Dell Secureworks
This Integration is part of the Secureworks Pack.#
The Secureworks CTP Ticketing system is used to respond to security changes, requests, security incidents, network problems, and other issues reported by external and
internal end-users.
In Cortex XSOAR, the integration provides access to the Secureworks CTP ticketing system and enables managing tickets, which includes viewing, editing, creating and closing operations, in accordance with the Secureworks Ticketing API guide.
Use cases
The integration allows managing CTP tickets with support for parameters (e.g whether to retrieve worklogs for a ticket), with the ability of fetching newly created tickets.
Prerequisites
To use the Secureworks integration, the following is required:
- A Secureworks account with API User role
- A persistent API key with the Security Roles permission
- For more information about setting up the API, see the SecureWorks ticketing API guide .
- For tickets to be fetched, they first need to be updated as acknowledged.
Configure Dell Secureworks on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Dell Secureworks.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Server URL (e.g. https://api.secureworks.com)
- Username
- Trust any certificate (not secure)
- Use system proxy settings
- Fetch incidents
- Fetch tickets matching to one of SERVICE_REQUEST, INCIDENT or CHANGE
- Limit tickets to one of REQUEST, CHANGE, HEALTH or SECURITY
- Fetch tickets by status(comma separated): New,Active,Queued,Pending,Resolved
- Whether to return worklogs - If "ALL," all worklogs are returned for each ticket. If "UPDATED", all worklogs added since last acknowledgement are returned. If "NONE," the path returns no worklogs. Default is "ALL."
- Incident type
- Whether to get attachments for the fetched tickets
- Click Test to validate the URLs, token, and connection.
Fetched Incidents Data
The integration fetches newly created tickets. Tickets that are fetched for the first time are marked using a designated custom field -
customerMiscellaneous4
which will be set with the value
MARKED
, and at the next time tickets are fetched, the designated field will be checked for the
MARKED
value. Tickets which were marked will be excluded and will not be fetched again, even if they are updated. Tickets of type
Health
will not be retrieved - tickets with
eventSource
of value
CTP_HEALTH
and with
categorizationClass
of value
Health
This can be further filtered by configuring the instance parameters
ticketType
,
groupingType
,
status
and
worklogs
, as seen above.
A maximum amount of 10 ticket updates can be fetched in each interval (sorted in ascending order of ticket update time in the past 24 hours).
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Create a ticket: secure-works-create-ticket
- Update a ticket: secure-works-update-ticket
- Close a ticket: secure-works-close-ticket
- Add worklogs to a ticket: secure-works-add-worklogs-ticket
- Get ticket information: secure-works-get-ticket
- Assign a ticket: secure-works-assign-ticket
- Retrieve tickets from the previous 24 hours: secure-works-get-tickets-updates
- Get close codes for a ticket: secure-works-get-close-codes
- Get a list of ticket IDs: secure-works-get-tickets-ids
- Get the count of updated tickets: secure-works-get-ticket-count
1. Create a ticket
Creates a new ticket.
Base Command
secure-works-create-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| clientRef | Client reference | Required |
| clientLocationRef | Client location reference | Optional |
| requestType | Request type | Required |
| title | Ticket title | Required |
| externalTicket | External ticket | Optional |
| deviceRef | Device reference | Optional |
| detail | Ticket details | Required |
| pocContactRef | Ticket POC contact reference | Required |
| watchers | Ticket watchers | Optional |
| attachments | Ticket attachments | Optional |
| source | Ticket source | Optional |
| assignedGroupId | Ticket assigned group ID | Optional |
| assignedTicket2 | Ticket assigned ticket 2 | Optional |
| partner | Ticket partner | Optional |
| vendor | Ticket vendor | Optional |
| riskAssessment | Ticket risk assessment | Optional |
| changeSlo | Ticket change slo | Optional |
| changeWindowStart | Ticket change window start | Optional |
| changeWindowEnd | Ticket change window end | Optional |
| impact | Ticket impact | Optional |
| urgency | Ticket urgency | Optional |
| priority | Ticket priority | Optional |
| customerMiscellaneous1 | Ticket custom field 1 | Optional |
| customerMiscellaneous2 | Ticket custom field 2 | Optional |
| customerMiscellaneous3 | Ticket custom field 3 | Optional |
| customerMiscellaneous4 | Ticket custom field 4 | Optional |
| categorizationClass | Ticket categorization class | Optional |
| categorizationCategory | Ticket categorization category | Optional |
| categorizationType | Ticket categorization type | Optional |
| categorizationItem | Ticket categorization item | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.Ticket.ticketId | string | Ticket ID in Secureworks |
| SecureWorks.Ticket.CreationStatusCode | string | Ticket creation status code |
Command Example
!secure-works-create-ticket clientRef=https://prov.core.ctp.secureworks.net/prov/clients/1234567 clientLocationRef=https://prov.core.ctp.secureworks.net/prov/client-locations/654321 requestType="API support" title="test create" detail="testing" pocContactRef=https://prov.core.ctp.secureworks.net/prov/contacts/9876543
Context Example
"SecureWorks": {
"Ticket": {
"code": "SUCCESS",
"ticketID": "SR11537985"
}
}
Human Readable Output
2. Update a ticket
Updates an existing ticket.
Base Command
secure-works-update-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the ticket to update | Required |
| externalTicketNum | External ticket number | Optional |
| externalTicketNum2 | External ticket number 2 | Optional |
| externalGroupName | External group name | Optional |
| watchers | Ticket watchers | Optional |
| vendor | Ticket vendor | Optional |
| customerMiscellaneous1 | Ticket custom field 1 | Optional |
| customerMiscellaneous2 | Ticket custom field 2 | Optional |
| customerMiscellaneous3 | Ticket custom field 3 | Optional |
| customerMiscellaneous4 | Ticket custom field 4 | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.Ticket.ticketId | string | Ticket ID in Secureworks |
| SecureWorks.Ticket.UpdateStatusCode | string | Ticket update status code |
Command Example
!secure-works-update-ticket id=IN29959685 customerMiscellaneous1=abc
Context Example
{
"SecureWorks": {
"Ticket": {
"UpdateStatusCode": "SUCCESS",
"ticketId": "IN29959685"
}
}
}
Human Readable Output
3. Close a ticket
Closes a ticket.
Base Command
secure-works-close-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| id | The ticket ID of the ticket that you want the details for | Required |
| worklogContent | The work log message describing why you are closing the ticket | Optional |
| closeCode | The reason code to use when closing the ticket | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.Ticket.ticketId | string | Ticket ID in Secureworks |
| SecureWorks.Ticket.ClosureStatusCode | string | Ticket closure status code |
Command Example
!secure-works-close-ticket closeCode="Work Completed" id=IN29932241
Context Example
{
"SecureWorks": {
"Ticket": {
"ClosureStatusCode": "SUCCESS",
"ticketId": "IN29932241"
}
}
}
Human Readable Output
4. Add worklogs to a ticket
Adds worklogs to a ticket.
Base Command
secure-works-add-worklogs-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| content | The work log message | Required |
| id | ID of the ticket to add work logs to | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.Ticket.ticketId | string | Ticket ID in Secureworks |
| SecureWorks.Ticket.WorklogAdditionStatusCode | string | Ticket worklog addition status code |
Command Example
!secure-works-add-worklogs-ticket content="worklog" id="SR11525106"
Human Readable Output
5. Get ticket details
Returns the details of a specific ticket, by ticket ID.
Base Command
secure-works-get-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| id | The ticket ID of the ticket that you want the details for. | Required |
| includeWorklogs | Whether or not to include ticket worklogs, default is true | Optional |
| getAttachments | Whether or not to get ticket attachments | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.Ticket.changeApproval | string | Ticket change approval |
| SecureWorks.Ticket.attachmentInfo.id | string | Ticket attachment info ID |
| SecureWorks.Ticket.changeSlo | string | Ticket change service level objective |
| SecureWorks.Ticket.changeWindowStart | number | Ticket change window start |
| SecureWorks.Ticket.changeWindowEnd | number | Ticket change window end |
| SecureWorks.Ticket.client.id | string | Ticket client ID |
| SecureWorks.Ticket.client.name | string | Ticket client name |
| SecureWorks.Ticket.contact.id | string | Ticket contact ID |
| SecureWorks.Ticket.contact.name | string | Ticket contact name |
| SecureWorks.Ticket.dateCreated | number | Ticket creation time |
| SecureWorks.Ticket.dateClosed | number | Ticket closing time |
| SecureWorks.Ticket.dateModified | number | Ticket modified |
| SecureWorks.Ticket.detailedDescription | string | Ticket detailed description |
| SecureWorks.Ticket.devices.id | string | Ticket device ID |
| SecureWorks.Ticket.devices.name | string | Ticket device name |
| SecureWorks.Ticket.impact | string | Ticket impact |
| SecureWorks.Ticket.clientLocation.id | string | Ticket client location ID |
| SecureWorks.Ticket.partner | string | Ticket partner |
| SecureWorks.Ticket.priority | string | Ticket priority |
| SecureWorks.Ticket.reason | string | Ticket closure reason |
| SecureWorks.Ticket.requestType | string | Ticket request type |
| SecureWorks.Ticket.riskAssessment | string | Ticket risk assessment |
| SecureWorks.Ticket.service | string | Ticket service |
| SecureWorks.Ticket.status | string | Ticket status |
| SecureWorks.Ticket.symptomDescription | string | Ticket symptom description |
| SecureWorks.Ticket.ticketId | string | Ticket ID |
| SecureWorks.Ticket.type | string | Ticket type |
| SecureWorks.Ticket.urgency | string | Ticket urgency |
| SecureWorks.Ticket.watchers | unknown | Ticket watchers |
| SecureWorks.Ticket.category | string | Ticket category |
| SecureWorks.Ticket.categoryClass | string | Ticket category class |
| SecureWorks.Ticket.categoryType | string | Ticket category class |
| SecureWorks.Ticket.categoryItem | string | Ticket category item |
| SecureWorks.Ticket.attachmentInfo.name | string | Ticket attachment name |
| SecureWorks.Ticket.clientLocation.name | string | Ticket client location name |
| SecureWorks.Ticket.worklogs.createdBy | string | Ticket worklog creator |
| SecureWorks.Ticket.worklogs.dateCreated | number | Ticket worklog creation date |
| SecureWorks.Ticket.worklogs.description | string | Ticket worklog description |
| SecureWorks.Ticket.worklogs.type | string | Ticket worklog type |
| SecureWorks.Ticket.closeCodes | unknown | Ticket close codes |
| File.Info | unknown | Attachment file info |
| File.Name | string | Attachment file name |
| File.Size | number | Attachment file size |
| File.SHA1 | string | Attachment file SHA-1 |
| File.SHA256 | string | Attachment file SHA-256 |
| File.EntryID | string | Attachment file entry ID |
| File.Type | string | Attachment file type |
| File.MD5 | string | Attachment file MD5 |
Context Example
{
"File": [
{
"EntryID": "4041@cc00e449-9e7b-4609-8a68-1c8c01114562",
"Info": "text/plain",
"MD5": "70cde715b629831f2201909dcba55665",
"Name": "test",
"SHA1": "0e0a61f147707340d6113f5216be3c055bea8d25",
"SHA256": "41481152869507cff739f38cb9a9583aa3f0db970dafceb62a2530f71f731194",
"SSDeep": "3:hMCEpFk:hurk",
"Size": 17,
"Type": "ASCII text, with no line terminators\n"
},
{
"EntryID": "4042@cc00e449-9e7b-4609-8a68-1c8c01114562",
"Info": "text/plain",
"MD5": "68dbf17be30baac0befd462601b8448d",
"Name": "test2",
"SHA1": "0eb7383773bd1c9d214a3b3fb63109373c78f2c7",
"SHA256": "68818fa780a5d88a5d53018926b83bc9b6accc2f57256a1c1aa9bdce9abfa1c7",
"SSDeep": "3:hMCECREn:hu3",
"Size": 20,
"Type": "ASCII text, with no line terminators\n"
}
],
"SecureWorks": {
"Ticket": {
"assignedGroup": "ESC - OpIntel",
"attachmentInfo": [
{
"id": "1728318",
"name": "test"
},
{
"id": "1729835",
"name": "test2"
}
],
"availableActions": {
"addAttachment": {
"available": "true"
},
"addNote": {
"available": "true"
},
"assignToPoc": {
"available": "true"
},
"assignToSoc": {
"available": "true"
},
"close": {
"available": "true",
"closeCode": [
"Mitigated by Security Controls",
"Authorized/Expected",
"Inconclusive",
"True Positive",
"False Positive",
"Not Relevant",
"Duplicate - Previously Escalated",
"Work Completed"
]
}
},
"client": {
"id": "3016296",
"name": "Client1"
},
"clientLocation": {
"id": "752373",
"name": "Client1 - API Testing"
},
"contact": {
"id": "2215505",
"name": "John Doe"
},
"customerMiscellaneous1": "abc",
"customerMiscellaneous4": "MARKED",
"dateClosed": "",
"dateCreated": "Thu Oct 04 2018 13:34:04 GMT+0300 (IDT)",
"dateModified": "Mon Oct 15 2018 18:31:21 GMT+0300 (IDT)",
"detailedDescription": "Secureworks API testing",
"devices": [],
"groupingType": "REQUEST",
"isGlobalChild": false,
"isGlobalParent": false,
"priority": "MEDIUM",
"reason": "Cust. Feedback-Auto-Close",
"relatedTickets": [
{
"ticketRef": [
{
"$": {
"href": "/tkt/tickets/SR11595508",
"relationship-owner": "SOC",
"relationship-type": "Spawn"
}
}
]
}
],
"requestType": "SCWX API Support",
"responsibleParty": "CLIENT",
"status": "Pending",
"symptomDescription": "API testing",
"ticketId": "IN29959685",
"ticketType": "INCIDENT",
"version": "b2a010fa9b20e7c1b27741a527038a8619c7a11b84ba50de2276b73c3dbc6c5e6844f09d790e3df0b84fd9d033ecea3d472bc2",
"watchers": [],
"worklogs": [
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Mon Oct 15 2018 12:28:46 GMT+0300 (IDT)",
"dateModified": "",
"description": "last note",
"type": "Customer Comment"
},
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Mon Oct 15 2018 12:24:15 GMT+0300 (IDT)",
"dateModified": "",
"description": "note",
"type": "Customer Comment"
},
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Mon Oct 15 2018 12:21:49 GMT+0300 (IDT)",
"dateModified": "",
"description": "note",
"type": "Customer Comment"
},
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Mon Oct 15 2018 11:13:27 GMT+0300 (IDT)",
"dateModified": "",
"description": "Customer added an attachment to the ticket",
"type": "Client Note"
},
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Mon Oct 15 2018 11:13:26 GMT+0300 (IDT)",
"dateModified": "",
"description": "Attachment added to ticket: test2\n.",
"type": "Attachment"
},
{
"createdBy": "John Smith",
"dateClosed": "",
"dateCreated": "Thu Oct 11 2018 17:37:42 GMT+0300 (IDT)",
"dateModified": "",
"description": "Communication Message:\nSend To: John Doe\nSubject: Secureworks Ticket #IN29959685 | Correspondence Added by SOC | API testing\nClient Portal: https://portal.secureworks.com/portal/incidents/IN29959685\n\nLocation: Client1 - API Testing\nTicket Summary: API testing\nCustomer's Internal Ticket #\n\nGreetings,\n\nSecureworks has received your attachment and notes via testing ticket IN29959685 (SR11595508). We are now pending this ticket back to the client side for your testing and integration purpose.\n\nThank you,\n\nDarrell Bessent\nSecureworks\n877-838-7960",
"type": "Client Notification"
},
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Thu Oct 11 2018 17:05:39 GMT+0300 (IDT)",
"dateModified": "",
"description": "This is a note",
"type": "Client Note"
},
{
"createdBy": "John Doe",
"dateClosed": "",
"dateCreated": "Thu Oct 11 2018 17:05:38 GMT+0300 (IDT)",
"dateModified": "",
"description": "Attachment added to ticket: test\n.",
"type": "Attachment"
},
{
"dateClosed": "",
"dateCreated": "Thu Oct 04 2018 13:34:04 GMT+0300 (IDT)",
"dateModified": "",
"description": "Communication Message:\nSend To: john@domain.com;{Watchers}\nSubject: Secureworks Ticket#11595508 | Service Request Received\nYour request has been submitted and assigned ticket #11595508.\n\nSOC personnel will review your request. They will then convert this ticket into an Incident or Change Ticket. This conversion will modify the ticket number. You will receive correspondence via the Incident or Change Ticket containing the new ticket number.\n\nRequest Details:\nSecureworks API testing\n\n\nThank you for contacting Secureworks. We will process your request shortly.",
"type": "Client Notification"
}
]
}
}
}
Human Readable Output
6. Assign a ticket
Assigns a ticket to the Secureworks Security Operations Center (SOC).
Base Command
secure-works-assign-ticket
Input
| Argument Name | Description | Required |
|---|---|---|
| id | The ID of the ticket that you want to assign to the SOC | Required |
| worklog | Ticket worklog | Required |
| riskAssessment | Valid for Change tickets only | Optional |
| changeApproval | Valid for Change tickets only | Optional |
Context Output
| Path | Description |
|---|---|
| SecureWorks.Ticket.ticketId | Ticket ID in Secureworks |
| SecureWorks.Ticket.AssignStatusCode | Ticket assign status code |
Command Example
!secure-works-assign-ticket id="SR11525106" worklog="test"
Human Readable Output
7. Retrieve tickets from previous 24 hours
Retrieves tickets from the 24 hours prior to when the updates command is executed. If a limit is specified, it will retrieve up to that many tickets (max is 500 tickets). Tickets must be updated within the last 24 hours to be visible in the command results. When executing this command you also receive the ticket worklogs. In order to view the attachment information of a specific ticket, you must use the get-ticket command. This command will return the list of attachments available for that particular ticket. Use acknowledge to confirm the updates.
Base Command
secure-works-get-tickets-updates
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | Maximum number of tickets to return (1-500), default is 10 | Optional |
| ticketType | Tickets that match the ticketType. If not specified, the path returns all ticket types. | Optional |
| worklogs | If "ALL," all worklogs are returned for each ticket. If "UPDATED", all worklogs added since last acknowledgement are returned. If "NONE," the path returns no worklogs. Default is "ALL." | Optional |
| groupingType | If provided, limit response to tickets matching the grouping type(s) identified | Optional |
| acknowledge | Whether to acknowledge the received tickets, default false | Optional |
Context Output
| Path | Description |
|---|---|
| SecureWorks.Ticket.changeApproval | Ticket change approval |
| SecureWorks.Ticket.attachmentInfo.id | Ticket attachment info ID |
| SecureWorks.Ticket.changeSlo | Ticket change service level objective |
| SecureWorks.Ticket.changeWindowStart | Ticket change window start |
| SecureWorks.Ticket.changeWindowEnd | Ticket change window end |
| SecureWorks.Ticket.client.id | Ticket client ID |
| SecureWorks.Ticket.client.name | Ticket client name |
| SecureWorks.Ticket.contact.id | Ticket contact ID |
| SecureWorks.Ticket.contact.name | Ticket contact name |
| SecureWorks.Ticket.dateCreated | Ticket creation time |
| SecureWorks.Ticket.dateClosed | Ticket closing time |
| SecureWorks.Ticket.dateModified | Ticket modified |
| SecureWorks.Ticket.detailedDescription | Ticket detailed description |
| SecureWorks.Ticket.devices.id | Ticket device ID |
| SecureWorks.Ticket.devices.name | Ticket device name |
| SecureWorks.Ticket.impact | Ticket impact |
| SecureWorks.Ticket.clientLocation.id | Ticket client location ID |
| SecureWorks.Ticket.partner | Ticket partner |
| SecureWorks.Ticket.priority | Ticket priority |
| SecureWorks.Ticket.reason | Ticket closure reason |
| SecureWorks.Ticket.requestType | Ticket request type |
| SecureWorks.Ticket.riskAssessment | Ticket risk assessment |
| SecureWorks.Ticket.service | Ticket service |
| SecureWorks.Ticket.status | Ticket status |
| SecureWorks.Ticket.symptomDescription | Ticket symptom description |
| SecureWorks.Ticket.ticketId | Ticket ID |
| SecureWorks.Ticket.type | Ticket type |
| SecureWorks.Ticket.urgency | Ticket urgency |
| SecureWorks.Ticket.watchers | Ticket watchers |
| SecureWorks.Ticket.category | Ticket category |
| SecureWorks.Ticket.categoryClass | Ticket category class |
| SecureWorks.Ticket.categoryType | Ticket category class |
| SecureWorks.Ticket.categoryItem | Ticket category item |
| SecureWorks.Ticket.attachmentInfo.name | Ticket attachment name |
| SecureWorks.Ticket.clientLocation.name | Ticket client location name |
| SecureWorks.Ticket.worklogs.createdBy | Ticket worklog creator |
| SecureWorks.Ticket.worklogs.dateCreated | Ticket worklog creation date |
| SecureWorks.Ticket.worklogs.description | Ticket worklog description |
| SecureWorks.Ticket.worklogs.type | Ticket worklog type |
| SecureWorks.Ticket.closeCodes | Ticket close codes |
Command Example
!secure-works-get-tickets-updates acknowledge="false
Context Example
{
"SecureWorks": {
"Ticket": [
{
"assignedGroup": "ESC - OpIntel",
"attachmentInfo": [
{
"id": "1728318",
"name": "test"
},
{
"id": "1729835",
"name": "test2"
}
],
"availableActions": {
"addAttachment": {
"available": "true"
},
"addNote": {
"available": "true"
},
"assignToPoc": {
"available": "true"
},
"assignToSoc": {
"available": "true"
},
"close": {
"available": "true",
"closeCode": [
"Mitigated by Security Controls",
"Authorized/Expected",
"Inconclusive",
"True Positive",
"False Positive",
"Not Relevant",
"Duplicate - Previously Escalated",
"Work Completed"
]
}
},
"client": {
"id": "3016296",
"name": "Client1"
},
"clientLocation": {
"id": "752373",
"name": "Client1 - API Testing"
},
"contact": {
"id": "2215505",
"name": "John Doe"
},
"customerMiscellaneous1": "abc",
"customerMiscellaneous4": "MARKED",
"dateClosed": "",
"dateCreated": "Thu Oct 04 2018 13:34:04 GMT+0300 (IDT)",
"dateModified": "Mon Oct 15 2018 18:31:21 GMT+0300 (IDT)",
"detailedDescription": "Secureworks API testing",
"devices": [],
"groupingType": "REQUEST",
"isGlobalChild": false,
"isGlobalParent": false,
"priority": "MEDIUM",
"reason": "Cust. Feedback-Auto-Close",
"relatedTickets": [
{
"ticketRef": [
{
"$": {
"href": "/tkt/tickets/SR11595508",
"relationship-owner": "SOC",
"relationship-type": "Spawn"
}
}
]
}
],
"requestType": "SCWX API Support",
"responsibleParty": "CLIENT",
"status": "Pending",
"symptomDescription": "API testing",
"ticketId": "IN29959685",
"ticketType": "INCIDENT",
"version": "ab8ae00b2fc8a3c4126ac188bd7769fcda00550f39edca07e83cb1cb04ca3f72aa889056d18f5bc09ccdf07b281efa8df7fab0",
"watchers": [],
"worklogs": [
{
"createdBy": "John Doe",
"dateCreated": 1539595726000,
"description": "last note",
"type": "Customer Comment"
},
{
"createdBy": "John Doe",
"dateCreated": 1539595455000,
"description": "note",
"type": "Customer Comment"
},
{
"createdBy": "John Doe",
"dateCreated": 1539595309000,
"description": "note",
"type": "Customer Comment"
},
{
"createdBy": "John Doe",
"dateCreated": 1539591207000,
"description": "Customer added an attachment to the ticket",
"type": "Client Note"
},
{
"createdBy": "John Doe",
"dateCreated": 1539591206000,
"description": "Attachment added to ticket: test2\n.",
"type": "Attachment"
},
{
"createdBy": "Darrell Bessent",
"dateCreated": 1539268662000,
"description": "Communication Message:\nSend To: John Doe\nSubject: Secureworks Ticket #IN29959685 | Correspondence Added by SOC | API testing\nClient Portal: https://portal.secureworks.com/portal/incidents/IN29959685\n\nLocation: Client1 - API Testing\nTicket Summary: API testing\nCustomer's Internal Ticket #\n\nGreetings,\n\nSecureworks has received your attachment and notes via testing ticket IN29959685 (SR11595508). We are now pending this ticket back to the client side for your testing and integration purpose.\n\nThank you,\n\nDarrell Bessent\nSecureworks\n877-838-7960",
"type": "Client Notification"
},
{
"createdBy": "John Doe",
"dateCreated": 1539266739000,
"description": "This is a note",
"type": "Client Note"
},
{
"createdBy": "John Doe",
"dateCreated": 1539266738000,
"description": "Attachment added to ticket: test\n.",
"type": "Attachment"
},
{
"dateCreated": 1538649244000,
"description": "Communication Message:\nSend To: john@domain.com;{Watchers}\nSubject: Secureworks Ticket#11595508 | Service Request Received\nYour request has been submitted and assigned ticket #11595508.\n\nSOC personnel will review your request. They will then convert this ticket into an Incident or Change Ticket. This conversion will modify the ticket number. You will receive correspondence via the Incident or Change Ticket containing the new ticket number.\n\nRequest Details:\nSecureworks API testing\n\n\nThank you for contacting Secureworks. We will process your request shortly.",
"type": "Client Notification"
}
]
},
{
"assignedGroup": "ESC - OpIntel",
"attachmentInfo": [],
"availableActions": {
"addAttachment": {
"available": "false"
},
"addNote": {
"available": "true"
},
"assignToPoc": {
"available": "false"
},
"assignToSoc": {
"available": "false"
},
"close": {
"available": "false"
}
},
"client": {
"id": "3016296",
"name": "Client1"
},
"clientLocation": {
"id": "752373",
"name": "Client1 - API Testing"
},
"contact": {
"id": "2215505",
"name": "John Doe"
},
"dateClosed": "Tue Oct 16 2018 10:35:17 GMT+0300 (IDT)",
"dateCreated": "Tue Oct 02 2018 12:40:25 GMT+0300 (IDT)",
"dateModified": "Tue Oct 16 2018 10:35:17 GMT+0300 (IDT)",
"detailedDescription": "API Testing",
"devices": [],
"groupingType": "REQUEST",
"isGlobalChild": false,
"isGlobalParent": false,
"priority": "MEDIUM",
"reason": "Work Completed",
"relatedTickets": [
{
"ticketRef": [
{
"$": {
"href": "/tkt/tickets/SR11594198",
"relationship-owner": "SOC",
"relationship-type": "Spawn"
}
}
]
}
],
"requestType": "SCWX API Support",
"responsibleParty": "SOC",
"status": "Closed",
"symptomDescription": "Testing",
"ticketId": "IN29932241",
"ticketType": "INCIDENT",
"version": "396d4353afa46d40a7912056a116f86d2fdaa69046840a9c38496accfa95edd9f17cb309568f11602c34613726f4439710bbdf",
"watchers": [],
"worklogs": [
{
"dateCreated": 1538473225000,
"description": "Communication Message:\nSend To: john@domain.com;{Watchers}\nSubject: Secureworks Ticket#11594198 | Service Request Received\nYour request has been submitted and assigned ticket #11594198.\n\nSOC personnel will review your request. They will then convert this ticket into an Incident or Change Ticket. This conversion will modify the ticket number. You will receive correspondence via the Incident or Change Ticket containing the new ticket number.\n\nRequest Details:\nAPI Testing\n\n\nThank you for contacting Secureworks. We will process your request shortly.",
"type": "Client Notification"
}
]
}
]
}
}
Human Readable Output
8. Get close codes for a ticket
Returns a list of close codes for a ticket.
Base Command
secure-works-get-close-codes
Input
| Argument Name | Description | Required |
|---|---|---|
| id | The ID of the ticket | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.Ticket.ticketID | string | Ticket ID |
| SecureWorks.Ticket.closeCodes | unknown | Ticket close codes |
Command Example
!secure-works-get-close-codes id="IN28468487"
Context Example
{
"SecureWorks": {
"Ticket": {
"closeCodes": [
"Mitigated by Security Controls",
"Authorized/Expected",
"Inconclusive",
"True Positive",
"False Positive",
"Not Relevant",
"Duplicate - Previously Escalated",
"Work Completed"
],
"ticketID": "IN29959685"
}
}
}
Human Readable Output
9. Get a list of ticket IDs
Returns a list of ticket IDs in the same order as the tickets returned by the GET /tickets/updates command.
Base Command
secure-works-get-tickets-ids
Input
| Argument Name | Description | Required |
|---|---|---|
| ticketType | Tickets that match the ticketType. If not specified, the path returns all ticket types. | Optional |
| limit | If provided, limits the response to that number of tickets. If not provided, a maximum of 10 tickets are returned. | Optional |
| groupingType | If provided, limits the response to tickets that match the grouping type identified | Optional |
Context Output
| Path | Description |
|---|---|
| SecureWorks.IDs | The ticket IDs |
Command Example
!secure-works-get-tickets-ids
Context Example
{
"SecureWorks": {
"IDs": [
"SR11536914",
"SR11536642"
]
}
}
Human Readable Output
10. Get the count of updated tickets
Retrieves a count of tickets that have been updated, but are not yet acknowledged.
Base Command
secure-works-get-ticket-count
Input
| Argument Name | Description | Required |
|---|---|---|
| ticketType | The ticket type to filter by | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| SecureWorks.TicketCount | number | The ticket count |
Context Example
{
"SecureWorks": {
"TicketCount": 2
}
}
Human Readable Output
Error Codes
If you receive an error code, refer to this table for the potential cause of the error.
| Error Code | Reason |
| 400 Bad Request | Invalid argument used in a command. |
| 401 Unauthorized | API key or user credentials are incorrect. |
| 403 Forbidden | Insufficient credentials for the operation. |