SecureTrack Aurora GraphQL API Documentation R22-1
Below you can find examples and references for our GraphQL schema
Queries
auth
Example
Query
query auth {
auth {
sessionUser {
...SessionUserFragment
}
}
}
Response
{"data": {"auth": {"sessionUser": SessionUser}}}
devices
DeviceQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching Device entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query devices($filter: String) {
devices(filter: $filter) {
count
values {
...DeviceFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"devices": {
"count": Long,
"values": [Device]
}
}
}
devicesStatus
DeviceStatusQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching DeviceStatus entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query devicesStatus($filter: String) {
devicesStatus(filter: $filter) {
count
values {
...DeviceStatusFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"devicesStatus": {
"count": Long,
"values": [DeviceStatus]
}
}
}
domains
DomainQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching Domain entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query domains($filter: String) {
domains(filter: $filter) {
count
values {
...DomainFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"domains": {
"count": Long,
"values": [Domain]
}
}
}
getUsps
Example
Query
query getUsps {
getUsps {
appliedToAnyDomain
changed
description
differentZonesDefaultRestrictions {
...UspRestrictionsFragment
}
domain {
...DomainFragment
}
id
name
requirements {
...UspRequirementFragment
}
sameZoneDefaultRestrictions {
...UspRestrictionsFragment
}
securityZones {
...SecurityZoneFragment
}
}
}
Response
{
"data": {
"getUsps": [
{
"appliedToAnyDomain": false,
"changed": DateTime,
"description": "xyz789",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": ID,
"name": "xyz789",
"requirements": [UspRequirement],
"sameZoneDefaultRestrictions": UspRestrictions,
"securityZones": [SecurityZone]
}
]
}
}
interfaces
InterfaceQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching Interface entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query interfaces($filter: String) {
interfaces(filter: $filter) {
count
values {
...InterfaceFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"interfaces": {
"count": Long,
"values": [Interface]
}
}
}
opmAgents
OPMAgentQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching OPMAgent entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query opmAgents($filter: String) {
opmAgents(filter: $filter) {
count
values {
...OPMAgentFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"opmAgents": {
"count": Long,
"values": [OPMAgent]
}
}
}
rules
RuleQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching Rule entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query rules($filter: String) {
rules(filter: $filter) {
count
counts {
...CountsResultFragment
}
values {
...RuleFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"rules": {
"count": Long,
"counts": [CountsResult],
"values": [Rule]
}
}
}
securityZones
SecurityZoneQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching SecurityZone entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query securityZones($filter: String) {
securityZones(filter: $filter) {
count
values {
...SecurityZoneFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"securityZones": {
"count": Long,
"values": [SecurityZone]
}
}
}
systems
SystemQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching System entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query systems($filter: String) {
systems(filter: $filter) {
count
values {
...SystemFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"systems": {
"count": Long,
"values": [System]
}
}
}
trend
Example
Query
query trend($input: TrendQueryInput!) {
trend(input: $input) {
resultStatus {
...ResultStatusFragment
}
timedCounts {
...TimedCountFragment
}
}
}
Variables
{"input": TrendQueryInput}
Response
{
"data": {
"trend": {
"resultStatus": ResultStatus,
"timedCounts": [TimedCount]
}
}
}
users
UserQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching User entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query users($filter: String) {
users(filter: $filter) {
count
values {
...UserFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"users": {
"count": Long,
"values": [User]
}
}
}
userTQLSearches
UserTQLSearchQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching UserTQLSearch entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query userTQLSearches($filter: String) {
userTQLSearches(filter: $filter) {
count
values {
...UserTQLSearchFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"userTQLSearches": {
"count": Long,
"values": [UserTQLSearch]
}
}
}
userWorkflows
Example
Query
query userWorkflows {
userWorkflows {
resultStatus {
...ResultStatusFragment
}
values {
...UserWorkflowFragment
}
}
}
Response
{
"data": {
"userWorkflows": {
"resultStatus": ResultStatus,
"values": [UserWorkflow]
}
}
}
uspAlertConfigs
UspAlertConfigQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching UspAlertConfig entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspAlertConfigs($filter: String) {
uspAlertConfigs(filter: $filter) {
count
values {
...UspAlertConfigFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"uspAlertConfigs": {
"count": Long,
"values": [UspAlertConfig]
}
}
}
uspExceptions
UspExceptionQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching UspException entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspExceptions($filter: String) {
uspExceptions(filter: $filter) {
count
values {
...UspExceptionFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"uspExceptions": {
"count": Long,
"values": [UspException]
}
}
}
uspRequirements
UspRequirementQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching UspRequirement entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspRequirements($filter: String) {
uspRequirements(filter: $filter) {
count
values {
...UspRequirementFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"uspRequirements": {
"count": Long,
"values": [UspRequirement]
}
}
}
uspRiskAnalysisTask
UspRiskAnalysisTaskQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching UspRiskAnalysisTask entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspRiskAnalysisTask($filter: String) {
uspRiskAnalysisTask(filter: $filter) {
count
values {
...UspRiskAnalysisTaskFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"uspRiskAnalysisTask": {
"count": Long,
"values": [UspRiskAnalysisTask]
}
}
}
usps
UspQuery
| Name | Description |
|---|---|
filter -
String
|
TQL query to filter for matching Usp entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query usps($filter: String) {
usps(filter: $filter) {
count
values {
...UspFragment
}
}
}
Variables
{"filter": }
Response
{
"data": {
"usps": {
"count": Long,
"values": [Usp]
}
}
}
zones
Example
Query
query zones {
zones {
changed
comment
device {
...BasicDeviceFragment
}
id
name
system {
...BasicSystemFragment
}
version
zoneType
}
}
Response
{
"data": {
"zones": [
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"version": 987,
"zoneType": ZoneType
}
]
}
}
Mutations
riskAnalysis
Example
Query
mutation riskAnalysis {
riskAnalysis {
createUspRiskAnalysisTask {
...CreateUspRiskAnalysisTaskResultFragment
}
}
}
Response
{
"data": {
"riskAnalysis": {
"createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}
}
}
ruleOperations
Example
Query
mutation ruleOperations {
ruleOperations {
createTicketDraft {
...CreateTicketDraftResultFragment
}
}
}
Response
{
"data": {
"ruleOperations": {
"createTicketDraft": CreateTicketDraftResult
}
}
}
ruleUserData
Example
Query
mutation ruleUserData {
ruleUserData {
createTicket {
...CreateTicketResultFragment
}
deleteTickets {
...DeleteTicketsResultFragment
}
updateRuleAutomationAttribute {
...UpdateRuleAutomationAttributeResultFragment
}
updateRuleDescription {
...UpdateRuleDescriptionResultFragment
}
updateRuleTechnicalOwner {
...UpdateRuleTechnicalOwnerResultFragment
}
updateTicket {
...UpdateTicketResultFragment
}
}
}
Response
{
"data": {
"ruleUserData": {
"createTicket": CreateTicketResult,
"deleteTickets": DeleteTicketsResult,
"updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
"updateRuleDescription": UpdateRuleDescriptionResult,
"updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
"updateTicket": UpdateTicketResult
}
}
}
system
Example
Query
mutation system {
system {
createSystem {
...CreateSystemResultFragment
}
deleteSystem {
...DeleteSystemResultFragment
}
updateSystem {
...UpdateSystemResultFragment
}
}
}
Response
{
"data": {
"system": {
"createSystem": CreateSystemResult,
"deleteSystem": DeleteSystemResult,
"updateSystem": UpdateSystemResult
}
}
}
userTQLSearch
Example
Query
mutation userTQLSearch {
userTQLSearch {
changeUserTQLSearchesOwner {
...ChangeUserTQLSearchesOwnerResultFragment
}
createUserTQLSearch {
...CreateUserTQLSearchResultFragment
}
deleteUserTQLSearch {
...DeleteUserTQLSearchResultFragment
}
updateUserTQLSearch {
...UpdateUserTQLSearchResultFragment
}
}
}
Response
{
"data": {
"userTQLSearch": {
"changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
"createUserTQLSearch": CreateUserTQLSearchResult,
"deleteUserTQLSearch": DeleteUserTQLSearchResult,
"updateUserTQLSearch": UpdateUserTQLSearchResult
}
}
}
usp
Example
Query
mutation usp {
usp {
addSecurityZonesToUsp {
...AddSecurityZonesToUspResultFragment
}
createPredefinedUsp {
...CreatePredefinedUspResultFragment
}
createUsp {
...CreateUspResultFragment
}
deleteUsp {
...DeleteUspResultFragment
}
removeSecurityZonesFromUsp {
...RemoveSecurityZonesFromUspResultFragment
}
updateUsp {
...UpdateUspResultFragment
}
updateUspRequirement {
...UpdateUspRequirementResultFragment
}
}
}
Response
{
"data": {
"usp": {
"addSecurityZonesToUsp": AddSecurityZonesToUspResult,
"createPredefinedUsp": CreatePredefinedUspResult,
"createUsp": CreateUspResult,
"deleteUsp": DeleteUspResult,
"removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
"updateUsp": UpdateUspResult,
"updateUspRequirement": UpdateUspRequirementResult
}
}
}
uspAlertConfig
Example
Query
mutation uspAlertConfig {
uspAlertConfig {
createUspAlertConfig {
...CreateUspAlertConfigResultFragment
}
deleteAlertConfig {
...DeleteAlertConfigResultFragment
}
updateUspAlertConfig {
...UpdateUspAlertConfigResultFragment
}
}
}
Response
{
"data": {
"uspAlertConfig": {
"createUspAlertConfig": CreateUspAlertConfigResult,
"deleteAlertConfig": DeleteAlertConfigResult,
"updateUspAlertConfig": UpdateUspAlertConfigResult
}
}
}
uspException
Example
Query
mutation uspException {
uspException {
addRulesToRuleException {
...AddRulesToRuleExceptionResultFragment
}
createUspRuleException {
...CreateUspRuleExceptionResultFragment
}
createUspTrafficException {
...CreateUspTrafficExceptionResultFragment
}
deleteUspExceptions {
...DeleteUspExceptionResultFragment
}
updateUspRuleException {
...UpdateUspRuleExceptionResultFragment
}
updateUspTrafficException {
...UpdateUspTrafficExceptionResultFragment
}
}
}
Response
{
"data": {
"uspException": {
"addRulesToRuleException": AddRulesToRuleExceptionResult,
"createUspRuleException": CreateUspRuleExceptionResult,
"createUspTrafficException": CreateUspTrafficExceptionResult,
"deleteUspExceptions": DeleteUspExceptionResult,
"updateUspRuleException": UpdateUspRuleExceptionResult,
"updateUspTrafficException": UpdateUspTrafficExceptionResult
}
}
}
zoneMapping
Example
Query
mutation zoneMapping {
zoneMapping {
updateDeviceInclusionInCalculation {
...UpdateDeviceInclusionInCalculationResultFragment
}
updateMappings {
...ZoneManualMappingResultFragment
}
updateProtectionMode {
...UpdateProtectionModeResultFragment
}
}
}
Response
{
"data": {
"zoneMapping": {
"updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
"updateMappings": ZoneManualMappingResult,
"updateProtectionMode": UpdateProtectionModeResult
}
}
}
Types
AccessRequestActionType
The action of the access request. Equivalent to a security rule action.
| Enum Value | Description |
|---|---|
|
|
Allow all traffic. |
|
|
Deny all traffic. |
AccessRequestApplicationInput
| Input Field | Description |
|---|---|
name -
String!
|
|
nonDefaultPorts -
Boolean
|
|
services -
[ServiceExpressionString!]
|
Example
{
"name": "xyz789",
"nonDefaultPorts": true,
"services": [ServiceExpressionString]
}
AccessRequestInput
Represents a traffic access request to be checked for violation of any of the configured USPs.
| Input Field | Description |
|---|---|
actionType -
AccessRequestActionType!
|
|
applicationPredefinedValue -
AccessRequestApplicationPredefinedValue
|
Predefined value of |
applications -
[AccessRequestApplicationInput!]
|
List of |
destinationDomain -
AccessRequestDomainInput
|
The access request destination |
destinationPredefinedValue -
AccessRequestNetworkPredefinedValue
|
Predefined value of |
destinationZones -
[IdString!]
|
List of SecureTrack zones that represent the access request destination zones. |
destinations -
[NetworkObjectTrafficInput!]
|
List of |
id -
FreeText!
|
|
servicePredefinedValue -
AccessRequestServicePredefinedValue
|
Predefined value of |
services -
[ServiceExpressionString!]
|
List of |
sourceDomain -
AccessRequestDomainInput
|
The access request source |
sourcePredefinedValue -
AccessRequestNetworkPredefinedValue
|
Predefined value of |
sourceZones -
[IdString!]
|
List of SecureTrack zones that represent the access request source zones. |
sources -
[NetworkObjectTrafficInput!]
|
List of |
Example
{
"actionType": AccessRequestActionType,
"applicationPredefinedValue": AccessRequestApplicationPredefinedValue,
"applications": [AccessRequestApplicationInput],
"destinationDomain": AccessRequestDomainInput,
"destinationPredefinedValue": AccessRequestNetworkPredefinedValue,
"destinationZones": [IdString],
"destinations": [NetworkObjectTrafficInput],
"id": FreeText,
"servicePredefinedValue": AccessRequestServicePredefinedValue,
"services": [ServiceExpressionString],
"sourceDomain": AccessRequestDomainInput,
"sourcePredefinedValue": AccessRequestNetworkPredefinedValue,
"sourceZones": [IdString],
"sources": [NetworkObjectTrafficInput]
}
AccessRole
Set of permitted objects
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
networks -
[NetworkObject!]
|
List of network objects this access role has right to see |
networksPredefinedValue -
NetworkPredefinedValue
|
Could be any network, IPv4 only network or IPv6 only network |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
users -
[UserValue!]
|
List of users this access role has been assigned for |
usersPredefinedValue -
UserPredefinedValue
|
Predefined values to define well known user behavior |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"networks": [NetworkObject],
"networksPredefinedValue": NetworkPredefinedValue,
"system": BasicSystem,
"users": [UserValue],
"usersPredefinedValue": UserPredefinedValue,
"version": 987
}
AddRulesToRuleExceptionInput
| Input Field | Description |
|---|---|
id -
IdString!
|
|
rulesIds -
[IdString!]!
|
Example
{
"id": IdString,
"rulesIds": [IdString]
}
AddRulesToRuleExceptionResult
| Field Name | Description |
|---|---|
id -
ID
|
|
resultStatus -
ResultStatus!
|
Example
{
"id": ID,
"resultStatus": ResultStatus
}
AddSecurityZonesToUspInput
Adding SecureTrack network zones to an existing USP.
| Input Field | Description |
|---|---|
securityZonesIds -
[IdString!]!
|
SecureTrack network zones IDs. |
uspId -
IdString!
|
USP ID. |
Example
{
"securityZonesIds": [IdString],
"uspId": IdString
}
AddSecurityZonesToUspResult
Returns the status results when adding SecureTrack network zones to an existing USP.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of request to add SecureTrack network zones to an existing USP. |
Example
{"resultStatus": ResultStatus}
AlertConfigMutation
The AlertConfigMutation entity lets you create, update or delete USP alerts. For a full list of configuration options see the createUspAlertConfig and updateUspAlertConfig entities.
| Field Name | Description |
|---|---|
createUspAlertConfig -
CreateUspAlertConfigResult!
|
Create a USP alert. |
|
Arguments
|
|
deleteAlertConfig -
DeleteAlertConfigResult!
|
Delete a USP alert. |
|
Arguments
|
|
updateUspAlertConfig -
UpdateUspAlertConfigResult!
|
Update a USP alert. |
|
Arguments
|
|
Example
{
"createUspAlertConfig": CreateUspAlertConfigResult,
"deleteAlertConfig": DeleteAlertConfigResult,
"updateUspAlertConfig": UpdateUspAlertConfigResult
}
Application
Network application.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
services -
[Service!]
|
TCP/IP services of the application. |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"name": "xyz789",
"services": [Service],
"system": BasicSystem,
"version": 987
}
ApplicationPredefinedValue
Predefined values to define Any application
| Enum Value | Description |
|---|---|
|
|
Any application |
ApplicationString
An application string. Must be a predefined application. Input as a String literal, for example, 'Facebook'
Example
object
ApplicationUsage
Object which represents usage information of applications on the rule
| Field Name | Description |
|---|---|
application -
RuleApplicationValue
|
The identity of an application |
timeLastHit -
DateTime
|
Represents time when traffic was recorded for the application |
Example
{
"application": RuleApplicationValue,
"timeLastHit": DateTime
}
AppliedToObjectsPredefinedValue
Predefined values for "AppliedToObjects"
| Enum Value | Description |
|---|---|
|
|
Any object |
|
|
No object |
AuthQuery
A container for authentication-related information (such as principles) from the current session context.
| Field Name | Description |
|---|---|
sessionUser -
SessionUser
|
The current principle user in session. |
Example
{"sessionUser": SessionUser}
AutomationAttribute
Determines the way that Designer and Verifier will relate to the legacy rule that is being modified.
| Enum Value | Description |
|---|---|
|
|
Designer and Verifier will treat the specified legacy rule as a shadowed rule when making recommendations or verifying access. |
|
|
Designer and Verifier will treat the specified rule as a stealth rule when making recommendations or verifying access. |
BasicDevice
A dependent device. Each device is assigned to a unique System device.
| Field Name | Description |
|---|---|
cannotHaveRules -
Boolean
|
True indicates that the device has no rules |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
deviceType -
DeviceType
|
Type of this device |
displayName -
String
|
Name of this device |
domain -
Domain
|
The domains of the device |
id -
ID!
|
The internal unique identifier for this entity |
model -
ModelName
|
Model of this device |
name -
String
|
The name of the entity |
parent -
Device
|
Device or system parent device |
root -
Boolean
|
True indicates that this device is the topmost device in the hierarchy |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
vendor -
VendorName
|
Vendor type of this device |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"cannotHaveRules": true,
"comment": "xyz789",
"device": BasicDevice,
"deviceType": DeviceType,
"displayName": "xyz789",
"domain": Domain,
"id": ID,
"model": ModelName,
"name": "abc123",
"parent": Device,
"root": false,
"system": BasicSystem,
"vendor": VendorName,
"version": 123
}
BasicRuleUspExceptionInfo
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
| Field Name | Description |
|---|---|
description -
String
|
UspException description. |
id -
ID!
|
The internal unique identifier for this entity. |
name -
String
|
UspException unique name. |
Example
{"description": "xyz789", "id": ID, "name": "abc123"}
BasicSystem
Root device that manages the dependent devices
| Field Name | Description |
|---|---|
id -
ID!
|
The internal unique identifier for this entity |
model -
ModelName
|
Model of this device |
modelDisplayName -
String
|
Model name of this device |
monitoredByOPMAgent -
Boolean
|
True indicates that the system monitored by OPM agent |
name -
String
|
The name of the entity |
vendor -
VendorName
|
Vendor type of this device |
Example
{
"id": ID,
"model": ModelName,
"modelDisplayName": "xyz789",
"monitoredByOPMAgent": true,
"name": "xyz789",
"vendor": VendorName
}
BasicUspExceptionInfo
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
| Field Name | Description |
|---|---|
description -
String
|
UspException description. |
id -
ID!
|
The internal unique identifier for this entity. |
name -
String
|
UspException unique name. |
Example
{"description": "abc123", "id": ID, "name": "abc123"}
BasicUspExceptionInfoForRiskAnalysis
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
| Field Name | Description |
|---|---|
description -
String
|
UspException description. |
id -
ID!
|
The internal unique identifier for this entity. |
name -
String
|
UspException unique name. |
Example
{"description": "abc123", "id": ID, "name": "xyz789"}
BasicUspInfo
The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
|
description -
String
|
Description of the USP. |
differentZonesDefaultRestrictions -
UspRestrictions
|
Configures default restrictions on security rules for different zones in source and destination. |
domain -
Domain
|
Domain of the USP. |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
Name of the USP. |
sameZoneDefaultRestrictions -
UspRestrictions
|
Configures default restrictions on security rules for the same zone in source and destination. |
Example
{
"appliedToAnyDomain": true,
"description": "abc123",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": ID,
"name": "xyz789",
"sameZoneDefaultRestrictions": UspRestrictions
}
BasicUspInfoForRiskAnalysis
The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.
| Field Name | Description |
|---|---|
description -
String
|
Description of the USP. |
differentZonesDefaultRestrictions -
UspRestrictions
|
Configures default restrictions on security rules for different zones in source and destination. |
domain -
Domain
|
Domain of the USP. |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
Name of the USP. |
sameZoneDefaultRestrictions -
UspRestrictions
|
Configures default restrictions on security rules for the same zone in source and destination. |
Example
{
"description": "abc123",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": ID,
"name": "abc123",
"sameZoneDefaultRestrictions": UspRestrictions
}
Certification
| Field Name | Description |
|---|---|
status -
CertificationStatus
|
The status of the rule (certified, decertified) |
timeCertified -
DateTime
|
The date the rule certification expires, after which, it must be reviewed and recertified |
timeExpiration -
DateTime
|
The date that the certification decision was implemented |
Example
{
"status": CertificationStatus,
"timeCertified": DateTime,
"timeExpiration": DateTime
}
CertificationStatus
The status of the rule (certified/decertified)
| Enum Value | Description |
|---|---|
|
|
Rule status is certified (has a business justification) |
|
|
Rule status is not certified (does not have a business justification) |
ChangeUserTQLSearchesOwnerInput
Change the owner of multiple TQL queries in bulk. Input can be either source owner, or a list of query IDs, but not both.
| Input Field | Description |
|---|---|
ids -
[IdString!]
|
IDs of the queries |
sourceOwnerId -
IdString
|
The current owner of the queries |
targetOwnerId -
IdString!
|
The future owner of the queries |
Example
{
"ids": [IdString],
"sourceOwnerId": IdString,
"targetOwnerId": IdString
}
ChangeUserTQLSearchesOwnerResult
Returns the status results when changing the owner of multiple TQL queries
| Field Name | Description |
|---|---|
ids -
[ID!]
|
IDs of the updated queries |
resultStatus -
ResultStatus!
|
Result of the operation |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
CreateDraftInvalidRuleReason
The possible reasons for rules to be invalid for creating a SecureChange ticket
| Enum Value | Description |
|---|---|
|
|
The rule already has a ticket in progress |
|
|
The requested rule ID is not found |
|
|
CreatePredefinedUspInput
Create a predefined USP from known regulation templates. The supported regulations are:
- PCI
- NERC CIPV5
- ISO 27001
- NIST 800-53
- Tufin's Best Practices
- Tufin's Advanced Best Practices
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
description -
FreeText
|
USP description. |
domain -
IdString
|
|
name -
Name!
|
USP name. |
type -
PredefinedUspType!
|
Regulation type. |
zoneMappings -
[ZoneMappingInput!]!
|
Mapping between the regulation zones from the template to the SecureTrack network zones to be enforced by the created USP. |
Example
{
"appliedToAnyDomain": false,
"description": FreeText,
"domain": IdString,
"name": Name,
"type": PredefinedUspType,
"zoneMappings": [ZoneMappingInput]
}
CreatePredefinedUspResult
Returns the status results when creating a new predefined USP.
| Field Name | Description |
|---|---|
id -
ID
|
Newly created USP ID. |
resultStatus -
ResultStatus!
|
Status of request to create a new USP. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
CreateSystemInput
Create system request input
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
This property is not currently supported |
domain -
IdString
|
This property is not currently supported |
ipAddress -
IpAddressString
|
IP address |
model -
ModelName!
|
Model of this device |
modelDisplayName -
FreeText!
|
Model name of this device |
name -
Name!
|
System name |
opmAgentId -
FreeText!
|
Open policy management (OPM) agent ID |
properties -
[SystemFieldValueInput!]
|
System properties |
vendor -
VendorName!
|
Vendor type of this device |
Example
{
"appliedToAnyDomain": true,
"domain": IdString,
"ipAddress": IpAddressString,
"model": ModelName,
"modelDisplayName": FreeText,
"name": Name,
"opmAgentId": FreeText,
"properties": [SystemFieldValueInput],
"vendor": VendorName
}
CreateSystemResult
Create system request output
| Field Name | Description |
|---|---|
id -
ID
|
Application internal ID of created system |
resultStatus -
ResultStatus!
|
Result of the operation |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
CreateTicketDraftInput
Create a ticket draft in SecureChange
| Input Field | Description |
|---|---|
decommissionRulesAction -
DecommissionRulesAction
|
Supported actions are: “disable rules” and “remove rules” |
dryRun -
Boolean
|
If set to True, SecureChange will not create a ticket draft, will only return the result of input validation |
ruleUids -
[IdString!]!
|
List of rule UIDs to create the ticket for |
subject -
Name
|
The subject for the ticket draft |
workflowName -
Name
|
The name of SecureChange workflow used to create the ticket |
workflowType -
WorkFlowType!
|
The type of workflow (RECERTIFY_RULES, DECOMMISSION_RULES or MODIFY_RULES) |
Example
{
"decommissionRulesAction": DecommissionRulesAction,
"dryRun": false,
"ruleUids": [IdString],
"subject": Name,
"workflowName": Name,
"workflowType": WorkFlowType
}
CreateTicketDraftResult
Returns the status results when creating a ticket draft
| Field Name | Description |
|---|---|
invalidRules -
[InvalidRule!]!
|
List of the rules that are invalid for creating a ticket, and the reason that they are invalid |
resultStatus -
ResultStatus!
|
Status of the request to create ticket draft |
validRuleUids -
[ID!]
|
List of the rules that are valid for creating a ticket, out of the rules in the request |
Example
{
"invalidRules": [InvalidRule],
"resultStatus": ResultStatus,
"validRuleUids": [ID]
}
CreateTicketInput
Create a ticket for a rule.
| Input Field | Description |
|---|---|
businessOwner -
FreeText
|
Business owner name for a rule. |
comment -
FreeText
|
Comment for a ticket. |
email -
EmailAddress
|
Business owner Email address for a rule. |
expirationDate -
DateTime
|
Expiration date for a ticket. |
externalUrl -
URL
|
External URL for a ticket. |
originTicketId -
FreeText!
|
ID information for a ticket. |
ruleIds -
[IdString!]!
|
List of affected rule IDs. |
secureChangeTicket -
Boolean
|
Example
{
"businessOwner": FreeText,
"comment": FreeText,
"email": EmailAddress,
"expirationDate": DateTime,
"externalUrl": URL,
"originTicketId": FreeText,
"ruleIds": [IdString],
"secureChangeTicket": true
}
CreateTicketResult
Returns the status results when creating a ticket for a rule.
| Field Name | Description |
|---|---|
modifiedRules -
[ModifiedRule!]!
|
List of affected rules. |
resultStatus -
ResultStatus!
|
Result of the create ticket operation. |
Example
{
"modifiedRules": [ModifiedRule],
"resultStatus": ResultStatus
}
CreateUserTQLSearchInput
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
If true, the query belongs to the 'All Domains' context |
description -
FreeText
|
Description of the query |
domain -
IdString
|
Domain in which the query was saved |
name -
Name!
|
Name of the query |
public -
Boolean!
|
If true, the query is public |
query -
String!
|
TQL expression saved as part of the query |
type -
TQLSearchType!
|
The Entity returned by the query |
Example
{
"appliedToAnyDomain": true,
"description": FreeText,
"domain": IdString,
"name": Name,
"public": true,
"query": "xyz789",
"type": TQLSearchType
}
CreateUserTQLSearchResult
Create and save a TQL query
| Field Name | Description |
|---|---|
id -
ID
|
Application internal ID of created TQL query |
resultStatus -
ResultStatus!
|
Result of the operation |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
CreateUspAlertConfigInput
Create a USP alert.
| Input Field | Description |
|---|---|
allDevices -
Boolean!
|
If set to True, the devicesIds field is ignored and this alert applies to all devices. |
allUsps -
Boolean!
|
If set to True, the uspId field is ignored and this alert applies to all USPs. |
appliedToAnyDomain -
Boolean!
|
If set to True, the domain field should be empty and this alert applies to all domains. |
description -
FreeText
|
Alert description. |
devicesIds -
[IdString!]
|
This alert applies only for the specified devices. Add a list Device IDs. |
disabled -
Boolean!
|
Set to true to disable this alert. |
domain -
IdString
|
This alert will be configured in the specified domain. Add a single domain ID only. |
externalRecipientsEmails -
[EmailAddress!]
|
Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users. |
name -
Name!
|
Alert name. |
recipientsIds -
[IdString!]
|
Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user. |
severities -
[ViolationSeverity!]!
|
This alert is sent for violations of all the selected severities. |
syslogEnabled -
Boolean!
|
Set to True if syslog the alert should also be sent via syslog. |
uspId -
IdString
|
This alert applies only to the specified USP. Add a single USP ID only. |
Example
{
"allDevices": false,
"allUsps": true,
"appliedToAnyDomain": false,
"description": FreeText,
"devicesIds": [IdString],
"disabled": true,
"domain": IdString,
"externalRecipientsEmails": [EmailAddress],
"name": Name,
"recipientsIds": [IdString],
"severities": [ViolationSeverity],
"syslogEnabled": true,
"uspId": IdString
}
CreateUspAlertConfigResult
Returns the status results when creating a new USP alert .
| Field Name | Description |
|---|---|
id -
ID
|
ID of the new alert. |
resultStatus -
ResultStatus!
|
Status of request to create a new USP alert. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
CreateUspInput
Create a USP.
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
description -
FreeText
|
USP description. |
domain -
IdString
|
|
name -
Name!
|
USP name. |
securityZonesIds -
[IdString!]
|
SecureTrack network zones IDs to be used by the USP. |
Example
{
"appliedToAnyDomain": false,
"description": FreeText,
"domain": IdString,
"name": Name,
"securityZonesIds": [IdString]
}
CreateUspResult
Returns the status results when creating a new USP.
| Field Name | Description |
|---|---|
id -
ID
|
Newly created USP ID. |
resultStatus -
ResultStatus!
|
Status of request to create a new USP. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
CreateUspRiskAnalysisTaskInput
Create a new UspRiskAnalysisTask for risk analysis calculation.
| Input Field | Description |
|---|---|
accessRequests -
[AccessRequestInput!]!
|
List of |
runCalculationOnAllUsps -
Boolean!
|
If true, calculation will run only on USPs configured on 'All Domains' context, else, will run on USPs that are configured on the specified source and destination domains. |
Example
{
"accessRequests": [AccessRequestInput],
"runCalculationOnAllUsps": true
}
CreateUspRiskAnalysisTaskResult
Returns the status results when creating a new UspRiskAnalysisTask.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
ResultStatus of the request to create a new risk analysis task. |
taskId -
ID
|
The created task ID. The ID is used for querying for the calculation result of UspRiskAnalysisTask. |
Example
{
"resultStatus": ResultStatus,
"taskId": ID
}
CreateUspRuleExceptionInput
Create a rule UspException.
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
approver -
FreeText
|
User that approved the rule |
creator -
FreeText
|
User that created the rule |
description -
FreeText
|
Rule UspException description. |
disabled -
Boolean!
|
Set to true to disable this rule |
domain -
IdString
|
The ID of the domain that the exception will be created for. Note: If |
endDate -
Date
|
Last date that the rule UspException is active. |
name -
Name!
|
Rule UspException name. |
rules -
RuleExceptionConditionInput!
|
|
startDate -
Date
|
First date that the rule |
ticketId -
FreeText
|
SecureChange ticket ID. |
usps -
[UspExceptionConditionInput!]
|
List of |
Example
{
"appliedToAnyDomain": true,
"approver": FreeText,
"creator": FreeText,
"description": FreeText,
"disabled": true,
"domain": IdString,
"endDate": "2022-04-11T18:10:26.484Z",
"name": Name,
"rules": RuleExceptionConditionInput,
"startDate": "2021-10-11T18:10:26.484Z",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
CreateUspRuleExceptionResult
Returns the status results when creating a new rule UspException.
| Field Name | Description |
|---|---|
id -
ID
|
Newly created rule UspException ID. |
resultStatus -
ResultStatus!
|
Status of request to create a new rule UspException. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
CreateUspTrafficExceptionInput
Create a traffic UspException.
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
approver -
FreeText
|
User that approved the traffic |
creator -
FreeText
|
User that created the traffic |
description -
FreeText
|
Traffic UspException description. |
destinations -
[IpAddressString!]
|
Destination condition - list of network objects. |
disabled -
Boolean!
|
Set to true to disable this traffic |
domain -
IdString
|
The ID of the domain that the exception will be created for. Note: If |
endDate -
Date
|
Last date that the traffic UspException is active. |
name -
Name!
|
Traffic UspException name. |
servicesAndApplications -
ServiceAndApplicationConditionInput
|
List of |
sources -
[IpAddressString!]
|
Source condition - list of network objects. |
startDate -
Date
|
First date that the traffic |
ticketId -
FreeText
|
SecureChange ticket ID. |
usps -
[UspExceptionConditionInput!]
|
List of |
Example
{
"appliedToAnyDomain": true,
"approver": FreeText,
"creator": FreeText,
"description": FreeText,
"destinations": [IpAddressString],
"disabled": true,
"domain": IdString,
"endDate": "2021-10-11T18:10:26.484Z",
"name": Name,
"servicesAndApplications": ServiceAndApplicationConditionInput,
"sources": [IpAddressString],
"startDate": "2021-10-11T18:10:26.484Z",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
CreateUspTrafficExceptionResult
Returns the status results when creating a new traffic UspException.
| Field Name | Description |
|---|---|
id -
ID
|
Newly created traffic UspException ID. |
resultStatus -
ResultStatus!
|
Status of request to create a new traffic UspException. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
DeleteAlertConfigInput
Delete a USP alert.
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
IDs of the alerts you want to delete. |
Example
{"ids": [IdString]}
DeleteAlertConfigResult
Returns the status results when deleting USP alerts.
| Field Name | Description |
|---|---|
ids -
[String!]
|
|
resultStatus -
ResultStatus!
|
Status of request to delete USP alerts. |
Example
{"ids": ["abc123"], "resultStatus": ResultStatus}
DeleteSystemInput
Delete systems request input
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
Systems IDs to delete |
Example
{"ids": [IdString]}
DeleteSystemResult
Delete system request output
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Result of the operation |
Example
{"resultStatus": ResultStatus}
DeleteTicketsInput
Delete tickets.
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
IDs of the tickets to be deleted. |
Example
{"ids": [IdString]}
DeleteTicketsResult
Returns the status results when deleting tickets.
| Field Name | Description |
|---|---|
ids -
[ID!]
|
IDs of the deleted tickets. |
resultStatus -
ResultStatus!
|
Status of request to delete tickets. |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
DeleteUserTQLSearchInput
Delete saved TQL queries
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
IDs of the queries to be deleted |
Example
{"ids": [IdString]}
DeleteUserTQLSearchResult
Returns the status results when deleting TQL queries
| Field Name | Description |
|---|---|
ids -
[ID!]
|
IDs of the deleted queries |
resultStatus -
ResultStatus!
|
Status of request to delete queries |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
DeleteUspExceptionInput
Delete one or more UspExceptions.
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
|
Example
{"ids": [IdString]}
DeleteUspExceptionResult
Returns the status results when deleting UspExceptions.
| Field Name | Description |
|---|---|
ids -
[ID!]
|
|
resultStatus -
ResultStatus!
|
Status of request to delete UspExceptions. |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
DeleteUspInput
Delete one or multiple USPs.
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
USP IDs. |
Example
{"ids": [IdString]}
DeleteUspResult
Returns the status results when deleting USPs.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of request to delete USPs. |
Example
{"resultStatus": ResultStatus}
Device
A dependent device. Each device is assigned to a unique System device.
| Field Name | Description |
|---|---|
cannotHaveRules -
Boolean
|
True indicates that the device has no rules Permission requires |
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
comment -
String
|
A text comment associated with this entity Permission requires |
device -
BasicDevice
|
The device that this entity belongs to Permission requires |
deviceType -
DeviceType
|
Type of this device |
displayName -
String
|
Name of this device |
domain -
Domain
|
The domains of the device |
domainDeviceConf -
[DomainDeviceConf!]
|
List of device domain configurations which are excluded from violation calculations and protection mode Permission requires |
id -
ID!
|
The internal unique identifier for this entity |
model -
ModelName
|
Model of this device Permission requires |
modelDisplayName -
String
|
Model name of this device Permission requires |
name -
String
|
The name of the entity |
nameOnDevice -
String
|
Context name of this device Permission requires |
parent -
Device
|
Device or system parent device Permission requires |
root -
Boolean
|
True indicates that this device is the topmost device in the hierarchy |
swVersion -
String
|
Software version of this device Permission requires |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
vendor -
VendorName
|
Vendor type of this device |
vendorDisplayName -
String
|
Vendor name of this device |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"cannotHaveRules": false,
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"deviceType": DeviceType,
"displayName": "xyz789",
"domain": Domain,
"domainDeviceConf": [DomainDeviceConf],
"id": ID,
"model": ModelName,
"modelDisplayName": "xyz789",
"name": "xyz789",
"nameOnDevice": "xyz789",
"parent": Device,
"root": true,
"swVersion": "xyz789",
"system": BasicSystem,
"vendor": VendorName,
"vendorDisplayName": "abc123",
"version": 987
}
DeviceQuery
Query for Device objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of Device objects matching the specified filter. |
values -
[Device!]!
|
A list of Device objects matching the specified filter. |
Example
{"count": Long, "values": [Device]}
DeviceStatus
The progress status of the device version processing and calculations (IN_PROGRESS, COMPLETED, or ERROR).
| Field Name | Description |
|---|---|
apiV1DeviceId -
String
|
The internal unique identifier of the device in the legacy API. |
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
device -
Device
|
The device that the status applies to. Permission requires |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
This property is not supported. Permission requires |
versions -
[VersionStatus!]
|
The versions of the changes on the device. Permission requires |
Example
{
"apiV1DeviceId": "xyz789",
"changed": DateTime,
"device": Device,
"id": ID,
"name": "abc123",
"versions": [VersionStatus]
}
DeviceStatusQuery
Query for DeviceStatus objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of DeviceStatus objects matching the specified filter. |
values -
[DeviceStatus!]!
|
A list of DeviceStatus objects matching the specified filter. |
Example
{
"count": Long,
"values": [DeviceStatus]
}
DeviceType
Type of dependant device.
| Enum Value | Description |
|---|---|
|
|
Public or private cloud virtual network. For example: Microsoft Azure public cloud virtual network. |
|
|
Cluster of devices |
|
|
Firewall |
|
|
Device of this type holds global firewall information, like global policy |
|
|
Virtual firewall managed by root management device |
|
|
Device manages other devices. |
|
|
Device that represents management domain or scope. |
|
|
Device that represents global domain or scope. |
Direction
Direction.
| Enum Value | Description |
|---|---|
|
|
Inbound-Outbound direction. |
|
|
Inbound direction. |
|
|
Outbound direction. |
DomainDeviceConf
List of device domain configurations which are excluded from violation calculations and protection mode
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
True indicates that the configuration applies to All Domain. False indicates that the configuration applies to a specific domain. Permission requires |
enableProtectionModeChange -
Boolean
|
Permission requires |
excludedForViolation -
Boolean
|
True indicates that the application will not calculate security risks for this device Permission requires |
protectionMode -
ProtectionMode
|
Identifies how to select network zones available for checking security risks, whether the mode is Connected (the IP address is directly connected) or Routable (the connection is via route table) Permission requires |
Example
{
"appliedToAnyDomain": false,
"enableProtectionModeChange": false,
"excludedForViolation": false,
"protectionMode": ProtectionMode
}
DomainQuery
Query for Domain objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of Domain objects matching the specified filter. |
values -
[Domain!]!
|
A list of Domain objects matching the specified filter. |
Example
{"count": Long, "values": [Domain]}
FlowRestrictionType
The required format of the source and the destination in a rule.
| Enum Value | Description |
|---|---|
|
|
Rule requirement that both the source and destination are defined by host objects. |
|
|
Rule requirement that the source of the traffic flow is defined by host and the destination is defined by subnet objects. |
|
|
Rule requirement that the source of the traffic flow is defined by subnet objects and the destination is defined by host. |
FlowUspRestriction
A condition that defines the allowed flow type from one SecureTrack network zone to another (Host to Host, Subnet to Host, or Host to Subnet).
| Field Name | Description |
|---|---|
flowType -
FlowRestrictionType
|
The flow type. |
restrictionType -
RestrictionType
|
Restriction type. |
Example
{
"flowType": FlowRestrictionType,
"restrictionType": RestrictionType
}
FlowUspRestrictionInput
Flow USP restriction.
| Input Field | Description |
|---|---|
flowType -
FlowRestrictionType!
|
Flow type ( |
Example
{"flowType": FlowRestrictionType}
Fqdn
Fully qualified domain name. Identifier that fully identifies the resource
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
domainAddress -
String
|
Fully qualified domain name |
id -
ID!
|
The internal unique identifier for this entity |
ipAddresses -
[IpAddress!]
|
List of IP addresses |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"domainAddress": "xyz789",
"id": ID,
"ipAddresses": [IpAddress],
"name": "abc123",
"system": BasicSystem,
"version": 123
}
Group
Network objects group. Contains other network objects
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
exclusionMembers -
[GroupMember!]
|
Network objects that must be excluded from this group. For example: particular network objects in included sub-network. |
groupType -
GroupType!
|
Group type. For example: NETWORK_WITH_EXCLUSION. See GroupType definition |
id -
ID!
|
The internal unique identifier for this entity |
members -
[GroupMember!]
|
Network objects that are direct members of this group |
membersPredefinedValue -
NetworkPredefinedValue
|
Members of type "Any" |
membershipCriteria -
String
|
The matching criteria of a Security Group can be a security tag, and a workload that is tagged can be automatically placed into a Security Group |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"exclusionMembers": [GroupMember],
"groupType": GroupType,
"id": ID,
"members": [GroupMember],
"membersPredefinedValue": NetworkPredefinedValue,
"membershipCriteria": "abc123",
"name": "abc123",
"system": BasicSystem,
"version": 123
}
GroupType
Network objects group type.
| Enum Value | Description |
|---|---|
|
|
The group containing network applications. |
|
|
A dynamic address group uses tags as a filtering criteria to determine its members. |
|
|
The group containing locations. |
|
|
The group containing vendor specific objects. For example: network interface cards (NIC). |
|
|
The group containing networks. |
|
|
The group containing networks with exclusions. |
|
|
The group containing security profiles. |
|
|
The group containing TCP/IP services. |
|
|
The group containing users. |
|
|
HasIP
An object that has an IP address field.
| Field Name | Description |
|---|---|
ip -
String
|
The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291). |
ipType -
IpType
|
The IP address this object has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
Example
{"ip": "xyz789", "ipType": IpType}
Host
Computer or other device connected to a computer network.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
ip -
String
|
The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291). |
ipAddresses -
[IpAddress!]
|
List of additional IP addresses |
ipType -
IpType
|
The IP address this host has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"ip": "xyz789",
"ipAddresses": [IpAddress],
"ipType": IpType,
"name": "xyz789",
"system": BasicSystem,
"version": 987
}
ID
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
object
IcmpService
ICMP service
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
icmpCode -
Int
|
ICMP code number for a particular ICMP type |
id -
ID!
|
The internal unique identifier for this entity |
maxIcmpType -
Int
|
The last ICMP type number in range, including |
minIcmpType -
Int
|
The first ICMP type number in range, including |
name -
String
|
The name of the entity |
negated -
Boolean
|
Rule will use all ICMP types, except specified in minIcmpType and maxIcmpType in case this value is
true
|
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"icmpCode": 987,
"id": ID,
"maxIcmpType": 123,
"minIcmpType": 123,
"name": "xyz789",
"negated": true,
"system": BasicSystem,
"version": 123
}
InstallationTargetPredefinedValue
Predefined values for installation target of type Any
| Enum Value | Description |
|---|---|
|
|
Any installation target |
Int
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
987
Interface
The Interface entity shows the current configuration of an interface and the information received from the device.
| Field Name | Description |
|---|---|
autoMappingDirectlyConnectedZones -
[SecurityZone!]
|
List of SecureTrack network zone IDs that are directly connected to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires |
autoMappingRouteableZones -
[SecurityZone!]
|
List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires |
changed -
DateTime
|
The time and date the interface was last changed. Permission requires |
comment -
String
|
This property is not supported. Permission requires |
device -
BasicDevice
|
The Device ID that the interface is connected to. Interfaces are only associated with gateways. Permission requires |
id -
ID!
|
The interface ID. |
ipAddresses -
[IpAddress!]
|
The IP addresses of the interface. Permission requires |
manualAddedDirectlyConnectedZones -
[SecurityZone!]
|
List of SecureTrack network zone IDs that are directly connected to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires |
manualAddedRouteableZones -
[SecurityZone!]
|
List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires |
manualExcludedDirectlyConnectedZones -
[SecurityZone!]
|
List of SecureTrack network zone IDs that are directly connected to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires |
manualExcludedRouteableZones -
[SecurityZone!]
|
List of SecureTrack network zone IDs that are connected through a route to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires |
name -
String
|
The interface name. |
system -
BasicSystem
|
The system ID that the interface is related to. Permission requires |
version -
Int!
|
The last version ID that was received for the interface. |
zone -
Zone
|
The ID of the SecureTrack network zone that the interface is associated with. Permission requires |
Example
{
"autoMappingDirectlyConnectedZones": [SecurityZone],
"autoMappingRouteableZones": [SecurityZone],
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"ipAddresses": [IpAddress],
"manualAddedDirectlyConnectedZones": [SecurityZone],
"manualAddedRouteableZones": [SecurityZone],
"manualExcludedDirectlyConnectedZones": [SecurityZone],
"manualExcludedRouteableZones": [SecurityZone],
"name": "abc123",
"system": BasicSystem,
"version": 987,
"zone": Zone
}
InterfaceDirection
Direction of interface traffic from the interface point of view.
| Enum Value | Description |
|---|---|
|
|
Traffic is inbound. Interface receives the traffic. |
|
|
Traffic is outbound. Interface sends the traffic outside. |
InterfaceQuery
Query for Interface objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of Interface objects matching the specified filter. |
values -
[Interface!]!
|
A list of Interface objects matching the specified filter. |
Example
{
"count": Long,
"values": [Interface]
}
InternetService
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "xyz789",
"system": BasicSystem,
"version": 987
}
InvalidRule
Rule that is invalid for creating a ticket
| Field Name | Description |
|---|---|
reason -
CreateDraftInvalidRuleReason!
|
The reason that the rule is invalid |
ruleUid -
ID
|
The rule UID |
Example
{
"reason": CreateDraftInvalidRuleReason,
"ruleUid": ID
}
IpAddress
IP address
| Field Name | Description |
|---|---|
ip -
String
|
IP address |
ipType -
IpType
|
The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
precedence -
Precedence
|
IP address placement definition |
subnetMask -
String
|
Sub-network mask |
visibility -
Visibility
|
IP address visibility definition |
Example
{
"ip": "xyz789",
"ipType": IpType,
"precedence": Precedence,
"subnetMask": "abc123",
"visibility": Visibility
}
IpRange
Set of IP addresses defined by first and last IP address.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
ipType -
IpType
|
The IP addresses this range has can be of different types (e.g. IPv4, IPv6). This field specifies which type they are. |
maxIp -
String
|
The last IP address, including. |
minIp -
String
|
The first IP address, including. |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"ipType": IpType,
"maxIp": "xyz789",
"minIp": "abc123",
"name": "xyz789",
"system": BasicSystem,
"version": 987
}
IpService
TCP/IP service
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
maxProtocol -
Int
|
The last protocol number in range, including |
minProtocol -
Int
|
The first protocol number in range, including |
name -
String
|
The name of the entity |
negated -
Boolean
|
Rule will use all service protocols, except specified in minProtocol and maxProtocol in case this value is
true
|
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"maxProtocol": 987,
"minProtocol": 987,
"name": "xyz789",
"negated": false,
"system": BasicSystem,
"version": 987
}
IpType
The IP type.
| Enum Value | Description |
|---|---|
|
|
IPv4 IP type. |
|
|
Either IPv4 or IPv6. |
|
|
IPv6 IP type. |
|
|
Neither IPV4 nor IPV6 |
LdapUser
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
dn -
String
|
LDAP user identifier |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"dn": "abc123",
"id": ID,
"name": "xyz789",
"system": BasicSystem,
"version": 123
}
LocalUser
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"version": 987
}
Location
Locations identify the various networks from which your organization sends its internet traffic. When an organization forwards its traffic to the Zscaler service through a GRE or IPSec tunnel, Zscaler provisions your organization's IP addresses, which you then add as locations in the ZIA Admin Portal.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
ipAddresses -
[IpAddress!]
|
List of IP addresses |
name -
String
|
The name of the entity |
ports -
[Int!]
|
Proxy ports |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"ipAddresses": [IpAddress],
"name": "xyz789",
"ports": [123],
"system": BasicSystem,
"version": 123
}
LogProfile
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"version": 123
}
ModelName
Device model name.
| Enum Value | Description |
|---|---|
|
|
Cisco ASA |
|
|
Amazon AWS public cloud management, contains account information |
|
|
Amazon AWS public cloud "virtual public cloud" |
|
|
Microsoft Azure public cloud management, contains account information |
|
|
Microsoft Azure public cloud virtual network |
|
|
Check Point CMA. |
|
|
|
|
|
Fortinet firewall |
|
|
Fortinet management device |
|
|
|
|
|
Check Point MDS |
|
|
Mx |
|
|
Netscreen |
|
|
Cisco Nexus |
|
|
Palo Alto management device |
|
|
Palo Alto Firewall |
|
|
Cisco router |
|
|
Check Point Smart center |
|
|
Srx |
|
|
Unknown, not supported, device. |
|
|
VMware NSX distributed firewall |
|
|
VMware NSX Edge |
|
|
VMware NSX management |
|
|
Zscaler Internet Access |
NIC
The emulation of a physical network adapter (NIC)
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
ipAddresses -
[IpAddress!]
|
List of IP addresses |
name -
String
|
The name of the entity |
subnet -
Subnet
|
Sub-network that this NIC belongs to |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"ipAddresses": [IpAddress],
"name": "abc123",
"subnet": Subnet,
"system": BasicSystem,
"version": 987
}
Negatable
| Field Name | Description |
|---|---|
negated -
Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
Example
{"negated": false}
NetworkObjectTrafficInput
Represents a traffic network object. should contain ip OR microSegmentName
| Input Field | Description |
|---|---|
ip -
IpAddressString
|
Represents ip address of traffic network object. |
microSegmentedName -
FreeText
|
Represent a security group name |
Example
{
"ip": IpAddressString,
"microSegmentedName": FreeText
}
NetworkPredefinedValue
Definition for network of type Any.
| Enum Value | Description |
|---|---|
|
|
Any IPv4 network. |
|
|
Any IPv6 network. |
|
|
Any IPv4 or IPv6 network. |
Node
An API entity. This interface carries the most basic information about an entity.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
Example
{
"changed": DateTime,
"id": ID,
"name": "abc123"
}
OPMAgent
Open policy management (OPM) agent definition Permission requires
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
opmAgentId -
String
|
OPM agent ID |
systemProperties -
[SystemProperties!]
|
System specific text fields |
vendor -
VendorName
|
Vendor type of this device |
vendorDisplayName -
String
|
Vendor name of this device |
Example
{
"changed": DateTime,
"id": ID,
"name": "xyz789",
"opmAgentId": "xyz789",
"systemProperties": [SystemProperties],
"vendor": VendorName,
"vendorDisplayName": "xyz789"
}
OPMAgentQuery
Query for OPMAgent objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of OPMAgent objects matching the specified filter. |
values -
[OPMAgent!]!
|
A list of OPMAgent objects matching the specified filter. |
Example
{
"count": Long,
"values": [OPMAgent]
}
OntologicalBaseEntity
A base interface shared by all entities that are reported as part of a device's configuration
| Field Name | Description |
|---|---|
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"version": 123
}
OtherObject
Network object that does not have TOS known type.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
objectType -
String
|
Custom type textual representation. |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "xyz789",
"objectType": "xyz789",
"system": BasicSystem,
"version": 987
}
OtherService
Service that does not have TOS known type
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
serviceType -
String
|
Custom type textual representation |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"name": "xyz789",
"serviceType": "xyz789",
"system": BasicSystem,
"version": 987
}
PermissivenessScoreLevel
Permissiveness level of rule's data.
| Enum Value | Description |
|---|---|
|
|
High permissiveness level. Rule allows access for too much network traffic. |
|
|
Low permissiveness level. Rule allows very small network traffic. |
|
|
Medium permissiveness level. Rule allows not much network traffic. |
PredefinedUspType
The set of predefined templates of USP definitions. Each predefined template type is aimed at a different compliance setting and defines a different set of zone roles.
| Enum Value | Description |
|---|---|
|
|
Defines the following zones:
|
|
|
Defines the following zones:
|
|
|
Information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Provides best practice recommendations on information security management—the management of information risks through information security controls. Defines the following zones:
|
|
|
The NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) version 5 standards are designed to secure the assets required for operating North America’s Bulk Electric System (BES). Defines the following zones:
|
|
|
|
|
|
The Payment Card Industry Data Security Standard (PCI DSS). An information security standard for organizations that handle credit cards from the major card schemes. Defines the following zones:
|
ProgressStatus
Progress status
| Enum Value | Description |
|---|---|
|
|
Completed |
|
|
Error |
|
|
In progress |
PropertyUspRestriction
A condition that defines rules related properties of RestrictionTypes:
- MANDATORY_COMMENT
- MANDATORY_LOG
- LAST_HIT_MAX_VAL
- SOURCE_IPS_MAX_COUNT
- DESTINATION_IPS_MAX_COUNT
- SERVICES_MAX_COUNT
- EXPLICIT_SOURCE
- EXPLICIT_DESTINATION
- EXPLICIT_SERVICE
| Field Name | Description |
|---|---|
restrictionType -
RestrictionType
|
Restriction type. |
value -
Int
|
A field that defines numeric related properties, of
|
Example
{"restrictionType": RestrictionType, "value": 123}
PropertyUspRestrictionInput
Property USP restriction (PropertyUspRestriction).
| Input Field | Description |
|---|---|
value -
Int
|
The numeric related property. |
Example
{"value": 123}
ProtectionMode
Describes how to select network zones available for checking security risks.
| Enum Value | Description |
|---|---|
|
|
Violation will be calculated on zones that are directly connected to the interface |
|
|
Violation will be calculated on zones that have routes through the interface. |
RemoveSecurityZonesFromUspInput
Removes one or more SecureTrack network zones from an existing USP.
| Input Field | Description |
|---|---|
securityZonesIds -
[IdString!]!
|
SecureTrack network zones IDs to be added. |
uspId -
IdString!
|
USP ID to remove zones from. |
Example
{
"securityZonesIds": [IdString],
"uspId": IdString
}
RemoveSecurityZonesFromUspResult
Returns the status results when removing SecureTrack network zones from an existing USP.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of request to remove SecureTrack network zones from an existing USP. |
Example
{"resultStatus": ResultStatus}
RestrictionType
Enumeration of valid restriction types.
| Enum Value | Description |
|---|---|
|
|
Maximum number of IP address allowed in the destination. |
|
|
Rules must have an explicit destination, not the ANY value. |
|
|
Rules must have an explicit service, not the ANY value. |
|
|
Rules must have an explicit source, not the ANY value. |
|
|
The required format of the source and the destination in a rule (HOST_TO_HOST, SUBNET_TO_HOST, or HOST_TO_SUBNET). |
|
|
Maximum number of days in which the rule must have had a hit. |
|
|
Rules must have text in the comment field. |
|
|
Rules must be configured to create log entries. |
|
|
Maximum number of services allowed. |
|
|
Maximum number of IP address allowed in the source. |
|
|
Traffic access permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all). |
Result
A type representing a result. This is the generic interface, specific calls may override this type with more specific result.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
The result status of the request. |
Example
{"resultStatus": ResultStatus}
ResultStatus
Status result of the operation.
| Field Name | Description |
|---|---|
errorMessage -
String
|
The value “errorMessage” has been deprecated. Use the “errors” field instead |
errors -
[Error!]
|
List of error codes and messages. |
successful -
Boolean
|
True indicates that request successfully completed |
Example
{
"errorMessage": "abc123",
"errors": [Error],
"successful": true
}
RiskAnalysisFlowsViolationData
Information regarding violations of type Flow.
| Field Name | Description |
|---|---|
flowUspRestriction -
FlowUspRestriction
|
FlowUspRestriction that was violated by the access request. |
violatedFlowType -
FlowRestrictionType
|
The flow restriction type FlowRestrictionType that was violated by the access request. |
violatingDestPredefinedValue -
NetworkPredefinedValue
|
The violating NetworkPredefinedValue of the access request's destination. |
violatingDestinationNetworkObjects -
[RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that represent the violating objects in the access request's destination. |
violatingSourceNetworkObjects -
[RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that represent the violating objects in the access request's source. |
violatingSourcePredefinedValue -
NetworkPredefinedValue
|
The violating NetworkPredefinedValue of the access request's source. |
Example
{
"flowUspRestriction": FlowUspRestriction,
"violatedFlowType": FlowRestrictionType,
"violatingDestPredefinedValue": NetworkPredefinedValue,
"violatingDestinationNetworkObjects": [
RiskAnalysisNetworkObject
],
"violatingSourceNetworkObjects": [
RiskAnalysisNetworkObject
],
"violatingSourcePredefinedValue": NetworkPredefinedValue
}
RiskAnalysisMutation
The RiskAnalysisMutation entity enables to create a task of AccessRequests for risk calculation.
| Field Name | Description |
|---|---|
createUspRiskAnalysisTask -
CreateUspRiskAnalysisTaskResult!
|
Create a UspRiskAnalysisTask. |
|
Arguments
|
|
Example
{
"createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}
RiskAnalysisNetworkObject
A violating network object entity, in a defined SecureTrack zone.
| Field Name | Description |
|---|---|
networkObjectTraffic -
NetworkObjectTraffic
|
The raw traffic representation of the violating network object. |
zone -
SecurityZone
|
The SecureTrack zone that violates the network object traffic. |
Example
{
"networkObjectTraffic": NetworkObjectTraffic,
"zone": SecurityZone
}
RiskAnalysisTrafficViolationData
Information regarding violations of type Traffic.
| Field Name | Description |
|---|---|
trafficUspRestriction -
TrafficUspRestriction
|
TrafficUspRestriction that was violated by the access request. |
violatedApplicationPredefinedValue -
ApplicationPredefinedValue
|
The violating ApplicationPredefinedValue of the access request's applications. |
violatedServicePredefinedValue -
ServicePredefinedValue
|
The violating ServicePredefinedValue of the access request's service. |
violatingApplications -
[String!]
|
List of application names that represent the violating applications in the access request. |
violatingServices -
[String!]
|
List of services expressions that represent the violating services in the access request. |
Example
{
"trafficUspRestriction": TrafficUspRestriction,
"violatedApplicationPredefinedValue": ApplicationPredefinedValue,
"violatedServicePredefinedValue": ServicePredefinedValue,
"violatingApplications": ["xyz789"],
"violatingServices": ["abc123"]
}
RiskAnalysisViolation
The RiskAnalysisViolation entity represents information regarding violations of an access request. Permission requires
| Field Name | Description |
|---|---|
accessRequestId -
String
|
Access request ID. |
changed -
DateTime
|
The date that the RiskAnalysisViolation entity was last changed. |
creationDate -
DateTime
|
Creation date of the violation. |
exceptions -
[BasicUspExceptionInfoForRiskAnalysis!]
|
Exceptions IDs that were applied to the violation. |
flowViolationData -
RiskAnalysisFlowsViolationData
|
The flow violation RiskAnalysisFlowsViolationData. |
fromZoneMatchingObjects -
[RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that are matching the from-zone of the ZoneToZoneMatcher. Set in case the access request sources are specific (matchingSourcePredefinedValue not set). |
id -
ID!
|
Violation ID. |
matchingDestinationPredefinedValue -
NetworkPredefinedValue
|
Set in case the access request destination is a predefined value of NetworkPredefinedValue. |
matchingSourcePredefinedValue -
NetworkPredefinedValue
|
Set in case the access request source is a predefined value of NetworkPredefinedValue. |
name -
String
|
This property is not supported. |
requirement -
UspRequirement
|
Violated UspRequirement. |
severity -
ViolationSeverity
|
Severity of the violation. |
toZoneMatchingObjects -
[RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that are matching the to-zone of the ZoneToZoneMatcher. Set in case the access request destinations are specific (matchingDestinationePredefinedValue not set). |
trafficViolationData -
RiskAnalysisTrafficViolationData
|
The traffic violation RiskAnalysisTrafficViolationData. |
usp -
BasicUspInfoForRiskAnalysis
|
Violated USP. |
zoneToZoneUspRequirementMatcher -
ZoneToZoneUspRequirementMatcher
|
Violated from zone - to zone ZoneToZoneMatcher. |
Example
{
"accessRequestId": "xyz789",
"changed": DateTime,
"creationDate": DateTime,
"exceptions": [BasicUspExceptionInfoForRiskAnalysis],
"flowViolationData": RiskAnalysisFlowsViolationData,
"fromZoneMatchingObjects": [RiskAnalysisNetworkObject],
"id": ID,
"matchingDestinationPredefinedValue": NetworkPredefinedValue,
"matchingSourcePredefinedValue": NetworkPredefinedValue,
"name": "xyz789",
"requirement": UspRequirement,
"severity": ViolationSeverity,
"toZoneMatchingObjects": [RiskAnalysisNetworkObject],
"trafficViolationData": RiskAnalysisTrafficViolationData,
"usp": BasicUspInfoForRiskAnalysis,
"zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}
Role
| Field Name | Description |
|---|---|
uid -
ID
|
|
name -
String
|
|
permissions -
[Permission]
|
Example
{
"uid": ID,
"name": "xyz789",
"permissions": [Permission]
}
Rule
A rule in a security policy
| Field Name | Description |
|---|---|
action -
RuleActionType
|
Action that will be performed by firewall if network traffic matches this rule |
actionDisplayName -
String
|
Action name |
application -
RuleApplicationTraffic
|
Definition of the network applications |
applicationsUsage -
[ApplicationUsage!]
|
Last time traffic was recorded for a specific application on this rule |
appliedTo -
[String!]
|
Devices that the rule is installed on |
appliedToObjects -
RuleAppliedToObjects
|
Network objects that this rule is applied to |
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
destination -
RuleNetworkTraffic
|
Definition of the destination network objects |
destinationZone -
RuleZoneTraffic
|
Definition of the destination network zones |
device -
BasicDevice
|
The device that this entity belongs to |
direction -
Direction
|
Direction of this rule (inbound or outbound) |
disabled -
Boolean
|
True indicates that this rule is disabled on the device |
exceptions -
[BasicRuleUspExceptionInfo!]
|
|
goToTarget -
SecurityPolicy
|
Target security policy for GOTO rule action |
id -
ID!
|
The internal unique identifier for this entity |
idOnDevice -
String
|
Device specific rule identifier. Usually identifies the rule order in the security policy. |
installedOn -
RuleInstallationTargetTraffic
|
Devices that the rule is installed on |
isExemptedFromUsp -
Boolean
|
True indicates that the rule will be excluded from violation calculations |
location -
String
|
The level of the rule within the rule hierarchy |
logging -
RuleLogging
|
Rule logging definition |
name -
String
|
The name of the entity |
permissivenessLevel -
PermissivenessScoreLevel
|
The permissiveness level (high/medium/low). The permissiveness level is an indication of how widely a rule is defined. Rules with high permissiveness can be a security risk because they allow too much access through the firewall. For example:
|
policy -
SecurityPolicy
|
The security policy the rule belongs to |
policyIndex -
Int
|
|
ruleUsageStatus -
RuleUsageStatus
|
Status of last hit check |
ruleUserData -
RuleUserData
|
Additional information such as a description that can be customized by administrators |
sectionTitle -
String
|
Title of the section that rule belongs to |
securityProfiles -
[SecurityProfileValue!]
|
List of security profiles |
service -
RuleServiceTraffic
|
Definition of the network service objects |
shadowed -
ShadowedStatus
|
Indicates whether the rule is shadowed by a previous rule which handles traffic before it gets to this rule, This may indicate that the rule is redundant. |
source -
RuleNetworkTraffic
|
Definition of the source network objects |
sourceZone -
RuleZoneTraffic
|
Definition of the source network zones |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
tags -
[String!]
|
List of tags |
time -
RuleTimeTraffic
|
Time and date that the rule is scheduled |
timeLastHit -
DateTime
|
The last time traffic that passed through the device matched either the rule, user, or application identity details |
timeLastModified -
DateTime
|
The most recent time that this rule was directly modified or there was a change in a related object which impacted the rule |
urlCategory -
RuleUrlCategory
|
The category of the URL as determined by the device |
user -
RuleUserTraffic
|
Definition of the network user objects |
usersUsage -
[UserUsage!]
|
Last time traffic was recorded for a specific user on this rule |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
violationHighestSeverity -
ViolationSeverity
|
Maximum security risk severity |
violations -
[RuleViolation!]
|
A list of all security risks found in this rule |
vpn -
RuleVpnTraffic
|
Definition of the VPN communities. A VPN community is a collection of VPN enabled gateways capable of communicating via VPN tunnels. |
zonesRelation -
ZonesRelation
|
Zone relation definition on the device |
expirationDate -
DateTime
|
|
Example
{
"action": RuleActionType,
"actionDisplayName": "abc123",
"application": RuleApplicationTraffic,
"applicationsUsage": [ApplicationUsage],
"appliedTo": ["abc123"],
"appliedToObjects": RuleAppliedToObjects,
"changed": DateTime,
"comment": "xyz789",
"destination": RuleNetworkTraffic,
"destinationZone": RuleZoneTraffic,
"device": BasicDevice,
"direction": Direction,
"disabled": false,
"exceptions": [BasicRuleUspExceptionInfo],
"goToTarget": SecurityPolicy,
"id": ID,
"idOnDevice": "abc123",
"installedOn": RuleInstallationTargetTraffic,
"isExemptedFromUsp": false,
"location": "xyz789",
"logging": RuleLogging,
"name": "xyz789",
"permissivenessLevel": PermissivenessScoreLevel,
"policy": SecurityPolicy,
"policyIndex": 123,
"ruleUsageStatus": RuleUsageStatus,
"ruleUserData": RuleUserData,
"sectionTitle": "xyz789",
"securityProfiles": [SecurityProfileValue],
"service": RuleServiceTraffic,
"shadowed": ShadowedStatus,
"source": RuleNetworkTraffic,
"sourceZone": RuleZoneTraffic,
"system": BasicSystem,
"tags": ["abc123"],
"time": RuleTimeTraffic,
"timeLastHit": DateTime,
"timeLastModified": DateTime,
"urlCategory": RuleUrlCategory,
"user": RuleUserTraffic,
"usersUsage": [UserUsage],
"version": 123,
"violationHighestSeverity": ViolationSeverity,
"violations": [RuleViolation],
"vpn": RuleVpnTraffic,
"zonesRelation": ZonesRelation,
"expirationDate": DateTime
}
RuleActionType
Type of action that will be performed by firewall if network traffic matches this rule
| Enum Value | Description |
|---|---|
|
|
Traffic specified by the rule will be allowed |
|
|
Traffic specified by the rule will not be allowed |
|
|
Traffic specified by the rule must be checked by other policy. See goToTarget parameter in Rule |
|
|
This usages is just a fallback for not supported data |
RuleApplicationTraffic
| Field Name | Description |
|---|---|
negated -
Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue -
ApplicationPredefinedValue
|
Predefined value for Any application |
typeDisplay -
String
|
RuleApplicationTraffic will always be of type "Application" |
values -
[RuleApplicationValue!]
|
List of network applications |
Example
{
"negated": true,
"predefinedValue": ApplicationPredefinedValue,
"typeDisplay": "abc123",
"values": [RuleApplicationValue]
}
RuleAppliedToObjects
"Applied to objects" definition for rule
| Field Name | Description |
|---|---|
predefinedValue -
AppliedToObjectsPredefinedValue
|
Value for predefined type (Any or No object) |
typeDisplay -
String
|
RuleAppliedToObjects will always be of type "Applied to objects" |
values -
[NetworkObject!]
|
List of device network objects |
Example
{
"predefinedValue": AppliedToObjectsPredefinedValue,
"typeDisplay": "abc123",
"values": [NetworkObject]
}
RuleExceptionConditionInput
Condition on Rules
| Input Field | Description |
|---|---|
rules -
[IdString!]!
|
List of Rule's ID. |
Example
{"rules": [IdString]}
RuleFlowsViolationData
The RuleFlowsViolationData entity holds data of the flows that are being violated by the rule
| Field Name | Description |
|---|---|
flowRestriction -
FlowUspRestriction
|
The FlowUspRestriction that was violated by this rule |
negatedViolatingDestination -
Boolean
|
True if violatingDestinationNetworkObjects is a negated value |
negatedViolatingSource -
Boolean
|
True if violatingSourceNetworkObjects is a negated value |
violatedFlowType -
FlowRestrictionType
|
The FlowRestrictionType that was violated by this rule |
violatingDestPredefinedValue -
NetworkPredefinedValue
|
The NetworkPredefinedValue of the destinationNetworkObjects that are violated by the rule |
violatingDestinationNetworkObjects -
[NetworkObject!]
|
The destination NetworkObjects that are violated by the rule |
violatingSourceNetworkObjects -
[NetworkObject!]
|
The source NetworkObjects that are violated by the rule |
violatingSourcePredefinedValue -
NetworkPredefinedValue
|
The NetworkPredefinedValue of the source NetworkObjects that are violated by the rule |
Example
{
"flowRestriction": FlowUspRestriction,
"negatedViolatingDestination": true,
"negatedViolatingSource": true,
"violatedFlowType": FlowRestrictionType,
"violatingDestPredefinedValue": NetworkPredefinedValue,
"violatingDestinationNetworkObjects": [NetworkObject],
"violatingSourceNetworkObjects": [NetworkObject],
"violatingSourcePredefinedValue": NetworkPredefinedValue
}
RuleInstallationTargetTraffic
Installation targets definition for rule
| Field Name | Description |
|---|---|
predefinedValue -
InstallationTargetPredefinedValue
|
Value for installation target of type Any |
typeDisplay -
String
|
RuleInstallationTargetTraffic will always be of type "Install On" |
values -
[NetworkObject!]
|
List of device network objects |
Example
{
"predefinedValue": InstallationTargetPredefinedValue,
"typeDisplay": "abc123",
"values": [NetworkObject]
}
RuleLogging
Rule logging definition
| Field Name | Description |
|---|---|
logProfile -
LogProfile
|
Logging profile name |
logged -
Boolean
|
If true, the rule logged on device |
timing -
RuleLoggingTiming
|
Specify when rule logging should start |
trackInterval -
Int
|
Interval (vendor specific) |
trackLevel -
RuleTrackLevel
|
Rule logging track level |
Example
{
"logProfile": LogProfile,
"logged": true,
"timing": RuleLoggingTiming,
"trackInterval": 987,
"trackLevel": RuleTrackLevel
}
RuleLoggingTiming
Specify when rule logging should start
| Enum Value | Description |
|---|---|
|
|
Log rule usage on both, session start and end |
|
|
Log rule usage on session end |
|
|
Log rule usage on session start |
RuleMatchCriterionType
Rule matching criterion. TOS uses this to match rule for a particular traffic risks discovery.
| Enum Value | Description |
|---|---|
|
|
Match network application defined in rule. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RuleNetworkTraffic
Network objects definition for rule source and destination fields
| Field Name | Description |
|---|---|
negated -
Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue -
NetworkPredefinedValue
|
Definition for network of type Any |
typeDisplay -
String
|
Network traffic direction in rule (Source, Destination) |
values -
[NetworkObject!]
|
List of device network objects |
Example
{
"negated": true,
"predefinedValue": NetworkPredefinedValue,
"typeDisplay": "abc123",
"values": [NetworkObject]
}
RuleOperationsMutation
Lets you create SecureChange tickets for rules modification, recertification or decommission
| Field Name | Description |
|---|---|
createTicketDraft -
CreateTicketDraftResult!
|
Create a ticket draft in SecureChange |
|
Arguments
|
|
Example
{"createTicketDraft": CreateTicketDraftResult}
RuleQuery
Query for Rule objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of Rule objects matching the specified filter. |
counts -
[CountsResult!]!
|
Gets the number of entities matching a filter, grouped by selected fields. |
|
Arguments
Limit results count to this amount. If no limit is explicitly set, the default limit is 100.
Results are grouped either by Device parameters or USP parameters. Fields that can be used to group the results: "vendor","device.id","device.name","violations.usp.name","violations.usp.id"
Sorts the results by the specified field. When not explicitly set, the default field is "GROUP"
Specifies whether the results should be sorted in ascending or descending order. When not explicitly set, the default order is "ASC" |
|
values -
[Rule!]!
|
A list of Rule objects matching the specified filter. |
Example
{
"count": Long,
"counts": [CountsResult],
"values": [Rule]
}
RuleSchedule
Schedule values for rule
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
endTime -
DateTime
|
End time |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
scheduledDays -
String
|
Days |
scheduledMonth -
String
|
Month |
scheduledMonthDays -
String
|
Days of month |
startTime -
DateTime
|
Start time |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
timePeriods -
[TimePeriodInDay!]
|
List of time periods |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"endTime": DateTime,
"id": ID,
"name": "abc123",
"scheduledDays": "abc123",
"scheduledMonth": "abc123",
"scheduledMonthDays": "abc123",
"startTime": DateTime,
"system": BasicSystem,
"timePeriods": [TimePeriodInDay],
"version": 987
}
RuleServiceTraffic
Network service objects definition for rule service field
| Field Name | Description |
|---|---|
negated -
Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue -
ServicePredefinedValue
|
Predefined value to define Any service |
typeDisplay -
String
|
RuleServiceTraffic will always be of type "Service" |
values -
[ServiceObject!]
|
List of device network services objects |
Example
{
"negated": true,
"predefinedValue": ServicePredefinedValue,
"typeDisplay": "abc123",
"values": [ServiceObject]
}
RuleTimeTraffic
Schedules definition for rule
| Field Name | Description |
|---|---|
predefinedValue -
SchedulePredefinedValue
|
Predefined value for schedule of type Any |
typeDisplay -
String
|
RuleTimeTraffic will always be of type "Time" |
values -
[RuleSchedule!]
|
List of schedules |
Example
{
"predefinedValue": SchedulePredefinedValue,
"typeDisplay": "abc123",
"values": [RuleSchedule]
}
RuleTrackLevel
Rule logging track level
| Enum Value | Description |
|---|---|
|
|
Update the log at given intervals |
|
|
Generate a log of type Alert and run a command |
|
|
Generate a log if immediate action is required |
|
|
Generate a log if functionality is affected |
|
|
Generate a log for debugging |
|
|
Default logging track level |
|
|
Logging is disabled |
|
|
Generate a log if system becomes unstable. |
|
|
Generate a log if there is an error condition exists and functionality could be affected |
|
|
Generate a log with general information about system operations |
|
|
Generate a log of type Alert and send an email to the administrator |
|
|
Generate a log with information about normal events |
|
|
This is the default Track option |
|
|
Do not generate a log |
|
|
Generate a log of type Alert and send an SNMP alert |
|
|
Generate a log of type Alert and send customized alerts |
|
|
Generate a log if functionality could be affected |
RuleTrafficViolationData
The RuleTrafficViolationData entity holds data of the traffic values that are being violated by the rule
| Field Name | Description |
|---|---|
trafficRestriction -
TrafficUspRestriction
|
The TrafficUspRestriction value that was violated by this rule |
violatedApplicationPredefinedValue -
ApplicationPredefinedValue
|
The ApplicationPredefinedValue that was violated by the rule |
violatedServicePredefinedValue -
ServicePredefinedValue
|
The ServicePredefinedValue that was violated by the rule |
violatingApplications -
[Application!]
|
A list of every Application that was violated by the rule |
violatingServices -
[Service!]
|
A list of every Service that was violated by this rule |
Example
{
"trafficRestriction": TrafficUspRestriction,
"violatedApplicationPredefinedValue": ApplicationPredefinedValue,
"violatedServicePredefinedValue": ServicePredefinedValue,
"violatingApplications": [Application],
"violatingServices": [Service]
}
RuleUrlCategory
URLs category with optional predefined value
| Field Name | Description |
|---|---|
predefinedValue -
UrlCategoryPredefinedValue
|
Predefined value for URL categories of type Any |
typeDisplay -
String
|
RuleUrlCategory will always be of type "URL category" |
values -
[UrlCategory!]
|
List of URLs categories |
Example
{
"predefinedValue": UrlCategoryPredefinedValue,
"typeDisplay": "xyz789",
"values": [UrlCategory]
}
RuleUsageStatus
Status of last hit check
| Enum Value | Description |
|---|---|
|
|
Last hit information has not been received for 3 days |
|
|
Last hit information is up-to-date |
RuleUserData
Additional information such as a description that can be customized
| Field Name | Description |
|---|---|
automationAttribute -
AutomationAttribute
|
Rule type (regular or stealth) |
certification -
Certification
|
Rule recertification is used to document and verify the need for a rule, often for standards compliance and auditing. |
ruleDescription -
String
|
Rule description. |
saApplications -
[SaApplication!]
|
List of SecureApp applications, associated to this rule. |
securechangeTicketInProgressId -
String
|
SecureChange ticket in progress |
technicalOwner -
User
|
Owner for the rule |
technicalOwnerName -
String
|
|
tickets -
[Ticket!]
|
List of tickets, opened for this rule. |
Example
{
"automationAttribute": AutomationAttribute,
"certification": Certification,
"ruleDescription": "abc123",
"saApplications": [SaApplication],
"securechangeTicketInProgressId": "xyz789",
"technicalOwner": User,
"technicalOwnerName": "abc123",
"tickets": [Ticket]
}
RuleUserDataMutation
Use this entity to update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rules.
| Field Name | Description |
|---|---|
createTicket -
CreateTicketResult!
|
Create a ticket for a rule. |
|
Arguments
|
|
deleteTickets -
DeleteTicketsResult!
|
Delete tickets. |
|
Arguments
|
|
updateRuleAutomationAttribute -
UpdateRuleAutomationAttributeResult!
|
Update an automation attribute for a rule. |
|
Arguments |
|
updateRuleDescription -
UpdateRuleDescriptionResult!
|
Update description for a rule. |
|
Arguments
|
|
updateRuleTechnicalOwner -
UpdateRuleTechnicalOwnerResult!
|
Update a technical owner for a rule. |
|
Arguments
|
|
updateTicket -
UpdateTicketResult!
|
Update a ticket. |
|
Arguments
|
|
Example
{
"createTicket": CreateTicketResult,
"deleteTickets": DeleteTicketsResult,
"updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
"updateRuleDescription": UpdateRuleDescriptionResult,
"updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
"updateTicket": UpdateTicketResult
}
RuleUserTraffic
Network users objects definition for rule user field
| Field Name | Description |
|---|---|
negated -
Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue -
UserPredefinedValue
|
Predefined values to define well known user behavior |
typeDisplay -
String
|
RuleUserTraffic will always be of type "User" |
values -
[RuleUserValue!]
|
List of device network users objects |
Example
{
"negated": false,
"predefinedValue": UserPredefinedValue,
"typeDisplay": "abc123",
"values": [RuleUserValue]
}
RuleViolatedProperty
The RuleViolatedProperty entity holds data of the property values that are being violated by the rule
| Field Name | Description |
|---|---|
propertyRestriction -
PropertyUspRestriction
|
The PropertyUspRestriction that was violated by this rule |
scalarValue -
String
|
A numeric value related to the violated property |
Example
{
"propertyRestriction": PropertyUspRestriction,
"scalarValue": "abc123"
}
RuleViolation
Contains data about Rule Violations. Violations can be filtered by rule, USP, source zone, destination zone, and type (flow, property or traffic).
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
exceptions -
[BasicUspExceptionInfo!]
|
|
flowsViolationData -
RuleFlowsViolationData
|
The RuleFlowsViolationData of the rule violation |
fromZoneMatchingObjects -
[NetworkObject!]
|
A list of every NetworkObject in the source zone |
id -
ID!
|
The internal unique identifier for this entity |
matchingDestinationPredefinedValue -
NetworkPredefinedValue
|
The network type of the destination zones as identified in the zoneToZoneMatcher entity |
matchingSourcePredefinedValue -
NetworkPredefinedValue
|
The network type of the source zones as identified in the zoneToZoneMatcher entity |
name -
String
|
This property is not supported |
negatedMatchingDestination -
Boolean
|
negatedMatchingDestination will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule destination with a negated value. The toZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation. |
negatedMatchingSource -
Boolean
|
negatedMatchingSource will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule source with a negated value. The fromZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation. |
propertyViolationData -
RuleViolatedProperty
|
A list of every RuleViolatedProperty that was violated by this rule |
requirement -
UspRequirement
|
A set of conditions that apply to a single pair of SecureTrack network zones relation (from-to) that will be enforced by the USP |
ruleViolationSeverity -
ViolationSeverity
|
The ViolationSeverity assigned to this violation by the USP |
timeCreated -
DateTime
|
The date and time that this violation first occurred |
toZoneMatchingObjects -
[NetworkObject!]
|
A list of every NetworkObject in the destination zone |
trafficViolationData -
RuleTrafficViolationData
|
The RuleTrafficViolationData of the rule violation |
usp -
BasicUspInfo
|
The ID of the USP that is violated by this rule |
violationOrigin -
[ViolationOrigin!]
|
This contains a list of every Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on and list of every SecurityPolicy that the rule evaluates |
zoneToZoneMatcher -
ZoneToZoneUspRequirementMatcher
|
The ZoneToZoneUspRequirementMatcher entity that identifies the source and destination zones violated by this rule |
Example
{
"changed": DateTime,
"exceptions": [BasicUspExceptionInfo],
"flowsViolationData": RuleFlowsViolationData,
"fromZoneMatchingObjects": [NetworkObject],
"id": ID,
"matchingDestinationPredefinedValue": NetworkPredefinedValue,
"matchingSourcePredefinedValue": NetworkPredefinedValue,
"name": "xyz789",
"negatedMatchingDestination": false,
"negatedMatchingSource": false,
"propertyViolationData": RuleViolatedProperty,
"requirement": UspRequirement,
"ruleViolationSeverity": ViolationSeverity,
"timeCreated": DateTime,
"toZoneMatchingObjects": [NetworkObject],
"trafficViolationData": RuleTrafficViolationData,
"usp": BasicUspInfo,
"violationOrigin": [ViolationOrigin],
"zoneToZoneMatcher": ZoneToZoneUspRequirementMatcher
}
RuleVpnTraffic
VPN communities definition for rule vpn field
| Field Name | Description |
|---|---|
predefinedValue -
VpnPredefinedValue
|
Value for VPN entity of type Any |
typeDisplay -
String
|
RuleVpnTraffic will always be of type "VPN" |
values -
[VpnCommunity!]
|
List of VPN communities |
Example
{
"predefinedValue": VpnPredefinedValue,
"typeDisplay": "abc123",
"values": [VpnCommunity]
}
RuleZoneTraffic
Network zones definition for rule sourceZone and destZone fields
| Field Name | Description |
|---|---|
predefinedValue -
ZonePredefinedValue
|
Any zone |
typeDisplay -
String
|
Rule zone traffic direction in rule (Source, Destination) |
values -
[Zone!]
|
List of network zones |
Example
{
"predefinedValue": ZonePredefinedValue,
"typeDisplay": "abc123",
"values": [Zone]
}
SchedulePredefinedValue
Predefined values for schedule of type Any
| Enum Value | Description |
|---|---|
|
|
Any schedule |
SecurityPolicy
Set of rules which define whether the traffic should be allowed access
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
comment -
String
|
A text comment associated with this entity Permission requires |
defaultAction -
RuleActionType
|
Default rule action (Allow, Deny, or Goto) Permission requires |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
installedOnTarget -
SecurityPolicyInstallationTargets
|
Firewalls where this security policy has been installed Permission requires |
interZoneAction -
RuleActionType
|
Rule action (Allow, Deny, or Goto) for external network zones Permission requires |
intraZoneAction -
RuleActionType
|
Rule action (Allow, Deny, or Goto) for internal network zones Permission requires |
ipType -
IpType
|
The type of IP address (for example IPv4 or IPv6) that this security policy uses |
name -
String
|
The name of the entity |
policyTags -
[String!]
|
List of tags Permission requires |
system -
BasicSystem
|
The system (root device) that this entity belongs to Permission requires |
type -
SecurityPolicyType!
|
The type of the security policy |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"defaultAction": RuleActionType,
"device": BasicDevice,
"id": ID,
"installedOnTarget": SecurityPolicyInstallationTargets,
"interZoneAction": RuleActionType,
"intraZoneAction": RuleActionType,
"ipType": IpType,
"name": "abc123",
"policyTags": ["abc123"],
"system": BasicSystem,
"type": SecurityPolicyType,
"version": 123
}
SecurityPolicyInstallationTargets
Firewalls and interfaces that use security policy.
| Field Name | Description |
|---|---|
fwModules -
[BasicDevice!]
|
Firewalls that use security policy. |
Example
{"fwModules": [BasicDevice]}
SecurityPolicyType
The type of the security policy, the policy type may be based on the device vendor
| Enum Value | Description |
|---|---|
|
|
Access Control List that rules are placed in. For example CISCO firewalls. |
|
|
The device group container that rules are placed in. For example, all Panorama firewalls could be placed in a group. |
|
|
|
|
|
Generic container for rules |
|
|
The Security Group that rules are placed in. For example Amazon public cloud. |
SecurityProfile
Security profile
| Field Name | Description |
|---|---|
category -
String
|
Category of this profile |
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"category": "xyz789",
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"version": 987
}
SecurityZone
Security zone.
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
If true, the security zone belongs to the 'All Domains' context. Permission requires |
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
domain -
Domain
|
The domain on which this security zone is configured. |
id -
ID!
|
The internal unique identifier for this entity. |
name -
String
|
Name of security zone. |
sharedInDomains -
[Domain!]
|
If the zone is shared and is exported to other domains, the list contains other domains that imported this zone. Permission requires |
Example
{
"appliedToAnyDomain": false,
"changed": DateTime,
"domain": Domain,
"id": ID,
"name": "xyz789",
"sharedInDomains": [Domain]
}
SecurityZoneQuery
Query for SecurityZone objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of SecurityZone objects matching the specified filter. |
values -
[SecurityZone!]!
|
A list of SecurityZone objects matching the specified filter. |
Example
{
"count": Long,
"values": [SecurityZone]
}
ServiceAndApplicationConditionInput
Condition on services or applications.
| Input Field | Description |
|---|---|
applications -
[ApplicationString!]
|
List of predefined applications names. |
services -
[ServiceExpressionString!]
|
List of services expressions. |
Example
{
"applications": [ApplicationString],
"services": [ServiceExpressionString]
}
ServiceExpressionString
A service expression. Can be either one of the known predefined services, or in a protocol format (TCP, UDP, Other, or ICMP).
Valid protocol input patterns:
- TCP
- TCP [port_number] (valid ports 0-65535)
- TCP [min_port]-[max_port] (valid ports 0-65535 where max_port must be greater or equal to min_port)
- Input as a String literal
Examples: "TCP","TCP 20", "TCP 30-40".
Example
object
ServicePredefinedValue
Predefined values to define Any service.
| Enum Value | Description |
|---|---|
|
|
Any service to use with IPv4 sources. |
|
|
Any service to use with IPv6 sources. |
|
|
Any service to use either with IPv4 or IPv6 sources. |
|
|
Default service point for the network application. |
ServicesAndApplicationsCondition
Condition on RuleViolations' services and applications - list of services expressions and applications names. The condition is satisfied if either services or applications intersect with RuleViolation's services or applications.
| Field Name | Description |
|---|---|
applicationNames -
[String!]
|
List of predefined application names. |
servicesExpressions -
[String!]
|
List of services expressions. |
Example
{"applicationNames": ["xyz789"], "servicesExpressions": ["abc123"]}
SessionUser
The entity containing the details of the current principle user in session
| Field Name | Description |
|---|---|
email -
String
|
User account details - the user's email address |
firstName -
String
|
User account details - first name |
id -
String
|
The unique immutable user identifier |
lastName -
String
|
User account details - last name |
permissions -
[Permission]
|
The set of system functions grants (by name) that are granted to the user |
username -
String
|
The unique name of the user (used for login) |
Example
{
"email": "xyz789",
"firstName": "xyz789",
"id": "xyz789",
"lastName": "xyz789",
"permissions": [Permission],
"username": "xyz789"
}
ShadowedStatus
This shows whether firewall could use the rule or there is upper rule that do the same.
| Enum Value | Description |
|---|---|
|
|
Firewall does not use the rule because there is upper rule that do the same. |
|
|
Firewall uses the rule. |
|
|
There are parts of rule that are already covered by upper rules. |
StepStatus
The status of a specific version-related calculation.
| Field Name | Description |
|---|---|
errorMessage -
String
|
The error message that was returned from the calculation process in case of failure. |
name -
String
|
The name of the calculation. |
status -
ProgressStatus
|
The status of the calculation. |
updated -
DateTime
|
The last time the calculation step was updated. |
Example
{
"errorMessage": "abc123",
"name": "abc123",
"status": ProgressStatus,
"updated": DateTime
}
String
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Subnet
Logical subdivision of an IP network.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
cidr -
Int
|
Specifies bit-length of the prefix in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
ip -
String
|
The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291). |
ipType -
IpType
|
The IP address this network has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
name -
String
|
The name of the entity |
netmask -
String
|
Define the class and range of Internet Protocol (IP) addresses. It will either take the form of an IPv4 or IPv6. |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"cidr": 987,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"ip": "abc123",
"ipType": IpType,
"name": "xyz789",
"netmask": "abc123",
"system": BasicSystem,
"version": 123
}
SupportingIP
Network element supports IP definition.
| Field Name | Description |
|---|---|
ipType -
IpType
|
The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
Example
{"ipType": IpType}
System
Root device that manages the dependent devices
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
deleted -
Boolean
|
Permission requires |
id -
ID!
|
The internal unique identifier for this entity |
ipAddress -
String
|
IP address of the root device Permission requires |
model -
ModelName
|
Model of this device |
modelDisplayName -
String
|
Model name of this device |
monitoredByOPMAgent -
Boolean
|
True indicates that the system monitored by OPM agent |
name -
String
|
The name of the entity |
opmAgentId -
String
|
Open policy management (OPM) agent ID Permission requires |
systemFields -
[SystemFieldValue!]
|
System specific text fields Permission requires |
vendor -
VendorName
|
Vendor type of this device |
Example
{
"changed": DateTime,
"deleted": false,
"id": ID,
"ipAddress": "xyz789",
"model": ModelName,
"modelDisplayName": "abc123",
"monitoredByOPMAgent": true,
"name": "abc123",
"opmAgentId": "abc123",
"systemFields": [SystemFieldValue],
"vendor": VendorName
}
SystemField
| Field Name | Description |
|---|---|
fieldType -
SystemFieldType
|
Field type |
mandatory -
Boolean
|
True indicates that the System Field is required |
name -
String
|
Field name |
Example
{
"fieldType": SystemFieldType,
"mandatory": true,
"name": "abc123"
}
SystemFieldInput
System field type definition
| Input Field | Description |
|---|---|
fieldType -
SystemFieldType!
|
Field type |
mandatory -
Boolean!
|
True indicates that the System Field Value is required |
name -
Name!
|
Field name |
Example
{
"fieldType": SystemFieldType,
"mandatory": false,
"name": Name
}
SystemFieldType
| Enum Value | Description |
|---|---|
|
|
Text that will be encrypted by the application, and will be displayed as "Null" in the query results |
|
|
Non-encrypted text |
SystemFieldValue
System field definition
| Field Name | Description |
|---|---|
fieldType -
SystemFieldType
|
Field type |
mandatory -
Boolean
|
True indicates that the System Field Value is required |
name -
String
|
Field name |
value -
String
|
Text value |
Example
{
"fieldType": SystemFieldType,
"mandatory": false,
"name": "abc123",
"value": "abc123"
}
SystemFieldValueInput
System field definition
| Input Field | Description |
|---|---|
field -
SystemFieldInput!
|
Field type |
value -
FreeText!
|
Text value |
Example
{
"field": SystemFieldInput,
"value": FreeText
}
SystemMutation
| Field Name | Description |
|---|---|
createSystem -
CreateSystemResult!
|
Create system |
|
Arguments
|
|
deleteSystem -
DeleteSystemResult!
|
Delete system |
|
Arguments
|
|
updateSystem -
UpdateSystemResult!
|
Update system |
|
Arguments
|
|
Example
{
"createSystem": CreateSystemResult,
"deleteSystem": DeleteSystemResult,
"updateSystem": UpdateSystemResult
}
SystemProperties
| Field Name | Description |
|---|---|
modelDisplayName -
String
|
Device model name |
systemFields -
[SystemField!]
|
System specific text fields |
Example
{
"modelDisplayName": "abc123",
"systemFields": [SystemField]
}
SystemQuery
Query for System objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of System objects matching the specified filter. |
values -
[System!]!
|
A list of System objects matching the specified filter. |
Example
{"count": Long, "values": [System]}
Ticket
| Field Name | Description |
|---|---|
automatic -
Boolean
|
|
businessOwner -
String
|
The owner of the ticket |
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
|
email -
String
|
Contact email |
externalUrl -
String
|
|
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
originTicketId -
String
|
Ticket identifier |
secureChangeTicket -
Boolean
|
If true, it is a ticket originated by SecureChange |
timeCreation -
DateTime
|
|
timeExpiration -
DateTime
|
Ticket expiration date |
Example
{
"automatic": false,
"businessOwner": "xyz789",
"changed": DateTime,
"comment": "abc123",
"email": "xyz789",
"externalUrl": "abc123",
"id": ID,
"name": "abc123",
"originTicketId": "xyz789",
"secureChangeTicket": false,
"timeCreation": DateTime,
"timeExpiration": DateTime
}
TrafficUspRestriction
A condition that defines the allowed traffic from one SecureTrack network zone to another.
| Field Name | Description |
|---|---|
applicationNames -
[String!]
|
List of predefined applications names. |
restrictionType -
RestrictionType
|
Traffic USP restriction will always be of type "Traffic". |
servicesExpressions -
[String!]
|
List of either predefined services names or custom services defined by protocol and port ("TCP 10-20" or "UDP 80" for example). The supported protocols are:
|
trafficUspRestrictionType -
TrafficUspRestrictionType
|
The traffic restriction type (Allow only, Block only, Allow all, Block all). |
Example
{
"applicationNames": ["xyz789"],
"restrictionType": RestrictionType,
"servicesExpressions": ["xyz789"],
"trafficUspRestrictionType": TrafficUspRestrictionType
}
TrafficUspRestrictionInput
Traffic USP restriction (TrafficUspRestriction).
| Input Field | Description |
|---|---|
applicationNames -
[ApplicationString!]
|
Application names. |
servicesExpressions -
[ServiceExpressionString!]
|
Services expressions. |
type -
TrafficUspRestrictionType!
|
Traffic USP restriction type ( |
Example
{
"applicationNames": [ApplicationString],
"servicesExpressions": [ServiceExpressionString],
"type": TrafficUspRestrictionType
}
TrafficUspRestrictionType
Enumeration of valid traffic restriction types.
| Enum Value | Description |
|---|---|
|
|
All traffic is allowed. |
|
|
Traffic is permitted only for the provided services or applications. |
|
|
No traffic is allowed. |
|
|
Traffic is prohibited only for the provided services or applications. |
TransportService
Service definition
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
maxPort -
Int
|
The last service port number in range, including |
minPort -
Int
|
The first service port number in range, including |
name -
String
|
The name of the entity |
negated -
Boolean
|
Rule will use all service ports, except specified in minPort and maxPort in case this value is
true
|
protocol -
TransportServiceProtocol
|
Service protocol name. For example: FTP |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"maxPort": 987,
"minPort": 987,
"name": "abc123",
"negated": true,
"protocol": TransportServiceProtocol,
"system": BasicSystem,
"version": 987
}
TransportServiceProtocol
Division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model.
| Enum Value | Description |
|---|---|
|
|
Stream Control Transmission Protocol (SCTP). |
|
|
Transmission Control Protocol (TCP). |
|
|
User Datagram Protocol (UDP). |
TrendQueryInput
The TrendQueryInput displays information from the metric ID parameter, over time.
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
If true, the metric will be collected from all the system domains. If false, the metric will be collected only from specified domains. |
domain -
IdString
|
The domain ID associated with the query. |
metricId -
FreeText!
|
The parameter that will be displayed in the trend query for the defined time span. Should be one of: disabled_rules, unused_rules, fully_shadowed_rules, rules_violation_highest_severity_low, rules_violation_highest_severity_medium, rules_violation_highest_severity_high, rules_violation_highest_severity_critical |
timeSpan -
Int!
|
The number of days included in the trend query, counted from the day before the current day. |
Example
{
"appliedToAnyDomain": true,
"domain": IdString,
"metricId": FreeText,
"timeSpan": 987
}
TrendResult
Returns the query status, and the set of values collected for the metric over the time span defined.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of the trend request. |
timedCounts -
[TimedCount!]!
|
The complete result of the trend query, presented as a list of dates and values. |
Example
{
"resultStatus": ResultStatus,
"timedCounts": [TimedCount]
}
UpdateDeviceInclusionInCalculationInput
Updates whether the device is included in the violation calculation
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
deviceId -
IdString!
|
The Device ID |
domain -
IdString
|
The ID of the domain that the violation calculation is applied to. Note: If |
include -
Boolean!
|
Indicates whether the device is included or excluded from violation calculation |
Example
{
"appliedToAnyDomain": true,
"deviceId": IdString,
"domain": IdString,
"include": false
}
UpdateDeviceInclusionInCalculationResult
Returns the status result when updating whether the device is included in the violation calculation
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of request to update whether the device is included in the violation calculation |
Example
{"resultStatus": ResultStatus}
UpdateProtectionModeInput
Updates the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface.
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
deviceId -
IdString!
|
The Device ID |
domain -
IdString
|
The ID of the domain that the protection mode will be updated for. Note: If |
protectionMode -
ProtectionMode!
|
The |
Example
{
"appliedToAnyDomain": true,
"deviceId": IdString,
"domain": IdString,
"protectionMode": ProtectionMode
}
UpdateProtectionModeResult
Returns the status result when updating the protection mode of a Device to the type of SecureTrack network zones that will be used in the violation calculation
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of request to update the protection mode of Device to the type of SecureTrack network zones that will be used in the violation calculation |
Example
{"resultStatus": ResultStatus}
UpdateRuleAutomationAttributeInput
Update the automation attribute for a rule.
| Input Field | Description |
|---|---|
automationAttribute -
AutomationAttribute
|
Automation attribute to update. |
ids -
[IdString!]!
|
List of affected rule IDs. |
Example
{
"automationAttribute": AutomationAttribute,
"ids": [IdString]
}
UpdateRuleAutomationAttributeResult
Returns the status results when updating automation attribute for a rule.
| Field Name | Description |
|---|---|
ids -
[ID!]!
|
IDs of the updated rules. |
resultStatus -
ResultStatus!
|
Result of the operation. |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
UpdateRuleDescriptionInput
Update description for a rule.
| Input Field | Description |
|---|---|
description -
FreeText
|
Description to update. |
ids -
[IdString!]!
|
List of affected rule IDs. |
Example
{
"description": FreeText,
"ids": [IdString]
}
UpdateRuleDescriptionResult
Returns the status results when updating the description for a rule.
| Field Name | Description |
|---|---|
ids -
[ID!]
|
IDs of updated rules. |
resultStatus -
ResultStatus!
|
Result of the operation. |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
UpdateRuleTechnicalOwnerInput
Update the technical owner for a rule.
| Input Field | Description |
|---|---|
ids -
[IdString!]!
|
List of affected rule IDs. |
technicalOwnerId -
IdString
|
The ID of the technical owner to update. |
Example
{
"ids": [IdString],
"technicalOwnerId": IdString
}
UpdateRuleTechnicalOwnerResult
Returns the status results when updating the technical owner for a rule.
| Field Name | Description |
|---|---|
ids -
[ID!]!
|
IDs of updated rules. |
resultStatus -
ResultStatus!
|
Result of the operation. |
Example
{
"ids": [ID],
"resultStatus": ResultStatus
}
UpdateSystemInput
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
This property is not currently supported |
domain -
IdString
|
This property is not currently supported |
id -
IdString!
|
Systems ID to update |
ipAddress -
IpAddressString
|
IP address of the root device |
name -
Name!
|
System name |
properties -
[SystemFieldValueInput!]
|
System properties |
Example
{
"appliedToAnyDomain": true,
"domain": IdString,
"id": IdString,
"ipAddress": IpAddressString,
"name": Name,
"properties": [SystemFieldValueInput]
}
UpdateSystemResult
| Field Name | Description |
|---|---|
id -
ID
|
Application internal ID of updated system |
resultStatus -
ResultStatus!
|
Result of the operation |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UpdateTicketInput
Update a ticket for a rule.
| Input Field | Description |
|---|---|
businessOwner -
FreeText
|
Business owner name for a rule. |
comment -
FreeText
|
Comment for a ticket. |
email -
EmailAddress
|
Business owner Email address for a rule. |
expirationDate -
DateTime
|
Expiration date for a ticket. |
externalUrl -
URL
|
External URL for a ticket. |
id -
IdString!
|
ID of the ticket to update. |
originTicketId -
FreeText!
|
ID information of the ticket to update. |
secureChangeTicket -
Boolean
|
Example
{
"businessOwner": FreeText,
"comment": FreeText,
"email": EmailAddress,
"expirationDate": DateTime,
"externalUrl": URL,
"id": IdString,
"originTicketId": FreeText,
"secureChangeTicket": true
}
UpdateTicketResult
Returns the status results when updating a ticket for a rule.
| Field Name | Description |
|---|---|
id -
ID
|
ID of the updated ticket. |
resultStatus -
ResultStatus!
|
Result of the operation. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UpdateUserTQLSearchInput
Update a TQL query
| Input Field | Description |
|---|---|
description -
FreeText
|
Description of the query |
id -
IdString!
|
Unique identifier of the query |
name -
Name!
|
Name of the query |
public -
Boolean!
|
If true, the query is public |
query -
String!
|
TQL expression saved as part of the query |
Example
{
"description": FreeText,
"id": IdString,
"name": Name,
"public": true,
"query": "abc123"
}
UpdateUserTQLSearchResult
Returns the status results when updating a TQL query
| Field Name | Description |
|---|---|
id -
ID
|
Unique identifier of the updated query |
resultStatus -
ResultStatus!
|
Result of the operation |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UpdateUspAlertConfigInput
Update a USP alert.
| Input Field | Description |
|---|---|
allDevices -
Boolean!
|
If set to True, the devicesIds field is ignored and this alert applies to all devices. |
allUsps -
Boolean!
|
If set to True, the uspId field is ignored and this alert applies to all USPs. |
description -
FreeText
|
Alert description. |
devicesIds -
[IdString!]
|
This alert applies only for the specified devices. Add a list Device IDs. |
disabled -
Boolean!
|
Set to true to disable this alert. |
externalRecipientsEmails -
[EmailAddress!]
|
Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users. |
id -
IdString!
|
ID of the alert you want to update. |
name -
Name!
|
Alert name. |
recipientsIds -
[IdString!]
|
Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user. |
severities -
[ViolationSeverity!]!
|
This alert is sent for violations of all the selected severities. |
syslogEnabled -
Boolean!
|
Set to True if syslog the alert should also be sent via syslog. |
uspId -
IdString
|
This alert applies only to the specified USP. Add a single USP ID only. |
Example
{
"allDevices": true,
"allUsps": true,
"description": FreeText,
"devicesIds": [IdString],
"disabled": true,
"externalRecipientsEmails": [EmailAddress],
"id": IdString,
"name": Name,
"recipientsIds": [IdString],
"severities": [ViolationSeverity],
"syslogEnabled": true,
"uspId": IdString
}
UpdateUspAlertConfigResult
Returns the status results when updating a new USP alert.
| Field Name | Description |
|---|---|
id -
ID
|
ID of the updated alert. |
resultStatus -
ResultStatus!
|
Status of request to update a USP alert. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UpdateUspInput
Updates an existing USP.
| Input Field | Description |
|---|---|
description -
FreeText
|
USP description. |
id -
IdString!
|
USP ID. |
name -
Name!
|
USP name. |
securityZonesIds -
[IdString!]!
|
The USP updated SecureTrack network zones IDs. Zones that are in this list this does not exist in the USP will be added. Zones that are not in this list and appear in the USP will be deleted. Zones that are in this list and appear in the USP will remain. |
Example
{
"description": FreeText,
"id": IdString,
"name": Name,
"securityZonesIds": [IdString]
}
UpdateUspRequirementInput
Updates a USP requirement.
| Input Field | Description |
|---|---|
description -
FreeText
|
Requirement description. |
destSecurityZoneId -
IdString!
|
Requirement's destination SecureTrack network zone (to zone). |
restrictions -
UspRestrictionsInput!
|
Requirement restriction. |
severity -
ViolationSeverity!
|
Requirement severity. |
srcSecurityZoneId -
IdString!
|
Requirement's source SecureTrack network zone (from zone). |
uspId -
IdString!
|
USP ID. |
Example
{
"description": FreeText,
"destSecurityZoneId": IdString,
"restrictions": UspRestrictionsInput,
"severity": ViolationSeverity,
"srcSecurityZoneId": IdString,
"uspId": IdString
}
UpdateUspRequirementResult
Returns the status results when updating a USP requirement.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of request to updating a USP requirement. |
Example
{"resultStatus": ResultStatus}
UpdateUspResult
Returns the status results when updating a USP.
| Field Name | Description |
|---|---|
id -
ID
|
USP ID. |
resultStatus -
ResultStatus!
|
Status of request to update a USP. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UpdateUspRuleExceptionInput
| Input Field | Description |
|---|---|
approver -
FreeText
|
|
description -
FreeText
|
|
disabled -
Boolean!
|
|
endDate -
Date
|
|
id -
IdString!
|
|
name -
Name!
|
|
rules -
RuleExceptionConditionInput!
|
|
startDate -
Date
|
|
ticketId -
FreeText
|
|
usps -
[UspExceptionConditionInput!]
|
Example
{
"approver": FreeText,
"description": FreeText,
"disabled": false,
"endDate": "2021-10-11T18:10:26.484Z",
"id": IdString,
"name": Name,
"rules": RuleExceptionConditionInput,
"startDate": "2022-04-11T18:10:26.484Z",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
UpdateUspRuleExceptionResult
| Field Name | Description |
|---|---|
id -
ID
|
|
resultStatus -
ResultStatus!
|
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UpdateUspTrafficExceptionInput
Update a UspException.
| Input Field | Description |
|---|---|
approver -
FreeText
|
User that approved the |
description -
FreeText
|
UspException description. |
destinations -
[IpAddressString!]
|
|
disabled -
Boolean!
|
Set to true to disable this |
endDate -
Date
|
Last date that the UspException is active. |
id -
IdString!
|
UspException ID. |
name -
Name!
|
UspException name. |
servicesAndApplications -
ServiceAndApplicationConditionInput
|
|
sources -
[IpAddressString!]
|
|
startDate -
Date
|
First date that the |
ticketId -
FreeText
|
SecureChange ticket ID. |
usps -
[UspExceptionConditionInput!]
|
Example
{
"approver": FreeText,
"description": FreeText,
"destinations": [IpAddressString],
"disabled": true,
"endDate": "2022-04-11T18:10:26.484Z",
"id": IdString,
"name": Name,
"servicesAndApplications": ServiceAndApplicationConditionInput,
"sources": [IpAddressString],
"startDate": "2022-04-11T18:10:26.484Z",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
UpdateUspTrafficExceptionResult
Returns the status results when updating a UspException.
| Field Name | Description |
|---|---|
id -
ID
|
Updated UspException ID. |
resultStatus -
ResultStatus!
|
Status of request to update a UspException. |
Example
{
"id": ID,
"resultStatus": ResultStatus
}
UrlCategory
The category of the URL as determined by the device
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
urls -
[String!]
|
List of URLs |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"urls": ["abc123"],
"version": 987
}
UrlCategoryPredefinedValue
Predefined values for URL categories of type Any
| Enum Value | Description |
|---|---|
|
|
Any URL category |
User
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
email -
String
|
Permission requires |
firstName -
String
|
|
id -
ID!
|
The internal unique identifier for this entity |
lastName -
String
|
|
name -
String
|
The name of the entity |
Example
{
"changed": DateTime,
"email": "xyz789",
"firstName": "abc123",
"id": ID,
"lastName": "xyz789",
"name": "xyz789"
}
UserPredefinedValue
Predefined values to define well known user behavior
| Enum Value | Description |
|---|---|
|
|
All users existed on device |
|
|
Any user |
|
|
Already authenticated user |
|
|
Guest, not authenticated user |
UserQuery
UserTQLSearch
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
If true, the query belongs to the 'All Domains' context. |
changed -
DateTime
|
The most recent time that this entity was directly modified |
description -
String
|
Description of the query |
domain -
Domain
|
Domain in which the query was saved. |
id -
ID!
|
Unique identifier of the query |
name -
String
|
Name of the query |
owner -
User!
|
User info of the query creator |
public -
Boolean!
|
if true the query is public |
query -
String!
|
TQL expression saved as part of the query |
timeCreation -
DateTime!
|
Date query was created |
type -
TQLSearchType!
|
The entity returned by the query |
Example
{
"appliedToAnyDomain": true,
"changed": DateTime,
"description": "xyz789",
"domain": Domain,
"id": ID,
"name": "abc123",
"owner": User,
"public": true,
"query": "xyz789",
"timeCreation": DateTime,
"type": TQLSearchType
}
UserTQLSearchMutation
The userTQLSearch entity lets you create, update, or delete saved TQL queries
| Field Name | Description |
|---|---|
changeUserTQLSearchesOwner -
ChangeUserTQLSearchesOwnerResult!
|
Change the owner of multiple TQL queries in bulk |
|
Arguments
|
|
createUserTQLSearch -
CreateUserTQLSearchResult!
|
Create and save a TQL query |
|
Arguments
|
|
deleteUserTQLSearch -
DeleteUserTQLSearchResult!
|
Delete saved TQL queries |
|
Arguments
|
|
updateUserTQLSearch -
UpdateUserTQLSearchResult!
|
Edit and save a TQL query |
|
Arguments
|
|
Example
{
"changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
"createUserTQLSearch": CreateUserTQLSearchResult,
"deleteUserTQLSearch": DeleteUserTQLSearchResult,
"updateUserTQLSearch": UpdateUserTQLSearchResult
}
UserTQLSearchQuery
Query for UserTQLSearch objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of UserTQLSearch objects matching the specified filter. |
values -
[UserTQLSearch!]!
|
A list of UserTQLSearch objects matching the specified filter. |
Example
{
"count": Long,
"values": [UserTQLSearch]
}
UserUsage
Object which represents usage information of users on the rule
| Field Name | Description |
|---|---|
timeLastHit -
DateTime
|
Represents time when traffic was recorded for the user |
usageStatus -
UserUsageStatus
|
Contains error information why traffic on user was not captured or CONFIGURED otherwise |
user -
RuleUserValue
|
The identity of the user |
Example
{
"timeLastHit": DateTime,
"usageStatus": UserUsageStatus,
"user": RuleUserValue
}
UserUsageStatus
| Enum Value | Description |
|---|---|
|
|
Status of last hit for user |
|
|
Last hit information cannot be shown because an LDAP communication error occurred |
|
|
To display last hit information for users, configure LDAP in Admin -> Configuration -> User Identity |
|
|
This user is not found in the LDAP server configured in SecureTrack |
UserWorkflow
The UserWorkflow entity describes a SecureChange workflow. A workflow is a set of steps to complete a change request. For example, rule modification, recertification, or decommission.
| Field Name | Description |
|---|---|
description -
String!
|
The workflow description. |
name -
String!
|
The workflow name. |
type -
WorkFlowType!
|
The workflow type. |
Example
{
"description": "xyz789",
"name": "abc123",
"type": WorkFlowType
}
UserWorkflowsQuery
Returns a list of all SecureChange workflows assigned to the current user.
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
|
values -
[UserWorkflow!]!
|
Example
{
"resultStatus": ResultStatus,
"values": [UserWorkflow]
}
Usp
The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
Permission requires |
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
description -
String
|
Description of the USP. |
differentZonesDefaultRestrictions -
UspRestrictions
|
Configures default restrictions on security rules for different zones in source and destination. |
domain -
Domain
|
Domain of the USP. Permission requires |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
Name of the USP. |
requirements -
[UspRequirement!]
|
Set of conditions that apply to each USP matched entity (typically a source zone and destination zone) that will be enforced by the rule. Permission requires |
sameZoneDefaultRestrictions -
UspRestrictions
|
Configures default restrictions on security rules for the same zone in source and destination. |
securityZones -
[SecurityZone!]
|
SecureTrack zones that the USP enforces. Permission requires |
Example
{
"appliedToAnyDomain": true,
"changed": DateTime,
"description": "abc123",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": ID,
"name": "xyz789",
"requirements": [UspRequirement],
"sameZoneDefaultRestrictions": UspRestrictions,
"securityZones": [SecurityZone]
}
UspAlertConfig
The UspAlertConfig entity shows the current configuration of a USP alert. Alerts can be configured to trigger when they meet the specific conditions you desire, including: a specific USP, a list of specific devices, and specific severity levels. Alerts can be sent via one or more of the following: to SecureTrack users, to external email addresses, and via syslog. Alerts can be disabled or enabled at any time. See AlertsConfigMutation for the complete list of supported configuration options. Permission requires
| Field Name | Description |
|---|---|
allDevices -
Boolean
|
If True, the devicesIds field is ignored and this alert applies to all devices. |
allUsps -
Boolean
|
If True, the uspId field is ignored and this alert applies to all USPs. |
appliedToAnyDomain -
Boolean
|
|
changed -
DateTime
|
The most recent time that this entity was directly modified |
description -
String
|
Alert description. |
devices -
[Device!]
|
This alert applies only for the specified devices. |
disabled -
Boolean
|
If True, the alert is disabled and will not be triggered. |
domain -
Domain
|
|
externalRecipientsEmails -
[String!]
|
Email addresses that will receive this alert. |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
recipients -
[User!]
|
SecureTrack User IDs that will receive this alert. |
syslogEnabled -
Boolean
|
If True, the alert will be sent via syslog. |
timeCreated -
DateTime
|
Date alert was created. |
usp -
Usp
|
This alert applies only to the specified USP. |
valid -
Boolean
|
If False, the alert is no longer valid. An alert becomes invalid if all recipients, or all specified devices, or the USP is removed from SecureTrack. |
violationSeverities -
[ViolationSeverity!]
|
This alert is sent for violations of all the selected severities. |
Example
{
"allDevices": false,
"allUsps": false,
"appliedToAnyDomain": false,
"changed": DateTime,
"description": "xyz789",
"devices": [Device],
"disabled": false,
"domain": Domain,
"externalRecipientsEmails": ["abc123"],
"id": ID,
"name": "abc123",
"recipients": [User],
"syslogEnabled": true,
"timeCreated": DateTime,
"usp": Usp,
"valid": true,
"violationSeverities": [ViolationSeverity]
}
UspAlertConfigQuery
Query for UspAlertConfig objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of UspAlertConfig objects matching the specified filter. |
values -
[UspAlertConfig!]!
|
A list of UspAlertConfig objects matching the specified filter. |
Example
{
"count": Long,
"values": [UspAlertConfig]
}
UspCondition
Condition on RuleViolations' Usps and SecurityZone pairs. If no SecureTrack zone pairs are configured in the condition, condition is satisfied for all RuleViolations of the given USP.
| Field Name | Description |
|---|---|
usp -
Usp
|
Usp name. |
zonePairs -
[ZonePair!]
|
Pairs of SecureTrack zones of the given usp. |
Example
{
"usp": Usp,
"zonePairs": [ZonePair]
}
UspException
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
Permission requires |
approver -
String
|
User that approved the UspException. Permission requires |
changed -
DateTime
|
The date that this UspException entity was last changed. Permission requires |
creator -
String
|
Username of UspException creator. Permission requires |
description -
String
|
UspException description. |
disabled -
Boolean
|
If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires |
domain -
Domain
|
Permission requires |
id -
ID!
|
The internal unique identifier for this entity. |
invalid -
Boolean
|
If true, the USP exception is not valid. Permission requires |
name -
String
|
UspException unique name. |
ticketId -
String
|
SecureChange ticket ID. Permission requires |
timeCreated -
DateTime
|
Date UspException was created. Permission requires |
timeEnd -
DateTime
|
Last date that the UspException is active. Permission requires |
timeStart -
DateTime
|
First date that the UspException is active. Permission requires |
usps -
[UspCondition!]
|
UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires |
Example
{
"appliedToAnyDomain": true,
"approver": "xyz789",
"changed": DateTime,
"creator": "abc123",
"description": "abc123",
"disabled": false,
"domain": Domain,
"id": ID,
"invalid": true,
"name": "abc123",
"ticketId": "xyz789",
"timeCreated": DateTime,
"timeEnd": DateTime,
"timeStart": DateTime,
"usps": [UspCondition]
}
UspExceptionConditionInput
Condition on USPs and SecureTrack zone pairs.
| Input Field | Description |
|---|---|
uspId -
IdString!
|
USP ID. |
zones -
[ZonePairInput!]
|
SecureTrack zone pairs. |
Example
{
"uspId": IdString,
"zones": [ZonePairInput]
}
UspExceptionMutation
The UspExceptionMutation entity lets you create, update or delete UspExceptions.
| Field Name | Description |
|---|---|
addRulesToRuleException -
AddRulesToRuleExceptionResult!
|
|
|
Arguments
|
|
createUspRuleException -
CreateUspRuleExceptionResult!
|
|
|
Arguments
|
|
createUspTrafficException -
CreateUspTrafficExceptionResult!
|
Create a UspException. |
|
Arguments
|
|
deleteUspExceptions -
DeleteUspExceptionResult!
|
Delete one or more UspExceptions. |
|
Arguments
|
|
updateUspRuleException -
UpdateUspRuleExceptionResult!
|
|
|
Arguments
|
|
updateUspTrafficException -
UpdateUspTrafficExceptionResult!
|
Update a UspException. |
|
Arguments
|
|
Example
{
"addRulesToRuleException": AddRulesToRuleExceptionResult,
"createUspRuleException": CreateUspRuleExceptionResult,
"createUspTrafficException": CreateUspTrafficExceptionResult,
"deleteUspExceptions": DeleteUspExceptionResult,
"updateUspRuleException": UpdateUspRuleExceptionResult,
"updateUspTrafficException": UpdateUspTrafficExceptionResult
}
UspExceptionQuery
Query for UspException objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of UspException objects matching the specified filter. |
values -
[UspException!]!
|
A list of UspException objects matching the specified filter. |
Example
{
"count": Long,
"values": [UspException]
}
UspMutation
The UspMutation entity lets you create, update or delete USPs.
| Field Name | Description |
|---|---|
addSecurityZonesToUsp -
AddSecurityZonesToUspResult!
|
Add SecureTrack network zones to an existing USP. |
|
Arguments
|
|
createPredefinedUsp -
CreatePredefinedUspResult!
|
Create a USP based on a regulation template. |
|
Arguments
|
|
createUsp -
CreateUspResult!
|
Create a USP. |
|
Arguments
|
|
deleteUsp -
DeleteUspResult!
|
Delete one or more USPs. |
|
Arguments
|
|
removeSecurityZonesFromUsp -
RemoveSecurityZonesFromUspResult!
|
Remove SecureTrack network zones to an existing USP. |
|
Arguments
|
|
updateUsp -
UpdateUspResult!
|
Update a USP. |
|
Arguments
|
|
updateUspRequirement -
UpdateUspRequirementResult!
|
Create a USP requirement. |
|
Arguments
|
|
Example
{
"addSecurityZonesToUsp": AddSecurityZonesToUspResult,
"createPredefinedUsp": CreatePredefinedUspResult,
"createUsp": CreateUspResult,
"deleteUsp": DeleteUspResult,
"removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
"updateUsp": UpdateUspResult,
"updateUspRequirement": UpdateUspRequirementResult
}
UspQuery
UspRequirement
The requirements that apply to a specific USP matched entity (typically a source zone and a destination zone), that will be enforced by this rule.
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
This property is not supported for this entity. |
restrictions -
UspRestrictions
|
A set of properties that make up a restriction for a specific USP matched entity (typically a source zone and a destination zone). To be compliant, a rule must meet all restrictions. |
severity -
ViolationSeverity
|
The severity (low, medium, high, critical) of a rule violation. |
usp -
BasicUspInfo
|
|
uspRequirementDescription -
String
|
Description of the USP requirement. |
zoneToZoneUspRequirementMatcher -
ZoneToZoneUspRequirementMatcher
|
This describes matching criteria for USP requirement. |
Example
{
"changed": DateTime,
"id": ID,
"name": "xyz789",
"restrictions": UspRestrictions,
"severity": ViolationSeverity,
"usp": BasicUspInfo,
"uspRequirementDescription": "abc123",
"zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}
UspRequirementQuery
Query for UspRequirement objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of UspRequirement objects matching the specified filter. |
values -
[UspRequirement!]!
|
A list of UspRequirement objects matching the specified filter. |
Example
{
"count": Long,
"values": [UspRequirement]
}
UspRestriction
A condition to be enforced on security rules.
| Field Name | Description |
|---|---|
restrictionType -
RestrictionType
|
Restriction type. |
Example
{"restrictionType": RestrictionType}
UspRestrictions
A set of properties that make up a restriction for a specific matched entity (typically a source zone and a destination zone) in a USP. To be compliant, a rule must meet all USP restrictions.
| Field Name | Description |
|---|---|
destinationIpsMaxCountRestriction -
PropertyUspRestriction
|
Maximum number of IP address allowed in the rule's destination. |
explicitDestinationRestriction -
PropertyUspRestriction
|
Rules must have an explicit destination, not the ANY value. |
explicitServiceRestriction -
PropertyUspRestriction
|
Rules must have an explicit service, not the ANY value. |
explicitSourceRestriction -
PropertyUspRestriction
|
Rules must have an explicit source, not the ANY value. |
flowUspRestriction -
FlowUspRestriction
|
Flow restriction (Host to Host, Subnet to Host, or Host to Subnet). |
lastHitMaxValRestriction -
PropertyUspRestriction
|
Maximum number of days in which the rule must have had a hit. |
mandatoryCommentRestriction -
PropertyUspRestriction
|
Rules must have text in the comment field. |
mandatoryLogRestriction -
PropertyUspRestriction
|
Rules must be configured to create log entries. |
servicesMaxCountRestriction -
PropertyUspRestriction
|
Maximum number of services allowed. |
sourceIpsMaxCountRestriction -
PropertyUspRestriction
|
Maximum number of IP address allowed in the rule's source. |
trafficUspRestriction -
TrafficUspRestriction
|
Traffic access that is permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all). |
Example
{
"destinationIpsMaxCountRestriction": PropertyUspRestriction,
"explicitDestinationRestriction": PropertyUspRestriction,
"explicitServiceRestriction": PropertyUspRestriction,
"explicitSourceRestriction": PropertyUspRestriction,
"flowUspRestriction": FlowUspRestriction,
"lastHitMaxValRestriction": PropertyUspRestriction,
"mandatoryCommentRestriction": PropertyUspRestriction,
"mandatoryLogRestriction": PropertyUspRestriction,
"servicesMaxCountRestriction": PropertyUspRestriction,
"sourceIpsMaxCountRestriction": PropertyUspRestriction,
"trafficUspRestriction": TrafficUspRestriction
}
UspRestrictionsInput
USP restriction (UspRestriction).
| Input Field | Description |
|---|---|
destinationIpsMaxCountRestriction -
PropertyUspRestrictionInput
|
Defines the maximum IPs addresses allowed by a rule's destination field. |
explicitDestinationRestriction -
PropertyUspRestrictionInput
|
Defines that a rule destination field must contain only explicit objects. |
explicitServiceRestriction -
PropertyUspRestrictionInput
|
Defines that a rule services field must have contain explicit objects. |
explicitSourceRestriction -
PropertyUspRestrictionInput
|
Defines that a rule source field must contain only explicit objects. |
flowUspRestriction -
FlowUspRestrictionInput
|
Flow restriction. |
lastHitMaxValRestriction -
PropertyUspRestrictionInput
|
Defines how many days a rule could not get passed by any traffic. |
mandatoryCommentRestriction -
PropertyUspRestrictionInput
|
Enforces comment in rules. |
mandatoryLogRestriction -
PropertyUspRestrictionInput
|
Enforces logging in rules. |
servicesMaxCountRestriction -
PropertyUspRestrictionInput
|
Defines the maximum services allowed in a rule's services field. |
sourceIpsMaxCountRestriction -
PropertyUspRestrictionInput
|
Defines the maximum IP addresses allowed by a rule's source field. |
trafficUspRestriction -
TrafficUspRestrictionInput
|
Traffic restriction. |
Example
{
"destinationIpsMaxCountRestriction": PropertyUspRestrictionInput,
"explicitDestinationRestriction": PropertyUspRestrictionInput,
"explicitServiceRestriction": PropertyUspRestrictionInput,
"explicitSourceRestriction": PropertyUspRestrictionInput,
"flowUspRestriction": FlowUspRestrictionInput,
"lastHitMaxValRestriction": PropertyUspRestrictionInput,
"mandatoryCommentRestriction": PropertyUspRestrictionInput,
"mandatoryLogRestriction": PropertyUspRestrictionInput,
"servicesMaxCountRestriction": PropertyUspRestrictionInput,
"sourceIpsMaxCountRestriction": PropertyUspRestrictionInput,
"trafficUspRestriction": TrafficUspRestrictionInput
}
UspRiskAnalysisTask
Calculation results of a Risk Analysis task. Permission requires
| Field Name | Description |
|---|---|
changed -
DateTime
|
The date that the task entity was last changed. |
errors -
[AccessRequestError!]
|
AccessRequestErrors occurred during calculation. |
id -
ID!
|
Task ID. |
isCompleted -
Boolean
|
True when all of the task's access requests calculations are completed. |
name -
String
|
This property is not supported. |
processedAccessRequests -
[String!]
|
List of the the processed access requests in task. |
requestsCount -
Int
|
Number of access requests in task. |
timestamp -
DateTime
|
The date and time that the task was created. |
violations -
[RiskAnalysisViolation!]
|
List of RiskAnalysisViolation representing the violations calculation results of the tasks' access requests. Permission requires |
Example
{
"changed": DateTime,
"errors": [AccessRequestError],
"id": ID,
"isCompleted": false,
"name": "xyz789",
"processedAccessRequests": ["abc123"],
"requestsCount": 987,
"timestamp": DateTime,
"violations": [RiskAnalysisViolation]
}
UspRiskAnalysisTaskQuery
Query for UspRiskAnalysisTask objects. These objects can be filtered with a TQL query.
| Field Name | Description |
|---|---|
count -
Long!
|
The total count of UspRiskAnalysisTask objects matching the specified filter. |
values -
[UspRiskAnalysisTask!]!
|
A list of UspRiskAnalysisTask objects matching the specified filter. |
Example
{
"count": Long,
"values": [UspRiskAnalysisTask]
}
UspRuleException
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
Permission requires |
approver -
String
|
User that approved the UspException. Permission requires |
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
creator -
String
|
Username of UspException creator. Permission requires |
description -
String
|
UspException description. |
disabled -
Boolean
|
If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires |
domain -
Domain
|
Permission requires |
id -
ID!
|
The internal unique identifier for this entity |
invalid -
Boolean
|
If true, the USP exception is not valid. Permission requires |
name -
String
|
The name of the entity |
rules -
[Rule!]
|
Permission requires |
ticketId -
String
|
SecureChange ticket ID. Permission requires |
timeCreated -
DateTime
|
Date UspException was created. Permission requires |
timeEnd -
DateTime
|
Last date that the UspException is active. Permission requires |
timeStart -
DateTime
|
First date that the UspException is active. Permission requires |
usps -
[UspCondition!]
|
UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires |
Example
{
"appliedToAnyDomain": true,
"approver": "abc123",
"changed": DateTime,
"creator": "abc123",
"description": "abc123",
"disabled": true,
"domain": Domain,
"id": ID,
"invalid": false,
"name": "xyz789",
"rules": [Rule],
"ticketId": "abc123",
"timeCreated": DateTime,
"timeEnd": DateTime,
"timeStart": DateTime,
"usps": [UspCondition]
}
UspTrafficException
| Field Name | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
Permission requires |
approver -
String
|
User that approved the UspException. Permission requires |
changed -
DateTime
|
The most recent time that this entity was directly modified Permission requires |
creator -
String
|
Username of UspException creator. Permission requires |
description -
String
|
UspException description. |
destinations -
[String!]
|
Condition on RuleViolations' destinations - list of network objects. The condition is satisfied if destinations intersect with RuleViolation destinations. Permission requires |
disabled -
Boolean
|
If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires |
domain -
Domain
|
Permission requires |
id -
ID!
|
The internal unique identifier for this entity |
invalid -
Boolean
|
If true, the USP exception is not valid. Permission requires |
name -
String
|
The name of the entity |
servicesAndApplications -
ServicesAndApplicationsCondition
|
ServicesAndApplicationsCondition on RuleViolations' services and applications. The condition is satisfied if either services or applications intersect with RuleViolation. Permission requires |
sources -
[String!]
|
Condition on RuleViolations' sources - list of network objects. The condition is satisfied if sources intersect with RuleViolation sources. Permission requires |
ticketId -
String
|
SecureChange ticket ID. Permission requires |
timeCreated -
DateTime
|
Date UspException was created. Permission requires |
timeEnd -
DateTime
|
Last date that the UspException is active. Permission requires |
timeStart -
DateTime
|
First date that the UspException is active. Permission requires |
usps -
[UspCondition!]
|
UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires |
Example
{
"appliedToAnyDomain": false,
"approver": "xyz789",
"changed": DateTime,
"creator": "abc123",
"description": "abc123",
"destinations": ["xyz789"],
"disabled": false,
"domain": Domain,
"id": ID,
"invalid": true,
"name": "abc123",
"servicesAndApplications": ServicesAndApplicationsCondition,
"sources": ["xyz789"],
"ticketId": "xyz789",
"timeCreated": DateTime,
"timeEnd": DateTime,
"timeStart": DateTime,
"usps": [UspCondition]
}
VM
A virtual machine (VM) is a software program or operating system that not only exhibits the behavior of a separate computer, but is also capable of performing tasks such as running applications and programs like a separate computer
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
ipAddresses -
[IpAddress!]
|
List of IP addresses |
name -
String
|
The name of the entity |
nics -
[NIC!]
|
Collection of virtual network interface cards. The emulation of a physical network adapters (NICs) |
subnets -
[Subnet!]
|
Collection of sub-networks |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "xyz789",
"device": BasicDevice,
"id": ID,
"ipAddresses": [IpAddress],
"name": "xyz789",
"nics": [NIC],
"subnets": [Subnet],
"system": BasicSystem,
"version": 123
}
VendorName
Device vendor name
| Enum Value | Description |
|---|---|
|
|
Amazon.com, Inc. |
|
|
Barracuda |
|
|
Check Point software technologies |
|
|
Cisco Systems |
|
|
Fortinet |
|
|
Juniper Networks, Inc. |
|
|
Microsoft Corporation |
|
|
Palo Alto Networks |
|
|
Fallback value for unknown vendors |
|
|
VMware, Inc. |
|
|
Zscaler |
VersionStatus
The progress status of a specific version of changes (IN_PROGRESS, COMPLETED, or ERROR).
| Field Name | Description |
|---|---|
apiV1VersionId -
String
|
The internal unique identifier of the version in the legacy API. |
created -
DateTime
|
The date and time that the version was created. |
status -
ProgressStatus
|
The progress status of the version processing. |
steps -
[StepStatus!]
|
The progress status of each version-related calculation. |
versionId -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made. |
Example
{
"apiV1VersionId": "xyz789",
"created": DateTime,
"status": ProgressStatus,
"steps": [StepStatus],
"versionId": 123
}
ViolationOrigin
This defines policy and device that the violating securityPolicies are installed on.
| Field Name | Description |
|---|---|
securityPolicy -
SecurityPolicy
|
SecurityPolicy that the rule evaluates. |
violatingDevice -
BasicDevice
|
Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on. |
Example
{
"securityPolicy": SecurityPolicy,
"violatingDevice": BasicDevice
}
ViolationSeverity
Level of risk of the violation.
| Enum Value | Description |
|---|---|
|
|
The violation is critical. |
|
|
The violation is very risky. |
|
|
The violation is not risky. |
|
|
The violation is not very risky. |
Visibility
Entity visibility definition.
| Enum Value | Description |
|---|---|
|
|
Visible for all participants. |
VpnCommunity
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"name": "xyz789",
"system": BasicSystem,
"version": 123
}
VpnPredefinedValue
Predefined values for VPN entities of type Any
| Enum Value | Description |
|---|---|
|
|
Any VPN community |
|
|
Any gateway to gateway VPN |
|
|
Any VPN |
WorkFlowType
The type of workflow.
| Enum Value | Description |
|---|---|
|
|
Decommission rules. |
|
|
Modify rules. |
|
|
Recertify rules. |
Zone
Group of one or more interfaces or networks
| Field Name | Description |
|---|---|
changed -
DateTime
|
The most recent time that this entity was directly modified |
comment -
String
|
A text comment associated with this entity |
device -
BasicDevice
|
The device that this entity belongs to |
id -
ID!
|
The internal unique identifier for this entity |
name -
String
|
The name of the entity |
system -
BasicSystem
|
The system (root device) that this entity belongs to |
version -
Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
zoneType -
ZoneType
|
Device specific zone type |
Example
{
"changed": DateTime,
"comment": "abc123",
"device": BasicDevice,
"id": ID,
"name": "abc123",
"system": BasicSystem,
"version": 123,
"zoneType": ZoneType
}
ZoneManualMappingInput
Updates the mapping of the SecureTrack network zones for a specific interface and ZoneMappingType
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean!
|
|
deviceId -
IdString!
|
The Device ID |
domain -
IdString
|
The ID of the domain that the mapping will be updated for. Note: If |
interfaceId -
IdString!
|
The Interface ID |
mappingType -
ZoneMappingType!
|
The |
zonesIds -
[ZoneMappingMutationsInput!]!
|
List of SecureTrack network zone IDs that are manually mapped to the interface and the specified |
Example
{
"appliedToAnyDomain": true,
"deviceId": IdString,
"domain": IdString,
"interfaceId": IdString,
"mappingType": ZoneMappingType,
"zonesIds": [ZoneMappingMutationsInput]
}
ZoneManualMappingResult
Returns the status result when updating the mapping of SecureTrack network zones for a specific interface and ZoneMappingType
| Field Name | Description |
|---|---|
resultStatus -
ResultStatus!
|
Status of the request to update the mapping of SecureTrack network zones for a specific interface and ZoneMappingType |
Example
{"resultStatus": ResultStatus}
ZoneMappingActionType
The action to perform on the zone mapping
| Enum Value | Description |
|---|---|
|
|
Add a zone to the zone mapping |
|
|
Delete a zone from the zone mapping |
|
|
Exclude a zone from the zone mapping |
ZoneMappingInput
Mapping between the regulation zone to the SecureTrack network zone.
| Input Field | Description |
|---|---|
appliedToAnyDomain -
Boolean
|
|
domain -
IdString
|
|
predefinedZoneName -
Name!
|
Regulation's zone name. |
securityZoneId -
IdString!
|
SecureTrack network zone ID. |
Example
{
"appliedToAnyDomain": false,
"domain": IdString,
"predefinedZoneName": Name,
"securityZoneId": IdString
}
ZoneMappingMutation
The ZoneMappingMutation entity enables you to add, update, or delete the mapping of SecureTrack network zones to a Device
| Field Name | Description |
|---|---|
updateDeviceInclusionInCalculation -
UpdateDeviceInclusionInCalculationResult!
|
Update whether the Device is included in the violation calculation |
|
Arguments |
|
updateMappings -
ZoneManualMappingResult!
|
Update the mapping of SecureTrack network zones for a specific interface and ZoneMappingType |
|
Arguments
|
|
updateProtectionMode -
UpdateProtectionModeResult!
|
Update the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface. |
|
Arguments
|
|
Example
{
"updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
"updateMappings": ZoneManualMappingResult,
"updateProtectionMode": UpdateProtectionModeResult
}
ZoneMappingMutationsInput
| Input Field | Description |
|---|---|
action -
ZoneMappingActionType!
|
|
securityZoneId -
IdString!
|
Example
{
"action": ZoneMappingActionType,
"securityZoneId": IdString
}
ZoneMappingType
The ZoneMappingType identifies whether the connection is a direct connection between two devices, or is routed through multiple devices
| Enum Value | Description |
|---|---|
|
|
Zones are directly connected to the interface |
|
|
Zones have a connection that is routed through multiple devices |
ZonePair
Either or both - fromZone or toZone may be empty. An empty zone is considered as 'all' zones in the given usp.
| Field Name | Description |
|---|---|
fromZone -
SecurityZone
|
SecureTrack zone. |
toZone -
SecurityZone
|
SecureTrack zone. |
Example
{
"fromZone": SecurityZone,
"toZone": SecurityZone
}
ZoneToZoneUspRequirementMatcher
The USP pair (source zone, destination zone) that the USP requirement applies to.
| Field Name | Description |
|---|---|
destination -
SecurityZone
|
The destination zone. |
source -
SecurityZone
|
The source zone. |
Example
{
"destination": SecurityZone,
"source": SecurityZone
}
ZoneType
Device specific zone type
| Enum Value | Description |
|---|---|
|
|
Zone of layer 2 trunk ports |
|
|
Zone of layer 3 trunk ports |
|
|
Zone of VPN tunnels |