SecureTrack Aurora GraphQL API Documentation R23-1-PHF2

Below you can find examples and references for our GraphQL schema

- Link to SecureTrack REST API Documentation
- Link to SecureTrack GraphQL Overview

Queries

auth

Description

Query over all 'auth' related information in session

Response

Returns an AuthQuery

Example

Query
query auth {
  auth {
    sessionUser {
      ...SessionUserFragment
    }
  }
}
Response
{"data": {"auth": {"sessionUser": SessionUser}}}

devices

Description

Query over Device objects.

Response

Returns a DeviceQuery

Arguments
Name Description
filter - String TQL query to filter for matching Device entities. Please refer to the TQL documentation. Default = ""

Example

Query
query devices($filter: String) {
  devices(filter: $filter) {
    count
    values {
      ...DeviceFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"devices": {"count": {}, "values": [Device]}}}

devicesStatus

Description

Query over DeviceStatus objects.

Response

Returns a DeviceStatusQuery

Arguments
Name Description
filter - String TQL query to filter for matching DeviceStatus entities. Please refer to the TQL documentation. Default = ""

Example

Query
query devicesStatus($filter: String) {
  devicesStatus(filter: $filter) {
    count
    values {
      ...DeviceStatusFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "devicesStatus": {
      "count": {},
      "values": [DeviceStatus]
    }
  }
}

domains

Description

Query over Domain objects.

Response

Returns a DomainQuery

Arguments
Name Description
filter - String TQL query to filter for matching Domain entities. Please refer to the TQL documentation. Default = ""

Example

Query
query domains($filter: String) {
  domains(filter: $filter) {
    count
    values {
      ...DomainFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"domains": {"count": {}, "values": [Domain]}}}

getUsps

Response

Returns [Usp]

Example

Query
query getUsps {
  getUsps {
    appliedToAnyDomain
    changed
    description
    differentZonesDefaultRestrictions {
      ...UspRestrictionsFragment
    }
    domain {
      ...DomainFragment
    }
    id
    name
    requirements {
      ...UspRequirementFragment
    }
    sameZoneDefaultRestrictions {
      ...UspRestrictionsFragment
    }
    securityZones {
      ...SecurityZoneFragment
    }
  }
}
Response
{
  "data": {
    "getUsps": [
      {
        "appliedToAnyDomain": false,
        "changed": "2007-12-03T10:15:30Z",
        "description": "xyz789",
        "differentZonesDefaultRestrictions": UspRestrictions,
        "domain": Domain,
        "id": "4",
        "name": "xyz789",
        "requirements": [UspRequirement],
        "sameZoneDefaultRestrictions": UspRestrictions,
        "securityZones": [SecurityZone]
      }
    ]
  }
}

interfaces

Description

Query over Interface objects.

Response

Returns an InterfaceQuery

Arguments
Name Description
filter - String TQL query to filter for matching Interface entities. Please refer to the TQL documentation. Default = ""

Example

Query
query interfaces($filter: String) {
  interfaces(filter: $filter) {
    count
    values {
      ...InterfaceFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "interfaces": {"count": {}, "values": [Interface]}
  }
}

networkObjects

Description

Query over NetworkObject objects.

Response

Returns a NetworkObjectQuery

Arguments
Name Description
filter - String TQL query to filter for matching NetworkObject entities. Please refer to the TQL documentation. Default = ""

Example

Query
query networkObjects($filter: String) {
  networkObjects(filter: $filter) {
    count
    values {
      ... on AccessRole {
        ...AccessRoleFragment
      }
      ... on Fqdn {
        ...FqdnFragment
      }
      ... on Group {
        ...GroupFragment
      }
      ... on Host {
        ...HostFragment
      }
      ... on InternetService {
        ...InternetServiceFragment
      }
      ... on IpRange {
        ...IpRangeFragment
      }
      ... on LdapUser {
        ...LdapUserFragment
      }
      ... on LocalUser {
        ...LocalUserFragment
      }
      ... on Location {
        ...LocationFragment
      }
      ... on NIC {
        ...NICFragment
      }
      ... on OtherObject {
        ...OtherObjectFragment
      }
      ... on Subnet {
        ...SubnetFragment
      }
      ... on UrlCategory {
        ...UrlCategoryFragment
      }
      ... on VM {
        ...VMFragment
      }
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "networkObjects": {
      "count": {},
      "values": [AccessRole]
    }
  }
}

opmAgents

Description

Query over OPMAgent objects.

Response

Returns an OPMAgentQuery

Arguments
Name Description
filter - String TQL query to filter for matching OPMAgent entities. Please refer to the TQL documentation. Default = ""

Example

Query
query opmAgents($filter: String) {
  opmAgents(filter: $filter) {
    count
    values {
      ...OPMAgentFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "opmAgents": {"count": {}, "values": [OPMAgent]}
  }
}

rules

Description

Query over Rule objects.

Response

Returns a RuleQuery

Arguments
Name Description
filter - String TQL query to filter for matching Rule entities. Please refer to the TQL documentation. Default = ""

Example

Query
query rules($filter: String) {
  rules(filter: $filter) {
    count
    counts {
      ...CountsResultFragment
    }
    values {
      ...RuleFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "rules": {
      "count": {},
      "counts": [CountsResult],
      "values": [Rule]
    }
  }
}

securityZones

Description

Query over SecurityZone objects.

Response

Returns a SecurityZoneQuery

Arguments
Name Description
filter - String TQL query to filter for matching SecurityZone entities. Please refer to the TQL documentation. Default = ""

Example

Query
query securityZones($filter: String) {
  securityZones(filter: $filter) {
    count
    values {
      ...SecurityZoneFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "securityZones": {
      "count": {},
      "values": [SecurityZone]
    }
  }
}

systems

Description

Query over System objects.

Response

Returns a SystemQuery

Arguments
Name Description
filter - String TQL query to filter for matching System entities. Please refer to the TQL documentation. Default = ""

Example

Query
query systems($filter: String) {
  systems(filter: $filter) {
    count
    values {
      ...SystemFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"systems": {"count": {}, "values": [System]}}}

trend

Description

Query over trend.

Response

Returns a TrendResult!

Arguments
Name Description
input - TrendQueryInput!

Example

Query
query trend($input: TrendQueryInput!) {
  trend(input: $input) {
    resultStatus {
      ...ResultStatusFragment
    }
    timedCounts {
      ...TimedCountFragment
    }
  }
}
Variables
{"input": TrendQueryInput}
Response
{
  "data": {
    "trend": {
      "resultStatus": ResultStatus,
      "timedCounts": [TimedCount]
    }
  }
}

userTQLSearches

Description

Query over UserTQLSearch objects.

Response

Returns an UserTQLSearchQuery

Arguments
Name Description
filter - String TQL query to filter for matching UserTQLSearch entities. Please refer to the TQL documentation. Default = ""

Example

Query
query userTQLSearches($filter: String) {
  userTQLSearches(filter: $filter) {
    count
    values {
      ...UserTQLSearchFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "userTQLSearches": {
      "count": {},
      "values": [UserTQLSearch]
    }
  }
}

userWorkflows

Description

Query over UserWorkflow objects.

Response

Returns a UserWorkflowsQuery!

Example

Query
query userWorkflows {
  userWorkflows {
    resultStatus {
      ...ResultStatusFragment
    }
    values {
      ...UserWorkflowFragment
    }
  }
}
Response
{
  "data": {
    "userWorkflows": {
      "resultStatus": ResultStatus,
      "values": [UserWorkflow]
    }
  }
}

users

Description

Query over User objects.

Response

Returns a UserQuery

Arguments
Name Description
filter - String TQL query to filter for matching User entities. Please refer to the TQL documentation. Default = ""

Example

Query
query users($filter: String) {
  users(filter: $filter) {
    count
    values {
      ...UserFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"users": {"count": {}, "values": [User]}}}

uspAlertConfigs

Description

Query over UspAlertConfig objects.

Response

Returns an UspAlertConfigQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspAlertConfig entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspAlertConfigs($filter: String) {
  uspAlertConfigs(filter: $filter) {
    count
    values {
      ...UspAlertConfigFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspAlertConfigs": {
      "count": {},
      "values": [UspAlertConfig]
    }
  }
}

uspExceptions

Description

Query over UspException objects.

Response

Returns an UspExceptionQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspException entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspExceptions($filter: String) {
  uspExceptions(filter: $filter) {
    count
    values {
      ...UspExceptionFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspExceptions": {
      "count": {},
      "values": [UspException]
    }
  }
}

uspRequirements

Description

Query over UspRequirement objects.

Response

Returns an UspRequirementQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspRequirement entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspRequirements($filter: String) {
  uspRequirements(filter: $filter) {
    count
    values {
      ...UspRequirementFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspRequirements": {
      "count": {},
      "values": [UspRequirement]
    }
  }
}

uspRiskAnalysisTask

Description

Query over UspRiskAnalysisTask objects.

Response

Returns an UspRiskAnalysisTaskQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspRiskAnalysisTask entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspRiskAnalysisTask($filter: String) {
  uspRiskAnalysisTask(filter: $filter) {
    count
    values {
      ...UspRiskAnalysisTaskFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspRiskAnalysisTask": {
      "count": {},
      "values": [UspRiskAnalysisTask]
    }
  }
}

usps

Description

Query over Usp objects.

Response

Returns an UspQuery

Arguments
Name Description
filter - String TQL query to filter for matching Usp entities. Please refer to the TQL documentation. Default = ""

Example

Query
query usps($filter: String) {
  usps(filter: $filter) {
    count
    values {
      ...UspFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"usps": {"count": {}, "values": [Usp]}}}

zones

Response

Returns [Zone!]!

Example

Query
query zones {
  zones {
    changed
    comment
    device {
      ...BasicDeviceFragment
    }
    id
    name
    system {
      ...BasicSystemFragment
    }
    version
    zoneType
  }
}
Response
{
  "data": {
    "zones": [
      {
        "changed": "2007-12-03T10:15:30Z",
        "comment": "abc123",
        "device": BasicDevice,
        "id": "4",
        "name": "xyz789",
        "system": BasicSystem,
        "version": 987,
        "zoneType": "ZONE_LAYER2"
      }
    ]
  }
}

Mutations

riskAnalysis

Response

Returns a RiskAnalysisMutation!

Example

Query
mutation riskAnalysis {
  riskAnalysis {
    createUspRiskAnalysisTask {
      ...CreateUspRiskAnalysisTaskResultFragment
    }
  }
}
Response
{
  "data": {
    "riskAnalysis": {
      "createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
    }
  }
}

ruleOperations

Response

Returns a RuleOperationsMutation!

Example

Query
mutation ruleOperations {
  ruleOperations {
    createTicketDraft {
      ...CreateTicketDraftResultFragment
    }
  }
}
Response
{
  "data": {
    "ruleOperations": {
      "createTicketDraft": CreateTicketDraftResult
    }
  }
}

ruleUserData

Response

Returns a RuleUserDataMutation!

Example

Query
mutation ruleUserData {
  ruleUserData {
    createTicket {
      ...CreateTicketResultFragment
    }
    deleteTickets {
      ...DeleteTicketsResultFragment
    }
    updateRuleAutomationAttribute {
      ...UpdateRuleAutomationAttributeResultFragment
    }
    updateRuleDescription {
      ...UpdateRuleDescriptionResultFragment
    }
    updateRuleTechnicalOwner {
      ...UpdateRuleTechnicalOwnerResultFragment
    }
    updateTicket {
      ...UpdateTicketResultFragment
    }
  }
}
Response
{
  "data": {
    "ruleUserData": {
      "createTicket": CreateTicketResult,
      "deleteTickets": DeleteTicketsResult,
      "updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
      "updateRuleDescription": UpdateRuleDescriptionResult,
      "updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
      "updateTicket": UpdateTicketResult
    }
  }
}

system

Response

Returns a SystemMutation!

Example

Query
mutation system {
  system {
    createSystem {
      ...CreateSystemResultFragment
    }
    deleteSystem {
      ...DeleteSystemResultFragment
    }
    updateSystem {
      ...UpdateSystemResultFragment
    }
  }
}
Response
{
  "data": {
    "system": {
      "createSystem": CreateSystemResult,
      "deleteSystem": DeleteSystemResult,
      "updateSystem": UpdateSystemResult
    }
  }
}

userTQLSearch

Response

Returns an UserTQLSearchMutation!

Example

Query
mutation userTQLSearch {
  userTQLSearch {
    changeUserTQLSearchesOwner {
      ...ChangeUserTQLSearchesOwnerResultFragment
    }
    createUserTQLSearch {
      ...CreateUserTQLSearchResultFragment
    }
    deleteUserTQLSearch {
      ...DeleteUserTQLSearchResultFragment
    }
    updateUserTQLSearch {
      ...UpdateUserTQLSearchResultFragment
    }
  }
}
Response
{
  "data": {
    "userTQLSearch": {
      "changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
      "createUserTQLSearch": CreateUserTQLSearchResult,
      "deleteUserTQLSearch": DeleteUserTQLSearchResult,
      "updateUserTQLSearch": UpdateUserTQLSearchResult
    }
  }
}

usp

Response

Returns an UspMutation!

Example

Query
mutation usp {
  usp {
    addSecurityZonesToUsp {
      ...AddSecurityZonesToUspResultFragment
    }
    createPredefinedUsp {
      ...CreatePredefinedUspResultFragment
    }
    createUsp {
      ...CreateUspResultFragment
    }
    deleteUsp {
      ...DeleteUspResultFragment
    }
    removeSecurityZonesFromUsp {
      ...RemoveSecurityZonesFromUspResultFragment
    }
    updateUsp {
      ...UpdateUspResultFragment
    }
    updateUspRequirement {
      ...UpdateUspRequirementResultFragment
    }
  }
}
Response
{
  "data": {
    "usp": {
      "addSecurityZonesToUsp": AddSecurityZonesToUspResult,
      "createPredefinedUsp": CreatePredefinedUspResult,
      "createUsp": CreateUspResult,
      "deleteUsp": DeleteUspResult,
      "removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
      "updateUsp": UpdateUspResult,
      "updateUspRequirement": UpdateUspRequirementResult
    }
  }
}

uspAlertConfig

Response

Returns an AlertConfigMutation!

Example

Query
mutation uspAlertConfig {
  uspAlertConfig {
    createUspAlertConfig {
      ...CreateUspAlertConfigResultFragment
    }
    deleteAlertConfig {
      ...DeleteAlertConfigResultFragment
    }
    updateUspAlertConfig {
      ...UpdateUspAlertConfigResultFragment
    }
  }
}
Response
{
  "data": {
    "uspAlertConfig": {
      "createUspAlertConfig": CreateUspAlertConfigResult,
      "deleteAlertConfig": DeleteAlertConfigResult,
      "updateUspAlertConfig": UpdateUspAlertConfigResult
    }
  }
}

uspException

Response

Returns an UspExceptionMutation!

Example

Query
mutation uspException {
  uspException {
    addRulesToRuleException {
      ...AddRulesToRuleExceptionResultFragment
    }
    createUspRuleException {
      ...CreateUspRuleExceptionResultFragment
    }
    createUspTrafficException {
      ...CreateUspTrafficExceptionResultFragment
    }
    deleteUspExceptions {
      ...DeleteUspExceptionResultFragment
    }
    updateUspRuleException {
      ...UpdateUspRuleExceptionResultFragment
    }
    updateUspTrafficException {
      ...UpdateUspTrafficExceptionResultFragment
    }
  }
}
Response
{
  "data": {
    "uspException": {
      "addRulesToRuleException": AddRulesToRuleExceptionResult,
      "createUspRuleException": CreateUspRuleExceptionResult,
      "createUspTrafficException": CreateUspTrafficExceptionResult,
      "deleteUspExceptions": DeleteUspExceptionResult,
      "updateUspRuleException": UpdateUspRuleExceptionResult,
      "updateUspTrafficException": UpdateUspTrafficExceptionResult
    }
  }
}

zoneMapping

Response

Returns a ZoneMappingMutation!

Example

Query
mutation zoneMapping {
  zoneMapping {
    updateDeviceInclusionInCalculation {
      ...UpdateDeviceInclusionInCalculationResultFragment
    }
    updateMappings {
      ...ZoneManualMappingResultFragment
    }
    updateProtectionMode {
      ...UpdateProtectionModeResultFragment
    }
  }
}
Response
{
  "data": {
    "zoneMapping": {
      "updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
      "updateMappings": ZoneManualMappingResult,
      "updateProtectionMode": UpdateProtectionModeResult
    }
  }
}

Types

AccessRequestActionType

Description

The action of the access request. Equivalent to a security rule action.

Values
Enum Value Description

ALLOW

Allow all traffic.

DENY

Deny all traffic.
Example
"ALLOW"

AccessRequestApplicationInput

Fields
Input Field Description
name - String!
nonDefaultPorts - Boolean
services - [ServiceExpressionString!]
Example
{
  "name": "abc123",
  "nonDefaultPorts": false,
  "services": [ServiceExpressionString]
}

AccessRequestApplicationPredefinedValue

Values
Enum Value Description

ANY_APPLICATION

Example
"ANY_APPLICATION"

AccessRequestDomainInput

Fields
Input Field Description
id - IdString
runCalculationOnAppliedToAnyDomainUsps - Boolean!
Example
{
  "id": IdString,
  "runCalculationOnAppliedToAnyDomainUsps": true
}

AccessRequestError

Fields
Field Name Description
accessRequestId - String
errorType - ErrorType
message - String
Example
{
  "accessRequestId": "xyz789",
  "errorType": "CLASS_A_IN_TOPOLOGY",
  "message": "abc123"
}

AccessRequestInput

Description

Represents a traffic access request to be checked for violation of any of the configured USPs.

Fields
Input Field Description
actionType - AccessRequestActionType!

AccessRequestActionType of the access request.

applicationPredefinedValue - AccessRequestApplicationPredefinedValue

Predefined value of ApplicationPredefinedValue type for the access request applications. If this value is set, the list of applications should not be configured.

applications - [AccessRequestApplicationInput!]

List of AccessRequestApplication that represents the access request applications.

destinationDomain - AccessRequestDomainInput

The access request destination AccessRequestDomain.

destinationPredefinedValue - AccessRequestNetworkPredefinedValue

Predefined value of NetworkPredefinedValue type for the access request destination. If this value is set, the list of destinations should not be configured.

destinationZones - [IdString!]

List of SecureTrack zones that represent the access request destination zones.

destinations - [NetworkObjectTrafficInput!]

List of NetworkObjectTraffic that represents the access request destinations.

id - FreeText!
servicePredefinedValue - AccessRequestServicePredefinedValue

Predefined value of ServicePredefinedValue type for the access request services. If this value is set, the list of services should not be configured.

services - [ServiceExpressionString!]

List of ServiceTraffic that represents the access request services.

sourceDomain - AccessRequestDomainInput

The access request source AccessRequestDomain.

sourcePredefinedValue - AccessRequestNetworkPredefinedValue

Predefined value of NetworkPredefinedValue type for the access request source. If this value is set, the list of sources should not be configured.

sourceZones - [IdString!]

List of SecureTrack zones that represent the access request source zones.

sources - [NetworkObjectTrafficInput!]

List of NetworkObjectTraffic that represents the access request sources.

useTopology - Boolean

Use topology to determine access request domains if the source zone is not the destination zone of the access request.

Example
{
  "actionType": "ALLOW",
  "applicationPredefinedValue": "ANY_APPLICATION",
  "applications": [AccessRequestApplicationInput],
  "destinationDomain": AccessRequestDomainInput,
  "destinationPredefinedValue": "ANY",
  "destinationZones": [IdString],
  "destinations": [NetworkObjectTrafficInput],
  "id": FreeText,
  "servicePredefinedValue": "ANY_SERVICE",
  "services": [ServiceExpressionString],
  "sourceDomain": AccessRequestDomainInput,
  "sourcePredefinedValue": "ANY",
  "sourceZones": [IdString],
  "sources": [NetworkObjectTrafficInput],
  "useTopology": false
}

AccessRequestNetworkPredefinedValue

Values
Enum Value Description

ANY

ANY_IPV4

ANY_IPV6

Example
"ANY"

AccessRequestServicePredefinedValue

Values
Enum Value Description

ANY_SERVICE

Example
"ANY_SERVICE"

AccessRole

Description

Set of permitted objects

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
networks - [NetworkObject!] List of network objects this access role has right to see
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

networksPredefinedValue - NetworkPredefinedValue Could be any network, IPv4 only network or IPv6 only network
system - BasicSystem The system (root device) that this entity belongs to
users - [UserValue!] List of users this access role has been assigned for
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

usersPredefinedValue - UserPredefinedValue Predefined values to define well known user behavior
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "name": "abc123",
  "networks": [AccessRole],
  "networksPredefinedValue": "ANY_IPV4_NETWORK",
  "system": BasicSystem,
  "users": [Group],
  "usersPredefinedValue": "ALL_IDENTIFY",
  "version": 987
}

AddRulesToRuleExceptionInput

Fields
Input Field Description
id - IdString!
rulesIds - [IdString!]!
Example
{
  "id": IdString,
  "rulesIds": [IdString]
}

AddRulesToRuleExceptionResult

Fields
Field Name Description
id - ID
resultStatus - ResultStatus!
Example
{"id": 4, "resultStatus": ResultStatus}

AddSecurityZonesToUspInput

Description

Adding SecureTrack network zones to an existing USP.

Fields
Input Field Description
securityZonesIds - [IdString!]!

SecureTrack network zones IDs.

uspId - IdString!

USP ID.

Example
{
  "securityZonesIds": [IdString],
  "uspId": IdString
}

AddSecurityZonesToUspResult

Description

Returns the status results when adding SecureTrack network zones to an existing USP.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to add SecureTrack network zones to an existing USP.
Example
{"resultStatus": ResultStatus}

AlertConfigMutation

Description

The AlertConfigMutation entity lets you create, update or delete USP alerts. For a full list of configuration options see the createUspAlertConfig and updateUspAlertConfig entities.

Fields
Field Name Description
createUspAlertConfig - CreateUspAlertConfigResult! Create a USP alert.
Arguments
deleteAlertConfig - DeleteAlertConfigResult! Delete a USP alert.
Arguments
updateUspAlertConfig - UpdateUspAlertConfigResult! Update a USP alert.
Arguments
Example
{
  "createUspAlertConfig": CreateUspAlertConfigResult,
  "deleteAlertConfig": DeleteAlertConfigResult,
  "updateUspAlertConfig": UpdateUspAlertConfigResult
}

Application

Description

Network application.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
services - [Service!] TCP/IP services of the application.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "name": "xyz789",
  "services": [IcmpService],
  "system": BasicSystem,
  "version": 987
}

ApplicationPredefinedValue

Description

Predefined values to define Any application

Values
Enum Value Description

ANY_APPLICATION

Any application
Example
"ANY_APPLICATION"

ApplicationString

Description

An application string. Must be a predefined application. Input as a String literal, for example, 'Facebook'

Example
ApplicationString

ApplicationUsage

Description

Object which represents usage information of applications on the rule

Fields
Field Name Description
application - RuleApplicationValue The identity of an application
timeLastHit - DateTime Represents time when traffic was recorded for the application
Example
{
  "application": Application,
  "timeLastHit": "2007-12-03T10:15:30Z"
}

AppliedToObjectsPredefinedValue

Description

Predefined values for "AppliedToObjects"

Values
Enum Value Description

ANY

Any object

NONE

No object
Example
"ANY"

AuthQuery

Description

A container for authentication-related information (such as principles) from the current session context.

Fields
Field Name Description
sessionUser - SessionUser The current principle user in session.
Example
{"sessionUser": SessionUser}

AutomationAttribute

Description

Determines the way that Designer and Verifier will relate to the legacy rule that is being modified.

Values
Enum Value Description

LEGACY

Designer and Verifier will treat the specified legacy rule as a shadowed rule when making recommendations or verifying access.

STEALTH

Designer and Verifier will treat the specified rule as a stealth rule when making recommendations or verifying access.
Example
"LEGACY"

BasicDevice

Description

A dependent device. Each device is assigned to a unique System device.

Fields
Field Name Description
cannotHaveRules - Boolean True indicates that the device has no rules
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
deviceType - DeviceType Type of this device
displayName - String Name of this device
domain - Domain The domains of the device
id - ID! The internal unique identifier for this entity
model - ModelName Model of this device
name - String The name of the entity
parent - Device Device or system parent device
root - Boolean True indicates that this device is the topmost device in the hierarchy
system - BasicSystem The system (root device) that this entity belongs to
vendor - VendorName Vendor type of this device
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "cannotHaveRules": false,
  "comment": "abc123",
  "device": BasicDevice,
  "deviceType": "CLOUD_VIRTUAL_NETWORK",
  "displayName": "abc123",
  "domain": Domain,
  "id": 4,
  "model": "ASA",
  "name": "xyz789",
  "parent": Device,
  "root": true,
  "system": BasicSystem,
  "vendor": "AMAZON",
  "version": 987
}

BasicRuleUspExceptionInfo

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{
  "description": "xyz789",
  "id": 4,
  "name": "xyz789"
}

BasicSystem

Description

Root device that manages the dependent devices

Fields
Field Name Description
id - ID! The internal unique identifier for this entity
model - ModelName Model of this device
modelDisplayName - String Model name of this device
monitoredByOPMAgent - Boolean True indicates that the system monitored by OPM agent
name - String The name of the entity
vendor - VendorName Vendor type of this device
Example
{
  "id": 4,
  "model": "ASA",
  "modelDisplayName": "xyz789",
  "monitoredByOPMAgent": false,
  "name": "abc123",
  "vendor": "AMAZON"
}

BasicUspExceptionInfo

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{
  "description": "abc123",
  "id": 4,
  "name": "abc123"
}

BasicUspExceptionInfoForRiskAnalysis

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{
  "description": "abc123",
  "id": 4,
  "name": "abc123"
}

BasicUspInfo

Description

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Fields
Field Name Description
appliedToAnyDomain - Boolean
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP.
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
Example
{
  "appliedToAnyDomain": false,
  "description": "xyz789",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": 4,
  "name": "abc123",
  "sameZoneDefaultRestrictions": UspRestrictions
}

BasicUspInfoForRiskAnalysis

Description

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Fields
Field Name Description
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP.
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
Example
{
  "description": "xyz789",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": 4,
  "name": "xyz789",
  "sameZoneDefaultRestrictions": UspRestrictions
}

Boolean

Description

The Boolean scalar type represents true or false.

Example
true

Certification

Fields
Field Name Description
status - CertificationStatus The status of the rule (certified, decertified)
timeCertified - DateTime The date the rule certification expires, after which, it must be reviewed and recertified
timeExpiration - DateTime The date that the certification decision was implemented
Example
{
  "status": "CERTIFIED",
  "timeCertified": "2007-12-03T10:15:30Z",
  "timeExpiration": "2007-12-03T10:15:30Z"
}

CertificationStatus

Description

The status of the rule (certified/decertified)

Values
Enum Value Description

CERTIFIED

Rule status is certified (has a business justification)

DECERTIFIED

Rule status is not certified (does not have a business justification)
Example
"CERTIFIED"

ChangeUserTQLSearchesOwnerInput

Description

Change the owner of multiple TQL queries in bulk. Input can be either source owner, or a list of query IDs, but not both.

Fields
Input Field Description
ids - [IdString!]

IDs of the queries

sourceOwnerId - IdString

The current owner of the queries

targetOwnerId - IdString!

The future owner of the queries

Example
{
  "ids": [IdString],
  "sourceOwnerId": IdString,
  "targetOwnerId": IdString
}

ChangeUserTQLSearchesOwnerResult

Description

Returns the status results when changing the owner of multiple TQL queries

Fields
Field Name Description
ids - [ID!] IDs of the updated queries
resultStatus - ResultStatus! Result of the operation
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

CountsResult

Description

The number of entities matching a filter, grouped by selected fields.

Fields
Field Name Description
count - Long Number of entities returned for the group.
group - [String!] Parameters used to group the entity.
Example
{"count": {}, "group": ["xyz789"]}

CreateDraftInvalidRuleReason

Description

The possible reasons for rules to be invalid for creating a SecureChange ticket

Values
Enum Value Description

RULE_ALREADY_HAS_TICKET_IN_PROGRESS

The rule already has a ticket in progress

RULE_NOT_FOUND

The requested rule ID is not found

UNSET

Example
"RULE_ALREADY_HAS_TICKET_IN_PROGRESS"

CreatePredefinedUspInput

Description

Create a predefined USP from known regulation templates. The supported regulations are:

  • PCI
  • NERC CIPV5
  • ISO 27001
  • NIST 800-53
  • Tufin's Best Practices
  • Tufin's Advanced Best Practices
Fields
Input Field Description
appliedToAnyDomain - Boolean!
description - FreeText

USP description.

domain - IdString
name - Name!

USP name.

type - PredefinedUspType!

Regulation type.

zoneMappings - [ZoneMappingInput!]!

Mapping between the regulation zones from the template to the SecureTrack network zones to be enforced by the created USP.

Example
{
  "appliedToAnyDomain": false,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "type": "ADVANCED_BEST_PRACTICES",
  "zoneMappings": [ZoneMappingInput]
}

CreatePredefinedUspResult

Description

Returns the status results when creating a new predefined USP.

Fields
Field Name Description
id - ID Newly created USP ID.
resultStatus - ResultStatus! Status of request to create a new USP.
Example
{"id": 4, "resultStatus": ResultStatus}

CreateSystemInput

Description

Create system request input

Fields
Input Field Description
appliedToAnyDomain - Boolean

This property is not currently supported

domain - IdString

This property is not currently supported

ipAddress - IpAddressString

IP address

model - ModelName!

Model of this device

modelDisplayName - FreeText!

Model name of this device

name - Name!

System name

opmAgentId - FreeText!

Open policy management (OPM) agent ID

properties - [SystemFieldValueInput!]

System properties

vendor - VendorName!

Vendor type of this device

Example
{
  "appliedToAnyDomain": true,
  "domain": IdString,
  "ipAddress": IpAddressString,
  "model": "ASA",
  "modelDisplayName": FreeText,
  "name": Name,
  "opmAgentId": FreeText,
  "properties": [SystemFieldValueInput],
  "vendor": "AMAZON"
}

CreateSystemResult

Description

Create system request output

Fields
Field Name Description
id - ID Application internal ID of created system
resultStatus - ResultStatus! Result of the operation
Example
{"id": 4, "resultStatus": ResultStatus}

CreateTicketDraftInput

Description

Create a ticket draft in SecureChange

Fields
Input Field Description
decommissionRulesAction - DecommissionRulesAction

Supported actions are: “disable rules” and “remove rules”

dryRun - Boolean

If set to True, SecureChange will not create a ticket draft, will only return the result of input validation

ruleUids - [IdString!]!

List of rule UIDs to create the ticket for

subject - Name

The subject for the ticket draft

workflowName - Name

The name of SecureChange workflow used to create the ticket

workflowType - WorkFlowType!

The type of workflow (RECERTIFY_RULES, DECOMMISSION_RULES or MODIFY_RULES)

Example
{
  "decommissionRulesAction": "DISABLE_RULES",
  "dryRun": false,
  "ruleUids": [IdString],
  "subject": Name,
  "workflowName": Name,
  "workflowType": "DECOMMISSION_RULES"
}

CreateTicketDraftResult

Description

Returns the status results when creating a ticket draft

Fields
Field Name Description
invalidRules - [InvalidRule!]! List of the rules that are invalid for creating a ticket, and the reason that they are invalid
resultStatus - ResultStatus! Status of the request to create ticket draft
validRuleUids - [ID!] List of the rules that are valid for creating a ticket, out of the rules in the request
Example
{
  "invalidRules": [InvalidRule],
  "resultStatus": ResultStatus,
  "validRuleUids": [4]
}

CreateTicketInput

Description

Create a ticket for a rule.

Fields
Input Field Description
businessOwner - FreeText

Business owner name for a rule.

comment - FreeText

Comment for a ticket.

email - EmailAddress

Business owner Email address for a rule.

expirationDate - DateTime

Expiration date for a ticket.

externalUrl - URL

External URL for a ticket.

originTicketId - FreeText

ID information for a ticket, only required if a SecureChange ticket is linked.

ruleIds - [IdString!]!

List of affected rule IDs.

secureChangeTicket - Boolean

Mark as true if the ticket is a SecureChange ticket.

Example
{
  "businessOwner": FreeText,
  "comment": FreeText,
  "email": "[email protected]",
  "expirationDate": "2007-12-03T10:15:30Z",
  "externalUrl": "http://www.test.com/",
  "originTicketId": FreeText,
  "ruleIds": [IdString],
  "secureChangeTicket": false
}

CreateTicketResult

Description

Returns the status results when creating a ticket for a rule.

Fields
Field Name Description
modifiedRules - [ModifiedRule!]! List of affected rules.
resultStatus - ResultStatus! Result of the create ticket operation.
Example
{
  "modifiedRules": [ModifiedRule],
  "resultStatus": ResultStatus
}

CreateUserTQLSearchInput

Fields
Input Field Description
appliedToAnyDomain - Boolean!

If true, the query belongs to the 'All Domains' context

description - FreeText

Description of the query

domain - IdString

Domain in which the query was saved

name - Name!

Name of the query

public - Boolean!

If true, the query is public

query - String!

TQL expression saved as part of the query

type - TQLSearchType!

The Entity returned by the query

Example
{
  "appliedToAnyDomain": true,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "public": false,
  "query": "abc123",
  "type": "RULE"
}

CreateUserTQLSearchResult

Description

Create and save a TQL query

Fields
Field Name Description
id - ID Application internal ID of created TQL query
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateUspAlertConfigInput

Description

Create a USP alert.

Fields
Input Field Description
allDevices - Boolean!

If set to True, the devicesIds field is ignored and this alert applies to all devices.

allUsps - Boolean!

If set to True, the uspId field is ignored and this alert applies to all USPs.

appliedToAnyDomain - Boolean!

If set to True, the domain field should be empty and this alert applies to all domains.

description - FreeText

Alert description.

devicesIds - [IdString!]

This alert applies only for the specified devices. Add a list Device IDs.

disabled - Boolean!

Set to true to disable this alert.

domain - IdString

This alert will be configured in the specified domain. Add a single domain ID only.

externalRecipientsEmails - [EmailAddress!]

Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users.

name - Name!

Alert name.

recipientsIds - [IdString!]

Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user.

severities - [ViolationSeverity!]!

This alert is sent for violations of all the selected severities.

syslogEnabled - Boolean!

Set to True if syslog the alert should also be sent via syslog.

uspId - IdString

This alert applies only to the specified USP. Add a single USP ID only.

Example
{
  "allDevices": true,
  "allUsps": true,
  "appliedToAnyDomain": false,
  "description": FreeText,
  "devicesIds": [IdString],
  "disabled": false,
  "domain": IdString,
  "externalRecipientsEmails": [
    "[email protected]"
  ],
  "name": Name,
  "recipientsIds": [IdString],
  "severities": ["CRITICAL"],
  "syslogEnabled": true,
  "uspId": IdString
}

CreateUspAlertConfigResult

Description

Returns the status results when creating a new USP alert .

Fields
Field Name Description
id - ID ID of the new alert.
resultStatus - ResultStatus! Status of request to create a new USP alert.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateUspInput

Description

Create a USP.

Fields
Input Field Description
appliedToAnyDomain - Boolean!
description - FreeText

USP description.

domain - IdString
name - Name!

USP name.

securityZonesIds - [IdString!]

SecureTrack network zones IDs to be used by the USP.

Example
{
  "appliedToAnyDomain": true,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "securityZonesIds": [IdString]
}

CreateUspResult

Description

Returns the status results when creating a new USP.

Fields
Field Name Description
id - ID Newly created USP ID.
resultStatus - ResultStatus! Status of request to create a new USP.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateUspRiskAnalysisTaskInput

Description

Create a new UspRiskAnalysisTask for risk analysis calculation.

Fields
Input Field Description
accessRequests - [AccessRequestInput!]!

List of AccessRequestInputs for risk analysis calculations.

runCalculationOnAllUsps - Boolean!

If true, calculation will run on all USPs in all domains, otherwise, it will run on USPs that are configured on the domains for the specified source and destination.

Example
{
  "accessRequests": [AccessRequestInput],
  "runCalculationOnAllUsps": true
}

CreateUspRiskAnalysisTaskResult

Description

Returns the status results when creating a new UspRiskAnalysisTask.

Fields
Field Name Description
resultStatus - ResultStatus! ResultStatus of the request to create a new risk analysis task.
taskId - ID The created task ID. The ID is used for querying for the calculation result of UspRiskAnalysisTask.
Example
{
  "resultStatus": ResultStatus,
  "taskId": "4"
}

CreateUspRuleExceptionInput

Description

Create a rule UspException.

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.

approver - FreeText

User that approved the rule UspException.

creator - FreeText

User that created the rule UspException .

description - FreeText

Rule UspException description.

disabled - Boolean!

Set to true to disable this rule UspException. When disabled, rule UspException will have no impact on RuleViolations.

domain - IdString

The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored.

endDate - Date

Last date that the rule UspException is active.

name - Name!

Rule UspException name.

rules - RuleExceptionConditionInput!

RulesConditionInput of the UspException.

startDate - Date

First date that the rule UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]

List of UspExceptionConditionInput.

Example
{
  "appliedToAnyDomain": false,
  "approver": FreeText,
  "creator": FreeText,
  "description": FreeText,
  "disabled": false,
  "domain": IdString,
  "endDate": "2007-12-03",
  "name": Name,
  "rules": RuleExceptionConditionInput,
  "startDate": "2007-12-03",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

CreateUspRuleExceptionResult

Description

Returns the status results when creating a new rule UspException.

Fields
Field Name Description
id - ID Newly created rule UspException ID.
resultStatus - ResultStatus! Status of request to create a new rule UspException.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateUspTrafficExceptionInput

Description

Create a traffic UspException.

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.

approver - FreeText

User that approved the traffic UspException.

creator - FreeText

User that created the traffic UspException .

description - FreeText

Traffic UspException description.

destinationEntityIds - [IdString!]

Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group.

destinations - [IpAddressString!]

Destination condition - list of IPs/subnets.

disabled - Boolean!

Set to true to disable this traffic UspException. When disabled, traffic UspException will have no impact on RuleViolations.

domain - IdString

The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored.

endDate - Date

Last date that the traffic UspException is active.

name - Name!

Traffic UspException name.

servicesAndApplications - ServiceAndApplicationConditionInput

List of ServiceAndApplicationConditionInput.

sourceEntityIds - [IdString!]

Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group.

sources - [IpAddressString!]

Source condition - list of IPs/subnets.

startDate - Date

First date that the traffic UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]

List of UspExceptionConditionInput.

Example
{
  "appliedToAnyDomain": true,
  "approver": FreeText,
  "creator": FreeText,
  "description": FreeText,
  "destinationEntityIds": [IdString],
  "destinations": [IpAddressString],
  "disabled": true,
  "domain": IdString,
  "endDate": "2007-12-03",
  "name": Name,
  "servicesAndApplications": ServiceAndApplicationConditionInput,
  "sourceEntityIds": [IdString],
  "sources": [IpAddressString],
  "startDate": "2007-12-03",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

CreateUspTrafficExceptionResult

Description

Returns the status results when creating a new traffic UspException.

Fields
Field Name Description
id - ID Newly created traffic UspException ID.
resultStatus - ResultStatus! Status of request to create a new traffic UspException.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

Date

Description

An RFC-3339 compliant Full Date Scalar

Example
"2007-12-03"

DateTime

Description

An RFC-3339 compliant DateTime Scalar

Example
"2007-12-03T10:15:30Z"

DecommissionRulesAction

Values
Enum Value Description

DISABLE_RULES

REMOVE_RULES

Example
"DISABLE_RULES"

DeleteAlertConfigInput

Description

Delete a USP alert.

Fields
Input Field Description
ids - [IdString!]!

IDs of the alerts you want to delete.

Example
{"ids": [IdString]}

DeleteAlertConfigResult

Description

Returns the status results when deleting USP alerts.

Fields
Field Name Description
ids - [String!]
resultStatus - ResultStatus! Status of request to delete USP alerts.
Example
{
  "ids": ["xyz789"],
  "resultStatus": ResultStatus
}

DeleteSystemInput

Description

Delete systems request input

Fields
Input Field Description
ids - [IdString!]!

Systems IDs to delete

Example
{"ids": [IdString]}

DeleteSystemResult

Description

Delete system request output

Fields
Field Name Description
resultStatus - ResultStatus! Result of the operation
Example
{"resultStatus": ResultStatus}

DeleteTicketsInput

Description

Delete tickets.

Fields
Input Field Description
ids - [IdString!]!

IDs of the tickets to be deleted.

Example
{"ids": [IdString]}

DeleteTicketsResult

Description

Returns the status results when deleting tickets.

Fields
Field Name Description
ids - [ID!] IDs of the deleted tickets.
resultStatus - ResultStatus! Status of request to delete tickets.
Example
{"ids": [4], "resultStatus": ResultStatus}

DeleteUserTQLSearchInput

Description

Delete saved TQL queries

Fields
Input Field Description
ids - [IdString!]!

IDs of the queries to be deleted

Example
{"ids": [IdString]}

DeleteUserTQLSearchResult

Description

Returns the status results when deleting TQL queries

Fields
Field Name Description
ids - [ID!] IDs of the deleted queries
resultStatus - ResultStatus! Status of request to delete queries
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

DeleteUspExceptionInput

Description

Delete one or more UspExceptions.

Fields
Input Field Description
ids - [IdString!]!

UspException IDs.

Example
{"ids": [IdString]}

DeleteUspExceptionResult

Description

Returns the status results when deleting UspExceptions.

Fields
Field Name Description
ids - [ID!]
resultStatus - ResultStatus! Status of request to delete UspExceptions.
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

DeleteUspInput

Description

Delete one or multiple USPs.

Fields
Input Field Description
ids - [IdString!]!

USP IDs.

Example
{"ids": [IdString]}

DeleteUspResult

Description

Returns the status results when deleting USPs.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to delete USPs.
Example
{"resultStatus": ResultStatus}

Device

Description

A dependent device. Each device is assigned to a unique System device.

Fields
Field Name Description
cannotHaveRules - Boolean True indicates that the device has no rules Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
comment - String A text comment associated with this entity Permission requires
device - BasicDevice The device that this entity belongs to Permission requires
deviceType - DeviceType Type of this device
displayName - String Name of this device
domain - Domain The domains of the device
domainDeviceConf - [DomainDeviceConf!] List of device domain configurations which are excluded from violation calculations and protection mode Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

id - ID! The internal unique identifier for this entity
model - ModelName Model of this device Permission requires
modelDisplayName - String Model name of this device Permission requires
name - String The name of the entity
nameOnDevice - String Context name of this device Permission requires
parent - Device Device or system parent device Permission requires
root - Boolean True indicates that this device is the topmost device in the hierarchy
swVersion - String Software version of this device Permission requires
system - BasicSystem The system (root device) that this entity belongs to
vendor - VendorName Vendor type of this device
vendorDisplayName - String Vendor name of this device
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "cannotHaveRules": false,
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "deviceType": "CLOUD_VIRTUAL_NETWORK",
  "displayName": "abc123",
  "domain": Domain,
  "domainDeviceConf": [DomainDeviceConf],
  "id": 4,
  "model": "ASA",
  "modelDisplayName": "xyz789",
  "name": "xyz789",
  "nameOnDevice": "abc123",
  "parent": Device,
  "root": false,
  "swVersion": "abc123",
  "system": BasicSystem,
  "vendor": "AMAZON",
  "vendorDisplayName": "abc123",
  "version": 987
}

DeviceQuery

Description

Query for Device objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Device objects matching the specified filter.
values - [Device!]! A list of Device objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Device]}

DeviceStatus

Description

The progress status of the device version processing and calculations (IN_PROGRESS, COMPLETED, or ERROR).

Fields
Field Name Description
apiV1DeviceId - String The internal unique identifier of the device in the legacy API.
changed - DateTime The most recent time that this entity was directly modified Permission requires
device - Device The device that the status applies to. Permission requires
id - ID! The internal unique identifier for this entity
name - String This property is not supported. Permission requires
versions - [VersionStatus!] The versions of the changes on the device. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "apiV1DeviceId": "xyz789",
  "changed": "2007-12-03T10:15:30Z",
  "device": Device,
  "id": "4",
  "name": "xyz789",
  "versions": [VersionStatus]
}

DeviceStatusQuery

Description

Query for DeviceStatus objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of DeviceStatus objects matching the specified filter.
values - [DeviceStatus!]! A list of DeviceStatus objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [DeviceStatus]}

DeviceType

Description

Type of dependant device.

Values
Enum Value Description

CLOUD_VIRTUAL_NETWORK

Public or private cloud virtual network. For example: Microsoft Azure public cloud virtual network.

CLUSTER

Cluster of devices

FIREWALL

Firewall

FIREWALL_GLOBAL_CONTEXT

Device of this type holds global firewall information, like global policy

FIREWALL_VIRTUAL_CONTEXT

Virtual firewall managed by root management device

MANAGEMENT

Device manages other devices.

MANAGEMENT_DOMAIN

Device that represents management domain or scope.

MANAGEMENT_GLOBAL_DOMAIN

Device that represents global domain or scope.

ROUTER

Example
"CLOUD_VIRTUAL_NETWORK"

Direction

Description

Direction.

Values
Enum Value Description

BOTH

Inbound-Outbound direction.

INBOUND

Inbound direction.

OUTBOUND

Outbound direction.
Example
"BOTH"

Domain

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
default - Boolean
id - ID! The internal unique identifier for this entity
name - String The name of the entity
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "default": true,
  "id": 4,
  "name": "xyz789"
}

DomainDeviceConf

Description

List of device domain configurations which are excluded from violation calculations and protection mode

Fields
Field Name Description
appliedToAnyDomain - Boolean True indicates that the configuration applies to All Domain. False indicates that the configuration applies to a specific domain. Permission requires
enableProtectionModeChange - Boolean Permission requires
excludedForViolation - Boolean True indicates that the application will not calculate security risks for this device Permission requires
protectionMode - ProtectionMode Identifies how to select network zones available for checking security risks, whether the mode is Connected (the IP address is directly connected) or Routable (the connection is via route table) Permission requires
Example
{
  "appliedToAnyDomain": false,
  "enableProtectionModeChange": true,
  "excludedForViolation": true,
  "protectionMode": "CONNECTED_ZONES"
}

DomainQuery

Description

Query for Domain objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Domain objects matching the specified filter.
values - [Domain!]! A list of Domain objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Domain]}

EmailAddress

Description

An email address

Example
"[email protected]"

Error

Fields
Field Name Description
errorCode - String Internal code of error message that indicates that request did not successfully complete.
errorMessage - String Text of message that indicates that request did not successfully complete
Example
{
  "errorCode": "abc123",
  "errorMessage": "xyz789"
}

ErrorType

Values
Enum Value Description

CLASS_A_IN_TOPOLOGY

IP_TYPE_MISMATCH

RUNTIME_ERROR

Example
"CLASS_A_IN_TOPOLOGY"

FlowRestrictionType

Description

The required format of the source and the destination in a rule.

Values
Enum Value Description

HOST_TO_HOST

Rule requirement that both the source and destination are defined by host objects.

HOST_TO_SUBNET

Rule requirement that the source of the traffic flow is defined by host and the destination is defined by subnet objects.

SUBNET_TO_HOST

Rule requirement that the source of the traffic flow is defined by subnet objects and the destination is defined by host.
Example
"HOST_TO_HOST"

FlowUspRestriction

Description

A condition that defines the allowed flow type from one SecureTrack network zone to another (Host to Host, Subnet to Host, or Host to Subnet).

Fields
Field Name Description
flowType - FlowRestrictionType The flow type.
restrictionType - RestrictionType Restriction type.
Example
{"flowType": "HOST_TO_HOST", "restrictionType": "DESTINATION_IPS_MAX_COUNT"}

FlowUspRestrictionInput

Description

Flow USP restriction.

Fields
Input Field Description
flowType - FlowRestrictionType!

Flow type (FlowRestrictionType).

Example
{"flowType": "HOST_TO_HOST"}

Fqdn

Description

Fully qualified domain name. Identifier that fully identifies the resource

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
domainAddress - String Fully qualified domain name
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "domainAddress": "abc123",
  "id": 4,
  "ipAddresses": [IpAddress],
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

FreeText

Description

Free text

Example
FreeText

Group

Description

Network objects group. Contains other network objects

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
exclusionMembers - [GroupMember!] Network objects that must be excluded from this group. For example: particular network objects in included sub-network.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

groupType - GroupType! Group type. For example: NETWORK_WITH_EXCLUSION. See GroupType definition
id - ID! The internal unique identifier for this entity
members - [GroupMember!] Network objects that are direct members of this group
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

membersPredefinedValue - NetworkPredefinedValue Members of type "Any"
membershipCriteria - String The matching criteria of a Security Group can be a security tag, and a workload that is tagged can be automatically placed into a Security Group
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "exclusionMembers": [AccessRole],
  "groupType": "APPLICATION",
  "id": "4",
  "members": [AccessRole],
  "membersPredefinedValue": "ANY_IPV4_NETWORK",
  "membershipCriteria": "xyz789",
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

GroupMember

GroupType

Description

Network objects group type.

Values
Enum Value Description

APPLICATION

The group containing network applications.

DYNAMIC_GROUP

A dynamic address group uses tags as a filtering criteria to determine its members.

LOCATION

The group containing locations.

MICRO_SEGMENTED_GROUP

The group containing vendor specific objects. For example: network interface cards (NIC).

NETWORK

The group containing networks.

NETWORK_WITH_EXCLUSION

The group containing networks with exclusions.

SECURITY_PROFILE

The group containing security profiles.

SERVICE

The group containing TCP/IP services.

USER

The group containing users.

ZONE_INTERSECTABLE_MICRO_SEGMENTED_GROUP

Example
"APPLICATION"

HasIP

Description

An object that has an IP address field.

Fields
Field Name Description
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipType - IpType The IP address this object has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
Possible Types
HasIP Types

Host

Subnet

Example
{"ip": "xyz789", "ipType": "IPV4"}

Host

Description

Computer or other device connected to a computer network.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipAddresses - [IpAddress!] List of additional IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

ipType - IpType The IP address this host has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "ip": "xyz789",
  "ipAddresses": [IpAddress],
  "ipType": "IPV4",
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

ID

Description

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Example
4

IcmpService

Description

ICMP service

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
icmpCode - Int ICMP code number for a particular ICMP type
id - ID! The internal unique identifier for this entity
maxIcmpType - Int The last ICMP type number in range, including
minIcmpType - Int The first ICMP type number in range, including
name - String The name of the entity
negated - Boolean Rule will use all ICMP types, except specified in minIcmpType and maxIcmpType in case this value is true
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "icmpCode": 987,
  "id": "4",
  "maxIcmpType": 123,
  "minIcmpType": 123,
  "name": "xyz789",
  "negated": true,
  "system": BasicSystem,
  "version": 123
}

IdString

Description

ID type

Example
IdString

InstallationTargetPredefinedValue

Description

Predefined values for installation target of type Any

Values
Enum Value Description

ANY_IT

Any installation target
Example
"ANY_IT"

Int

Description

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.

Example
987

Interface

Description

The Interface entity shows the current configuration of an interface and the information received from the device.

Fields
Field Name Description
autoMappingDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

autoMappingRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

changed - DateTime The time and date the interface was last changed. Permission requires
comment - String This property is not supported. Permission requires
device - BasicDevice The Device ID that the interface is connected to. Interfaces are only associated with gateways. Permission requires
id - ID! The interface ID.
ipAddresses - [IpAddress!] The IP addresses of the interface. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualAddedDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualAddedRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualExcludedDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualExcludedRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The interface name.
system - BasicSystem The system ID that the interface is related to. Permission requires
version - Int! The last version ID that was received for the interface.
zone - Zone The ID of the SecureTrack network zone that the interface is associated with. Permission requires
Example
{
  "autoMappingDirectlyConnectedZones": [SecurityZone],
  "autoMappingRouteableZones": [SecurityZone],
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "ipAddresses": [IpAddress],
  "manualAddedDirectlyConnectedZones": [SecurityZone],
  "manualAddedRouteableZones": [SecurityZone],
  "manualExcludedDirectlyConnectedZones": [SecurityZone],
  "manualExcludedRouteableZones": [SecurityZone],
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987,
  "zone": Zone
}

InterfaceQuery

Description

Query for Interface objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Interface objects matching the specified filter.
values - [Interface!]! A list of Interface objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Interface]}

InternetService

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

InvalidRule

Description

Rule that is invalid for creating a ticket

Fields
Field Name Description
reason - CreateDraftInvalidRuleReason! The reason that the rule is invalid
ruleUid - ID The rule UID
Example
{
  "reason": "RULE_ALREADY_HAS_TICKET_IN_PROGRESS",
  "ruleUid": "4"
}

IpAddress

Description

IP address

Fields
Field Name Description
ip - String IP address
ipType - IpType The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
precedence - Precedence IP address placement definition
subnetMask - String Sub-network mask
visibility - Visibility IP address visibility definition
Example
{
  "ip": "xyz789",
  "ipType": "IPV4",
  "precedence": "SECONDARY",
  "subnetMask": "abc123",
  "visibility": "PUBLIC"
}

IpAddressString

Description

The IP address. It will either take the form of an IPv4 (as specified in RFC 794) or IPv6 (as specified in RFC 4291).

Example
IpAddressString

IpRange

Description

Set of IP addresses defined by first and last IP address.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipType - IpType The IP addresses this range has can be of different types (e.g. IPv4, IPv6). This field specifies which type they are.
maxIp - String The last IP address, including.
minIp - String The first IP address, including.
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "ipType": "IPV4",
  "maxIp": "abc123",
  "minIp": "xyz789",
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

IpService

Description

TCP/IP service

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
maxProtocol - Int The last protocol number in range, including
minProtocol - Int The first protocol number in range, including
name - String The name of the entity
negated - Boolean Rule will use all service protocols, except specified in minProtocol and maxProtocol in case this value is true
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "maxProtocol": 987,
  "minProtocol": 123,
  "name": "abc123",
  "negated": false,
  "system": BasicSystem,
  "version": 987
}

IpType

Description

The IP type.

Values
Enum Value Description

IPV4

IPv4 IP type.

IPV4_IPV6

Either IPv4 or IPv6.

IPV6

IPv6 IP type.

OTHER

Neither IPV4 nor IPV6
Example
"IPV4"

LdapUser

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
dn - String LDAP user identifier
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "dn": "abc123",
  "id": "4",
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

LocalUser

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

Location

Description

Locations identify the various networks from which your organization sends its internet traffic. When an organization forwards its traffic to the Zscaler service through a GRE or IPSec tunnel, Zscaler provisions your organization's IP addresses, which you then add as locations in the ZIA Admin Portal.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
ports - [Int!] Proxy ports
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "ipAddresses": [IpAddress],
  "name": "xyz789",
  "ports": [987],
  "system": BasicSystem,
  "version": 123
}

LogProfile

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

Long

Description

Long type

Example
{}

ModelName

Description

Device model name.

Values
Enum Value Description

ASA

Cisco ASA

AWS_ACCOUNT

Amazon AWS public cloud management, contains account information

AWS_VPC

Amazon AWS public cloud "virtual public cloud"

AZURE_ACCOUNT

Microsoft Azure public cloud management, contains account information

AZURE_FIREWALL

AZURE_POLICY

AZURE_ROOT_POLICY

AZURE_VNET

Microsoft Azure public cloud virtual network

CMA

Check Point CMA.

FMC

Cisco Firepower Managemet Center

FORTIGATE

Fortinet firewall

FORTIMANAGER

Fortinet management device

FTD

GCP_PROJECT

GCP Project management, contains project information

GCP_VPC

GCP virtual private cloud

MDS

Check Point MDS

MERAKI_ACCOUNT

Cisco Meraki Account

MERAKI_NETWORK

Cisco Meraki Network

MERAKI_ORGANIZATION

Cisco Meraki Organization

MX

Mx

NETSCREEN

Netscreen

NEXUS

Cisco Nexus

PANORAMA

Palo Alto management device

PANOS

Palo Alto Firewall

ROUTER

Cisco router

SMART_CENTER

Check Point Smart center

SRX

Srx

STONESOFT

UNKNOWN

Unknown, not supported, device.

VMWARE_NSX_DISTRIBUTED_FIREWALL

VMware NSX distributed firewall

VMWARE_NSX_EDGE

VMware NSX Edge

VMWARE_NSX_MANAGEMENT

VMware NSX management

ZSCALER_INTERNET_ACCESS

Zscaler Internet Access
Example
"ASA"

ModifiedRule

Description

The rule that is associated with the ticket that is created.

Fields
Field Name Description
createdTicketId - ID! ID of the created ticket.
ruleId - ID! ID of the affected rule.
Example
{"createdTicketId": "4", "ruleId": 4}

NIC

Description

The emulation of a physical network adapter (NIC)

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
subnet - Subnet Sub-network that this NIC belongs to
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "ipAddresses": [IpAddress],
  "name": "abc123",
  "subnet": Subnet,
  "system": BasicSystem,
  "version": 987
}

Name

Description

An entity name

Example
Name

Negatable

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
Example
{"negated": false}

NetworkObject

Example
AccessRole

NetworkObjectQuery

Description

Query for NetworkObject objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of NetworkObject objects matching the specified filter.
values - [NetworkObject!]! A list of NetworkObject objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [AccessRole]}

NetworkObjectTraffic

Fields
Field Name Description
ip - String
microSegmentedName - String
Example
{
  "ip": "xyz789",
  "microSegmentedName": "abc123"
}

NetworkObjectTrafficInput

Description

Represents a traffic network object. should contain ip OR microSegmentName

Fields
Input Field Description
ip - IpAddressString

Represents ip address of traffic network object.

microSegmentedName - FreeText

Represent a security group name

Example
{
  "ip": IpAddressString,
  "microSegmentedName": FreeText
}

NetworkPredefinedValue

Description

Definition for network of type Any.

Values
Enum Value Description

ANY_IPV4_NETWORK

Any IPv4 network.

ANY_IPV6_NETWORK

Any IPv6 network.

ANY_NETWORK

Any IPv4 or IPv6 network.
Example
"ANY_IPV4_NETWORK"

Node

Description

An API entity. This interface carries the most basic information about an entity.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "id": "4",
  "name": "abc123"
}

OPMAgent

Description

Open policy management (OPM) agent definition Permission requires

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
opmAgentId - String OPM agent ID
systemProperties - [SystemProperties!] System specific text fields
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

vendor - VendorName Vendor type of this device
vendorDisplayName - String Vendor name of this device
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "id": "4",
  "name": "abc123",
  "opmAgentId": "abc123",
  "systemProperties": [SystemProperties],
  "vendor": "AMAZON",
  "vendorDisplayName": "xyz789"
}

OPMAgentQuery

Description

Query for OPMAgent objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of OPMAgent objects matching the specified filter.
values - [OPMAgent!]! A list of OPMAgent objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [OPMAgent]}

OntologicalBaseEntity

Description

A base interface shared by all entities that are reported as part of a device's configuration

Fields
Field Name Description
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

OtherObject

Description

Network object that does not have TOS known type.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
objectType - String Custom type textual representation.
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "objectType": "abc123",
  "system": BasicSystem,
  "version": 987
}

OtherService

Description

Service that does not have TOS known type

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
serviceType - String Custom type textual representation
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "serviceType": "xyz789",
  "system": BasicSystem,
  "version": 123
}

Permission

Description

A system function grant

Fields
Field Name Description
name - String The unique name of the grant
type - String The type of the grant - READ | WRITE | RESOURCE
Example
{
  "name": "abc123",
  "type": "xyz789"
}

PermissivenessScoreLevel

Description

Permissiveness level of rule's data.

Values
Enum Value Description

HIGH

High permissiveness level. Rule allows access for too much network traffic.

LOW

Low permissiveness level. Rule allows very small network traffic.

MEDIUM

Medium permissiveness level. Rule allows not much network traffic.
Example
"HIGH"

Precedence

Description

Placement definition

Values
Enum Value Description

SECONDARY

Secondary IP address
Example
"SECONDARY"

PredefinedUspType

Description

The set of predefined templates of USP definitions. Each predefined template type is aimed at a different compliance setting and defines a different set of zone roles.

Values
Enum Value Description

ADVANCED_BEST_PRACTICES

Defines the following zones:

  • Corporate
  • DMZ
  • Internet

BEST_PRACTICES

Defines the following zones:

  • Internet
  • DataCenter
  • PM
  • RnD
  • Sales

ISO_27001

Information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Provides best practice recommendations on information security management—the management of information risks through information security controls. Defines the following zones:

  • Corporate
  • NOC-MGMT
  • DMZ-DB
  • DMZ-NOC
  • DMZ-PUB
  • Extranet-Partners
  • DMZ-Partners
  • Internet
  • Int-IP

NERC_CIPv5

The NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) version 5 standards are designed to secure the assets required for operating North America’s Bulk Electric System (BES). Defines the following zones:

  • EACMS
  • PACS
  • Control Center
  • Substation
  • Corporate
  • DMZ
  • Internet

NIST_800_53

PCI

The Payment Card Industry Data Security Standard (PCI DSS). An information security standard for organizations that handle credit cards from the major card schemes. Defines the following zones:

  • Corporate
  • DMZ
  • Internet
  • PCI Applications
  • PCI Data
  • PCI Web
  • Wireless Networks
Example
"ADVANCED_BEST_PRACTICES"

ProgressStatus

Description

Progress status

Values
Enum Value Description

COMPLETED

Completed

ERROR

Error

IN_PROGRESS

In progress
Example
"COMPLETED"

PropertyUspRestriction

Description

A condition that defines rules related properties of RestrictionTypes:

  • MANDATORY_COMMENT
  • MANDATORY_LOG
  • LAST_HIT_MAX_VAL
  • SOURCE_IPS_MAX_COUNT
  • DESTINATION_IPS_MAX_COUNT
  • SERVICES_MAX_COUNT
  • EXPLICIT_SOURCE
  • EXPLICIT_DESTINATION
  • EXPLICIT_SERVICE
Fields
Field Name Description
restrictionType - RestrictionType Restriction type.
value - Int

A field that defines numeric related properties, of RestrictionTypes:

  • LAST_HIT_MAX_VAL
  • SOURCE_IPS_MAX_COUNT
  • DESTINATION_IPS_MAX_COUNT
  • SERVICES_MAX_COUNT
Example
{"restrictionType": "DESTINATION_IPS_MAX_COUNT", "value": 987}

PropertyUspRestrictionInput

Description

Property USP restriction (PropertyUspRestriction).

Fields
Input Field Description
value - Int

The numeric related property.

Example
{"value": 987}

ProtectionMode

Description

Describes how to select network zones available for checking security risks.

Values
Enum Value Description

CONNECTED_ZONES

Violation will be calculated on zones that are directly connected to the interface

ROUTABLE_ZONES

Violation will be calculated on zones that have routes through the interface.
Example
"CONNECTED_ZONES"

RemoveSecurityZonesFromUspInput

Description

Removes one or more SecureTrack network zones from an existing USP.

Fields
Input Field Description
securityZonesIds - [IdString!]!

SecureTrack network zones IDs to be added.

uspId - IdString!

USP ID to remove zones from.

Example
{
  "securityZonesIds": [IdString],
  "uspId": IdString
}

RemoveSecurityZonesFromUspResult

Description

Returns the status results when removing SecureTrack network zones from an existing USP.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to remove SecureTrack network zones from an existing USP.
Example
{"resultStatus": ResultStatus}

RestrictionType

Description

Enumeration of valid restriction types.

Values
Enum Value Description

DESTINATION_IPS_MAX_COUNT

Maximum number of IP address allowed in the destination.

EXPLICIT_DESTINATION

Rules must have an explicit destination, not the ANY value.

EXPLICIT_SERVICE

Rules must have an explicit service, not the ANY value.

EXPLICIT_SOURCE

Rules must have an explicit source, not the ANY value.

FLOWS

The required format of the source and the destination in a rule (HOST_TO_HOST, SUBNET_TO_HOST, or HOST_TO_SUBNET).

LAST_HIT_MAX_VAL

Maximum number of days in which the rule must have had a hit.

MANDATORY_COMMENT

Rules must have text in the comment field.

MANDATORY_LOG

Rules must be configured to create log entries.

SERVICES_MAX_COUNT

Maximum number of services allowed.

SOURCE_IPS_MAX_COUNT

Maximum number of IP address allowed in the source.

TRAFFIC

Traffic access permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all).
Example
"DESTINATION_IPS_MAX_COUNT"

Result

ResultStatus

Description

Status result of the operation.

Fields
Field Name Description
errorMessage - String The value “errorMessage” has been deprecated. Use the “errors” field instead
errors - [Error!] List of error codes and messages.
successful - Boolean True indicates that request successfully completed
Example
{
  "errorMessage": "abc123",
  "errors": [Error],
  "successful": false
}

RiskAnalysisFlowsViolationData

Description

Information regarding violations of type Flow.

Fields
Field Name Description
flowUspRestriction - FlowUspRestriction FlowUspRestriction that was violated by the access request.
violatedFlowType - FlowRestrictionType The flow restriction type FlowRestrictionType that was violated by the access request.
violatingDestPredefinedValue - NetworkPredefinedValue The violating NetworkPredefinedValue of the access request's destination.
violatingDestinationNetworkObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that represent the violating objects in the access request's destination.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourceNetworkObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that represent the violating objects in the access request's source.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourcePredefinedValue - NetworkPredefinedValue The violating NetworkPredefinedValue of the access request's source.
Example
{
  "flowUspRestriction": FlowUspRestriction,
  "violatedFlowType": "HOST_TO_HOST",
  "violatingDestPredefinedValue": "ANY_IPV4_NETWORK",
  "violatingDestinationNetworkObjects": [
    RiskAnalysisNetworkObject
  ],
  "violatingSourceNetworkObjects": [
    RiskAnalysisNetworkObject
  ],
  "violatingSourcePredefinedValue": "ANY_IPV4_NETWORK"
}

RiskAnalysisMutation

Description

The RiskAnalysisMutation entity enables to create a task of AccessRequests for risk calculation.

Fields
Field Name Description
createUspRiskAnalysisTask - CreateUspRiskAnalysisTaskResult! Create a UspRiskAnalysisTask.
Example
{
  "createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}

RiskAnalysisNetworkObject

Description

A violating network object entity, in a defined SecureTrack zone.

Fields
Field Name Description
networkObjectTraffic - NetworkObjectTraffic The raw traffic representation of the violating network object.
zone - SecurityZone The SecureTrack zone that violates the network object traffic.
Example
{
  "networkObjectTraffic": NetworkObjectTraffic,
  "zone": SecurityZone
}

RiskAnalysisTrafficViolationData

Description

Information regarding violations of type Traffic.

Fields
Field Name Description
trafficUspRestriction - TrafficUspRestriction TrafficUspRestriction that was violated by the access request.
violatedApplicationPredefinedValue - ApplicationPredefinedValue The violating ApplicationPredefinedValue of the access request's applications.
violatedServicePredefinedValue - ServicePredefinedValue The violating ServicePredefinedValue of the access request's service.
violatingApplications - [String!] List of application names that represent the violating applications in the access request.
violatingServices - [String!] List of services expressions that represent the violating services in the access request.
Example
{
  "trafficUspRestriction": TrafficUspRestriction,
  "violatedApplicationPredefinedValue": "ANY_APPLICATION",
  "violatedServicePredefinedValue": "ANY_IPV4_SERVICE",
  "violatingApplications": ["abc123"],
  "violatingServices": ["xyz789"]
}

RiskAnalysisViolation

Description

The RiskAnalysisViolation entity represents information regarding violations of an access request. Permission requires

Fields
Field Name Description
accessRequestId - String Access request ID.
changed - DateTime The date that the RiskAnalysisViolation entity was last changed.
creationDate - DateTime Creation date of the violation.
exceptions - [BasicUspExceptionInfoForRiskAnalysis!] Exceptions IDs that were applied to the violation.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

flowViolationData - RiskAnalysisFlowsViolationData The flow violation RiskAnalysisFlowsViolationData.
fromZoneMatchingObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that are matching the from-zone of the ZoneToZoneMatcher. Set in case the access request sources are specific (matchingSourcePredefinedValue not set).
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

id - ID! Violation ID.
matchingDestinationPredefinedValue - NetworkPredefinedValue Set in case the access request destination is a predefined value of NetworkPredefinedValue.
matchingSourcePredefinedValue - NetworkPredefinedValue Set in case the access request source is a predefined value of NetworkPredefinedValue.
name - String This property is not supported.
requirement - UspRequirement Violated UspRequirement.
severity - ViolationSeverity Severity of the violation.
toZoneMatchingObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that are matching the to-zone of the ZoneToZoneMatcher. Set in case the access request destinations are specific (matchingDestinationePredefinedValue not set).
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

trafficViolationData - RiskAnalysisTrafficViolationData The traffic violation RiskAnalysisTrafficViolationData.
usp - BasicUspInfoForRiskAnalysis Violated USP.
zoneToZoneUspRequirementMatcher - ZoneToZoneUspRequirementMatcher Violated from zone - to zone ZoneToZoneMatcher.
Example
{
  "accessRequestId": "xyz789",
  "changed": "2007-12-03T10:15:30Z",
  "creationDate": "2007-12-03T10:15:30Z",
  "exceptions": [BasicUspExceptionInfoForRiskAnalysis],
  "flowViolationData": RiskAnalysisFlowsViolationData,
  "fromZoneMatchingObjects": [RiskAnalysisNetworkObject],
  "id": "4",
  "matchingDestinationPredefinedValue": "ANY_IPV4_NETWORK",
  "matchingSourcePredefinedValue": "ANY_IPV4_NETWORK",
  "name": "abc123",
  "requirement": UspRequirement,
  "severity": "CRITICAL",
  "toZoneMatchingObjects": [RiskAnalysisNetworkObject],
  "trafficViolationData": RiskAnalysisTrafficViolationData,
  "usp": BasicUspInfoForRiskAnalysis,
  "zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}

Rule

Description

A rule in a security policy

Fields
Field Name Description
action - RuleActionType Action that will be performed by firewall if network traffic matches this rule
actionDisplayName - String Action name
application - RuleApplicationTraffic Definition of the network applications
applicationsUsage - [ApplicationUsage!] Last time traffic was recorded for a specific application on this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

appliedTo - [String!] Devices that the rule is installed on
appliedToObjects - RuleAppliedToObjects Network objects that this rule is applied to
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
destination - RuleNetworkTraffic Definition of the destination network objects
destinationZone - RuleZoneTraffic Definition of the destination network zones
device - BasicDevice The device that this entity belongs to
direction - Direction Direction of this rule (inbound or outbound)
disabled - Boolean True indicates that this rule is disabled on the device
exceptions - [BasicRuleUspExceptionInfo!]
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

goToTarget - SecurityPolicy Target security policy for GOTO rule action
id - ID! The internal unique identifier for this entity
idOnDevice - String Device specific rule identifier. Usually identifies the rule order in the security policy.
installedOn - RuleInstallationTargetTraffic Devices that the rule is installed on
isExemptedFromUsp - Boolean True indicates that the rule will be excluded from violation calculations
location - String The level of the rule within the rule hierarchy
logging - RuleLogging Rule logging definition
name - String The name of the entity
permissivenessLevel - PermissivenessScoreLevel

The permissiveness level (high/medium/low). The permissiveness level is an indication of how widely a rule is defined. Rules with high permissiveness can be a security risk because they allow too much access through the firewall. For example:

  • A rule with one source host, one destination host, and one service is low permissiveness
  • A rule with Source "ANY", Destination "ANY", and Protocol "ANY" is high permissiveness
policy - SecurityPolicy The security policy the rule belongs to
policyIndex - Int
ruleTypeName - String
ruleUsageStatus - RuleUsageStatus Status of last hit check
ruleUserData - RuleUserData Additional information such as a description that can be customized by administrators
sectionGroup - String
sectionTitle - String Title of the section that rule belongs to
securityProfiles - [SecurityProfileValue!] List of security profiles
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

service - RuleServiceTraffic Definition of the network service objects
shadowed - ShadowedStatus Indicates whether the rule is shadowed by a previous rule which handles traffic before it gets to this rule, This may indicate that the rule is redundant.
source - RuleNetworkTraffic Definition of the source network objects
sourceZone - RuleZoneTraffic Definition of the source network zones
system - BasicSystem The system (root device) that this entity belongs to
tags - [String!] List of tags
time - RuleTimeTraffic Time and date that the rule is scheduled
timeLastHit - DateTime The last time traffic that passed through the device matched either the rule, user, or application identity details
timeLastModified - DateTime The most recent time that this rule was directly modified or there was a change in a related object which impacted the rule
urlCategory - RuleUrlCategory The category of the URL as determined by the device
user - RuleUserTraffic Definition of the network user objects
usersUsage - [UserUsage!] Last time traffic was recorded for a specific user on this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

version - Int! A sequential number assigned to each change to identify the order in which changes were made
violationHighestSeverity - ViolationSeverity Maximum security risk severity
violations - [RuleViolation!] A list of all security risks found in this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

vpn - RuleVpnTraffic Definition of the VPN communities. A VPN community is a collection of VPN enabled gateways capable of communicating via VPN tunnels.
zonesRelation - ZonesRelation Zone relation definition on the device
expirationDate - DateTime
Example
{
  "action": "ALLOW",
  "actionDisplayName": "xyz789",
  "application": RuleApplicationTraffic,
  "applicationsUsage": [ApplicationUsage],
  "appliedTo": ["xyz789"],
  "appliedToObjects": RuleAppliedToObjects,
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "destination": RuleNetworkTraffic,
  "destinationZone": RuleZoneTraffic,
  "device": BasicDevice,
  "direction": "BOTH",
  "disabled": true,
  "exceptions": [BasicRuleUspExceptionInfo],
  "goToTarget": SecurityPolicy,
  "id": "4",
  "idOnDevice": "abc123",
  "installedOn": RuleInstallationTargetTraffic,
  "isExemptedFromUsp": false,
  "location": "xyz789",
  "logging": RuleLogging,
  "name": "xyz789",
  "permissivenessLevel": "HIGH",
  "policy": SecurityPolicy,
  "policyIndex": 987,
  "ruleTypeName": "abc123",
  "ruleUsageStatus": "RULE_LAST_HIT_ERROR",
  "ruleUserData": RuleUserData,
  "sectionGroup": "xyz789",
  "sectionTitle": "xyz789",
  "securityProfiles": [Group],
  "service": RuleServiceTraffic,
  "shadowed": "FULLY_SHADOWED",
  "source": RuleNetworkTraffic,
  "sourceZone": RuleZoneTraffic,
  "system": BasicSystem,
  "tags": ["abc123"],
  "time": RuleTimeTraffic,
  "timeLastHit": "2007-12-03T10:15:30Z",
  "timeLastModified": "2007-12-03T10:15:30Z",
  "urlCategory": RuleUrlCategory,
  "user": RuleUserTraffic,
  "usersUsage": [UserUsage],
  "version": 123,
  "violationHighestSeverity": "CRITICAL",
  "violations": [RuleViolation],
  "vpn": RuleVpnTraffic,
  "zonesRelation": "INTERZONE",
  "expirationDate": "2007-12-03T10:15:30Z"
}

RuleActionType

Description

Type of action that will be performed by firewall if network traffic matches this rule

Values
Enum Value Description

ALLOW

Traffic specified by the rule will be allowed

CLIENT_AUTHENTICATION

DENY

Traffic specified by the rule will not be allowed

GOTO

Traffic specified by the rule must be checked by other policy. See goToTarget parameter in Rule

UNSUPPORTED

This usages is just a fallback for not supported data
Example
"ALLOW"

RuleApplicationTraffic

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - ApplicationPredefinedValue Predefined value for Any application
typeDisplay - String RuleApplicationTraffic will always be of type "Application"
values - [RuleApplicationValue!] List of network applications
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": "ANY_APPLICATION",
  "typeDisplay": "xyz789",
  "values": [Application]
}

RuleApplicationValue

Types
Union Types

Application

Group

Example
Application

RuleAppliedToObjects

Description

"Applied to objects" definition for rule

Fields
Field Name Description
predefinedValue - AppliedToObjectsPredefinedValue Value for predefined type (Any or No object)
typeDisplay - String RuleAppliedToObjects will always be of type "Applied to objects"
values - [NetworkObject!] List of device network objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY",
  "typeDisplay": "xyz789",
  "values": [AccessRole]
}

RuleExceptionConditionInput

Description

Condition on Rules

Fields
Input Field Description
rules - [IdString!]!

List of Rule's ID.

Example
{"rules": [IdString]}

RuleFlowsViolationData

Description

The RuleFlowsViolationData entity holds data of the flows that are being violated by the rule

Fields
Field Name Description
flowRestriction - FlowUspRestriction The FlowUspRestriction that was violated by this rule
negatedViolatingDestination - Boolean True if violatingDestinationNetworkObjects is a negated value
negatedViolatingSource - Boolean True if violatingSourceNetworkObjects is a negated value
violatedFlowType - FlowRestrictionType The FlowRestrictionType that was violated by this rule
violatingDestPredefinedValue - NetworkPredefinedValue The NetworkPredefinedValue of the destinationNetworkObjects that are violated by the rule
violatingDestinationNetworkObjects - [NetworkObject!] The destination NetworkObjects that are violated by the rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourceNetworkObjects - [NetworkObject!] The source NetworkObjects that are violated by the rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourcePredefinedValue - NetworkPredefinedValue The NetworkPredefinedValue of the source NetworkObjects that are violated by the rule
Example
{
  "flowRestriction": FlowUspRestriction,
  "negatedViolatingDestination": true,
  "negatedViolatingSource": true,
  "violatedFlowType": "HOST_TO_HOST",
  "violatingDestPredefinedValue": "ANY_IPV4_NETWORK",
  "violatingDestinationNetworkObjects": [AccessRole],
  "violatingSourceNetworkObjects": [AccessRole],
  "violatingSourcePredefinedValue": "ANY_IPV4_NETWORK"
}

RuleInstallationTargetTraffic

Description

Installation targets definition for rule

Fields
Field Name Description
predefinedValue - InstallationTargetPredefinedValue Value for installation target of type Any
typeDisplay - String RuleInstallationTargetTraffic will always be of type "Install On"
values - [NetworkObject!] List of device network objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_IT",
  "typeDisplay": "abc123",
  "values": [AccessRole]
}

RuleLogging

Description

Rule logging definition

Fields
Field Name Description
logProfile - LogProfile Logging profile name
logged - Boolean If true, the rule logged on device
timing - RuleLoggingTiming Specify when rule logging should start
trackInterval - Int Interval (vendor specific)
trackLevel - RuleTrackLevel Rule logging track level
Example
{
  "logProfile": LogProfile,
  "logged": true,
  "timing": "BOTH_START_AND_END",
  "trackInterval": 987,
  "trackLevel": "ACCOUNT"
}

RuleLoggingTiming

Description

Specify when rule logging should start

Values
Enum Value Description

BOTH_START_AND_END

Log rule usage on both, session start and end

SESSION_END

Log rule usage on session end

SESSION_START

Log rule usage on session start
Example
"BOTH_START_AND_END"

RuleNetworkTraffic

Description

Network objects definition for rule source and destination fields

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - NetworkPredefinedValue Definition for network of type Any
typeDisplay - String Network traffic direction in rule (Source, Destination)
values - [NetworkObject!] List of device network objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": "ANY_IPV4_NETWORK",
  "typeDisplay": "xyz789",
  "values": [AccessRole]
}

RuleOperationsMutation

Description

Lets you create SecureChange tickets for rules modification, recertification or decommission

Fields
Field Name Description
createTicketDraft - CreateTicketDraftResult! Create a ticket draft in SecureChange
Arguments
Example
{"createTicketDraft": CreateTicketDraftResult}

RuleQuery

Description

Query for Rule objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Rule objects matching the specified filter.
counts - [CountsResult!]! Gets the number of entities matching a filter, grouped by selected fields.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

groupBy - [String!]!

Results are grouped either by Device parameters or USP parameters. Fields that can be used to group the results: "vendor","device.id","device.name","violations.usp.name","violations.usp.id"

offset - Long

Offset results for paging.

orderBy - countsOrderBy

Sorts the results by the specified field. When not explicitly set, the default field is "GROUP"

orderDirection - orderDirection

Specifies whether the results should be sorted in ascending or descending order. When not explicitly set, the default order is "ASC"

values - [Rule!]! A list of Rule objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "count": {},
  "counts": [CountsResult],
  "values": [Rule]
}

RuleSchedule

Description

Schedule values for rule

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
endTime - DateTime End time
id - ID! The internal unique identifier for this entity
name - String The name of the entity
scheduledDays - String Days
scheduledMonth - String Month
scheduledMonthDays - String Days of month
startTime - DateTime Start time
system - BasicSystem The system (root device) that this entity belongs to
timePeriods - [TimePeriodInDay!] List of time periods
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "endTime": "2007-12-03T10:15:30Z",
  "id": "4",
  "name": "xyz789",
  "scheduledDays": "abc123",
  "scheduledMonth": "xyz789",
  "scheduledMonthDays": "abc123",
  "startTime": "2007-12-03T10:15:30Z",
  "system": BasicSystem,
  "timePeriods": [TimePeriodInDay],
  "version": 123
}

RuleServiceTraffic

Description

Network service objects definition for rule service field

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - ServicePredefinedValue Predefined value to define Any service
typeDisplay - String RuleServiceTraffic will always be of type "Service"
values - [ServiceObject!] List of device network services objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": false,
  "predefinedValue": "ANY_IPV4_SERVICE",
  "typeDisplay": "xyz789",
  "values": [Group]
}

RuleTimeTraffic

Description

Schedules definition for rule

Fields
Field Name Description
predefinedValue - SchedulePredefinedValue Predefined value for schedule of type Any
typeDisplay - String RuleTimeTraffic will always be of type "Time"
values - [RuleSchedule!] List of schedules
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_SCHEDULE",
  "typeDisplay": "abc123",
  "values": [RuleSchedule]
}

RuleTrackLevel

Description

Rule logging track level

Values
Enum Value Description

ACCOUNT

Update the log at given intervals

ALERT

Generate a log of type Alert and run a command

ALERTS

Generate a log if immediate action is required

CRITICAL

Generate a log if functionality is affected

DEBUGGING

Generate a log for debugging

DEFAULT

Default logging track level

DISABLED

Logging is disabled

EMERGENCIES

Generate a log if system becomes unstable.

ERRORS

Generate a log if there is an error condition exists and functionality could be affected

INFORMATIONAL

Generate a log with general information about system operations

MAIL

Generate a log of type Alert and send an email to the administrator

NOTIFICATIONS

Generate a log with information about normal events

RTL_LOG

This is the default Track option

RTL_NONE

Do not generate a log

SNMP

Generate a log of type Alert and send an SNMP alert

USER_DEFINED

Generate a log of type Alert and send customized alerts

WARNINGS

Generate a log if functionality could be affected
Example
"ACCOUNT"

RuleTrafficViolationData

Description

The RuleTrafficViolationData entity holds data of the traffic values that are being violated by the rule

Fields
Field Name Description
trafficRestriction - TrafficUspRestriction The TrafficUspRestriction value that was violated by this rule
violatedApplicationPredefinedValue - ApplicationPredefinedValue The ApplicationPredefinedValue that was violated by the rule
violatedServicePredefinedValue - ServicePredefinedValue The ServicePredefinedValue that was violated by the rule
violatingApplications - [Application!] A list of every Application that was violated by the rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingServices - [Service!] A list of every Service that was violated by this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "trafficRestriction": TrafficUspRestriction,
  "violatedApplicationPredefinedValue": "ANY_APPLICATION",
  "violatedServicePredefinedValue": "ANY_IPV4_SERVICE",
  "violatingApplications": [Application],
  "violatingServices": [IcmpService]
}

RuleUrlCategory

Description

URLs category with optional predefined value

Fields
Field Name Description
predefinedValue - UrlCategoryPredefinedValue Predefined value for URL categories of type Any
typeDisplay - String RuleUrlCategory will always be of type "URL category"
values - [UrlCategory!] List of URLs categories
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_URL_CATEGORY",
  "typeDisplay": "xyz789",
  "values": [UrlCategory]
}

RuleUsageStatus

Description

Status of last hit check

Values
Enum Value Description

RULE_LAST_HIT_ERROR

Last hit information has not been received for 3 days

RULE_LAST_HIT_READY

Last hit information is up-to-date
Example
"RULE_LAST_HIT_ERROR"

RuleUserData

Description

Additional information such as a description that can be customized

Fields
Field Name Description
automationAttribute - AutomationAttribute Rule type (regular or stealth)
certification - Certification Rule recertification is used to document and verify the need for a rule, often for standards compliance and auditing.
ruleDescription - String Rule description.
saApplications - [SaApplication!] List of SecureApp applications, associated to this rule.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

securechangeTicketInProgressId - String SecureChange ticket in progress
technicalOwner - User Owner for the rule
technicalOwnerName - String
tickets - [Ticket!] List of tickets, opened for this rule.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "automationAttribute": "LEGACY",
  "certification": Certification,
  "ruleDescription": "xyz789",
  "saApplications": [SaApplication],
  "securechangeTicketInProgressId": "abc123",
  "technicalOwner": User,
  "technicalOwnerName": "xyz789",
  "tickets": [Ticket]
}

RuleUserDataMutation

Description

Use this entity to update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rules.

Fields
Field Name Description
createTicket - CreateTicketResult! Create a ticket for a rule.
Arguments
deleteTickets - DeleteTicketsResult! Delete tickets.
Arguments
updateRuleAutomationAttribute - UpdateRuleAutomationAttributeResult! Update an automation attribute for a rule.
updateRuleDescription - UpdateRuleDescriptionResult! Update description for a rule.
Arguments
updateRuleTechnicalOwner - UpdateRuleTechnicalOwnerResult! Update a technical owner for a rule.
Arguments
updateTicket - UpdateTicketResult! Update a ticket.
Arguments
Example
{
  "createTicket": CreateTicketResult,
  "deleteTickets": DeleteTicketsResult,
  "updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
  "updateRuleDescription": UpdateRuleDescriptionResult,
  "updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
  "updateTicket": UpdateTicketResult
}

RuleUserTraffic

Description

Network users objects definition for rule user field

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - UserPredefinedValue Predefined values to define well known user behavior
typeDisplay - String RuleUserTraffic will always be of type "User"
values - [RuleUserValue!] List of device network users objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": "ALL_IDENTIFY",
  "typeDisplay": "xyz789",
  "values": [AccessRole]
}

RuleUserValue

Types
Union Types

AccessRole

Group

LdapUser

LocalUser

Example
AccessRole

RuleViolatedProperty

Description

The RuleViolatedProperty entity holds data of the property values that are being violated by the rule

Fields
Field Name Description
propertyRestriction - PropertyUspRestriction The PropertyUspRestriction that was violated by this rule
scalarValue - String A numeric value related to the violated property
Example
{
  "propertyRestriction": PropertyUspRestriction,
  "scalarValue": "abc123"
}

RuleViolation

Description

Contains data about Rule Violations. Violations can be filtered by rule, USP, source zone, destination zone, and type (flow, property or traffic).

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
exceptions - [BasicUspExceptionInfo!]
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

flowsViolationData - RuleFlowsViolationData The RuleFlowsViolationData of the rule violation
fromZoneMatchingObjects - [NetworkObject!] A list of every NetworkObject in the source zone
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

id - ID! The internal unique identifier for this entity
matchingDestinationPredefinedValue - NetworkPredefinedValue The network type of the destination zones as identified in the zoneToZoneMatcher entity
matchingSourcePredefinedValue - NetworkPredefinedValue The network type of the source zones as identified in the zoneToZoneMatcher entity
name - String This property is not supported
negatedMatchingDestination - Boolean negatedMatchingDestination will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule destination with a negated value. The toZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation.
negatedMatchingSource - Boolean negatedMatchingSource will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule source with a negated value. The fromZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation.
propertyViolationData - RuleViolatedProperty A list of every RuleViolatedProperty that was violated by this rule
requirement - UspRequirement A set of conditions that apply to a single pair of SecureTrack network zones relation (from-to) that will be enforced by the USP
ruleViolationSeverity - ViolationSeverity The ViolationSeverity assigned to this violation by the USP
timeCreated - DateTime The date and time that this violation first occurred
toZoneMatchingObjects - [NetworkObject!] A list of every NetworkObject in the destination zone
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

trafficViolationData - RuleTrafficViolationData The RuleTrafficViolationData of the rule violation
usp - BasicUspInfo The ID of the USP that is violated by this rule
violationOrigin - [ViolationOrigin!] This contains a list of every Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on and list of every SecurityPolicy that the rule evaluates
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

zoneToZoneMatcher - ZoneToZoneUspRequirementMatcher The ZoneToZoneUspRequirementMatcher entity that identifies the source and destination zones violated by this rule
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "exceptions": [BasicUspExceptionInfo],
  "flowsViolationData": RuleFlowsViolationData,
  "fromZoneMatchingObjects": [AccessRole],
  "id": "4",
  "matchingDestinationPredefinedValue": "ANY_IPV4_NETWORK",
  "matchingSourcePredefinedValue": "ANY_IPV4_NETWORK",
  "name": "xyz789",
  "negatedMatchingDestination": true,
  "negatedMatchingSource": true,
  "propertyViolationData": RuleViolatedProperty,
  "requirement": UspRequirement,
  "ruleViolationSeverity": "CRITICAL",
  "timeCreated": "2007-12-03T10:15:30Z",
  "toZoneMatchingObjects": [AccessRole],
  "trafficViolationData": RuleTrafficViolationData,
  "usp": BasicUspInfo,
  "violationOrigin": [ViolationOrigin],
  "zoneToZoneMatcher": ZoneToZoneUspRequirementMatcher
}

RuleVpnTraffic

Description

VPN communities definition for rule vpn field

Fields
Field Name Description
predefinedValue - VpnPredefinedValue Value for VPN entity of type Any
typeDisplay - String RuleVpnTraffic will always be of type "VPN"
values - [VpnCommunity!] List of VPN communities
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ALL_COMMUNITIES",
  "typeDisplay": "abc123",
  "values": [VpnCommunity]
}

RuleZoneTraffic

Description

Network zones definition for rule sourceZone and destZone fields

Fields
Field Name Description
predefinedValue - ZonePredefinedValue Any zone
typeDisplay - String Rule zone traffic direction in rule (Source, Destination)
values - [Zone!] List of network zones
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_ZONE",
  "typeDisplay": "abc123",
  "values": [Zone]
}

SaApplication

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
owner - String
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "id": "4",
  "name": "abc123",
  "owner": "xyz789"
}

SchedulePredefinedValue

Description

Predefined values for schedule of type Any

Values
Enum Value Description

ANY_SCHEDULE

Any schedule
Example
"ANY_SCHEDULE"

SecurityPolicy

Description

Set of rules which define whether the traffic should be allowed access

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified Permission requires
comment - String A text comment associated with this entity Permission requires
defaultAction - RuleActionType Default rule action (Allow, Deny, or Goto) Permission requires
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
installedOnTarget - SecurityPolicyInstallationTargets Firewalls where this security policy has been installed Permission requires
interZoneAction - RuleActionType Rule action (Allow, Deny, or Goto) for external network zones Permission requires
intraZoneAction - RuleActionType Rule action (Allow, Deny, or Goto) for internal network zones Permission requires
ipType - IpType The type of IP address (for example IPv4 or IPv6) that this security policy uses
name - String The name of the entity
policyTags - [String!] List of tags Permission requires
system - BasicSystem The system (root device) that this entity belongs to Permission requires
type - SecurityPolicyType! The type of the security policy
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "defaultAction": "ALLOW",
  "device": BasicDevice,
  "id": "4",
  "installedOnTarget": SecurityPolicyInstallationTargets,
  "interZoneAction": "ALLOW",
  "intraZoneAction": "ALLOW",
  "ipType": "IPV4",
  "name": "abc123",
  "policyTags": ["xyz789"],
  "system": BasicSystem,
  "type": "ACL",
  "version": 123
}

SecurityPolicyInstallationTargets

Description

Firewalls and interfaces that use security policy.

Fields
Field Name Description
fwModules - [BasicDevice!] Firewalls that use security policy.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"fwModules": [BasicDevice]}

SecurityPolicyType

Description

The type of the security policy, the policy type may be based on the device vendor

Values
Enum Value Description

ACL

Access Control List that rules are placed in. For example CISCO firewalls.

DEVICE_GROUP

The device group container that rules are placed in. For example, all Panorama firewalls could be placed in a group.

INLINE_LAYER

POLICY

Generic container for rules

SECURITY_GROUP

The Security Group that rules are placed in. For example Amazon public cloud.
Example
"ACL"

SecurityProfile

Description

Security profile

Fields
Field Name Description
category - String Category of this profile
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "category": "abc123",
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

SecurityProfileValue

Types
Union Types

Group

SecurityProfile

Example
Group

SecurityZone

Description

Security zone.

Fields
Field Name Description
appliedToAnyDomain - Boolean If true, the security zone belongs to the 'All Domains' context. Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
domain - Domain The domain on which this security zone is configured.
id - ID! The internal unique identifier for this entity.
name - String Name of security zone.
sharedInDomains - [Domain!] If the zone is shared and is exported to other domains, the list contains other domains that imported this zone. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "appliedToAnyDomain": true,
  "changed": "2007-12-03T10:15:30Z",
  "domain": Domain,
  "id": "4",
  "name": "abc123",
  "sharedInDomains": [Domain]
}

SecurityZoneQuery

Description

Query for SecurityZone objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of SecurityZone objects matching the specified filter.
values - [SecurityZone!]! A list of SecurityZone objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [SecurityZone]}

Service

Example
IcmpService

ServiceAndApplicationConditionInput

Description

Condition on services or applications.

Fields
Input Field Description
applications - [ApplicationString!]

List of predefined applications names.

services - [ServiceExpressionString!]

List of services expressions.

Example
{
  "applications": [ApplicationString],
  "services": [ServiceExpressionString]
}

ServiceExpressionString

Description

A service expression. Can be either one of the known predefined services, or in a protocol format (TCP, UDP, Other, or ICMP).

Valid protocol input patterns:

  • TCP
  • TCP [port_number] (valid ports 0-65535)
  • TCP [min_port]-[max_port] (valid ports 0-65535 where max_port must be greater or equal to min_port)
  • Input as a String literal

Examples: "TCP","TCP 20", "TCP 30-40".

Example
ServiceExpressionString

ServiceObject

Description

Device network service object

Example
Group

ServicePredefinedValue

Description

Predefined values to define Any service.

Values
Enum Value Description

ANY_IPV4_SERVICE

Any service to use with IPv4 sources.

ANY_IPV6_SERVICE

Any service to use with IPv6 sources.

ANY_SERVICE

Any service to use either with IPv4 or IPv6 sources.

APPLICATION_DEFAULT_SERVICE

Default service point for the network application.
Example
"ANY_IPV4_SERVICE"

ServicesAndApplicationsCondition

Description

Condition on RuleViolations' services and applications - list of services expressions and applications names. The condition is satisfied if either services or applications intersect with RuleViolation's services or applications.

Fields
Field Name Description
applicationNames - [String!] List of predefined application names.
servicesExpressions - [String!] List of services expressions.
Example
{
  "applicationNames": ["abc123"],
  "servicesExpressions": ["abc123"]
}

SessionUser

Description

The entity containing the details of the current principle user in session

Fields
Field Name Description
email - String User account details - the user's email address
firstName - String User account details - first name
id - String The unique immutable user identifier
lastName - String User account details - last name
permissions - [Permission] The set of system functions grants (by name) that are granted to the user
profileGroupName - String Name of the user's profile group (based on last login)
username - String The unique name of the user (used for login)
Example
{
  "email": "abc123",
  "firstName": "abc123",
  "id": "abc123",
  "lastName": "xyz789",
  "permissions": [Permission],
  "profileGroupName": "xyz789",
  "username": "abc123"
}

ShadowedStatus

Description

This shows whether firewall could use the rule or there is upper rule that do the same.

Values
Enum Value Description

FULLY_SHADOWED

Firewall does not use the rule because there is upper rule that do the same.

NOT_SHADOWED

Firewall uses the rule.

PARTIAL_SHADOWED

There are parts of rule that are already covered by upper rules.
Example
"FULLY_SHADOWED"

StepStatus

Description

The status of a specific version-related calculation.

Fields
Field Name Description
errorMessage - String The error message that was returned from the calculation process in case of failure.
name - String The name of the calculation.
status - ProgressStatus The status of the calculation.
updated - DateTime The last time the calculation step was updated.
Example
{
  "errorMessage": "xyz789",
  "name": "abc123",
  "status": "COMPLETED",
  "updated": "2007-12-03T10:15:30Z"
}

String

Description

The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.

Example
"xyz789"

Subnet

Description

Logical subdivision of an IP network.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
cidr - Int Specifies bit-length of the prefix in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix.
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipType - IpType The IP address this network has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
name - String The name of the entity
netmask - String Define the class and range of Internet Protocol (IP) addresses. It will either take the form of an IPv4 or IPv6.
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "cidr": 987,
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "ip": "abc123",
  "ipType": "IPV4",
  "name": "xyz789",
  "netmask": "xyz789",
  "system": BasicSystem,
  "version": 123
}

SupportingIP

Description

Network element supports IP definition.

Fields
Field Name Description
ipType - IpType The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
Possible Types
SupportingIP Types

IpAddress

Host

IpRange

Subnet

SecurityPolicy

Example
{"ipType": "IPV4"}

System

Description

Root device that manages the dependent devices

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified Permission requires
deleted - Boolean Permission requires
id - ID! The internal unique identifier for this entity
ipAddress - String IP address of the root device Permission requires
model - ModelName Model of this device
modelDisplayName - String Model name of this device
monitoredByOPMAgent - Boolean True indicates that the system monitored by OPM agent
name - String The name of the entity
opmAgentId - String Open policy management (OPM) agent ID Permission requires
systemFields - [SystemFieldValue!] System specific text fields Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

vendor - VendorName Vendor type of this device
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "deleted": false,
  "id": 4,
  "ipAddress": "abc123",
  "model": "ASA",
  "modelDisplayName": "xyz789",
  "monitoredByOPMAgent": false,
  "name": "xyz789",
  "opmAgentId": "xyz789",
  "systemFields": [SystemFieldValue],
  "vendor": "AMAZON"
}

SystemField

Fields
Field Name Description
fieldType - SystemFieldType Field type
mandatory - Boolean True indicates that the System Field is required
name - String Field name
Example
{
  "fieldType": "SECRET",
  "mandatory": true,
  "name": "xyz789"
}

SystemFieldInput

Description

System field type definition

Fields
Input Field Description
fieldType - SystemFieldType!

Field type

mandatory - Boolean!

True indicates that the System Field Value is required

name - Name!

Field name

Example
{"fieldType": "SECRET", "mandatory": false, "name": Name}

SystemFieldType

Values
Enum Value Description

SECRET

Text that will be encrypted by the application, and will be displayed as "Null" in the query results

STRING

Non-encrypted text
Example
"SECRET"

SystemFieldValue

Description

System field definition

Fields
Field Name Description
fieldType - SystemFieldType Field type
mandatory - Boolean True indicates that the System Field Value is required
name - String Field name
value - String Text value
Example
{
  "fieldType": "SECRET",
  "mandatory": false,
  "name": "abc123",
  "value": "xyz789"
}

SystemFieldValueInput

Description

System field definition

Fields
Input Field Description
field - SystemFieldInput!

Field type

value - FreeText!

Text value

Example
{
  "field": SystemFieldInput,
  "value": FreeText
}

SystemMutation

Fields
Field Name Description
createSystem - CreateSystemResult! Create system
Arguments
deleteSystem - DeleteSystemResult! Delete system
Arguments
updateSystem - UpdateSystemResult! Update system
Arguments
Example
{
  "createSystem": CreateSystemResult,
  "deleteSystem": DeleteSystemResult,
  "updateSystem": UpdateSystemResult
}

SystemProperties

Fields
Field Name Description
modelDisplayName - String Device model name
systemFields - [SystemField!] System specific text fields
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "modelDisplayName": "abc123",
  "systemFields": [SystemField]
}

SystemQuery

Description

Query for System objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of System objects matching the specified filter.
values - [System!]! A list of System objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [System]}

TQLSearchType

Values
Enum Value Description

RULE

Example
"RULE"

Ticket

Fields
Field Name Description
automatic - Boolean
businessOwner - String The owner of the ticket
changed - DateTime The most recent time that this entity was directly modified
comment - String
email - String Contact email
externalUrl - String
id - ID! The internal unique identifier for this entity
name - String The name of the entity
originTicketId - String Ticket identifier
secureChangeTicket - Boolean If true, it is a ticket originated by SecureChange
timeCreation - DateTime
timeExpiration - DateTime Ticket expiration date
Example
{
  "automatic": true,
  "businessOwner": "xyz789",
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "email": "abc123",
  "externalUrl": "xyz789",
  "id": "4",
  "name": "abc123",
  "originTicketId": "xyz789",
  "secureChangeTicket": false,
  "timeCreation": "2007-12-03T10:15:30Z",
  "timeExpiration": "2007-12-03T10:15:30Z"
}

TimePeriodInDay

Description

Time definition

Fields
Field Name Description
endHour - Int End hour
endMinute - Int End minute
startHour - Int Start hour
startMinute - Int Start minute
Example
{"endHour": 987, "endMinute": 987, "startHour": 987, "startMinute": 123}

TimedCount

Description

A single pair (timestamp and count) in the trend query.

Fields
Field Name Description
count - Long! The returned count value in the trend query.
timestamp - Date! The returned timestamp value in the trend query.
Example
{"count": {}, "timestamp": "2007-12-03"}

TrafficUspRestriction

Description

A condition that defines the allowed traffic from one SecureTrack network zone to another.

Fields
Field Name Description
applicationNames - [String!] List of predefined applications names.
restrictionType - RestrictionType Traffic USP restriction will always be of type "Traffic".
servicesExpressions - [String!]

List of either predefined services names or custom services defined by protocol and port ("TCP 10-20" or "UDP 80" for example). The supported protocols are:

  • TCP
  • UDP
  • ICMP
  • Other - All protocols that are not TCP, UDP and ICMP are regarded as Other.
trafficUspRestrictionType - TrafficUspRestrictionType The traffic restriction type (Allow only, Block only, Allow all, Block all).
Example
{
  "applicationNames": ["xyz789"],
  "restrictionType": "DESTINATION_IPS_MAX_COUNT",
  "servicesExpressions": ["xyz789"],
  "trafficUspRestrictionType": "ALLOW_ALL"
}

TrafficUspRestrictionInput

Description

Traffic USP restriction (TrafficUspRestriction).

Fields
Input Field Description
applicationNames - [ApplicationString!]

Application names.

servicesExpressions - [ServiceExpressionString!]

Services expressions.

type - TrafficUspRestrictionType!

Traffic USP restriction type (TrafficUspRestrictionType).

Example
{
  "applicationNames": [ApplicationString],
  "servicesExpressions": [ServiceExpressionString],
  "type": "ALLOW_ALL"
}

TrafficUspRestrictionType

Description

Enumeration of valid traffic restriction types.

Values
Enum Value Description

ALLOW_ALL

All traffic is allowed.

ALLOW_ONLY

Traffic is permitted only for the provided services or applications.

BLOCK_ALL

No traffic is allowed.

BLOCK_ONLY

Traffic is prohibited only for the provided services or applications.
Example
"ALLOW_ALL"

TransportService

Description

Service definition

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
maxPort - Int The last service port number in range, including
minPort - Int The first service port number in range, including
name - String The name of the entity
negated - Boolean Rule will use all service ports, except specified in minPort and maxPort in case this value is true
protocol - TransportServiceProtocol Service protocol name. For example: FTP
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "maxPort": 123,
  "minPort": 987,
  "name": "abc123",
  "negated": true,
  "protocol": "SCTP",
  "system": BasicSystem,
  "version": 123
}

TransportServiceProtocol

Description

Division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model.

Values
Enum Value Description

SCTP

Stream Control Transmission Protocol (SCTP).

TCP

Transmission Control Protocol (TCP).

UDP

User Datagram Protocol (UDP).
Example
"SCTP"

TrendQueryInput

Description

The TrendQueryInput displays information from the metric ID parameter, over time.

Fields
Input Field Description
appliedToAnyDomain - Boolean!

If true, the metric will be collected from all the system domains. If false, the metric will be collected only from specified domains.

domain - IdString

The domain ID associated with the query.

metricId - FreeText!

The parameter that will be displayed in the trend query for the defined time span. Should be one of: disabled_rules, unused_rules, fully_shadowed_rules, rules_violation_highest_severity_low, rules_violation_highest_severity_medium, rules_violation_highest_severity_high, rules_violation_highest_severity_critical

timeSpan - Int!

The number of days included in the trend query, counted from the day before the current day.

Example
{
  "appliedToAnyDomain": false,
  "domain": IdString,
  "metricId": FreeText,
  "timeSpan": 987
}

TrendResult

Description

Returns the query status, and the set of values collected for the metric over the time span defined.

Fields
Field Name Description
resultStatus - ResultStatus! Status of the trend request.
timedCounts - [TimedCount!]! The complete result of the trend query, presented as a list of dates and values.
Example
{
  "resultStatus": ResultStatus,
  "timedCounts": [TimedCount]
}

URL

Description

URL entity

Example
"http://www.test.com/"

UpdateDeviceInclusionInCalculationInput

Description

Updates whether the device is included in the violation calculation

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the device will be included in the violation calculations for All Domains. False indicates that the violation calculations will only apply to the specified domain.

deviceId - IdString!

The Device ID

domain - IdString

The ID of the domain that the violation calculation is applied to. Note: If appliedToAnyDomain is set to True this value is ignored.

include - Boolean!

Indicates whether the device is included or excluded from violation calculation

Example
{
  "appliedToAnyDomain": false,
  "deviceId": IdString,
  "domain": IdString,
  "include": true
}

UpdateDeviceInclusionInCalculationResult

Description

Returns the status result when updating whether the device is included in the violation calculation

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to update whether the device is included in the violation calculation
Example
{"resultStatus": ResultStatus}

UpdateProtectionModeInput

Description

Updates the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface.

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the protection mode of the device will be updated for All Domains. False indicates that the protection mode will be updated only for the specified domain.

deviceId - IdString!

The Device ID

domain - IdString

The ID of the domain that the protection mode will be updated for. Note: If appliedToAnyDomain is set to True this value is ignored.

protectionMode - ProtectionMode!

The ZoneProtectionMode value

Example
{
  "appliedToAnyDomain": false,
  "deviceId": IdString,
  "domain": IdString,
  "protectionMode": "CONNECTED_ZONES"
}

UpdateProtectionModeResult

Description

Returns the status result when updating the protection mode of a Device to the type of SecureTrack network zones that will be used in the violation calculation

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to update the protection mode of Device to the type of SecureTrack network zones that will be used in the violation calculation
Example
{"resultStatus": ResultStatus}

UpdateRuleAutomationAttributeInput

Description

Update the automation attribute for a rule.

Fields
Input Field Description
automationAttribute - AutomationAttribute

Automation attribute to update.

ids - [IdString!]!

List of affected rule IDs.

Example
{"automationAttribute": "LEGACY", "ids": [IdString]}

UpdateRuleAutomationAttributeResult

Description

Returns the status results when updating automation attribute for a rule.

Fields
Field Name Description
ids - [ID!]! IDs of the updated rules.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

UpdateRuleDescriptionInput

Description

Update description for a rule.

Fields
Input Field Description
description - FreeText

Description to update.

ids - [IdString!]!

List of affected rule IDs.

Example
{
  "description": FreeText,
  "ids": [IdString]
}

UpdateRuleDescriptionResult

Description

Returns the status results when updating the description for a rule.

Fields
Field Name Description
ids - [ID!] IDs of updated rules.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

UpdateRuleTechnicalOwnerInput

Description

Update the technical owner for a rule.

Fields
Input Field Description
ids - [IdString!]!

List of affected rule IDs.

technicalOwnerId - IdString

The ID of the technical owner to update.

Example
{
  "ids": [IdString],
  "technicalOwnerId": IdString
}

UpdateRuleTechnicalOwnerResult

Description

Returns the status results when updating the technical owner for a rule.

Fields
Field Name Description
ids - [ID!]! IDs of updated rules.
resultStatus - ResultStatus! Result of the operation.
Example
{"ids": [4], "resultStatus": ResultStatus}

UpdateSystemInput

Fields
Input Field Description
appliedToAnyDomain - Boolean

This property is not currently supported

domain - IdString

This property is not currently supported

id - IdString!

Systems ID to update

ipAddress - IpAddressString

IP address of the root device

name - Name!

System name

properties - [SystemFieldValueInput!]

System properties

Example
{
  "appliedToAnyDomain": true,
  "domain": IdString,
  "id": IdString,
  "ipAddress": IpAddressString,
  "name": Name,
  "properties": [SystemFieldValueInput]
}

UpdateSystemResult

Fields
Field Name Description
id - ID Application internal ID of updated system
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

UpdateTicketInput

Description

Update a ticket for a rule.

Fields
Input Field Description
businessOwner - FreeText

Business owner name for a rule.

comment - FreeText

Comment for a ticket.

email - EmailAddress

Business owner Email address for a rule.

expirationDate - DateTime

Expiration date for a ticket.

externalUrl - URL

External URL for a ticket.

id - IdString!

ID of the ticket to update.

originTicketId - FreeText

ID information for a ticket, only required if a SecureChange ticket is linked.

secureChangeTicket - Boolean

Mark as true if the ticket is a SecureChange ticket.

Example
{
  "businessOwner": FreeText,
  "comment": FreeText,
  "email": "[email protected]",
  "expirationDate": "2007-12-03T10:15:30Z",
  "externalUrl": "http://www.test.com/",
  "id": IdString,
  "originTicketId": FreeText,
  "secureChangeTicket": true
}

UpdateTicketResult

Description

Returns the status results when updating a ticket for a rule.

Fields
Field Name Description
id - ID ID of the updated ticket.
resultStatus - ResultStatus! Result of the operation.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

UpdateUserTQLSearchInput

Description

Update a TQL query

Fields
Input Field Description
description - FreeText

Description of the query

id - IdString!

Unique identifier of the query

name - Name!

Name of the query

public - Boolean!

If true, the query is public

query - String!

TQL expression saved as part of the query

Example
{
  "description": FreeText,
  "id": IdString,
  "name": Name,
  "public": false,
  "query": "xyz789"
}

UpdateUserTQLSearchResult

Description

Returns the status results when updating a TQL query

Fields
Field Name Description
id - ID Unique identifier of the updated query
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

UpdateUspAlertConfigInput

Description

Update a USP alert.

Fields
Input Field Description
allDevices - Boolean!

If set to True, the devicesIds field is ignored and this alert applies to all devices.

allUsps - Boolean!

If set to True, the uspId field is ignored and this alert applies to all USPs.

description - FreeText

Alert description.

devicesIds - [IdString!]

This alert applies only for the specified devices. Add a list Device IDs.

disabled - Boolean!

Set to true to disable this alert.

externalRecipientsEmails - [EmailAddress!]

Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users.

id - IdString!

ID of the alert you want to update.

name - Name!

Alert name.

recipientsIds - [IdString!]

Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user.

severities - [ViolationSeverity!]!

This alert is sent for violations of all the selected severities.

syslogEnabled - Boolean!

Set to True if syslog the alert should also be sent via syslog.

uspId - IdString

This alert applies only to the specified USP. Add a single USP ID only.

Example
{
  "allDevices": true,
  "allUsps": false,
  "description": FreeText,
  "devicesIds": [IdString],
  "disabled": false,
  "externalRecipientsEmails": [
    "[email protected]"
  ],
  "id": IdString,
  "name": Name,
  "recipientsIds": [IdString],
  "severities": ["CRITICAL"],
  "syslogEnabled": false,
  "uspId": IdString
}

UpdateUspAlertConfigResult

Description

Returns the status results when updating a new USP alert.

Fields
Field Name Description
id - ID ID of the updated alert.
resultStatus - ResultStatus! Status of request to update a USP alert.
Example
{"id": 4, "resultStatus": ResultStatus}

UpdateUspInput

Description

Updates an existing USP.

Fields
Input Field Description
description - FreeText

USP description.

id - IdString!

USP ID.

name - Name!

USP name.

securityZonesIds - [IdString!]!

The USP updated SecureTrack network zones IDs. Zones that are in this list this does not exist in the USP will be added. Zones that are not in this list and appear in the USP will be deleted. Zones that are in this list and appear in the USP will remain.

Example
{
  "description": FreeText,
  "id": IdString,
  "name": Name,
  "securityZonesIds": [IdString]
}

UpdateUspRequirementInput

Description

Updates a USP requirement.

Fields
Input Field Description
description - FreeText

Requirement description.

destSecurityZoneId - IdString!

Requirement's destination SecureTrack network zone (to zone).

restrictions - UspRestrictionsInput!

Requirement restriction.

severity - ViolationSeverity!

Requirement severity.

srcSecurityZoneId - IdString!

Requirement's source SecureTrack network zone (from zone).

uspId - IdString!

USP ID.

Example
{
  "description": FreeText,
  "destSecurityZoneId": IdString,
  "restrictions": UspRestrictionsInput,
  "severity": "CRITICAL",
  "srcSecurityZoneId": IdString,
  "uspId": IdString
}

UpdateUspRequirementResult

Description

Returns the status results when updating a USP requirement.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to updating a USP requirement.
Example
{"resultStatus": ResultStatus}

UpdateUspResult

Description

Returns the status results when updating a USP.

Fields
Field Name Description
id - ID USP ID.
resultStatus - ResultStatus! Status of request to update a USP.
Example
{"id": 4, "resultStatus": ResultStatus}

UpdateUspRuleExceptionInput

Fields
Input Field Description
approver - FreeText
description - FreeText
disabled - Boolean!
endDate - Date
id - IdString!
name - Name!
rules - RuleExceptionConditionInput!
startDate - Date
ticketId - FreeText
usps - [UspExceptionConditionInput!]
Example
{
  "approver": FreeText,
  "description": FreeText,
  "disabled": false,
  "endDate": "2007-12-03",
  "id": IdString,
  "name": Name,
  "rules": RuleExceptionConditionInput,
  "startDate": "2007-12-03",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

UpdateUspRuleExceptionResult

Fields
Field Name Description
id - ID
resultStatus - ResultStatus!
Example
{"id": 4, "resultStatus": ResultStatus}

UpdateUspTrafficExceptionInput

Description

Update a UspException.

Fields
Input Field Description
approver - FreeText

User that approved the UspException.

description - FreeText

UspException description.

destinationEntityIds - [IdString!]

Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group.

destinations - [IpAddressString!]

Destination condition - list of IPs/subnets.

disabled - Boolean!

Set to true to disable this UspException. When disabled, UspException will have no impact on RuleViolations.

endDate - Date

Last date that the UspException is active.

id - IdString!

UspException ID.

name - Name!

UspException name.

servicesAndApplications - ServiceAndApplicationConditionInput
sourceEntityIds - [IdString!]

Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group.

sources - [IpAddressString!]

Source condition - list of IPs/subnets.

startDate - Date

First date that the UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]
Example
{
  "approver": FreeText,
  "description": FreeText,
  "destinationEntityIds": [IdString],
  "destinations": [IpAddressString],
  "disabled": false,
  "endDate": "2007-12-03",
  "id": IdString,
  "name": Name,
  "servicesAndApplications": ServiceAndApplicationConditionInput,
  "sourceEntityIds": [IdString],
  "sources": [IpAddressString],
  "startDate": "2007-12-03",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

UpdateUspTrafficExceptionResult

Description

Returns the status results when updating a UspException.

Fields
Field Name Description
id - ID Updated UspException ID.
resultStatus - ResultStatus! Status of request to update a UspException.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

UrlCategory

Description

The category of the URL as determined by the device

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
urls - [String!] List of URLs
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "system": BasicSystem,
  "urls": ["abc123"],
  "version": 987
}

UrlCategoryPredefinedValue

Description

Predefined values for URL categories of type Any

Values
Enum Value Description

ANY_URL_CATEGORY

Any URL category
Example
"ANY_URL_CATEGORY"

User

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified Permission requires
email - String Permission requires
firstName - String
id - ID! The internal unique identifier for this entity
isProfileGroupMember - Boolean Permission requires
lastName - String
name - String The name of the entity
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "email": "abc123",
  "firstName": "abc123",
  "id": "4",
  "isProfileGroupMember": false,
  "lastName": "abc123",
  "name": "xyz789"
}

UserPredefinedValue

Description

Predefined values to define well known user behavior

Values
Enum Value Description

ALL_IDENTIFY

All users existed on device

ANY_USER

Any user

PRE_AUTH_USER

Already authenticated user

UNAUTHENTICATED_GUESTS

Guest, not authenticated user
Example
"ALL_IDENTIFY"

UserQuery

Description

Query for User objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of User objects matching the specified filter.
values - [User!]! A list of User objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [User]}

UserTQLSearch

Fields
Field Name Description
appliedToAnyDomain - Boolean! If true, the query belongs to the 'All Domains' context.
changed - DateTime The most recent time that this entity was directly modified
description - String Description of the query
domain - Domain Domain in which the query was saved.
id - ID! Unique identifier of the query
name - String Name of the query
owner - User! User info of the query creator
public - Boolean! if true the query is public
query - String! TQL expression saved as part of the query
timeCreation - DateTime! Date query was created
type - TQLSearchType! The entity returned by the query
Example
{
  "appliedToAnyDomain": true,
  "changed": "2007-12-03T10:15:30Z",
  "description": "abc123",
  "domain": Domain,
  "id": 4,
  "name": "xyz789",
  "owner": User,
  "public": false,
  "query": "xyz789",
  "timeCreation": "2007-12-03T10:15:30Z",
  "type": "RULE"
}

UserTQLSearchMutation

Description

The userTQLSearch entity lets you create, update, or delete saved TQL queries

Fields
Field Name Description
changeUserTQLSearchesOwner - ChangeUserTQLSearchesOwnerResult! Change the owner of multiple TQL queries in bulk
createUserTQLSearch - CreateUserTQLSearchResult! Create and save a TQL query
Arguments
deleteUserTQLSearch - DeleteUserTQLSearchResult! Delete saved TQL queries
Arguments
updateUserTQLSearch - UpdateUserTQLSearchResult! Edit and save a TQL query
Arguments
Example
{
  "changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
  "createUserTQLSearch": CreateUserTQLSearchResult,
  "deleteUserTQLSearch": DeleteUserTQLSearchResult,
  "updateUserTQLSearch": UpdateUserTQLSearchResult
}

UserTQLSearchQuery

Description

Query for UserTQLSearch objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of UserTQLSearch objects matching the specified filter.
values - [UserTQLSearch!]! A list of UserTQLSearch objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [UserTQLSearch]}

UserUsage

Description

Object which represents usage information of users on the rule

Fields
Field Name Description
timeLastHit - DateTime Represents time when traffic was recorded for the user
usageStatus - UserUsageStatus Contains error information why traffic on user was not captured or CONFIGURED otherwise
user - RuleUserValue The identity of the user
Example
{
  "timeLastHit": "2007-12-03T10:15:30Z",
  "usageStatus": "CONFIGURED",
  "user": AccessRole
}

UserUsageStatus

Values
Enum Value Description

CONFIGURED

Status of last hit for user

LDAP_SERVER_COMMUNICATION_ERROR

Last hit information cannot be shown because an LDAP communication error occurred

LDAP_SERVER_NOT_CONFIGURED

To display last hit information for users, configure LDAP in Admin -> Configuration -> User Identity

LDAP_USER_NOT_FOUND

This user is not found in the LDAP server configured in SecureTrack
Example
"CONFIGURED"

UserValue

Types
Union Types

Group

LdapUser

LocalUser

Example
Group

UserWorkflow

Description

The UserWorkflow entity describes a SecureChange workflow. A workflow is a set of steps to complete a change request. For example, rule modification, recertification, or decommission.

Fields
Field Name Description
description - String! The workflow description.
name - String! The workflow name.
type - WorkFlowType! The workflow type.
Example
{
  "description": "xyz789",
  "name": "abc123",
  "type": "DECOMMISSION_RULES"
}

UserWorkflowsQuery

Description

Returns a list of all SecureChange workflows assigned to the current user.

Fields
Field Name Description
resultStatus - ResultStatus!
values - [UserWorkflow!]!
Example
{
  "resultStatus": ResultStatus,
  "values": [UserWorkflow]
}

Usp

Description

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Fields
Field Name Description
appliedToAnyDomain - Boolean Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP. Permission requires
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
requirements - [UspRequirement!] Set of conditions that apply to each USP matched entity (typically a source zone and destination zone) that will be enforced by the rule. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
securityZones - [SecurityZone!] SecureTrack zones that the USP enforces. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "appliedToAnyDomain": false,
  "changed": "2007-12-03T10:15:30Z",
  "description": "xyz789",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": "4",
  "name": "abc123",
  "requirements": [UspRequirement],
  "sameZoneDefaultRestrictions": UspRestrictions,
  "securityZones": [SecurityZone]
}

UspAlertConfig

Description

The UspAlertConfig entity shows the current configuration of a USP alert. Alerts can be configured to trigger when they meet the specific conditions you desire, including: a specific USP, a list of specific devices, and specific severity levels. Alerts can be sent via one or more of the following: to SecureTrack users, to external email addresses, and via syslog. Alerts can be disabled or enabled at any time. See AlertsConfigMutation for the complete list of supported configuration options. Permission requires

Fields
Field Name Description
allDevices - Boolean If True, the devicesIds field is ignored and this alert applies to all devices.
allUsps - Boolean If True, the uspId field is ignored and this alert applies to all USPs.
appliedToAnyDomain - Boolean
changed - DateTime The most recent time that this entity was directly modified
description - String Alert description.
devices - [Device!] This alert applies only for the specified devices.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

disabled - Boolean If True, the alert is disabled and will not be triggered.
domain - Domain
externalRecipientsEmails - [String!] Email addresses that will receive this alert.
id - ID! The internal unique identifier for this entity
name - String The name of the entity
recipients - [User!] SecureTrack User IDs that will receive this alert.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

syslogEnabled - Boolean If True, the alert will be sent via syslog.
timeCreated - DateTime Date alert was created.
usp - Usp This alert applies only to the specified USP.
valid - Boolean If False, the alert is no longer valid. An alert becomes invalid if all recipients, or all specified devices, or the USP is removed from SecureTrack.
violationSeverities - [ViolationSeverity!] This alert is sent for violations of all the selected severities.
Example
{
  "allDevices": true,
  "allUsps": false,
  "appliedToAnyDomain": true,
  "changed": "2007-12-03T10:15:30Z",
  "description": "abc123",
  "devices": [Device],
  "disabled": false,
  "domain": Domain,
  "externalRecipientsEmails": ["xyz789"],
  "id": "4",
  "name": "xyz789",
  "recipients": [User],
  "syslogEnabled": false,
  "timeCreated": "2007-12-03T10:15:30Z",
  "usp": Usp,
  "valid": false,
  "violationSeverities": ["CRITICAL"]
}

UspAlertConfigQuery

Description

Query for UspAlertConfig objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of UspAlertConfig objects matching the specified filter.
values - [UspAlertConfig!]! A list of UspAlertConfig objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [UspAlertConfig]}

UspCondition

Description

Condition on RuleViolations' Usps and SecurityZone pairs. If no SecureTrack zone pairs are configured in the condition, condition is satisfied for all RuleViolations of the given USP.

Fields
Field Name Description
usp - Usp Usp name.
zonePairs - [ZonePair!] Pairs of SecureTrack zones of the given usp.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "usp": Usp,
  "zonePairs": [ZonePair]
}

UspException

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
appliedToAnyDomain - Boolean Permission requires
approver - String User that approved the UspException. Permission requires
changed - DateTime The date that this UspException entity was last changed. Permission requires
creator - String Username of UspException creator. Permission requires
description - String UspException description.
disabled - Boolean If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires
domain - Domain Permission requires
id - ID! The internal unique identifier for this entity.
invalid - Boolean If true, the USP exception is not valid. Permission requires
name - String UspException unique name.
ticketId - String SecureChange ticket ID. Permission requires
timeCreated - DateTime Date UspException was created. Permission requires
timeEnd - DateTime Last date that the UspException is active. Permission requires
timeStart - DateTime First date that the UspException is active. Permission requires
usps - [UspCondition!] UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Possible Types
UspException Types

UspRuleException

UspTrafficException

Example
{
  "appliedToAnyDomain": true,
  "approver": "xyz789",
  "changed": "2007-12-03T10:15:30Z",
  "creator": "abc123",
  "description": "abc123",
  "disabled": false,
  "domain": Domain,
  "id": 4,
  "invalid": true,
  "name": "abc123",
  "ticketId": "xyz789",
  "timeCreated": "2007-12-03T10:15:30Z",
  "timeEnd": "2007-12-03T10:15:30Z",
  "timeStart": "2007-12-03T10:15:30Z",
  "usps": [UspCondition]
}

UspExceptionConditionInput

Description

Condition on USPs and SecureTrack zone pairs.

Fields
Input Field Description
uspId - IdString!

USP ID.

zones - [ZonePairInput!]

SecureTrack zone pairs.

Example
{
  "uspId": IdString,
  "zones": [ZonePairInput]
}

UspExceptionMutation

Description

The UspExceptionMutation entity lets you create, update or delete UspExceptions.

Fields
Field Name Description
addRulesToRuleException - AddRulesToRuleExceptionResult!
Arguments
createUspRuleException - CreateUspRuleExceptionResult!
Arguments
createUspTrafficException - CreateUspTrafficExceptionResult! Create a UspException.
deleteUspExceptions - DeleteUspExceptionResult! Delete one or more UspExceptions.
Arguments
updateUspRuleException - UpdateUspRuleExceptionResult!
Arguments
updateUspTrafficException - UpdateUspTrafficExceptionResult! Update a UspException.
Example
{
  "addRulesToRuleException": AddRulesToRuleExceptionResult,
  "createUspRuleException": CreateUspRuleExceptionResult,
  "createUspTrafficException": CreateUspTrafficExceptionResult,
  "deleteUspExceptions": DeleteUspExceptionResult,
  "updateUspRuleException": UpdateUspRuleExceptionResult,
  "updateUspTrafficException": UpdateUspTrafficExceptionResult
}

UspExceptionQuery

Description

Query for UspException objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of UspException objects matching the specified filter.
values - [UspException!]! A list of UspException objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [UspException]}

UspMutation

Description

The UspMutation entity lets you create, update or delete USPs.

Fields
Field Name Description
addSecurityZonesToUsp - AddSecurityZonesToUspResult! Add SecureTrack network zones to an existing USP.
Arguments
createPredefinedUsp - CreatePredefinedUspResult! Create a USP based on a regulation template.
Arguments
createUsp - CreateUspResult! Create a USP.
Arguments
input - CreateUspInput!
deleteUsp - DeleteUspResult! Delete one or more USPs.
Arguments
input - DeleteUspInput!
removeSecurityZonesFromUsp - RemoveSecurityZonesFromUspResult! Remove SecureTrack network zones to an existing USP.
updateUsp - UpdateUspResult! Update a USP.
Arguments
input - UpdateUspInput!
updateUspRequirement - UpdateUspRequirementResult! Create a USP requirement.
Arguments
Example
{
  "addSecurityZonesToUsp": AddSecurityZonesToUspResult,
  "createPredefinedUsp": CreatePredefinedUspResult,
  "createUsp": CreateUspResult,
  "deleteUsp": DeleteUspResult,
  "removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
  "updateUsp": UpdateUspResult,
  "updateUspRequirement": UpdateUspRequirementResult
}

UspQuery

Description

Query for Usp objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Usp objects matching the specified filter.
values - [Usp!]! A list of Usp objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Usp]}

UspRequirement

Description

The requirements that apply to a specific USP matched entity (typically a source zone and a destination zone), that will be enforced by this rule.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String This property is not supported for this entity.
restrictions - UspRestrictions A set of properties that make up a restriction for a specific USP matched entity (typically a source zone and a destination zone). To be compliant, a rule must meet all restrictions.
severity - ViolationSeverity The severity (low, medium, high, critical) of a rule violation.
usp - BasicUspInfo
uspRequirementDescription - String Description of the USP requirement.
zoneToZoneUspRequirementMatcher - ZoneToZoneUspRequirementMatcher This describes matching criteria for USP requirement.
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "id": "4",
  "name": "xyz789",
  "restrictions": UspRestrictions,
  "severity": "CRITICAL",
  "usp": BasicUspInfo,
  "uspRequirementDescription": "xyz789",
  "zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}

UspRequirementQuery

Description

Query for UspRequirement objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of UspRequirement objects matching the specified filter.
values - [UspRequirement!]! A list of UspRequirement objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [UspRequirement]}

UspRestriction

Description

A condition to be enforced on security rules.

Fields
Field Name Description
restrictionType - RestrictionType Restriction type.
Example
{"restrictionType": "DESTINATION_IPS_MAX_COUNT"}

UspRestrictions

Description

A set of properties that make up a restriction for a specific matched entity (typically a source zone and a destination zone) in a USP. To be compliant, a rule must meet all USP restrictions.

Fields
Field Name Description
destinationIpsMaxCountRestriction - PropertyUspRestriction Maximum number of IP address allowed in the rule's destination.
explicitDestinationRestriction - PropertyUspRestriction Rules must have an explicit destination, not the ANY value.
explicitServiceRestriction - PropertyUspRestriction Rules must have an explicit service, not the ANY value.
explicitSourceRestriction - PropertyUspRestriction Rules must have an explicit source, not the ANY value.
flowUspRestriction - FlowUspRestriction Flow restriction (Host to Host, Subnet to Host, or Host to Subnet).
lastHitMaxValRestriction - PropertyUspRestriction Maximum number of days in which the rule must have had a hit.
mandatoryCommentRestriction - PropertyUspRestriction Rules must have text in the comment field.
mandatoryLogRestriction - PropertyUspRestriction Rules must be configured to create log entries.
servicesMaxCountRestriction - PropertyUspRestriction Maximum number of services allowed.
sourceIpsMaxCountRestriction - PropertyUspRestriction Maximum number of IP address allowed in the rule's source.
trafficUspRestriction - TrafficUspRestriction Traffic access that is permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all).
Example
{
  "destinationIpsMaxCountRestriction": PropertyUspRestriction,
  "explicitDestinationRestriction": PropertyUspRestriction,
  "explicitServiceRestriction": PropertyUspRestriction,
  "explicitSourceRestriction": PropertyUspRestriction,
  "flowUspRestriction": FlowUspRestriction,
  "lastHitMaxValRestriction": PropertyUspRestriction,
  "mandatoryCommentRestriction": PropertyUspRestriction,
  "mandatoryLogRestriction": PropertyUspRestriction,
  "servicesMaxCountRestriction": PropertyUspRestriction,
  "sourceIpsMaxCountRestriction": PropertyUspRestriction,
  "trafficUspRestriction": TrafficUspRestriction
}

UspRestrictionsInput

Description

USP restriction (UspRestriction).

Fields
Input Field Description
destinationIpsMaxCountRestriction - PropertyUspRestrictionInput

Defines the maximum IPs addresses allowed by a rule's destination field.

explicitDestinationRestriction - PropertyUspRestrictionInput

Defines that a rule destination field must contain only explicit objects.

explicitServiceRestriction - PropertyUspRestrictionInput

Defines that a rule services field must have contain explicit objects.

explicitSourceRestriction - PropertyUspRestrictionInput

Defines that a rule source field must contain only explicit objects.

flowUspRestriction - FlowUspRestrictionInput

Flow restriction.

lastHitMaxValRestriction - PropertyUspRestrictionInput

Defines how many days a rule could not get passed by any traffic.

mandatoryCommentRestriction - PropertyUspRestrictionInput

Enforces comment in rules.

mandatoryLogRestriction - PropertyUspRestrictionInput

Enforces logging in rules.

servicesMaxCountRestriction - PropertyUspRestrictionInput

Defines the maximum services allowed in a rule's services field.

sourceIpsMaxCountRestriction - PropertyUspRestrictionInput

Defines the maximum IP addresses allowed by a rule's source field.

trafficUspRestriction - TrafficUspRestrictionInput

Traffic restriction.

Example
{
  "destinationIpsMaxCountRestriction": PropertyUspRestrictionInput,
  "explicitDestinationRestriction": PropertyUspRestrictionInput,
  "explicitServiceRestriction": PropertyUspRestrictionInput,
  "explicitSourceRestriction": PropertyUspRestrictionInput,
  "flowUspRestriction": FlowUspRestrictionInput,
  "lastHitMaxValRestriction": PropertyUspRestrictionInput,
  "mandatoryCommentRestriction": PropertyUspRestrictionInput,
  "mandatoryLogRestriction": PropertyUspRestrictionInput,
  "servicesMaxCountRestriction": PropertyUspRestrictionInput,
  "sourceIpsMaxCountRestriction": PropertyUspRestrictionInput,
  "trafficUspRestriction": TrafficUspRestrictionInput
}

UspRiskAnalysisTask

Description

Calculation results of a Risk Analysis task. Permission requires

Fields
Field Name Description
changed - DateTime The date that the task entity was last changed.
errors - [AccessRequestError!] AccessRequestErrors occurred during calculation.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

id - ID! Task ID.
isCompleted - Boolean True when all of the task's access requests calculations are completed.
name - String This property is not supported.
processedAccessRequests - [String!] List of the the processed access requests in task.
requestsCount - Int Number of access requests in task.
timestamp - DateTime The date and time that the task was created.
violations - [RiskAnalysisViolation!] List of RiskAnalysisViolation representing the violations calculation results of the tasks' access requests. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "changed": "2007-12-03T10:15:30Z",
  "errors": [AccessRequestError],
  "id": 4,
  "isCompleted": false,
  "name": "abc123",
  "processedAccessRequests": ["abc123"],
  "requestsCount": 123,
  "timestamp": "2007-12-03T10:15:30Z",
  "violations": [RiskAnalysisViolation]
}

UspRiskAnalysisTaskQuery

Description

Query for UspRiskAnalysisTask objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of UspRiskAnalysisTask objects matching the specified filter.
values - [UspRiskAnalysisTask!]! A list of UspRiskAnalysisTask objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [UspRiskAnalysisTask]}

UspRuleException

Fields
Field Name Description
appliedToAnyDomain - Boolean Permission requires
approver - String User that approved the UspException. Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
creator - String Username of UspException creator. Permission requires
description - String UspException description.
disabled - Boolean If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires
domain - Domain Permission requires
id - ID! The internal unique identifier for this entity
invalid - Boolean If true, the USP exception is not valid. Permission requires
name - String The name of the entity
rules - [Rule!] Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

ticketId - String SecureChange ticket ID. Permission requires
timeCreated - DateTime Date UspException was created. Permission requires
timeEnd - DateTime Last date that the UspException is active. Permission requires
timeStart - DateTime First date that the UspException is active. Permission requires
usps - [UspCondition!] UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "appliedToAnyDomain": true,
  "approver": "xyz789",
  "changed": "2007-12-03T10:15:30Z",
  "creator": "xyz789",
  "description": "abc123",
  "disabled": false,
  "domain": Domain,
  "id": 4,
  "invalid": false,
  "name": "xyz789",
  "rules": [Rule],
  "ticketId": "abc123",
  "timeCreated": "2007-12-03T10:15:30Z",
  "timeEnd": "2007-12-03T10:15:30Z",
  "timeStart": "2007-12-03T10:15:30Z",
  "usps": [UspCondition]
}

UspTrafficException

Fields
Field Name Description
appliedToAnyDomain - Boolean Permission requires
approver - String User that approved the UspException. Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
creator - String Username of UspException creator. Permission requires
description - String UspException description.
destinationEntities - [NetworkObject!] Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

destinations - [String!] Condition on RuleViolations' destinations - list of IPs/subnets. The condition is satisfied if destinations intersect with RuleViolation destinations. Permission requires
disabled - Boolean If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires
domain - Domain Permission requires
id - ID! The internal unique identifier for this entity
invalid - Boolean If true, the USP exception is not valid. Permission requires
name - String The name of the entity
servicesAndApplications - ServicesAndApplicationsCondition ServicesAndApplicationsCondition on RuleViolations' services and applications. The condition is satisfied if either services or applications intersect with RuleViolation. Permission requires
sourceEntities - [NetworkObject!] Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

sources - [String!] Condition on RuleViolations' sources - list of IPs/subnets. The condition is satisfied if sources intersect with RuleViolation sources. Permission requires
ticketId - String SecureChange ticket ID. Permission requires
timeCreated - DateTime Date UspException was created. Permission requires
timeEnd - DateTime Last date that the UspException is active. Permission requires
timeStart - DateTime First date that the UspException is active. Permission requires
usps - [UspCondition!] UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "appliedToAnyDomain": false,
  "approver": "abc123",
  "changed": "2007-12-03T10:15:30Z",
  "creator": "xyz789",
  "description": "xyz789",
  "destinationEntities": [AccessRole],
  "destinations": ["abc123"],
  "disabled": false,
  "domain": Domain,
  "id": "4",
  "invalid": false,
  "name": "abc123",
  "servicesAndApplications": ServicesAndApplicationsCondition,
  "sourceEntities": [AccessRole],
  "sources": ["abc123"],
  "ticketId": "abc123",
  "timeCreated": "2007-12-03T10:15:30Z",
  "timeEnd": "2007-12-03T10:15:30Z",
  "timeStart": "2007-12-03T10:15:30Z",
  "usps": [UspCondition]
}

VM

Description

A virtual machine (VM) is a software program or operating system that not only exhibits the behavior of a separate computer, but is also capable of performing tasks such as running applications and programs like a separate computer

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
nics - [NIC!] Collection of virtual network interface cards. The emulation of a physical network adapters (NICs)
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

state - VMTufinState
subnets - [Subnet!] Collection of sub-networks
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "ipAddresses": [IpAddress],
  "name": "xyz789",
  "nics": [NIC],
  "state": "NOT_RUNNING",
  "subnets": [Subnet],
  "system": BasicSystem,
  "version": 987
}

VMTufinState

Values
Enum Value Description

NOT_RUNNING

RUNNING

Example
"NOT_RUNNING"

VendorName

Description

Device vendor name

Values
Enum Value Description

AMAZON

Amazon.com, Inc.

BARRACUDA

Barracuda

CHECKPOINT

Check Point software technologies

CISCO

Cisco Systems

FORCEPOINT

FORTINET

Fortinet

GOOGLE

Google Cloud Platform (GCP)

JUNIPER

Juniper Networks, Inc.

MICROSOFT

Microsoft Corporation

PALO_ALTO

Palo Alto Networks

UNKNOWN

Fallback value for unknown vendors

VMWARE

VMware, Inc.

ZSCALER

Zscaler
Example
"AMAZON"

VersionStatus

Description

The progress status of a specific version of changes (IN_PROGRESS, COMPLETED, or ERROR).

Fields
Field Name Description
apiV1VersionId - String The internal unique identifier of the version in the legacy API.
created - DateTime The date and time that the version was created.
status - ProgressStatus The progress status of the version processing.
steps - [StepStatus!] The progress status of each version-related calculation.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

versionId - Int! A sequential number assigned to each change to identify the order in which changes were made.
Example
{
  "apiV1VersionId": "abc123",
  "created": "2007-12-03T10:15:30Z",
  "status": "COMPLETED",
  "steps": [StepStatus],
  "versionId": 123
}

ViolationOrigin

Description

This defines policy and device that the violating securityPolicies are installed on.

Fields
Field Name Description
securityPolicy - SecurityPolicy SecurityPolicy that the rule evaluates.
violatingDevice - BasicDevice Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on.
Example
{
  "securityPolicy": SecurityPolicy,
  "violatingDevice": BasicDevice
}

ViolationSeverity

Description

Level of risk of the violation.

Values
Enum Value Description

CRITICAL

The violation is critical.

HIGH

The violation is very risky.

LOW

The violation is not risky.

MEDIUM

The violation is not very risky.
Example
"CRITICAL"

Visibility

Description

Entity visibility definition.

Values
Enum Value Description

PUBLIC

Visible for all participants.
Example
"PUBLIC"

VpnCommunity

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "system": BasicSystem,
  "version": 987
}

VpnPredefinedValue

Description

Predefined values for VPN entities of type Any

Values
Enum Value Description

ALL_COMMUNITIES

Any VPN community

ALL_GWTOGW

Any gateway to gateway VPN

ANY_VPN

Any VPN
Example
"ALL_COMMUNITIES"

WorkFlowType

Description

The type of workflow.

Values
Enum Value Description

DECOMMISSION_RULES

Decommission rules.

MODIFY_RULES

Modify rules.

RECERTIFY_RULES

Recertify rules.
Example
"DECOMMISSION_RULES"

Zone

Description

Group of one or more interfaces or networks

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
zoneType - ZoneType Device specific zone type
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987,
  "zoneType": "ZONE_LAYER2"
}

ZoneManualMappingInput

Description

Updates the mapping of the SecureTrack network zones for a specific interface and ZoneMappingType

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the mapping of the device will be updated for All Domains. False indicates that the mapping will be updated only for the specified domain.

deviceId - IdString!

The Device ID

domain - IdString

The ID of the domain that the mapping will be updated for. Note: If appliedToAnyDomain is set to True this value is ignored.

interfaceId - IdString!

The Interface ID

mappingType - ZoneMappingType!

The ZoneMappingType value

zonesIds - [ZoneMappingMutationsInput!]!

List of SecureTrack network zone IDs that are manually mapped to the interface and the specified ZoneMappingType

Example
{
  "appliedToAnyDomain": false,
  "deviceId": IdString,
  "domain": IdString,
  "interfaceId": IdString,
  "mappingType": "DIRECTLY_CONNECTED",
  "zonesIds": [ZoneMappingMutationsInput]
}

ZoneManualMappingResult

Description

Returns the status result when updating the mapping of SecureTrack network zones for a specific interface and ZoneMappingType

Fields
Field Name Description
resultStatus - ResultStatus! Status of the request to update the mapping of SecureTrack network zones for a specific interface and ZoneMappingType
Example
{"resultStatus": ResultStatus}

ZoneMappingActionType

Description

The action to perform on the zone mapping

Values
Enum Value Description

ADD

Add a zone to the zone mapping

DELETE

Delete a zone from the zone mapping

EXCLUDE

Exclude a zone from the zone mapping
Example
"ADD"

ZoneMappingInput

Description

Mapping between the regulation zone to the SecureTrack network zone.

Fields
Input Field Description
appliedToAnyDomain - Boolean
domain - IdString
predefinedZoneName - Name!

Regulation's zone name.

securityZoneId - IdString!

SecureTrack network zone ID.

Example
{
  "appliedToAnyDomain": false,
  "domain": IdString,
  "predefinedZoneName": Name,
  "securityZoneId": IdString
}

ZoneMappingMutation

Description

The ZoneMappingMutation entity enables you to add, update, or delete the mapping of SecureTrack network zones to a Device

Fields
Field Name Description
updateDeviceInclusionInCalculation - UpdateDeviceInclusionInCalculationResult! Update whether the Device is included in the violation calculation
updateMappings - ZoneManualMappingResult! Update the mapping of SecureTrack network zones for a specific interface and ZoneMappingType
Arguments
updateProtectionMode - UpdateProtectionModeResult! Update the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface.
Arguments
Example
{
  "updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
  "updateMappings": ZoneManualMappingResult,
  "updateProtectionMode": UpdateProtectionModeResult
}

ZoneMappingMutationsInput

Fields
Input Field Description
action - ZoneMappingActionType!
securityZoneId - IdString!
Example
{"action": "ADD", "securityZoneId": IdString}

ZoneMappingType

Description

The ZoneMappingType identifies whether the connection is a direct connection between two devices, or is routed through multiple devices

Values
Enum Value Description

DIRECTLY_CONNECTED

Zones are directly connected to the interface

ROUTE

Zones have a connection that is routed through multiple devices
Example
"DIRECTLY_CONNECTED"

ZonePair

Description

Either or both - fromZone or toZone may be empty. An empty zone is considered as 'all' zones in the given usp.

Fields
Field Name Description
fromZone - SecurityZone SecureTrack zone.
toZone - SecurityZone SecureTrack zone.
Example
{
  "fromZone": SecurityZone,
  "toZone": SecurityZone
}

ZonePairInput

Fields
Input Field Description
fromZone - IdString
toZone - IdString
Example
{
  "fromZone": IdString,
  "toZone": IdString
}

ZonePredefinedValue

Description

Predefined values to define Any zone

Values
Enum Value Description

ANY_ZONE

Any zone
Example
"ANY_ZONE"

ZoneToZoneUspRequirementMatcher

Description

The USP pair (source zone, destination zone) that the USP requirement applies to.

Fields
Field Name Description
destination - SecurityZone The destination zone.
source - SecurityZone The source zone.
Example
{
  "destination": SecurityZone,
  "source": SecurityZone
}

ZoneType

Description

Device specific zone type

Values
Enum Value Description

ZONE_LAYER2

Zone of layer 2 trunk ports

ZONE_LAYER3

Zone of layer 3 trunk ports

ZONE_TUNNEL

Zone of VPN tunnels
Example
"ZONE_LAYER2"

ZonesRelation

Description

Zone relation definition on device side

Values
Enum Value Description

INTERZONE

External zone

INTRAZONE

Internal zone

UNIVERSAL

Zone with not defined relation
Example
"INTERZONE"

countsOrderBy

Values
Enum Value Description

COUNT

GROUP

Example
"COUNT"

orderDirection

Values
Enum Value Description

ASC

DESC

Example
"ASC"