---
title: Create ServiceNow tickets for security findings
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Create ServiceNow tickets for security findings{% #create-servicenow-tickets-for-security-findings %}
Copy pageCopied
{% tab title="v2" %}

| Datadog site      | API endpoint                                                                   |
| ----------------- | ------------------------------------------------------------------------------ |
| ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| app.datadoghq.eu  | POST https://api.datadoghq.eu/api/v2/security/findings/servicenow_tickets      |
| app.ddog-gov.com  | POST https://api.ddog-gov.com/api/v2/security/findings/servicenow_tickets      |
| us2.ddog-gov.com  | POST https://api.us2.ddog-gov.com/api/v2/security/findings/servicenow_tickets  |
| uk1.datadoghq.com | POST https://api.uk1.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security/findings/servicenow_tickets     |
| us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security/findings/servicenow_tickets |
| us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security/findings/servicenow_tickets |

### Overview

Create ServiceNow tickets for security findings. This operation creates a case in Datadog and a ServiceNow ticket linked to that case for bidirectional sync between Datadog and ServiceNow. You can create up to 50 ServiceNow tickets per request and associate up to 50 security findings per ServiceNow ticket. Security findings that are already attached to another ServiceNow ticket will be detached from their previous ServiceNow ticket and attached to the newly created ServiceNow ticket. This endpoint requires any of the following permissions:
`security_monitoring_findings_write``appsec_vm_write` 


### Request

#### Body Data (required)



{% tab title="Model" %}

| Parent field  | Field                           | Type     | Description                                                                                                                                                                                 |
| ------------- | ------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|               | data [*required*]          | [object] | Array of ServiceNow ticket creation request data objects.                                                                                                                                   |
| data          | attributes                      | object   | Attributes of the ServiceNow ticket to create.                                                                                                                                              |
| attributes    | assignee_id                     | string   | Unique identifier of the Datadog user assigned to the case backing the ServiceNow ticket.                                                                                                   |
| attributes    | description                     | string   | Description of the ServiceNow ticket. If not provided, the description will be automatically generated.                                                                                     |
| attributes    | priority                        | enum     | Datadog case priority mapped to the ServiceNow ticket priority. If not provided, the priority will be automatically set to "NOT_DEFINED". Allowed enum values: `NOT_DEFINED,P1,P2,P3,P4,P5` |
| attributes    | title                           | string   | Title of the ServiceNow ticket. If not provided, the title will be automatically generated.                                                                                                 |
| data          | relationships [*required*] | object   | Relationships of the ServiceNow ticket to create.                                                                                                                                           |
| relationships | findings [*required*]      | object   | Security findings to create a ServiceNow ticket for.                                                                                                                                        |
| findings      | data                            | [object] | Array of security finding data objects.                                                                                                                                                     |
| data          | id [*required*]            | string   | Unique identifier of the security finding.                                                                                                                                                  |
| data          | type [*required*]          | enum     | Security findings resource type. Allowed enum values: `findings`                                                                                                                            |
| relationships | project [*required*]       | object   | Case management project configured with the ServiceNow integration. It is used to create the ServiceNow ticket.                                                                             |
| project       | data [*required*]          | object   | Data object representing a case management project.                                                                                                                                         |
| data          | id [*required*]            | string   | Unique identifier of the case management project.                                                                                                                                           |
| data          | type [*required*]          | enum     | Projects resource type. Allowed enum values: `projects`                                                                                                                                     |
| data          | type [*required*]          | enum     | ServiceNow tickets resource type. Allowed enum values: `servicenow_tickets`                                                                                                                 |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the ServiceNow ticket.",
        "priority": "P4",
        "title": "A title for the ServiceNow ticket."
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            "type": "projects"
          }
        }
      },
      "type": "servicenow_tickets"
    }
  ]
}
```

{% /tab %}

### Response

{% tab title="201" %}
Created
{% tab title="Model" %}
List of case responses.

| Parent field         | Field                  | Type      | Description                                                                                                                                            |
| -------------------- | ---------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
|                      | data [*required*] | [object]  | Array of case response data objects.                                                                                                                   |
| data                 | attributes             | object    | Attributes of the case.                                                                                                                                |
| attributes           | archived_at            | date-time | Timestamp of when the case was archived.                                                                                                               |
| attributes           | assigned_to            | object    | User assigned to the case.                                                                                                                             |
| assigned_to          | data [*required*] | object    | Relationship to user object.                                                                                                                           |
| data                 | id [*required*]   | string    | A unique identifier that represents the user.                                                                                                          |
| data                 | type [*required*] | enum      | Users resource type. Allowed enum values: `users`                                                                                                      |
| attributes           | attributes             | object    | Custom attributes associated with the case as key-value pairs where values are string arrays.                                                          |
| additionalProperties | <any-key>              | [string]  |
| attributes           | closed_at              | date-time | Timestamp of when the case was closed.                                                                                                                 |
| attributes           | created_at             | date-time | Timestamp of when the case was created.                                                                                                                |
| attributes           | creation_source        | string    | Source of the case creation.                                                                                                                           |
| attributes           | description            | string    | Description of the case.                                                                                                                               |
| attributes           | due_date               | string    | Due date of the case.                                                                                                                                  |
| attributes           | insights               | [object]  | Insights of the case.                                                                                                                                  |
| insights             | ref                    | string    | Reference of the insight.                                                                                                                              |
| insights             | resource_id            | string    | Unique identifier of the resource. For example, the unique identifier of a security finding.                                                           |
| insights             | type                   | string    | Type of the resource. For example, the type of a security finding is "SECURITY_FINDING".                                                               |
| attributes           | jira_issue             | object    | Jira issue associated with the case.                                                                                                                   |
| jira_issue           | error_message          | string    | Error message if the Jira issue creation failed.                                                                                                       |
| jira_issue           | result                 | object    | Result of the Jira issue creation.                                                                                                                     |
| result               | account_id             | string    | Account ID of the Jira issue.                                                                                                                          |
| result               | issue_id               | string    | Unique identifier of the Jira issue.                                                                                                                   |
| result               | issue_key              | string    | Key of the Jira issue.                                                                                                                                 |
| result               | issue_url              | string    | URL of the Jira issue.                                                                                                                                 |
| jira_issue           | status                 | string    | Status of the Jira issue creation. Can be "COMPLETED" if the Jira issue was created successfully, or "FAILED" if the Jira issue creation failed.       |
| attributes           | key                    | string    | Key of the case.                                                                                                                                       |
| attributes           | linear_issue           | object    | Linear issue associated with the case.                                                                                                                 |
| linear_issue         | error_message          | string    | Error message if the Linear issue creation failed.                                                                                                     |
| linear_issue         | result                 | object    | Result of the Linear issue creation.                                                                                                                   |
| result               | account_id             | string    | Account ID of the Linear workspace.                                                                                                                    |
| result               | issue_id               | string    | Unique identifier of the Linear issue.                                                                                                                 |
| result               | issue_key              | string    | Key of the Linear issue.                                                                                                                               |
| result               | team_id                | string    | Team ID of the Linear issue.                                                                                                                           |
| result               | url                    | string    | URL of the Linear issue.                                                                                                                               |
| linear_issue         | status                 | string    | Status of the Linear issue creation. Can be "COMPLETED" if the Linear issue was created successfully, or "FAILED" if the Linear issue creation failed. |
| attributes           | modified_at            | date-time | Timestamp of when the case was last modified.                                                                                                          |
| attributes           | priority               | string    | Priority of the case.                                                                                                                                  |
| attributes           | servicenow_ticket      | object    | ServiceNow ticket associated with the case.                                                                                                            |
| servicenow_ticket    | result                 | object    | Result of the ServiceNow ticket creation or attachment.                                                                                                |
| result               | instance_name          | string    | ServiceNow instance name extracted from the ticket URL.                                                                                                |
| result               | sys_id                 | string    | Unique identifier of the ServiceNow incident record.                                                                                                   |
| result               | sys_target_link        | string    | Direct link to the ServiceNow incident record.                                                                                                         |
| result               | sys_target_sys_id      | string    | Unique identifier of the target ServiceNow record.                                                                                                     |
| result               | table_name             | string    | ServiceNow table containing the incident record.                                                                                                       |
| result               | url                    | string    | URL of the ServiceNow incident record.                                                                                                                 |
| servicenow_ticket    | status                 | string    | Status of the ServiceNow ticket operation. Can be "COMPLETED" if successful, or "FAILED" if the operation failed.                                      |
| attributes           | status                 | string    | Status of the case.                                                                                                                                    |
| attributes           | status_group           | string    | Status group of the case.                                                                                                                              |
| attributes           | status_name            | string    | Status name of the case.                                                                                                                               |
| attributes           | title                  | string    | Title of the case.                                                                                                                                     |
| attributes           | type                   | string    | Type of the case. For security cases, this is always "SECURITY".                                                                                       |
| data                 | id                     | string    | Unique identifier of the case.                                                                                                                         |
| data                 | relationships          | object    | Relationships of the case.                                                                                                                             |
| relationships        | created_by             | object    | User who created the case.                                                                                                                             |
| created_by           | data [*required*] | object    | Relationship to user object.                                                                                                                           |
| data                 | id [*required*]   | string    | A unique identifier that represents the user.                                                                                                          |
| data                 | type [*required*] | enum      | Users resource type. Allowed enum values: `users`                                                                                                      |
| relationships        | modified_by            | object    | User who last modified the case.                                                                                                                       |
| modified_by          | data [*required*] | object    | Relationship to user object.                                                                                                                           |
| data                 | id [*required*]   | string    | A unique identifier that represents the user.                                                                                                          |
| data                 | type [*required*] | enum      | Users resource type. Allowed enum values: `users`                                                                                                      |
| relationships        | project                | object    | Project in which the case was created.                                                                                                                 |
| project              | data [*required*] | object    | Data object representing a case management project.                                                                                                    |
| data                 | id [*required*]   | string    | Unique identifier of the case management project.                                                                                                      |
| data                 | type [*required*] | enum      | Projects resource type. Allowed enum values: `projects`                                                                                                |
| data                 | type [*required*] | enum      | Cases resource type. Allowed enum values: `cases`                                                                                                      |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": [
    {
      "attributes": {
        "archived_at": "2025-01-01T00:00:00.000Z",
        "assigned_to": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "attributes": {
          "<any-key>": []
        },
        "closed_at": "2025-01-01T00:00:00.000Z",
        "created_at": "2025-01-01T00:00:00.000Z",
        "creation_source": "CS_SECURITY_FINDING",
        "description": "A description of the case.",
        "due_date": "2025-01-01",
        "insights": [
          {
            "ref": "/security/appsec/vm/library/vulnerability/dfa027f7c037b2f77159adc027fecb56?detection=static",
            "resource_id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
            "type": "SECURITY_FINDING"
          }
        ],
        "jira_issue": {
          "error_message": "{\"errorMessages\":[\"An error occured.\"],\"errors\":{}}",
          "result": {
            "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
            "issue_id": "2871276",
            "issue_key": "PROJ-123",
            "issue_url": "https://domain.atlassian.net/browse/PROJ-123"
          },
          "status": "COMPLETED"
        },
        "key": "PROJ-123",
        "linear_issue": {
          "error_message": "Linear issue creation failed.",
          "result": {
            "account_id": "463a8631-680e-455c-bfd3-3ed04d326eb7",
            "issue_id": "9c1e5f8a-2b3d-4c7e-8f6a-1d2e3f4a5b6c",
            "issue_key": "ENG-123",
            "team_id": "b5d3c8a1-7e6f-4d2c-9a8b-3c4d5e6f7a8b",
            "url": "https://linear.app/your-workspace/issue/ENG-123"
          },
          "status": "COMPLETED"
        },
        "modified_at": "2025-01-01T00:00:00.000Z",
        "priority": "P4",
        "servicenow_ticket": {
          "result": {
            "instance_name": "example",
            "sys_id": "abcdef0123456789abcdef0123456789",
            "sys_target_link": "https://example.service-now.com/incident.do?sys_id=abcdef0123456789abcdef0123456789",
            "sys_target_sys_id": "abcdef0123456789abcdef0123456789",
            "table_name": "incident",
            "url": "https://example.service-now.com/now/nav/ui/classic/params/target/incident.do?sys_id=abcdef0123456789abcdef0123456789"
          },
          "status": "COMPLETED"
        },
        "status": "OPEN",
        "status_group": "SG_OPEN",
        "status_name": "Open",
        "title": "A title for the case.",
        "type": "SECURITY"
      },
      "id": "c1234567-89ab-cdef-0123-456789abcdef",
      "relationships": {
        "created_by": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "modified_by": {
          "data": {
            "id": "00000000-0000-0000-2345-000000000000",
            "type": "users"
          }
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            "type": "projects"
          }
        }
      },
      "type": "cases"
    }
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="404" %}
Not Found
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security/findings/servicenow_tickets" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": [
    {
      "attributes": {
        "assignee_id": "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        "description": "A description of the ServiceNow ticket.",
        "priority": "NOT_DEFINED",
        "title": "A title for the ServiceNow ticket."
      },
      "relationships": {
        "findings": {
          "data": [
            {
              "id": "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
              "type": "findings"
            }
          ]
        },
        "project": {
          "data": {
            "id": "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            "type": "projects"
          }
        }
      },
      "type": "servicenow_tickets"
    }
  ]
}
EOF 
                
##### 

```python
"""
Create ServiceNow tickets for security findings returns "Created" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.case_management_project import CaseManagementProject
from datadog_api_client.v2.model.case_management_project_data import CaseManagementProjectData
from datadog_api_client.v2.model.case_management_project_data_type import CaseManagementProjectDataType
from datadog_api_client.v2.model.case_priority import CasePriority
from datadog_api_client.v2.model.create_service_now_ticket_request_array import CreateServiceNowTicketRequestArray
from datadog_api_client.v2.model.create_service_now_ticket_request_data import CreateServiceNowTicketRequestData
from datadog_api_client.v2.model.create_service_now_ticket_request_data_attributes import (
    CreateServiceNowTicketRequestDataAttributes,
)
from datadog_api_client.v2.model.create_service_now_ticket_request_data_relationships import (
    CreateServiceNowTicketRequestDataRelationships,
)
from datadog_api_client.v2.model.finding_data import FindingData
from datadog_api_client.v2.model.finding_data_type import FindingDataType
from datadog_api_client.v2.model.findings import Findings
from datadog_api_client.v2.model.service_now_tickets_data_type import ServiceNowTicketsDataType

body = CreateServiceNowTicketRequestArray(
    data=[
        CreateServiceNowTicketRequestData(
            attributes=CreateServiceNowTicketRequestDataAttributes(
                assignee_id="f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
                description="A description of the ServiceNow ticket.",
                priority=CasePriority.NOT_DEFINED,
                title="A title for the ServiceNow ticket.",
            ),
            relationships=CreateServiceNowTicketRequestDataRelationships(
                findings=Findings(
                    data=[
                        FindingData(
                            id="ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
                            type=FindingDataType.FINDINGS,
                        ),
                    ],
                ),
                project=CaseManagementProject(
                    data=CaseManagementProjectData(
                        id="aeadc05e-98a8-11ec-ac2c-da7ad0900001",
                        type=CaseManagementProjectDataType.PROJECTS,
                    ),
                ),
            ),
            type=ServiceNowTicketsDataType.SERVICENOW_TICKETS,
        ),
    ],
)

configuration = Configuration()
configuration.unstable_operations["create_service_now_tickets"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_service_now_tickets(body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Create ServiceNow tickets for security findings returns "Created" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.create_service_now_tickets".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::CreateServiceNowTicketRequestArray.new({
  data: [
    DatadogAPIClient::V2::CreateServiceNowTicketRequestData.new({
      attributes: DatadogAPIClient::V2::CreateServiceNowTicketRequestDataAttributes.new({
        assignee_id: "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
        description: "A description of the ServiceNow ticket.",
        priority: DatadogAPIClient::V2::CasePriority::NOT_DEFINED,
        title: "A title for the ServiceNow ticket.",
      }),
      relationships: DatadogAPIClient::V2::CreateServiceNowTicketRequestDataRelationships.new({
        findings: DatadogAPIClient::V2::Findings.new({
          data: [
            DatadogAPIClient::V2::FindingData.new({
              id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
              type: DatadogAPIClient::V2::FindingDataType::FINDINGS,
            }),
          ],
        }),
        project: DatadogAPIClient::V2::CaseManagementProject.new({
          data: DatadogAPIClient::V2::CaseManagementProjectData.new({
            id: "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
            type: DatadogAPIClient::V2::CaseManagementProjectDataType::PROJECTS,
          }),
        }),
      }),
      type: DatadogAPIClient::V2::ServiceNowTicketsDataType::SERVICENOW_TICKETS,
    }),
  ],
})
p api_instance.create_service_now_tickets(body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Create ServiceNow tickets for security findings returns "Created" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.CreateServiceNowTicketRequestArray{
		Data: []datadogV2.CreateServiceNowTicketRequestData{
			{
				Attributes: &datadogV2.CreateServiceNowTicketRequestDataAttributes{
					AssigneeId:  datadog.PtrString("f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0"),
					Description: datadog.PtrString("A description of the ServiceNow ticket."),
					Priority:    datadogV2.CASEPRIORITY_NOT_DEFINED.Ptr(),
					Title:       datadog.PtrString("A title for the ServiceNow ticket."),
				},
				Relationships: datadogV2.CreateServiceNowTicketRequestDataRelationships{
					Findings: datadogV2.Findings{
						Data: []datadogV2.FindingData{
							{
								Id:   "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
								Type: datadogV2.FINDINGDATATYPE_FINDINGS,
							},
						},
					},
					Project: datadogV2.CaseManagementProject{
						Data: datadogV2.CaseManagementProjectData{
							Id:   "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
							Type: datadogV2.CASEMANAGEMENTPROJECTDATATYPE_PROJECTS,
						},
					},
				},
				Type: datadogV2.SERVICENOWTICKETSDATATYPE_SERVICENOW_TICKETS,
			},
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.CreateServiceNowTickets", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateServiceNowTickets(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateServiceNowTickets`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateServiceNowTickets`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Create ServiceNow tickets for security findings returns "Created" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.CaseManagementProject;
import com.datadog.api.client.v2.model.CaseManagementProjectData;
import com.datadog.api.client.v2.model.CaseManagementProjectDataType;
import com.datadog.api.client.v2.model.CasePriority;
import com.datadog.api.client.v2.model.CreateServiceNowTicketRequestArray;
import com.datadog.api.client.v2.model.CreateServiceNowTicketRequestData;
import com.datadog.api.client.v2.model.CreateServiceNowTicketRequestDataAttributes;
import com.datadog.api.client.v2.model.CreateServiceNowTicketRequestDataRelationships;
import com.datadog.api.client.v2.model.FindingCaseResponseArray;
import com.datadog.api.client.v2.model.FindingData;
import com.datadog.api.client.v2.model.FindingDataType;
import com.datadog.api.client.v2.model.Findings;
import com.datadog.api.client.v2.model.ServiceNowTicketsDataType;
import java.util.Collections;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.createServiceNowTickets", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    CreateServiceNowTicketRequestArray body =
        new CreateServiceNowTicketRequestArray()
            .data(
                Collections.singletonList(
                    new CreateServiceNowTicketRequestData()
                        .attributes(
                            new CreateServiceNowTicketRequestDataAttributes()
                                .assigneeId("f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0")
                                .description("A description of the ServiceNow ticket.")
                                .priority(CasePriority.NOT_DEFINED)
                                .title("A title for the ServiceNow ticket."))
                        .relationships(
                            new CreateServiceNowTicketRequestDataRelationships()
                                .findings(
                                    new Findings()
                                        .data(
                                            Collections.singletonList(
                                                new FindingData()
                                                    .id(
                                                        "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==")
                                                    .type(FindingDataType.FINDINGS))))
                                .project(
                                    new CaseManagementProject()
                                        .data(
                                            new CaseManagementProjectData()
                                                .id("aeadc05e-98a8-11ec-ac2c-da7ad0900001")
                                                .type(CaseManagementProjectDataType.PROJECTS))))
                        .type(ServiceNowTicketsDataType.SERVICENOW_TICKETS)));

    try {
      FindingCaseResponseArray result = apiInstance.createServiceNowTickets(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling SecurityMonitoringApi#createServiceNowTickets");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Create ServiceNow tickets for security findings returns "Created" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::CaseManagementProject;
use datadog_api_client::datadogV2::model::CaseManagementProjectData;
use datadog_api_client::datadogV2::model::CaseManagementProjectDataType;
use datadog_api_client::datadogV2::model::CasePriority;
use datadog_api_client::datadogV2::model::CreateServiceNowTicketRequestArray;
use datadog_api_client::datadogV2::model::CreateServiceNowTicketRequestData;
use datadog_api_client::datadogV2::model::CreateServiceNowTicketRequestDataAttributes;
use datadog_api_client::datadogV2::model::CreateServiceNowTicketRequestDataRelationships;
use datadog_api_client::datadogV2::model::FindingData;
use datadog_api_client::datadogV2::model::FindingDataType;
use datadog_api_client::datadogV2::model::Findings;
use datadog_api_client::datadogV2::model::ServiceNowTicketsDataType;

#[tokio::main]
async fn main() {
    let body =
        CreateServiceNowTicketRequestArray::new(vec![CreateServiceNowTicketRequestData::new(
            CreateServiceNowTicketRequestDataRelationships::new(
                Findings::new().data(vec![FindingData::new(
                    "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==".to_string(),
                    FindingDataType::FINDINGS,
                )]),
                CaseManagementProject::new(CaseManagementProjectData::new(
                    "aeadc05e-98a8-11ec-ac2c-da7ad0900001".to_string(),
                    CaseManagementProjectDataType::PROJECTS,
                )),
            ),
            ServiceNowTicketsDataType::SERVICENOW_TICKETS,
        )
        .attributes(
            CreateServiceNowTicketRequestDataAttributes::new()
                .assignee_id("f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0".to_string())
                .description("A description of the ServiceNow ticket.".to_string())
                .priority(CasePriority::NOT_DEFINED)
                .title("A title for the ServiceNow ticket.".to_string()),
        )]);
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.CreateServiceNowTickets", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_service_now_tickets(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Create ServiceNow tickets for security findings returns "Created" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.createServiceNowTickets"] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateServiceNowTicketsRequest = {
  body: {
    data: [
      {
        attributes: {
          assigneeId: "f315bdaf-9ee7-4808-a9c1-99c15bf0f4d0",
          description: "A description of the ServiceNow ticket.",
          priority: "NOT_DEFINED",
          title: "A title for the ServiceNow ticket.",
        },
        relationships: {
          findings: {
            data: [
              {
                id: "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==",
                type: "findings",
              },
            ],
          },
          project: {
            data: {
              id: "aeadc05e-98a8-11ec-ac2c-da7ad0900001",
              type: "projects",
            },
          },
        },
        type: "servicenow_tickets",
      },
    ],
  },
};

apiInstance
  .createServiceNowTickets(params)
  .then((data: v2.FindingCaseResponseArray) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
