---
title: Get all ticket creation rules
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Get all ticket creation rules{% #get-all-ticket-creation-rules %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in Preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                                                |
| ----------------- | ------------------------------------------------------------------------------------------- |
| ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules |
| ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules |
| app.datadoghq.eu  | GET https://api.datadoghq.eu/api/v2/security/findings/automation/ticket_creation_rules      |
| app.ddog-gov.com  | GET https://api.ddog-gov.com/api/v2/security/findings/automation/ticket_creation_rules      |
| us2.ddog-gov.com  | GET https://api.us2.ddog-gov.com/api/v2/security/findings/automation/ticket_creation_rules  |
| uk1.datadoghq.com | GET https://api.uk1.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules |
| app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules     |
| us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules |
| us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules |

### Overview

Get all ticket creation rules for the current organization. This endpoint requires the `security_pipelines_read` permission.

### Arguments

#### Query Strings

| Name         | Type    | Description                                    |
| ------------ | ------- | ---------------------------------------------- |
| page[size]   | integer | The number of rules per page. Maximum is 1000. |
| page[number] | integer | The page number to return.                     |

### Response

{% tab title="200" %}
Successfully retrieved the list of ticket creation rules
{% tab title="Model" %}
A list of ticket creation rules with pagination metadata.

| Parent field | Field                                  | Type     | Description                                                                                                                                                                                                                                                                                  |
| ------------ | -------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]                 | [object] | A list of ticket creation rule data objects.                                                                                                                                                                                                                                                 |
| data         | attributes [*required*]           | object   | Attributes of a ticket creation rule returned by the API.                                                                                                                                                                                                                                    |
| attributes   | action [*required*]               | object   | The action to take when the ticket creation rule matches a finding.                                                                                                                                                                                                                          |
| action       | assignee_id                            | uuid     | The UUID of the default assignee for created tickets.                                                                                                                                                                                                                                        |
| action       | auto_disabled_reason                   | string   | The reason the rule was automatically disabled by the system due to a ticketing integration error.                                                                                                                                                                                           |
| action       | fields                                 | object   | Custom fields of the Jira issue to create. For the list of available fields, see [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-createmeta-projectidorkey-issuetypes-issuetypeid-get).                              |
| action       | max_tickets_per_day [*required*]  | int64    | The maximum number of tickets the rule may create per day. If exceeded, one final ticket will be created, explaining the limit was hit and link back to the responsible rule.                                                                                                                |
| action       | project_id [*required*]           | uuid     | The UUID of the case management project.                                                                                                                                                                                                                                                     |
| action       | target [*required*]               | enum     | The ticketing system to create tickets in. Allowed enum values: `jira,case_management`                                                                                                                                                                                                       |
| attributes   | created_at [*required*]           | int64    | The Unix timestamp in milliseconds when the rule was created.                                                                                                                                                                                                                                |
| attributes   | created_by [*required*]           | object   | The user or Datadog system who created the rule.                                                                                                                                                                                                                                             |
| created_by   | id [*required*]                   | string   | The actor's identifier (a user UUID or a system identifier).                                                                                                                                                                                                                                 |
| created_by   | name [*required*]                 | string   | The name of the actor.                                                                                                                                                                                                                                                                       |
| created_by   | type [*required*]                 | enum     | Whether the actor is a user or the Datadog system. Allowed enum values: `user,system`                                                                                                                                                                                                        |
| attributes   | enabled [*required*]              | boolean  | Whether the ticket creation rule is enabled.                                                                                                                                                                                                                                                 |
| attributes   | modified_at [*required*]          | int64    | The Unix timestamp in milliseconds when the rule was last modified.                                                                                                                                                                                                                          |
| attributes   | modified_by [*required*]          | object   | The user or Datadog system who last modified the rule.                                                                                                                                                                                                                                       |
| modified_by  | id [*required*]                   | string   | The actor's identifier (a user UUID or a system identifier).                                                                                                                                                                                                                                 |
| modified_by  | name [*required*]                 | string   | The name of the actor.                                                                                                                                                                                                                                                                       |
| modified_by  | type [*required*]                 | enum     | Whether the actor is a user or the Datadog system. Allowed enum values: `user,system`                                                                                                                                                                                                        |
| attributes   | name [*required*]                 | string   | The name of the ticket creation rule.                                                                                                                                                                                                                                                        |
| attributes   | rule [*required*]                 | object   | Defines the scope of findings to which the automation rule applies.                                                                                                                                                                                                                          |
| rule         | finding_types [*required*]        | [string] | The list of security finding types that the automation rule applies to.                                                                                                                                                                                                                      |
| rule         | query                                  | string   | A search query to further filter the findings matched by this rule. The `@workflow.*` namespace and `@status` fields are not permitted. For a reference of available fields, see the [Security Findings schema documentation](https://docs.datadoghq.com/security/guide/findings-schema.md). |
| data         | id [*required*]                   | uuid     | The ID of the ticket creation rule.                                                                                                                                                                                                                                                          |
| data         | type [*required*]                 | enum     | The JSON:API type for ticket creation rules. Allowed enum values: `ticket_creation_rules`                                                                                                                                                                                                    |
|              | links [*required*]                | object   | Pagination links for the list of automation rules.                                                                                                                                                                                                                                           |
| links        | first [*required*]                | string   | Link to the first page of results.                                                                                                                                                                                                                                                           |
| links        | last [*required*]                 | string   | Link to the last page of results.                                                                                                                                                                                                                                                            |
| links        | next                                   | string   | Link to the next page of results.                                                                                                                                                                                                                                                            |
| links        | prev                                   | string   | Link to the previous page of results.                                                                                                                                                                                                                                                        |
|              | meta [*required*]                 | object   | Metadata for the list of automation rules.                                                                                                                                                                                                                                                   |
| meta         | page [*required*]                 | object   | Pagination information for the list of automation rules.                                                                                                                                                                                                                                     |
| page         | total_filtered_count [*required*] | int64    | The total number of rules matching the current filter.                                                                                                                                                                                                                                       |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": [
    {
      "attributes": {
        "action": {
          "assignee_id": "22222222-2222-2222-2222-222222222222",
          "auto_disabled_reason": "Daily ticket creation limit exceeded",
          "fields": {
            "labels": [
              "security"
            ]
          },
          "max_tickets_per_day": 100,
          "project_id": "11111111-1111-1111-1111-111111111111",
          "target": "jira"
        },
        "created_at": 1722439510282,
        "created_by": {
          "id": "00000000-0000-0000-0000-000000000000",
          "name": "Jane Doe",
          "type": "user"
        },
        "enabled": true,
        "modified_at": 1722439510282,
        "modified_by": {
          "id": "00000000-0000-0000-0000-000000000000",
          "name": "Jane Doe",
          "type": "user"
        },
        "name": "Auto-create Jira tickets for critical findings",
        "rule": {
          "finding_types": [
            "misconfiguration"
          ],
          "query": "env:prod team:platform"
        }
      },
      "id": "00000000-0000-0000-0000-000000000000",
      "type": "ticket_creation_rules"
    }
  ],
  "links": {
    "first": "/api/v2/security/findings/automation/mute_rules?page[size]=10\u0026page[number]=0",
    "last": "/api/v2/security/findings/automation/mute_rules?page[size]=10\u0026page[number]=5",
    "next": "/api/v2/security/findings/automation/mute_rules?page[size]=10\u0026page[number]=2",
    "prev": "/api/v2/security/findings/automation/mute_rules?page[size]=10\u0026page[number]=0"
  },
  "meta": {
    "page": {
      "total_filtered_count": 42
    }
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Forbidden
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/security/findings/automation/ticket_creation_rules" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" 
                
##### 

```python
"""
Get all ticket creation rules returns "Successfully retrieved the list of ticket creation rules" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

configuration = Configuration()
configuration.unstable_operations["list_security_findings_automation_ticket_creation_rules"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.list_security_findings_automation_ticket_creation_rules()

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Get all ticket creation rules returns "Successfully retrieved the list of ticket creation rules" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.list_security_findings_automation_ticket_creation_rules".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
p api_instance.list_security_findings_automation_ticket_creation_rules()
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Get all ticket creation rules returns "Successfully retrieved the list of ticket creation rules" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.ListSecurityFindingsAutomationTicketCreationRules", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.ListSecurityFindingsAutomationTicketCreationRules(ctx, *datadogV2.NewListSecurityFindingsAutomationTicketCreationRulesOptionalParameters())

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListSecurityFindingsAutomationTicketCreationRules`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListSecurityFindingsAutomationTicketCreationRules`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Get all ticket creation rules returns "Successfully retrieved the list of ticket creation rules"
// response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.TicketCreationRulesResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled(
        "v2.listSecurityFindingsAutomationTicketCreationRules", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    try {
      TicketCreationRulesResponse result =
          apiInstance.listSecurityFindingsAutomationTicketCreationRules();
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling"
              + " SecurityMonitoringApi#listSecurityFindingsAutomationTicketCreationRules");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Get all ticket creation rules returns "Successfully retrieved the list of
// ticket creation rules" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::ListSecurityFindingsAutomationTicketCreationRulesOptionalParams;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled(
        "v2.ListSecurityFindingsAutomationTicketCreationRules",
        true,
    );
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .list_security_findings_automation_ticket_creation_rules(
            ListSecurityFindingsAutomationTicketCreationRulesOptionalParams::default(),
        )
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Get all ticket creation rules returns "Successfully retrieved the list of ticket creation rules" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations[
  "v2.listSecurityFindingsAutomationTicketCreationRules"
] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

apiInstance
  .listSecurityFindingsAutomationTicketCreationRules()
  .then((data: v2.TicketCreationRulesResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
