0% found this document useful (0 votes)

57 views74 pages

Symantec MSS Secure Web Service API Users Guide

This document provides a guide to using the Symantec MSS Secure Web Service API. It describes services and methods for ticket management, device and organization access, and incident management. The API uses web service calls to authenticate user sessions and perform actions like creating, updating, and querying tickets, devices, organizations, and incidents. The guide also defines error codes that could be returned.

Uploaded by

David Sobon

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

57 views74 pages

Symantec MSS Secure Web Service API Users Guide

Uploaded by

David Sobon

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 74

Symantec MSS Secure Web Service

API User’s Guide

Symantec MSS Secure Web Service API User’s Guide
The contents of this Secure Web Service API Users Guide (“Users Guide”) are provided by
Symantec Corporation and its affiliates in the U.S. or other countries and are furnished
under the Symantec Secure Web Service Access, API User’s Guide, and Sample
Implementation License Agreement (“Agreement”) contained in the Read Me First File
accompanying this Users Guide. The contents of this Users Guide contain information
regarding third party software for which Symantec is required to provide attribution
(“Third Party Programs”). Some of the Third Party Programs are available under open
source or free software licenses, and the Agreement does not alter any rights or obligations
you may have under those open source or free software licenses. Proprietary notices and
licenses for the Third Party Programs, where applicable, may be found in the Third Party
Legal Notice Appendix to the Agreement located in the Read Me First File. This Users
Guide and any accompanying or referenced Third Party Programs may be used only in
accordance with the terms of the applicable licensing agreements described herein.
Documentation version 1.8

Legal Notice
Copyright © 2015 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
THIS DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-
INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS
ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS
SUBJECT TO CHANGE WITHOUT NOTICE.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
3

Contents

Chapter 1 Introducing the Secure Web Service API ............................................ 1

About the Secure Web Service API...................................................................................................... 1
Web service description language ....................................................................................................... 2

Chapter 2 Services and methods ......................................................................... 3

Authenticating your session ................................................................................................................ 3
About the <ErrorMessage> element ................................................................................................... 3
Using the Ticketing service .................................................................................................................. 4
RequestCreate ............................................................................................................................. 4
RequestCreateWithAttachments ............................................................................................. 6
RequestCreateWithAttachmentsExt ....................................................................................... 8
RequestGetCategories ............................................................................................................. 11
TicketDeleteAttachments ....................................................................................................... 12
TicketGetAttachmentContents .............................................................................................. 14
TicketGetAttachmentList ....................................................................................................... 15
TicketGetCategories ................................................................................................................ 16
TicketGetList............................................................................................................................. 17
TicketGetRecentList ................................................................................................................ 20
TicketGetStatuses .................................................................................................................... 23
TicketGetUrgencies ................................................................................................................. 24
TicketQuery............................................................................................................................... 25
TicketUpdate ............................................................................................................................ 26
TicketUpdateWithAttachment .............................................................................................. 28
TicketUpdateWithAttachmentExt ........................................................................................ 30
Using the Devices service ................................................................................................................... 33
UserGetDevices ........................................................................................................................ 33
Using the Organizations service........................................................................................................ 34
UserGetOrganizations ............................................................................................................. 34
Using the Incidents service ................................................................................................................ 35
IncidentGetCategories ............................................................................................................. 35
IncidentGetList ......................................................................................................................... 37
IncidentGetRecentList............................................................................................................. 39
IncidentGetSeverities .............................................................................................................. 42
IncidentGetStatusList ............................................................................................................. 43
Contents

IncidentGetStatusResolutionList .......................................................................................... 44
IncidentGetAssignOrganizationPersonList ......................................................................... 45
IncidentQuery ........................................................................................................................... 46
IncidentWorkflowQuery ......................................................................................................... 50
UpdateIncidentWorkflow ....................................................................................................... 55
IncidentAddAttachment ......................................................................................................... 57
IncidentAddAttachmentExt ................................................................................................... 58
IncidentGetAttachment .......................................................................................................... 60
IncidentCreateTicket ............................................................................................................... 61

Chapter 3 Error codes ........................................................................................ 64

Data availability and the Retry parameter ...................................................................................... 64
Retry ........................................................................................................................................... 64
RetryInterval ............................................................................................................................ 64
Sample error code output ................................................................................................................... 65
InternalError ............................................................................................................................ 65
InvalidParameter ..................................................................................................................... 65
TooManyRequests.................................................................................................................... 66
User.Unauthorized .................................................................................................................. 66
DataNotFound .......................................................................................................................... 67
DataNotYetAvailable ............................................................................................................... 67
AttachmentUploadFailure ...................................................................................................... 68
1
1

Chapter

Introducing the Secure Web Service

API
This chapter contains the following sections:
 About the Secure Web Service API
 Web service description language

About the Secure Web Service API

The Secure Web Service (SWS) application programming interface (API) is designed to
facilitate the automation of ticket and security incident querying, as well as ticket creation
and limited ticket updating. It does this by providing a Web Service interface to MSS
tickets (aka requests), incidents, organizations, and devices services.
Any application language that can create industry standard Simple Object Access Protocol
(SOAP) messages and send them via Hyper Text Transport Protocol (HTTP), can access the
SWS interface. Web Services, SOAP, and HTTP are widely adopted and implementations
are available for many languages and platforms.
SWS API users can perform the following functions:
 Query one or more tickets or security incidents
 Retrieve a list of valid ticket categories, statuses, and urgencies
 Retrieve a list of valid security incident severities and categories
 Retrieve the list of valid ticket requests
 Create a ticket request
 Update a ticket’s activity log
 Request that a ticket be closed
 Retrieve a list of organizations and devices for the user
A list of methods and example SOAP messages can be found on the server where SWS is
installed at the following locations:
https://api.monitoredsecurity.com/SWS/devices.asmx
https://apitest.monitoredsecurity.com/SWS/devices.asmx
https://api.monitoredsecurity.com/SWS/incidents.asmx
2 Introducing the Secure Web Service API

https://apitest.monitoredsecurity.com/SWS/incidents.asmx
https://api.monitoredsecurity.com/SWS/tickets.asmx
https://apitest.monitoredsecurity.com/SWS/tickets.asmx
https://api.monitoredsecurity.com/SWS/organizations.asmx
https://apitest.monitoredsecurity.com/SWS/organizations.asmx

Web service description language

SWS’s Web Service Description Language (WSDL) file, which describes the methods and
types available via SWS, can be found on the server where SWS is installed at the following
locations:
https://api.monitoredsecurity.com/SWS/devices.asmx?WSDL
https://apitest.monitoredsecurity.com/SWS/devices.asmx?WSDL
https://api.monitoredsecurity.com/SWS/incidents.asmx?WSDL
https://apitest.monitoredsecurity.com/SWS/incidents.asmx?WSDL
https://api.monitoredsecurity.com/SWS/tickets.asmx?WSDL
https://apitest.monitoredsecurity.com/SWS/tickets.asmx?WSDL
https://api.monitoredsecurity.com/SWS/organizations.asmx?WSDL
https://apitest.monitoredsecurity.com/SWS/organizations.asmx?WSDL
2
3

Chapter

Services and methods

This chapter contains the following sections:
 Authenticating your session
 About the <ErrorMessage> element
 Using the Ticketing service
 Using the Devices service
 Using the Organizations service
 Using the Incidents service

Authenticating your session

SWS uses client-side certificates for authentication. You must obtain a client-side
certificate through the MSS Portal. See the Symantec MSS Portal User’s Guide or the MSS
Portal Online Help for directions regarding creating and managing certificates.
The MSS Portal lets you create:
 A Production certificate that enables you to access your organization’s information in
SWS (https://api.monitoredsecurity.com/SWS/)
 A Testing certificate you can use on the SWS test site
(https://apitest.monitoredsecurity.com/SWS/)
You do not need to install the certificate to use it within your application, but you will have
to reference the PKCS12 file and the export password when you authenticate with SWS.
For example, in C#, you must add a X509Certificate2 object with the Web Services Object
you are going to call:
SWSDevices.Devices devices = new SWSDevices.Devices();
X509Certificate2 c = new X509Certificate2(@"c:\mss\Production_3087.p12", "abc123");
devices.ClientCertificates.Add(c);

About the <ErrorMessage> element

It is important to note that you should not parse the contents of the <ErrorMessage>
element as Symantec may change the text at our discretion without notice. You will be
notified when new FaultCodes are added.
4 Services and methods

Using the Ticketing service

The ticketing web service enables you to query specific tickets for current information. The
web service also enables you to get a list of tickets based on ticket parameters, as well as
create and update tickets. The methods under this service are:
 RequestCreate
 RequestCreateWithAttachments
 RequestCreateWithAttachmentsExt
 RequestGetCategories
 TicketDeleteAttachments
 TicketGetAttachmentContents
 TicketGetAttachmentList
 TicketGetCategories
 TicketGetList
 TicketGetRecentList
 TicketGetStatuses
 TicketGetUrgencies
 TicketQuery
 TicketUpdate
 TicketUpdateWithAttachment
 TicketUpdateWithAttachmentExt

Each method section includes:

 Method description
 Parameters, if any
 Input samples, if any
 Output samples, if any
 SOAP request and response samples

RequestCreate
This method creates a ticket given the provided parameters. This method is part of
tickets.asmx.

Note: The DeviceName element in the RequestCreate XML is not always required.
DeviceName is required when the RequestCategory has the RequiresDevice
element equal to TRUE. You are required to be a change manager for the device if you are
assigning the device to a ticket.
1. If you are not a change manager, an InvalidParameter error is returned.
2. If DeviceName is invalid then DataNotFound error is returned.
Services and methods 5

Parameters
Parameter Type Description
RequestCreate XML This is a subset of Ticket XML representing the fields
necessary for creating a request
Note: This parameter is required.

Input
This method is used as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<RequestCreate>
<ClientReference>1234 5678 9101112</ClientReference>
<RequestCategory>Change / Policy Change</RequestCategory>
<UrgencyName>Critical</UrgencyName>
<Description>Emergency FW Policy Change Request</Description>
<RequestedByOrgName>MSS Demo</RequestedByOrgName>
<AssignedToOrgName>MSS Demo</AssignedToOrgName>
<DeviceName>Demo Firewall 25142</DeviceName>
<ActivityLog>
Lorem ipsum dolor sit amet, labore et dolore magna.
</ActivityLog>
</RequestCreate >

Note: The following are required fields: RequestCategory, UrgencyName,

RequestedByOrgName, and AssignedToOrgName.

Output
This method outputs the TicketID string of the created ticket request.

SOAP
The following is a sample SOAP request and response for this method.

<soap:Body>
<RequestCreateResponse xmlns="https://www.monitoredsecurity.com/">
<RequestCreateResult>string</RequestCreateResult>
</RequestCreateResponse>
</soap:Body>
</soap:Envelope>

RequestCreateWithAttachments
This method creates a ticket given the provided parameters RequestCreateDoc,
Attachments, AttachmentComments. This method is part of tickets.asmx.

Note:
1. The DeviceName element in the RequestCreate XML is not always required.
DeviceName is required when the RequestCategory has the RequiresDevice
element equal to TRUE. You are required to be a change manager for the device if you
are assigning the device to a ticket.
2. If you are not a change manager, an InvalidParameter error is returned.
3. If DeviceName is invalid then DataNotFound error is returned.
4. The request supports a maximum of 20 attachments.
5. The SOAP message size must be less than or equal to 100 MB.

Parameters
Parameter Type Description
RequestCreateDoc XML This is a subset of Ticket XML representing the fields
necessary for creating a request
Note: This parameter is required.

Attachments Attachment Attachments having Attachment Name and its

Array content
Note: This parameter is required.

AttachmentComments String Attachment comment

Input
This method is used as shown in the following example.

RequestCreateDoc:
<?xml version="1.0" encoding="utf-8"?>
<RequestCreate>
<ClientReference>1234 5678 9101112</ClientReference>
<RequestCategory>Change / Policy Change</RequestCategory>
<UrgencyName>Critical</UrgencyName>
<Description>Emergency FW Policy Change Request</Description>
<RequestedByOrgName>MSS Demo</RequestedByOrgName>
<AssignedToOrgName>MSS Demo</AssignedToOrgName>
<DeviceName>Demo Firewall 25142</DeviceName>
<ActivityLog>
Lorem ipsum dolor sit amet, labore et dolore magna.
</ActivityLog>
</RequestCreate >

Note: The following are required fields: RequestCategory, UrgencyName,

RequestedByOrgName, and AssignedToOrgName.
Services and methods 7

Output
This method outputs Ticket as shown in the following example.

Success:
<TicketWithAttachment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="">
<TicketID>SC12963</TicketID>
<FilesAttachedCount>2</FilesAttachedCount>
<FilesRejected/>
</TicketWithAttachment>

Failure:
<TicketWithAttachment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="">
<TicketID>-1</TicketID>
<FilesAttachedCount>0</FilesAttachedCount>
<FilesRejected>
<File>page1.jpg </File>
<File>page2.jpg </File>
</FilesRejected>
</TicketWithAttachment>

Note:
TicketID: Newly created ticket ID. If a success, then contains a valid Ticket ID, otherwise
contains “-1”.
FilesAttachedCount: Successfully uploaded Attachment(s) count.
FilesRejected: FilesRejected contains failed attachment(s) names. A fresh child node will be
created for each rejected file. The reason for rejection could be due to various reasons.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/RequestCreateWithAttachments"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<RequestCreateWithAttachment xmlns="https://www.monitoredsecurity.com/">
<RequestCreateDoc>xml</RequestCreateDoc>
<Attachments>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
</Attachments>
< AttachmentComments>string</AttachmentComments>
</RequestCreateWithAttachment>
</soap:Body>
</soap:Envelope>
8 Services and methods

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?> <soap:Envelope
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body>
<RequestCreateWithAttachmentsResponse xmlns="https://www.monitoredsecurity.com/">
<RequestCreateWithAttachmentsResult>xml</RequestCreateWithAttachmentsResult>
</RequestCreateWithAttachmentsResponse> </soap:Body> </soap:Envelope>

RequestCreateWithAttachmentsExt
This method creates a ticket given the provided parameters RequestCreateDoc,
Attachments, AttachmentComments. This method is part of tickets.asmx.

Parameters
Parameter Type Description
RequestCreateDoc XML This is a subset of Ticket XML representing the fields
necessary for creating a request
Note: This parameter is required.

Attachments Attachment Attachments having Attachment Name and its

Array content
Note: This parameter is required.

AttachmentComments String Attachment comment

Input
This method is used as shown in the following example.

Note: The following are required fields: RequestCategory, UrgencyName,

RequestedByOrgName, and AssignedToOrgName.

Output
This method outputs Ticket as shown in the following examples.

Success - Ticket created successfully and all attachments uploaded successfully:

<Ticket xmlns="">
<TicketID>SC14177</TicketID>
<FilesAttached>
<File>
<Name>MSS User Guide.pdf</Name>
<AttachmentID>281486197797892</AttachmentID>
</File>
<File>
<Name>TestDocument.txt</Name>
<AttachmentID>281486197797893</AttachmentID>
</File>
</FilesAttached>
<FilesRejected/>
</Ticket>

Partial Success - Ticket created successfully but failed to upload some attachments:
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:AttachmentUploadFailure</faultcode>
<faultstring>Attachment failure</faultstring>
<detail>
<RequestId>2r14l3mdbrftiuyuc2sz2f3d</RequestId>
<Ticket>
<TicketID>SC1234</TicketID>
<FilesAttached>
<File>
<Name>MSS User Guide.txt</Name>
<AttachmentID>281486197797892</AttachmentID>
</File>
<File>
<Name>TestDocument.txt</Name>
<AttachmentID>281486197797893</AttachmentID>
</File>
</FilesAttached>
<FilesRejected>
<File>
<Name>Test2.exe</Name>
<ErrorMessage>Invalid File Extension</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Ticket>
<retry>false</retry>
<retryinterval>-1</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
10 Services and methods

Failure - Ticket creation failed to upload any of the attachments:

<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:AttachmentUploadFailure</faultcode>
<faultstring>Attachment failure</faultstring>
<detail>
<RequestId>2r14l3mdbrftiuyuc2sz2f3d</RequestId>
<Ticket>
<TicketID>-1</TicketID>
<FilesAttached />
<FilesRejected>
<File>
<Name>Test1.txt</Name>
<ErrorMessage>Internal error occured during Attachment
upload</ErrorMessage>
<Retry>true</Retry>
<RetryInterval>10</RetryInterval>
</File>
<File>
<Name>Test2.txt</Name>
<ErrorMessage>Internal error occured during Attachment
upload</ErrorMessage>
<Retry>true</Retry>
<RetryInterval>10</RetryInterval>
</File>
</FilesRejected>
</Ticket>
<retry>true</retry>
<retryinterval>10</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>

Note: The ticket is created if any attachment uploads successfully.

TicketID: Newly created ticket ID. If a success, then contains a valid Ticket ID, otherwise
contains “-1”.
FilesAttachedCount: Successfully uploaded Attachment(s) count.
FilesRejected: FilesRejected contains failed attachment(s) names. A fresh child node will be
created for each rejected file. The reason for rejection could be due to various reasons. See
the AttachmentUploadFailure section on page 68 for more information.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

<RequestCreateDoc>xml</RequestCreateDoc>
<Attachments>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
</Attachments>
<AttachmentComments>string</AttachmentComments>
</RequestCreateWithAttachmentsExt>
</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

RequestGetCategories
This method returns a list of valid request categories. This method is part of
tickets.asmx.

Parameters
None.

Output
This method outputs RequestCategories as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<RequestCategories>
<RequestCategory>
<CategoryName>Add an Authorized Contact</CategoryName>
<RequiresDevice>false</RequiresDevice>
</RequestCategory>
<RequestCategory>
<CategoryName>Deactivate an Authorized Contact</CategoryName>
<RequiresDevice>false</RequiresDevice>
</RequestCategory>
<RequestCategory>
<CategoryName>Firewall Policy Change</CategoryName>
<RequiresDevice>true</RequiresDevice>
</RequestCategory>
<RequestCategory>
<CategoryName>VPN Change</CategoryName>
<RequiresDevice>true</RequiresDevice>
</RequestCategory>
12 Services and methods

</RequestCategories>

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<RequestGetCategoriesResponse xmlns="https://www.monitoredsecurity.com/">
<RequestGetCategoriesResult>xml</RequestGetCategoriesResult>
</RequestGetCategoriesResponse>
</soap:Body>
</soap:Envelope>

TicketDeleteAttachments
This method is used to delete attachments from a ticket. This method is part of
tickets.asmx.

Note: If TicketId is not yet available or invalid, then the DataNotYetAvailable error is
returned.

Parameters
Parameter Type Description
ticketID String Ticket service case ID
Note: This parameter is required.

attachmentOIDList String Array AttachmentOID array to delete attachment from ticket

Note: This parameter is required.

updateComment String Comments for attachment deletion

retryAttempts int Number of times to retry in case of failures
Services and methods 13

Output
This method outputs TicketGetAttachmentListResult as shown in the following
example.

Success:
<?xml version="1.0" encoding="utf-8" ?>
<TicketIDs>
<deletedOID>281486139143003</deletedOID>
<isHistoryLineSaved>true</isHistoryLineSaved>
<isCommentSaved>true</isCommentSaved>
<isFiledDeleted>true</isFiledDeleted>
<isMatchFound>true</isMatchFound>
</TicketIDs>

Failure:
<?xml version="1.0" encoding="utf-8" ?>
<TicketIDs>
<isHistoryLineSaved>false</isHistoryLineSaved>
<isCommentSaved>false</isCommentSaved>
<isFiledDeleted>false</isFiledDeleted>
<isMatchFound>false</isMatchFound>
</TicketIDs>

Note:
isHistoryLineSaved: Audit Logs created for this request or not?
isCommentSaved: Delete Attachment comments saved or not?
isFiledDeleted: Attachment deleted successfully or not?
isMatchFound: AttachmentOID match found or not?

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/TicketDeleteAttachments"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketDeleteAttachments xmlns="https://www.monitoredsecurity.com/">
<ticketID>string</ticketID>
<attachmentOIDList>
<string>string</string>
<string>string</string>
</attachmentOIDList>
<updateComment>string</updateComment>
<retryAttempts>int</retryAttempts>
</TicketDeleteAttachments>
</soap:Body>
</soap:Envelope>
14 Services and methods

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketDeleteAttachmentsResponse xmlns="https://www.monitoredsecurity.com/">
<TicketDeleteAttachmentsResult>xml</TicketDeleteAttachmentsResult>
</TicketDeleteAttachmentsResponse>
</soap:Body>
</soap:Envelope>

TicketGetAttachmentContents
This method is used to get attachment contents. This method is part of tickets.asmx.

Note:
1. The SOAP message response size must be less than or equal to 100 MB, otherwise the
response will fail. Upon failure, attempt to get attachments individually rather than
through a single request.
2. If TicketId is not yet available or invalid, then the DataNotYetAvailable error is
returned.

Parameters
Parameter Type Description
TicketID String Ticket service case ID
Note: This parameter is required.

AttachmentItemOID Long Attachment ID received from

TicketGetAttachmentList web method
Note: This parameter is required.

IsAllAttachmentsRequired Boolean True = Fetch all the attachments associated with

TicketID
False = Fetch attachment associated with
AttachmentItemOID and TicketID

SOAP
The following is a sample SOAP request and response for this method.

<AttachmentItemOID>long</AttachmentItemOID>
<IsAllAttachmentsRequried>boolean</IsAllAttachmentsRequried>
</TicketGetAttachmentContents>
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetAttachmentContentsResponse xmlns="https://www.monitoredsecurity.com/">
<TicketGetAttachmentContentsResult>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
</TicketGetAttachmentContentsResult>
</TicketGetAttachmentContentsResponse>
</soap:Body>
</soap:Envelope>

TicketGetAttachmentList
This method gets a list of attachments (i.e., only having FileName, AttachmentOID) based
on TicketID. This method is part of tickets.asmx.

Note: If TicketId is not yet available or invalid, then the DataNotYetAvailable error is
returned.

Parameters
Parameter Type Description
TicketID String Ticket service case ID
Note: This parameter is required.

Output
This method outputs TicketGetAttachmentListResult as shown in the following
example.
<?xml version="1.0" encoding="utf-8" ?>
<Attachments>
<Attachment>
<FileName>page1.jpg</FileName>
<AttachmentOID>281486139144733</AttachmentOID>
</Attachment>
<Attachment>
<FileName>page2.jpg</FileName>
<AttachmentOID>281486139144734</AttachmentOID>
</Attachment>
</Attachments>
16 Services and methods

Note:
FileName: Attachment file name.
AttachmentOID: Attachment ID required during download Attachment.

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetAttachmentListResponse xmlns="https://www.monitoredsecurity.com/">
<TicketGetAttachmentListResult>xml</TicketGetAttachmentListResult>
</TicketGetAttachmentListResponse>
</soap:Body>
</soap:Envelope>

TicketGetCategories
This method returns a list of valid ticket categories. This method is part of tickets.asmx.

Parameters
None.

Output
This method outputs TicketCategories as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<TicketCategories>
<TicketCategory>
<CategoryName>Support Request</CategoryName>
</TicketCategory>
<TicketCategory>
<CategoryName>Security Incident</CategoryName>
</TicketCategory>
<TicketCategory>
Services and methods 17

<CategoryName>Change</CategoryName>
</TicketCategory>
<TicketCategory>
<CategoryName>Service Ticket</CategoryName>
</TicketCategory>
</TicketCategories>

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetCategoriesResponse xmlns="https://www.monitoredsecurity.com/">
<TicketGetCategoriesResult>xml</TicketGetCategoriesResult>
</TicketGetCategoriesResponse>
</soap:Body>
</soap:Envelope>

TicketGetList
This method returns a list of tickets based on given search parameters. If a parameter is
left blank or null, the method returns tickets matching all values. This method is part of
tickets.asmx.

Parameter Type Description

ClientReference String Comma-delimited list of client reference values;
since some ClientReference values may have
commas, the individual values are matched with
a LIKE operator
Device String Comma-delimited list of valid device names
RequestedByOrganization String Comma-delimited list of valid requester
organizations
AssignedToOrganization String Comma-delimited list of valid assigned
organizations
MaxTickets String The maximum number of tickets to return
StartTimeStampGMT DateTime Only return tickets created since the specified
date
Note: This parameter is required.

EndTimeStampGMT DateTime Only return tickets created before the specified

date

</Device>
</RelatedDeviceList>
<RelatedSecurityIncidents>
<IncidentNumber>23292091</IncidentNumber>
</RelatedSecurityIncidents>
<LastModifiedDate>2013-02-21T21:45:41</LastModifiedDate> </Ticket>
</Ticket>
<Ticket>
<TicketID>SC12341</TicketID>
<TicketCategory>Alarm / Collection Outages</TicketCategory>
<Urgency>High</Urgency>
<Description>Lorem ipsum dolor sit amet</Description>
<RequestedByOrgID>98765432</RequestedByOrgID>
<RequestedByOrgName>Org0</RequestedByOrgName>
<AssignedToOrgID>98765433</AssignedToOrgID>
<AssignedToOrgName>Org1</AssignedToOrgName>
<CreatedDate>2009-03-25T19:05:50.4867195+00:00</CreatedDate>
<LastUpdated>2009-03-25T19:20:50.4867195+00:00</LastUpdated>
<ClosedDate>2009-03-25T19:35:50.4867195+00:00</ClosedDate>
<Deadline>2009-03-26T19:05:50.4867195+00:00</Deadline>
<ActivityLog>Lorem ipsum dolor sit amet, labore et dolore magna.</ActivityLog>
<ClosureCodeString />
<RequestedByPersonName>Doe, James</RequestedByPersonName>
<Active>false</Active>
<Status>Closed</Status>
<ClientReference>TX107442</ClientReference>
<UpdateTimestampGMT>2013-03-20T19:05:55.71</UpdateTimestampGMT>
<RelatedTickets/>
<RelatedDeviceList/>
<RelatedSecurityIncidents/>
<LastModifiedDate>2013-02-21T21:45:41</LastModifiedDate> </Ticket>
</Ticket>
</TicketList>

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/TicketGetList"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetList xmlns="https://www.monitoredsecurity.com/">
<Status>string</Status>
<TicketCategory>string</TicketCategory>
<Urgency>string</Urgency>
<TicketID>string</TicketID>
<ClientReference>string</ClientReference>
<Device>string</Device>
<RequestedByOrganization>string</RequestedByOrganization>
<AssignedToOrganization>string</AssignedToOrganization>
<MaxTickets>string</MaxTickets>
<StartTimeStampGMT>string</StartTimeStampGMT>
<EndTimeStampGMT>string</EndTimeStampGMT>
</TicketGetList>
</soap:Body>
20 Services and methods

</soap:Envelope>

TicketGetRecentList
This method returns a recent list of Tickets based on given search parameters. If a
parameter is left blank or null, the method returns tickets matching all values. This method
is part of tickets.asmx.
Whereas TicketGetList searches only against a ticket’s creation timestamp, the
TicketGetRecentList method searches against the creation timestamp and updated
timestamps for the following:
 Request comments/Activity Log
 Client Reference
 Assigned To

Parameters
Parameter Type Description
Status String Comma-delimited list of valid ticket statuses
TicketCategory String Comma-delimited list of valid ticket categories
Urgency String Comma-delimited list of valid ticket urgencies
TicketID String Comma-delimited list of valid MSS ticket
numbers
ClientReference String Comma-delimited list of client reference values;
since some ClientReference values may have
commas, the individual values are matched with
a LIKE operator
Device String Comma-delimited list of valid device names
RequestedByOrganization String Comma-delimited list of valid requester
organizations
AssignedToOrganization String Comma-delimited list of valid assigned
organizations
MaxTickets String The maximum number of tickets to return
StartTimeStampGMT DateTime Only return tickets created or modified since the
specified date
Note: This parameter is required.
Services and methods 21

Parameter Type Description

EndTimeStampGMT DateTime Only return tickets created or modified before
the specified date.

Output
This method outputs TicketList as shown in the following example.
<?xml version="1.0" encoding="utf-8" ?>
<TicketList>
<Ticket>
<TicketID>SC12340</TicketID>
<TicketCategory>Alarm / Collection Outages</TicketCategory>
<Urgency>High</Urgency>
<Description>Lorem ipsum dolor sit amet</Description>
<RequestedByOrgID>98765432</RequestedByOrgID>
<RequestedByOrgName>Org0</RequestedByOrgName>
<AssignedToOrgID>98765433</AssignedToOrgID>
<AssignedToOrgName>Org1</AssignedToOrgName>
<CreatedDate>2009-03-25T19:05:50.4867195+00:00</CreatedDate>
<LastUpdated>2009-03-25T19:20:50.4867195+00:00</LastUpdated>
<ClosedDate>2009-03-25T19:35:50.4867195+00:00</ClosedDate>
<Deadline>2009-03-26T19:05:50.4867195+00:00</Deadline>
<ActivityLog>Lorem ipsum dolor sit amet, labore et dolore magna.</ActivityLog>
<ClosureCodeString />
<RequestedByPersonName>Doe, James</RequestedByPersonName>
<Active>false</Active>
<Status>Closed</Status>
<ClientReference>TX107442</ClientReference>
<UpdateTimestampGMT>2013-02-12T17:59:18.093</UpdateTimestampGMT>
<RelatedTickets>
<TicketID>SC12387</TicketID>
<TicketID>SC12545</TicketID>
<TicketID>SC12702</TicketID>
<TicketID>SC12895</TicketID>
<TicketID>SC13017</TicketID>
</RelatedTickets>
<RelatedTickets />
<RelatedDeviceList>
<Device>
<DeviceName>PTLIS6CRIDS01-CIDS</DeviceName>
<SearchCode>TEST-FW-100570</SearchCode>
<Status>Hold for Customer</Status>
<OwnerOrganization>Owner</OwnerOrganization>
</Device>
</RelatedDeviceList>
<RelatedSecurityIncidents>
<IncidentNumber>23292091</IncidentNumber>
</RelatedSecurityIncidents>
<LastModifiedDate>2013-02-21T21:45:41</LastModifiedDate> </Ticket>
</Ticket>
<Ticket>
<TicketID>SC12341</TicketID>
<TicketCategory>Alarm / Collection Outages</TicketCategory>
<Urgency>High</Urgency>
<Description>Lorem ipsum dolor sit amet</Description>
<RequestedByOrgID>98765432</RequestedByOrgID>
<RequestedByOrgName>Org0</RequestedByOrgName>
<AssignedToOrgID>98765433</AssignedToOrgID>
<AssignedToOrgName>Org1</AssignedToOrgName>
<CreatedDate>2009-03-25T19:05:50.4867195+00:00</CreatedDate>
<LastUpdated>2009-03-25T19:20:50.4867195+00:00</LastUpdated>
22 Services and methods

<ClosedDate>2009-03-25T19:35:50.4867195+00:00</ClosedDate>
<Deadline>2009-03-26T19:05:50.4867195+00:00</Deadline>
<ActivityLog>Lorem ipsum dolor sit amet, labore et dolore magna.</ActivityLog>
<ClosureCodeString />
<RequestedByPersonName>Doe, James</RequestedByPersonName>
<Active>false</Active>
<Status>Closed</Status>
<ClientReference>TX107442</ClientReference>
<UpdateTimestampGMT>2013-03-20T19:05:55.71</UpdateTimestampGMT>
<RelatedTickets/>
<RelatedDeviceList/>
<RelatedSecurityIncidents/>
<LastModifiedDate>2013-02-21T21:45:41</LastModifiedDate> </Ticket>
</TicketList>

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/TicketGetList"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetList xmlns="https://www.monitoredsecurity.com/">
<Status>string</Status>
<TicketCategory>string</TicketCategory>
<Urgency>string</Urgency>
<TicketID>string</TicketID>
<ClientReference>string</ClientReference>
<Device>string</Device>
<RequestedByOrganization>string</RequestedByOrganization>
<AssignedToOrganization>string</AssignedToOrganization>
<MaxTickets>string</MaxTickets>
<StartTimeStampGMT>string</StartTimeStampGMT>
<EndTimeStampGMT>string</EndTimeStampGMT>
</TicketGetList>
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetListResponse xmlns="https://www.monitoredsecurity.com/">
<TicketGetListResult>xml</TicketGetListResult>
</TicketGetListResponse>
</soap:Body>
</soap:Envelope>
Services and methods 23

TicketGetStatuses
This method returns a list of valid ticket statuses. This method is part of tickets.asmx.

Parameters
None.

Output
This method outputs TicketStatuses as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<TicketStatuses>
<Status>
<StatusName>Created from Web Service</StatusName>
</Status>
<Status>
<StatusName>Updated from Web Service</StatusName>
</Status>
</TicketStatuses>

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetStatusesResponse xmlns="https://www.monitoredsecurity.com/">
<TicketGetStatusesResult>xml</TicketGetStatusesResult>
</TicketGetStatusesResponse>
</soap:Body>
</soap:Envelope>
24 Services and methods

TicketGetUrgencies
This method returns a list of valid ticket urgencies. This method is part of tickets.asmx.

Parameters
None.

Output
This method outputs TicketUrgencies as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<TicketUrgencies>
<Urgency>
<UrgencyName>Low</UrgencyName>
</Urgency>
<Urgency>
<UrgencyName>Routine</UrgencyName>
</Urgency>
<Urgency>
<UrgencyName>High</UrgencyName>
</Urgency>
<Urgency>
<UrgencyName>Critical</UrgencyName>
</Urgency>
</TicketUrgencies>

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketGetUrgenciesResponse xmlns="https://www.monitoredsecurity.com/">
<TicketGetUrgenciesResult>xml</TicketGetUrgenciesResult>
</TicketGetUrgenciesResponse>
</soap:Body>
</soap:Envelope>
Services and methods 25

TicketQuery
This method returns details of a given ticket by TicketID or ClientReference. This
method is part of tickets.asmx.

Note: If TicketId is not yet available or invalid, then the DataNotYetAvailable error is
returned.

Parameters
Parameter Type Description
TicketID String The ticket number in the SOC. Either this field or
ClientReference can be blank. If both fields are specified,
the TicketID will be used.
Note: This parameter is required.

ClientReference String The customer reference ticket number specified during ticket
creation (currently, via the portal). Either this field or
TicketID can be blank.

Output
This method outputs Ticket as shown in the following example.
<?xml version="1.0" encoding="utf-8" ?>
<Ticket xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<TicketID>12345</TicketID>
<TicketCategory>Alarm / Collection Outages</TicketCategory>
<Urgency>High</Urgency>
<Description>Lorem ipsum dolor sit amet</Description>
<RequestedByOrgID>98765432</RequestedByOrgID>
<RequestedByOrgName>Org0</RequestedByOrgName>
<AssignedToOrgID>98765433</AssignedToOrgID>
<AssignedToOrgName>Org1</AssignedToOrgName>
<CreatedDate>2009-03-26T13:47:17.5995147+00:00</CreatedDate>
<LastUpdated>2009-03-26T14:02:17.5995147+00:00</LastUpdated>
<ClosedDate>2009-03-26T14:17:17.5995147+00:00</ClosedDate>
<Deadline>2009-03-27T13:47:17.5995147+00:00</Deadline>
<ActivityLog>Lorem ipsum dolor sit amet, labore et dolore magna.</ActivityLog>
<ClosureCodeString />
<RequestedByPersonName>Doe, James</RequestedByPersonName>
<Active>false</Active>
<Status>Closed</Status>
<ClientReference>TX107442</ClientReference>
<RelatedTickets />
<RelatedDeviceList>
<Device>
<DeviceName>Test0</DeviceName>
<SearchCode>Test0</SearchCode>
<Status>Production</Status>
<OwnerOrganization>Org0</OwnerOrganization>
</Device>
<Device>
<DeviceName>Test1</DeviceName>
<SearchCode>Test1</SearchCode>
<Status>Production</Status>
<OwnerOrganization>Org1</OwnerOrganization>
</Device>
</RelatedDeviceList>
<RelatedSecurityIncidents />
<LastModifiedDate>2009-03-26T14:02:17.5995147+00:00</LastModifiedDate>
26 Services and methods

</Ticket>

SOAP
The following is a sample SOAP request and response for this method.

TicketUpdate
This method will update a ticket given the provided parameters. This method is part of
tickets.asmx.

Note: If TicketId is not yet available or invalid, then the DataNotYetAvailable error is
returned.

Parameters
Parameter Type Description
TicketUpdate XML This is a subset of the Ticket XML representing fields that are
to be updated/appended
Note: This parameter is required.

RequestToClose Boolean If true, then text is added to indicate that the customer would
like the Ticket to be closed
Services and methods 27

Input
This method is used as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<TicketUpdate>
<TicketID>SC11387</TicketID>
<ClientReference>1234 5678 9101112</ClientReference>
<ActivityLog>
Lorem ipsum dolor sit amet, labore et dolore magna.
</ActivityLog>
</TicketUpdate>

Note: TicketID is a required field.

Output
This method outputs a Boolean value that indicates whether the update was successful.

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketUpdateResponse xmlns="https://www.monitoredsecurity.com/">
<TicketUpdateResult>boolean</TicketUpdateResult>
</TicketUpdateResponse>
</soap:Body>
</soap:Envelope>
28 Services and methods

TicketUpdateWithAttachment
This method will update a ticket with attachments given the provided parameters. This
method is part of tickets.asmx.

Note:
1. Each Ticket can have no more than 20 attachments; more than 20 will throw an
exception. Also, the SOAP message size must be less than or equal to 100 MB.
2. If TicketId is not yet available or invalid, then the DataNotYetAvailable error is
returned.

Parameters
Parameter Type Description
TicketUpdate XML This is a subset of the Ticket XML representing fields
that are to be updated/appended
Note: This parameter is required.

RequestToClose Boolean If true, then text is added to indicate that the customer
would like the Ticket to be closed
Attachments Attachment Attachments having Attachment Name and its content
Array Note: This parameter is required.

AttachmentComments String Attachment update comment

Input
This method is used as shown in the following example.
TicketUpdate:
<?xml version="1.0" encoding="utf-8"?>
<TicketUpdate>
<TicketID>SC11387</TicketID>
<ClientReference>1234 5678 9101112</ClientReference>
<ActivityLog>
Lorem ipsum dolor sit amet, labore et dolore magna.
</ActivityLog>
</TicketUpdate>

Note: The following is a required field: TicketID.

Output
This method outputs Ticket as shown in the following examples.

Note:
TicketID: Newly created ticket ID. If a success, then contains a valid Ticket ID, otherwise
contains “-1”.
FilesAttachedCount: Successfully uploaded attachment(s) count.
FilesRejected: FilesRejected contains failed attachment(s) names. A fresh child node will be
created for each rejected file. The reason for rejection could be due to various reasons.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/TicketUpdateWithAttachment"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketUpdateWithAttachment xmlns="https://www.monitoredsecurity.com/">
<TicketUpdateDoc>xml</TicketUpdateDoc>
<RequestToClose>boolean</RequestToClose>
<Attachments>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
</Attachments>
<AttachmentComments>string</AttachmentComments>
</TicketUpdateWithAttachment>
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<TicketUpdateWithAttachmentResponse xmlns="https://www.monitoredsecurity.com/">
<TicketUpdateWithAttachmentResult>string</TicketUpdateWithAttachmentResult>
</TicketUpdateWithAttachmentResponse>
</soap:Body>
</soap:Envelope>
30 Services and methods

TicketUpdateWithAttachmentExt
This method will update a ticket with attachments given the provided parameters. This
method is part of tickets.asmx.

Parameters
Parameter Type Description
TicketUpdate XML This is a subset of the Ticket XML representing fields
that are to be updated/appended
Note: This parameter is required.

AttachmentComments String Attachment update comment

Input
This method is used as shown in the following example.

TicketUpdate:
<?xml version="1.0" encoding="utf-8"?>
<TicketUpdate>
<TicketID>SC11387</TicketID>
<ClientReference>1234 5678 9101112</ClientReference>
<ActivityLog>Lorem ipsum dolor sit amet, labore et dolore magna.</ActivityLog>
</TicketUpdate>

Note: The following is a required field: TicketID.

Output
This method outputs Ticket as shown in the following examples.

Success - Ticket updated successfully and all attachments uploaded successfully:

Partial Success - Ticket updated successfully but failed to upload some attachments:
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:AttachmentUploadFailure</faultcode>
<faultstring>Attachment failure</faultstring>
<detail>
<RequestId>2r14l3mdbrftiuyuc2sz2f3d</RequestId>
<Ticket>
<TicketID>SC1234</TicketID>
<FilesAttached>
<File>
<Name>MSS User Guide.txt</Name>
<AttachmentID>281486197797892</AttachmentID>
</File>
<File>
<Name>TestDocument.txt</Name>
<AttachmentID>281486197797893</AttachmentID>
</File>
</FilesAttached>
<FilesRejected>
<File>
<Name>Test2.txt</Name>
<ErrorMessage>Invalid File Extension</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Ticket>
<retry>false</retry>
<retryinterval>-1</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Failure - Ticket update failed to upload any of the attachments:

<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:AttachmentUploadFailure</faultcode>
<faultstring>Attachment failure</faultstring>
<detail>
<RequestId>2r14l3mdbrftiuyuc2sz2f3d</RequestId>
<Ticket>
<TicketID>-1</TicketID>
<FilesAttached />
<FilesRejected>
<File>
<Name>Test1.txt</Name>
<ErrorMessage>Internal error occured during Attachment upload</ErrorMessage>
<Retry>true</Retry>
<RetryInterval>10</RetryInterval>
</File>
<File>
<Name>Test2.txt</Name>
<ErrorMessage>Internal error occured during Attachment upload</ErrorMessage>
32 Services and methods

Note: The ticket is updated if any attachment uploads successfully.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/tickets.asmx HTTP/1.1
Host: hostname
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<TicketUpdateWithAttachmentExt xmlns="https://www.monitoredsecurity.com/">
<TicketUpdateDoc>xml</TicketUpdateDoc>
<RequestToClose>boolean</RequestToClose>
<Attachments>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
</Attachments>
<AttachmentComments>string</AttachmentComments>
</TicketUpdateWithAttachmentExt>
</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

Using the Devices service

The devices web service enables you to get a list of the devices that you are able to see
under Organizational Hierarchy. The methods under this service are:
 UserGetDevices

UserGetDevices
This method returns a list of valid devices for the user. This method is part of
devices.asmx.

Parameters
None.

Output
This method outputs Devices as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<Devices>
<Device>
<DeviceName>Demo Device 21446</DeviceName>
<SearchCode>DEMO-NIDS-21446</SearchCode>
<Status>Production</Status>
<OwnerOrganization>MSS Demo</OwnerOrganization>
<LastLogReceived>2008-12-30T17:21:35.015</LastLogReceived>
<ChangeManager>true</ChangeManager>
</Device>
<Device>
<DeviceName>Demo Device 23345</DeviceName>
<SearchCode>DEMO-FW-23345</SearchCode>
<Status>Production</Status>
<OwnerOrganization>DEMOSUB</OwnerOrganization>
<LastLogReceived>2008-12-30T17:18:25.607</LastLogReceived>
<ChangeManager>false</ChangeManager>
</Device>
</Devices>

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/devices.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/UserGetDevices"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
34 Services and methods

<UserGetDevices xmlns="https://www.monitoredsecurity.com/" />

</soap:Body>
</soap:Envelope>

Using the Organizations service

The organizations web service enables you to get a list of the organizations that you are
able to see under Organizational Hierarchy. The methods under this service are:
 UserGetOrganizations

UserGetOrganizations
This method returns a list of valid organizations for the user. This method is part of
organizations.asmx.

Parameters
None.

Output
This method outputs Organizations as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<Organizations>
<Organization>
<OrganizationID>281485932953839</OrganizationID>
<OrganizationName>MSS Demo</OrganizationName>
</Organization>
<Organization>
<OrganizationID>281423932563889</OrganizationID>
<OrganizationName>MSS Demo / MSS Demo - SubOrg</OrganizationName>
</Organization>
</Organizations>

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/organizations.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/UserGetOrganizations"
Services and methods 35

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<UserGetOrganizations xmlns="https://www.monitoredsecurity.com/" />
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<UserGetOrganizationsResponse xmlns="https://www.monitoredsecurity.com/">
<UserGetOrganizationsResult>xml</UserGetOrganizationsResult>
</UserGetOrganizationsResponse>
</soap:Body>
</soap:Envelope>

Using the Incidents service

The incidents web service enables you to query specific security incidents for current
information. The methods under this service are:
 IncidentGetCategories
 IncidentGetList
 IncidentGetRecentList
 IncidentGetSeverities
 IncidentGetStatusList
 IncidentGetStatusResolutionList
 IncidentGetAssignOrganizationPersonList
 IncidentQuery
 IncidentWorkflowQuery
 UpdateIncidentWorkflow
 IncidentAddAttachment
 IncidentAddAttachmentExt
 IncidentGetAttachment
 IncidentCreateTicket

IncidentGetCategories
This method returns a list of incident categories. This method is part of incidents.asmx.

Parameters
None.
36 Services and methods

Output
This method outputs IncidentCategories as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<IncidentCategories>
<Category>
<CategoryName>Authorized Activity</CategoryName>
</Category>
<Category>
<CategoryName>Denial of Service</CategoryName>
</Category>
<Category>
<CategoryName>Information Gathering</CategoryName>
</Category>
<Category>
<CategoryName>Misuse (Inappropriate Usage)</CategoryName>
</Category>
</IncidentCategories>

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/incidents.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/IncidentGetCategories"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentGetCategories xmlns="https://www.monitoredsecurity.com/" />
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentGetCategoriesResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentGetCategoriesResult>xml</IncidentGetCategoriesResult>
</IncidentGetCategoriesResponse>
</soap:Body>
</soap:Envelope>
Services and methods 37

IncidentGetList
This method returns a list of security incidents based on given search parameters. If a
parameter is left blank or null, the method will return incidents matching all values. This
method is part of incidents.asmx.

Parameters
Parameter Type Description
Severity String Comma-delimited list of valid Security Incident
severities set by MSS
CustomerSeverity String Comma-delimited list of valid Security Incident
severities set by customers
SourceOrganization String Comma-delimited list of valid Organizations
DestinationOrganization String Comma-delimited list of valid Organizations
MaxIncidents String The maximum number of incidents to return
SourceIP String Comma-delimited list of valid Source IP
Addresses
Category String Comma-delimited list of valid Security Incident
Categories
ExcludeCategory String Comma-delimited list of valid Security Incident
Categories
StartTimeStampGMT DateTime Only return incidents created since the specified
date
EndTimeStampGMT DateTime Only return incidents created before the
specified date

Output
This method outputs IncidentList as shown in the following example.
<?xml version="1.0" encoding="utf-8" ?>
<SecurityIncidentSummary>
<IncidentNumber>979546</IncidentNumber>
<TimeCreated>2014-10-23T02:09:56.753</TimeCreated>
<Correlation>No</Correlation>
<Severity>Warning</Severity>
<CustomerSeverity>Warning</CustomerSeverity>
<Category>Daily Summary</Category>
<Classification>Activity Summary - Malware Download Requests</Classification>
<SourceIPString>Multiple</SourceIPString>
<SourceOrganizationName>External</SourceOrganizationName>
<DestOrganizationName>External</DestOrganizationName>
<CountryCode>EN</CountryCode>
<CountryName>---</CountryName>
<IsInternalExternal />
<HostNameList />
<UserList />
<CountryOfOrigin />
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<FirstSeenGlobally>0001-01-01T00:00:00</FirstSeenGlobally>
<DaysSeenGlobally>0</DaysSeenGlobally>
<PrevalenceGlobally />
<GlobalLookbackDays>0</GlobalLookbackDays>
38 Services and methods

<LatestKeyEvent>0001-01-01T00:00:00</LatestKeyEvent>
<UpdateTimestampGMT>2014-11-25T22:06:15.5</UpdateTimestampGMT>
</SecurityIncidentSummary>
<SecurityIncidentSummary>
<IncidentNumber>978820</IncidentNumber>
<TimeCreated>2014-09-29T19:11:46.86</TimeCreated>
<Correlation>No</Correlation>
<Severity>Informational</Severity>
<CustomerSeverity>Warning</CustomerSeverity>
<Category>Authorized Scanning/Penetration Testing</Category>
<Classification>Vulnerability Scan – Commercial</Classification>
<SourceIPString>1.1.1.1</SourceIPString>
<SourceOrganizationName>External</SourceOrganizationName>
<DestOrganizationName>External</DestOrganizationName>
<CountryCode>US</CountryCode>
<CountryName>United States</CountryName>
<IsInternalExternal>Internal</IsInternalExternal>
<HostNameList>host-JBGDJ</HostNameList>
<UserList>NT AUTHORITY\SYSTEM</UserList>
<CountryOfOrigin />
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<FirstSeenGlobally>0001-01-01T00:00:00</FirstSeenGlobally>
<DaysSeenGlobally>0</DaysSeenGlobally>
<PrevalenceGlobally />
<GlobalLookbackDays>0</GlobalLookbackDays>
<LatestKeyEvent>2014-09-29T19:11:07.91</LatestKeyEvent>
<UpdateTimestampGMT>2014-10-07T14:30:06.18</UpdateTimestampGMT>
</SecurityIncidentSummary>
<SecurityIncidentSummary>
<IncidentNumber>978286</IncidentNumber>
<TimeCreated>2014-09-11T18:57:36.707</TimeCreated>
<Correlation>Yes</Correlation>
<Severity>Warning</Severity>
<CustomerSeverity>Warning</CustomerSeverity>
<Category>Malicious Code</Category>
<Classification>McAfee Endpoint Reported Infection</Classification>
<SourceIPString>2.2.2.2</SourceIPString>
<SourceOrganizationName>External</SourceOrganizationName>
<DestOrganizationName>External</DestOrganizationName>
<CountryCode>CN</CountryCode>
<CountryName>China</CountryName>
<IsInternalExternal>External</IsInternalExternal>
<HostNameList />
<UserList />
<CountryOfOrigin>China</CountryOfOrigin>
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<FirstSeenGlobally>0001-01-01T00:00:00</FirstSeenGlobally>
<DaysSeenGlobally>0</DaysSeenGlobally>
<PrevalenceGlobally />
<GlobalLookbackDays>0</GlobalLookbackDays>
<LatestKeyEvent>2014-09-02T12:04:06.33</LatestKeyEvent>
<UpdateTimestampGMT>2014-12-10T14:51:03.587</UpdateTimestampGMT>
</SecurityIncidentSummary>
</SecurityIncidentList>

 DaysSeenGlobally: Number of days an external IP address was seen in last

<GlobalLookbackDays> days across the customer base.
 PrevalenceGlobally: Ratio of existence of an external IP across customer base with total
available active customers. Values: L/M/H where L = Low, M = Medium, and H = High.
 GlobalLookbackDays: The configured number of days for which global context values
are computed.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /SWS/Incidents.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/IncidentGetList"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentGetList xmlns="https://www.monitoredsecurity.com/">
<Severity>string</Severity>
<SourceOrganization>string</SourceOrganization>
<DestinationOrganization>string</DestinationOrganization>
<MaxIncidents>string</MaxIncidents>
<SourceIP>string</SourceIP>
<Category>string</Category>
<ExcludeCategory>string</ExcludeCategory>
<StartTimeStampGMT>string</StartTimeStampGMT>
<EndTimeStampGMT>string</EndTimeStampGMT>
<CustomerSeverity>string</CustomerSeverity>
</IncidentGetList>
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentGetListResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentGetListResult>xml</IncidentGetListResult>
</IncidentGetListResponse>
</soap:Body>
</soap:Envelope>

IncidentGetRecentList
This method returns a list of security incidents based on given search parameters. If a
parameter is left blank or null, the method will return incidents matching all values. This
method is part of incidents.asmx.
This method differs from IncidentGetList in the way the timestamp parameters are
used to search incidents. IncidentGetList searches on the created timestamp of the
40 Services and methods

incidents, whereas IncidentGetRecentList searches on the created timestamp, updated

timestamp, and LatestKeyEvent timestamp of the incidents.

Parameters
Parameter Type Description
Severity String Comma-delimited list of valid Security Incident
severities set by customers
SourceOrganization String Comma-delimited list of valid Organizations
DestinationOrganization String Comma-delimited list of valid Organizations
MaxIncidents String The maximum number of incidents to return
SourceIP String Comma-delimited list of valid Source IP
Addresses
Category String Comma-delimited list of valid Security Incident
Categories
ExcludeCategory String Comma-delimited list of valid Security Incident
Categories
StartTimeStampGMT DateTime Only return incidents created since the specified
date
Note: This parameter is required.

EndTimeStampGMT DateTime Only return incidents created before the

specified date

Output
This method outputs IncidentList as shown in the following example.
<?xml version="1.0" encoding="utf-8" ?>
<SecurityIncidentList>
<SecurityIncidentSummary>
<IncidentNumber>979068</IncidentNumber>
<TimeCreated>2014-10-08T01:03:36.583</TimeCreated>
<Correlation>No</Correlation>
<Severity>Warning</Severity>
<CustomerSeverity>Warning</CustomerSeverity>
<Category>Daily Summary</Category>
<Classification>Activity Summary - Malware Download Requests</Classification>
<SourceIPString>0.0.0.0</SourceIPString>
<SourceOrganizationName>External</SourceOrganizationName>
<DestOrganizationName>External</DestOrganizationName>
<CountryCode>UN</CountryCode>
<CountryName>Unknown</CountryName>
<IsInternalExternal />
<HostNameList />
<UserList />
<CountryOfOrigin />
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<FirstSeenGlobally>0001-01-01T00:00:00</FirstSeenGlobally>
<DaysSeenGlobally>0</DaysSeenGlobally>
<PrevalenceGlobally />
<GlobalLookbackDays>0</GlobalLookbackDays>
<LatestKeyEvent>0001-01-01T00:00:00</LatestKeyEvent>
<UpdateTimestampGMT>2014-12-31T06:10:01.22</UpdateTimestampGMT>
</SecurityIncidentSummary>
<SecurityIncidentSummary>
Services and methods 41

<IncidentNumber>978286</IncidentNumber>
<TimeCreated>2014-09-11T18:57:36.707</TimeCreated>
<Correlation>Yes</Correlation>
<Severity>Warning</Severity>
<CustomerSeverity>Warning</CustomerSeverity>
<Category>Malicious Code</Category>
<Classification>McAfee Endpoint Reported Infection</Classification>
<SourceIPString>2.2.2.2</SourceIPString>
<SourceOrganizationName>External</SourceOrganizationName>
<DestOrganizationName>External</DestOrganizationName>
<CountryCode>CN</CountryCode>
<CountryName>China</CountryName>
<IsInternalExternal>External</IsInternalExternal>
<HostNameList />
<UserList />
<CountryOfOrigin>China</CountryOfOrigin>
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<FirstSeenGlobally>0001-01-01T00:00:00</FirstSeenGlobally>
<DaysSeenGlobally>0</DaysSeenGlobally>
<PrevalenceGlobally />
<GlobalLookbackDays>0</GlobalLookbackDays>
<LatestKeyEvent>2014-09-02T12:04:06.33</LatestKeyEvent>
<UpdateTimestampGMT>2014-12-10T14:51:03.587</UpdateTimestampGMT>
</SecurityIncidentSummary>
</SecurityIncidentList>

Note:
Under SecurityIncidentSummary:
 Correlation: The incident was generated by events that match specific attributes, either
file characteristics or MD5/SHA256 hash signature. Values: Yes/No.
 FirstSeenGlobally: The first time an external IP address was seen in last
<GlobalLookbackDays> days across the customer base.
 DaysSeenGlobally: Number of days an external IP address was seen in last
<GlobalLookbackDays> days across the customer base.
 PrevalenceGlobally: Ratio of existence of an external IP across customer base with total
available active customers. Values: L/M/H where L = Low, M = Medium, and H = High.
 GlobalLookbackDays: The configured number of days for which global context values
are computed.
 LatestKeyEvent: The timestamp of when the latest key event occurred.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/incidents.asmx HTTP/1.1
Host: hostname
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

<SourceIP>string</SourceIP>
<Category>string</Category>
<ExcludeCategory>string</ExcludeCategory>
<StartTimeStampGMT>string</StartTimeStampGMT>
<EndTimeStampGMT>string</EndTimeStampGMT>
</IncidentGetRecentList>
</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

IncidentGetSeverities
This method returns a list of incident severities. This method is part of incidents.asmx.

Parameters
None.

Output
This method outputs IncidentSeverities as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<IncidentSeverities>
<Severity>
<SeverityName>Emergency</SeverityName>
</Severity>
<Severity>
<SeverityName>Critical</SeverityName>
</Severity>
<Severity>
<SeverityName>Warning</SeverityName>
</Severity>
<Severity>
<SeverityName>Informational</SeverityName>
</Severity>
</IncidentSeverities>
Services and methods 43

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/incidents.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/IncidentGetSeverities"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentGetSeverities xmlns="https://www.monitoredsecurity.com/" />
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentGetSeveritiesResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentGetSeveritiesResult>xml</IncidentGetSeveritiesResult>
</IncidentGetSeveritiesResponse>
</soap:Body>
</soap:Envelope>

IncidentGetStatusList
This method returns a list of incident workflow statuses. This method is part of
incidents.asmx.

Parameters
None.

Output
This method outputs IncidentGetStatusList as shown in the following example.
<ArrayOfIncidentStatus xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="">
<IncidentStatus>
<StatusName>New</StatusName>
</IncidentStatus>
<IncidentStatus>
<StatusName>In Progress</StatusName>
</IncidentStatus>
<IncidentStatus>
<StatusName>Closed</StatusName>
</IncidentStatus>
</ArrayOfIncidentStatus>
44 Services and methods

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentGetStatusListResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentGetStatusListResult>xml</IncidentGetStatusListResult>
</IncidentGetStatusListResponse>
</soap12:Body>
</soap12:Envelope>

IncidentGetStatusResolutionList
This method returns a list of incident workflow status resolutions. This method is part of
incidents.asmx.

Parameters
None.

Output
This method outputs IncidentStatusResolutionList as shown in the following
example.
<ArrayOfIncidentStatusResolution xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="">
<IncidentStatusResolution>
<ResolutionName>False Positive</ResolutionName>
</IncidentStatusResolution>
<IncidentStatusResolution>
<ResolutionName>Resolved</ResolutionName>
</IncidentStatusResolution>
<IncidentStatusResolution>
<ResolutionName>Deferred</ResolutionName>
</IncidentStatusResolution>
<IncidentStatusResolution>
<ResolutionName>No Action</ResolutionName>
</IncidentStatusResolution>
</ArrayOfIncidentStatusResolution>
Services and methods 45

SOAP
The following is a sample SOAP request and response for this method.

Response:
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentGetStatusResolutionListResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentGetStatusResolutionListResult>xml</IncidentGetStatusResolutionListResult>
</IncidentGetStatusResolutionListResponse>
</soap12:Body>
</soap12:Envelope>

IncidentGetAssignOrganizationPersonList
This method returns a list of organizations and the persons within each organization. This
method is part of incidents.asmx.

Parameters
None.

Output
This method outputs IncidentStatusResolutionList as shown in the following
example.
<ArrayOfIncidentAssignOrganization xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="">
<IncidentAssignOrganization>
<OrganizationName>Org1</OrganizationName>
<Persons>
<Person>User1</Person>
<Person>User2</Person>
</Persons>
</IncidentAssignOrganization>
<IncidentAssignOrganization>
<OrganizationName>Org2</OrganizationName>
<Persons>
<Person>userorg1</Person>
</Persons>
</IncidentAssignOrganization>
</ArrayOfIncidentAssignOrganization>
46 Services and methods

Note:
1. Output contains organization and its sub-organization list.
2. Where IncidentAssignOrganization contains organization name (OrganizationName)
and list of users (Persons) within that organization.

SOAP
The following is a sample SOAP request and response for this method.

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentGetAssignOrganizationPersonListResponse
xmlns="https://www.monitoredsecurity.com/">

IncidentQuery
This method returns incident details for a given incident number. This method is part of
incidents.asmx.

Parameters
Parameter Type Description
IncidentNumber Int The incident number in the SOC
Note: This parameter is required.

MaxSignatures Int If this parameter is populated, the method only returns up to this
number of Signatures for the Incident
Services and methods 47

Output
This method outputs Incident as shown in the following example.
<?xml version="1.0" encoding="utf-8"?>
<SecurityIncident xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<IncidentNumber>979546</IncidentNumber>
<TimeCreated>2014-10-22T18:27:00.96</TimeCreated>
<Correlation>No</Correlation>
<Severity>Emergency</Severity>
<Classification>Activity Summary - Malware Download Requests</Classification>
<Description>This incident is a daily summary notification...[example truncated for
length]</Description>
<AnalystAssessment>The hosts identified as the source IP addresses...[example
truncated for length]</AnalystAssessment>
<CountryCode>EN</CountryCode>
<CountryName>---</CountryName>
<NumberOfAnalyzedSignatures>2</NumberOfAnalyzedSignatures>
<SourceOrganizationList />
<DestinationOrganizationList />
<RelatedTickets />
<SignatureList>
<Signature>
<SignatureNumber>2151786089</SignatureNumber>
<SignatureName>Malware Download Detected</SignatureName>
<VendorSignature>[MSS URL Detection] Norton Safe Web - Viruses</VendorSignature>
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<IsKey>false</IsKey>
<FirstSeenGlobally>2014-08-22T19:33:37.31</FirstSeenGlobally>
<DaysSeenGlobally>1</DaysSeenGlobally>
<PrevalenceGlobally>L</PrevalenceGlobally>
<GlobalLookbackDays>90</GlobalLookbackDays>
<TimeCreated>2014-10-22T18:25:58.523</TimeCreated>
<Classification />
<Category>Malware Activity</Category>
<SourceIPString>2000::803:237</SourceIPString>
<SourceIPAddressBinary>IAAAAAAAAAAAAAAACAMCNw==</SourceIPAddressBinary>
<HostName />
<NumberBlocked>0</NumberBlocked>
<NumberNotBlocked>0</NumberNotBlocked>
<CountryCode>QZ</CountryCode>
<CountryName>Lookup failure</CountryName>
<SourceOrganizationList />
<CorrelatedEvent>No</CorrelatedEvent>
<Outcome />
<CorrelatedEventList />
<SourceIPAddressBinarySQL>0x2000000000000000008030237</SourceIPAddressBinarySQL>
<NetworkRanges>
<NetworkRange>
<NetworkRangeName>PFST1</NetworkRangeName>
<NetworkRangeIPs>2000:: - 203f:ffff:ffff:ffff:ffff:ffff</NetworkRangeIPs>
</NetworkRange>
</NetworkRanges>
<FileDetails />
<ReportingDeviceList />
<AffectedAssetList />
<DestinationOrganizationList />
<SourceHostDetailList />
</Signature>
<Signature>
<SignatureNumber>2151786091</SignatureNumber>
<SignatureName>Malware Download Detected</SignatureName>
<VendorSignature>[MSS URL Detection] Norton Safe Web - Viruses</VendorSignature>
48 Services and methods

<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<IsKey>false</IsKey>
<FirstSeenGlobally>2014-08-22T19:33:37.31</FirstSeenGlobally>
<DaysSeenGlobally>1</DaysSeenGlobally>
<PrevalenceGlobally>L</PrevalenceGlobally>
<GlobalLookbackDays>90</GlobalLookbackDays>
<TimeCreated>2014-10-22T19:35:18.24</TimeCreated>
<Classification />
<Category>Malware Activity</Category>
<SourceIPString>15.0.10.10</SourceIPString>
<SourceIPAddressBinary>AAAAAAAAAAAAAAAADwAKCg==</SourceIPAddressBinary>
<HostName />
<NumberBlocked>0</NumberBlocked>
<NumberNotBlocked>0</NumberNotBlocked>
<CountryCode>US</CountryCode>
<CountryName>United States</CountryName>
<SourceOrganizationList />
<CorrelatedEvent>No</CorrelatedEvent>
<Outcome />
<CorrelatedEventList />
<SourceIPAddressBinarySQL>0x000000000000000000f000a0a</SourceIPAddressBinarySQL>
<NetworkRanges>
<NetworkRange>
<NetworkRangeName>lskjflskdf slkjd flkds fslkjdf</NetworkRangeName>
<NetworkRangeIPs>10.20.20.9 - 20.20.25.50</NetworkRangeIPs>
</NetworkRange>
<NetworkRange>
<NetworkRangeName>sample</NetworkRangeName>
<NetworkRangeIPs>10.20.20.50 - 20.20.25.50</NetworkRangeIPs>
</NetworkRange>
<NetworkRange>
<NetworkRangeName>Sample</NetworkRangeName>
<NetworkRangeIPs>10.20.60.9 - 20.20.25.50</NetworkRangeIPs>
</NetworkRange>
</NetworkRanges>
<FileDetails />
<ReportingDeviceList />
<AffectedAssetList />
<DestinationOrganizationList />
<SourceHostDetailList />
</Signature>
</SignatureList>
</SecurityIncident>

Note:
Under Signature:
 CorrelatedEvent: States whether the event matches specific attributes, either file
characteristics or MD5/SHA256 hash signature.
 Outcome: The result of network security action/inaction relating to this event. Values:
Blocked, Not Blocked, Protected, or Infected.
 FirstSeenGlobally: The first time an external IP address was seen in last
<GlobalLookbackDays> days across the customer base.
 DaysSeenGlobally: Number of days an external IP address was seen in last
<GlobalLookbackDays> days across the customer base.
 PrevalenceGlobally: Ratio of existence of an external IP across customer base with total
available active customers. Values: L/M/H where L = Low, M = Medium, and H = High.
 GlobalLookbackDays: The configured number of days for which global context values
are computed.
 NetworkRange: States the Netblock name and range to which the source IP address
belongs.
Services and methods 49

 VendorSignature: Indicates the vendor signature name, which is shown as Event Name
on the Portal.

Under Event:
 EventName: The event’s name in base64 format. The value must be decoded from
base64 to string prior to consuming.
 Outcome: The result of network security action/inaction relating to this event. Values:
Blocked, Not Blocked, Protected, or Infected.

Under File:
 TrustedOrUnknown: Indicates the trust level that Symantec assigns to a file, based on a
stringent evaluation methodology. Also called Reputation. Values: Symantec Trusted,
Good, Trending Good, Unproven, Poor, or Untrusted.
 Prevalence: Indicates how frequently Symantec's global community of users
downloaded this file. Treat files with low prevalence with caution.
 FirstSeenTimeStamp: Indicates when Symantec's global community of users first
downloaded this file. Treat new files with caution.

Also note that file information changes depending on whether the originating event is
correlated. For non-correlated events, the nodes containing information are:
SecurityIncident -> SignatureList -> Signature -> FileDetails

For correlated events, the nodes containing information are: SecurityIncident ->
SignatureList -> Signature -> CorrelatedEventList -> FileDetails

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/incidents.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.monitoredsecurity.com/IncidentQuery"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentQuery xmlns="https://www.monitoredsecurity.com/">
<IncidentNumber>int</IncidentNumber>
<MaxSignatures>string</MaxSignatures>
</IncidentQuery>
</soap:Body>
</soap:Envelope>

</IncidentQueryResponse>
</soap:Body>
</soap:Envelope>

IncidentWorkflowQuery
This method returns incident details with workflow information for a given incident
number. This method is part of incidents.asmx.

Parameters
Parameter Type Description
IncidentNumber Int The incident number in the SOC
Note: This parameter is required.

MaxSignatures Int If this parameter is populated, the method only returns up to this
number of Signatures for the Incident

Output
This method outputs Incident as shown in the following example.
<?xml version="1.0" encoding="utf-8" ?>
<SecurityIncident xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="">
<IncidentNumber>979546</IncidentNumber>
<TimeCreated>2014-10-22T18:27:00.96</TimeCreated>
<Correlation>No</Correlation>
<Severity>Warning</Severity>
<Classification>Activity Summary - Malware Download Requests</Classification>
<Description>This incident is a daily summary notification...[example truncated for
length]</Description>
<AnalystAssessment>The hosts identified as the source IP addresses...[example
truncated for length]</AnalystAssessment>
<CountryCode>EN</CountryCode>
<CountryName>---</CountryName>
<NumberOfAnalyzedSignatures>2</NumberOfAnalyzedSignatures>
<SourceOrganizationList />
<DestinationOrganizationList />
<RelatedTickets />
<SignatureList>
<Signature>
<SignatureNumber>2151786089</SignatureNumber>
<SignatureName>Malware Download Detected</SignatureName>
<VendorSignature>[MSS URL Detection] Norton Safe Web - Viruses</VendorSignature>
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<IsKey>false</IsKey>
<FirstSeenGlobally>2014-08-22T19:33:37.31</FirstSeenGlobally>
<DaysSeenGlobally>1</DaysSeenGlobally>
<PrevalenceGlobally>L</PrevalenceGlobally>
<GlobalLookbackDays>90</GlobalLookbackDays>
<TimeCreated>2014-10-22T18:25:58.523</TimeCreated>
<Classification />
<Category>Malware Activity</Category>
<SourceIPString>2000::803:237</SourceIPString>
<SourceIPAddressBinary>IAAAAAAAAAAAAAAACAMCNw==</SourceIPAddressBinary>
<HostName />
<NumberBlocked>0</NumberBlocked>
<NumberNotBlocked>0</NumberNotBlocked>
<CountryCode>QZ</CountryCode>
<CountryName>Lookup failure</CountryName>
Services and methods 51

<SourceOrganizationList />
<CorrelatedEvent>No</CorrelatedEvent>
<Outcome />
<CorrelatedEventList />
<SourceIPAddressBinarySQL>0x2000000000008030237</SourceIPAddressBinarySQL>
<NetworkRanges>
<NetworkRange>
<NetworkRangeName>PFST1</NetworkRangeName>
<NetworkRangeIPs>2000:: - 203f:ffff:ffff:ffff:ffff:ffff</NetworkRangeIPs>
</NetworkRange>
</NetworkRanges>
<FileDetails />
<ReportingDeviceList />
<AffectedAssetList />
<DestinationOrganizationList />
<SourceHostDetailList />
</Signature>
<Signature>
<SignatureNumber>2151786091</SignatureNumber>
<SignatureName>Malware Download Detected</SignatureName>
<VendorSignature>[MSS URL Detection] Norton Safe Web - Viruses</VendorSignature>
<FirstSeenInLast30Days>0001-01-01T00:00:00</FirstSeenInLast30Days>
<DaysSeenInLast30Days>0</DaysSeenInLast30Days>
<IsKey>false</IsKey>
<FirstSeenGlobally>2014-08-22T19:33:37.31</FirstSeenGlobally>
<DaysSeenGlobally>1</DaysSeenGlobally>
<PrevalenceGlobally>L</PrevalenceGlobally>
<GlobalLookbackDays>90</GlobalLookbackDays>
<TimeCreated>2014-10-22T19:35:18.24</TimeCreated>
<Classification />
<Category>Malware Activity</Category>
<SourceIPString>15.0.10.10</SourceIPString>
<SourceIPAddressBinary>AAAAAAAAAAAAAAAADwAKCg==</SourceIPAddressBinary>
<HostName />
<NumberBlocked>0</NumberBlocked>
<NumberNotBlocked>0</NumberNotBlocked>
<CountryCode>US</CountryCode>
<CountryName>United States</CountryName>
<SourceOrganizationList />
<CorrelatedEvent>No</CorrelatedEvent>
<Outcome />
<CorrelatedEventList />
<SourceIPAddressBinarySQL>0x000000000000f000a0a</SourceIPAddressBinarySQL>
<NetworkRanges>
<NetworkRange>
<NetworkRangeName>sample0</NetworkRangeName>
<NetworkRangeIPs>10.20.20.9 - 20.20.25.50</NetworkRangeIPs>
</NetworkRange>
<NetworkRange>
<NetworkRangeName>sample1</NetworkRangeName>
<NetworkRangeIPs>10.20.20.50 - 20.20.25.50</NetworkRangeIPs>
</NetworkRange>
<NetworkRange>
<NetworkRangeName>sample2</NetworkRangeName>
<NetworkRangeIPs>10.20.60.9 - 20.20.25.50</NetworkRangeIPs>
</NetworkRange>
</NetworkRanges>
<FileDetails />
<ReportingDeviceList />
<AffectedAssetList />
<DestinationOrganizationList />
<SourceHostDetailList />
</Signature>
</SignatureList>
52 Services and methods

<WorkFlowDetail>
<Status>New</Status>
<Resolution>-</Resolution>
<Reference>-</Reference>
<AssignedOrganization>Org1</AssignedOrganization>
<AssignedPerson>-</AssignedPerson>
</WorkFlowDetail>
<IncidentComments>
<IncidentComment>
<CommentedTimeStampGMT>2014-11-12T15:51:42.393</CommentedTimeStampGMT>
<Comment>another comment</Comment>
<CommentedBy>Read-only, Fname Lname</CommentedBy>
</IncidentComment>
<IncidentComment>
<CommentedTimeStampGMT>2014-11-12T15:51:11.287</CommentedTimeStampGMT>
<Comment>some comment</Comment>
<CommentedBy>Read-only, Fname Lname</CommentedBy>
</IncidentComment>
</IncidentComments>
<ActivityLogs>
<Activity>
<FieldName>AssignedPersonName</FieldName>
<OldValue>-</OldValue>
<NewValue>Fname Lname1</NewValue>
<ActivityDateGMT>2014-11-25T22:06:15.5</ActivityDateGMT>
<ActivityBy>user3</ActivityBy>
</Activity>
<Activity>
<FieldName>AssignedOrgName</FieldName>
<OldValue>Org1</OldValue>
<NewValue>-</NewValue>
<ActivityDateGMT>2014-11-25T22:06:09.807</ActivityDateGMT>
<ActivityBy>user3</ActivityBy>
</Activity>
<Activity>
<FieldName>WorkflowComment</FieldName>
<OldValue />
<NewValue>Comment was added</NewValue>
<ActivityDateGMT>2014-11-12T15:51:42.393</ActivityDateGMT>
<ActivityBy>Read-only, Fname Lname</ActivityBy>
</Activity>
<Activity>
<FieldName>WorkflowComment</FieldName>
<OldValue />
<NewValue>Comment was added</NewValue>
<ActivityDateGMT>2014-11-12T15:51:11.31</ActivityDateGMT>
<ActivityBy>Read-only, Fname Lname</ActivityBy>
</Activity>
<Activity>
<FieldName>AssignedOrgName</FieldName>
<OldValue>-</OldValue>
<NewValue>Org1</NewValue>
<ActivityDateGMT>2014-11-12T15:26:34.983</ActivityDateGMT>
<ActivityBy>user3</ActivityBy>
</Activity>
<Activity>
<FieldName>AssignedPersonName</FieldName>
<OldValue>Fname Lname</OldValue>
<NewValue>-</NewValue>
<ActivityDateGMT>2014-11-12T15:26:34.967</ActivityDateGMT>
<ActivityBy>user3</ActivityBy>
</Activity>
<Activity>
<FieldName>AssignedPersonName</FieldName>
Services and methods 53

<OldValue>-</OldValue>
<NewValue>Fname Lname</NewValue>
<ActivityDateGMT>2014-11-12T15:25:40.91</ActivityDateGMT>
<ActivityBy>user3</ActivityBy>
</Activity>
<Activity>
<FieldName>AssignedOrgName</FieldName>
<OldValue>Org1</OldValue>
<NewValue>-</NewValue>
<ActivityDateGMT>2014-11-12T15:25:38.25</ActivityDateGMT>
<ActivityBy>user3</ActivityBy>
</Activity>
<Activity>
<FieldName>CustomerSeverity</FieldName>
<OldValue>-</OldValue>
<NewValue>Warning</NewValue>
<ActivityDateGMT>2014-10-23T02:09:58.38</ActivityDateGMT>
<ActivityBy>ASQL AutoHandler</ActivityBy>
</Activity>
<Activity>
<FieldName>WorkflowStatus</FieldName>
<OldValue>-</OldValue>
<NewValue>New</NewValue>
<ActivityDateGMT>2014-10-23T02:09:58.173</ActivityDateGMT>
<ActivityBy>ASQL AutoHandler</ActivityBy>
</Activity>
</ActivityLogs>
<IncidentAttachmentItems />
<IsGroupIncidentAvailable>false</IsGroupIncidentAvailable>
<RelatedIncidents />
</SecurityIncident>

Under File:
54 Services and methods

 TrustedOrUnknown: Indicates the trust level that Symantec assigns to a file, based on a
stringent evaluation methodology. Also called Reputation. Values: Symantec Trusted,
Good, Trending Good, Unproven, Poor, or Untrusted.
 Prevalence: Indicates how frequently Symantec's global community of users
downloaded this file. Treat files with low prevalence with caution.
 FirstSeenTimeStamp: Indicates when Symantec's global community of users first
downloaded this file. Treat new files with caution.

For correlated events, the nodes containing information are: SecurityIncident ->
SignatureList -> Signature -> CorrelatedEventList -> FileDetails

Under WorkFlowDetail:
 Status: Incident status
 Resolution: Incident resolution
 Reference: Number or text that the customer enters for internal tracking
 AssignedOrganization: Name of organization to which the incident is assigned
 AssignedPerson: Name of the person to whom the incident is assigned

Under IncidentComment:
 CommentedTimeStampGMT: Comment time stamp in GMT
 Comment: Comment text
 CommentedBy: User who commented

Under Activity:
 FieldName: Workflow modified field
 OldValue: Value before modification
 NewValue: Updated value
 ActivityDateGMT: Activity date in GMT
 ActivityBy: Name of person who modified the field

Under IncidentAttachmentItem:
 AttachmentNumber: Attachment number
 AttachmentName: Attachment file name
 UploadDateGMT: Attachment upload date in GMT
 UploadBy: Name of person who uploaded the attachment
 Comment: Attachment upload comment

IsGroupIncidentAvailable: Are any related Incidents available for this incident; result is
true/false
RelatedIncidents: Contains related IncidentNumber; empty if no related incident is found

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /sws/incidents.asmx HTTP/1.1
Host: hostname
Content-Type: text/xml; charset=utf-8
Content-Length: length
Services and methods 55

SOAPAction: "https://www.monitoredsecurity.com/IncidentQuery"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentQuery xmlns="https://www.monitoredsecurity.com/">
<IncidentNumber>int</IncidentNumber>
<MaxSignatures>string</MaxSignatures>
</IncidentQuery>
</soap:Body>
</soap:Envelope>

UpdateIncidentWorkflow
This method is used to update the incident workflow. This method is part of
incidents.asmx.

Note:
1. Incident can be assigned to any organization or a person in any organization, but not to
both an organization and a person. Therefore, when updating the incident, either
AssignedToOrganization or AssignedToPerson should be null, otherwise SWS will
throw an exception.
2. If IsGroupUpdate set to true, then SWS will update the workflow changes to all related
incidents, otherwise it will update only one incident. Set IsGroupUpdate to true only if
the incident has any related incidents, otherwise it will throw a DataNotFound
exception.

Parameters
Parameter Type Description
IncidentNumber Int The incident number in the SOC
Note: This parameter is required.

Status String To change the Incident status. [Get the incident

status list from IncidentGetStatusList API]
Note: This parameter is required.

Resolution String To change the Incident status Resolution. [Get the

incident status resolution list from
IncidentGetStatusResolutionList API ]
Note: This parameter is required.

Reference String Update Reference comments

56 Services and methods

Parameter Type Description

Severity String To change the Incident Severity [Get the incident
status list from IncidentGetSeverities API]
Note: This parameter is required.

AssignedToOrganization String To change Incident assignment to organization

[Get the Organization list from
IncidentGetAssignOrganizationPersonList API ->
IncidentAssignOrganization-> OrganizationName]
Note: Either AssignedToOrganization or
AssignedToPerson is required.
AssignedToPerson String To change Incident assignment to Person (user)
[Get the person list from
IncidentGetAssignOrganizationPersonList API ->
IncidentAssignOrganization-> OrganizationName-
> Persons-> Person]
Note: Either AssignedToOrganization or
AssignedToPerson is required.
Comments String Incident Update Comment
isGroupUpdate Boolean To update this workflow changes to incident and
related incident. [It will be applicable only if any
related incident is available]. To know if any
related incident is associated to this Incident, refer
to the IncidentQuery API -> SecurityIncident ->
IsGroupIncidentAvailable

Output
This method outputs True if the workflow status successfully updates, otherwise it outputs
False.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /SWS/Incidents.asmx HTTP/1.1
Host: localhost
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<UpdateIncidentWorkflow xmlns="https://www.monitoredsecurity.com/">
<IncidentNumber>int</IncidentNumber>
<Status>string</Status>
<Resolution>string</Resolution>
<Reference>string</Reference>
<Severity>string</Severity>
<AssignedToOrganization>string</AssignedToOrganization>
<AssignedToPerson>string</AssignedToPerson>
<Comments>string</Comments>
<isGroupUpdate>boolean</isGroupUpdate>
</UpdateIncidentWorkflow>
Services and methods 57

</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<UpdateIncidentWorkflowResponse xmlns="https://www.monitoredsecurity.com/">
<UpdateIncidentWorkflowResult>boolean</UpdateIncidentWorkflowResult>
</UpdateIncidentWorkflowResponse>
</soap12:Body>
</soap12:Envelope>

IncidentAddAttachment
This method is used to add an attachment to an incident workflow. This method is part of
incidents.asmx.
This method creates a ticket given the provided parameters RequestCreateDoc,
Attachments, AttachmentComments. This method is part of tickets.asmx.

Note:
1. Supported attachment types are: .doc, .docx, .pdf, .txt, .ppt, .pptx, .xls, .xlsx, .csv, .jpg,
.png, .jpeg, .bmp. This list is subject to change at our discretion to better serve our
customers.
2. Attachment size must be less than or equal to 15 MB.

Parameters
Parameter Type Description
IncidentNumber Int The incident number in the SOC
Note: This parameter is required.

AttachmentData Attachment Attachments having Attachment Name and its

content
Note: This parameter is required.

AttachmentComment String Attachment comment

Output
This method outputs the Attachment Number if attachment uploads successfully;
otherwise, zero (0) or an exception will be thrown.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /SWS/Incidents.asmx HTTP/1.1
Host: localhost
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
58 Services and methods

<?xml version="1.0" encoding="utf-8"?>

<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentAddAttachment xmlns="https://www.monitoredsecurity.com/">
<IncidentNumber>int</IncidentNumber>
<AttachmentData>
<Name>string</Name>
<content>base64Binary</content>
</AttachmentData>
<AttachmentComment>string</AttachmentComment>
</IncidentAddAttachment>
</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentAddAttachmentResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentAddAttachmentResult>int</IncidentAddAttachmentResult>
</IncidentAddAttachmentResponse>
</soap12:Body>
</soap12:Envelope>

IncidentAddAttachmentExt
This method is used to add an attachment to an incident workflow. This method is part of
incidents.asmx.
This method returns information about attachment upload failure with the proper error
message.

Parameters
Parameter Type Description
IncidentNumber Int The incident number in the SOC
Note: This parameter is required.

AttachmentData Attachment Attachments having Attachment Name and its

content
Note: This parameter is required.

AttachmentComment String Attachment comment

Services and methods 59

Output
This method outputs Incident if attachment uploads successfully; otherwise, a failure
message will be thrown. Both conditions are shown in the following examples.

Success:
<Incident xmlns="">
<IncidentNumber>12345</IncidentNumber>
<FilesAttached>
<File>
<Name>TestDocument.txt</Name>
<AttachmentID>13216</AttachmentID>
</File>
</FilesAttached>
<FilesRejected />
</Incident>

Note:
 Name: Attachment File Name.
 AttachmentID: Attachment ID used to retrieve attachment content using
IncidentGetAttachment.

Failure:
<faultcode>mssfaultcode:AttachmentUploadFailure</faultcode>
<faultstring>Attachment failure</faultstring>
<detail>
<RequestId>2r14l3mdbrftiuyuc2sz2f3d</RequestId>
<Incident>
<IncidentNumber>12345</IncidentNumber>
<FilesAttached />
<FilesRejected>
<File>
<Name>MSS User Guide.rar</Name>
<ErrorMessage>Invalid File Extension</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Incident>
<retry>false</retry>
<retryinterval>-1</retryinterval>
</detail>

Note:
 FilesAttached contains the list of attachments that uploaded successfully. As this is
returning a failure condition, the FilesAttached node will always be empty.
 FilesRejected contains the list of attachments that failed to upload. See the
AttachmentUploadFailure section on page 68 for more information.

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /SWS/Incidents.asmx HTTP/1.1
Host: localhost
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
60 Services and methods

<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentAddAttachmentExt xmlns="https://www.monitoredsecurity.com/">
<IncidentNumber>int</IncidentNumber>
<AttachmentData>
<Name>string</Name>
<content>base64Binary</content>
</AttachmentData>
<AttachmentComment>string</AttachmentComment>
</IncidentAddAttachmentExt>
</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentAddAttachmentExtResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentAddAttachmentExtResult>xml</IncidentAddAttachmentExtResult>
</IncidentAddAttachmentExtResponse>
</soap12:Body>
</soap12:Envelope>

IncidentGetAttachment
This method is used to get Incident Attachment contents. This method is part of
incidents.asmx.

Note: If IncidentNumber or AttachmentNumber are not available, then the

DataNotFound error is returned.

Parameters
Parameter Type Description
IncidentNumber Int The incident number in the SOC
Note: This parameter is required.

AttachmentNumber Int Attachment Number to download. To get the Attachment

number for the incident, please refer to the
IncidentWorkflowQuery API SecurityIncident->
IncidentAttachmentItems -> IncidentAttachmentItem ->
AttachmentNumber
Note: This parameter is required.
Services and methods 61

SOAP
The following is a sample SOAP request and response for this method.

Request:
POST /SWS/Incidents.asmx HTTP/1.1
Host: localhost
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentGetAttachment xmlns="https://www.monitoredsecurity.com/">
<IncidentNumber>int</IncidentNumber>
<AttachmentNumber>int</AttachmentNumber>
</IncidentGetAttachment>
</soap12:Body>
</soap12:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: application/soap+xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Body>
<IncidentGetAttachmentResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentGetAttachmentResult>
<Name>string</Name>
<content>base64Binary</content>
</IncidentGetAttachmentResult>
</IncidentGetAttachmentResponse>
</soap12:Body>
</soap12:Envelope>

IncidentCreateTicket
This method creates a ticket for an Incident given the provided parameters
RequestCreateDoc, Attachments, AttachmentComments. This method is part of
incidents.asmx.

Note:
1. The request supports a maximum of 5 attachments.
2. Supported attachment types are: .doc, .docx, .pdf, .txt, .ppt, .pptx, .xls, .xlsx, .csv, .jpg,
.png, .jpeg, .bmp. This list is subject to change at our discretion to better serve our
customers.
3. The SOAP message size must be less than or equal to 100 MB.
4. Adding Attachments is optional.

Parameters
Parameter Type Description
RequestCreateDoc XML This is a subset of Incident XML representing the
fields necessary for creating a request
Note: This parameter is required.
62 Services and methods

Parameter Type Description

Attachments Attachment Attachments having Attachment Name and its
Array content
Note: This parameter is required.

AttachmentComments String Attachment comment

Input
This method is used as shown in the following example.

RequestCreateDoc:
<?xml version="1.0" encoding="utf-8"?>
<IncidentRequestCreate>
<IncidentNumber>23292088</IncidentNumber>
<ClientReference>1122334455</ClientReference>
<UrgencyName>Low</UrgencyName>
<Description>Testing</Description>
<RequestedByOrgName>Company</RequestedByOrgName>
<ActivityLog>Creating new request for Incident.</ActivityLog>
</IncidentRequestCreate>

Note:
IncidentNumber: (Required) The valid incident number in the SOC; type is integer
ClientReference: Client Reference comments; type is string
UrgencyName: (Required) Valid ticket urgencies; type is string
Description: (Required) Description message; type is string
RequestedByOrgName: (Required) Valid requester organizations; type is string
ActivityLog: Activity message; type is string

Output
This method outputs Ticket as shown in the following examples.

FilesRejected:
1. FilesRejected contains failed attachment(s) names. A fresh child node is created for each
rejected file.
2. The reason for rejection could be due to various reasons like internal error, files
extension not supported format, or virus.
3. If all attachments are rejected, then create ticket fails.

SOAP
The following is a sample SOAP request and response for this method.

Request:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentCreateTicket xmlns="https://www.monitoredsecurity.com/">
<RequestCreateDoc>xml</RequestCreateDoc>
<Attachments>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
<Attachment>
<Name>string</Name>
<content>base64Binary</content>
</Attachment>
</Attachments>
<AttachmentComments>string</AttachmentComments>
</IncidentCreateTicket>
</soap:Body>
</soap:Envelope>

Response:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<IncidentCreateTicketResponse xmlns="https://www.monitoredsecurity.com/">
<IncidentCreateTicketResult>xml</IncidentCreateTicketResult>
</IncidentCreateTicketResponse>
</soap:Body>
</soap:Envelope>
3
64

Chapter

Error codes
This chapter contains the following sections:
 Data availability and the Retry parameter
 Sample error code output

Data availability and the Retry parameter

IMPORTANT: There is a particular scenario where data may exist in the system but is not yet
available for query. To help provide more detail around this scenario, we provide the error
code DataNotYetAvailable. It is important to note that an application should not take
any particular action based on error codes. Instead, applications should respond to errors
using the information provided by the Retry elements in the Error message.
To better support recovery for API automation, we are introducing the following elements
to the Error output:
 <retry />
 <retryinterval />

Retry
This flag will be either true or false. If it is set to false, it will mean that subsequent calls
made to the same web method will result in the same error. If this flag is set to true, it will
mean that the web method has failed temporarily, and that the client should call the web
method again, after a certain interval, with the same parameters.
The following are the valid values:
 true
 false

RetryInterval
This field indicates the number of seconds after which a client may call a web method again
following a failed attempt. If the call failed and the Retry attribute was set to false, the
client should not make additional calls without changing its parameters. The RetryInterval
will be set to -1 when the Retry attribute is set to false.
Error codes 65

Sample error code output

The SWS has the following error codes:
 InternalError
 InvalidParameter
 TooManyRequests
 User.Unauthorized
 DataNotFound
 DataNotYetAvailable
 AttachmentUploadFailure

Note: It is important that you save the FaultString and RequestId elements from
the errors you receive and notify Customer Support with this information as it helps them
diagnose the issue.

InternalError
An internal error returns a fault code of InternalError with the following string:
There has been an internal error, please contact customer support.

Example
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:InternalError </faultcode>
<faultstring>There has been an internal error, please contact customer support.
</faultstring>
<detail>
<RequestId>21123778-748d-5625-8a4a-f5add56b0866</RequestId>
<retry>true</retry>
<retryinterval>10</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

InvalidParameter
An invalid parameter error returns a fault code of InvalidParameter with one of the
following strings:
The value ‘<value>’ is not a valid <parameter>.
TicketUpdate is null.

<faultcode>mssfaultcode:InvalidParameter </faultcode>
<faultstring>The value 'notCategory' is not a valid TicketCategory.</faultstring>
<detail>
<RequestId>21123778-748d-5625-8a4a-f5add56b0866</RequestId>
<retry>false</retry>
<retryinterval>-1</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

TooManyRequests
A lockout error returns a fault code of TooManyRequests with the following string:
The web service has received too many requests to this method within <x> seconds.

Example
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:TooManyRequests</faultcode>
<faultstring>The web service has received too many requests to this method within
30 seconds.</faultstring>
<detail>
<RequestId>21123778-748d-5625-8a4a-f5add56b0866</RequestId>
<retry>true</retry>
<retryinterval>10</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

User.Unauthorized
An unauthorized user error returns a fault code of User.Unauthorized with the
following string:
The user is unauthorized.

Example
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:User.Unauthorized</faultcode>
<faultstring>The user is unauthorized.</faultstring>
<detail>
<RequestId>21123778-748d-5625-8a4a-f5add56b0866</RequestId>
<retry>false</retry>
<retryinterval>-1</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Error codes 67

DataNotFound
A data not found error returns a fault code of DataNotFound with the following string:
Cannot find <an incident>|<a request>|etc… for the <incident number>|<ticketed>|etc…
<value>.

Example
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:DataNotFound</faultcode>
<faultstring>Cannot find an incident for the incident number
'55645645'.</faultstring>
<detail>
<RequestId>21123778-748d-5625-8a4a-f5add56b0866</RequestId>
<retry>false</retry>
<retryinterval>-1</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

DataNotYetAvailable
When data exists but is still being prepared for retrieval, the API will return a fault code of
DataNotYetAvailable with the following string:
Found <incident>|<request>|etc… <value>. However not all of the properties for this
<incident>|<ticket>|etc… are available for retrieval at this time.

Example
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mss="https://webservices.monitoredsecurity.com/FaultCode">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>mssfaultcode:DataNotYetAvailable</faultcode>
<faultstring> Found <incident>|<request>|etc… <value>. However not all of the
properties for this <incident>|<ticket>|etc… are available for retrieval at this time
</faultstring>
<detail>
<RequestId>21123778-748d-5625-8a4a-f5add56b0866</RequestId>
<retry>true</retry>
<retryinterval>10</retryinterval>
</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
68 Error codes

AttachmentUploadFailure
An Attachment Upload Failure error returns a fault code of AttachmentUploadFailure
due to one of several errors during attachment upload.

The error message syntax and Retry/RetryInterval appear in this location. The message
contents will differ depending on the cause of the failure.

</detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

If a file is found to be infected, the error message syntax would appear as follows:
<Incident>
<IncidentNumber>12345</IncidentNumber>
<FilesAttached />
<FilesRejected>
<File>
<Name>User Guide.pdf</Name>
<ErrorMessage>Virus found in the Attachment</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Incident>
<retry>false</retry>
<retryinterval>-1</retryinterval>

If the attachment file size exceeds the limit, the error message syntax would appear as
follows:
<Incident>
<IncidentNumber>12345</IncidentNumber>
<FilesAttached />
<FilesRejected>
<File>
<Name>Guide.txt</Name>
<ErrorMessage>Attachment exceeds Maximum size of [x] MB </ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Incident>
<retry>false</retry>
<retryinterval>-1</retryinterval>
Error codes 69

If uploaded files would exceed the maximum number of attachments (currently, the
maximum number allowed is 20 files, but that is subject to change), the error message
syntax would appear as follows:
<Ticket>
<TicketID>-1</TicketID>
<FilesAttached />
<FilesRejected>
<File>
<Name>Test1.txt</Name>
<ErrorMessage>The maximum number of attachments, [x], have already been
uploaded for this Ticket/Incident.</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
<File>
<Name>Test2.txt</Name>
<ErrorMessage>The maximum number of attachments, [x], have already been
uploaded for this Ticket/Incident</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Ticket>
<retry>false</retry>
<retryinterval>-1</retryinterval>

If an internal error occurs during upload, the error message syntax would appear as
follows:
<Ticket>
<TicketID>-1</TicketID>
<FilesAttached />
<FilesRejected>
<File>
<Name>Test1.txt</Name>
<ErrorMessage>Internal error occured during Attachment
upload</ErrorMessage>
<Retry>true</Retry>
<RetryInterval>10</RetryInterval>
</File>
<File>
<Name>Test2.txt</Name>
<ErrorMessage>Internal error occured during Attachment
upload</ErrorMessage>
<Retry>true</Retry>
<RetryInterval>10</RetryInterval>
</File>
</FilesRejected>
</Ticket>
<retry>true</retry>
<retryinterval>10</retryinterval>

If a file being attached to a ticket has an unsupported extension (currently, supported types
are .doc, .docx, .pdf, .txt, .ppt, .pptx, .xls, .xlsx, .csv, .jpg, .png, .jpeg, .bmp, but that is subject
to change), the error message syntax would appear as follows:
<Ticket>
<TicketID>SC1234</TicketID>
<FilesAttached>
<File>
<Name>MSS User Guide.txt</Name>
<AttachmentID>281486197797892</AttachmentID>
</File>
<File>
70 Error codes

<Name>TestDocument.txt</Name>
<AttachmentID>281486197797893</AttachmentID>
</File>
</FilesAttached>
<FilesRejected>
<File>
<Name>Test2.exe</Name>
<ErrorMessage>Invalid File Extension</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Ticket>
<retry>false</retry>
<retryinterval>-1</retryinterval>

For an attempted attachment of an unsupported file type to an incident, the error message
syntax would appear as follows:
<Incident>
<IncidentNumber />
<FilesAttached />
<FilesRejected>
<File>
<Name>MSS User Guide.rar</Name>
<ErrorMessage>Invalid File Extension</ErrorMessage>
<Retry>false</Retry>
<RetryInterval>-1</RetryInterval>
</File>
</FilesRejected>
</Incident>

FCUBS V.um Oracle Web Service Manager Integration
No ratings yet
FCUBS V.um Oracle Web Service Manager Integration
23 pages
Free - Friday - Training - API Tips - and - Tricks
No ratings yet
Free - Friday - Training - API Tips - and - Tricks
28 pages
Deep Security WebService SDK
No ratings yet
Deep Security WebService SDK
163 pages
Web Services Developers Guide
No ratings yet
Web Services Developers Guide
84 pages
Web Services Developers Guide PDF
No ratings yet
Web Services Developers Guide PDF
84 pages
Chapter Four Webservice Security
No ratings yet
Chapter Four Webservice Security
15 pages
Accurint Web Services Interface Guide
No ratings yet
Accurint Web Services Interface Guide
1,287 pages
Messagebroker Configuration Administration and Security
No ratings yet
Messagebroker Configuration Administration and Security
474 pages
User's Guide Incident
No ratings yet
User's Guide Incident
170 pages
Web Services Developers Guide
No ratings yet
Web Services Developers Guide
350 pages
Accurint QuickReference WSIG
No ratings yet
Accurint QuickReference WSIG
11 pages
ITCAM Userguide
No ratings yet
ITCAM Userguide
232 pages
Symantec™ Protection Engine For Cloud Services 8.1 Software Developer's Guide
No ratings yet
Symantec™ Protection Engine For Cloud Services 8.1 Software Developer's Guide
79 pages
PI Web Services 2010 R3 User Guide
No ratings yet
PI Web Services 2010 R3 User Guide
137 pages
TN iVantageAPI T0000960 RevC 12 11 18
No ratings yet
TN iVantageAPI T0000960 RevC 12 11 18
176 pages
DigiCert SSLTools API Reference v1.0
No ratings yet
DigiCert SSLTools API Reference v1.0
22 pages
EGRCPlatform 5.3 WebAPI
No ratings yet
EGRCPlatform 5.3 WebAPI
309 pages
SuiteTalkWebServicesPlatformGuide (IMPRESA)
0% (1)
SuiteTalkWebServicesPlatformGuide (IMPRESA)
346 pages
PC 811 WebServicesProviderGuide
No ratings yet
PC 811 WebServicesProviderGuide
136 pages
Suite Talk Web Services Platform Guide
No ratings yet
Suite Talk Web Services Platform Guide
341 pages
Logger WebServicesAPI 5.5
No ratings yet
Logger WebServicesAPI 5.5
24 pages
Soa Interoperability and Security 4668
No ratings yet
Soa Interoperability and Security 4668
65 pages
Generate Certificates For The PSM Servers - CyberArk Docs
No ratings yet
Generate Certificates For The PSM Servers - CyberArk Docs
9 pages
Epo 530 PG 0-00 En-Us
No ratings yet
Epo 530 PG 0-00 En-Us
317 pages
Hci10 Web Services en
No ratings yet
Hci10 Web Services en
38 pages
SOAP Toolkits For Web Services: Developer's Guide
No ratings yet
SOAP Toolkits For Web Services: Developer's Guide
50 pages
HP Service Manager Exchange With SAP Solution Manager: Installation and Administration Guide
No ratings yet
HP Service Manager Exchange With SAP Solution Manager: Installation and Administration Guide
150 pages
Web Services en
No ratings yet
Web Services en
38 pages
NW 12.4 Api Guide
No ratings yet
NW 12.4 Api Guide
102 pages
SOAP Toolkits PDF
No ratings yet
SOAP Toolkits PDF
54 pages
Broker v6 Admin Gudie
No ratings yet
Broker v6 Admin Gudie
752 pages
Web Services Guide: Public SAP Cloud Integration For Data Services 1.0.11 2021-04-12
No ratings yet
Web Services Guide: Public SAP Cloud Integration For Data Services 1.0.11 2021-04-12
38 pages
Integration Server Admin Guide
No ratings yet
Integration Server Admin Guide
368 pages
Sunny Web Service Security
No ratings yet
Sunny Web Service Security
4 pages
6-5-1 Webmethods Error Message Reference PDF
No ratings yet
6-5-1 Webmethods Error Message Reference PDF
1,020 pages
Net Backup Ops Center
No ratings yet
Net Backup Ops Center
593 pages
SSL vs. TLS: One-Way and Two-Way SSL
No ratings yet
SSL vs. TLS: One-Way and Two-Way SSL
63 pages
Using The Application Programming Interface
No ratings yet
Using The Application Programming Interface
230 pages
MDM 103HF1 BusinessEntityServicesGuide en
100% (1)
MDM 103HF1 BusinessEntityServicesGuide en
193 pages
Symantec™ Protection Engine For Network Attached Storage 8.1 Software Developer's Guide
No ratings yet
Symantec™ Protection Engine For Network Attached Storage 8.1 Software Developer's Guide
79 pages
Symantec Messaging Gateway 9.5.1 Administration Guide
100% (1)
Symantec Messaging Gateway 9.5.1 Administration Guide
958 pages
WS Security AppNotes
No ratings yet
WS Security AppNotes
19 pages
Issafe Ugd en
No ratings yet
Issafe Ugd en
180 pages
SWG11.0 ManagementConsoleUserGuide
No ratings yet
SWG11.0 ManagementConsoleUserGuide
140 pages
UNIT 2 Notes For Cyber Security English
No ratings yet
UNIT 2 Notes For Cyber Security English
10 pages
BMC Service Request Management 7.6.04 - Administration Guide
No ratings yet
BMC Service Request Management 7.6.04 - Administration Guide
382 pages
Impact Integration Web Services Server Developer Guide
No ratings yet
Impact Integration Web Services Server Developer Guide
180 pages
Networkadvisor 1401 Rest API
No ratings yet
Networkadvisor 1401 Rest API
200 pages
Esb Err Msgs
No ratings yet
Esb Err Msgs
136 pages
PC 811 AdministratorGuide
No ratings yet
PC 811 AdministratorGuide
494 pages
Symantec™ Protection Engine For Cloud Services 8.1 C SDK Guide
No ratings yet
Symantec™ Protection Engine For Cloud Services 8.1 C SDK Guide
75 pages
Power Center WebServices UserGuide
No ratings yet
Power Center WebServices UserGuide
78 pages
Application Server Administration
No ratings yet
Application Server Administration
440 pages
Billing Form for Account Managers
No ratings yet
Billing Form for Account Managers
2 pages
JFP 180BB
No ratings yet
JFP 180BB
2 pages
DLL Ict Matatag W2
No ratings yet
DLL Ict Matatag W2
11 pages
Dbaudio DWG 2d Cad Package v1.3 Release Notes
No ratings yet
Dbaudio DWG 2d Cad Package v1.3 Release Notes
7 pages
Excel Applied To Civil Engineering As A Computational Tool
No ratings yet
Excel Applied To Civil Engineering As A Computational Tool
18 pages
Braun
No ratings yet
Braun
32 pages
How To Send Resume Using Email
100% (2)
How To Send Resume Using Email
8 pages
Building Your First Laravel Application
100% (1)
Building Your First Laravel Application
38 pages
CTS Industrial Robotics Digital Manufacturing Tech - CTS - 1.0 - NSQF-4
No ratings yet
CTS Industrial Robotics Digital Manufacturing Tech - CTS - 1.0 - NSQF-4
37 pages
Ls 5 Big Data Visualization
No ratings yet
Ls 5 Big Data Visualization
7 pages
Content Module 4 ELECTRONIC FUNDAMENTALS V2
No ratings yet
Content Module 4 ELECTRONIC FUNDAMENTALS V2
41 pages
A-Globe Agent Development Platform With Inaccessibility and Mobility Support
No ratings yet
A-Globe Agent Development Platform With Inaccessibility and Mobility Support
26 pages
Python Data Structures Course
No ratings yet
Python Data Structures Course
10 pages
Greedy Algorithm
No ratings yet
Greedy Algorithm
4 pages
Counting Bears Graphing
No ratings yet
Counting Bears Graphing
8 pages
Tutorial - Resonant LLC Converter Design Using Power Supply Design Suite
No ratings yet
Tutorial - Resonant LLC Converter Design Using Power Supply Design Suite
21 pages
Basic Electronics Theory and Practice 2nd Edition Sean Westcott Online Version
100% (1)
Basic Electronics Theory and Practice 2nd Edition Sean Westcott Online Version
98 pages
Profile Backlinks: Saad Bantwa
0% (1)
Profile Backlinks: Saad Bantwa
7 pages
Introduction To ICT & Ethics - Copy Knec Revision Material
No ratings yet
Introduction To ICT & Ethics - Copy Knec Revision Material
2 pages
Trade Finance Portal
100% (2)
Trade Finance Portal
13 pages
25,500+ Hacker Screen Stock Photos, Pictures & Royalty-Free Images - Istock
No ratings yet
25,500+ Hacker Screen Stock Photos, Pictures & Royalty-Free Images - Istock
1 page
Erro Totvs
No ratings yet
Erro Totvs
62 pages
UNIT-3 Material
No ratings yet
UNIT-3 Material
19 pages
Management Consulting Expertise
No ratings yet
Management Consulting Expertise
1 page
Lesson 4 Research For Content in
No ratings yet
Lesson 4 Research For Content in
32 pages
Gantt Plan - NOV
No ratings yet
Gantt Plan - NOV
4 pages
KVBRP Xi Cs Half Yearly 2024-25
No ratings yet
KVBRP Xi Cs Half Yearly 2024-25
3 pages
Log
No ratings yet
Log
20 pages
Explainingthe Delayin Digital Disruptionofthe Insurance Througha Complex Industry Paradigm
No ratings yet
Explainingthe Delayin Digital Disruptionofthe Insurance Througha Complex Industry Paradigm
41 pages
CapWiz 3.8.0.10 InstallationGuide - English
No ratings yet
CapWiz 3.8.0.10 InstallationGuide - English
4 pages