Post is pinned.Post has attachment
If you are using the Tufin Orchestration Suite as a development platform, extending it or integrating with 3rd party systems - this is the place to share knowledge and consult with peers.
Click on the link below to get started.

Hello Tufin Community,

Trying to GET and POST the comments of a ticket, can you share whit us an API to do this.




We have a requirement to take some data from a SecureChange ticket and put it in a .csv file and attach that to an email. I am trying to do this with a python script that is triggered from a SC workflow. The email portion is working fine. I am trying to create the .csv in /tmp, however I am unable to create the file from the script but it doesn't seem to be throwing any errors.. are there file permissions or something else I need to change on the script to allow it to create the file? Any help is appreciated.

Using this snippet to create the .csv:
with open('/tmp/accessrequest.csv', 'w') as csvFile:
writer = csv.writer(csvFile)


Happy New year to everyone ! .. Can anyone please share how to run a report - A rule with Source "ANY", Destination "ANY" and Protocol "ANY" in Secure Track ?

Hi All and happy new year to everyone,

Can anyone please tell me if Securechange(18.1) can discuss with the API of CSM(4.17)?
I can recover each policy of the CSM on securetrack, but on SecureChange, devices of the CSM are not apparent.



trying to pull all Checkpoint devices, which are just model:"module" like this, but it's returning also "module_cluster" devices. Using this URL

How to get only "module" and not "module_cluster"?
I have few workaround in my mind, but would like to know if there is a way how to filter it properly within url

Hi. I am trying to update some fields of my ticket with pre-assignment script but I get response "Cannot update ticket because it is in pending status (Pre-assignment script)". I need to update fields before it will be handled by somebody. Is there any workaround?


I'm trying to use the modify designer suggestions API. The challenge we have is that Tufin applies optimization to firewall rules.

We have group1 with 2 members and group2 with the same 2 members. These 2 members are reserved IPs as SRX doesn't allow for empty groups. In the future these groups are modified as virtual machines can be added and removed dynamically from them (via a group modify workflow in SC).

A flow gets requested and implemented from group1 to some destination with some service. SC/ST implements this flow correctly. Now a 2nd flow gets requested from group2 to some destination with some service. Tufin will update the existing rule as group1 and group2 appear identical to ST. The problem is then that when group2 gets updated with an IP for a new virtual machine the flow doesn't work as it was applied against group1.

I tried replacing group2 with some temp group that has different members before the workflow hits designer and then modify the designer suggestion by trying the object replace but SC doesn't allow this as it comes back saying the objects I'm trying to swap are not identical.

Is there a way to 'force' designer to accept my modification or to stop designer to apply optimization to these rules?


Post has attachment
Hi All
R18-3 GA is out.

The new postman collections are available at

Online swagger documentation is available on and

In addition to the new stuff I mentioned in the RC1 release post, there are a couple of more changes that we introduced in the GA version:

We added a SecureTrack API to search services by uid, protocol, port or by text contained in the service name or comments, see!/Services_and_Ports/findServicesObjects

We added an optional force parameter to Modify Designer suggestions API.
You can set this this parameter to true to change the Designer results, even if a new revision arrived after the Designer results were saved.

We improved the results of 'Get designer results according to field id' API -
Instead of 'commit_managements_results' section, that was limited to a single device and did not include commits for other devices,
the API results include 'commit_result' section, that has a link to the full commit results report, which includes all of the devices.

The commit results report is also available via a new API that lets you retrieve only the results of a commit action, see!/Tickets/getCommitResults

For all the new stuff in this version see'sNewinTufinOrchestrationSuiteR18-3.pdf

How can I pull up all rules that are inactive for 2 years using resp API for Secure Track ?
Wait while more posts are being loaded