mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-06 07:12:46 +01:00
1095 lines
88 KiB
YAML
1095 lines
88 KiB
YAML
swagger: "2.0"
|
|
info: { version: "", title: "" }
|
|
|
|
paths:
|
|
/tickets:
|
|
get:
|
|
tags: [ "tickets" ]
|
|
summary: "List tickets"
|
|
operationId: "listTickets"
|
|
parameters:
|
|
- { name: "type", in: "query", description: "Ticket Type", type: string }
|
|
- { name: "offset", in: "query", description: "Offset of the list", type: integer, default: 0 }
|
|
- { name: "count", in: "query", description: "Number of tickets", type: integer, maximum: 100, default: 25 }
|
|
- { name: "sort", in: "query", description: "Sort columns", type: array, items: { type: string } } #, example: [ "name", "id" ]
|
|
- { name: "desc", in: "query", description: "Sort descending", type: array, items: { type: boolean } } #, example: [ false, true ]
|
|
- { name: "query", in: "query", description: "Search query", type: string }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: '#/definitions/TicketList' }
|
|
examples:
|
|
test:
|
|
count: 3
|
|
tickets:
|
|
- id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
- { id: 8125, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00",name: "phishing from selenafadel@von.com detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
security: [ { roles: [ "ticket:read" ] } ]
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Create a new ticket"
|
|
operationId: "createTicket"
|
|
parameters:
|
|
- { name: "ticket", in: "body", description: "New ticket", required: true, schema: { $ref: "#/definitions/TicketForm" }, x-example: { id: 123, owner: bob, name: "Wannacry infection", status: "open", type: "incident" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 123
|
|
name: "Wannacry infection"
|
|
type: "incident"
|
|
status: "open"
|
|
created: "1985-04-12T23:20:50.52Z"
|
|
modified: "1985-04-12T23:20:50.52Z"
|
|
owner: "bob"
|
|
schema: "{}"
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/batch:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Create a new tickets in batch"
|
|
operationId: "createTicketBatch"
|
|
parameters:
|
|
- { name: "ticket", in: "body", description: "New ticket", required: true, schema: { type: array, items: { $ref: "#/definitions/TicketForm" } }, x-example: [ { id: 123, owner: bob, name: "Wannacry infection", status: "open", type: "incident" } ] }
|
|
responses:
|
|
"204": { description: "successful operation" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}:
|
|
get:
|
|
tags: [ "tickets" ]
|
|
summary: "Get a single ticket"
|
|
operationId: "getTicket"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.com detected"
|
|
owner: "demo"
|
|
references:
|
|
- href: "https://www.seniorleading-edge.name/users/efficient"
|
|
name: "recovery"
|
|
- href: "http://www.dynamicseamless.com/clicks-and-mortar"
|
|
name: "force"
|
|
- href: "http://www.leadscalable.biz/envisioneer"
|
|
name: "fund"
|
|
schema: "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
security: [ { roles: [ "ticket:read" ] } ]
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Update an existing ticket"
|
|
operationId: "updateTicket"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
- { name: "ticket", in: "body", description: "Updated ticket", required: true, schema: { $ref: "#/definitions/Ticket" }, x-example: { "created": "2021-10-02T18:04:59.078186+02:00",modified: "2021-10-02T18:04:59.078186+02:00", name: "phishing from selenafadel@von.org detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ], schema: "{}", status: "closed", type: "alert" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.org detected"
|
|
owner: "demo"
|
|
references:
|
|
- href: "https://www.seniorleading-edge.name/users/efficient"
|
|
name: "recovery"
|
|
- href: "http://www.dynamicseamless.com/clicks-and-mortar"
|
|
name: "force"
|
|
- href: "http://www.leadscalable.biz/envisioneer"
|
|
name: "fund"
|
|
schema: "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
delete:
|
|
tags: [ "tickets" ]
|
|
summary: "Delete an ticket"
|
|
operationId: "deleteTicket"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
responses:
|
|
"204": { description: "successful operation" }
|
|
security: [ { roles: [ "ticket:delete" ] } ]
|
|
|
|
/tickets/{id}/tickets:
|
|
patch:
|
|
tags: [ "tickets" ]
|
|
summary: "Link an ticket to an ticket"
|
|
operationId: "linkTicket"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8126 }
|
|
- { name: "linkedID", in: "body", description: "Added ticket ID", required: true, schema: { type: integer, format: "int64" }, x-example: 8123 }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8126
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "Surfaceintroduce virus detected"
|
|
owner: "demo"
|
|
references:
|
|
- { "href": "http://www.centralworld-class.io/synthesize", "name": "university" }
|
|
- { "href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal" }
|
|
- { "href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment" }
|
|
schema: "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
tickets:
|
|
- id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
- id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.com detected"
|
|
owner: "demo"
|
|
references:
|
|
- { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" }
|
|
- { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" }
|
|
- { href: "http://www.leadscalable.biz/envisioneer", name: "fund" }
|
|
"schema": "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
delete:
|
|
tags: [ "tickets" ]
|
|
summary: "Unlink an ticket to an ticket"
|
|
operationId: "unlinkTicket"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8126 }
|
|
- { name: "linkedID", in: "body", description: "Added ticket ID", required: true, schema: { type: integer, format: "int64" }, x-example: 8125 }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8126
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "Surfaceintroduce virus detected"
|
|
owner: "demo"
|
|
references:
|
|
- { href: "http://www.centralworld-class.io/synthesize", name: "university" }
|
|
- { href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" }
|
|
- { href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" }
|
|
"schema": "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/comments:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Add ticket comment"
|
|
operationId: "addComment"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
- { name: "comment", in: "body", description: "Ticket comment", required: true, schema: { $ref: "#/definitions/CommentForm" } , x-example: { message: "My first comment" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.com detected"
|
|
owner: "demo"
|
|
comments:
|
|
- created: "2021-10-02T18:04:59.078186+02:00"
|
|
creator: "bob"
|
|
message: "My first comment"
|
|
references:
|
|
- { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" }
|
|
- { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" }
|
|
- { href: "http://www.leadscalable.biz/envisioneer", name: "fund" }
|
|
"schema": "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/comments/{commentID}:
|
|
delete:
|
|
tags: [ "tickets" ]
|
|
summary: "Remove an comment from an ticket"
|
|
description: "Comment will be removed from the ticket."
|
|
operationId: "removeComment"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "commentID", in: "path", description: "Comment ID to remove", required: true, type: integer, x-example: 0 }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/references:
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Set ticket references"
|
|
operationId: "setReferences"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
- { name: "references", in: "body", description: "All ticket references", required: true, schema: { type: array, items: { $ref: "#/definitions/Reference" } }, x-example: [ { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ] }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.com detected"
|
|
owner: "demo"
|
|
references: [ { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ]
|
|
"schema": "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/schema:
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Set ticket schema"
|
|
operationId: "setSchema"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
- { name: "schema", in: "body", description: "New ticket schema", schema: { type: string }, x-example: "{}" }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.com detected"
|
|
owner: "demo"
|
|
references:
|
|
- { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" }
|
|
- { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" }
|
|
- { href: "http://www.leadscalable.biz/envisioneer", name: "fund" }
|
|
"schema": "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/files:
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Link files to an ticket"
|
|
description: "Link files to an ticket. The files themself will be stored in object storage."
|
|
operationId: "linkFiles"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
- { name: "files", in: "body", description: "Added files", required: true, schema: { type: array, items: { $ref: "#/definitions/File" } }, x-example: [ { key: myfile, name: "document.doc" } ] }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
modified: "2021-10-02T18:04:59.078186+02:00"
|
|
name: "phishing from selenafadel@von.com detected"
|
|
owner: "demo"
|
|
references:
|
|
- { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" }
|
|
- { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" }
|
|
- { href: "http://www.leadscalable.biz/envisioneer", name: "fund" }
|
|
"schema": "{}"
|
|
status: "closed"
|
|
type: "alert"
|
|
files: [ { key: myfile, name: "document.doc" } ]
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/playbooks:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Add a new ticket playbook"
|
|
operationId: "addTicketPlaybook"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
|
|
- { name: "playbook", in: "body", description: "Ticket playbook object that needs to be added", required: true, schema: { $ref: "#/definitions/PlaybookTemplateForm" }, x-example: { yaml: "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8125
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
type: "alert"
|
|
status: "closed"
|
|
created: "1985-04-12T23:20:50.52Z"
|
|
modified: "1985-04-12T23:20:50.52Z"
|
|
schema: "{}"
|
|
tickets:
|
|
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
|
|
references:
|
|
- { href: "https://www.seniorleading-edge.name/users/efficient", name: recovery }
|
|
- { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: force }
|
|
- { href: "http://www.leadscalable.biz/envisioneer", name: fund }
|
|
playbooks:
|
|
simple:
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
active: true
|
|
done: false
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
order: 0
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
active: false
|
|
done: false
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
order: 1
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate: ""
|
|
|
|
escalate:
|
|
active: false
|
|
done: false
|
|
created: "2021-10-02T18:04:59.078186+02:00"
|
|
order: 2
|
|
name: Escalate to malware team
|
|
type: task
|
|
|
|
/tickets/{id}/playbooks/{playbookID}:
|
|
delete:
|
|
tags: [ "tickets" ]
|
|
summary: "Remove an ticket playbook"
|
|
operationId: "removeTicketPlaybook"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
name: "live zebra"
|
|
type: "incident"
|
|
status: "closed"
|
|
created: "1985-04-12T23:20:50.52Z"
|
|
modified: "1985-04-12T23:20:50.52Z"
|
|
owner: "demo"
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: performance }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: autumn }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: suggest }
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}:
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Set a ticket playbook task"
|
|
operationId: "setTask"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" }
|
|
- { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" }
|
|
- { name: "task", in: "body", description: "Task", required: true, schema: { $ref: "#/definitions/Task" }, x-example: { done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/complete:
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Complete ticket playbook task"
|
|
operationId: "completeTask"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" }
|
|
- { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" }
|
|
- { name: "data", in: "body", description: "Ticket playbook object that needs to be added", required: true, schema: { type: object }, x-example: { boardInvolved: true } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", closed: "2021-10-02T18:04:59.078186+02:00", done: true, "active": false, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/run:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Run ticket playbook task"
|
|
operationId: "runTask"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "playbookID", in: "path", description: "Playbook ID", required: true, type: string, x-example: "phishing" }
|
|
- { name: "taskID", in: "path", description: "Task ID", required: true, type: string, x-example: "board" }
|
|
responses:
|
|
"204": { description: "successful operation" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/artifacts:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Add a single artifact"
|
|
operationId: "addArtifact"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "artifact", in: "body", description: "Artifact object that needs to be added", required: true, schema: { $ref: "#/definitions/Artifact" }, x-example: { name: "2.2.2.2" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious" }
|
|
- { name: "2.2.2.2", status: "unknown", type: "ip" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/artifacts/{name}:
|
|
get:
|
|
tags: [ "tickets" ]
|
|
summary: "Get a single artifact"
|
|
operationId: "getArtifact"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/Artifact" }
|
|
examples:
|
|
test: { name: "leadreintermediate.io", status: "malicious" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
put:
|
|
tags: [ "tickets" ]
|
|
summary: "Set a single artifact"
|
|
operationId: "setArtifact"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" }
|
|
- { name: "artifact", in: "body", required: true, schema: { $ref: "#/definitions/Artifact" }, x-example: { name: "leadreintermediate.io", status: "clean" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "clean" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
delete:
|
|
tags: [ "tickets" ]
|
|
summary: "Remove an artifact"
|
|
operationId: "removeArtifact"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/TicketResponse" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/artifacts/{name}/run/{automation}:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Run automation on a single artifact"
|
|
operationId: "runArtifact"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" }
|
|
- { name: "automation", in: "path", required: true, type: string, x-example: "hash.sha1" }
|
|
responses:
|
|
"204": { description: "successful operation" }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
/tickets/{id}/artifacts/{name}/enrich:
|
|
post:
|
|
tags: [ "tickets" ]
|
|
summary: "Enrich a single artifact"
|
|
operationId: "enrichArtifact"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8123 }
|
|
- { name: "name", in: "path", required: true, type: string, x-example: "leadreintermediate.io" }
|
|
- { name: "data", in: "body", required: true, schema: { $ref: "#/definitions/EnrichmentForm" }, x-example: { name: "hash.sha1", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/Artifact" }
|
|
examples:
|
|
test:
|
|
id: 8123
|
|
created: "2021-10-02T18:04:59.078206+02:00"
|
|
modified: "2021-10-02T18:04:59.078206+02:00"
|
|
name: "live zebra"
|
|
owner: "demo"
|
|
playbooks:
|
|
phishing:
|
|
name: "Phishing"
|
|
tasks:
|
|
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
|
|
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
|
|
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
|
|
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
|
|
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
|
|
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
|
|
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
|
|
references:
|
|
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
|
|
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
|
|
- { href: "https://www.corporateintuitive.org/intuitive/platforms/integrate", name: "suggest" }
|
|
"schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n"
|
|
status: "closed"
|
|
type: "incident"
|
|
artifacts:
|
|
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
|
|
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
|
|
- { name: "leadreintermediate.io", status: "malicious", enrichments: { hash.sha1: { name: "hash.sha1", created: "2021-10-03T18:44:06.488923+02:00", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } }
|
|
security: [ { roles: [ "ticket:write" ] } ]
|
|
|
|
definitions:
|
|
|
|
TicketForm:
|
|
type: object
|
|
required: [ name, type, status ]
|
|
properties:
|
|
id: { type: integer, format: int64, example: 123 }
|
|
name: { type: string, example: WannyCry }
|
|
type: { type: string, example: incident }
|
|
status: { type: string, example: "open" }
|
|
|
|
owner: { type: string, example: "bob" }
|
|
write: { type: array, items: { type: string }, example: [ "alice" ] }
|
|
read: { type: array, items: { type: string }, example: [ "bob" ] }
|
|
|
|
schema: { type: string, example: "{}" }
|
|
details: { type: object, example: { "description": "my little incident" } }
|
|
|
|
references: { type: array, items: { $ref: '#/definitions/Reference' } }
|
|
playbooks: { type: array, items: { $ref: '#/definitions/PlaybookTemplateForm' } }
|
|
files: { type: array, items: { $ref: '#/definitions/File' } }
|
|
comments: { type: array, items: { $ref: '#/definitions/Comment' } }
|
|
artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } }
|
|
|
|
created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
|
|
Ticket:
|
|
type: object
|
|
required: [ name, type, status, created, modified, schema ]
|
|
properties:
|
|
name: { type: string, example: WannyCry }
|
|
type: { type: string, example: incident }
|
|
status: { type: string, example: "open" }
|
|
|
|
owner: { type: string, example: "bob" }
|
|
write: { type: array, items: { type: string }, example: [ "alice" ] }
|
|
read: { type: array, items: { type: string }, example: [ "bob" ] }
|
|
|
|
schema: { type: string, example: "{}" }
|
|
details: { type: object, example: { "description": "my little incident" } }
|
|
|
|
references: { type: array, items: { $ref: '#/definitions/Reference' } }
|
|
playbooks: { type: object, additionalProperties: { $ref: '#/definitions/Playbook' } }
|
|
files: { type: array, items: { $ref: '#/definitions/File' } }
|
|
comments: { type: array, items: { $ref: '#/definitions/Comment' } }
|
|
artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } }
|
|
|
|
created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
|
|
TicketResponse:
|
|
type: object
|
|
required: [ id, name, type, status, created, modified, schema ]
|
|
properties:
|
|
id: { type: integer, format: int64, example: 123 }
|
|
name: { type: string, example: WannyCry }
|
|
type: { type: string, example: incident }
|
|
status: { type: string, example: "open" }
|
|
|
|
owner: { type: string, example: "bob" }
|
|
write: { type: array, items: { type: string }, example: [ "alice" ] }
|
|
read: { type: array, items: { type: string }, example: [ "bob" ] }
|
|
|
|
schema: { type: string, example: "{}" }
|
|
details: { type: object, example: { "description": "my little incident" } }
|
|
|
|
references: { type: array, items: { $ref: '#/definitions/Reference' } }
|
|
playbooks: { type: object, additionalProperties: { $ref: '#/definitions/PlaybookResponse' } }
|
|
files: { type: array, items: { $ref: '#/definitions/File' } }
|
|
comments: { type: array, items: { $ref: '#/definitions/Comment' } }
|
|
artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } }
|
|
|
|
created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
|
|
TicketSimpleResponse:
|
|
type: object
|
|
required: [ id, name, type, status, created, modified, schema ]
|
|
properties:
|
|
id: { type: integer, format: int64, example: 123 }
|
|
name: { type: string, example: WannyCry }
|
|
type: { type: string, example: incident }
|
|
status: { type: string, example: "open" }
|
|
|
|
owner: { type: string, example: "bob" }
|
|
write: { type: array, items: { type: string }, example: [ "alice" ] }
|
|
read: { type: array, items: { type: string }, example: [ "bob" ] }
|
|
|
|
schema: { type: string, example: "{}" }
|
|
details: { type: object, example: { "description": "my little incident" } }
|
|
|
|
references: { type: array, items: { $ref: '#/definitions/Reference' } }
|
|
playbooks: { type: object, additionalProperties: { $ref: '#/definitions/Playbook' } }
|
|
files: { type: array, items: { $ref: '#/definitions/File' } }
|
|
comments: { type: array, items: { $ref: '#/definitions/Comment' } }
|
|
artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } }
|
|
|
|
created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
|
|
TicketWithTickets:
|
|
type: object
|
|
required: [ id, name, type, status, created, modified, schema ]
|
|
properties:
|
|
id: { type: integer, format: int64, example: 123 }
|
|
name: { type: string, example: WannyCry }
|
|
type: { type: string, example: incident }
|
|
status: { type: string, example: "open" }
|
|
|
|
owner: { type: string, example: "bob" }
|
|
write: { type: array, items: { type: string }, example: [ "alice" ] }
|
|
read: { type: array, items: { type: string }, example: [ "bob" ] }
|
|
|
|
schema: { type: string, example: "{}" }
|
|
details: { type: object, example: { "description": "my little incident" } }
|
|
|
|
references: { type: array, items: { $ref: '#/definitions/Reference' } }
|
|
playbooks: { type: object, additionalProperties: { $ref: '#/definitions/PlaybookResponse' } }
|
|
files: { type: array, items: { $ref: '#/definitions/File' } }
|
|
comments: { type: array, items: { $ref: '#/definitions/Comment' } }
|
|
artifacts: { type: array, items: { $ref: "#/definitions/Artifact" } }
|
|
|
|
created: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
modified: { type: string, format: "date-time", example: "1985-04-12T23:20:50.52Z" }
|
|
|
|
tickets: { type: array, items: { $ref: "#/definitions/TicketSimpleResponse" } }
|
|
|
|
TicketList:
|
|
type: object
|
|
required: [ tickets, count ]
|
|
properties:
|
|
tickets: { type: array, items: { $ref: "#/definitions/TicketSimpleResponse" } }
|
|
count: { type: number, example: 3 }
|
|
|
|
CommentForm:
|
|
type: object
|
|
required: [ message ]
|
|
properties:
|
|
creator: { type: string }
|
|
created: { type: string, format: "date-time" }
|
|
message: { type: string }
|
|
|
|
Comment:
|
|
type: object
|
|
required: [ creator, created, message ]
|
|
properties:
|
|
creator: { type: string }
|
|
created: { type: string, format: "date-time" }
|
|
message: { type: string }
|
|
|
|
Reference:
|
|
type: object
|
|
required: [ name, href ]
|
|
properties:
|
|
name: { type: string, example: "CVE-2017-0144" }
|
|
href: { type: string, example: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0144" }
|
|
|
|
File:
|
|
type: object
|
|
required: [ key, name ]
|
|
properties:
|
|
key: { type: string, example: "myfile" }
|
|
name: { type: string, example: "notes.docx" }
|
|
|
|
Playbook:
|
|
type: object
|
|
required: [ name, tasks ]
|
|
properties:
|
|
name: { type: string, example: "Phishing" }
|
|
tasks: { type: object, additionalProperties: { $ref: '#/definitions/Task' } }
|
|
|
|
PlaybookResponse:
|
|
type: object
|
|
required: [ name, tasks ]
|
|
properties:
|
|
name: { type: string, example: "Phishing" }
|
|
tasks: { type: object, additionalProperties: { $ref: '#/definitions/TaskResponse' } }
|