Home
/
Coro public API
/
Coro API reference
/
tickets-summary
/
Retrieve emails and tickets

Coro Cybersecurity Public API (v1)


This is the Coro Cybersecurity platform API specification reference.

This section provides a complete reference listing for the Coro Cybersecurity REST API resource model.

About the resource reference

This reference lists all the resources available through the Coro REST API.

Each section relates to a specific resource and provides its name, description, unique URI path, and the list of operations you can perform on it.

For each operation, you can find:

  • A complete description of the action
  • Request parameters
  • A list of potential responses
  • Security (authentication) requirements

The portal also provides code samples and examples for making requests in a number of programming languages, together with samples of the possible response bodies.

In addition to this, Coro provides a Try It feature where you can interact with the API directly through the portal. To use Try It, you'll need to first obtain Client ID and Secret credentials; for more information, see Authentication.

Download OpenAPI description
View and download the Coro API JSON specification
Overview
URL

https://support.coro.net

E-mail

support@coro.net

Terms of Service

Languages
Servers
Coro mock API server

https://docs.coro.net/_mock/api/api-docs/

Coro US API server target URL

https://api.secure.coro.net/

audit-logs

This is the audit log resource.

Operations

authentication

This is the resource for API authentication requests.

Use this resource to validate your identify and to obtain a bearer token to use when accessing other API resources.

Operations

devices

This is the Devices resource.

Use this resource to get details of all protected devices for a particular workspace.

Operations

portal-users

This is the portal user resource.

Use this resource to get details of all portal users added to the specified workspace.

Operations

subscriptions

This is the subscriptions resource.

Use this resource to view and manage workspace subscriptions.

Operations

tickets

This is the Tickets resource.

Use this resource to get details of all tickets stored in the Coro platform for a particular workspace.

Operations

tickets-summary

This is the Tickets Summary resource.

Use this resource to get details of tickets for a particular workspace, grouped by protection component.

Operations

Retrieve users and tickets

Request

Retrieve a summary of users and associated tickets for a workspace. The summary includes the total number of open tickets, closed tickets, users with associated tickets, and users with no associated tickets.

Security
JWT
Query
resolvedFromTimeinteger(int64)

Enter the date starting from which to return the summary in UNIX format, including milliseconds. For example: 1662376467 represents Sept. 5, 2022 at 11:14:28 GMT. The response returns the last 3 months of ticket data by default if no value is sent for timestamp.

Default 1755129600000
Headers
Workspacestringrequired

The workspace identifier, which isolates API requests inside the provided workspace scope.

Example: corodevonmicrosoftcom_TX7T_u
curl -i -X GET \
  'https://docs.coro.net/_mock/api/api-docs/v1/tickets/summary/users?resolvedFromTime=1755129600000' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Workspace: corodevonmicrosoftcom_TX7T_u'

Responses

Success

Bodyapplication/json
protectedUsersinteger(int64)

The number of protected users in the workspace across all apps.

Example: 123
protectedUsersWithoutTicketsinteger(int64)

The number of protected users without open tickets.

Example: 123
protectedUsersWithTicketsinteger(int64)

The number of protected users that have at least one open ticket.

Example: 123
openTicketsArray of objects(TicketCountResponse)

The number of tickets, grouped by ticket type.

closedTicketsArray of objects(TicketCountResponse)

The number of closed tickets, grouped by ticket type.

Response
application/json
{
  "protectedUsers": 123,
  "protectedUsersWithoutTickets": 123,
  "protectedUsersWithTickets": 123,
  "openTickets": [
    {}
  ],
  "closedTickets": [
    {}
  ]
}

Retrieve emails and tickets

Request

Retrieve a summary of emails and associated tickets for a workspace. The summary includes the total number of open tickets, closed tickets, emails with associated tickets, and emails with no associated tickets.

Security
JWT
Query
resolvedFromTimeinteger(int64)

Enter the date starting from which to return the summary in UNIX format, including milliseconds. For example: 1662376467 represents Sept. 5, 2022 at 11:14:28 GMT. The response returns the last 3 months of ticket data by default if no value is sent for timestamp.

Default 1755129600000
Headers
Workspacestringrequired

The workspace identifier, which isolates API requests inside the provided workspace scope.

Example: corodevonmicrosoftcom_TX7T_u
curl -i -X GET \
  'https://docs.coro.net/_mock/api/api-docs/v1/tickets/summary/emails?resolvedFromTime=1755129600000' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Workspace: corodevonmicrosoftcom_TX7T_u'

Responses

Success

Bodyapplication/json
openTicketsArray of objects(TicketCountResponse)

The number of open tickets, grouped by the ticket trigger.

closedTicketsArray of objects(TicketCountResponse)

The number of closed tickets, grouped by the ticket trigger; includes all email triggers.

topDomainsArray of objects(DomainResponse)

A list of up to five domains from which the largest amount of suspicious emails were sent.

emailsScannedinteger(int64)

The total number of emails that were scanned.

Example: 123
Response
application/json
{
  "openTickets": [
    {}
  ],
  "closedTickets": [
    {}
  ],
  "topDomains": [
    {}
  ],
  "emailsScanned": 123
}

Retrieve devices and tickets

Request

Retrieve a summary of devices and associated tickets for a workspace. The summary includes the total number of open tickets, closed tickets, devices with associated tickets, and devices with no associated tickets.

Security
JWT
Query
resolvedFromTimeinteger(int64)

Enter the date starting from which to return the device summary in UNIX format, including milliseconds. For example: 1662376467 represents Sept. 5, 2022 at 11:14:28 GMT. The response returns the last 3 months of ticket data by default if no value is sent for timestamp.

Default 1755129600000
Headers
Workspacestringrequired

The workspace identifier, which isolates API requests inside the provided workspace scope.

Example: corodevonmicrosoftcom_TX7T_u
curl -i -X GET \
  'https://docs.coro.net/_mock/api/api-docs/v1/tickets/summary/devices?resolvedFromTime=1755129600000' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Workspace: corodevonmicrosoftcom_TX7T_u'

Responses

Success

Bodyapplication/json
devicesinteger(int64)

The number of devices in the workspace.

Example: 123
devicesWithoutTicketsinteger(int64)

The number of devices with no open tickets.

Example: 123
devicesWithTicketsinteger(int64)

The number of devices with at least one open ticket.

Example: 123
openTicketsArray of objects(TicketCountResponse)

The number of open tickets, grouped by the ticket trigger.

closedTicketsArray of objects(TicketCountResponse)

The number of closed tickets, grouped by the ticket trigger; includes all device triggers.

Response
application/json
{
  "devices": 123,
  "devicesWithoutTickets": 123,
  "devicesWithTickets": 123,
  "openTickets": [
    {}
  ],
  "closedTickets": [
    {}
  ]
}

Retrieve data and tickets

Request

Retrieve a summary of monitored data and associated tickets for a workspace. The summary includes the total number of open tickets, closed tickets, monitored data with associated tickets, and monitored data with no associated tickets.

Security
JWT
Query
resolvedFromTimeinteger(int64)

Enter the date starting from which to return the summary in UNIX format, including milliseconds. For example: 1662376467 represents Sept. 5, 2022 at 11:14:28 GMT. The response returns the last 3 months of ticket data by default if no value is sent for timestamp.

Default 1755129600000
Headers
Workspacestringrequired

The workspace identifier, which isolates API requests inside the provided workspace scope.

Example: corodevonmicrosoftcom_TX7T_u
curl -i -X GET \
  'https://docs.coro.net/_mock/api/api-docs/v1/tickets/summary/data?resolvedFromTime=1755129600000' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Workspace: corodevonmicrosoftcom_TX7T_u'

Responses

Success

Bodyapplication/json
openTicketsArray of objects(TicketCountResponse)

The number of open tickets, grouped by the ticket trigger.

closedTicketsArray of objects(TicketCountResponse)

The number of closed tickets, grouped by the ticket trigger; includes all data triggers.

topViolatorsArray of objects(ViolatorResponse)

A list of the top five protected users who violated data policies.

objectsScannedinteger(int64)

The total number of records that were scanned, such as files and emails.

Example: 123
Response
application/json
{
  "openTickets": [
    {}
  ],
  "closedTickets": [
    {}
  ],
  "topViolators": [
    {}
  ],
  "objectsScanned": 123
}

Retrieve apps and tickets

Request

Retrieve a summary of protected cloud apps and associated tickets for a workspace. The summary includes the total number of open tickets, closed tickets, cloud apps with associated tickets, and cloud apps with no associated tickets.

Security
JWT
Query
resolvedFromTimeinteger(int64)

Enter the date starting from which to return the summary in UNIX format, including milliseconds. For example: 1662376467 represents Sept. 5, 2022 at 11:14:28 GMT. The response returns the last 3 months of ticket data by default if no value is sent for timestamp.

Default 1755129600000
Headers
Workspacestringrequired

The workspace identifier, which isolates API requests inside the provided workspace scope.

Example: corodevonmicrosoftcom_TX7T_u
curl -i -X GET \
  'https://docs.coro.net/_mock/api/api-docs/v1/tickets/summary/cloud-apps?resolvedFromTime=1755129600000' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Workspace: corodevonmicrosoftcom_TX7T_u'

Responses

Success

Bodyapplication/json
cloudAppStatusesArray of objects(CloudAppStatus)

The status for each cloud app connected to workspace.

openTicketsArray of objects(TicketCountResponse)

The number of open tickets, grouped by the ticket trigger.

closedTicketsArray of objects(TicketCountResponse)

The number of closed tickets, grouped by the ticket trigger; includes all cloud app triggers.

Response
application/json
{
  "cloudAppStatuses": [
    {}
  ],
  "openTickets": [
    {}
  ],
  "closedTickets": [
    {}
  ]
}

usage

This is the resource for Coro usage.

Use this resource to obtain information about usage

Operations

users

This is the protected user resource.

Use this resource to get details of all protected users added to the specified workspace.

Operations

webhook-configuration

Use this resource to manage or view details of existing webhooks configurations, or to create new webhook configurations.

Operations

workspaces

Use this resource to view details of provisioned workspaces, or to create new workspaces.

Operations