Get a list of all tickets

Get a list of all tickets in the specified workspace. This call supports pagination; default page size includes 20 tickets.

SecurityJWT

Request

query Parameters

ticketIds	Array of strings unique
ticketTriggers	Array of strings unique Items Enum: "malwareInCloudDrive" "abnormalAdminActivity" "accessRestrictionsViolation" "suspectedIdentityCompromise" "malwareOnEndpoint" "infectedProcess" "vssBackupProtection" "isUnencrypted" "missingPinAndPasswordProtection" "isDeveloperModeEnabled" "isNonGenuineWindows" "firewallUnavailable" "uacNotificationMissing" "gatekeeperUnavailable" "appleMobileFileIntegrityUnavailable" "systemIntegrityProtectionUnavailable" "automaticUpdateDisabled" "malwareInEmailAttachment" "emailPhishing" "reportedByUser" "missingRequiredAuthentication" "blocklistedSender" "crowdblockedSender" "userImpersonation" "domainImpersonation" "brandImpersonation" "suspiciousContent" "suspiciousMetadata" "forbiddenAttachmentType" "domainSpoofing" "wifiPhishing" "forbiddenNetworkConnection" "massDownload" "massDelete" "suspectedBotAttacks" "criticalDataFileTypes" "criticalDataKeywords" "criticalDataSourceCode" "criticalDataCertificate" "criticalDataPassword" "dlpPci" "dlpPii" "dlpPhi" "dlpNpi" "deviceDlpPci" "deviceDlpPhi" "deviceDlpPii" "deviceDlpNpi" "edrDetectionCollection" "edrDetectionCommandAndControl" "edrDetectionCredentialAccess" "edrDetectionDefenseEvasion" "edrDetectionDiscovery" "edrDetectionExecution" "edrDetectionExfiltration" "edrDetectionImpact" "edrDetectionInitialAccess" "edrDetectionLateralMovement" "edrDetectionPersistence" "edrDetectionPrivilegeEscalation" "edrDetectionReconnaissance" "edrDetectionResourceDevelopment"
processed	boolean Search by processed flag
fromTime	number Search for tickets that were occurred after this timestamp in milliseconds
toTime	number Search for tickets that were occurred before this timestamp in milliseconds
page	string >= 0 Default: "0" API responses use pagination to reduce loading time. Return a specific page of results, using a zero-based page index (0..N). Example: page=0
pageSize	string [ 10 .. 500 ] Default: "20" API responses use pagination to reduce loading time. Return a maximum of this many items per page. Example: pageSize=50

header Parameters

Workspace

required

string

The workspace identifier, which isolates API requests inside the provided workspace scope.

Example: corodevonmicrosoftcom_TX7T_u

Responses

200

Success

400

Bad request, validation error

401

Unauthorized request

403

Access forbidden

429

Too Many Requests

500

Internal server error

get/v1/tickets

Request samples

curl
JavaScript
Node.js

Response samples

application/json

{"items": [{"id": "GYDU-1212",
"ticketTrigger": "malwareInCloudDrive",
"processed": true,
"creationTime": 1662052343274,
"threatTime": 1662052343274,
"processedTime": 1662052343274,
"lastEventTime": 16620523284720,
"parentWorkspaceId": "coroparent_123",
"ticketDetails": {"deviceMetadata": {"userName": "MikeL",
"enrollmentCode": "ENROL-1",
"osType": "Windows",
"upn": "hi@coro.com"
},
"emailMetadata": {"recipients": ["string"
],
"senderEmail": "test@example.com",
"subject": "EMAIL_PHISHING",
"processedMessages": [{"messageId": "1263vsb97"
}
]
},
"filesMetadata": [{"fileName": "Metadata1"
}
],
"location": [{"countryName": "Israel",
"ip": "175.45.176.34 "
}
],
"malwareMetadata": {"fileName": "Malware1",
"path": "folder/Malware1",
"virusName": "Melissa"
},
"affectedUser": "test@example.com",
"service": "Microsoft 365"
},
"workspaceId": "corotest_123"
}
],
"totalElements": 0
}