Skip to content

Add ticket CLI commands for SOC ticket management#224

Open
maximelb wants to merge 3 commits intocli-v2from
feat/ticket-cli
Open

Add ticket CLI commands for SOC ticket management#224
maximelb wants to merge 3 commits intocli-v2from
feat/ticket-cli

Conversation

@maximelb
Copy link
Contributor

@maximelb maximelb commented Feb 27, 2026

Summary

  • Adds limacharlie ticket command group integrating the ext-ticketing system with the CLI
  • Full ticket lifecycle management: list, get, update, add-note, bulk-update, merge
  • Investigation tracking: entities (IOCs), telemetry references, forensic artifacts, detection linking
  • SOC reporting and dashboard metrics
  • Org-level ticketing configuration management
  • New SDK module (limacharlie/sdk/ticketing.py) wrapping the ext-ticketing REST API
  • New CLI module (limacharlie/commands/ticket.py) with 25+ subcommands following existing CLI patterns
  • Added ticketing discovery profile and updated threat_response profile

Command overview

limacharlie ticket list [--status ...] [--severity ...] [--search ...]
limacharlie ticket get --id <ID>
limacharlie ticket update --id <ID> [--status ...] [--assignee ...]
limacharlie ticket add-note --id <ID> --content "..."
limacharlie ticket bulk-update --ids <ID1>,<ID2> --status closed
limacharlie ticket merge --target <ID> --sources <ID1>,<ID2>

limacharlie ticket entity add --ticket <ID> --type ip --value "10.0.0.1"
limacharlie ticket entity search --type domain --value "evil.com"
limacharlie ticket telemetry add --ticket <ID> --atom <ATOM> --sid <SID>
limacharlie ticket artifact add --ticket <ID> --type pcap
limacharlie ticket detection add --ticket <ID> --detection-id <DET_ID>

limacharlie ticket report --from <RFC3339> --to <RFC3339>
limacharlie ticket dashboard
limacharlie ticket config-get / config-set
limacharlie ticket assignees

Test plan

  • Module loads correctly (auto-discovery picks up ticket.py)
  • All 803 existing unit tests pass
  • CLI help renders correctly for all commands and nested groups
  • Manual testing against live ext-ticketing instance
  • Verify auth flow works with LC JWT against ticketing API

🤖 Generated with Claude Code

maximelb and others added 2 commits February 26, 2026 18:12
@maximelb @claude
Add ticket CLI commands for SOC ticket management
fae63ef 
Integrates the ext-ticketing system with the LimaCharlie CLI,
providing full ticket lifecycle management, investigation tracking,
and reporting capabilities.

New commands:
- ticket list/get/update/add-note/bulk-update/merge
- ticket entity add/list/update/remove/search (IOC management)
- ticket telemetry add/list/update/remove (event linking)
- ticket artifact add/list/remove (forensic references)
- ticket detection add/list/remove (detection linking)
- ticket report/dashboard (SOC metrics)
- ticket config-get/config-set (org configuration)
- ticket assignees

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maximelb @claude
Add tests for ticket SDK and CLI commands
9f13434 
106 tests covering all ticketing SDK methods (41) and CLI commands (65),
including argument validation, stdin/file input, quiet mode, and error cases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@maximelb maximelb requested a review from dzimine-lc February 28, 2026 00:09
@maximelb maximelb marked this pull request as ready for review February 28, 2026 00:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dzimine-lc dzimine-lc Awaiting requested review from dzimine-lc

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maximelb