Risks

Risks are potential events that could impact the security, reputation, and financial health of a company.

List Risks

Find Risks matching the provided filters.

🔒 Requires Risk Management: List Risks permission.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 50 ]
Default: 20

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
expand[]
Array of strings (RiskExpandEnum)

List of subcollections and sub-objects to expand

Items Enum: "categories" "controls" "customFields" "documents" "notes" "owners" "reviewers" "tasks" "tickets"
currentVersionTitle
string

Filter Risks by title. Performs a case-insensitive partial match on the Risk title field.

Example: currentVersionTitle=Activity Log Evaluation - Unauthorized System Access
applicable
boolean

Filter Risks by their applicability to the organization. When true, returns only Risks that are applicable/relevant to your organization. When false, returns only Risks marked as not applicable. When omitted, returns all Risks regardless of applicability status.

status
string (RiskStatusTypeEnum)

Filter Risks by status

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
treatmentPlan
string (RiskTreatmentPlanEnum)

Filter Risks by their treatment strategy. Treatment plans define how the organization addresses each Risk: ACCEPT (acknowledge and monitor), AVOID (eliminate the Risk source), MITIGATE (reduce impact/likelihood), TRANSFER (shift to third party via insurance/contracts), or UNTREATED (no action taken yet).

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
minScore
number or null [ 1 .. 25 ]

Filter Risks by minimum calculated Risk score (impact × likelihood). Score range depends on organization settings (1-25 with thresholds 1-4=low, 5-9=medium, 10-16=high, 17-25=critical)

Example: minScore=5
maxScore
number or null [ 1 .. 25 ]

Filter Risks by maximum calculated Risk score (impact × likelihood). Score range depends on organization settings (1-25 with thresholds 1-4=low, 5-9=medium, 10-16=high, 17-25=critical)

Example: maxScore=16
vendorId
number or null

Filter Risks by vendor/third-party provider. Specify the unique vendor identifier to return only Risks associated with that specific vendor, such as Risks related to vendor security assessments, data processing agreements, or third-party service dependencies.

Example: vendorId=1
Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks
Request samples
Response samples
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "riskId": "AC-04",
      • "title": "Password Management - Password Cracking",
      • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
      • "treatmentPlan": "UNTREATED",
      • "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
      • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
      • "completionDate": "2025-07-01T16:45:55.246Z",
      • "score": 25,
      • "residualScore": 9,
      • "status": "ACTIVE",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "controls": [
        • {
          • "id": 1,
          • "code": "AC-1",
          • "name": "Access Control",
          • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
          • "isReady": true,
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "categories": [
        • {
          • "id": 1,
          • "name": "Access Control",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "owners": [
        • {
          • "id": 1,
          • "email": "[email protected]",
          • "firstName": "Sally",
          • "lastName": "Smith",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "reviewers": [
        • {
          • "id": 1,
          • "email": "[email protected]",
          • "firstName": "Sally",
          • "lastName": "Smith",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "documents": [
        • {
          • "id": 1,
          • "name": "Risk Assessment Report Q4 2023.pdf",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "notes": [
        • {
          • "id": 1,
          • "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "tickets": [
        • {
          • "id": 1,
          • "externalTicketId": "ENG-11245",
          • "isDone": false,
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "tasks": [
        • {
          • "id": 1,
          • "title": "Review quarterly security policies",
          • "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
          • "dueDate": "2020-07-06",
          • "completedAt": "2025-07-01T16:45:55.246Z",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "customFields": [
        • {
          • "customFieldId": 1,
          • "name": "Stakeholders",
          • "value": "Security & IT"
          }
        ]
      }
    ],
  • "pagination": {
    • "cursor": "string"
    }
}

Create Risk

Create a new custom Risk in the Risk register.

🔒 Requires Risk Management: Create Risk permission.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
Request Body schema: application/json
required
title
required
string <= 191 characters

Descriptive title that clearly identifies the nature and scope of the Risk

description
required
string <= 768 characters

Comprehensive description of the Risk scenario, potential threats, business impact, and affected systems or processes

identifiedAt
string or null <date>

Date when the Risk was first identified (accepts date-only or full ISO8601 format)

impact
number [ 1 .. 5 ]

Impact score representing the potential severity of consequences if the Risk materializes (1-5 scale, where 5 is most severe)

likelihood
number [ 1 .. 5 ]

Likelihood score representing the probability of the Risk occurring (1-5 scale, where 5 is most likely)

treatmentPlan
string
Default: 0

Strategy for addressing the Risk: ACCEPT (acknowledge and monitor), AVOID (eliminate source), MITIGATE (reduce impact/likelihood), TRANSFER (shift to third party), UNTREATED (no action taken)

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
treatmentDetails
string <= 30000 characters

Detailed explanation of the specific actions, controls, or measures being implemented to address the Risk. Cannot be provided when treatmentPlan is UNTREATED

anticipatedCompletionDate
string <date-time>

Target date for completing Risk treatment activities (accepts date-only or full ISO8601 format). Cannot be provided when treatmentPlan is UNTREATED

completionDate
string <date>

Actual date when Risk treatment was completed (accepts date-only or full ISO8601 format). Cannot be provided when treatmentPlan is UNTREATED

residualImpact
number [ 1 .. 5 ]

Residual impact score after treatment implementation (1-5 scale). Cannot be provided when treatmentPlan is UNTREATED

residualLikelihood
number [ 1 .. 5 ]

Residual likelihood score after treatment implementation (1-5 scale). Cannot be provided when treatmentPlan is UNTREATED

status
string
Default: "ACTIVE"

Current status of the Risk in the Risk management lifecycle

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
Array of objects (CategoryRequestPublicV2Dto) unique

Risk categories for classification and reporting purposes

Array of objects (RiskOwnerRequestPublicV2Dto) unique

Users responsible for managing and monitoring this Risk

Array of objects (ReviewerRequestPublicV2Dto) unique

Users responsible for reviewing and approving Risk treatment plans. Cannot be provided when treatmentPlan is UNTREATED

Array of objects (RiskControlRequestPublicV2Dto) unique

Security controls implemented to mitigate this Risk

Responses
201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

409

There is a conflict in the business rules with this request

412

You must accept the Drata terms and conditions to use the API

422

Unprocessable Entity

500

Internal server error

post/risk-registers/{riskRegisterId}/risks
Request samples
application/json
{
  • "title": "Password Management - Weak Password Policies",
  • "description": "Weak password policies may allow unauthorized access to organizational systems and data through password-based attacks such as brute force, dictionary attacks, or credential stuffing.",
  • "identifiedAt": "2020-07-06",
  • "impact": 4,
  • "likelihood": 3,
  • "treatmentPlan": "MITIGATE",
  • "treatmentDetails": "Implement multi-factor authentication and enforce strong password complexity requirements across all systems.",
  • "anticipatedCompletionDate": "2020-07-06",
  • "completionDate": "2020-07-06",
  • "residualImpact": 2,
  • "residualLikelihood": 2,
  • "status": "ACTIVE",
  • "categories": [
    • {
      • "id": 1
      }
    ],
  • "owners": [
    • {
      • "id": 1
      }
    ],
  • "reviewers": [
    • {
      • "id": 1
      }
    ],
  • "controls": [
    • {
      • "id": 1
      }
    ]
}
Response samples
application/json
{
  • "id": 1,
  • "riskId": "AC-04",
  • "title": "Password Management - Password Cracking",
  • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
  • "treatmentPlan": "UNTREATED",
  • "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
  • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
  • "completionDate": "2025-07-01T16:45:55.246Z",
  • "score": 25,
  • "residualScore": 9,
  • "status": "ACTIVE",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "controls": [
    • {
      • "id": 1,
      • "code": "AC-1",
      • "name": "Access Control",
      • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
      • "isReady": true,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "categories": [
    • {
      • "id": 1,
      • "name": "Access Control",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "owners": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "reviewers": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "documents": [
    • {
      • "id": 1,
      • "name": "Risk Assessment Report Q4 2023.pdf",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "notes": [
    • {
      • "id": 1,
      • "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "tickets": [
    • {
      • "id": 1,
      • "externalTicketId": "ENG-11245",
      • "isDone": false,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "tasks": [
    • {
      • "id": 1,
      • "title": "Review quarterly security policies",
      • "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
      • "dueDate": "2020-07-06",
      • "completedAt": "2025-07-01T16:45:55.246Z",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "customFields": [
    • {
      • "customFieldId": 1,
      • "name": "Stakeholders",
      • "value": "Security & IT"
      }
    ]
}

Get Risk

Get detail for a Risk item.

🔒 Requires Risk Management: Get Risk permission.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

query Parameters
expand[]
Array of strings (RiskExpandEnum)

List of subcollections and sub-objects to expand

Items Enum: "categories" "controls" "customFields" "documents" "notes" "owners" "reviewers" "tasks" "tickets"
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}
Request samples
Response samples
application/json
{
  • "id": 1,
  • "riskId": "AC-04",
  • "title": "Password Management - Password Cracking",
  • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
  • "treatmentPlan": "UNTREATED",
  • "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
  • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
  • "completionDate": "2025-07-01T16:45:55.246Z",
  • "score": 25,
  • "residualScore": 9,
  • "status": "ACTIVE",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "controls": [
    • {
      • "id": 1,
      • "code": "AC-1",
      • "name": "Access Control",
      • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
      • "isReady": true,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "categories": [
    • {
      • "id": 1,
      • "name": "Access Control",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "owners": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "reviewers": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "documents": [
    • {
      • "id": 1,
      • "name": "Risk Assessment Report Q4 2023.pdf",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "notes": [
    • {
      • "id": 1,
      • "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "tickets": [
    • {
      • "id": 1,
      • "externalTicketId": "ENG-11245",
      • "isDone": false,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "tasks": [
    • {
      • "id": 1,
      • "title": "Review quarterly security policies",
      • "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
      • "dueDate": "2020-07-06",
      • "completedAt": "2025-07-01T16:45:55.246Z",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "customFields": [
    • {
      • "customFieldId": 1,
      • "name": "Stakeholders",
      • "value": "Security & IT"
      }
    ]
}

Update Risk

Update an existing Risk.

🔒 Requires Risk Management: Update Risk permission.

Securitybearer
Request
path Parameters
riskRegisterId
required
number

In the near future risks will be scoped under risk registers, for now always use a value of 1

Example: 1
required
number or string

An integer Risk ID or string Risk ID prefixed with riskId:

Request Body schema: application/json
required
title
string <= 191 characters

Descriptive title that clearly identifies the nature and scope of the Risk

description
string <= 768 characters

Comprehensive description of the Risk scenario, potential threats, business impact, and affected systems or processes

identifiedAt
string or null <date>

Date when the Risk was first identified

impact
number [ 1 .. 5 ]

Impact score representing the potential severity of consequences if the Risk materializes (1-5 scale, where 5 is most severe)

likelihood
number [ 1 .. 10 ]

Likelihood score representing the probability of the Risk occurring (1-5 scale, where 5 is most likely)

treatmentPlan
string

Strategy for addressing the Risk: ACCEPT (acknowledge and monitor), AVOID (eliminate source), MITIGATE (reduce impact/likelihood), TRANSFER (shift to third party), UNTREATED (no action taken)

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
treatmentDetails
string <= 30000 characters

Detailed explanation of the specific actions, controls, or measures being implemented to address the Risk. Cannot be provided when treatmentPlan is UNTREATED

anticipatedCompletionDate
string <date>

Target date for completing Risk treatment activities. Cannot be provided when treatmentPlan is UNTREATED

completionDate
string <date>

Actual date when Risk treatment was completed. Cannot be provided when treatmentPlan is UNTREATED

residualImpact
number [ 1 .. 5 ]

Residual impact score after treatment implementation (1-5 scale). Cannot be provided when treatmentPlan is UNTREATED

residualLikelihood
number [ 1 .. 5 ]

Residual likelihood score after treatment implementation (1-5 scale). Cannot be provided when treatmentPlan is UNTREATED

status
string

Current status of the Risk in the Risk management lifecycle

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
Array of objects (CategoryRequestPublicV2Dto) unique

Risk categories for classification and reporting purposes

Array of objects (RiskOwnerRequestPublicV2Dto) unique

Users responsible for managing and monitoring this Risk

Array of objects (ReviewerRequestPublicV2Dto) unique

Users responsible for reviewing and approving Risk treatment plans. Cannot be provided when treatmentPlan is UNTREATED

Array of objects (RiskControlRequestPublicV2Dto) unique

Security controls implemented to mitigate this Risk

Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

422

Unprocessable Entity

500

Internal server error

put/risk-registers/{riskRegisterId}/risks/{riskId}
Request samples
application/json
{
  • "title": "Password Management - Weak Password Policies",
  • "description": "Weak password policies may allow unauthorized access to organizational systems and data through password-based attacks such as brute force, dictionary attacks, or credential stuffing.",
  • "identifiedAt": "2020-07-06",
  • "impact": 4,
  • "likelihood": 3,
  • "treatmentPlan": "MITIGATE",
  • "treatmentDetails": "Implement multi-factor authentication and enforce strong password complexity requirements across all systems.",
  • "anticipatedCompletionDate": "2020-07-06",
  • "completionDate": "2024-12-01",
  • "residualImpact": 2,
  • "residualLikelihood": 2,
  • "status": "ACTIVE",
  • "categories": [
    • {
      • "id": 1
      }
    ],
  • "owners": [
    • {
      • "id": 1
      }
    ],
  • "reviewers": [
    • {
      • "id": 1
      }
    ],
  • "controls": [
    • {
      • "id": 1
      }
    ]
}
Response samples
application/json
{
  • "id": 1,
  • "riskId": "AC-04",
  • "title": "Password Management - Password Cracking",
  • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
  • "treatmentPlan": "UNTREATED",
  • "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
  • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
  • "completionDate": "2025-07-01T16:45:55.246Z",
  • "score": 25,
  • "residualScore": 9,
  • "status": "ACTIVE",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "controls": [
    • {
      • "id": 1,
      • "code": "AC-1",
      • "name": "Access Control",
      • "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
      • "isReady": true,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "categories": [
    • {
      • "id": 1,
      • "name": "Access Control",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "owners": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "reviewers": [
    • {
      • "id": 1,
      • "email": "[email protected]",
      • "firstName": "Sally",
      • "lastName": "Smith",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "documents": [
    • {
      • "id": 1,
      • "name": "Risk Assessment Report Q4 2023.pdf",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "notes": [
    • {
      • "id": 1,
      • "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "tickets": [
    • {
      • "id": 1,
      • "externalTicketId": "ENG-11245",
      • "isDone": false,
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "tasks": [
    • {
      • "id": 1,
      • "title": "Review quarterly security policies",
      • "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
      • "dueDate": "2020-07-06",
      • "completedAt": "2025-07-01T16:45:55.246Z",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "customFields": [
    • {
      • "customFieldId": 1,
      • "name": "Stakeholders",
      • "value": "Security & IT"
      }
    ]
}