in": "query" }, { "type": "array", "items": { "type": "boolean" }, "description": "Sort descending", "name": "desc", "in": "query" }, { "type": "string", "description": "Search query", "name": "query", "in": "query" } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketList" }, "examples": { "test": { "count": 3, "tickets": [ { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "type": "task" }, "board": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" }, { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "type": "alert" }, { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ] } } } } }, "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Create a new ticket", "operationId": "createTicket", "parameters": [ { "x-example": { "id": 123, "name": "Wannacry infection", "owner": "bob", "status": "open", "type": "incident" }, "description": "New ticket", "name": "ticket", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "1985-04-12T23:20:50.52Z", "id": 123, "modified": "1985-04-12T23:20:50.52Z", "name": "Wannacry infection", "owner": "bob", "schema": "{}", "status": "open", "type": "incident" } } } } } }, "/tickets/batch": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Create a new tickets in batch", "operationId": "createTicketBatch", "parameters": [ { "x-example": [ { "id": 123, "name": "Wannacry infection", "owner": "bob", "status": "open", "type": "incident" } ], "description": "New ticket", "name": "ticket", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/TicketForm" } } } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}": { "get": { "security": [ { "roles": [ "ticket:read" ] } ], "tags": [ "tickets" ], "summary": "Get a single ticket", "operationId": "getTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } }, "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Update an existing ticket", "operationId": "updateTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "created": "2021-10-02T18:04:59.078186+02:00", "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "type": "alert" }, "description": "Updated ticket", "name": "ticket", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Ticket" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } }, "delete": { "security": [ { "roles": [ "ticket:delete" ] } ], "tags": [ "tickets" ], "summary": "Delete an ticket", "operationId": "deleteTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}/artifacts": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Add a single artifact", "operationId": "addArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "name": "2.2.2.2" }, "description": "Artifact object that needs to be added", "name": "artifact", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Artifact" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" }, { "name": "2.2.2.2", "status": "unknown", "type": "ip" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/artifacts/{name}": { "get": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Get a single artifact", "operationId": "getArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Artifact" }, "examples": { "test": { "name": "leadreintermediate.io", "status": "malicious" } } } } }, "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set a single artifact", "operationId": "setArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true }, { "x-example": { "name": "leadreintermediate.io", "status": "clean" }, "name": "artifact", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Artifact" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "clean" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } }, "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Remove an artifact", "operationId": "removeArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/artifacts/{name}/enrich": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Enrich a single artifact", "operationId": "enrichArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true }, { "x-example": { "data": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" }, "name": "hash.sha1" }, "name": "data", "in": "body", "required": true, "schema": { "$ref": "#/definitions/EnrichmentForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/Artifact" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "enrichments": { "hash.sha1": { "created": "2021-10-03T18:44:06.488923+02:00", "data": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" }, "name": "hash.sha1" } }, "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/artifacts/{name}/run/{automation}": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Run automation on a single artifact", "operationId": "runArtifact", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "leadreintermediate.io", "name": "name", "in": "path", "required": true }, { "type": "string", "x-example": "hash.sha1", "name": "automation", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}/comments": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Add ticket comment", "operationId": "addComment", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "message": "My first comment" }, "description": "Ticket comment", "name": "comment", "in": "body", "required": true, "schema": { "$ref": "#/definitions/CommentForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "comments": [ { "created": "2021-10-02T18:04:59.078186+02:00", "creator": "bob", "message": "My first comment" } ], "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/comments/{commentID}": { "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "description": "Comment will be removed from the ticket.", "tags": [ "tickets" ], "summary": "Remove an comment from an ticket", "operationId": "removeComment", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "integer", "x-example": 0, "description": "Comment ID to remove", "name": "commentID", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/files": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "description": "Link files to an ticket. The files themself will be stored in object storage.", "tags": [ "tickets" ], "summary": "Link files to an ticket", "operationId": "linkFiles", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": [ { "key": "myfile", "name": "document.doc" } ], "description": "Added files", "name": "files", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/File" } } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "files": [ { "key": "myfile", "name": "document.doc" } ], "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/playbooks": { "post": { "tags": [ "tickets" ], "summary": "Add a new ticket playbook", "operationId": "addTicketPlaybook", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": { "yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" }, "description": "Ticket playbook object that needs to be added", "name": "playbook", "in": "body", "required": true, "schema": { "$ref": "#/definitions/PlaybookTemplateForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "1985-04-12T23:20:50.52Z", "id": 8125, "modified": "1985-04-12T23:20:50.52Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "playbooks": { "simple": { "name": "Simple", "tasks": { "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to malware team", "order": 2, "type": "task" }, "hash": { "active": false, "automation": "hash.sha1", "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Hash the malware", "next": { "escalate": "" }, "order": 1, "payload": { "default": "playbook.tasks['input'].data['malware']" }, "type": "automation" }, "input": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Upload malware if possible", "next": { "hash": "malware != ''" }, "order": 0, "schema": { "properties": { "malware": { "default": "", "title": "Select malware", "type": "string" } }, "title": "Malware", "type": "object" }, "type": "input" } } } }, "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/playbooks/{playbookID}": { "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Remove an ticket playbook", "operationId": "removeTicketPlaybook", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "1985-04-12T23:20:50.52Z", "id": 8123, "modified": "1985-04-12T23:20:50.52Z", "name": "live zebra", "owner": "demo", "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/playbooks/{playbookID}/task/{taskID}": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set a ticket playbook task", "operationId": "setTask", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true }, { "type": "string", "x-example": "board", "description": "Task ID", "name": "taskID", "in": "path", "required": true }, { "x-example": { "active": true, "data": { "boardInvolved": true }, "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "description": "Task", "name": "task", "in": "body", "required": true, "schema": { "$ref": "#/definitions/Task" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "data": { "boardInvolved": true }, "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/playbooks/{playbookID}/task/{taskID}/complete": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Complete ticket playbook task", "operationId": "completeTask", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true }, { "type": "string", "x-example": "board", "description": "Task ID", "name": "taskID", "in": "path", "required": true }, { "x-example": { "boardInvolved": true }, "description": "Ticket playbook object that needs to be added", "name": "data", "in": "body", "required": true, "schema": { "type": "object" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task" }, "block-sender": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "order": 3, "type": "task" }, "board": { "active": false, "closed": "2021-10-02T18:04:59.078186+02:00", "created": "2021-10-02T18:04:59.078186+02:00", "data": { "boardInvolved": true }, "done": true, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "order": 0, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task" }, "extract-iocs": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "order": 5, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "order": 2, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "order": 4, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" } } } } } }, "/tickets/{id}/playbooks/{playbookID}/task/{taskID}/run": { "post": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Run ticket playbook task", "operationId": "runTask", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8123, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "type": "string", "x-example": "phishing", "description": "Playbook ID", "name": "playbookID", "in": "path", "required": true }, { "type": "string", "x-example": "board", "description": "Task ID", "name": "taskID", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/tickets/{id}/references": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set ticket references", "operationId": "setReferences", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": [ { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "description": "All ticket references", "name": "references", "in": "body", "required": true, "schema": { "type": "array", "items": { "$ref": "#/definitions/Reference" } } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/schema": { "put": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Set ticket schema", "operationId": "setSchema", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8125, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": "{}", "description": "New ticket schema", "name": "schema", "in": "body", "schema": { "type": "string" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "tickets": [ { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickets/{id}/tickets": { "delete": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Unlink an ticket to an ticket", "operationId": "unlinkTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8126, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": 8125, "description": "Added ticket ID", "name": "linkedID", "in": "body", "required": true, "schema": { "type": "integer", "format": "int64" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "type": "alert" } } } } }, "patch": { "security": [ { "roles": [ "ticket:write" ] } ], "tags": [ "tickets" ], "summary": "Link an ticket to an ticket", "operationId": "linkTicket", "parameters": [ { "type": "integer", "format": "int64", "x-example": 8126, "description": "Ticket ID", "name": "id", "in": "path", "required": true }, { "x-example": 8123, "description": "Added ticket ID", "name": "linkedID", "in": "body", "required": true, "schema": { "type": "integer", "format": "int64" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketResponse" }, "examples": { "test": { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }, { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }, { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" } ], "schema": "{}", "status": "closed", "tickets": [ { "artifacts": [ { "name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown" }, { "name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean" }, { "name": "leadreintermediate.io", "status": "malicious" } ], "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": { "phishing": { "name": "Phishing", "tasks": { "block-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": { "extract-iocs": "" }, "type": "task" }, "board": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": { "escalate": "boardInvolved == true", "mail-available": "boardInvolved == false" }, "schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", "type": "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", "type": "object" }, "type": "input" }, "escalate": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": { "block-iocs": "" }, "schema": { "properties": { "iocs": { "items": { "type": "string" }, "title": "IOCs", "type": "array" } }, "title": "Extract IOCs", "type": "object" }, "type": "input" }, "mail-available": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" }, "schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", "type": "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", "type": "string" } }, "required": [ "mail" ], "title": "Yes" }, { "properties": { "schemaKey": { "const": "no", "type": "string" } }, "title": "No" } ], "title": "Mail available", "type": "object" }, "type": "input" }, "search-email-gateway": { "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": { "extract-iocs": "" }, "type": "task" } } } }, "references": [ { "href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance" }, { "href": "http://www.corporateinteractive.name/rich", "name": "autumn" }, { "href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest" } ], "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident" }, { "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ { "href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery" }, { "href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force" }, { "href": "http://www.leadscalable.biz/envisioneer", "name": "fund" } ], "schema": "{}", "status": "closed", "type": "alert" } ], "type": "alert" } } } } } }, "/tickettypes": { "get": { "security": [ { "roles": [ "tickettype:read" ] } ], "tags": [ "tickettypes" ], "summary": "List tickettypes", "operationId": "listTicketTypes", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/TicketTypeResponse" } }, "examples": { "test": [ { "default_playbooks": [], "default_template": "default", "icon": "mdi-alert", "id": "alert", "name": "Alerts" }, { "default_playbooks": [], "default_template": "default", "icon": "mdi-radioactive", "id": "incident", "name": "Incidents" }, { "default_playbooks": [], "default_template": "default", "icon": "mdi-fingerprint", "id": "investigation", "name": "Forensic Investigations" }, { "default_playbooks": [], "default_template": "default", "icon": "mdi-target", "id": "hunt", "name": "Threat Hunting" } ] } } } }, "post": { "security": [ { "roles": [ "tickettype:write" ] } ], "tags": [ "tickettypes" ], "summary": "Create a new tickettype", "operationId": "createTicketType", "parameters": [ { "x-example": { "default_playbooks": [], "default_template": "default", "icon": "mdi-newspaper-variant-outline", "name": "TI Tickets" }, "description": "New tickettype", "name": "tickettype", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTypeForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTypeResponse" }, "examples": { "test": { "default_playbooks": [], "default_template": "default", "icon": "mdi-newspaper-variant-outline", "id": "ti-tickets", "name": "TI Tickets" } } } } } }, "/tickettypes/{id}": { "get": { "security": [ { "roles": [ "tickettype:read" ] } ], "tags": [ "tickettypes" ], "summary": "Get a single tickettype", "operationId": "getTicketType", "parameters": [ { "type": "string", "x-example": "alert", "description": "TicketType ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTypeResponse" }, "examples": { "test": { "default_playbooks": [], "default_template": "default", "icon": "mdi-alert", "id": "alert", "name": "Alerts" } } } } }, "put": { "security": [ { "roles": [ "tickettype:write" ] } ], "tags": [ "tickettypes" ], "summary": "Update an existing tickettype", "operationId": "updateTicketType", "parameters": [ { "type": "string", "x-example": "alert", "description": "TicketType ID", "name": "id", "in": "path", "required": true }, { "x-example": { "default_playbooks": [], "default_template": "default", "icon": "mdi-bell", "id": "alert", "name": "Alerts" }, "description": "TicketType object that needs to be added", "name": "tickettype", "in": "body", "required": true, "schema": { "$ref": "#/definitions/TicketTypeForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/TicketTypeResponse" }, "examples": { "test": { "default_playbooks": [], "default_template": "default", "icon": "mdi-bell", "id": "alert", "name": "Alerts" } } } } }, "delete": { "security": [ { "roles": [ "tickettype:write" ] } ], "tags": [ "tickettypes" ], "summary": "Delete a tickettype", "operationId": "deleteTicketType", "parameters": [ { "type": "string", "x-example": "alert", "description": "TicketType ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } }, "/userdata": { "get": { "security": [ { "roles": [ "userdata:read" ] } ], "tags": [ "userdata" ], "summary": "List userdata", "operationId": "listUserData", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/UserDataResponse" } }, "examples": { "test": [ { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } ] } } } } }, "/userdata/{id}": { "get": { "security": [ { "roles": [ "userdata:read" ] } ], "tags": [ "userdata" ], "summary": "Get a single user data", "operationId": "getUserData", "parameters": [ { "type": "string", "x-example": "bob", "description": "User Data ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } }, "put": { "security": [ { "roles": [ "userdata:write" ] } ], "tags": [ "userdata" ], "summary": "Update an existing user data", "operationId": "updateUserData", "parameters": [ { "type": "string", "x-example": "bob", "description": "User Data ID", "name": "id", "in": "path", "required": true }, { "x-example": { "blocked": false, "email": "bob@example.org", "name": "Bob Bad" }, "description": "User data object that needs to be added", "name": "userdata", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserData" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserDataResponse" }, "examples": { "test": { "email": "bob@example.org", "id": "bob", "name": "Bob Bad" } } } } } }, "/users": { "get": { "security": [ { "roles": [ "user:read" ] } ], "tags": [ "users" ], "summary": "List users", "operationId": "listUsers", "responses": { "200": { "description": "successful operation", "schema": { "type": "array", "items": { "$ref": "#/definitions/UserResponse" } }, "examples": { "test": [ { "apikey": false, "blocked": false, "id": "bob", "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] }, { "apikey": true, "blocked": false, "id": "script", "roles": [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } ] } } } }, "post": { "security": [ { "roles": [ "user:write" ] } ], "tags": [ "users" ], "summary": "Create user", "operationId": "createUser", "parameters": [ { "x-example": { "id": "syncscript", "roles": [ "analyst" ] }, "description": "user object that needs to be added", "name": "user", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/NewUserResponse" }, "examples": { "test": { "blocked": false, "id": "syncscript", "roles": [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read" ], "secret": "v39bOuobnlEljfWzjAgoKzhmnh1xSMxH" } } } } } }, "/users/{id}": { "get": { "security": [ { "roles": [ "user:read" ] } ], "tags": [ "users" ], "summary": "Get a single user", "operationId": "getUser", "parameters": [ { "type": "string", "x-example": "script", "description": "user ID", "name": "id", "in": "path", "required": true } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserResponse" }, "examples": { "test": { "apikey": true, "blocked": false, "id": "script", "roles": [ "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } } } } }, "put": { "security": [ { "roles": [ "user:write" ] } ], "tags": [ "users" ], "summary": "Update user", "operationId": "updateUser", "parameters": [ { "type": "string", "x-example": "bob", "description": "Template ID", "name": "id", "in": "path", "required": true }, { "x-example": { "roles": [ "analyst", "admin" ] }, "description": "user object that needs to be added", "name": "user", "in": "body", "required": true, "schema": { "$ref": "#/definitions/UserForm" } } ], "responses": { "200": { "description": "successful operation", "schema": { "$ref": "#/definitions/UserResponse" }, "examples": { "test": { "apikey": false, "blocked": false, "id": "bob", "roles": [ "admin:backup:read", "admin:backup:restore", "admin:group:write", "admin:job:read", "admin:job:write", "admin:log:read", "admin:ticket:delete", "admin:user:write", "admin:userdata:read", "admin:userdata:write", "analyst:automation:read", "analyst:currentsettings:write", "analyst:currentuser:read", "analyst:currentuserdata:read", "analyst:file", "analyst:group:read", "analyst:playbook:read", "analyst:rule:read", "analyst:settings:read", "analyst:template:read", "analyst:ticket:read", "analyst:ticket:write", "analyst:tickettype:read", "analyst:user:read", "engineer:automation:write", "engineer:playbook:write", "engineer:rule:write", "engineer:template:write", "engineer:tickettype:write" ] } } } } }, "delete": { "security": [ { "roles": [ "user:write" ] } ], "tags": [ "users" ], "summary": "Delete user", "operationId": "deleteUser", "parameters": [ { "type": "string", "x-example": "script", "description": "user ID", "name": "id", "in": "path", "required": true } ], "responses": { "204": { "description": "successful operation" } } } } }, "definitions": { "Artifact": { "type": "object", "required": [ "name" ], "properties": { "enrichments": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Enrichment" } }, "name": { "type": "string", "example": "2.2.2.2" }, "status": { "type": "string", "example": "Unknown" }, "type": { "type": "string" } } }, "ArtifactOrigin": { "type": "object", "required": [ "ticket_id", "artifact" ], "properties": { "artifact": { "type": "string" }, "ticket_id": { "type": "integer", "format": "int64" } } }, "Automation": { "type": "object", "required": [ "image", "script", "type" ], "properties": { "image": { "type": "string" }, "schema": { "type": "string", "example": "{}" }, "script": { "type": "string" }, "type": { "type": "array", "items": { "type": "string", "enum": [ "artifact", "playbook", "global" ] } } } }, "AutomationForm": { "type": "object", "required": [ "id", "image", "script", "type" ], "properties": { "id": { "type": "string" }, "image": { "type": "string" }, "schema": { "type": "string", "example": "{}" }, "script": { "type": "string" }, "type": { "type": "array", "items": { "type": "string", "enum": [ "artifact", "playbook", "global" ] } } } }, "AutomationResponse": { "type": "object", "required": [ "id", "image", "script", "type" ], "properties": { "id": { "type": "string" }, "image": { "type": "string" }, "schema": { "type": "string", "example": "{}" }, "script": { "type": "string" }, "type": { "type": "array", "items": { "type": "string", "enum": [ "artifact", "playbook", "global" ] } } } }, "Comment": { "type": "object", "required": [ "creator", "created", "message" ], "properties": { "created": { "type": "string", "format": "date-time" }, "creator": { "type": "string" }, "message": { "type": "string" } } }, "CommentForm": { "type": "object", "required": [ "message" ], "properties": { "created": { "type": "string", "format": "date-time" }, "creator": { "type": "string" }, "message": { "type": "string" } } }, "Context": { "type": "object", "properties": { "artifact": { "$ref": "#/definitions/Artifact" }, "playbook": { "$ref": "#/definitions/PlaybookResponse" }, "task": { "$ref": "#/definitions/TaskResponse" }, "ticket": { "$ref": "#/definitions/TicketResponse" } } }, "Enrichment": { "type": "object", "required": [ "name", "data", "created" ], "properties": { "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object", "example": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } }, "name": { "type": "string", "example": "hash.sha1" } } }, "EnrichmentForm": { "type": "object", "required": [ "name", "data" ], "properties": { "data": { "type": "object", "example": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } }, "name": { "type": "string", "example": "hash.sha1" } } }, "File": { "type": "object", "required": [ "key", "name" ], "properties": { "key": { "type": "string", "example": "myfile" }, "name": { "type": "string", "example": "notes.docx" } } }, "Job": { "type": "object", "required": [ "automation", "running", "status" ], "properties": { "automation": { "type": "string" }, "container": { "type": "string" }, "log": { "type": "string" }, "origin": { "$ref": "#/definitions/Origin" }, "output": { "type": "object" }, "payload": {}, "running": { "type": "boolean" }, "status": { "type": "string" } } }, "JobForm": { "type": "object", "required": [ "automation" ], "properties": { "automation": { "type": "string" }, "origin": { "$ref": "#/definitions/Origin" }, "payload": {} } }, "JobResponse": { "type": "object", "required": [ "id", "automation", "status" ], "properties": { "automation": { "type": "string" }, "container": { "type": "string" }, "id": { "type": "string" }, "log": { "type": "string" }, "origin": { "$ref": "#/definitions/Origin" }, "output": { "type": "object" }, "payload": {}, "status": { "type": "string" } } }, "LogEntry": { "type": "object", "required": [ "reference", "creator", "created", "message" ], "properties": { "created": { "type": "string", "format": "date-time" }, "creator": { "type": "string" }, "message": { "type": "string" }, "reference": { "type": "string" } } }, "Message": { "type": "object", "properties": { "context": { "$ref": "#/definitions/Context" }, "payload": { "type": "object" }, "secrets": { "type": "object", "additionalProperties": { "type": "string" } } } }, "NewUserResponse": { "type": "object", "required": [ "id", "blocked", "roles" ], "properties": { "blocked": { "type": "boolean" }, "id": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } }, "secret": { "type": "string" } } }, "Origin": { "type": "object", "properties": { "artifact_origin": { "$ref": "#/definitions/ArtifactOrigin" }, "task_origin": { "$ref": "#/definitions/TaskOrigin" } } }, "Playbook": { "type": "object", "required": [ "name", "tasks" ], "properties": { "name": { "type": "string", "example": "Phishing" }, "tasks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Task" } } } }, "PlaybookResponse": { "type": "object", "required": [ "name", "tasks" ], "properties": { "name": { "type": "string", "example": "Phishing" }, "tasks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/TaskResponse" } } } }, "PlaybookTemplate": { "type": "object", "required": [ "name", "yaml" ], "properties": { "name": { "type": "string" }, "yaml": { "type": "string" } } }, "PlaybookTemplateForm": { "type": "object", "required": [ "yaml" ], "properties": { "id": { "type": "string" }, "yaml": { "type": "string" } } }, "PlaybookTemplateResponse": { "type": "object", "required": [ "id", "name", "yaml" ], "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "yaml": { "type": "string" } } }, "Reference": { "type": "object", "required": [ "name", "href" ], "properties": { "href": { "type": "string", "example": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0144" }, "name": { "type": "string", "example": "CVE-2017-0144" } } }, "Settings": { "type": "object", "required": [ "version", "tier", "timeformat", "ticketTypes", "artifactStates" ], "properties": { "artifactStates": { "type": "array", "title": "Artifact States", "items": { "$ref": "#/definitions/Type" } }, "roles": { "type": "array", "title": "Roles", "items": { "type": "string" } }, "ticketTypes": { "type": "array", "title": "Ticket Types", "items": { "$ref": "#/definitions/TicketTypeResponse" } }, "tier": { "type": "string", "title": "Tier", "enum": [ "community", "enterprise" ] }, "timeformat": { "type": "string", "title": "Time Format" }, "version": { "type": "string", "title": "Version" } } }, "Statistics": { "type": "object", "required": [ "unassigned", "open_tickets_per_user", "tickets_per_week", "tickets_per_type" ], "properties": { "open_tickets_per_user": { "type": "object", "additionalProperties": { "type": "integer" } }, "tickets_per_type": { "type": "object", "additionalProperties": { "type": "integer" } }, "tickets_per_week": { "type": "object", "additionalProperties": { "type": "integer" } }, "unassigned": { "type": "integer" } } }, "Task": { "type": "object", "required": [ "name", "type", "done", "created" ], "properties": { "automation": { "type": "string" }, "closed": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object" }, "done": { "type": "boolean" }, "join": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Inform user" }, "next": { "type": "object", "additionalProperties": { "type": "string" } }, "owner": { "type": "string" }, "payload": { "type": "object", "additionalProperties": { "type": "string" } }, "schema": { "type": "object" }, "type": { "type": "string", "enum": [ "task", "input", "automation" ], "example": "task" } } }, "TaskForm": { "type": "object", "required": [ "name", "type" ], "properties": { "automation": { "type": "string" }, "closed": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object" }, "done": { "type": "boolean" }, "join": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Inform user" }, "next": { "type": "object", "additionalProperties": { "type": "string" } }, "owner": { "type": "string" }, "payload": { "type": "object", "additionalProperties": { "type": "string" } }, "schema": { "type": "object" }, "type": { "type": "string", "enum": [ "task", "input", "automation" ], "example": "task" } } }, "TaskOrigin": { "type": "object", "required": [ "ticket_id", "playbook_id", "task_id" ], "properties": { "playbook_id": { "type": "string" }, "task_id": { "type": "string" }, "ticket_id": { "type": "integer", "format": "int64" } } }, "TaskResponse": { "type": "object", "required": [ "name", "type", "done", "created", "order", "active" ], "properties": { "active": { "type": "boolean", "example": false }, "automation": { "type": "string" }, "closed": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "data": { "type": "object" }, "done": { "type": "boolean" }, "join": { "type": "boolean", "example": false }, "name": { "type": "string", "example": "Inform user" }, "next": { "type": "object", "additionalProperties": { "type": "string" } }, "order": { "type": "number", "format": "int64", "example": 2 }, "owner": { "type": "string" }, "payload": { "type": "object", "additionalProperties": { "type": "string" } }, "schema": { "type": "object" }, "type": { "type": "string", "enum": [ "task", "input", "automation" ], "example": "task" } } }, "TaskWithContext": { "type": "object", "required": [ "ticket_id", "ticket_name", "playbook_id", "playbook_name", "task_id", "task" ], "properties": { "playbook_id": { "type": "string" }, "playbook_name": { "type": "string" }, "task": { "$ref": "#/definitions/TaskResponse" }, "task_id": { "type": "string" }, "ticket_id": { "type": "number", "format": "int64" }, "ticket_name": { "type": "string" } } }, "Ticket": { "type": "object", "required": [ "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Playbook" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketForm": { "type": "object", "required": [ "name", "type", "status" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "array", "items": { "$ref": "#/definitions/PlaybookTemplateForm" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketList": { "type": "object", "required": [ "tickets", "count" ], "properties": { "count": { "type": "number", "example": 3 }, "tickets": { "type": "array", "items": { "$ref": "#/definitions/TicketSimpleResponse" } } } }, "TicketResponse": { "type": "object", "required": [ "id", "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/PlaybookResponse" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketSimpleResponse": { "type": "object", "required": [ "id", "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/Playbook" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "TicketTemplate": { "type": "object", "required": [ "name", "schema" ], "properties": { "name": { "type": "string" }, "schema": { "type": "string" } } }, "TicketTemplateForm": { "type": "object", "required": [ "name", "schema" ], "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "schema": { "type": "string" } } }, "TicketTemplateResponse": { "type": "object", "required": [ "id", "name", "schema" ], "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "schema": { "type": "string" } } }, "TicketType": { "type": "object", "required": [ "name", "icon", "default_template", "default_playbooks" ], "properties": { "default_groups": { "type": "array", "items": { "type": "string" } }, "default_playbooks": { "type": "array", "items": { "type": "string" } }, "default_template": { "type": "string" }, "icon": { "type": "string" }, "name": { "type": "string" } } }, "TicketTypeForm": { "type": "object", "required": [ "name", "icon", "default_template", "default_playbooks" ], "properties": { "default_groups": { "type": "array", "items": { "type": "string" } }, "default_playbooks": { "type": "array", "items": { "type": "string" } }, "default_template": { "type": "string" }, "icon": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } } }, "TicketTypeResponse": { "type": "object", "required": [ "id", "name", "icon", "default_template", "default_playbooks" ], "properties": { "default_groups": { "type": "array", "items": { "type": "string" } }, "default_playbooks": { "type": "array", "items": { "type": "string" } }, "default_template": { "type": "string" }, "icon": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } } }, "TicketWithTickets": { "type": "object", "required": [ "id", "name", "type", "status", "created", "modified", "schema" ], "properties": { "artifacts": { "type": "array", "items": { "$ref": "#/definitions/Artifact" } }, "comments": { "type": "array", "items": { "$ref": "#/definitions/Comment" } }, "created": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "details": { "type": "object", "example": { "description": "my little incident" } }, "files": { "type": "array", "items": { "$ref": "#/definitions/File" } }, "id": { "type": "integer", "format": "int64", "example": 123 }, "modified": { "type": "string", "format": "date-time", "example": "1985-04-12T23:20:50.52Z" }, "name": { "type": "string", "example": "WannyCry" }, "owner": { "type": "string", "example": "bob" }, "playbooks": { "type": "object", "additionalProperties": { "$ref": "#/definitions/PlaybookResponse" } }, "read": { "type": "array", "items": { "type": "string" }, "example": [ "bob" ] }, "references": { "type": "array", "items": { "$ref": "#/definitions/Reference" } }, "schema": { "type": "string", "example": "{}" }, "status": { "type": "string", "example": "open" }, "tickets": { "type": "array", "items": { "$ref": "#/definitions/TicketSimpleResponse" } }, "type": { "type": "string", "example": "incident" }, "write": { "type": "array", "items": { "type": "string" }, "example": [ "alice" ] } } }, "Type": { "type": "object", "required": [ "id", "name", "icon" ], "properties": { "color": { "type": "string", "title": "Color", "enum": [ "error", "info", "success", "warning" ], "x-cols": 3 }, "icon": { "type": "string", "title": "Icon (https://materialdesignicons.com)", "x-class": "pr-2", "x-cols": 3 }, "id": { "type": "string", "title": "ID", "x-class": "pr-2", "x-cols": 3 }, "name": { "type": "string", "title": "Name", "x-class": "pr-2", "x-cols": 3 } } }, "User": { "type": "object", "required": [ "blocked", "apikey", "roles" ], "properties": { "apikey": { "type": "boolean" }, "blocked": { "type": "boolean" }, "roles": { "type": "array", "items": { "type": "string" } }, "sha256": { "type": "string" } } }, "UserData": { "type": "object", "properties": { "email": { "type": "string", "x-example": "bob@example.org" }, "image": { "type": "string", "x-display": "custom-avatar" }, "name": { "type": "string", "x-example": "Robert Smith" }, "timeformat": { "type": "string", "title": "Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)" } } }, "UserDataResponse": { "type": "object", "required": [ "id" ], "properties": { "email": { "type": "string", "x-example": "bob@example.org" }, "id": { "type": "string" }, "image": { "type": "string", "x-display": "custom-avatar" }, "name": { "type": "string", "x-example": "Robert Smith" }, "timeformat": { "type": "string", "title": "Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)" } } }, "UserForm": { "type": "object", "required": [ "id", "blocked", "roles", "apikey" ], "properties": { "apikey": { "type": "boolean" }, "blocked": { "type": "boolean" }, "id": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } } } }, "UserResponse": { "type": "object", "required": [ "id", "blocked", "roles", "apikey" ], "properties": { "apikey": { "type": "boolean" }, "blocked": { "type": "boolean" }, "id": { "type": "string" }, "roles": { "type": "array", "items": { "type": "string" } } } } } }`)) }