---
title: Attach security findings to a ServiceNow ticket
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Attach security findings to a ServiceNow ticket{% #attach-security-findings-to-a-servicenow-ticket %}
Copy pageCopied
{% tab title="v2" %}

| Datadog site      | API endpoint                                                                    |
| ----------------- | ------------------------------------------------------------------------------- |
| ap1.datadoghq.com | PATCH https://api.ap1.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| ap2.datadoghq.com | PATCH https://api.ap2.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| app.datadoghq.eu  | PATCH https://api.datadoghq.eu/api/v2/security/findings/servicenow_tickets      |
| app.ddog-gov.com  | PATCH https://api.ddog-gov.com/api/v2/security/findings/servicenow_tickets      |
| us2.ddog-gov.com  | PATCH https://api.us2.ddog-gov.com/api/v2/security/findings/servicenow_tickets  |
| uk1.datadoghq.com | PATCH https://api.uk1.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| app.datadoghq.com | PATCH https://api.datadoghq.com/api/v2/security/findings/servicenow_tickets     |
| us3.datadoghq.com | PATCH https://api.us3.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| us5.datadoghq.com | PATCH https://api.us5.datadoghq.com/api/v2/security/findings/servicenow_tickets |

### Overview

Attach security findings to a ServiceNow ticket by providing the ServiceNow ticket URL. You can attach up to 50 security findings per ServiceNow ticket. If the ServiceNow ticket is not linked to any case, this operation will create a case for the security findings and link the ServiceNow ticket to the newly created case. Security findings that are already attached to another ServiceNow ticket will be detached from their previous ServiceNow ticket and attached to the specified ServiceNow ticket. This endpoint requires any of the following permissions:
`security_monitoring_findings_write``appsec_vm_write` 


### Request

#### Body Data (required)



{% tab title="Model" %}

| Parent field  | Field                                   | Type     | Description                                                                                                                          |
| ------------- | --------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------ |
|               | data [*required*]                  | object   | Data of the ServiceNow ticket to attach security findings to.                                                                        |
| data          | attributes [*required*]            | object   | Attributes of the ServiceNow ticket to attach security findings to.                                                                  |
| attributes    | servicenow_ticket_url [*required*] | string   | URL of the ServiceNow incident to attach security findings to. Must be a service-now.com URL pointing to an incident record.         |
| data          | relationships [*required*]         | object   | Relationships of the ServiceNow ticket to attach security findings to.                                                               |
| relationships | findings [*required*]              | object   | Security findings to attach to the ServiceNow ticket.                                                                                |
| findings      | data                                    | [object] | Array of security finding data objects.                                                                                              |
| data          | id [*required*]                    | string   | Unique identifier of the security finding.                                                                                           |
| data          | type [*required*]                  | enum     | Security findings resource type. Allowed enum values: `findings`                                                                     |
| relationships | project [*required*]               | object   | Case management project with the ServiceNow integration configured. It is used to attach security findings to the ServiceNow ticket. |
| project       | data [*required*]                  | object   | Data object representing a case management project.                                                                                  |
| data          | id [*required*]                    | string   | Unique identifier of the case management project.                                                                                    |
| data          | type [*required*]                  | enum     | Projects resource type. Allowed enum values: `projects`                                                                              |
| data          | type [*required*]                  | enum     | ServiceNow tickets resource type. Allowed enum values: `servicenow_tickets`                                                          |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "servicenow_ticket_url": "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789"
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "servicenow_tickets"
  }
}
```

{% /tab %}

### Response

{% tab title="200" %}
OK
{% tab title="Model" %}
Case response.

| Parent field         | Field                  | Type      | Description                                                                                                                                            |
| -------------------- | ---------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
|                      | data                   | object    | Data of the case.                                                                                                                                      |
| data                 | attributes             | object    | Attributes of the case.                                                                                                                                |
| attributes           | archived_at            | date-time | Timestamp of when the case was archived.                                                                                                               |
| attributes           | assigned_to            | object    | User assigned to the case.                                                                                                                             |
| assigned_to          | data [*required*] | object    | Relationship to user object.                                                                                                                           |
| data                 | id [*required*]   | string    | A unique identifier that represents the user.                                                                                                          |
| data                 | type [*required*] | enum      | Users resource type. Allowed enum values: `users`                                                                                                      |
| attributes           | attributes             | object    | Custom attributes associated with the case as key-value pairs where values are string arrays.                                                          |
| additionalProperties | <any-key>              | [string]  |
| attributes           | closed_at              | date-time | Timestamp of when the case was closed.                                                                                                                 |
| attributes           | created_at             | date-time | Timestamp of when the case was created.                                                                                                                |
| attributes           | creation_source        | string    | Source of the case creation.                                                                                                                           |
| attributes           | description            | string    | Description of the case.                                                                                                                               |
| attributes           | due_date               | string    | Due date of the case.                                                                                                                                  |
| attributes           | insights               | [object]  | Insights of the case.                                                                                                                                  |
| insights             | ref                    | string    | Reference of the insight.                                                                                                                              |
| insights             | resource_id            | string    | Unique identifier of the resource. For example, the unique identifier of a security finding.                                                           |
| insights             | type                   | string    | Type of the resource. For example, the type of a security finding is "SECURITY_FINDING".                                                               |
| attributes           | jira_issue             | object    | Jira issue associated with the case.                                                                                                                   |
| jira_issue           | error_message          | string    | Error message if the Jira issue creation failed.                                                                                                       |
| jira_issue           | result                 | object    | Result of the Jira issue creation.                                                                                                                     |
| result               | account_id             | string    | Account ID of the Jira issue.                                                                                                                          |
| result               | issue_id               | string    | Unique identifier of the Jira issue.                                                                                                                   |
| result               | issue_key              | string    | Key of the Jira issue.                                                                                                                                 |
| result               | issue_url              | string    | URL of the Jira issue.                                                                                                                                 |
| jira_issue           | status                 | string    | Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed.       |
| attributes           | key                    | string    | Key of the case.                                                                                                                                       |
| attributes           | linear_issue           | object    | Linear issue associated with the case.                                                                                                                 |
| linear_issue         | error_message          | string    | Error message if the Linear issue creation failed.                                                                                                     |
| linear_issue         | result                 | object    | Result of the Linear issue creation.                                                                                                                   |
| result               | account_id             | string    | Account ID of the Linear workspace.                                                                                                                    |
| result               | issue_id               | string    | Unique identifier of the Linear issue.                                                                                                                 |
| result               | issue_key              | string    | Key of the Linear issue.                                                                                                                               |
| result               | team_id                | string    | Team ID of the Linear issue.                                                                                                                           |
| result               | url                    | string    | URL of the Linear issue.                                                                                                                               |
| linear_issue         | status                 | string    | Status of the Linear issue creation. Can be "COMPLETED" if the Linear issue was created successfully, or "FAILED" if the Linear issue creation failed. |
| attributes           | modified_at            | date-time | Timestamp of when the case was last modified.                                                                                                          |
| attributes           | priority               | string    | Priority of the case.                                                                                                                                  |
| attributes           | servicenow_ticket      | object    | ServiceNow ticket associated with the case.                                                                                                            |
| servicenow_ticket    | result                 | object    | Result of the ServiceNow ticket creation or attachment.                                                                                                |
| result               | instance_name          | string    | ServiceNow instance name extracted from the ticket URL.                                                                                                |
| result               | sys_id                 | string    | Unique identifier of the ServiceNow incident record.                                                                                                   |
| result               | sys_target_link        | string    | Direct link to the ServiceNow incident record.                                                                                                         |
| result               | sys_target_sys_id      | string    | Unique identifier of the target ServiceNow record.                                                                                                     |
| result               | table_name             | string    | ServiceNow table containing the incident record.                                                                                                       |
| result               | url                    | string    | URL of the ServiceNow incident record.                                                                                                                 |
| servicenow_ticket    | status                 | string    | Status of the ServiceNow ticket operation. Can be "COMPLETED" if successful, or "FAILED" if the operation failed.                                      |
| attributes           | status                 | string    | Status of the case.                                                                                                                                    |
| attributes           | status_group           | string    | Status group of the case.                                                                                                                              |
| attributes           | status_name            | string    | Status name of the case.                                                                                                                               |
| attributes           | title                  | string    | Title of the case.                                                                                                                                     |
| attributes           | type                   | string    | Type of the case. For security cases, this is always "SECURITY".                                                                                       |
| data                 | id                     | string    | Unique identifier of the case.                                                                                                                         |
| data                 | relationships          | object    | Relationships of the case.                                                                                                                             |
| relationships        | created_by             | object    | User who created the case.                                                                                                                             |
| created_by           | data [*required*] | object    | Relationship to user object.                                                                                                                           |
| data                 | id [*required*]   | string    | A unique identifier that represents the user.                                                                                                          |
| data                 | type [*required*] | enum      | Users resource type. Allowed enum values: `users`                                                                                                      |
| relationships        | modified_by            | object    | User who last modified the case.                                                                                                                       |
| modified_by          | data [*required*] | object    | Relationship to user object.                                                                                                                           |
| data                 | id [*required*]   | string    | A unique identifier that represents the user.                                                                                                          |
| data                 | type [*required*] | enum      | Users resource type. Allowed enum values: `users`                                                                                                      |
| relationships        | project                | object    | Project in which the case was created.                                                                                                                 |
| project              | data [*required*] | object    | Data object representing a case management project.                                                                                                    |
| data                 | id [*required*]   | string    | Unique identifier of the case management project.                                                                                                      |
| data                 | type [*required*] | enum      | Projects resource type. Allowed enum values: `projects`                                                                                                |
| data                 | type [*required*] | enum      | Cases resource type. Allowed enum values: `cases`                                                                                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "archived_at": "2025-01-01T00:00:00.000Z",
      "assigned_to": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "attributes": {
        "<any-key>": []
      },
      "closed_at": "2025-01-01T00:00:00.000Z",
      "created_at": "2025-01-01T00:00:00.000Z",
      "creation_source": "CS_SECURITY_FINDING",
      "description": "A description of the case.",
      "due_date": "2025-01-01",
      "insights": [
        {
          "ref": "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static",
          "resource_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
          "type": "SECURITY_FINDING"
        }
      ],
      "jira_issue": {
        "error_message": "{\"errorMessages\":[\"An error occured.\"],\"errors\":{}}",
        "result": {
          "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
          "issue_id": "2871276",
          "issue_key": "PROJ-123",
          "issue_url": "https://domain.atlassian.net/browse/PROJ-123"
        },
        "status": "COMPLETED"
      },
      "key": "PROJ-123",
      "linear_issue": {
        "error_message": "Linear issue creation failed.",
        "result": {
          "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
          "issue_id": "9c1e5f8a-2b3d-4c7e-8f6a-1d2e3f4a5b6c",
          "issue_key": "ENG-123",
          "team_id": "b5d3c8a1-7e6f-4d2c-9a8b-3c4d5e6f7a8b",
          "url": "https://linear.app/your-workspace/issue/ENG-123"
        },
        "status": "COMPLETED"
      },
      "modified_at": "2025-01-01T00:00:00.000Z",
      "priority": "P4",
      "servicenow_ticket": {
        "result": {
          "instance_name": "example",
          "sys_id": "abcdef0123456789abcdef0123456789",
          "sys_target_link": "https://example.service-now.com/incident.do?sys_id=abcdef0123456789abcdef0123456789",
          "sys_target_sys_id": "abcdef0123456789abcdef0123456789",
          "table_name": "incident",
          "url": "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789"
        },
        "status": "COMPLETED"
      },
      "status": "OPEN",
      "status_group": "SG_OPEN",
      "status_name": "Open",
      "title": "A title for the case.",
      "type": "SECURITY"
    },
    "id": "c1234567-89ab-cdef-0123-456789abcdef",
    "relationships": {
      "created_by": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "modified_by": {
        "data": {
          "id": "00000000-0000-0000-2345-000000000000",
          "type": "users"
        }
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "cases"
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="404" %}
Not Found
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Curl command curl -X PATCH "https://api.datadoghq.com/api/v2/security/findings/servicenow_tickets" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "servicenow_ticket_url": "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789"
    },
    "relationships": {
      "findings": {
        "data": [
          {
            "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "findings"
          }
        ]
      },
      "project": {
        "data": {
          "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          "type": "projects"
        }
      }
    },
    "type": "servicenow_tickets"
  }
}
EOF 
                
##### 

```python
"""
Attach security findings to a ServiceNow ticket returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.attach_service_now_ticket_request import AttachServiceNowTicketRequest
from datadog_api_client.v2.model.attach_service_now_ticket_request_data import AttachServiceNowTicketRequestData
from datadog_api_client.v2.model.attach_service_now_ticket_request_data_attributes import (
    AttachServiceNowTicketRequestDataAttributes,
)
from datadog_api_client.v2.model.attach_service_now_ticket_request_data_relationships import (
    AttachServiceNowTicketRequestDataRelationships,
)
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.service_now_tickets_data_type import ServiceNowTicketsDataType

body = AttachServiceNowTicketRequest(
    data=AttachServiceNowTicketRequestData(
        attributes=AttachServiceNowTicketRequestDataAttributes(
            servicenow_ticket_url="https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789",
        ),
        relationships=AttachServiceNowTicketRequestDataRelationships(
            findings=Findings(
                data=[
                    FindingData(
                        id="ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
                        type=FindingDataType.FINDINGS,
                    ),
                ],
            ),
            project=CaseManagementProject(
                data=CaseManagementProjectData(
                    id="aeadc05e-98a8-11ec-ac2c-da7ad0900001",
                    type=CaseManagementProjectDataType.PROJECTS,
                ),
            ),
        ),
        type=ServiceNowTicketsDataType.SERVICENOW_TICKETS,
    ),
)

configuration = Configuration()
configuration.unstable_operations["attach_service_now_ticket"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.attach_service_now_ticket(body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Attach security findings to a ServiceNow ticket returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.attach_service_now_ticket".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::AttachServiceNowTicketRequest.new({
  data: DatadogAPIClient::V2::AttachServiceNowTicketRequestData.new({
    attributes: DatadogAPIClient::V2::AttachServiceNowTicketRequestDataAttributes.new({
      servicenow_ticket_url: "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789",
    }),
    relationships: DatadogAPIClient::V2::AttachServiceNowTicketRequestDataRelationships.new({
      findings: DatadogAPIClient::V2::Findings.new({
        data: [
          DatadogAPIClient::V2::FindingData.new({
            id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
          }),
        ],
      }),
      project: DatadogAPIClient::V2::CaseManagementProject.new({
        data: DatadogAPIClient::V2::CaseManagementProjectData.new({
          id: "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
          type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
        }),
      }),
    }),
    type: DatadogAPIClient::V2::ServiceNowTicketsDataType::SERVICENOW_TICKETS,
  }),
})
p api_instance.attach_service_now_ticket(body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Attach security findings to a ServiceNow ticket returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.AttachServiceNowTicketRequest{
		Data: datadogV2.AttachServiceNowTicketRequestData{
			Attributes: datadogV2.AttachServiceNowTicketRequestDataAttributes{
				ServicenowTicketUrl: "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789",
			},
			Relationships: datadogV2.AttachServiceNowTicketRequestDataRelationships{
				Findings: datadogV2.Findings{
					Data: []datadogV2.FindingData{
						{
							Id:   "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
							Type: datadogV2.FINDINGDATATYPE_FINDINGS,
						},
					},
				},
				Project: datadogV2.CaseManagementProject{
					Data: datadogV2.CaseManagementProjectData{
						Id:   "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
						Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
					},
				},
			},
			Type: datadogV2.SERVICENOWTICKETSDATATYPE_SERVICENOW_TICKETS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.AttachServiceNowTicket", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.AttachServiceNowTicket(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.AttachServiceNowTicket`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.AttachServiceNowTicket`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Attach security findings to a ServiceNow ticket returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.AttachServiceNowTicketRequest;
import com.datadog.api.client.v2.model.AttachServiceNowTicketRequestData;
import com.datadog.api.client.v2.model.AttachServiceNowTicketRequestDataAttributes;
import com.datadog.api.client.v2.model.AttachServiceNowTicketRequestDataRelationships;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.FindingCaseResponse;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.ServiceNowTicketsDataType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.attachServiceNowTicket", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    AttachServiceNowTicketRequest body =
        new AttachServiceNowTicketRequest()
            .data(
                new AttachServiceNowTicketRequestData()
                    .attributes(
                        new AttachServiceNowTicketRequestDataAttributes()
                            .servicenowTicketUrl(
                                "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789"))
                    .relationships(
                        new AttachServiceNowTicketRequestDataRelationships()
                            .findings(
                                new Findings()
                                    .data(
                                        Collections.singletonList(
                                            new FindingData()
                                                .id("ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==")
                                                .type(FindingDataType.FINDINGS))))
                            .project(
                                new CaseManagementProject()
                                    .data(
                                        new CaseManagementProjectData()
                                            .id("aeadc05e-98a8-11ec-ac2c-da7ad0900001")
                                            .type(CaseManagementProjectDataType.PROJECTS))))
                    .type(ServiceNowTicketsDataType.SERVICENOW_TICKETS));

    try {
      FindingCaseResponse result = apiInstance.attachServiceNowTicket(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#attachServiceNowTicket");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Attach security findings to a ServiceNow ticket returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::AttachServiceNowTicketRequest;
use datadog_api_client::datadogV2::model::AttachServiceNowTicketRequestData;
use datadog_api_client::datadogV2::model::AttachServiceNowTicketRequestDataAttributes;
use datadog_api_client::datadogV2::model::AttachServiceNowTicketRequestDataRelationships;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::ServiceNowTicketsDataType;

#[tokio::main]
async fn main() {
    let body =
        AttachServiceNowTicketRequest::new(
            AttachServiceNowTicketRequestData::new(
                AttachServiceNowTicketRequestDataAttributes::new(
                    "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789".to_string(),
                ),
                AttachServiceNowTicketRequestDataRelationships::new(
                    Findings
                    ::new().data(
                        vec![
                            FindingData::new(
                                "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==".to_string(),
                                FindingDataType::FINDINGS,
                            )
                        ],
                    ),
                    CaseManagementProject::new(
                        CaseManagementProjectData::new(
                            "aeadc05e-98a8-11ec-ac2c-da7ad0900001".to_string(),
                            CaseManagementProjectDataType::PROJECTS,
                        ),
                    ),
                ),
                ServiceNowTicketsDataType::SERVICENOW_TICKETS,
            ),
        );
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.AttachServiceNowTicket", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.attach_service_now_ticket(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Attach security findings to a ServiceNow ticket returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.attachServiceNowTicket"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiAttachServiceNowTicketRequest = {
  body: {
    data: {
      attributes: {
        servicenowTicketUrl:
          "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789",
      },
      relationships: {
        findings: {
          data: [
            {
              id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
              type: "findings",
            },
          ],
        },
        project: {
          data: {
            id: "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            type: "projects",
          },
        },
      },
      type: "servicenow_tickets",
    },
  },
};

apiInstance
  .attachServiceNowTicket(params)
  .then((data: v2.FindingCaseResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
