Last updated: 11/4/2022 12:38

SecureTrack Aurora GraphQL API Documentation R22-1

Below you can find examples and references for our GraphQL schema


Queries

auth

Query over all 'auth' related information in session
Returns an AuthQuery

Example

Query
query auth {
  auth {
    sessionUser {
      ...SessionUserFragment
    }
  }
}
Response
{"data": {"auth": {"sessionUser": SessionUser}}}

devices

Query over Device objects
Returns a DeviceQuery

Name Description
filter - String TQL query to filter for matching Device entities. Please refer to the TQL documentation. Default = ""

Example

Query
query devices($filter: String) {
  devices(filter: $filter) {
    count
    values {
      ...DeviceFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "devices": {
      "count": Long,
      "values": [Device]
    }
  }
}

devicesStatus

Query over DeviceStatus objects
Returns a DeviceStatusQuery

Name Description
filter - String TQL query to filter for matching DeviceStatus entities. Please refer to the TQL documentation. Default = ""

Example

Query
query devicesStatus($filter: String) {
  devicesStatus(filter: $filter) {
    count
    values {
      ...DeviceStatusFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "devicesStatus": {
      "count": Long,
      "values": [DeviceStatus]
    }
  }
}

domains

Query over Domain objects
Returns a DomainQuery

Name Description
filter - String TQL query to filter for matching Domain entities. Please refer to the TQL documentation. Default = ""

Example

Query
query domains($filter: String) {
  domains(filter: $filter) {
    count
    values {
      ...DomainFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "domains": {
      "count": Long,
      "values": [Domain]
    }
  }
}

getUsps

Returns [Usp]

Example

Query
query getUsps {
  getUsps {
    appliedToAnyDomain
    changed
    description
    differentZonesDefaultRestrictions {
      ...UspRestrictionsFragment
    }
    domain {
      ...DomainFragment
    }
    id
    name
    requirements {
      ...UspRequirementFragment
    }
    sameZoneDefaultRestrictions {
      ...UspRestrictionsFragment
    }
    securityZones {
      ...SecurityZoneFragment
    }
  }
}
Response
{
  "data": {
    "getUsps": [
      {
        "appliedToAnyDomain": false,
        "changed": DateTime,
        "description": "xyz789",
        "differentZonesDefaultRestrictions": UspRestrictions,
        "domain": Domain,
        "id": ID,
        "name": "xyz789",
        "requirements": [UspRequirement],
        "sameZoneDefaultRestrictions": UspRestrictions,
        "securityZones": [SecurityZone]
      }
    ]
  }
}

interfaces

Query over Interface objects
Returns an InterfaceQuery

Name Description
filter - String TQL query to filter for matching Interface entities. Please refer to the TQL documentation. Default = ""

Example

Query
query interfaces($filter: String) {
  interfaces(filter: $filter) {
    count
    values {
      ...InterfaceFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "interfaces": {
      "count": Long,
      "values": [Interface]
    }
  }
}

opmAgents

Query over OPMAgent objects
Returns an OPMAgentQuery

Name Description
filter - String TQL query to filter for matching OPMAgent entities. Please refer to the TQL documentation. Default = ""

Example

Query
query opmAgents($filter: String) {
  opmAgents(filter: $filter) {
    count
    values {
      ...OPMAgentFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "opmAgents": {
      "count": Long,
      "values": [OPMAgent]
    }
  }
}

rules

Query over Rule objects
Returns a RuleQuery

Name Description
filter - String TQL query to filter for matching Rule entities. Please refer to the TQL documentation. Default = ""

Example

Query
query rules($filter: String) {
  rules(filter: $filter) {
    count
    counts {
      ...CountsResultFragment
    }
    values {
      ...RuleFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "rules": {
      "count": Long,
      "counts": [CountsResult],
      "values": [Rule]
    }
  }
}

securityZones

Query over SecurityZone objects
Returns a SecurityZoneQuery

Name Description
filter - String TQL query to filter for matching SecurityZone entities. Please refer to the TQL documentation. Default = ""

Example

Query
query securityZones($filter: String) {
  securityZones(filter: $filter) {
    count
    values {
      ...SecurityZoneFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "securityZones": {
      "count": Long,
      "values": [SecurityZone]
    }
  }
}

systems

Query over System objects
Returns a SystemQuery

Name Description
filter - String TQL query to filter for matching System entities. Please refer to the TQL documentation. Default = ""

Example

Query
query systems($filter: String) {
  systems(filter: $filter) {
    count
    values {
      ...SystemFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "systems": {
      "count": Long,
      "values": [System]
    }
  }
}

trend

Query over trend
Returns a TrendResult!

Name Description
input - TrendQueryInput!

Example

Query
query trend($input: TrendQueryInput!) {
  trend(input: $input) {
    resultStatus {
      ...ResultStatusFragment
    }
    timedCounts {
      ...TimedCountFragment
    }
  }
}
Variables
{"input": TrendQueryInput}
Response
{
  "data": {
    "trend": {
      "resultStatus": ResultStatus,
      "timedCounts": [TimedCount]
    }
  }
}

users

Query over User objects
Returns a UserQuery

Name Description
filter - String TQL query to filter for matching User entities. Please refer to the TQL documentation. Default = ""

Example

Query
query users($filter: String) {
  users(filter: $filter) {
    count
    values {
      ...UserFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "users": {
      "count": Long,
      "values": [User]
    }
  }
}

userTQLSearches

Query over UserTQLSearch objects
Returns an UserTQLSearchQuery

Name Description
filter - String TQL query to filter for matching UserTQLSearch entities. Please refer to the TQL documentation. Default = ""

Example

Query
query userTQLSearches($filter: String) {
  userTQLSearches(filter: $filter) {
    count
    values {
      ...UserTQLSearchFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "userTQLSearches": {
      "count": Long,
      "values": [UserTQLSearch]
    }
  }
}

userWorkflows

Query over UserWorkflow objects

Example

Query
query userWorkflows {
  userWorkflows {
    resultStatus {
      ...ResultStatusFragment
    }
    values {
      ...UserWorkflowFragment
    }
  }
}
Response
{
  "data": {
    "userWorkflows": {
      "resultStatus": ResultStatus,
      "values": [UserWorkflow]
    }
  }
}

uspAlertConfigs

Query over UspAlertConfig objects
Returns an UspAlertConfigQuery

Name Description
filter - String TQL query to filter for matching UspAlertConfig entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspAlertConfigs($filter: String) {
  uspAlertConfigs(filter: $filter) {
    count
    values {
      ...UspAlertConfigFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "uspAlertConfigs": {
      "count": Long,
      "values": [UspAlertConfig]
    }
  }
}

uspExceptions

Query over UspException objects
Returns an UspExceptionQuery

Name Description
filter - String TQL query to filter for matching UspException entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspExceptions($filter: String) {
  uspExceptions(filter: $filter) {
    count
    values {
      ...UspExceptionFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "uspExceptions": {
      "count": Long,
      "values": [UspException]
    }
  }
}

uspRequirements

Query over UspRequirement objects
Returns an UspRequirementQuery

Name Description
filter - String TQL query to filter for matching UspRequirement entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspRequirements($filter: String) {
  uspRequirements(filter: $filter) {
    count
    values {
      ...UspRequirementFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "uspRequirements": {
      "count": Long,
      "values": [UspRequirement]
    }
  }
}

uspRiskAnalysisTask

Query over UspRiskAnalysisTask objects
Returns an UspRiskAnalysisTaskQuery

Name Description
filter - String TQL query to filter for matching UspRiskAnalysisTask entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspRiskAnalysisTask($filter: String) {
  uspRiskAnalysisTask(filter: $filter) {
    count
    values {
      ...UspRiskAnalysisTaskFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "uspRiskAnalysisTask": {
      "count": Long,
      "values": [UspRiskAnalysisTask]
    }
  }
}

usps

Query over Usp objects
Returns an UspQuery

Name Description
filter - String TQL query to filter for matching Usp entities. Please refer to the TQL documentation. Default = ""

Example

Query
query usps($filter: String) {
  usps(filter: $filter) {
    count
    values {
      ...UspFragment
    }
  }
}
Variables
{"filter": }
Response
{
  "data": {
    "usps": {
      "count": Long,
      "values": [Usp]
    }
  }
}

zones

Returns [Zone!]!

Example

Query
query zones {
  zones {
    changed
    comment
    device {
      ...BasicDeviceFragment
    }
    id
    name
    system {
      ...BasicSystemFragment
    }
    version
    zoneType
  }
}
Response
{
  "data": {
    "zones": [
      {
        "changed": DateTime,
        "comment": "xyz789",
        "device": BasicDevice,
        "id": ID,
        "name": "abc123",
        "system": BasicSystem,
        "version": 987,
        "zoneType": ZoneType
      }
    ]
  }
}

Mutations

riskAnalysis

Example

Query
mutation riskAnalysis {
  riskAnalysis {
    createUspRiskAnalysisTask {
      ...CreateUspRiskAnalysisTaskResultFragment
    }
  }
}
Response
{
  "data": {
    "riskAnalysis": {
      "createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
    }
  }
}

ruleOperations

Example

Query
mutation ruleOperations {
  ruleOperations {
    createTicketDraft {
      ...CreateTicketDraftResultFragment
    }
  }
}
Response
{
  "data": {
    "ruleOperations": {
      "createTicketDraft": CreateTicketDraftResult
    }
  }
}

ruleUserData

Example

Query
mutation ruleUserData {
  ruleUserData {
    createTicket {
      ...CreateTicketResultFragment
    }
    deleteTickets {
      ...DeleteTicketsResultFragment
    }
    updateRuleAutomationAttribute {
      ...UpdateRuleAutomationAttributeResultFragment
    }
    updateRuleDescription {
      ...UpdateRuleDescriptionResultFragment
    }
    updateRuleTechnicalOwner {
      ...UpdateRuleTechnicalOwnerResultFragment
    }
    updateTicket {
      ...UpdateTicketResultFragment
    }
  }
}
Response
{
  "data": {
    "ruleUserData": {
      "createTicket": CreateTicketResult,
      "deleteTickets": DeleteTicketsResult,
      "updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
      "updateRuleDescription": UpdateRuleDescriptionResult,
      "updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
      "updateTicket": UpdateTicketResult
    }
  }
}

system

Returns a SystemMutation!

Example

Query
mutation system {
  system {
    createSystem {
      ...CreateSystemResultFragment
    }
    deleteSystem {
      ...DeleteSystemResultFragment
    }
    updateSystem {
      ...UpdateSystemResultFragment
    }
  }
}
Response
{
  "data": {
    "system": {
      "createSystem": CreateSystemResult,
      "deleteSystem": DeleteSystemResult,
      "updateSystem": UpdateSystemResult
    }
  }
}

userTQLSearch

Example

Query
mutation userTQLSearch {
  userTQLSearch {
    changeUserTQLSearchesOwner {
      ...ChangeUserTQLSearchesOwnerResultFragment
    }
    createUserTQLSearch {
      ...CreateUserTQLSearchResultFragment
    }
    deleteUserTQLSearch {
      ...DeleteUserTQLSearchResultFragment
    }
    updateUserTQLSearch {
      ...UpdateUserTQLSearchResultFragment
    }
  }
}
Response
{
  "data": {
    "userTQLSearch": {
      "changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
      "createUserTQLSearch": CreateUserTQLSearchResult,
      "deleteUserTQLSearch": DeleteUserTQLSearchResult,
      "updateUserTQLSearch": UpdateUserTQLSearchResult
    }
  }
}

usp

Returns an UspMutation!

Example

Query
mutation usp {
  usp {
    addSecurityZonesToUsp {
      ...AddSecurityZonesToUspResultFragment
    }
    createPredefinedUsp {
      ...CreatePredefinedUspResultFragment
    }
    createUsp {
      ...CreateUspResultFragment
    }
    deleteUsp {
      ...DeleteUspResultFragment
    }
    removeSecurityZonesFromUsp {
      ...RemoveSecurityZonesFromUspResultFragment
    }
    updateUsp {
      ...UpdateUspResultFragment
    }
    updateUspRequirement {
      ...UpdateUspRequirementResultFragment
    }
  }
}
Response
{
  "data": {
    "usp": {
      "addSecurityZonesToUsp": AddSecurityZonesToUspResult,
      "createPredefinedUsp": CreatePredefinedUspResult,
      "createUsp": CreateUspResult,
      "deleteUsp": DeleteUspResult,
      "removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
      "updateUsp": UpdateUspResult,
      "updateUspRequirement": UpdateUspRequirementResult
    }
  }
}

uspAlertConfig

Example

Query
mutation uspAlertConfig {
  uspAlertConfig {
    createUspAlertConfig {
      ...CreateUspAlertConfigResultFragment
    }
    deleteAlertConfig {
      ...DeleteAlertConfigResultFragment
    }
    updateUspAlertConfig {
      ...UpdateUspAlertConfigResultFragment
    }
  }
}
Response
{
  "data": {
    "uspAlertConfig": {
      "createUspAlertConfig": CreateUspAlertConfigResult,
      "deleteAlertConfig": DeleteAlertConfigResult,
      "updateUspAlertConfig": UpdateUspAlertConfigResult
    }
  }
}

uspException

Example

Query
mutation uspException {
  uspException {
    addRulesToRuleException {
      ...AddRulesToRuleExceptionResultFragment
    }
    createUspRuleException {
      ...CreateUspRuleExceptionResultFragment
    }
    createUspTrafficException {
      ...CreateUspTrafficExceptionResultFragment
    }
    deleteUspExceptions {
      ...DeleteUspExceptionResultFragment
    }
    updateUspRuleException {
      ...UpdateUspRuleExceptionResultFragment
    }
    updateUspTrafficException {
      ...UpdateUspTrafficExceptionResultFragment
    }
  }
}
Response
{
  "data": {
    "uspException": {
      "addRulesToRuleException": AddRulesToRuleExceptionResult,
      "createUspRuleException": CreateUspRuleExceptionResult,
      "createUspTrafficException": CreateUspTrafficExceptionResult,
      "deleteUspExceptions": DeleteUspExceptionResult,
      "updateUspRuleException": UpdateUspRuleExceptionResult,
      "updateUspTrafficException": UpdateUspTrafficExceptionResult
    }
  }
}

zoneMapping

Example

Query
mutation zoneMapping {
  zoneMapping {
    updateDeviceInclusionInCalculation {
      ...UpdateDeviceInclusionInCalculationResultFragment
    }
    updateMappings {
      ...ZoneManualMappingResultFragment
    }
    updateProtectionMode {
      ...UpdateProtectionModeResultFragment
    }
  }
}
Response
{
  "data": {
    "zoneMapping": {
      "updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
      "updateMappings": ZoneManualMappingResult,
      "updateProtectionMode": UpdateProtectionModeResult
    }
  }
}

Types

AccessRequestActionType

The action of the access request. Equivalent to a security rule action.

Enum Value Description

ALLOW

Allow all traffic.

DENY

Deny all traffic.

AccessRequestApplicationInput

Input Field Description
name - String!
nonDefaultPorts - Boolean
services - [ServiceExpressionString!]
Example
{
  "name": "xyz789",
  "nonDefaultPorts": true,
  "services": [ServiceExpressionString]
}

AccessRequestApplicationPredefinedValue

Enum Value Description

ANY_APPLICATION

AccessRequestDomainInput

Input Field Description
id - IdString
runCalculationOnAppliedToAnyDomainUsps - Boolean!
Example
{
  "id": IdString,
  "runCalculationOnAppliedToAnyDomainUsps": true
}

AccessRequestError

Field Name Description
accessRequestId - String
errorType - ErrorType
message - String
Example
{
  "accessRequestId": "abc123",
  "errorType": ErrorType,
  "message": "abc123"
}

AccessRequestInput

Represents a traffic access request to be checked for violation of any of the configured USPs.

Input Field Description
actionType - AccessRequestActionType!

AccessRequestActionType of the access request.

applicationPredefinedValue - AccessRequestApplicationPredefinedValue

Predefined value of ApplicationPredefinedValue type for the access request applications. If this value is set, the list of applications should not be configured.

applications - [AccessRequestApplicationInput!]

List of AccessRequestApplication that represents the access request applications.

destinationDomain - AccessRequestDomainInput

The access request destination AccessRequestDomain.

destinationPredefinedValue - AccessRequestNetworkPredefinedValue

Predefined value of NetworkPredefinedValue type for the access request destination. If this value is set, the list of destinations should not be configured.

destinationZones - [IdString!]

List of SecureTrack zones that represent the access request destination zones.

destinations - [NetworkObjectTrafficInput!]

List of NetworkObjectTraffic that represents the access request destinations.

id - FreeText!
servicePredefinedValue - AccessRequestServicePredefinedValue

Predefined value of ServicePredefinedValue type for the access request services. If this value is set, the list of services should not be configured.

services - [ServiceExpressionString!]

List of ServiceTraffic that represents the access request services.

sourceDomain - AccessRequestDomainInput

The access request source AccessRequestDomain.

sourcePredefinedValue - AccessRequestNetworkPredefinedValue

Predefined value of NetworkPredefinedValue type for the access request source. If this value is set, the list of sources should not be configured.

sourceZones - [IdString!]

List of SecureTrack zones that represent the access request source zones.

sources - [NetworkObjectTrafficInput!]

List of NetworkObjectTraffic that represents the access request sources.

Example
{
  "actionType": AccessRequestActionType,
  "applicationPredefinedValue": AccessRequestApplicationPredefinedValue,
  "applications": [AccessRequestApplicationInput],
  "destinationDomain": AccessRequestDomainInput,
  "destinationPredefinedValue": AccessRequestNetworkPredefinedValue,
  "destinationZones": [IdString],
  "destinations": [NetworkObjectTrafficInput],
  "id": FreeText,
  "servicePredefinedValue": AccessRequestServicePredefinedValue,
  "services": [ServiceExpressionString],
  "sourceDomain": AccessRequestDomainInput,
  "sourcePredefinedValue": AccessRequestNetworkPredefinedValue,
  "sourceZones": [IdString],
  "sources": [NetworkObjectTrafficInput]
}

AccessRequestNetworkPredefinedValue

Enum Value Description

ANY

ANY_IPV4

ANY_IPV6

AccessRequestServicePredefinedValue

Enum Value Description

ANY_SERVICE

AccessRole

Set of permitted objects

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
networks - [NetworkObject!] List of network objects this access role has right to see

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

networksPredefinedValue - NetworkPredefinedValue Could be any network, IPv4 only network or IPv6 only network
system - BasicSystem The system (root device) that this entity belongs to
users - [UserValue!] List of users this access role has been assigned for

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

usersPredefinedValue - UserPredefinedValue Predefined values to define well known user behavior
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "name": "abc123",
  "networks": [NetworkObject],
  "networksPredefinedValue": NetworkPredefinedValue,
  "system": BasicSystem,
  "users": [UserValue],
  "usersPredefinedValue": UserPredefinedValue,
  "version": 987
}

AddRulesToRuleExceptionInput

Input Field Description
id - IdString!
rulesIds - [IdString!]!
Example
{
  "id": IdString,
  "rulesIds": [IdString]
}

AddRulesToRuleExceptionResult

Field Name Description
id - ID
resultStatus - ResultStatus!
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

AddSecurityZonesToUspInput

Adding SecureTrack network zones to an existing USP.

Input Field Description
securityZonesIds - [IdString!]!

SecureTrack network zones IDs.

uspId - IdString!

USP ID.

Example
{
  "securityZonesIds": [IdString],
  "uspId": IdString
}

AddSecurityZonesToUspResult

Returns the status results when adding SecureTrack network zones to an existing USP.

Field Name Description
resultStatus - ResultStatus! Status of request to add SecureTrack network zones to an existing USP.
Example
{"resultStatus": ResultStatus}

AlertConfigMutation

The AlertConfigMutation entity lets you create, update or delete USP alerts. For a full list of configuration options see the createUspAlertConfig and updateUspAlertConfig entities.

Field Name Description
createUspAlertConfig - CreateUspAlertConfigResult! Create a USP alert.

Arguments

deleteAlertConfig - DeleteAlertConfigResult! Delete a USP alert.

Arguments

updateUspAlertConfig - UpdateUspAlertConfigResult! Update a USP alert.

Arguments

Example
{
  "createUspAlertConfig": CreateUspAlertConfigResult,
  "deleteAlertConfig": DeleteAlertConfigResult,
  "updateUspAlertConfig": UpdateUspAlertConfigResult
}

Application

Network application.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
services - [Service!] TCP/IP services of the application.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "name": "xyz789",
  "services": [Service],
  "system": BasicSystem,
  "version": 987
}

ApplicationPredefinedValue

Predefined values to define Any application

Enum Value Description

ANY_APPLICATION

Any application

ApplicationString

An application string. Must be a predefined application. Input as a String literal, for example, 'Facebook'

Example
object

ApplicationUsage

Object which represents usage information of applications on the rule

Field Name Description
application - RuleApplicationValue The identity of an application
timeLastHit - DateTime Represents time when traffic was recorded for the application
Example
{
  "application": RuleApplicationValue,
  "timeLastHit": DateTime
}

AppliedToObjectsPredefinedValue

Predefined values for "AppliedToObjects"

Enum Value Description

ANY

Any object

NONE

No object

AuthQuery

A container for authentication-related information (such as principles) from the current session context.

Field Name Description
sessionUser - SessionUser The current principle user in session.
Example
{"sessionUser": SessionUser}

AutomationAttribute

Determines the way that Designer and Verifier will relate to the legacy rule that is being modified.

Enum Value Description

LEGACY

Designer and Verifier will treat the specified legacy rule as a shadowed rule when making recommendations or verifying access.

STEALTH

Designer and Verifier will treat the specified rule as a stealth rule when making recommendations or verifying access.

BasicDevice

A dependent device. Each device is assigned to a unique System device.

Field Name Description
cannotHaveRules - Boolean True indicates that the device has no rules
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
deviceType - DeviceType Type of this device
displayName - String Name of this device
domain - Domain The domains of the device
id - ID! The internal unique identifier for this entity
model - ModelName Model of this device
name - String The name of the entity
parent - Device Device or system parent device
root - Boolean True indicates that this device is the topmost device in the hierarchy
system - BasicSystem The system (root device) that this entity belongs to
vendor - VendorName Vendor type of this device
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "cannotHaveRules": true,
  "comment": "xyz789",
  "device": BasicDevice,
  "deviceType": DeviceType,
  "displayName": "xyz789",
  "domain": Domain,
  "id": ID,
  "model": ModelName,
  "name": "abc123",
  "parent": Device,
  "root": false,
  "system": BasicSystem,
  "vendor": VendorName,
  "version": 123
}

BasicRuleUspExceptionInfo

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{"description": "xyz789", "id": ID, "name": "abc123"}

BasicSystem

Root device that manages the dependent devices

Field Name Description
id - ID! The internal unique identifier for this entity
model - ModelName Model of this device
modelDisplayName - String Model name of this device
monitoredByOPMAgent - Boolean True indicates that the system monitored by OPM agent
name - String The name of the entity
vendor - VendorName Vendor type of this device
Example
{
  "id": ID,
  "model": ModelName,
  "modelDisplayName": "xyz789",
  "monitoredByOPMAgent": true,
  "name": "xyz789",
  "vendor": VendorName
}

BasicUspExceptionInfo

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{"description": "abc123", "id": ID, "name": "abc123"}

BasicUspExceptionInfoForRiskAnalysis

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{"description": "abc123", "id": ID, "name": "xyz789"}

BasicUspInfo

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Field Name Description
appliedToAnyDomain - Boolean
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP.
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
Example
{
  "appliedToAnyDomain": true,
  "description": "abc123",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": ID,
  "name": "xyz789",
  "sameZoneDefaultRestrictions": UspRestrictions
}

BasicUspInfoForRiskAnalysis

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Field Name Description
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP.
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
Example
{
  "description": "abc123",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": ID,
  "name": "abc123",
  "sameZoneDefaultRestrictions": UspRestrictions
}

Boolean

The Boolean scalar type represents true or false.

Example
false

Certification

Field Name Description
status - CertificationStatus The status of the rule (certified, decertified)
timeCertified - DateTime The date the rule certification expires, after which, it must be reviewed and recertified
timeExpiration - DateTime The date that the certification decision was implemented
Example
{
  "status": CertificationStatus,
  "timeCertified": DateTime,
  "timeExpiration": DateTime
}

CertificationStatus

The status of the rule (certified/decertified)

Enum Value Description

CERTIFIED

Rule status is certified (has a business justification)

DECERTIFIED

Rule status is not certified (does not have a business justification)

ChangeUserTQLSearchesOwnerInput

Change the owner of multiple TQL queries in bulk. Input can be either source owner, or a list of query IDs, but not both.

Input Field Description
ids - [IdString!]

IDs of the queries

sourceOwnerId - IdString

The current owner of the queries

targetOwnerId - IdString!

The future owner of the queries

Example
{
  "ids": [IdString],
  "sourceOwnerId": IdString,
  "targetOwnerId": IdString
}

ChangeUserTQLSearchesOwnerResult

Returns the status results when changing the owner of multiple TQL queries

Field Name Description
ids - [ID!] IDs of the updated queries
resultStatus - ResultStatus! Result of the operation
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

CountsResult

The number of entities matching a filter, grouped by selected fields.

Field Name Description
count - Long Number of entities returned for the group.
group - [String!] Parameters used to group the entity.
Example
{"count": Long, "group": ["abc123"]}

CreateDraftInvalidRuleReason

The possible reasons for rules to be invalid for creating a SecureChange ticket

Enum Value Description

RULE_ALREADY_HAS_TICKET_IN_PROGRESS

The rule already has a ticket in progress

RULE_NOT_FOUND

The requested rule ID is not found

UNSET

CreatePredefinedUspInput

Create a predefined USP from known regulation templates. The supported regulations are:

  • PCI
  • NERC CIPV5
  • ISO 27001
  • NIST 800-53
  • Tufin's Best Practices
  • Tufin's Advanced Best Practices
Input Field Description
appliedToAnyDomain - Boolean!
description - FreeText

USP description.

domain - IdString
name - Name!

USP name.

type - PredefinedUspType!

Regulation type.

zoneMappings - [ZoneMappingInput!]!

Mapping between the regulation zones from the template to the SecureTrack network zones to be enforced by the created USP.

Example
{
  "appliedToAnyDomain": false,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "type": PredefinedUspType,
  "zoneMappings": [ZoneMappingInput]
}

CreatePredefinedUspResult

Returns the status results when creating a new predefined USP.

Field Name Description
id - ID Newly created USP ID.
resultStatus - ResultStatus! Status of request to create a new USP.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

CreateSystemInput

Create system request input

Input Field Description
appliedToAnyDomain - Boolean

This property is not currently supported

domain - IdString

This property is not currently supported

ipAddress - IpAddressString

IP address

model - ModelName!

Model of this device

modelDisplayName - FreeText!

Model name of this device

name - Name!

System name

opmAgentId - FreeText!

Open policy management (OPM) agent ID

properties - [SystemFieldValueInput!]

System properties

vendor - VendorName!

Vendor type of this device

Example
{
  "appliedToAnyDomain": true,
  "domain": IdString,
  "ipAddress": IpAddressString,
  "model": ModelName,
  "modelDisplayName": FreeText,
  "name": Name,
  "opmAgentId": FreeText,
  "properties": [SystemFieldValueInput],
  "vendor": VendorName
}

CreateSystemResult

Create system request output

Field Name Description
id - ID Application internal ID of created system
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

CreateTicketDraftInput

Create a ticket draft in SecureChange

Input Field Description
decommissionRulesAction - DecommissionRulesAction

Supported actions are: “disable rules” and “remove rules”

dryRun - Boolean

If set to True, SecureChange will not create a ticket draft, will only return the result of input validation

ruleUids - [IdString!]!

List of rule UIDs to create the ticket for

subject - Name

The subject for the ticket draft

workflowName - Name

The name of SecureChange workflow used to create the ticket

workflowType - WorkFlowType!

The type of workflow (RECERTIFY_RULES, DECOMMISSION_RULES or MODIFY_RULES)

Example
{
  "decommissionRulesAction": DecommissionRulesAction,
  "dryRun": false,
  "ruleUids": [IdString],
  "subject": Name,
  "workflowName": Name,
  "workflowType": WorkFlowType
}

CreateTicketDraftResult

Returns the status results when creating a ticket draft

Field Name Description
invalidRules - [InvalidRule!]! List of the rules that are invalid for creating a ticket, and the reason that they are invalid
resultStatus - ResultStatus! Status of the request to create ticket draft
validRuleUids - [ID!] List of the rules that are valid for creating a ticket, out of the rules in the request
Example
{
  "invalidRules": [InvalidRule],
  "resultStatus": ResultStatus,
  "validRuleUids": [ID]
}

CreateTicketInput

Create a ticket for a rule.

Input Field Description
businessOwner - FreeText

Business owner name for a rule.

comment - FreeText

Comment for a ticket.

email - EmailAddress

Business owner Email address for a rule.

expirationDate - DateTime

Expiration date for a ticket.

externalUrl - URL

External URL for a ticket.

originTicketId - FreeText!

ID information for a ticket.

ruleIds - [IdString!]!

List of affected rule IDs.

secureChangeTicket - Boolean
Example
{
  "businessOwner": FreeText,
  "comment": FreeText,
  "email": EmailAddress,
  "expirationDate": DateTime,
  "externalUrl": URL,
  "originTicketId": FreeText,
  "ruleIds": [IdString],
  "secureChangeTicket": true
}

CreateTicketResult

Returns the status results when creating a ticket for a rule.

Field Name Description
modifiedRules - [ModifiedRule!]! List of affected rules.
resultStatus - ResultStatus! Result of the create ticket operation.
Example
{
  "modifiedRules": [ModifiedRule],
  "resultStatus": ResultStatus
}

CreateUserTQLSearchInput

Input Field Description
appliedToAnyDomain - Boolean!

If true, the query belongs to the 'All Domains' context

description - FreeText

Description of the query

domain - IdString

Domain in which the query was saved

name - Name!

Name of the query

public - Boolean!

If true, the query is public

query - String!

TQL expression saved as part of the query

type - TQLSearchType!

The Entity returned by the query

Example
{
  "appliedToAnyDomain": true,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "public": true,
  "query": "xyz789",
  "type": TQLSearchType
}

CreateUserTQLSearchResult

Create and save a TQL query

Field Name Description
id - ID Application internal ID of created TQL query
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

CreateUspAlertConfigInput

Create a USP alert.

Input Field Description
allDevices - Boolean!

If set to True, the devicesIds field is ignored and this alert applies to all devices.

allUsps - Boolean!

If set to True, the uspId field is ignored and this alert applies to all USPs.

appliedToAnyDomain - Boolean!

If set to True, the domain field should be empty and this alert applies to all domains.

description - FreeText

Alert description.

devicesIds - [IdString!]

This alert applies only for the specified devices. Add a list Device IDs.

disabled - Boolean!

Set to true to disable this alert.

domain - IdString

This alert will be configured in the specified domain. Add a single domain ID only.

externalRecipientsEmails - [EmailAddress!]

Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users.

name - Name!

Alert name.

recipientsIds - [IdString!]

Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user.

severities - [ViolationSeverity!]!

This alert is sent for violations of all the selected severities.

syslogEnabled - Boolean!

Set to True if syslog the alert should also be sent via syslog.

uspId - IdString

This alert applies only to the specified USP. Add a single USP ID only.

Example
{
  "allDevices": false,
  "allUsps": true,
  "appliedToAnyDomain": false,
  "description": FreeText,
  "devicesIds": [IdString],
  "disabled": true,
  "domain": IdString,
  "externalRecipientsEmails": [EmailAddress],
  "name": Name,
  "recipientsIds": [IdString],
  "severities": [ViolationSeverity],
  "syslogEnabled": true,
  "uspId": IdString
}

CreateUspAlertConfigResult

Returns the status results when creating a new USP alert .

Field Name Description
id - ID ID of the new alert.
resultStatus - ResultStatus! Status of request to create a new USP alert.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

CreateUspInput

Create a USP.

Input Field Description
appliedToAnyDomain - Boolean!
description - FreeText

USP description.

domain - IdString
name - Name!

USP name.

securityZonesIds - [IdString!]

SecureTrack network zones IDs to be used by the USP.

Example
{
  "appliedToAnyDomain": false,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "securityZonesIds": [IdString]
}

CreateUspResult

Returns the status results when creating a new USP.

Field Name Description
id - ID Newly created USP ID.
resultStatus - ResultStatus! Status of request to create a new USP.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

CreateUspRiskAnalysisTaskInput

Create a new UspRiskAnalysisTask for risk analysis calculation.

Input Field Description
accessRequests - [AccessRequestInput!]!

List of AccessRequestInputs for risk analysis calculations.

runCalculationOnAllUsps - Boolean!

If true, calculation will run only on USPs configured on 'All Domains' context, else, will run on USPs that are configured on the specified source and destination domains.

Example
{
  "accessRequests": [AccessRequestInput],
  "runCalculationOnAllUsps": true
}

CreateUspRiskAnalysisTaskResult

Returns the status results when creating a new UspRiskAnalysisTask.

Field Name Description
resultStatus - ResultStatus! ResultStatus of the request to create a new risk analysis task.
taskId - ID The created task ID. The ID is used for querying for the calculation result of UspRiskAnalysisTask.
Example
{
  "resultStatus": ResultStatus,
  "taskId": ID
}

CreateUspRuleExceptionInput

Create a rule UspException.

Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.

approver - FreeText

User that approved the rule UspException.

creator - FreeText

User that created the rule UspException .

description - FreeText

Rule UspException description.

disabled - Boolean!

Set to true to disable this rule UspException. When disabled, rule UspException will have no impact on RuleViolations.

domain - IdString

The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored.

endDate - Date

Last date that the rule UspException is active.

name - Name!

Rule UspException name.

rules - RuleExceptionConditionInput!

RulesConditionInput of the UspException.

startDate - Date

First date that the rule UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]

List of UspExceptionConditionInput.

Example
{
  "appliedToAnyDomain": true,
  "approver": FreeText,
  "creator": FreeText,
  "description": FreeText,
  "disabled": true,
  "domain": IdString,
  "endDate": "2022-04-11T18:10:26.484Z",
  "name": Name,
  "rules": RuleExceptionConditionInput,
  "startDate": "2021-10-11T18:10:26.484Z",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

CreateUspRuleExceptionResult

Returns the status results when creating a new rule UspException.

Field Name Description
id - ID Newly created rule UspException ID.
resultStatus - ResultStatus! Status of request to create a new rule UspException.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

CreateUspTrafficExceptionInput

Create a traffic UspException.

Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.

approver - FreeText

User that approved the traffic UspException.

creator - FreeText

User that created the traffic UspException .

description - FreeText

Traffic UspException description.

destinations - [IpAddressString!]

Destination condition - list of network objects.

disabled - Boolean!

Set to true to disable this traffic UspException. When disabled, traffic UspException will have no impact on RuleViolations.

domain - IdString

The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored.

endDate - Date

Last date that the traffic UspException is active.

name - Name!

Traffic UspException name.

servicesAndApplications - ServiceAndApplicationConditionInput

List of ServiceAndApplicationConditionInput.

sources - [IpAddressString!]

Source condition - list of network objects.

startDate - Date

First date that the traffic UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]

List of UspExceptionConditionInput.

Example
{
  "appliedToAnyDomain": true,
  "approver": FreeText,
  "creator": FreeText,
  "description": FreeText,
  "destinations": [IpAddressString],
  "disabled": true,
  "domain": IdString,
  "endDate": "2021-10-11T18:10:26.484Z",
  "name": Name,
  "servicesAndApplications": ServiceAndApplicationConditionInput,
  "sources": [IpAddressString],
  "startDate": "2021-10-11T18:10:26.484Z",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

CreateUspTrafficExceptionResult

Returns the status results when creating a new traffic UspException.

Field Name Description
id - ID Newly created traffic UspException ID.
resultStatus - ResultStatus! Status of request to create a new traffic UspException.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

Date

An RFC-3339 compliant Full Date Scalar

Example
2021-10-11T18:10:26.484Z

DateTime

An RFC-3339 compliant DateTime Scalar

Example
object

DecommissionRulesAction

Enum Value Description

DISABLE_RULES

REMOVE_RULES

DeleteAlertConfigInput

Delete a USP alert.

Input Field Description
ids - [IdString!]!

IDs of the alerts you want to delete.

Example
{"ids": [IdString]}

DeleteAlertConfigResult

Returns the status results when deleting USP alerts.

Field Name Description
ids - [String!]
resultStatus - ResultStatus! Status of request to delete USP alerts.
Example
{"ids": ["abc123"], "resultStatus": ResultStatus}

DeleteSystemInput

Delete systems request input

Input Field Description
ids - [IdString!]!

Systems IDs to delete

Example
{"ids": [IdString]}

DeleteSystemResult

Delete system request output

Field Name Description
resultStatus - ResultStatus! Result of the operation
Example
{"resultStatus": ResultStatus}

DeleteTicketsInput

Delete tickets.

Input Field Description
ids - [IdString!]!

IDs of the tickets to be deleted.

Example
{"ids": [IdString]}

DeleteTicketsResult

Returns the status results when deleting tickets.

Field Name Description
ids - [ID!] IDs of the deleted tickets.
resultStatus - ResultStatus! Status of request to delete tickets.
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

DeleteUserTQLSearchInput

Delete saved TQL queries

Input Field Description
ids - [IdString!]!

IDs of the queries to be deleted

Example
{"ids": [IdString]}

DeleteUserTQLSearchResult

Returns the status results when deleting TQL queries

Field Name Description
ids - [ID!] IDs of the deleted queries
resultStatus - ResultStatus! Status of request to delete queries
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

DeleteUspExceptionInput

Delete one or more UspExceptions.

Input Field Description
ids - [IdString!]!

UspException IDs.

Example
{"ids": [IdString]}

DeleteUspExceptionResult

Returns the status results when deleting UspExceptions.

Field Name Description
ids - [ID!]
resultStatus - ResultStatus! Status of request to delete UspExceptions.
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

DeleteUspInput

Delete one or multiple USPs.

Input Field Description
ids - [IdString!]!

USP IDs.

Example
{"ids": [IdString]}

DeleteUspResult

Returns the status results when deleting USPs.

Field Name Description
resultStatus - ResultStatus! Status of request to delete USPs.
Example
{"resultStatus": ResultStatus}

Device

A dependent device. Each device is assigned to a unique System device.

Field Name Description
cannotHaveRules - Boolean True indicates that the device has no rules Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
comment - String A text comment associated with this entity Permission requires
device - BasicDevice The device that this entity belongs to Permission requires
deviceType - DeviceType Type of this device
displayName - String Name of this device
domain - Domain The domains of the device
domainDeviceConf - [DomainDeviceConf!] List of device domain configurations which are excluded from violation calculations and protection mode Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

id - ID! The internal unique identifier for this entity
model - ModelName Model of this device Permission requires
modelDisplayName - String Model name of this device Permission requires
name - String The name of the entity
nameOnDevice - String Context name of this device Permission requires
parent - Device Device or system parent device Permission requires
root - Boolean True indicates that this device is the topmost device in the hierarchy
swVersion - String Software version of this device Permission requires
system - BasicSystem The system (root device) that this entity belongs to
vendor - VendorName Vendor type of this device
vendorDisplayName - String Vendor name of this device
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "cannotHaveRules": false,
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "deviceType": DeviceType,
  "displayName": "xyz789",
  "domain": Domain,
  "domainDeviceConf": [DomainDeviceConf],
  "id": ID,
  "model": ModelName,
  "modelDisplayName": "xyz789",
  "name": "xyz789",
  "nameOnDevice": "xyz789",
  "parent": Device,
  "root": true,
  "swVersion": "xyz789",
  "system": BasicSystem,
  "vendor": VendorName,
  "vendorDisplayName": "abc123",
  "version": 987
}

DeviceQuery

Query for Device objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of Device objects matching the specified filter.
values - [Device!]! A list of Device objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{"count": Long, "values": [Device]}

DeviceStatus

The progress status of the device version processing and calculations (IN_PROGRESS, COMPLETED, or ERROR).

Field Name Description
apiV1DeviceId - String The internal unique identifier of the device in the legacy API.
changed - DateTime The most recent time that this entity was directly modified Permission requires
device - Device The device that the status applies to. Permission requires
id - ID! The internal unique identifier for this entity
name - String This property is not supported. Permission requires
versions - [VersionStatus!] The versions of the changes on the device. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "apiV1DeviceId": "xyz789",
  "changed": DateTime,
  "device": Device,
  "id": ID,
  "name": "abc123",
  "versions": [VersionStatus]
}

DeviceStatusQuery

Query for DeviceStatus objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of DeviceStatus objects matching the specified filter.
values - [DeviceStatus!]! A list of DeviceStatus objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "count": Long,
  "values": [DeviceStatus]
}

DeviceType

Type of dependant device.

Enum Value Description

CLOUD_VIRTUAL_NETWORK

Public or private cloud virtual network. For example: Microsoft Azure public cloud virtual network.

CLUSTER

Cluster of devices

FIREWALL

Firewall

FIREWALL_GLOBAL_CONTEXT

Device of this type holds global firewall information, like global policy

FIREWALL_VIRTUAL_CONTEXT

Virtual firewall managed by root management device

MANAGEMENT

Device manages other devices.

MANAGEMENT_DOMAIN

Device that represents management domain or scope.

MANAGEMENT_GLOBAL_DOMAIN

Device that represents global domain or scope.

Direction

Direction.

Enum Value Description

BOTH

Inbound-Outbound direction.

INBOUND

Inbound direction.

OUTBOUND

Outbound direction.

Domain

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
default - Boolean
id - ID! The internal unique identifier for this entity
name - String The name of the entity
Example
{
  "changed": DateTime,
  "default": false,
  "id": ID,
  "name": "abc123"
}

DomainAccessLevel

Enum Value Description

FULL_READ

FULL_READ_WRITE

PARTIAL_READ

DomainDeviceConf

List of device domain configurations which are excluded from violation calculations and protection mode

Field Name Description
appliedToAnyDomain - Boolean True indicates that the configuration applies to All Domain. False indicates that the configuration applies to a specific domain. Permission requires
enableProtectionModeChange - Boolean Permission requires
excludedForViolation - Boolean True indicates that the application will not calculate security risks for this device Permission requires
protectionMode - ProtectionMode Identifies how to select network zones available for checking security risks, whether the mode is Connected (the IP address is directly connected) or Routable (the connection is via route table) Permission requires
Example
{
  "appliedToAnyDomain": false,
  "enableProtectionModeChange": false,
  "excludedForViolation": false,
  "protectionMode": ProtectionMode
}

DomainQuery

Query for Domain objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of Domain objects matching the specified filter.
values - [Domain!]! A list of Domain objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{"count": Long, "values": [Domain]}

EmailAddress

An email address

Example
object

Error

Field Name Description
errorCode - String Internal code of error message that indicates that request did not successfully complete.
errorMessage - String Text of message that indicates that request did not successfully complete
Example
{"errorCode": "xyz789", "errorMessage": "abc123"}

ErrorType

Enum Value Description

IP_TYPE_MISMATCH

RUNTIME_ERROR

FlowRestrictionType

The required format of the source and the destination in a rule.

Enum Value Description

HOST_TO_HOST

Rule requirement that both the source and destination are defined by host objects.

HOST_TO_SUBNET

Rule requirement that the source of the traffic flow is defined by host and the destination is defined by subnet objects.

SUBNET_TO_HOST

Rule requirement that the source of the traffic flow is defined by subnet objects and the destination is defined by host.

FlowUspRestriction

A condition that defines the allowed flow type from one SecureTrack network zone to another (Host to Host, Subnet to Host, or Host to Subnet).

Field Name Description
flowType - FlowRestrictionType The flow type.
restrictionType - RestrictionType Restriction type.
Example
{
  "flowType": FlowRestrictionType,
  "restrictionType": RestrictionType
}

FlowUspRestrictionInput

Flow USP restriction.

Input Field Description
flowType - FlowRestrictionType!

Flow type (FlowRestrictionType).

Example
{"flowType": FlowRestrictionType}

Fqdn

Fully qualified domain name. Identifier that fully identifies the resource

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
domainAddress - String Fully qualified domain name
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "domainAddress": "xyz789",
  "id": ID,
  "ipAddresses": [IpAddress],
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

FreeText

Free text

Example
object

Group

Network objects group. Contains other network objects

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
exclusionMembers - [GroupMember!] Network objects that must be excluded from this group. For example: particular network objects in included sub-network.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

groupType - GroupType! Group type. For example: NETWORK_WITH_EXCLUSION. See GroupType definition
id - ID! The internal unique identifier for this entity
members - [GroupMember!] Network objects that are direct members of this group

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

membersPredefinedValue - NetworkPredefinedValue Members of type "Any"
membershipCriteria - String The matching criteria of a Security Group can be a security tag, and a workload that is tagged can be automatically placed into a Security Group
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "exclusionMembers": [GroupMember],
  "groupType": GroupType,
  "id": ID,
  "members": [GroupMember],
  "membersPredefinedValue": NetworkPredefinedValue,
  "membershipCriteria": "abc123",
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

GroupType

Network objects group type.

Enum Value Description

APPLICATION

The group containing network applications.

DYNAMIC_GROUP

A dynamic address group uses tags as a filtering criteria to determine its members.

LOCATION

The group containing locations.

MICRO_SEGMENTED_GROUP

The group containing vendor specific objects. For example: network interface cards (NIC).

NETWORK

The group containing networks.

NETWORK_WITH_EXCLUSION

The group containing networks with exclusions.

SECURITY_PROFILE

The group containing security profiles.

SERVICE

The group containing TCP/IP services.

USER

The group containing users.

ZONE_INTERSECTABLE_MICRO_SEGMENTED_GROUP

HasIP

An object that has an IP address field.

Field Name Description
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipType - IpType The IP address this object has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
Example
{"ip": "xyz789", "ipType": IpType}

Host

Computer or other device connected to a computer network.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipAddresses - [IpAddress!] List of additional IP addresses

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

ipType - IpType The IP address this host has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "ip": "xyz789",
  "ipAddresses": [IpAddress],
  "ipType": IpType,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

ID

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Example
object

IcmpService

ICMP service

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
icmpCode - Int ICMP code number for a particular ICMP type
id - ID! The internal unique identifier for this entity
maxIcmpType - Int The last ICMP type number in range, including
minIcmpType - Int The first ICMP type number in range, including
name - String The name of the entity
negated - Boolean Rule will use all ICMP types, except specified in minIcmpType and maxIcmpType in case this value is true
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "icmpCode": 987,
  "id": ID,
  "maxIcmpType": 123,
  "minIcmpType": 123,
  "name": "xyz789",
  "negated": true,
  "system": BasicSystem,
  "version": 123
}

IdString

ID type

Example
object

InstallationTargetPredefinedValue

Predefined values for installation target of type Any

Enum Value Description

ANY_IT

Any installation target

Int

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.

Example
987

Interface

The Interface entity shows the current configuration of an interface and the information received from the device.

Field Name Description
autoMappingDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

autoMappingRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

changed - DateTime The time and date the interface was last changed. Permission requires
comment - String This property is not supported. Permission requires
device - BasicDevice The Device ID that the interface is connected to. Interfaces are only associated with gateways. Permission requires
id - ID! The interface ID.
ipAddresses - [IpAddress!] The IP addresses of the interface. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

manualAddedDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

manualAddedRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

manualExcludedDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

manualExcludedRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

name - String The interface name.
system - BasicSystem The system ID that the interface is related to. Permission requires
version - Int! The last version ID that was received for the interface.
zone - Zone The ID of the SecureTrack network zone that the interface is associated with. Permission requires
Example
{
  "autoMappingDirectlyConnectedZones": [SecurityZone],
  "autoMappingRouteableZones": [SecurityZone],
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "ipAddresses": [IpAddress],
  "manualAddedDirectlyConnectedZones": [SecurityZone],
  "manualAddedRouteableZones": [SecurityZone],
  "manualExcludedDirectlyConnectedZones": [SecurityZone],
  "manualExcludedRouteableZones": [SecurityZone],
  "name": "abc123",
  "system": BasicSystem,
  "version": 987,
  "zone": Zone
}

InterfaceDirection

Direction of interface traffic from the interface point of view.

Enum Value Description

IN

Traffic is inbound. Interface receives the traffic.

OUT

Traffic is outbound. Interface sends the traffic outside.

InterfaceQuery

Query for Interface objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of Interface objects matching the specified filter.
values - [Interface!]! A list of Interface objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "count": Long,
  "values": [Interface]
}

InternetService

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

InvalidRule

Rule that is invalid for creating a ticket

Field Name Description
reason - CreateDraftInvalidRuleReason! The reason that the rule is invalid
ruleUid - ID The rule UID
Example
{
  "reason": CreateDraftInvalidRuleReason,
  "ruleUid": ID
}

IpAddress

IP address

Field Name Description
ip - String IP address
ipType - IpType The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
precedence - Precedence IP address placement definition
subnetMask - String Sub-network mask
visibility - Visibility IP address visibility definition
Example
{
  "ip": "xyz789",
  "ipType": IpType,
  "precedence": Precedence,
  "subnetMask": "abc123",
  "visibility": Visibility
}

IpAddressString

The IP address. It will either take the form of an IPv4 (as specified in RFC 794) or IPv6 (as specified in RFC 4291).

Example
object

IpMaskString

IP netmask (IPv4 or IPv6)

Example
object

IpRange

Set of IP addresses defined by first and last IP address.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipType - IpType The IP addresses this range has can be of different types (e.g. IPv4, IPv6). This field specifies which type they are.
maxIp - String The last IP address, including.
minIp - String The first IP address, including.
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "ipType": IpType,
  "maxIp": "xyz789",
  "minIp": "abc123",
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

IpService

TCP/IP service

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
maxProtocol - Int The last protocol number in range, including
minProtocol - Int The first protocol number in range, including
name - String The name of the entity
negated - Boolean Rule will use all service protocols, except specified in minProtocol and maxProtocol in case this value is true
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "maxProtocol": 987,
  "minProtocol": 987,
  "name": "xyz789",
  "negated": false,
  "system": BasicSystem,
  "version": 987
}

IpType

The IP type.

Enum Value Description

IPV4

IPv4 IP type.

IPV4_IPV6

Either IPv4 or IPv6.

IPV6

IPv6 IP type.

OTHER

Neither IPV4 nor IPV6

LdapUser

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
dn - String LDAP user identifier
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "dn": "abc123",
  "id": ID,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123
}

LocalUser

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

Location

Locations identify the various networks from which your organization sends its internet traffic. When an organization forwards its traffic to the Zscaler service through a GRE or IPSec tunnel, Zscaler provisions your organization's IP addresses, which you then add as locations in the ZIA Admin Portal.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

name - String The name of the entity
ports - [Int!] Proxy ports
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "ipAddresses": [IpAddress],
  "name": "xyz789",
  "ports": [123],
  "system": BasicSystem,
  "version": 123
}

LogProfile

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

Long

Long type

Example
object

ModelName

Device model name.

Enum Value Description

ASA

Cisco ASA

AWS_ACCOUNT

Amazon AWS public cloud management, contains account information

AWS_VPC

Amazon AWS public cloud "virtual public cloud"

AZURE_ACCOUNT

Microsoft Azure public cloud management, contains account information

AZURE_VNET

Microsoft Azure public cloud virtual network

CMA

Check Point CMA.

FMC

FORTIGATE

Fortinet firewall

FORTIMANAGER

Fortinet management device

FTD

MDS

Check Point MDS

MX

Mx

NETSCREEN

Netscreen

NEXUS

Cisco Nexus

PANORAMA

Palo Alto management device

PANOS

Palo Alto Firewall

ROUTER

Cisco router

SMART_CENTER

Check Point Smart center

SRX

Srx

UNKNOWN

Unknown, not supported, device.

VMWARE_NSX_DISTRIBUTED_FIREWALL

VMware NSX distributed firewall

VMWARE_NSX_EDGE

VMware NSX Edge

VMWARE_NSX_MANAGEMENT

VMware NSX management

ZSCALER_INTERNET_ACCESS

Zscaler Internet Access

ModifiedRule

The rule that is associated with the ticket that is created.

Field Name Description
createdTicketId - ID! ID of the created ticket.
ruleId - ID! ID of the affected rule.
Example
{
  "createdTicketId": ID,
  "ruleId": ID
}

NIC

The emulation of a physical network adapter (NIC)

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

name - String The name of the entity
subnet - Subnet Sub-network that this NIC belongs to
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "ipAddresses": [IpAddress],
  "name": "abc123",
  "subnet": Subnet,
  "system": BasicSystem,
  "version": 987
}

Name

An entity name

Example
object

Negatable

Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
Example
{"negated": false}

NetworkObjectTraffic

Field Name Description
ip - String
microSegmentedName - String
Example
{"ip": "abc123", "microSegmentedName": "xyz789"}

NetworkObjectTrafficInput

Represents a traffic network object. should contain ip OR microSegmentName

Input Field Description
ip - IpAddressString

Represents ip address of traffic network object.

microSegmentedName - FreeText

Represent a security group name

Example
{
  "ip": IpAddressString,
  "microSegmentedName": FreeText
}

NetworkPredefinedValue

Definition for network of type Any.

Enum Value Description

ANY_IPV4_NETWORK

Any IPv4 network.

ANY_IPV6_NETWORK

Any IPv6 network.

ANY_NETWORK

Any IPv4 or IPv6 network.

Node

An API entity. This interface carries the most basic information about an entity.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
Example
{
  "changed": DateTime,
  "id": ID,
  "name": "abc123"
}

OPMAgent

Open policy management (OPM) agent definition Permission requires

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
opmAgentId - String OPM agent ID
systemProperties - [SystemProperties!] System specific text fields

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

vendor - VendorName Vendor type of this device
vendorDisplayName - String Vendor name of this device
Example
{
  "changed": DateTime,
  "id": ID,
  "name": "xyz789",
  "opmAgentId": "xyz789",
  "systemProperties": [SystemProperties],
  "vendor": VendorName,
  "vendorDisplayName": "xyz789"
}

OPMAgentQuery

Query for OPMAgent objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of OPMAgent objects matching the specified filter.
values - [OPMAgent!]! A list of OPMAgent objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "count": Long,
  "values": [OPMAgent]
}

OntologicalBaseEntity

A base interface shared by all entities that are reported as part of a device's configuration

Field Name Description
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

OtherObject

Network object that does not have TOS known type.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
objectType - String Custom type textual representation.
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "name": "xyz789",
  "objectType": "xyz789",
  "system": BasicSystem,
  "version": 987
}

OtherService

Service that does not have TOS known type

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
serviceType - String Custom type textual representation
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "name": "xyz789",
  "serviceType": "xyz789",
  "system": BasicSystem,
  "version": 987
}

Permission

A system function grant

Field Name Description
name - String The unique name of the grant
type - String The type of the grant - READ | WRITE | RESOURCE
Example
{"name": "xyz789", "type": "abc123"}

PermissivenessScoreLevel

Permissiveness level of rule's data.

Enum Value Description

HIGH

High permissiveness level. Rule allows access for too much network traffic.

LOW

Low permissiveness level. Rule allows very small network traffic.

MEDIUM

Medium permissiveness level. Rule allows not much network traffic.

Precedence

Placement definition

Enum Value Description

SECONDARY

Secondary IP address

PredefinedUspType

The set of predefined templates of USP definitions. Each predefined template type is aimed at a different compliance setting and defines a different set of zone roles.

Enum Value Description

ADVANCED_BEST_PRACTICES

Defines the following zones:

  • Corporate
  • DMZ
  • Internet

BEST_PRACTICES

Defines the following zones:

  • Internet
  • DataCenter
  • PM
  • RnD
  • Sales

ISO_27001

Information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Provides best practice recommendations on information security management—the management of information risks through information security controls. Defines the following zones:

  • Corporate
  • NOC-MGMT
  • DMZ-DB
  • DMZ-NOC
  • DMZ-PUB
  • Extranet-Partners
  • DMZ-Partners
  • Internet
  • Int-IP

NERC_CIPv5

The NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) version 5 standards are designed to secure the assets required for operating North America’s Bulk Electric System (BES). Defines the following zones:

  • EACMS
  • PACS
  • Control Center
  • Substation
  • Corporate
  • DMZ
  • Internet

NIST_800_53

PCI

The Payment Card Industry Data Security Standard (PCI DSS). An information security standard for organizations that handle credit cards from the major card schemes. Defines the following zones:

  • Corporate
  • DMZ
  • Internet
  • PCI Applications
  • PCI Data
  • PCI Web
  • Wireless Networks

ProgressStatus

Progress status

Enum Value Description

COMPLETED

Completed

ERROR

Error

IN_PROGRESS

In progress

PropertyUspRestriction

A condition that defines rules related properties of RestrictionTypes:

  • MANDATORY_COMMENT
  • MANDATORY_LOG
  • LAST_HIT_MAX_VAL
  • SOURCE_IPS_MAX_COUNT
  • DESTINATION_IPS_MAX_COUNT
  • SERVICES_MAX_COUNT
  • EXPLICIT_SOURCE
  • EXPLICIT_DESTINATION
  • EXPLICIT_SERVICE
Field Name Description
restrictionType - RestrictionType Restriction type.
value - Int

A field that defines numeric related properties, of RestrictionTypes:

  • LAST_HIT_MAX_VAL
  • SOURCE_IPS_MAX_COUNT
  • DESTINATION_IPS_MAX_COUNT
  • SERVICES_MAX_COUNT
Example
{"restrictionType": RestrictionType, "value": 123}

PropertyUspRestrictionInput

Property USP restriction (PropertyUspRestriction).

Input Field Description
value - Int

The numeric related property.

Example
{"value": 123}

ProtectionMode

Describes how to select network zones available for checking security risks.

Enum Value Description

CONNECTED_ZONES

Violation will be calculated on zones that are directly connected to the interface

ROUTABLE_ZONES

Violation will be calculated on zones that have routes through the interface.

RemoveSecurityZonesFromUspInput

Removes one or more SecureTrack network zones from an existing USP.

Input Field Description
securityZonesIds - [IdString!]!

SecureTrack network zones IDs to be added.

uspId - IdString!

USP ID to remove zones from.

Example
{
  "securityZonesIds": [IdString],
  "uspId": IdString
}

RemoveSecurityZonesFromUspResult

Returns the status results when removing SecureTrack network zones from an existing USP.

Field Name Description
resultStatus - ResultStatus! Status of request to remove SecureTrack network zones from an existing USP.
Example
{"resultStatus": ResultStatus}

RestrictionType

Enumeration of valid restriction types.

Enum Value Description

DESTINATION_IPS_MAX_COUNT

Maximum number of IP address allowed in the destination.

EXPLICIT_DESTINATION

Rules must have an explicit destination, not the ANY value.

EXPLICIT_SERVICE

Rules must have an explicit service, not the ANY value.

EXPLICIT_SOURCE

Rules must have an explicit source, not the ANY value.

FLOWS

The required format of the source and the destination in a rule (HOST_TO_HOST, SUBNET_TO_HOST, or HOST_TO_SUBNET).

LAST_HIT_MAX_VAL

Maximum number of days in which the rule must have had a hit.

MANDATORY_COMMENT

Rules must have text in the comment field.

MANDATORY_LOG

Rules must be configured to create log entries.

SERVICES_MAX_COUNT

Maximum number of services allowed.

SOURCE_IPS_MAX_COUNT

Maximum number of IP address allowed in the source.

TRAFFIC

Traffic access permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all).

Result

A type representing a result. This is the generic interface, specific calls may override this type with more specific result.

Field Name Description
resultStatus - ResultStatus! The result status of the request.
Example
{"resultStatus": ResultStatus}

ResultStatus

Status result of the operation.

Field Name Description
errorMessage - String The value “errorMessage” has been deprecated. Use the “errors” field instead
errors - [Error!] List of error codes and messages.
successful - Boolean True indicates that request successfully completed
Example
{
  "errorMessage": "abc123",
  "errors": [Error],
  "successful": true
}

RiskAnalysisFlowsViolationData

Information regarding violations of type Flow.

Field Name Description
flowUspRestriction - FlowUspRestriction FlowUspRestriction that was violated by the access request.
violatedFlowType - FlowRestrictionType The flow restriction type FlowRestrictionType that was violated by the access request.
violatingDestPredefinedValue - NetworkPredefinedValue The violating NetworkPredefinedValue of the access request's destination.
violatingDestinationNetworkObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that represent the violating objects in the access request's destination.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

violatingSourceNetworkObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that represent the violating objects in the access request's source.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

violatingSourcePredefinedValue - NetworkPredefinedValue The violating NetworkPredefinedValue of the access request's source.
Example
{
  "flowUspRestriction": FlowUspRestriction,
  "violatedFlowType": FlowRestrictionType,
  "violatingDestPredefinedValue": NetworkPredefinedValue,
  "violatingDestinationNetworkObjects": [
    RiskAnalysisNetworkObject
  ],
  "violatingSourceNetworkObjects": [
    RiskAnalysisNetworkObject
  ],
  "violatingSourcePredefinedValue": NetworkPredefinedValue
}

RiskAnalysisMutation

The RiskAnalysisMutation entity enables to create a task of AccessRequests for risk calculation.

Field Name Description
createUspRiskAnalysisTask - CreateUspRiskAnalysisTaskResult! Create a UspRiskAnalysisTask.
Example
{
  "createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}

RiskAnalysisNetworkObject

A violating network object entity, in a defined SecureTrack zone.

Field Name Description
networkObjectTraffic - NetworkObjectTraffic The raw traffic representation of the violating network object.
zone - SecurityZone The SecureTrack zone that violates the network object traffic.
Example
{
  "networkObjectTraffic": NetworkObjectTraffic,
  "zone": SecurityZone
}

RiskAnalysisTrafficViolationData

Information regarding violations of type Traffic.

Field Name Description
trafficUspRestriction - TrafficUspRestriction TrafficUspRestriction that was violated by the access request.
violatedApplicationPredefinedValue - ApplicationPredefinedValue The violating ApplicationPredefinedValue of the access request's applications.
violatedServicePredefinedValue - ServicePredefinedValue The violating ServicePredefinedValue of the access request's service.
violatingApplications - [String!] List of application names that represent the violating applications in the access request.
violatingServices - [String!] List of services expressions that represent the violating services in the access request.
Example
{
  "trafficUspRestriction": TrafficUspRestriction,
  "violatedApplicationPredefinedValue": ApplicationPredefinedValue,
  "violatedServicePredefinedValue": ServicePredefinedValue,
  "violatingApplications": ["xyz789"],
  "violatingServices": ["abc123"]
}

RiskAnalysisViolation

The RiskAnalysisViolation entity represents information regarding violations of an access request. Permission requires

Field Name Description
accessRequestId - String Access request ID.
changed - DateTime The date that the RiskAnalysisViolation entity was last changed.
creationDate - DateTime Creation date of the violation.
exceptions - [BasicUspExceptionInfoForRiskAnalysis!] Exceptions IDs that were applied to the violation.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

flowViolationData - RiskAnalysisFlowsViolationData The flow violation RiskAnalysisFlowsViolationData.
fromZoneMatchingObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that are matching the from-zone of the ZoneToZoneMatcher. Set in case the access request sources are specific (matchingSourcePredefinedValue not set).

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

id - ID! Violation ID.
matchingDestinationPredefinedValue - NetworkPredefinedValue Set in case the access request destination is a predefined value of NetworkPredefinedValue.
matchingSourcePredefinedValue - NetworkPredefinedValue Set in case the access request source is a predefined value of NetworkPredefinedValue.
name - String This property is not supported.
requirement - UspRequirement Violated UspRequirement.
severity - ViolationSeverity Severity of the violation.
toZoneMatchingObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that are matching the to-zone of the ZoneToZoneMatcher. Set in case the access request destinations are specific (matchingDestinationePredefinedValue not set).

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

trafficViolationData - RiskAnalysisTrafficViolationData The traffic violation RiskAnalysisTrafficViolationData.
usp - BasicUspInfoForRiskAnalysis Violated USP.
zoneToZoneUspRequirementMatcher - ZoneToZoneUspRequirementMatcher Violated from zone - to zone ZoneToZoneMatcher.
Example
{
  "accessRequestId": "xyz789",
  "changed": DateTime,
  "creationDate": DateTime,
  "exceptions": [BasicUspExceptionInfoForRiskAnalysis],
  "flowViolationData": RiskAnalysisFlowsViolationData,
  "fromZoneMatchingObjects": [RiskAnalysisNetworkObject],
  "id": ID,
  "matchingDestinationPredefinedValue": NetworkPredefinedValue,
  "matchingSourcePredefinedValue": NetworkPredefinedValue,
  "name": "xyz789",
  "requirement": UspRequirement,
  "severity": ViolationSeverity,
  "toZoneMatchingObjects": [RiskAnalysisNetworkObject],
  "trafficViolationData": RiskAnalysisTrafficViolationData,
  "usp": BasicUspInfoForRiskAnalysis,
  "zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}

Role

Field Name Description
uid - ID
name - String
permissions - [Permission]
Example
{
  "uid": ID,
  "name": "xyz789",
  "permissions": [Permission]
}

Rule

A rule in a security policy

Field Name Description
action - RuleActionType Action that will be performed by firewall if network traffic matches this rule
actionDisplayName - String Action name
application - RuleApplicationTraffic Definition of the network applications
applicationsUsage - [ApplicationUsage!] Last time traffic was recorded for a specific application on this rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

appliedTo - [String!] Devices that the rule is installed on
appliedToObjects - RuleAppliedToObjects Network objects that this rule is applied to
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
destination - RuleNetworkTraffic Definition of the destination network objects
destinationZone - RuleZoneTraffic Definition of the destination network zones
device - BasicDevice The device that this entity belongs to
direction - Direction Direction of this rule (inbound or outbound)
disabled - Boolean True indicates that this rule is disabled on the device
exceptions - [BasicRuleUspExceptionInfo!]

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

goToTarget - SecurityPolicy Target security policy for GOTO rule action
id - ID! The internal unique identifier for this entity
idOnDevice - String Device specific rule identifier. Usually identifies the rule order in the security policy.
installedOn - RuleInstallationTargetTraffic Devices that the rule is installed on
isExemptedFromUsp - Boolean True indicates that the rule will be excluded from violation calculations
location - String The level of the rule within the rule hierarchy
logging - RuleLogging Rule logging definition
name - String The name of the entity
permissivenessLevel - PermissivenessScoreLevel

The permissiveness level (high/medium/low). The permissiveness level is an indication of how widely a rule is defined. Rules with high permissiveness can be a security risk because they allow too much access through the firewall. For example:

  • A rule with one source host, one destination host, and one service is low permissiveness
  • A rule with Source "ANY", Destination "ANY", and Protocol "ANY" is high permissiveness
policy - SecurityPolicy The security policy the rule belongs to
policyIndex - Int
ruleUsageStatus - RuleUsageStatus Status of last hit check
ruleUserData - RuleUserData Additional information such as a description that can be customized by administrators
sectionTitle - String Title of the section that rule belongs to
securityProfiles - [SecurityProfileValue!] List of security profiles

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

service - RuleServiceTraffic Definition of the network service objects
shadowed - ShadowedStatus Indicates whether the rule is shadowed by a previous rule which handles traffic before it gets to this rule, This may indicate that the rule is redundant.
source - RuleNetworkTraffic Definition of the source network objects
sourceZone - RuleZoneTraffic Definition of the source network zones
system - BasicSystem The system (root device) that this entity belongs to
tags - [String!] List of tags
time - RuleTimeTraffic Time and date that the rule is scheduled
timeLastHit - DateTime The last time traffic that passed through the device matched either the rule, user, or application identity details
timeLastModified - DateTime The most recent time that this rule was directly modified or there was a change in a related object which impacted the rule
urlCategory - RuleUrlCategory The category of the URL as determined by the device
user - RuleUserTraffic Definition of the network user objects
usersUsage - [UserUsage!] Last time traffic was recorded for a specific user on this rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

version - Int! A sequential number assigned to each change to identify the order in which changes were made
violationHighestSeverity - ViolationSeverity Maximum security risk severity
violations - [RuleViolation!] A list of all security risks found in this rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

vpn - RuleVpnTraffic Definition of the VPN communities. A VPN community is a collection of VPN enabled gateways capable of communicating via VPN tunnels.
zonesRelation - ZonesRelation Zone relation definition on the device
expirationDate - DateTime
Example
{
  "action": RuleActionType,
  "actionDisplayName": "abc123",
  "application": RuleApplicationTraffic,
  "applicationsUsage": [ApplicationUsage],
  "appliedTo": ["abc123"],
  "appliedToObjects": RuleAppliedToObjects,
  "changed": DateTime,
  "comment": "xyz789",
  "destination": RuleNetworkTraffic,
  "destinationZone": RuleZoneTraffic,
  "device": BasicDevice,
  "direction": Direction,
  "disabled": false,
  "exceptions": [BasicRuleUspExceptionInfo],
  "goToTarget": SecurityPolicy,
  "id": ID,
  "idOnDevice": "abc123",
  "installedOn": RuleInstallationTargetTraffic,
  "isExemptedFromUsp": false,
  "location": "xyz789",
  "logging": RuleLogging,
  "name": "xyz789",
  "permissivenessLevel": PermissivenessScoreLevel,
  "policy": SecurityPolicy,
  "policyIndex": 123,
  "ruleUsageStatus": RuleUsageStatus,
  "ruleUserData": RuleUserData,
  "sectionTitle": "xyz789",
  "securityProfiles": [SecurityProfileValue],
  "service": RuleServiceTraffic,
  "shadowed": ShadowedStatus,
  "source": RuleNetworkTraffic,
  "sourceZone": RuleZoneTraffic,
  "system": BasicSystem,
  "tags": ["abc123"],
  "time": RuleTimeTraffic,
  "timeLastHit": DateTime,
  "timeLastModified": DateTime,
  "urlCategory": RuleUrlCategory,
  "user": RuleUserTraffic,
  "usersUsage": [UserUsage],
  "version": 123,
  "violationHighestSeverity": ViolationSeverity,
  "violations": [RuleViolation],
  "vpn": RuleVpnTraffic,
  "zonesRelation": ZonesRelation,
  "expirationDate": DateTime
}

RuleActionType

Type of action that will be performed by firewall if network traffic matches this rule

Enum Value Description

ALLOW

Traffic specified by the rule will be allowed

DENY

Traffic specified by the rule will not be allowed

GOTO

Traffic specified by the rule must be checked by other policy. See goToTarget parameter in Rule

UNSUPPORTED

This usages is just a fallback for not supported data

RuleApplicationTraffic

Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - ApplicationPredefinedValue Predefined value for Any application
typeDisplay - String RuleApplicationTraffic will always be of type "Application"
values - [RuleApplicationValue!] List of network applications

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": ApplicationPredefinedValue,
  "typeDisplay": "abc123",
  "values": [RuleApplicationValue]
}

RuleApplicationValue

Union Types

Application

Group

RuleAppliedToObjects

"Applied to objects" definition for rule

Field Name Description
predefinedValue - AppliedToObjectsPredefinedValue Value for predefined type (Any or No object)
typeDisplay - String RuleAppliedToObjects will always be of type "Applied to objects"
values - [NetworkObject!] List of device network objects

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "predefinedValue": AppliedToObjectsPredefinedValue,
  "typeDisplay": "abc123",
  "values": [NetworkObject]
}

RuleExceptionConditionInput

Condition on Rules

Input Field Description
rules - [IdString!]!

List of Rule's ID.

Example
{"rules": [IdString]}

RuleFlowsViolationData

The RuleFlowsViolationData entity holds data of the flows that are being violated by the rule

Field Name Description
flowRestriction - FlowUspRestriction The FlowUspRestriction that was violated by this rule
negatedViolatingDestination - Boolean True if violatingDestinationNetworkObjects is a negated value
negatedViolatingSource - Boolean True if violatingSourceNetworkObjects is a negated value
violatedFlowType - FlowRestrictionType The FlowRestrictionType that was violated by this rule
violatingDestPredefinedValue - NetworkPredefinedValue The NetworkPredefinedValue of the destinationNetworkObjects that are violated by the rule
violatingDestinationNetworkObjects - [NetworkObject!] The destination NetworkObjects that are violated by the rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

violatingSourceNetworkObjects - [NetworkObject!] The source NetworkObjects that are violated by the rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

violatingSourcePredefinedValue - NetworkPredefinedValue The NetworkPredefinedValue of the source NetworkObjects that are violated by the rule
Example
{
  "flowRestriction": FlowUspRestriction,
  "negatedViolatingDestination": true,
  "negatedViolatingSource": true,
  "violatedFlowType": FlowRestrictionType,
  "violatingDestPredefinedValue": NetworkPredefinedValue,
  "violatingDestinationNetworkObjects": [NetworkObject],
  "violatingSourceNetworkObjects": [NetworkObject],
  "violatingSourcePredefinedValue": NetworkPredefinedValue
}

RuleInstallationTargetTraffic

Installation targets definition for rule

Field Name Description
predefinedValue - InstallationTargetPredefinedValue Value for installation target of type Any
typeDisplay - String RuleInstallationTargetTraffic will always be of type "Install On"
values - [NetworkObject!] List of device network objects

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "predefinedValue": InstallationTargetPredefinedValue,
  "typeDisplay": "abc123",
  "values": [NetworkObject]
}

RuleLogging

Rule logging definition

Field Name Description
logProfile - LogProfile Logging profile name
logged - Boolean If true, the rule logged on device
timing - RuleLoggingTiming Specify when rule logging should start
trackInterval - Int Interval (vendor specific)
trackLevel - RuleTrackLevel Rule logging track level
Example
{
  "logProfile": LogProfile,
  "logged": true,
  "timing": RuleLoggingTiming,
  "trackInterval": 987,
  "trackLevel": RuleTrackLevel
}

RuleLoggingTiming

Specify when rule logging should start

Enum Value Description

BOTH_START_AND_END

Log rule usage on both, session start and end

SESSION_END

Log rule usage on session end

SESSION_START

Log rule usage on session start

RuleMatchCriterionType

Rule matching criterion. TOS uses this to match rule for a particular traffic risks discovery.

Enum Value Description

APPLICATION

Match network application defined in rule.

APPLIED_TO_OBJECTS

DESTINATION

DEST_ZONE

INSTALLATION_TARGET

SCHEDULE

SERVICE

SOURCE

SOURCE_SERVICE

SOURCE_USER

SOURCE_ZONE

URL_CATEGORY

VPN

RuleNetworkTraffic

Network objects definition for rule source and destination fields

Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - NetworkPredefinedValue Definition for network of type Any
typeDisplay - String Network traffic direction in rule (Source, Destination)
values - [NetworkObject!] List of device network objects

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": NetworkPredefinedValue,
  "typeDisplay": "abc123",
  "values": [NetworkObject]
}

RuleOperationsMutation

Lets you create SecureChange tickets for rules modification, recertification or decommission

Field Name Description
createTicketDraft - CreateTicketDraftResult! Create a ticket draft in SecureChange

Arguments

Example
{"createTicketDraft": CreateTicketDraftResult}

RuleQuery

Query for Rule objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of Rule objects matching the specified filter.
counts - [CountsResult!]! Gets the number of entities matching a filter, grouped by selected fields.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

groupBy - [String!]!

Results are grouped either by Device parameters or USP parameters. Fields that can be used to group the results: "vendor","device.id","device.name","violations.usp.name","violations.usp.id"

offset - Long default = 0

Offset results for paging.

orderBy - countsOrderBy default = "GROUP"

Sorts the results by the specified field. When not explicitly set, the default field is "GROUP"

orderDirection - orderDirection default = "ASC"

Specifies whether the results should be sorted in ascending or descending order. When not explicitly set, the default order is "ASC"

values - [Rule!]! A list of Rule objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "count": Long,
  "counts": [CountsResult],
  "values": [Rule]
}

RuleSchedule

Schedule values for rule

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
endTime - DateTime End time
id - ID! The internal unique identifier for this entity
name - String The name of the entity
scheduledDays - String Days
scheduledMonth - String Month
scheduledMonthDays - String Days of month
startTime - DateTime Start time
system - BasicSystem The system (root device) that this entity belongs to
timePeriods - [TimePeriodInDay!] List of time periods

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "endTime": DateTime,
  "id": ID,
  "name": "abc123",
  "scheduledDays": "abc123",
  "scheduledMonth": "abc123",
  "scheduledMonthDays": "abc123",
  "startTime": DateTime,
  "system": BasicSystem,
  "timePeriods": [TimePeriodInDay],
  "version": 987
}

RuleServiceTraffic

Network service objects definition for rule service field

Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - ServicePredefinedValue Predefined value to define Any service
typeDisplay - String RuleServiceTraffic will always be of type "Service"
values - [ServiceObject!] List of device network services objects

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": ServicePredefinedValue,
  "typeDisplay": "abc123",
  "values": [ServiceObject]
}

RuleTimeTraffic

Schedules definition for rule

Field Name Description
predefinedValue - SchedulePredefinedValue Predefined value for schedule of type Any
typeDisplay - String RuleTimeTraffic will always be of type "Time"
values - [RuleSchedule!] List of schedules

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "predefinedValue": SchedulePredefinedValue,
  "typeDisplay": "abc123",
  "values": [RuleSchedule]
}

RuleTrackLevel

Rule logging track level

Enum Value Description

ACCOUNT

Update the log at given intervals

ALERT

Generate a log of type Alert and run a command

ALERTS

Generate a log if immediate action is required

CRITICAL

Generate a log if functionality is affected

DEBUGGING

Generate a log for debugging

DEFAULT

Default logging track level

DISABLED

Logging is disabled

EMERGENCIES

Generate a log if system becomes unstable.

ERRORS

Generate a log if there is an error condition exists and functionality could be affected

INFORMATIONAL

Generate a log with general information about system operations

MAIL

Generate a log of type Alert and send an email to the administrator

NOTIFICATIONS

Generate a log with information about normal events

RTL_LOG

This is the default Track option

RTL_NONE

Do not generate a log

SNMP

Generate a log of type Alert and send an SNMP alert

USER_DEFINED

Generate a log of type Alert and send customized alerts

WARNINGS

Generate a log if functionality could be affected

RuleTrafficViolationData

The RuleTrafficViolationData entity holds data of the traffic values that are being violated by the rule

Field Name Description
trafficRestriction - TrafficUspRestriction The TrafficUspRestriction value that was violated by this rule
violatedApplicationPredefinedValue - ApplicationPredefinedValue The ApplicationPredefinedValue that was violated by the rule
violatedServicePredefinedValue - ServicePredefinedValue The ServicePredefinedValue that was violated by the rule
violatingApplications - [Application!] A list of every Application that was violated by the rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

violatingServices - [Service!] A list of every Service that was violated by this rule

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "trafficRestriction": TrafficUspRestriction,
  "violatedApplicationPredefinedValue": ApplicationPredefinedValue,
  "violatedServicePredefinedValue": ServicePredefinedValue,
  "violatingApplications": [Application],
  "violatingServices": [Service]
}

RuleUrlCategory

URLs category with optional predefined value

Field Name Description
predefinedValue - UrlCategoryPredefinedValue Predefined value for URL categories of type Any
typeDisplay - String RuleUrlCategory will always be of type "URL category"
values - [UrlCategory!] List of URLs categories

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "predefinedValue": UrlCategoryPredefinedValue,
  "typeDisplay": "xyz789",
  "values": [UrlCategory]
}

RuleUsageStatus

Status of last hit check

Enum Value Description

RULE_LAST_HIT_ERROR

Last hit information has not been received for 3 days

RULE_LAST_HIT_READY

Last hit information is up-to-date

RuleUserData

Additional information such as a description that can be customized

Field Name Description
automationAttribute - AutomationAttribute Rule type (regular or stealth)
certification - Certification Rule recertification is used to document and verify the need for a rule, often for standards compliance and auditing.
ruleDescription - String Rule description.
saApplications - [SaApplication!] List of SecureApp applications, associated to this rule.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

securechangeTicketInProgressId - String SecureChange ticket in progress
technicalOwner - User Owner for the rule
technicalOwnerName - String
tickets - [Ticket!] List of tickets, opened for this rule.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "automationAttribute": AutomationAttribute,
  "certification": Certification,
  "ruleDescription": "abc123",
  "saApplications": [SaApplication],
  "securechangeTicketInProgressId": "xyz789",
  "technicalOwner": User,
  "technicalOwnerName": "abc123",
  "tickets": [Ticket]
}

RuleUserDataMutation

Use this entity to update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rules.

Field Name Description
createTicket - CreateTicketResult! Create a ticket for a rule.

Arguments

deleteTickets - DeleteTicketsResult! Delete tickets.

Arguments

updateRuleAutomationAttribute - UpdateRuleAutomationAttributeResult! Update an automation attribute for a rule.
updateRuleDescription - UpdateRuleDescriptionResult! Update description for a rule.

Arguments

updateRuleTechnicalOwner - UpdateRuleTechnicalOwnerResult! Update a technical owner for a rule.

Arguments

updateTicket - UpdateTicketResult! Update a ticket.

Arguments

Example
{
  "createTicket": CreateTicketResult,
  "deleteTickets": DeleteTicketsResult,
  "updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
  "updateRuleDescription": UpdateRuleDescriptionResult,
  "updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
  "updateTicket": UpdateTicketResult
}

RuleUserTraffic

Network users objects definition for rule user field

Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - UserPredefinedValue Predefined values to define well known user behavior
typeDisplay - String RuleUserTraffic will always be of type "User"
values - [RuleUserValue!] List of device network users objects

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "negated": false,
  "predefinedValue": UserPredefinedValue,
  "typeDisplay": "abc123",
  "values": [RuleUserValue]
}

RuleUserValue

RuleViolatedProperty

The RuleViolatedProperty entity holds data of the property values that are being violated by the rule

Field Name Description
propertyRestriction - PropertyUspRestriction The PropertyUspRestriction that was violated by this rule
scalarValue - String A numeric value related to the violated property
Example
{
  "propertyRestriction": PropertyUspRestriction,
  "scalarValue": "abc123"
}

RuleViolation

Contains data about Rule Violations. Violations can be filtered by rule, USP, source zone, destination zone, and type (flow, property or traffic).

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
exceptions - [BasicUspExceptionInfo!]

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

flowsViolationData - RuleFlowsViolationData The RuleFlowsViolationData of the rule violation
fromZoneMatchingObjects - [NetworkObject!] A list of every NetworkObject in the source zone

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

id - ID! The internal unique identifier for this entity
matchingDestinationPredefinedValue - NetworkPredefinedValue The network type of the destination zones as identified in the zoneToZoneMatcher entity
matchingSourcePredefinedValue - NetworkPredefinedValue The network type of the source zones as identified in the zoneToZoneMatcher entity
name - String This property is not supported
negatedMatchingDestination - Boolean negatedMatchingDestination will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule destination with a negated value. The toZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation.
negatedMatchingSource - Boolean negatedMatchingSource will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule source with a negated value. The fromZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation.
propertyViolationData - RuleViolatedProperty A list of every RuleViolatedProperty that was violated by this rule
requirement - UspRequirement A set of conditions that apply to a single pair of SecureTrack network zones relation (from-to) that will be enforced by the USP
ruleViolationSeverity - ViolationSeverity The ViolationSeverity assigned to this violation by the USP
timeCreated - DateTime The date and time that this violation first occurred
toZoneMatchingObjects - [NetworkObject!] A list of every NetworkObject in the destination zone

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

trafficViolationData - RuleTrafficViolationData The RuleTrafficViolationData of the rule violation
usp - BasicUspInfo The ID of the USP that is violated by this rule
violationOrigin - [ViolationOrigin!] This contains a list of every Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on and list of every SecurityPolicy that the rule evaluates

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

zoneToZoneMatcher - ZoneToZoneUspRequirementMatcher The ZoneToZoneUspRequirementMatcher entity that identifies the source and destination zones violated by this rule
Example
{
  "changed": DateTime,
  "exceptions": [BasicUspExceptionInfo],
  "flowsViolationData": RuleFlowsViolationData,
  "fromZoneMatchingObjects": [NetworkObject],
  "id": ID,
  "matchingDestinationPredefinedValue": NetworkPredefinedValue,
  "matchingSourcePredefinedValue": NetworkPredefinedValue,
  "name": "xyz789",
  "negatedMatchingDestination": false,
  "negatedMatchingSource": false,
  "propertyViolationData": RuleViolatedProperty,
  "requirement": UspRequirement,
  "ruleViolationSeverity": ViolationSeverity,
  "timeCreated": DateTime,
  "toZoneMatchingObjects": [NetworkObject],
  "trafficViolationData": RuleTrafficViolationData,
  "usp": BasicUspInfo,
  "violationOrigin": [ViolationOrigin],
  "zoneToZoneMatcher": ZoneToZoneUspRequirementMatcher
}

RuleVpnTraffic

VPN communities definition for rule vpn field

Field Name Description
predefinedValue - VpnPredefinedValue Value for VPN entity of type Any
typeDisplay - String RuleVpnTraffic will always be of type "VPN"
values - [VpnCommunity!] List of VPN communities

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "predefinedValue": VpnPredefinedValue,
  "typeDisplay": "abc123",
  "values": [VpnCommunity]
}

RuleZoneTraffic

Network zones definition for rule sourceZone and destZone fields

Field Name Description
predefinedValue - ZonePredefinedValue Any zone
typeDisplay - String Rule zone traffic direction in rule (Source, Destination)
values - [Zone!] List of network zones

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "predefinedValue": ZonePredefinedValue,
  "typeDisplay": "abc123",
  "values": [Zone]
}

SaApplication

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
owner - String
Example
{
  "changed": DateTime,
  "id": ID,
  "name": "abc123",
  "owner": "abc123"
}

SchedulePredefinedValue

Predefined values for schedule of type Any

Enum Value Description

ANY_SCHEDULE

Any schedule

SecurityPolicy

Set of rules which define whether the traffic should be allowed access

Field Name Description
changed - DateTime The most recent time that this entity was directly modified Permission requires
comment - String A text comment associated with this entity Permission requires
defaultAction - RuleActionType Default rule action (Allow, Deny, or Goto) Permission requires
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
installedOnTarget - SecurityPolicyInstallationTargets Firewalls where this security policy has been installed Permission requires
interZoneAction - RuleActionType Rule action (Allow, Deny, or Goto) for external network zones Permission requires
intraZoneAction - RuleActionType Rule action (Allow, Deny, or Goto) for internal network zones Permission requires
ipType - IpType The type of IP address (for example IPv4 or IPv6) that this security policy uses
name - String The name of the entity
policyTags - [String!] List of tags Permission requires
system - BasicSystem The system (root device) that this entity belongs to Permission requires
type - SecurityPolicyType! The type of the security policy
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "defaultAction": RuleActionType,
  "device": BasicDevice,
  "id": ID,
  "installedOnTarget": SecurityPolicyInstallationTargets,
  "interZoneAction": RuleActionType,
  "intraZoneAction": RuleActionType,
  "ipType": IpType,
  "name": "abc123",
  "policyTags": ["abc123"],
  "system": BasicSystem,
  "type": SecurityPolicyType,
  "version": 123
}

SecurityPolicyInstallationTargets

Firewalls and interfaces that use security policy.

Field Name Description
fwModules - [BasicDevice!] Firewalls that use security policy.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{"fwModules": [BasicDevice]}

SecurityPolicyType

The type of the security policy, the policy type may be based on the device vendor

Enum Value Description

ACL

Access Control List that rules are placed in. For example CISCO firewalls.

DEVICE_GROUP

The device group container that rules are placed in. For example, all Panorama firewalls could be placed in a group.

INLINE_LAYER

POLICY

Generic container for rules

SECURITY_GROUP

The Security Group that rules are placed in. For example Amazon public cloud.

SecurityProfile

Security profile

Field Name Description
category - String Category of this profile
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "category": "xyz789",
  "changed": DateTime,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

SecurityProfileValue

Union Types

Group

SecurityProfile

SecurityZone

Security zone.

Field Name Description
appliedToAnyDomain - Boolean If true, the security zone belongs to the 'All Domains' context. Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
domain - Domain The domain on which this security zone is configured.
id - ID! The internal unique identifier for this entity.
name - String Name of security zone.
sharedInDomains - [Domain!] If the zone is shared and is exported to other domains, the list contains other domains that imported this zone. Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "appliedToAnyDomain": false,
  "changed": DateTime,
  "domain": Domain,
  "id": ID,
  "name": "xyz789",
  "sharedInDomains": [Domain]
}

SecurityZoneQuery

Query for SecurityZone objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of SecurityZone objects matching the specified filter.
values - [SecurityZone!]! A list of SecurityZone objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "count": Long,
  "values": [SecurityZone]
}

ServiceAndApplicationConditionInput

Condition on services or applications.

Input Field Description
applications - [ApplicationString!]

List of predefined applications names.

services - [ServiceExpressionString!]

List of services expressions.

Example
{
  "applications": [ApplicationString],
  "services": [ServiceExpressionString]
}

ServiceExpressionString

A service expression. Can be either one of the known predefined services, or in a protocol format (TCP, UDP, Other, or ICMP).

Valid protocol input patterns:

  • TCP
  • TCP [port_number] (valid ports 0-65535)
  • TCP [min_port]-[max_port] (valid ports 0-65535 where max_port must be greater or equal to min_port)
  • Input as a String literal

Examples: "TCP","TCP 20", "TCP 30-40".

Example
object

ServiceObject

Device network service object

Union Types

Group

IcmpService

IpService

OtherService

TransportService

ServicePredefinedValue

Predefined values to define Any service.

Enum Value Description

ANY_IPV4_SERVICE

Any service to use with IPv4 sources.

ANY_IPV6_SERVICE

Any service to use with IPv6 sources.

ANY_SERVICE

Any service to use either with IPv4 or IPv6 sources.

APPLICATION_DEFAULT_SERVICE

Default service point for the network application.

ServicesAndApplicationsCondition

Condition on RuleViolations' services and applications - list of services expressions and applications names. The condition is satisfied if either services or applications intersect with RuleViolation's services or applications.

Field Name Description
applicationNames - [String!] List of predefined application names.
servicesExpressions - [String!] List of services expressions.
Example
{"applicationNames": ["xyz789"], "servicesExpressions": ["abc123"]}

SessionUser

The entity containing the details of the current principle user in session

Field Name Description
email - String User account details - the user's email address
firstName - String User account details - first name
id - String The unique immutable user identifier
lastName - String User account details - last name
permissions - [Permission] The set of system functions grants (by name) that are granted to the user
username - String The unique name of the user (used for login)
Example
{
  "email": "xyz789",
  "firstName": "xyz789",
  "id": "xyz789",
  "lastName": "xyz789",
  "permissions": [Permission],
  "username": "xyz789"
}

ShadowedStatus

This shows whether firewall could use the rule or there is upper rule that do the same.

Enum Value Description

FULLY_SHADOWED

Firewall does not use the rule because there is upper rule that do the same.

NOT_SHADOWED

Firewall uses the rule.

PARTIAL_SHADOWED

There are parts of rule that are already covered by upper rules.

StepStatus

The status of a specific version-related calculation.

Field Name Description
errorMessage - String The error message that was returned from the calculation process in case of failure.
name - String The name of the calculation.
status - ProgressStatus The status of the calculation.
updated - DateTime The last time the calculation step was updated.
Example
{
  "errorMessage": "abc123",
  "name": "abc123",
  "status": ProgressStatus,
  "updated": DateTime
}

String

The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.

Subnet

Logical subdivision of an IP network.

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
cidr - Int Specifies bit-length of the prefix in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix.
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipType - IpType The IP address this network has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
name - String The name of the entity
netmask - String Define the class and range of Internet Protocol (IP) addresses. It will either take the form of an IPv4 or IPv6.
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "cidr": 987,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": ID,
  "ip": "abc123",
  "ipType": IpType,
  "name": "xyz789",
  "netmask": "abc123",
  "system": BasicSystem,
  "version": 123
}

SupportingIP

Network element supports IP definition.

Field Name Description
ipType - IpType The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
Example
{"ipType": IpType}

System

Root device that manages the dependent devices

Field Name Description
changed - DateTime The most recent time that this entity was directly modified Permission requires
deleted - Boolean Permission requires
id - ID! The internal unique identifier for this entity
ipAddress - String IP address of the root device Permission requires
model - ModelName Model of this device
modelDisplayName - String Model name of this device
monitoredByOPMAgent - Boolean True indicates that the system monitored by OPM agent
name - String The name of the entity
opmAgentId - String Open policy management (OPM) agent ID Permission requires
systemFields - [SystemFieldValue!] System specific text fields Permission requires

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

vendor - VendorName Vendor type of this device
Example
{
  "changed": DateTime,
  "deleted": false,
  "id": ID,
  "ipAddress": "xyz789",
  "model": ModelName,
  "modelDisplayName": "abc123",
  "monitoredByOPMAgent": true,
  "name": "abc123",
  "opmAgentId": "abc123",
  "systemFields": [SystemFieldValue],
  "vendor": VendorName
}

SystemField

Field Name Description
fieldType - SystemFieldType Field type
mandatory - Boolean True indicates that the System Field is required
name - String Field name
Example
{
  "fieldType": SystemFieldType,
  "mandatory": true,
  "name": "abc123"
}

SystemFieldInput

System field type definition

Input Field Description
fieldType - SystemFieldType!

Field type

mandatory - Boolean!

True indicates that the System Field Value is required

name - Name!

Field name

Example
{
  "fieldType": SystemFieldType,
  "mandatory": false,
  "name": Name
}

SystemFieldType

Enum Value Description

SECRET

Text that will be encrypted by the application, and will be displayed as "Null" in the query results

STRING

Non-encrypted text

SystemFieldValue

System field definition

Field Name Description
fieldType - SystemFieldType Field type
mandatory - Boolean True indicates that the System Field Value is required
name - String Field name
value - String Text value
Example
{
  "fieldType": SystemFieldType,
  "mandatory": false,
  "name": "abc123",
  "value": "abc123"
}

SystemFieldValueInput

System field definition

Input Field Description
field - SystemFieldInput!

Field type

value - FreeText!

Text value

Example
{
  "field": SystemFieldInput,
  "value": FreeText
}

SystemMutation

Field Name Description
createSystem - CreateSystemResult! Create system

Arguments

deleteSystem - DeleteSystemResult! Delete system

Arguments

updateSystem - UpdateSystemResult! Update system

Arguments

Example
{
  "createSystem": CreateSystemResult,
  "deleteSystem": DeleteSystemResult,
  "updateSystem": UpdateSystemResult
}

SystemProperties

Field Name Description
modelDisplayName - String Device model name
systemFields - [SystemField!] System specific text fields

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{
  "modelDisplayName": "abc123",
  "systemFields": [SystemField]
}

SystemQuery

Query for System objects. These objects can be filtered with a TQL query.

Field Name Description
count - Long! The total count of System objects matching the specified filter.
values - [System!]! A list of System objects matching the specified filter.

Arguments

first - Int default = 100

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long default = 0

Offset results for paging.

Example
{"count": Long, "values": [System]}

TQLSearchType

Enum Value Description

RULE

Ticket

Field Name Description
automatic - Boolean
businessOwner - String The owner of the ticket
changed - DateTime The most recent time that this entity was directly modified
comment - String
email - String Contact email
externalUrl - String
id - ID! The internal unique identifier for this entity
name - String The name of the entity
originTicketId - String Ticket identifier
secureChangeTicket - Boolean If true, it is a ticket originated by SecureChange
timeCreation - DateTime
timeExpiration - DateTime Ticket expiration date
Example
{
  "automatic": false,
  "businessOwner": "xyz789",
  "changed": DateTime,
  "comment": "abc123",
  "email": "xyz789",
  "externalUrl": "abc123",
  "id": ID,
  "name": "abc123",
  "originTicketId": "xyz789",
  "secureChangeTicket": false,
  "timeCreation": DateTime,
  "timeExpiration": DateTime
}

TimePeriodInDay

Time definition

Field Name Description
endHour - Int End hour
endMinute - Int End minute
startHour - Int Start hour
startMinute - Int Start minute
Example
{"endHour": 123, "endMinute": 123, "startHour": 987, "startMinute": 123}

TimedCount

A single pair (timestamp and count) in the trend query.

Field Name Description
count - Long! The returned count value in the trend query.
timestamp - Date! The returned timestamp value in the trend query.
Example
{"count": Long, "timestamp": "2021-10-11T18:10:26.484Z"}

TrafficUspRestriction

A condition that defines the allowed traffic from one SecureTrack network zone to another.

Field Name Description
applicationNames - [String!] List of predefined applications names.
restrictionType - RestrictionType Traffic USP restriction will always be of type "Traffic".
servicesExpressions - [String!]

List of either predefined services names or custom services defined by protocol and port ("TCP 10-20" or "UDP 80" for example). The supported protocols are:

  • TCP
  • UDP
  • ICMP
  • Other - All protocols that are not TCP, UDP and ICMP are regarded as Other.
trafficUspRestrictionType - TrafficUspRestrictionType The traffic restriction type (Allow only, Block only, Allow all, Block all).
Example
{
  "applicationNames": ["xyz789"],
  "restrictionType": RestrictionType,
  "servicesExpressions": ["xyz789"],
  "trafficUspRestrictionType": TrafficUspRestrictionType
}

TrafficUspRestrictionInput

Traffic USP restriction (TrafficUspRestriction).

Input Field Description
applicationNames - [ApplicationString!]

Application names.

servicesExpressions - [ServiceExpressionString!]

Services expressions.

type - TrafficUspRestrictionType!

Traffic USP restriction type (TrafficUspRestrictionType).

Example
{
  "applicationNames": [ApplicationString],
  "servicesExpressions": [ServiceExpressionString],
  "type": TrafficUspRestrictionType
}

TrafficUspRestrictionType

Enumeration of valid traffic restriction types.

Enum Value Description

ALLOW_ALL

All traffic is allowed.

ALLOW_ONLY

Traffic is permitted only for the provided services or applications.

BLOCK_ALL

No traffic is allowed.

BLOCK_ONLY

Traffic is prohibited only for the provided services or applications.

TransportService

Service definition

Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
maxPort - Int The last service port number in range, including
minPort - Int The first service port number in range, including
name - String The name of the entity
negated - Boolean Rule will use all service ports, except specified in minPort and maxPort in case this value is true
protocol - TransportServiceProtocol Service protocol name. For example: FTP
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": DateTime,
  "comment": "abc123",
  "device": BasicDevice,
  "id": ID,
  "maxPort": 987,
  "minPort": 987,
  "name": "abc123",
  "negated": true,
  "protocol": TransportServiceProtocol,
  "system": BasicSystem,
  "version": 987
}

TransportServiceProtocol

Division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model.

Enum Value Description

SCTP

Stream Control Transmission Protocol (SCTP).

TCP

Transmission Control Protocol (TCP).

UDP

User Datagram Protocol (UDP).

TrendQueryInput

The TrendQueryInput displays information from the metric ID parameter, over time.

Input Field Description
appliedToAnyDomain - Boolean!

If true, the metric will be collected from all the system domains. If false, the metric will be collected only from specified domains.

domain - IdString

The domain ID associated with the query.

metricId - FreeText!

The parameter that will be displayed in the trend query for the defined time span. Should be one of: disabled_rules, unused_rules, fully_shadowed_rules, rules_violation_highest_severity_low, rules_violation_highest_severity_medium, rules_violation_highest_severity_high, rules_violation_highest_severity_critical

timeSpan - Int!

The number of days included in the trend query, counted from the day before the current day.

Example
{
  "appliedToAnyDomain": true,
  "domain": IdString,
  "metricId": FreeText,
  "timeSpan": 987
}

TrendResult

Returns the query status, and the set of values collected for the metric over the time span defined.

Field Name Description
resultStatus - ResultStatus! Status of the trend request.
timedCounts - [TimedCount!]! The complete result of the trend query, presented as a list of dates and values.
Example
{
  "resultStatus": ResultStatus,
  "timedCounts": [TimedCount]
}

URL

URL entity

Example
object

UpdateDeviceInclusionInCalculationInput

Updates whether the device is included in the violation calculation

Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the device will be included in the violation calculations for All Domains. False indicates that the violation calculations will only apply to the specified domain.

deviceId - IdString!

The Device ID

domain - IdString

The ID of the domain that the violation calculation is applied to. Note: If appliedToAnyDomain is set to True this value is ignored.

include - Boolean!

Indicates whether the device is included or excluded from violation calculation

Example
{
  "appliedToAnyDomain": true,
  "deviceId": IdString,
  "domain": IdString,
  "include": false
}

UpdateDeviceInclusionInCalculationResult

Returns the status result when updating whether the device is included in the violation calculation

Field Name Description
resultStatus - ResultStatus! Status of request to update whether the device is included in the violation calculation
Example
{"resultStatus": ResultStatus}

UpdateProtectionModeInput

Updates the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface.

Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the protection mode of the device will be updated for All Domains. False indicates that the protection mode will be updated only for the specified domain.

deviceId - IdString!

The Device ID

domain - IdString

The ID of the domain that the protection mode will be updated for. Note: If appliedToAnyDomain is set to True this value is ignored.

protectionMode - ProtectionMode!

The ZoneProtectionMode value

Example
{
  "appliedToAnyDomain": true,
  "deviceId": IdString,
  "domain": IdString,
  "protectionMode": ProtectionMode
}

UpdateProtectionModeResult

Returns the status result when updating the protection mode of a Device to the type of SecureTrack network zones that will be used in the violation calculation

Field Name Description
resultStatus - ResultStatus! Status of request to update the protection mode of Device to the type of SecureTrack network zones that will be used in the violation calculation
Example
{"resultStatus": ResultStatus}

UpdateRuleAutomationAttributeInput

Update the automation attribute for a rule.

Input Field Description
automationAttribute - AutomationAttribute

Automation attribute to update.

ids - [IdString!]!

List of affected rule IDs.

Example
{
  "automationAttribute": AutomationAttribute,
  "ids": [IdString]
}

UpdateRuleAutomationAttributeResult

Returns the status results when updating automation attribute for a rule.

Field Name Description
ids - [ID!]! IDs of the updated rules.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

UpdateRuleDescriptionInput

Update description for a rule.

Input Field Description
description - FreeText

Description to update.

ids - [IdString!]!

List of affected rule IDs.

Example
{
  "description": FreeText,
  "ids": [IdString]
}

UpdateRuleDescriptionResult

Returns the status results when updating the description for a rule.

Field Name Description
ids - [ID!] IDs of updated rules.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

UpdateRuleTechnicalOwnerInput

Update the technical owner for a rule.

Input Field Description
ids - [IdString!]!

List of affected rule IDs.

technicalOwnerId - IdString

The ID of the technical owner to update.

Example
{
  "ids": [IdString],
  "technicalOwnerId": IdString
}

UpdateRuleTechnicalOwnerResult

Returns the status results when updating the technical owner for a rule.

Field Name Description
ids - [ID!]! IDs of updated rules.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "ids": [ID],
  "resultStatus": ResultStatus
}

UpdateSystemInput

Input Field Description
appliedToAnyDomain - Boolean

This property is not currently supported

domain - IdString

This property is not currently supported

id - IdString!

Systems ID to update

ipAddress - IpAddressString

IP address of the root device

name - Name!

System name

properties - [SystemFieldValueInput!]

System properties

Example
{
  "appliedToAnyDomain": true,
  "domain": IdString,
  "id": IdString,
  "ipAddress": IpAddressString,
  "name": Name,
  "properties": [SystemFieldValueInput]
}

UpdateSystemResult

Field Name Description
id - ID Application internal ID of updated system
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

UpdateTicketInput

Update a ticket for a rule.

Input Field Description
businessOwner - FreeText

Business owner name for a rule.

comment - FreeText

Comment for a ticket.

email - EmailAddress

Business owner Email address for a rule.

expirationDate - DateTime

Expiration date for a ticket.

externalUrl - URL

External URL for a ticket.

id - IdString!

ID of the ticket to update.

originTicketId - FreeText!

ID information of the ticket to update.

secureChangeTicket - Boolean
Example
{
  "businessOwner": FreeText,
  "comment": FreeText,
  "email": EmailAddress,
  "expirationDate": DateTime,
  "externalUrl": URL,
  "id": IdString,
  "originTicketId": FreeText,
  "secureChangeTicket": true
}

UpdateTicketResult

Returns the status results when updating a ticket for a rule.

Field Name Description
id - ID ID of the updated ticket.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

UpdateUserTQLSearchInput

Update a TQL query

Input Field Description
description - FreeText

Description of the query

id - IdString!

Unique identifier of the query

name - Name!

Name of the query

public - Boolean!

If true, the query is public

query - String!

TQL expression saved as part of the query

Example
{
  "description": FreeText,
  "id": IdString,
  "name": Name,
  "public": true,
  "query": "abc123"
}

UpdateUserTQLSearchResult

Returns the status results when updating a TQL query

Field Name Description
id - ID Unique identifier of the updated query
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

UpdateUspAlertConfigInput

Update a USP alert.

Input Field Description
allDevices - Boolean!

If set to True, the devicesIds field is ignored and this alert applies to all devices.

allUsps - Boolean!

If set to True, the uspId field is ignored and this alert applies to all USPs.

description - FreeText

Alert description.

devicesIds - [IdString!]

This alert applies only for the specified devices. Add a list Device IDs.

disabled - Boolean!

Set to true to disable this alert.

externalRecipientsEmails - [EmailAddress!]

Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users.

id - IdString!

ID of the alert you want to update.

name - Name!

Alert name.

recipientsIds - [IdString!]

Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user.

severities - [ViolationSeverity!]!

This alert is sent for violations of all the selected severities.

syslogEnabled - Boolean!

Set to True if syslog the alert should also be sent via syslog.

uspId - IdString

This alert applies only to the specified USP. Add a single USP ID only.

Example
{
  "allDevices": true,
  "allUsps": true,
  "description": FreeText,
  "devicesIds": [IdString],
  "disabled": true,
  "externalRecipientsEmails": [EmailAddress],
  "id": IdString,
  "name": Name,
  "recipientsIds": [IdString],
  "severities": [ViolationSeverity],
  "syslogEnabled": true,
  "uspId": IdString
}

UpdateUspAlertConfigResult

Returns the status results when updating a new USP alert.

Field Name Description
id - ID ID of the updated alert.
resultStatus - ResultStatus! Status of request to update a USP alert.
Example
{
  "id": ID,
  "resultStatus": ResultStatus
}

UpdateUspInput

Updates an existing USP.

Input Field Description
description - FreeText

USP description.

id - IdString!

USP ID.

name - Name!

USP name.

securityZonesIds - [IdString!]!

The USP updated SecureTrack network zones IDs. Zones that are in this list this does not exist in the USP will be added. Zones that are not in this list and appear in the USP will be deleted. Zones that are in this list and appear in the USP will remain.

Example
{
  "description": FreeText,
  "id": IdString,
  "name": Name,
  "securityZonesIds": [IdString]
}

UpdateUspRequirementInput

Updates a USP requirement.

Input Field Description
description - FreeText

Requirement description.

destSecurityZoneId - IdString!

Requirement's destination SecureTrack network zone (to zone).

restrictions - UspRestrictionsInput!

Requirement restriction.

severity - ViolationSeverity!

Requirement severity.

srcSecurityZoneId - IdString!

Requirement's source SecureTrack network zone (from zone).

uspId - IdString!

USP ID.

Example
{
  "description": FreeText,
  "destSecurityZoneId": IdString,
  "restrictions": UspRestrictionsInput,
  "severity": ViolationSeverity,
  "srcSecurityZoneId": IdString,
  "uspId": IdString
}

UpdateUspRequirementResult

Returns the status results when updating a USP requirement.

Field Name Description
resultStatus - ResultStatus! Status of request to updating a