SecureTrack Aurora GraphQL API Documentation R23-2-PRC1

Below you can find examples and references for our GraphQL schema

- Link to SecureTrack REST API Documentation
- Link to SecureTrack GraphQL Overview

Queries

auth

Description

Query over all 'auth' related information in session

Response

Returns an AuthQuery

Example

Query
query auth {
  auth {
    sessionUser {
      ...SessionUserFragment
    }
  }
}
Response
{"data": {"auth": {"sessionUser": SessionUser}}}

devices

Description

Query over Device objects.

Response

Returns a DeviceQuery

Arguments
Name Description
filter - String TQL query to filter for matching Device entities. Please refer to the TQL documentation. Default = ""

Example

Query
query devices($filter: String) {
  devices(filter: $filter) {
    count
    values {
      ...DeviceFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"devices": {"count": {}, "values": [Device]}}}

devicesStatus

Description

Query over DeviceStatus objects.

Response

Returns a DeviceStatusQuery

Arguments
Name Description
filter - String TQL query to filter for matching DeviceStatus entities. Please refer to the TQL documentation. Default = ""

Example

Query
query devicesStatus($filter: String) {
  devicesStatus(filter: $filter) {
    count
    values {
      ...DeviceStatusFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "devicesStatus": {
      "count": {},
      "values": [DeviceStatus]
    }
  }
}

domains

Description

Query over Domain objects.

Response

Returns a DomainQuery

Arguments
Name Description
filter - String TQL query to filter for matching Domain entities. Please refer to the TQL documentation. Default = ""

Example

Query
query domains($filter: String) {
  domains(filter: $filter) {
    count
    values {
      ...DomainFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"domains": {"count": {}, "values": [Domain]}}}

getUsps

Response

Returns [Usp]

Example

Query
query getUsps {
  getUsps {
    appliedToAnyDomain
    changed
    description
    differentZonesDefaultRestrictions {
      ...UspRestrictionsFragment
    }
    domain {
      ...DomainFragment
    }
    id
    name
    requirements {
      ...UspRequirementFragment
    }
    sameZoneDefaultRestrictions {
      ...UspRestrictionsFragment
    }
    securityZones {
      ...SecurityZoneFragment
    }
  }
}
Response
{
  "data": {
    "getUsps": [
      {
        "appliedToAnyDomain": false,
        "changed": "2007-12-03T10:15:30Z",
        "description": "abc123",
        "differentZonesDefaultRestrictions": UspRestrictions,
        "domain": Domain,
        "id": "4",
        "name": "abc123",
        "requirements": [UspRequirement],
        "sameZoneDefaultRestrictions": UspRestrictions,
        "securityZones": [SecurityZone]
      }
    ]
  }
}

interfaces

Description

Query over Interface objects.

Response

Returns an InterfaceQuery

Arguments
Name Description
filter - String TQL query to filter for matching Interface entities. Please refer to the TQL documentation. Default = ""

Example

Query
query interfaces($filter: String) {
  interfaces(filter: $filter) {
    count
    values {
      ...InterfaceFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "interfaces": {"count": {}, "values": [Interface]}
  }
}

networkObjects

Description

Query over NetworkObject objects.

Response

Returns a NetworkObjectQuery

Arguments
Name Description
filter - String TQL query to filter for matching NetworkObject entities. Please refer to the TQL documentation. Default = ""

Example

Query
query networkObjects($filter: String) {
  networkObjects(filter: $filter) {
    count
    values {
      ... on AccessRole {
        ...AccessRoleFragment
      }
      ... on Fqdn {
        ...FqdnFragment
      }
      ... on Group {
        ...GroupFragment
      }
      ... on Host {
        ...HostFragment
      }
      ... on InternetService {
        ...InternetServiceFragment
      }
      ... on IpRange {
        ...IpRangeFragment
      }
      ... on LdapUser {
        ...LdapUserFragment
      }
      ... on LocalUser {
        ...LocalUserFragment
      }
      ... on Location {
        ...LocationFragment
      }
      ... on NIC {
        ...NICFragment
      }
      ... on OtherObject {
        ...OtherObjectFragment
      }
      ... on Subnet {
        ...SubnetFragment
      }
      ... on UrlCategory {
        ...UrlCategoryFragment
      }
      ... on VM {
        ...VMFragment
      }
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "networkObjects": {
      "count": {},
      "values": [AccessRole]
    }
  }
}

opmAgents

Description

Query over OPMAgent objects.

Response

Returns an OPMAgentQuery

Arguments
Name Description
filter - String TQL query to filter for matching OPMAgent entities. Please refer to the TQL documentation. Default = ""

Example

Query
query opmAgents($filter: String) {
  opmAgents(filter: $filter) {
    count
    values {
      ...OPMAgentFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "opmAgents": {"count": {}, "values": [OPMAgent]}
  }
}

rules

Description

Query over Rule objects.

Response

Returns a RuleQuery

Arguments
Name Description
filter - String TQL query to filter for matching Rule entities. Please refer to the TQL documentation. Default = ""

Example

Query
query rules($filter: String) {
  rules(filter: $filter) {
    count
    counts {
      ...CountsResultFragment
    }
    values {
      ...RuleFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "rules": {
      "count": {},
      "counts": [CountsResult],
      "values": [Rule]
    }
  }
}

securityZones

Description

Query over SecurityZone objects.

Response

Returns a SecurityZoneQuery

Arguments
Name Description
filter - String TQL query to filter for matching SecurityZone entities. Please refer to the TQL documentation. Default = ""

Example

Query
query securityZones($filter: String) {
  securityZones(filter: $filter) {
    count
    values {
      ...SecurityZoneFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "securityZones": {
      "count": {},
      "values": [SecurityZone]
    }
  }
}

systems

Description

Query over System objects.

Response

Returns a SystemQuery

Arguments
Name Description
filter - String TQL query to filter for matching System entities. Please refer to the TQL documentation. Default = ""

Example

Query
query systems($filter: String) {
  systems(filter: $filter) {
    count
    values {
      ...SystemFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"systems": {"count": {}, "values": [System]}}}

trend

Description

Query over trend. ##version Query over versions information.

Response

Returns a TrendResult!

Arguments
Name Description
input - TrendQueryInput!

Example

Query
query trend($input: TrendQueryInput!) {
  trend(input: $input) {
    resultStatus {
      ...ResultStatusFragment
    }
    timedCounts {
      ...TimedCountFragment
    }
  }
}
Variables
{"input": TrendQueryInput}
Response
{
  "data": {
    "trend": {
      "resultStatus": ResultStatus,
      "timedCounts": [TimedCount]
    }
  }
}

userTQLSearches

Description

Query over UserTQLSearch objects.

Response

Returns an UserTQLSearchQuery

Arguments
Name Description
filter - String TQL query to filter for matching UserTQLSearch entities. Please refer to the TQL documentation. Default = ""

Example

Query
query userTQLSearches($filter: String) {
  userTQLSearches(filter: $filter) {
    count
    values {
      ...UserTQLSearchFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "userTQLSearches": {
      "count": {},
      "values": [UserTQLSearch]
    }
  }
}

userWorkflows

Description

Query over UserWorkflow objects.

Response

Returns a UserWorkflowsQuery!

Example

Query
query userWorkflows {
  userWorkflows {
    resultStatus {
      ...ResultStatusFragment
    }
    values {
      ...UserWorkflowFragment
    }
  }
}
Response
{
  "data": {
    "userWorkflows": {
      "resultStatus": ResultStatus,
      "values": [UserWorkflow]
    }
  }
}

users

Description

Query over User objects.

Response

Returns a UserQuery

Arguments
Name Description
filter - String TQL query to filter for matching User entities. Please refer to the TQL documentation. Default = ""

Example

Query
query users($filter: String) {
  users(filter: $filter) {
    count
    values {
      ...UserFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"users": {"count": {}, "values": [User]}}}

uspAlertConfigs

Description

Query over UspAlertConfig objects.

Response

Returns an UspAlertConfigQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspAlertConfig entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspAlertConfigs($filter: String) {
  uspAlertConfigs(filter: $filter) {
    count
    values {
      ...UspAlertConfigFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspAlertConfigs": {
      "count": {},
      "values": [UspAlertConfig]
    }
  }
}

uspExceptions

Description

Query over UspException objects.

Response

Returns an UspExceptionQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspException entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspExceptions($filter: String) {
  uspExceptions(filter: $filter) {
    count
    values {
      ...UspExceptionFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspExceptions": {
      "count": {},
      "values": [UspException]
    }
  }
}

uspRequirements

Description

Query over UspRequirement objects.

Response

Returns an UspRequirementQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspRequirement entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspRequirements($filter: String) {
  uspRequirements(filter: $filter) {
    count
    values {
      ...UspRequirementFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspRequirements": {
      "count": {},
      "values": [UspRequirement]
    }
  }
}

uspRiskAnalysisTask

Description

Query over UspRiskAnalysisTask objects.

Response

Returns an UspRiskAnalysisTaskQuery

Arguments
Name Description
filter - String TQL query to filter for matching UspRiskAnalysisTask entities. Please refer to the TQL documentation. Default = ""

Example

Query
query uspRiskAnalysisTask($filter: String) {
  uspRiskAnalysisTask(filter: $filter) {
    count
    values {
      ...UspRiskAnalysisTaskFragment
    }
  }
}
Variables
{"filter": ""}
Response
{
  "data": {
    "uspRiskAnalysisTask": {
      "count": {},
      "values": [UspRiskAnalysisTask]
    }
  }
}

usps

Description

Query over Usp objects.

Response

Returns an UspQuery

Arguments
Name Description
filter - String TQL query to filter for matching Usp entities. Please refer to the TQL documentation. Default = ""

Example

Query
query usps($filter: String) {
  usps(filter: $filter) {
    count
    values {
      ...UspFragment
    }
  }
}
Variables
{"filter": ""}
Response
{"data": {"usps": {"count": {}, "values": [Usp]}}}

version

Response

Returns a VersionQuery!

Example

Query
query version {
  version {
    entityChanges {
      ...EntityChangesQueryFragment
    }
    entityVersions {
      ...EntityVersionsQueryFragment
    }
  }
}
Response
{
  "data": {
    "version": {
      "entityChanges": EntityChangesQuery,
      "entityVersions": EntityVersionsQuery
    }
  }
}

zones

Response

Returns [Zone!]!

Example

Query
query zones {
  zones {
    changed
    comment
    device {
      ...BasicDeviceFragment
    }
    id
    name
    system {
      ...BasicSystemFragment
    }
    version
    zoneType
  }
}
Response
{
  "data": {
    "zones": [
      {
        "changed": "2007-12-03T10:15:30Z",
        "comment": "xyz789",
        "device": BasicDevice,
        "id": "4",
        "name": "abc123",
        "system": BasicSystem,
        "version": 987,
        "zoneType": "ZONE_LAYER2"
      }
    ]
  }
}

Mutations

riskAnalysis

Response

Returns a RiskAnalysisMutation!

Example

Query
mutation riskAnalysis {
  riskAnalysis {
    createUspRiskAnalysisTask {
      ...CreateUspRiskAnalysisTaskResultFragment
    }
  }
}
Response
{
  "data": {
    "riskAnalysis": {
      "createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
    }
  }
}

ruleOperations

Response

Returns a RuleOperationsMutation!

Example

Query
mutation ruleOperations {
  ruleOperations {
    createTicketDraft {
      ...CreateTicketDraftResultFragment
    }
  }
}
Response
{
  "data": {
    "ruleOperations": {
      "createTicketDraft": CreateTicketDraftResult
    }
  }
}

ruleUserData

Response

Returns a RuleUserDataMutation!

Example

Query
mutation ruleUserData {
  ruleUserData {
    createTicket {
      ...CreateTicketResultFragment
    }
    deleteTickets {
      ...DeleteTicketsResultFragment
    }
    updateRuleAutomationAttribute {
      ...UpdateRuleAutomationAttributeResultFragment
    }
    updateRuleDescription {
      ...UpdateRuleDescriptionResultFragment
    }
    updateRuleTechnicalOwner {
      ...UpdateRuleTechnicalOwnerResultFragment
    }
    updateTicket {
      ...UpdateTicketResultFragment
    }
  }
}
Response
{
  "data": {
    "ruleUserData": {
      "createTicket": CreateTicketResult,
      "deleteTickets": DeleteTicketsResult,
      "updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
      "updateRuleDescription": UpdateRuleDescriptionResult,
      "updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
      "updateTicket": UpdateTicketResult
    }
  }
}

system

Response

Returns a SystemMutation!

Example

Query
mutation system {
  system {
    createSystem {
      ...CreateSystemResultFragment
    }
    deleteSystem {
      ...DeleteSystemResultFragment
    }
    updateSystem {
      ...UpdateSystemResultFragment
    }
  }
}
Response
{
  "data": {
    "system": {
      "createSystem": CreateSystemResult,
      "deleteSystem": DeleteSystemResult,
      "updateSystem": UpdateSystemResult
    }
  }
}

userTQLSearch

Response

Returns an UserTQLSearchMutation!

Example

Query
mutation userTQLSearch {
  userTQLSearch {
    changeUserTQLSearchesOwner {
      ...ChangeUserTQLSearchesOwnerResultFragment
    }
    createUserTQLSearch {
      ...CreateUserTQLSearchResultFragment
    }
    deleteUserTQLSearch {
      ...DeleteUserTQLSearchResultFragment
    }
    updateUserTQLSearch {
      ...UpdateUserTQLSearchResultFragment
    }
  }
}
Response
{
  "data": {
    "userTQLSearch": {
      "changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
      "createUserTQLSearch": CreateUserTQLSearchResult,
      "deleteUserTQLSearch": DeleteUserTQLSearchResult,
      "updateUserTQLSearch": UpdateUserTQLSearchResult
    }
  }
}

usp

Response

Returns an UspMutation!

Example

Query
mutation usp {
  usp {
    addSecurityZonesToUsp {
      ...AddSecurityZonesToUspResultFragment
    }
    createPredefinedUsp {
      ...CreatePredefinedUspResultFragment
    }
    createUsp {
      ...CreateUspResultFragment
    }
    deleteUsp {
      ...DeleteUspResultFragment
    }
    removeSecurityZonesFromUsp {
      ...RemoveSecurityZonesFromUspResultFragment
    }
    updateUsp {
      ...UpdateUspResultFragment
    }
    updateUspRequirement {
      ...UpdateUspRequirementResultFragment
    }
  }
}
Response
{
  "data": {
    "usp": {
      "addSecurityZonesToUsp": AddSecurityZonesToUspResult,
      "createPredefinedUsp": CreatePredefinedUspResult,
      "createUsp": CreateUspResult,
      "deleteUsp": DeleteUspResult,
      "removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
      "updateUsp": UpdateUspResult,
      "updateUspRequirement": UpdateUspRequirementResult
    }
  }
}

uspAlertConfig

Response

Returns an AlertConfigMutation!

Example

Query
mutation uspAlertConfig {
  uspAlertConfig {
    createUspAlertConfig {
      ...CreateUspAlertConfigResultFragment
    }
    deleteAlertConfig {
      ...DeleteAlertConfigResultFragment
    }
    updateUspAlertConfig {
      ...UpdateUspAlertConfigResultFragment
    }
  }
}
Response
{
  "data": {
    "uspAlertConfig": {
      "createUspAlertConfig": CreateUspAlertConfigResult,
      "deleteAlertConfig": DeleteAlertConfigResult,
      "updateUspAlertConfig": UpdateUspAlertConfigResult
    }
  }
}

uspException

Response

Returns an UspExceptionMutation!

Example

Query
mutation uspException {
  uspException {
    addRulesToRuleException {
      ...AddRulesToRuleExceptionResultFragment
    }
    createUspRuleException {
      ...CreateUspRuleExceptionResultFragment
    }
    createUspTrafficException {
      ...CreateUspTrafficExceptionResultFragment
    }
    deleteUspExceptions {
      ...DeleteUspExceptionResultFragment
    }
    updateUspRuleException {
      ...UpdateUspRuleExceptionResultFragment
    }
    updateUspTrafficException {
      ...UpdateUspTrafficExceptionResultFragment
    }
  }
}
Response
{
  "data": {
    "uspException": {
      "addRulesToRuleException": AddRulesToRuleExceptionResult,
      "createUspRuleException": CreateUspRuleExceptionResult,
      "createUspTrafficException": CreateUspTrafficExceptionResult,
      "deleteUspExceptions": DeleteUspExceptionResult,
      "updateUspRuleException": UpdateUspRuleExceptionResult,
      "updateUspTrafficException": UpdateUspTrafficExceptionResult
    }
  }
}

zoneMapping

Response

Returns a ZoneMappingMutation!

Example

Query
mutation zoneMapping {
  zoneMapping {
    updateDeviceInclusionInCalculation {
      ...UpdateDeviceInclusionInCalculationResultFragment
    }
    updateMappings {
      ...ZoneManualMappingResultFragment
    }
    updateProtectionMode {
      ...UpdateProtectionModeResultFragment
    }
  }
}
Response
{
  "data": {
    "zoneMapping": {
      "updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
      "updateMappings": ZoneManualMappingResult,
      "updateProtectionMode": UpdateProtectionModeResult
    }
  }
}

Types

AccessRequestActionType

Description

The action of the access request. Equivalent to a security rule action.

Values
Enum Value Description

ALLOW

Allow all traffic.

DENY

Deny all traffic.
Example
"ALLOW"

AccessRequestApplicationInput

Fields
Input Field Description
name - String!
nonDefaultPorts - Boolean
services - [ServiceExpressionString!]
Example
{
  "name": "abc123",
  "nonDefaultPorts": true,
  "services": [ServiceExpressionString]
}

AccessRequestApplicationPredefinedValue

Values
Enum Value Description

ANY_APPLICATION

Example
"ANY_APPLICATION"

AccessRequestDomainInput

Fields
Input Field Description
id - IdString
runCalculationOnAppliedToAnyDomainUsps - Boolean!
Example
{
  "id": IdString,
  "runCalculationOnAppliedToAnyDomainUsps": false
}

AccessRequestError

Fields
Field Name Description
accessRequestId - String
errorType - ErrorType
message - String
Example
{
  "accessRequestId": "xyz789",
  "errorType": "CLASS_A_IN_TOPOLOGY",
  "message": "xyz789"
}

AccessRequestInput

Description

Represents a traffic access request to be checked for violation of any of the configured USPs.

Fields
Input Field Description
actionType - AccessRequestActionType!

AccessRequestActionType of the access request.

applicationPredefinedValue - AccessRequestApplicationPredefinedValue

Predefined value of ApplicationPredefinedValue type for the access request applications. If this value is set, the list of applications should not be configured.

applications - [AccessRequestApplicationInput!]

List of AccessRequestApplication that represents the access request applications.

destinationDomain - AccessRequestDomainInput

The access request destination AccessRequestDomain.

destinationPredefinedValue - AccessRequestNetworkPredefinedValue

Predefined value of NetworkPredefinedValue type for the access request destination. If this value is set, the list of destinations should not be configured.

destinationZones - [IdString!]

List of SecureTrack zones that represent the access request destination zones.

destinations - [NetworkObjectTrafficInput!]

List of NetworkObjectTraffic that represents the access request destinations.

id - FreeText!
servicePredefinedValue - AccessRequestServicePredefinedValue

Predefined value of ServicePredefinedValue type for the access request services. If this value is set, the list of services should not be configured.

services - [ServiceExpressionString!]

List of ServiceTraffic that represents the access request services.

sourceDomain - AccessRequestDomainInput

The access request source AccessRequestDomain.

sourcePredefinedValue - AccessRequestNetworkPredefinedValue

Predefined value of NetworkPredefinedValue type for the access request source. If this value is set, the list of sources should not be configured.

sourceZones - [IdString!]

List of SecureTrack zones that represent the access request source zones.

sources - [NetworkObjectTrafficInput!]

List of NetworkObjectTraffic that represents the access request sources.

useTopology - Boolean

Use topology to determine access request domains if the source zone is not the destination zone of the access request.

Example
{
  "actionType": "ALLOW",
  "applicationPredefinedValue": "ANY_APPLICATION",
  "applications": [AccessRequestApplicationInput],
  "destinationDomain": AccessRequestDomainInput,
  "destinationPredefinedValue": "ANY",
  "destinationZones": [IdString],
  "destinations": [NetworkObjectTrafficInput],
  "id": FreeText,
  "servicePredefinedValue": "ANY_SERVICE",
  "services": [ServiceExpressionString],
  "sourceDomain": AccessRequestDomainInput,
  "sourcePredefinedValue": "ANY",
  "sourceZones": [IdString],
  "sources": [NetworkObjectTrafficInput],
  "useTopology": false
}

AccessRequestNetworkPredefinedValue

Values
Enum Value Description

ANY

ANY_IPV4

ANY_IPV6

Example
"ANY"

AccessRequestServicePredefinedValue

Values
Enum Value Description

ANY_SERVICE

Example
"ANY_SERVICE"

AccessRole

Description

Set of permitted objects

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
networks - [NetworkObject!] List of network objects this access role has right to see
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

networksPredefinedValue - NetworkPredefinedValue Could be any network, IPv4 only network or IPv6 only network
system - BasicSystem The system (root device) that this entity belongs to
users - [UserValue!] List of users this access role has been assigned for
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

usersPredefinedValue - UserPredefinedValue Predefined values to define well known user behavior
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "name": "abc123",
  "networks": [AccessRole],
  "networksPredefinedValue": "ANY_IPV4_NETWORK",
  "system": BasicSystem,
  "users": [Group],
  "usersPredefinedValue": "ALL_IDENTIFY",
  "version": 987
}

AddRulesToRuleExceptionInput

Fields
Input Field Description
id - IdString!
rulesIds - [IdString!]!
Example
{
  "id": IdString,
  "rulesIds": [IdString]
}

AddRulesToRuleExceptionResult

Fields
Field Name Description
id - ID
resultStatus - ResultStatus!
Example
{"id": 4, "resultStatus": ResultStatus}

AddSecurityZonesToUspInput

Description

Adding SecureTrack network zones to an existing USP.

Fields
Input Field Description
securityZonesIds - [IdString!]!

SecureTrack network zones IDs.

uspId - IdString!

USP ID.

Example
{
  "securityZonesIds": [IdString],
  "uspId": IdString
}

AddSecurityZonesToUspResult

Description

Returns the status results when adding SecureTrack network zones to an existing USP.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to add SecureTrack network zones to an existing USP.
Example
{"resultStatus": ResultStatus}

AlertConfigMutation

Description

The AlertConfigMutation entity lets you create, update or delete USP alerts. For a full list of configuration options see the createUspAlertConfig and updateUspAlertConfig entities.

Fields
Field Name Description
createUspAlertConfig - CreateUspAlertConfigResult! Create a USP alert.
Arguments
deleteAlertConfig - DeleteAlertConfigResult! Delete a USP alert.
Arguments
updateUspAlertConfig - UpdateUspAlertConfigResult! Update a USP alert.
Arguments
Example
{
  "createUspAlertConfig": CreateUspAlertConfigResult,
  "deleteAlertConfig": DeleteAlertConfigResult,
  "updateUspAlertConfig": UpdateUspAlertConfigResult
}

Application

Description

Network application.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
services - [Service!] TCP/IP services of the application.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "name": "abc123",
  "services": [IcmpService],
  "system": BasicSystem,
  "version": 987
}

ApplicationPredefinedValue

Description

Predefined values to define Any application

Values
Enum Value Description

ANY_APPLICATION

Any application
Example
"ANY_APPLICATION"

ApplicationString

Description

An application string. Must be a predefined application. Input as a String literal, for example, 'Facebook'

Example
ApplicationString

ApplicationUsage

Description

Object which represents usage information of applications on the rule

Fields
Field Name Description
application - RuleApplicationValue The identity of an application
timeLastHit - DateTime Represents time when traffic was recorded for the application
Example
{
  "application": Application,
  "timeLastHit": "2007-12-03T10:15:30Z"
}

AppliedToObjectsPredefinedValue

Description

Predefined values for "AppliedToObjects"

Values
Enum Value Description

ANY

Any object

NONE

No object
Example
"ANY"

AuthQuery

Description

A container for authentication-related information (such as principles) from the current session context.

Fields
Field Name Description
sessionUser - SessionUser The current principle user in session.
Example
{"sessionUser": SessionUser}

AutomationAttribute

Description

Determines the way that Designer and Verifier will relate to the legacy rule that is being modified.

Values
Enum Value Description

LEGACY

Designer and Verifier will treat the specified legacy rule as a shadowed rule when making recommendations or verifying access.

STEALTH

Designer and Verifier will treat the specified rule as a stealth rule when making recommendations or verifying access.
Example
"LEGACY"

BasicDevice

Description

A dependent device. Each device is assigned to a unique System device.

Fields
Field Name Description
cannotHaveRules - Boolean True indicates that the device has no rules
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
deviceType - DeviceType Type of this device
displayName - String Name of this device
domain - Domain The domains of the device
id - ID! The internal unique identifier for this entity
model - ModelName Model of this device
name - String The name of the entity
parent - Device Device or system parent device
root - Boolean True indicates that this device is the topmost device in the hierarchy
system - BasicSystem The system (root device) that this entity belongs to
vendor - VendorName Vendor type of this device
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "cannotHaveRules": true,
  "comment": "abc123",
  "device": BasicDevice,
  "deviceType": "CLOUD_VIRTUAL_NETWORK",
  "displayName": "xyz789",
  "domain": Domain,
  "id": 4,
  "model": "ASA",
  "name": "xyz789",
  "parent": Device,
  "root": true,
  "system": BasicSystem,
  "vendor": "AMAZON",
  "version": 987
}

BasicRuleUspExceptionInfo

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{
  "description": "abc123",
  "id": "4",
  "name": "abc123"
}

BasicSystem

Description

Root device that manages the dependent devices

Fields
Field Name Description
id - ID! The internal unique identifier for this entity
model - ModelName Model of this device
modelDisplayName - String Model name of this device
monitoredByOPMAgent - Boolean True indicates that the system monitored by OPM agent
name - String The name of the entity
vendor - VendorName Vendor type of this device
Example
{
  "id": "4",
  "model": "ASA",
  "modelDisplayName": "abc123",
  "monitoredByOPMAgent": false,
  "name": "xyz789",
  "vendor": "AMAZON"
}

BasicUspExceptionInfo

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{
  "description": "xyz789",
  "id": "4",
  "name": "xyz789"
}

BasicUspExceptionInfoForRiskAnalysis

Description

The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).

Fields
Field Name Description
description - String UspException description.
id - ID! The internal unique identifier for this entity.
name - String UspException unique name.
Example
{
  "description": "xyz789",
  "id": 4,
  "name": "xyz789"
}

BasicUspInfo

Description

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Fields
Field Name Description
appliedToAnyDomain - Boolean
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP.
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
Example
{
  "appliedToAnyDomain": true,
  "description": "abc123",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": "4",
  "name": "xyz789",
  "sameZoneDefaultRestrictions": UspRestrictions
}

BasicUspInfoForRiskAnalysis

Description

The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.

Fields
Field Name Description
description - String Description of the USP.
differentZonesDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for different zones in source and destination.
domain - Domain Domain of the USP.
id - ID! The internal unique identifier for this entity
name - String Name of the USP.
sameZoneDefaultRestrictions - UspRestrictions Configures default restrictions on security rules for the same zone in source and destination.
Example
{
  "description": "abc123",
  "differentZonesDefaultRestrictions": UspRestrictions,
  "domain": Domain,
  "id": 4,
  "name": "xyz789",
  "sameZoneDefaultRestrictions": UspRestrictions
}

Boolean

Description

The Boolean scalar type represents true or false.

Example
true

Certification

Fields
Field Name Description
status - CertificationStatus The status of the rule (certified, decertified)
timeCertified - DateTime The date the rule certification expires, after which, it must be reviewed and recertified
timeExpiration - DateTime The date that the certification decision was implemented
Example
{
  "status": "CERTIFIED",
  "timeCertified": "2007-12-03T10:15:30Z",
  "timeExpiration": "2007-12-03T10:15:30Z"
}

CertificationStatus

Description

The status of the rule (certified/decertified)

Values
Enum Value Description

CERTIFIED

Rule status is certified (has a business justification)

DECERTIFIED

Rule status is not certified (does not have a business justification)
Example
"CERTIFIED"

ChangeDetails

Description

The details of the change

Fields
Field Name Description
changeType - ChangeType The type of change. Possible values: added, removed or modified
fieldName - String The name of the field that has changed
fieldType - String! The type of field. Possible values: boolean, string, object
originValue - String The original value of the field, before the change
relatedEntity - EntityData Used for object fields only, otherwise NULL
value - String! The value of the field after the change
Example
{
  "changeType": "ADDED",
  "fieldName": "abc123",
  "fieldType": "xyz789",
  "originValue": "abc123",
  "relatedEntity": EntityData,
  "value": "abc123"
}

ChangeType

Values
Enum Value Description

ADDED

MODIFIED

REMOVED

Example
"ADDED"

ChangeUserTQLSearchesOwnerInput

Description

Change the owner of multiple TQL queries in bulk. Input can be either source owner, or a list of query IDs, but not both.

Fields
Input Field Description
ids - [IdString!]

IDs of the queries

sourceOwnerId - IdString

The current owner of the queries

targetOwnerId - IdString!

The future owner of the queries

Example
{
  "ids": [IdString],
  "sourceOwnerId": IdString,
  "targetOwnerId": IdString
}

ChangeUserTQLSearchesOwnerResult

Description

Returns the status results when changing the owner of multiple TQL queries

Fields
Field Name Description
ids - [ID!] IDs of the updated queries
resultStatus - ResultStatus! Result of the operation
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

CountsResult

Description

The number of entities matching a filter, grouped by selected fields.

Fields
Field Name Description
count - Long Number of entities returned for the group.
group - [String!] Parameters used to group the entity.
Example
{"count": {}, "group": ["xyz789"]}

CreateDraftInvalidRuleReason

Description

The possible reasons for rules to be invalid for creating a SecureChange ticket

Values
Enum Value Description

DEVICE_NO_USER_PERMISSIONS_SC

Rule is associated with a device that the user does not have permission to manage in SecureChange

DEVICE_NO_USER_PERMISSIONS_ST

Rule is associated with a device that the user does not have permission to manage in SecureTrack

RULE_ALREADY_HAS_TICKET_IN_PROGRESS

The rule already has a ticket in progress

RULE_MIGHT_BE_INHERITED

This rule, or another rule in the request from the same device, is inherited

RULE_MODIFICATION_NOT_SUPPORTED_ON_DEVICE

Rule belongs to a device that does not support rule modification

RULE_NOT_FOUND

The requested rule ID is not found

UNSET

Example
"DEVICE_NO_USER_PERMISSIONS_SC"

CreatePredefinedUspInput

Description

Create a predefined USP from known regulation templates. The supported regulations are:

  • PCI
  • NERC CIPV5
  • ISO 27001
  • NIST 800-53
  • Tufin's Best Practices
  • Tufin's Advanced Best Practices
Fields
Input Field Description
appliedToAnyDomain - Boolean!
description - FreeText

USP description.

domain - IdString
name - Name!

USP name.

type - PredefinedUspType!

Regulation type.

zoneMappings - [ZoneMappingInput!]!

Mapping between the regulation zones from the template to the SecureTrack network zones to be enforced by the created USP.

Example
{
  "appliedToAnyDomain": true,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "type": "ADVANCED_BEST_PRACTICES",
  "zoneMappings": [ZoneMappingInput]
}

CreatePredefinedUspResult

Description

Returns the status results when creating a new predefined USP.

Fields
Field Name Description
id - ID Newly created USP ID.
resultStatus - ResultStatus! Status of request to create a new USP.
Example
{"id": 4, "resultStatus": ResultStatus}

CreateSystemInput

Description

Create system request input

Fields
Input Field Description
appliedToAnyDomain - Boolean

This property is not currently supported

domain - IdString

This property is not currently supported

ipAddress - IpAddressString

IP address

model - ModelName!

Model of this device

modelDisplayName - FreeText!

Model name of this device

name - Name!

System name

opmAgentId - FreeText!

Open policy management (OPM) agent ID

properties - [SystemFieldValueInput!]

System properties

vendor - VendorName!

Vendor type of this device

Example
{
  "appliedToAnyDomain": true,
  "domain": IdString,
  "ipAddress": IpAddressString,
  "model": "ASA",
  "modelDisplayName": FreeText,
  "name": Name,
  "opmAgentId": FreeText,
  "properties": [SystemFieldValueInput],
  "vendor": "AMAZON"
}

CreateSystemResult

Description

Create system request output

Fields
Field Name Description
id - ID Application internal ID of created system
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateTicketDraftInput

Description

Create a ticket draft in SecureChange

Fields
Input Field Description
decommissionRulesAction - DecommissionRulesAction

Supported actions are: “disable rules” and “remove rules”

dryRun - Boolean

If set to True, SecureChange will not create a ticket draft, will only return the result of input validation

ruleUids - [IdString!]!

List of rule UIDs to create the ticket for

subject - Name

The subject for the ticket draft

workflowName - Name

The name of SecureChange workflow used to create the ticket

workflowType - WorkFlowType!

The type of workflow (RECERTIFY_RULES, DECOMMISSION_RULES or MODIFY_RULES)

Example
{
  "decommissionRulesAction": "DISABLE_RULES",
  "dryRun": false,
  "ruleUids": [IdString],
  "subject": Name,
  "workflowName": Name,
  "workflowType": "DECOMMISSION_RULES"
}

CreateTicketDraftResult

Description

Returns the status results when creating a ticket draft

Fields
Field Name Description
invalidRules - [InvalidRule!]! List of the rules that are invalid for creating a ticket, and the reason that they are invalid
resultStatus - ResultStatus! Status of the request to create ticket draft
validRuleUids - [ID!] List of the rules that are valid for creating a ticket, out of the rules in the request
Example
{
  "invalidRules": [InvalidRule],
  "resultStatus": ResultStatus,
  "validRuleUids": ["4"]
}

CreateTicketInput

Description

Create a ticket for a rule.

Fields
Input Field Description
businessOwner - FreeText

Business owner name for a rule.

comment - FreeText

Comment for a ticket.

email - EmailAddress

Business owner Email address for a rule.

expirationDate - DateTime

Expiration date for a ticket.

externalUrl - URL

External URL for a ticket.

originTicketId - FreeText

ID information for a ticket, only required if a SecureChange ticket is linked.

ruleIds - [IdString!]!

List of affected rule IDs.

secureChangeTicket - Boolean

Mark as true if the ticket is a SecureChange ticket.

Example
{
  "businessOwner": FreeText,
  "comment": FreeText,
  "email": "[email protected]",
  "expirationDate": "2007-12-03T10:15:30Z",
  "externalUrl": "http://www.test.com/",
  "originTicketId": FreeText,
  "ruleIds": [IdString],
  "secureChangeTicket": true
}

CreateTicketResult

Description

Returns the status results when creating a ticket for a rule.

Fields
Field Name Description
modifiedRules - [ModifiedRule!]! List of affected rules.
resultStatus - ResultStatus! Result of the create ticket operation.
Example
{
  "modifiedRules": [ModifiedRule],
  "resultStatus": ResultStatus
}

CreateUserTQLSearchInput

Fields
Input Field Description
appliedToAnyDomain - Boolean!

If true, the query belongs to the 'All Domains' context

description - FreeText

Description of the query

domain - IdString

Domain in which the query was saved

name - Name!

Name of the query

public - Boolean!

If true, the query is public

query - String!

TQL expression saved as part of the query

type - TQLSearchType!

The Entity returned by the query

Example
{
  "appliedToAnyDomain": true,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "public": false,
  "query": "xyz789",
  "type": "RULE"
}

CreateUserTQLSearchResult

Description

Create and save a TQL query

Fields
Field Name Description
id - ID Application internal ID of created TQL query
resultStatus - ResultStatus! Result of the operation
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateUspAlertConfigInput

Description

Create a USP alert.

Fields
Input Field Description
allDevices - Boolean!

If set to True, the devicesIds field is ignored and this alert applies to all devices.

allUsps - Boolean!

If set to True, the uspId field is ignored and this alert applies to all USPs.

appliedToAnyDomain - Boolean!

If set to True, the domain field should be empty and this alert applies to all domains.

description - FreeText

Alert description.

devicesIds - [IdString!]

This alert applies only for the specified devices. Add a list Device IDs.

disabled - Boolean!

Set to true to disable this alert.

domain - IdString

This alert will be configured in the specified domain. Add a single domain ID only.

externalRecipientsEmails - [EmailAddress!]

Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users.

name - Name!

Alert name.

recipientsIds - [IdString!]

Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user.

severities - [ViolationSeverity!]!

This alert is sent for violations of all the selected severities.

syslogEnabled - Boolean!

Set to True if syslog the alert should also be sent via syslog.

uspId - IdString

This alert applies only to the specified USP. Add a single USP ID only.

Example
{
  "allDevices": false,
  "allUsps": false,
  "appliedToAnyDomain": true,
  "description": FreeText,
  "devicesIds": [IdString],
  "disabled": false,
  "domain": IdString,
  "externalRecipientsEmails": [
    "[email protected]"
  ],
  "name": Name,
  "recipientsIds": [IdString],
  "severities": ["CRITICAL"],
  "syslogEnabled": false,
  "uspId": IdString
}

CreateUspAlertConfigResult

Description

Returns the status results when creating a new USP alert .

Fields
Field Name Description
id - ID ID of the new alert.
resultStatus - ResultStatus! Status of request to create a new USP alert.
Example
{
  "id": "4",
  "resultStatus": ResultStatus
}

CreateUspInput

Description

Create a USP.

Fields
Input Field Description
appliedToAnyDomain - Boolean!
description - FreeText

USP description.

domain - IdString
name - Name!

USP name.

securityZonesIds - [IdString!]

SecureTrack network zones IDs to be used by the USP.

Example
{
  "appliedToAnyDomain": true,
  "description": FreeText,
  "domain": IdString,
  "name": Name,
  "securityZonesIds": [IdString]
}

CreateUspResult

Description

Returns the status results when creating a new USP.

Fields
Field Name Description
id - ID Newly created USP ID.
resultStatus - ResultStatus! Status of request to create a new USP.
Example
{"id": 4, "resultStatus": ResultStatus}

CreateUspRiskAnalysisTaskInput

Description

Create a new UspRiskAnalysisTask for risk analysis calculation.

Fields
Input Field Description
accessRequests - [AccessRequestInput!]!

List of AccessRequestInputs for risk analysis calculations.

runCalculationOnAllUsps - Boolean!

If true, calculation will run on all USPs in all domains, otherwise, it will run on USPs that are configured on the domains for the specified source and destination.

Example
{
  "accessRequests": [AccessRequestInput],
  "runCalculationOnAllUsps": true
}

CreateUspRiskAnalysisTaskResult

Description

Returns the status results when creating a new UspRiskAnalysisTask.

Fields
Field Name Description
resultStatus - ResultStatus! ResultStatus of the request to create a new risk analysis task.
taskId - ID The created task ID. The ID is used for querying for the calculation result of UspRiskAnalysisTask.
Example
{
  "resultStatus": ResultStatus,
  "taskId": "4"
}

CreateUspRuleExceptionInput

Description

Create a rule UspException.

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.

approver - FreeText

User that approved the rule UspException.

creator - FreeText

User that created the rule UspException .

description - FreeText

Rule UspException description.

disabled - Boolean!

Set to true to disable this rule UspException. When disabled, rule UspException will have no impact on RuleViolations.

domain - IdString

The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored.

endDate - Date

Last date that the rule UspException is active.

name - Name!

Rule UspException name.

rules - RuleExceptionConditionInput!

RulesConditionInput of the UspException.

startDate - Date

First date that the rule UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]

List of UspExceptionConditionInput.

Example
{
  "appliedToAnyDomain": true,
  "approver": FreeText,
  "creator": FreeText,
  "description": FreeText,
  "disabled": true,
  "domain": IdString,
  "endDate": "2007-12-03",
  "name": Name,
  "rules": RuleExceptionConditionInput,
  "startDate": "2007-12-03",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

CreateUspRuleExceptionResult

Description

Returns the status results when creating a new rule UspException.

Fields
Field Name Description
id - ID Newly created rule UspException ID.
resultStatus - ResultStatus! Status of request to create a new rule UspException.
Example
{"id": 4, "resultStatus": ResultStatus}

CreateUspTrafficExceptionInput

Description

Create a traffic UspException.

Fields
Input Field Description
appliedToAnyDomain - Boolean!

True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.

approver - FreeText

User that approved the traffic UspException.

creator - FreeText

User that created the traffic UspException .

description - FreeText

Traffic UspException description.

destinationEntityIds - [IdString!]

Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group.

destinations - [IpAddressString!]

Destination condition - list of IPs/subnets.

disabled - Boolean!

Set to true to disable this traffic UspException. When disabled, traffic UspException will have no impact on RuleViolations.

domain - IdString

The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored.

endDate - Date

Last date that the traffic UspException is active.

name - Name!

Traffic UspException name.

servicesAndApplications - ServiceAndApplicationConditionInput

List of ServiceAndApplicationConditionInput.

sourceEntityIds - [IdString!]

Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group.

sources - [IpAddressString!]

Source condition - list of IPs/subnets.

startDate - Date

First date that the traffic UspException is active.

ticketId - FreeText

SecureChange ticket ID.

usps - [UspExceptionConditionInput!]

List of UspExceptionConditionInput.

Example
{
  "appliedToAnyDomain": false,
  "approver": FreeText,
  "creator": FreeText,
  "description": FreeText,
  "destinationEntityIds": [IdString],
  "destinations": [IpAddressString],
  "disabled": false,
  "domain": IdString,
  "endDate": "2007-12-03",
  "name": Name,
  "servicesAndApplications": ServiceAndApplicationConditionInput,
  "sourceEntityIds": [IdString],
  "sources": [IpAddressString],
  "startDate": "2007-12-03",
  "ticketId": FreeText,
  "usps": [UspExceptionConditionInput]
}

CreateUspTrafficExceptionResult

Description

Returns the status results when creating a new traffic UspException.

Fields
Field Name Description
id - ID Newly created traffic UspException ID.
resultStatus - ResultStatus! Status of request to create a new traffic UspException.
Example
{"id": 4, "resultStatus": ResultStatus}

Date

Description

An RFC-3339 compliant Full Date Scalar

Example
"2007-12-03"

DateTime

Description

An RFC-3339 compliant DateTime Scalar

Example
"2007-12-03T10:15:30Z"

DecommissionRulesAction

Values
Enum Value Description

DISABLE_RULES

REMOVE_RULES

Example
"DISABLE_RULES"

DeleteAlertConfigInput

Description

Delete a USP alert.

Fields
Input Field Description
ids - [IdString!]!

IDs of the alerts you want to delete.

Example
{"ids": [IdString]}

DeleteAlertConfigResult

Description

Returns the status results when deleting USP alerts.

Fields
Field Name Description
ids - [String!]
resultStatus - ResultStatus! Status of request to delete USP alerts.
Example
{
  "ids": ["abc123"],
  "resultStatus": ResultStatus
}

DeleteSystemInput

Description

Delete systems request input

Fields
Input Field Description
ids - [IdString!]!

Systems IDs to delete

Example
{"ids": [IdString]}

DeleteSystemResult

Description

Delete system request output

Fields
Field Name Description
resultStatus - ResultStatus! Result of the operation
Example
{"resultStatus": ResultStatus}

DeleteTicketsInput

Description

Delete tickets.

Fields
Input Field Description
ids - [IdString!]!

IDs of the tickets to be deleted.

Example
{"ids": [IdString]}

DeleteTicketsResult

Description

Returns the status results when deleting tickets.

Fields
Field Name Description
ids - [ID!] IDs of the deleted tickets.
resultStatus - ResultStatus! Status of request to delete tickets.
Example
{"ids": [4], "resultStatus": ResultStatus}

DeleteUserTQLSearchInput

Description

Delete saved TQL queries

Fields
Input Field Description
ids - [IdString!]!

IDs of the queries to be deleted

Example
{"ids": [IdString]}

DeleteUserTQLSearchResult

Description

Returns the status results when deleting TQL queries

Fields
Field Name Description
ids - [ID!] IDs of the deleted queries
resultStatus - ResultStatus! Status of request to delete queries
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

DeleteUspExceptionInput

Description

Delete one or more UspExceptions.

Fields
Input Field Description
ids - [IdString!]!

UspException IDs.

Example
{"ids": [IdString]}

DeleteUspExceptionResult

Description

Returns the status results when deleting UspExceptions.

Fields
Field Name Description
ids - [ID!]
resultStatus - ResultStatus! Status of request to delete UspExceptions.
Example
{
  "ids": ["4"],
  "resultStatus": ResultStatus
}

DeleteUspInput

Description

Delete one or multiple USPs.

Fields
Input Field Description
ids - [IdString!]!

USP IDs.

Example
{"ids": [IdString]}

DeleteUspResult

Description

Returns the status results when deleting USPs.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to delete USPs.
Example
{"resultStatus": ResultStatus}

Device

Description

A dependent device. Each device is assigned to a unique System device.

Fields
Field Name Description
cannotHaveRules - Boolean True indicates that the device has no rules Permission requires
changed - DateTime The most recent time that this entity was directly modified Permission requires
comment - String A text comment associated with this entity Permission requires
device - BasicDevice The device that this entity belongs to Permission requires
deviceType - DeviceType Type of this device
displayName - String Name of this device
domain - Domain The domains of the device
domainDeviceConf - [DomainDeviceConf!] List of device domain configurations which are excluded from violation calculations and protection mode Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

id - ID! The internal unique identifier for this entity
model - ModelName Model of this device Permission requires
modelDisplayName - String Model name of this device Permission requires
name - String The name of the entity
nameOnDevice - String Context name of this device Permission requires
parent - Device Device or system parent device Permission requires
root - Boolean True indicates that this device is the topmost device in the hierarchy
swVersion - String Software version of this device Permission requires
system - BasicSystem The system (root device) that this entity belongs to
vendor - VendorName Vendor type of this device
vendorDisplayName - String Vendor name of this device
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "cannotHaveRules": false,
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "deviceType": "CLOUD_VIRTUAL_NETWORK",
  "displayName": "xyz789",
  "domain": Domain,
  "domainDeviceConf": [DomainDeviceConf],
  "id": 4,
  "model": "ASA",
  "modelDisplayName": "xyz789",
  "name": "xyz789",
  "nameOnDevice": "abc123",
  "parent": Device,
  "root": false,
  "swVersion": "xyz789",
  "system": BasicSystem,
  "vendor": "AMAZON",
  "vendorDisplayName": "xyz789",
  "version": 987
}

DeviceQuery

Description

Query for Device objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Device objects matching the specified filter.
values - [Device!]! A list of Device objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Device]}

DeviceStatus

Description

The progress status of the device version processing and calculations (IN_PROGRESS, COMPLETED, or ERROR).

Fields
Field Name Description
apiV1DeviceId - String The internal unique identifier of the device in the legacy API.
changed - DateTime The most recent time that this entity was directly modified Permission requires
device - Device The device that the status applies to. Permission requires
id - ID! The internal unique identifier for this entity
name - String This property is not supported. Permission requires
versions - [VersionStatus!] The versions of the changes on the device. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "apiV1DeviceId": "xyz789",
  "changed": "2007-12-03T10:15:30Z",
  "device": Device,
  "id": "4",
  "name": "xyz789",
  "versions": [VersionStatus]
}

DeviceStatusQuery

Description

Query for DeviceStatus objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of DeviceStatus objects matching the specified filter.
values - [DeviceStatus!]! A list of DeviceStatus objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [DeviceStatus]}

DeviceType

Description

Type of dependant device.

Values
Enum Value Description

CLOUD_VIRTUAL_NETWORK

Public or private cloud virtual network. For example: Microsoft Azure public cloud virtual network.

CLUSTER

Cluster of devices

FIREWALL

Firewall

FIREWALL_GLOBAL_CONTEXT

Device of this type holds global firewall information, like global policy

FIREWALL_VIRTUAL_CONTEXT

Virtual firewall managed by root management device

MANAGEMENT

Device manages other devices.

MANAGEMENT_DOMAIN

Device that represents management domain or scope.

MANAGEMENT_GLOBAL_DOMAIN

Device that represents global domain or scope.

ROUTER

Example
"CLOUD_VIRTUAL_NETWORK"

Direction

Description

Direction.

Values
Enum Value Description

BOTH

Inbound-Outbound direction.

INBOUND

Inbound direction.

OUTBOUND

Outbound direction.
Example
"BOTH"

Domain

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
default - Boolean
id - ID! The internal unique identifier for this entity
name - String The name of the entity
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "default": false,
  "id": 4,
  "name": "abc123"
}

DomainDeviceConf

Description

List of device domain configurations which are excluded from violation calculations and protection mode

Fields
Field Name Description
appliedToAnyDomain - Boolean True indicates that the configuration applies to All Domain. False indicates that the configuration applies to a specific domain. Permission requires
enableProtectionModeChange - Boolean Permission requires
excludedForViolation - Boolean True indicates that the application will not calculate security risks for this device Permission requires
protectionMode - ProtectionMode Identifies how to select network zones available for checking security risks, whether the mode is Connected (the IP address is directly connected) or Routable (the connection is via route table) Permission requires
Example
{
  "appliedToAnyDomain": false,
  "enableProtectionModeChange": false,
  "excludedForViolation": true,
  "protectionMode": "CONNECTED_ZONES"
}

DomainQuery

Description

Query for Domain objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Domain objects matching the specified filter.
values - [Domain!]! A list of Domain objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Domain]}

EmailAddress

Description

An email address

Example
"[email protected]"

EntityChange

Description

The entity change

Fields
Field Name Description
changeDetails - ChangeDetails! The details of the change
changeType - ChangeType The type of change. Possible values: added, removed or modified
changedEntity - EntityData! Details of the changed entity
relationContext - String! The field name or type of component that has changed. Possible values include: source, member, comment
Example
{
  "changeDetails": ChangeDetails,
  "changeType": "ADDED",
  "changedEntity": EntityData,
  "relationContext": "xyz789"
}

EntityChangesInput

Description

The input of the query

Fields
Input Field Description
endVersion - Long!

The version to compare with its previous version

entityId - IdString!

The ID of the entity to which the related changes apply

first - Int

The maximum number of changed entities to return. The default is 500

versionEntityType - VersionEntityType
Example
{
  "endVersion": {},
  "entityId": IdString,
  "first": 987,
  "versionEntityType": "RULE"
}

EntityChangesQuery

Description

Return a list of changes related to an entity

Fields
Field Name Description
changes - [EntityChange!]! List of changes
hasMoreResults - Boolean! More results exist than the value defined in first
resultStatus - ResultStatus! Status of the request
Example
{
  "changes": [EntityChange],
  "hasMoreResults": false,
  "resultStatus": ResultStatus
}

EntityData

Description

The data of the entity

Fields
Field Name Description
displayName - String The display name of the changed entity
id - ID! The ID of the changed entity
type - String! The type of the changed entity. Possible values include: rule, device, group
Example
{
  "displayName": "xyz789",
  "id": 4,
  "type": "xyz789"
}

EntityVersion

Description

Version information for entity

Fields
Field Name Description
apiV1RevisionDeviceId - ID The deviceId of the reported revision (in some cases same revision reported on different devices in hierarchy)
apiV1RevisionNumber - Long The internal unique identifier of the revision in the legacy APIs
changedBy - [String!] List of users who caused the change
changedOnTimestamp - Long The UTC timestamp the entity was last changed
deviceId - ID! The device ID
entityId - ID! The ID of the entity that was changed in the related versions
receivedOnTimestamp - Long! The UTC timestamp the entity was received on
versionId - Long! The version ID
Example
{
  "apiV1RevisionDeviceId": 4,
  "apiV1RevisionNumber": {},
  "changedBy": ["abc123"],
  "changedOnTimestamp": {},
  "deviceId": "4",
  "entityId": "4",
  "receivedOnTimestamp": {},
  "versionId": {}
}

EntityVersionsInput

Description

The EntityVersionsInput displays all versions for a specific entity

Fields
Input Field Description
endDate - DateTime

Result will contain versions with UTC timestamp, in seconds, less than or equal than given

entityId - IdString!

The ID of the entity that was changed in the related versions

startDate - DateTime

Result will contain versions with UTC timestamp, in seconds, greater or equal than given

versionEntityType - VersionEntityType

Specific entity type. If no type is explicitly set, the default type is RULE.

Example
{
  "endDate": "2007-12-03T10:15:30Z",
  "entityId": IdString,
  "startDate": "2007-12-03T10:15:30Z",
  "versionEntityType": "RULE"
}

EntityVersionsQuery

Description

Return the query status and all versions for entity ID

Fields
Field Name Description
count - Long The total count of versions for entity ID
resultStatus - ResultStatus! Status of the request
values - [EntityVersion!]! All versions for entity ID
Arguments
first - Int
offset - Int
orderDirection - OrderDirection
Example
{
  "count": {},
  "resultStatus": ResultStatus,
  "values": [EntityVersion]
}

Error

Fields
Field Name Description
errorCode - String Internal code of error message that indicates that request did not successfully complete.
errorMessage - String Text of message that indicates that request did not successfully complete
Example
{
  "errorCode": "abc123",
  "errorMessage": "xyz789"
}

ErrorType

Values
Enum Value Description

CLASS_A_IN_TOPOLOGY

IP_TYPE_MISMATCH

RUNTIME_ERROR

URL_CATEGORY_NOT_ALLOWED

Example
"CLASS_A_IN_TOPOLOGY"

FlowRestrictionType

Description

The required format of the source and the destination in a rule.

Values
Enum Value Description

HOST_TO_HOST

Rule requirement that both the source and destination are defined by host objects.

HOST_TO_SUBNET

Rule requirement that the source of the traffic flow is defined by host and the destination is defined by subnet objects.

SUBNET_TO_HOST

Rule requirement that the source of the traffic flow is defined by subnet objects and the destination is defined by host.
Example
"HOST_TO_HOST"

FlowUspRestriction

Description

A condition that defines the allowed flow type from one SecureTrack network zone to another (Host to Host, Subnet to Host, or Host to Subnet).

Fields
Field Name Description
flowType - FlowRestrictionType The flow type.
restrictionType - RestrictionType Restriction type.
Example
{"flowType": "HOST_TO_HOST", "restrictionType": "DESTINATION_IPS_MAX_COUNT"}

FlowUspRestrictionInput

Description

Flow USP restriction.

Fields
Input Field Description
flowType - FlowRestrictionType!

Flow type (FlowRestrictionType).

Example
{"flowType": "HOST_TO_HOST"}

Fqdn

Description

Fully qualified domain name. Identifier that fully identifies the resource

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
domainAddress - String Fully qualified domain name
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "domainAddress": "abc123",
  "id": "4",
  "ipAddresses": [IpAddress],
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123
}

FreeText

Description

Free text

Example
FreeText

Group

Description

Network objects group. Contains other network objects

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
exclusionMembers - [GroupMember!] Network objects that must be excluded from this group. For example: particular network objects in included sub-network.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

groupType - GroupType! Group type. For example: NETWORK_WITH_EXCLUSION. See GroupType definition
id - ID! The internal unique identifier for this entity
members - [GroupMember!] Network objects that are direct members of this group
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

membersPredefinedValue - NetworkPredefinedValue Members of type "Any"
membershipCriteria - String The matching criteria of a Security Group can be a security tag, and a workload that is tagged can be automatically placed into a Security Group
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "exclusionMembers": [AccessRole],
  "groupType": "APPLICATION",
  "id": 4,
  "members": [AccessRole],
  "membersPredefinedValue": "ANY_IPV4_NETWORK",
  "membershipCriteria": "abc123",
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123
}

GroupMember

GroupType

Description

Network objects group type.

Values
Enum Value Description

APPLICATION

The group containing network applications.

DYNAMIC_GROUP

A dynamic address group uses tags as a filtering criteria to determine its members.

LOCATION

The group containing locations.

MICRO_SEGMENTED_GROUP

The group containing vendor specific objects. For example: network interface cards (NIC).

NETWORK

The group containing networks.

NETWORK_WITH_EXCLUSION

The group containing networks with exclusions.

SECURITY_PROFILE

The group containing security profiles.

SERVICE

The group containing TCP/IP services.

USER

The group containing users.

ZONE_INTERSECTABLE_MICRO_SEGMENTED_GROUP

Example
"APPLICATION"

HasIP

Description

An object that has an IP address field.

Fields
Field Name Description
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipType - IpType The IP address this object has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
Possible Types
HasIP Types

Host

Subnet

Example
{"ip": "xyz789", "ipType": "IPV4"}

Host

Description

Computer or other device connected to a computer network.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ip - String The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291).
ipAddresses - [IpAddress!] List of additional IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

ipType - IpType The IP address this host has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "ip": "xyz789",
  "ipAddresses": [IpAddress],
  "ipType": "IPV4",
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

ID

Description

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Example
4

IcmpService

Description

ICMP service

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
icmpCode - Int ICMP code number for a particular ICMP type
id - ID! The internal unique identifier for this entity
maxIcmpType - Int The last ICMP type number in range, including
minIcmpType - Int The first ICMP type number in range, including
name - String The name of the entity
negated - Boolean Rule will use all ICMP types, except specified in minIcmpType and maxIcmpType in case this value is true
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "icmpCode": 987,
  "id": 4,
  "maxIcmpType": 123,
  "minIcmpType": 123,
  "name": "xyz789",
  "negated": true,
  "system": BasicSystem,
  "version": 123
}

IdString

Description

ID type

Example
IdString

InstallationTargetPredefinedValue

Description

Predefined values for installation target of type Any

Values
Enum Value Description

ANY_IT

Any installation target
Example
"ANY_IT"

Int

Description

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.

Example
987

Interface

Description

The Interface entity shows the current configuration of an interface and the information received from the device.

Fields
Field Name Description
autoMappingDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

autoMappingRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

changed - DateTime The time and date the interface was last changed. Permission requires
comment - String This property is not supported. Permission requires
device - BasicDevice The Device ID that the interface is connected to. Interfaces are only associated with gateways. Permission requires
id - ID! The interface ID.
ipAddresses - [IpAddress!] The IP addresses of the interface. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualAddedDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualAddedRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualExcludedDirectlyConnectedZones - [SecurityZone!] List of SecureTrack network zone IDs that are directly connected to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

manualExcludedRouteableZones - [SecurityZone!] List of SecureTrack network zone IDs that are connected through a route to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The interface name.
system - BasicSystem The system ID that the interface is related to. Permission requires
version - Int! The last version ID that was received for the interface.
zone - Zone The ID of the SecureTrack network zone that the interface is associated with. Permission requires
Example
{
  "autoMappingDirectlyConnectedZones": [SecurityZone],
  "autoMappingRouteableZones": [SecurityZone],
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "ipAddresses": [IpAddress],
  "manualAddedDirectlyConnectedZones": [SecurityZone],
  "manualAddedRouteableZones": [SecurityZone],
  "manualExcludedDirectlyConnectedZones": [SecurityZone],
  "manualExcludedRouteableZones": [SecurityZone],
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123,
  "zone": Zone
}

InterfaceQuery

Description

Query for Interface objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Interface objects matching the specified filter.
values - [Interface!]! A list of Interface objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [Interface]}

InternetService

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": "4",
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123
}

InvalidRule

Description

Rule that is invalid for creating a ticket

Fields
Field Name Description
reason - CreateDraftInvalidRuleReason! The reason that the rule is invalid
ruleUid - ID The rule UID
Example
{"reason": "DEVICE_NO_USER_PERMISSIONS_SC", "ruleUid": 4}

IpAddress

Description

IP address

Fields
Field Name Description
ip - String IP address
ipType - IpType The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is.
precedence - Precedence IP address placement definition
subnetMask - String Sub-network mask
visibility - Visibility IP address visibility definition
Example
{
  "ip": "abc123",
  "ipType": "IPV4",
  "precedence": "SECONDARY",
  "subnetMask": "xyz789",
  "visibility": "PUBLIC"
}

IpAddressString

Description

The IP address. It will either take the form of an IPv4 (as specified in RFC 794) or IPv6 (as specified in RFC 4291).

Example
IpAddressString

IpRange

Description

Set of IP addresses defined by first and last IP address.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipType - IpType The IP addresses this range has can be of different types (e.g. IPv4, IPv6). This field specifies which type they are.
maxIp - String The last IP address, including.
minIp - String The first IP address, including.
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "ipType": "IPV4",
  "maxIp": "xyz789",
  "minIp": "abc123",
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

IpService

Description

TCP/IP service

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
maxProtocol - Int The last protocol number in range, including
minProtocol - Int The first protocol number in range, including
name - String The name of the entity
negated - Boolean Rule will use all service protocols, except specified in minProtocol and maxProtocol in case this value is true
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "maxProtocol": 987,
  "minProtocol": 123,
  "name": "abc123",
  "negated": true,
  "system": BasicSystem,
  "version": 123
}

IpType

Description

The IP type.

Values
Enum Value Description

IPV4

IPv4 IP type.

IPV4_IPV6

Either IPv4 or IPv6.

IPV6

IPv6 IP type.

OTHER

Neither IPV4 nor IPV6
Example
"IPV4"

LdapUser

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
dn - String LDAP user identifier
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "dn": "abc123",
  "id": 4,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 987
}

LocalUser

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123
}

Location

Description

Locations identify the various networks from which your organization sends its internet traffic. When an organization forwards its traffic to the Zscaler service through a GRE or IPSec tunnel, Zscaler provisions your organization's IP addresses, which you then add as locations in the ZIA Admin Portal.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
ports - [Int!] Proxy ports
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "ipAddresses": [IpAddress],
  "name": "abc123",
  "ports": [987],
  "system": BasicSystem,
  "version": 987
}

LogProfile

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "name": "abc123",
  "system": BasicSystem,
  "version": 123
}

Long

Description

Long type

Example
{}

ModelName

Description

Device model name.

Values
Enum Value Description

ASA

Cisco ASA

AWS_ACCOUNT

Amazon AWS public cloud management, contains account information

AWS_VPC

Amazon AWS public cloud "virtual public cloud"

AZURE_ACCOUNT

Microsoft Azure public cloud management, contains account information

AZURE_FIREWALL

AZURE_POLICY

AZURE_ROOT_POLICY

AZURE_VNET

Microsoft Azure public cloud virtual network

CMA

Check Point CMA.

FMC

Cisco Firepower Managemet Center

FORTIGATE

Fortinet firewall

FORTIMANAGER

Fortinet management device

FTD

GCP_PROJECT

GCP Project management, contains project information

GCP_VPC

GCP virtual private cloud

IOS_XE_SDWAN

MDS

Check Point MDS

MERAKI_ACCOUNT

Cisco Meraki Account

MERAKI_NETWORK

Cisco Meraki Network

MERAKI_ORGANIZATION

Cisco Meraki Organization

MX

Mx

NETSCREEN

Netscreen

NEXUS

Cisco Nexus

PANORAMA

Palo Alto management device

PANOS

Palo Alto Firewall

ROUTER

Cisco router

SMART_CENTER

Check Point Smart center

SMART_ONE

SRX

Srx

STONESOFT

UNKNOWN

Unknown, not supported, device.

VMWARE_NSX_DISTRIBUTED_FIREWALL

VMware NSX distributed firewall

VMWARE_NSX_EDGE

VMware NSX Edge

VMWARE_NSX_MANAGEMENT

VMware NSX management

ZSCALER_INTERNET_ACCESS

Zscaler Internet Access
Example
"ASA"

ModifiedRule

Description

The rule that is associated with the ticket that is created.

Fields
Field Name Description
createdTicketId - ID! ID of the created ticket.
ruleId - ID! ID of the affected rule.
Example
{
  "createdTicketId": "4",
  "ruleId": "4"
}

NIC

Description

The emulation of a physical network adapter (NIC)

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
ipAddresses - [IpAddress!] List of IP addresses
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

name - String The name of the entity
subnet - Subnet Sub-network that this NIC belongs to
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "ipAddresses": [IpAddress],
  "name": "abc123",
  "subnet": Subnet,
  "system": BasicSystem,
  "version": 987
}

Name

Description

An entity name

Example
Name

Negatable

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
Example
{"negated": true}

NetworkObject

Example
AccessRole

NetworkObjectQuery

Description

Query for NetworkObject objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of NetworkObject objects matching the specified filter.
values - [NetworkObject!]! A list of NetworkObject objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [AccessRole]}

NetworkObjectTraffic

Fields
Field Name Description
ip - String
microSegmentedName - String
Example
{
  "ip": "xyz789",
  "microSegmentedName": "abc123"
}

NetworkObjectTrafficInput

Description

Represents a traffic network object. Can contain any one of the following: ip, microSegmentName or urlCategory.

Fields
Input Field Description
ip - IpAddressString

Represents ip address of traffic network object.

microSegmentedName - FreeText

Represents a security group name.

urlCategory - UrlCategoryInput

Represents a URL category.

Example
{
  "ip": IpAddressString,
  "microSegmentedName": FreeText,
  "urlCategory": UrlCategoryInput
}

NetworkPredefinedValue

Description

Definition for network of type Any.

Values
Enum Value Description

ANY_IPV4_NETWORK

Any IPv4 network.

ANY_IPV6_NETWORK

Any IPv6 network.

ANY_NETWORK

Any IPv4 or IPv6 network.
Example
"ANY_IPV4_NETWORK"

Node

Description

An API entity. This interface carries the most basic information about an entity.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "id": 4,
  "name": "abc123"
}

OPMAgent

Description

Open policy management (OPM) agent definition Permission requires

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
id - ID! The internal unique identifier for this entity
name - String The name of the entity
opmAgentId - String OPM agent ID
systemProperties - [SystemProperties!] System specific text fields
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

vendor - VendorName Vendor type of this device
vendorDisplayName - String Vendor name of this device
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "id": 4,
  "name": "abc123",
  "opmAgentId": "abc123",
  "systemProperties": [SystemProperties],
  "vendor": "AMAZON",
  "vendorDisplayName": "xyz789"
}

OPMAgentQuery

Description

Query for OPMAgent objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of OPMAgent objects matching the specified filter.
values - [OPMAgent!]! A list of OPMAgent objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{"count": {}, "values": [OPMAgent]}

OntologicalBaseEntity

Description

A base interface shared by all entities that are reported as part of a device's configuration

Fields
Field Name Description
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "comment": "xyz789",
  "device": BasicDevice,
  "id": 4,
  "name": "xyz789",
  "system": BasicSystem,
  "version": 123
}

OrderDirection

Values
Enum Value Description

ASC

DESC

Example
"ASC"

OtherObject

Description

Network object that does not have TOS known type.

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
objectType - String Custom type textual representation.
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "device": BasicDevice,
  "id": 4,
  "name": "xyz789",
  "objectType": "abc123",
  "system": BasicSystem,
  "version": 987
}

OtherService

Description

Service that does not have TOS known type

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
id - ID! The internal unique identifier for this entity
name - String The name of the entity
serviceType - String Custom type textual representation
system - BasicSystem The system (root device) that this entity belongs to
version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "id": "4",
  "name": "xyz789",
  "serviceType": "abc123",
  "system": BasicSystem,
  "version": 123
}

Permission

Description

A system function grant

Fields
Field Name Description
name - String The unique name of the grant
type - String The type of the grant - READ | WRITE | RESOURCE
Example
{
  "name": "abc123",
  "type": "abc123"
}

PermissivenessScoreLevel

Description

Permissiveness level of rule's data.

Values
Enum Value Description

HIGH

High permissiveness level. Rule allows access for too much network traffic.

LOW

Low permissiveness level. Rule allows very small network traffic.

MEDIUM

Medium permissiveness level. Rule allows not much network traffic.
Example
"HIGH"

Precedence

Description

Placement definition

Values
Enum Value Description

SECONDARY

Secondary IP address
Example
"SECONDARY"

PredefinedUspType

Description

The set of predefined templates of USP definitions. Each predefined template type is aimed at a different compliance setting and defines a different set of zone roles.

Values
Enum Value Description

ADVANCED_BEST_PRACTICES

Defines the following zones:

  • Corporate
  • DMZ
  • Internet

BEST_PRACTICES

Defines the following zones:

  • Internet
  • DataCenter
  • PM
  • RnD
  • Sales

ISO_27001

Information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Provides best practice recommendations on information security management—the management of information risks through information security controls. Defines the following zones:

  • Corporate
  • NOC-MGMT
  • DMZ-DB
  • DMZ-NOC
  • DMZ-PUB
  • Extranet-Partners
  • DMZ-Partners
  • Internet
  • Int-IP

NERC_CIPv5

The NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) version 5 standards are designed to secure the assets required for operating North America’s Bulk Electric System (BES). Defines the following zones:

  • EACMS
  • PACS
  • Control Center
  • Substation
  • Corporate
  • DMZ
  • Internet

NIST_800_53

PCI

The Payment Card Industry Data Security Standard (PCI DSS). An information security standard for organizations that handle credit cards from the major card schemes. Defines the following zones:

  • Corporate
  • DMZ
  • Internet
  • PCI Applications
  • PCI Data
  • PCI Web
  • Wireless Networks
Example
"ADVANCED_BEST_PRACTICES"

ProgressStatus

Description

Progress status

Values
Enum Value Description

COMPLETED

Completed

ERROR

Error

IN_PROGRESS

In progress
Example
"COMPLETED"

PropertyUspRestriction

Description

A condition that defines rules related properties of RestrictionTypes:

  • MANDATORY_COMMENT
  • MANDATORY_LOG
  • LAST_HIT_MAX_VAL
  • SOURCE_IPS_MAX_COUNT
  • DESTINATION_IPS_MAX_COUNT
  • SERVICES_MAX_COUNT
  • EXPLICIT_SOURCE
  • EXPLICIT_DESTINATION
  • EXPLICIT_SERVICE
Fields
Field Name Description
restrictionType - RestrictionType Restriction type.
value - Int

A field that defines numeric related properties, of RestrictionTypes:

  • LAST_HIT_MAX_VAL
  • SOURCE_IPS_MAX_COUNT
  • DESTINATION_IPS_MAX_COUNT
  • SERVICES_MAX_COUNT
Example
{"restrictionType": "DESTINATION_IPS_MAX_COUNT", "value": 987}

PropertyUspRestrictionInput

Description

Property USP restriction (PropertyUspRestriction).

Fields
Input Field Description
value - Int

The numeric related property.

Example
{"value": 123}

ProtectionMode

Description

Describes how to select network zones available for checking security risks.

Values
Enum Value Description

CONNECTED_ZONES

Violation will be calculated on zones that are directly connected to the interface

ROUTABLE_ZONES

Violation will be calculated on zones that have routes through the interface.
Example
"CONNECTED_ZONES"

RemoveSecurityZonesFromUspInput

Description

Removes one or more SecureTrack network zones from an existing USP.

Fields
Input Field Description
securityZonesIds - [IdString!]!

SecureTrack network zones IDs to be added.

uspId - IdString!

USP ID to remove zones from.

Example
{
  "securityZonesIds": [IdString],
  "uspId": IdString
}

RemoveSecurityZonesFromUspResult

Description

Returns the status results when removing SecureTrack network zones from an existing USP.

Fields
Field Name Description
resultStatus - ResultStatus! Status of request to remove SecureTrack network zones from an existing USP.
Example
{"resultStatus": ResultStatus}

RestrictionType

Description

Enumeration of valid restriction types.

Values
Enum Value Description

DESTINATION_IPS_MAX_COUNT

Maximum number of IP address allowed in the destination.

EXPLICIT_DESTINATION

Rules must have an explicit destination, not the ANY value.

EXPLICIT_SERVICE

Rules must have an explicit service, not the ANY value.

EXPLICIT_SOURCE

Rules must have an explicit source, not the ANY value.

FLOWS

The required format of the source and the destination in a rule (HOST_TO_HOST, SUBNET_TO_HOST, or HOST_TO_SUBNET).

LAST_HIT_MAX_VAL

Maximum number of days in which the rule must have had a hit.

MANDATORY_COMMENT

Rules must have text in the comment field.

MANDATORY_LOG

Rules must be configured to create log entries.

SERVICES_MAX_COUNT

Maximum number of services allowed.

SOURCE_IPS_MAX_COUNT

Maximum number of IP address allowed in the source.

TRAFFIC

Traffic access permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all).
Example
"DESTINATION_IPS_MAX_COUNT"

Result

ResultStatus

Description

Status result of the operation.

Fields
Field Name Description
errorMessage - String The value “errorMessage” has been deprecated. Use the “errors” field instead
errors - [Error!] List of error codes and messages.
successful - Boolean True indicates that request successfully completed
Example
{
  "errorMessage": "xyz789",
  "errors": [Error],
  "successful": true
}

RiskAnalysisFlowsViolationData

Description

Information regarding violations of type Flow.

Fields
Field Name Description
flowUspRestriction - FlowUspRestriction FlowUspRestriction that was violated by the access request.
violatedFlowType - FlowRestrictionType The flow restriction type FlowRestrictionType that was violated by the access request.
violatingDestPredefinedValue - NetworkPredefinedValue The violating NetworkPredefinedValue of the access request's destination.
violatingDestinationNetworkObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that represent the violating objects in the access request's destination.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourceNetworkObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that represent the violating objects in the access request's source.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourcePredefinedValue - NetworkPredefinedValue The violating NetworkPredefinedValue of the access request's source.
Example
{
  "flowUspRestriction": FlowUspRestriction,
  "violatedFlowType": "HOST_TO_HOST",
  "violatingDestPredefinedValue": "ANY_IPV4_NETWORK",
  "violatingDestinationNetworkObjects": [
    RiskAnalysisNetworkObject
  ],
  "violatingSourceNetworkObjects": [
    RiskAnalysisNetworkObject
  ],
  "violatingSourcePredefinedValue": "ANY_IPV4_NETWORK"
}

RiskAnalysisMutation

Description

The RiskAnalysisMutation entity enables to create a task of AccessRequests for risk calculation.

Fields
Field Name Description
createUspRiskAnalysisTask - CreateUspRiskAnalysisTaskResult! Create a UspRiskAnalysisTask.
Example
{
  "createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}

RiskAnalysisNetworkObject

Description

A violating network object entity, in a defined SecureTrack zone.

Fields
Field Name Description
networkObjectTraffic - NetworkObjectTraffic The raw traffic representation of the violating network object.
zone - SecurityZone The SecureTrack zone that violates the network object traffic.
Example
{
  "networkObjectTraffic": NetworkObjectTraffic,
  "zone": SecurityZone
}

RiskAnalysisTrafficViolationData

Description

Information regarding violations of type Traffic.

Fields
Field Name Description
trafficUspRestriction - TrafficUspRestriction TrafficUspRestriction that was violated by the access request.
violatedApplicationPredefinedValue - ApplicationPredefinedValue The violating ApplicationPredefinedValue of the access request's applications.
violatedServicePredefinedValue - ServicePredefinedValue The violating ServicePredefinedValue of the access request's service.
violatingApplications - [String!] List of application names that represent the violating applications in the access request.
violatingServices - [String!] List of services expressions that represent the violating services in the access request.
Example
{
  "trafficUspRestriction": TrafficUspRestriction,
  "violatedApplicationPredefinedValue": "ANY_APPLICATION",
  "violatedServicePredefinedValue": "ANY_IPV4_SERVICE",
  "violatingApplications": ["xyz789"],
  "violatingServices": ["abc123"]
}

RiskAnalysisViolation

Description

The RiskAnalysisViolation entity represents information regarding violations of an access request. Permission requires

Fields
Field Name Description
accessRequestId - String Access request ID.
changed - DateTime The date that the RiskAnalysisViolation entity was last changed.
creationDate - DateTime Creation date of the violation.
exceptions - [BasicUspExceptionInfoForRiskAnalysis!] Exceptions IDs that were applied to the violation.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

flowViolationData - RiskAnalysisFlowsViolationData The flow violation RiskAnalysisFlowsViolationData.
fromZoneMatchingObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that are matching the from-zone of the ZoneToZoneMatcher. Set in case the access request sources are specific (matchingSourcePredefinedValue not set).
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

id - ID! Violation ID.
matchingDestinationPredefinedValue - NetworkPredefinedValue Set in case the access request destination is a predefined value of NetworkPredefinedValue.
matchingSourcePredefinedValue - NetworkPredefinedValue Set in case the access request source is a predefined value of NetworkPredefinedValue.
name - String This property is not supported.
requirement - UspRequirement Violated UspRequirement.
severity - ViolationSeverity Severity of the violation.
toZoneMatchingObjects - [RiskAnalysisNetworkObject!] List of NetworkObjectTraffic that are matching the to-zone of the ZoneToZoneMatcher. Set in case the access request destinations are specific (matchingDestinationePredefinedValue not set).
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

trafficViolationData - RiskAnalysisTrafficViolationData The traffic violation RiskAnalysisTrafficViolationData.
usp - BasicUspInfoForRiskAnalysis Violated USP.
zoneToZoneUspRequirementMatcher - ZoneToZoneUspRequirementMatcher Violated from zone - to zone ZoneToZoneMatcher.
Example
{
  "accessRequestId": "abc123",
  "changed": "2007-12-03T10:15:30Z",
  "creationDate": "2007-12-03T10:15:30Z",
  "exceptions": [BasicUspExceptionInfoForRiskAnalysis],
  "flowViolationData": RiskAnalysisFlowsViolationData,
  "fromZoneMatchingObjects": [RiskAnalysisNetworkObject],
  "id": 4,
  "matchingDestinationPredefinedValue": "ANY_IPV4_NETWORK",
  "matchingSourcePredefinedValue": "ANY_IPV4_NETWORK",
  "name": "abc123",
  "requirement": UspRequirement,
  "severity": "CRITICAL",
  "toZoneMatchingObjects": [RiskAnalysisNetworkObject],
  "trafficViolationData": RiskAnalysisTrafficViolationData,
  "usp": BasicUspInfoForRiskAnalysis,
  "zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}

Rule

Description

A rule in a security policy

Fields
Field Name Description
action - RuleActionType Action that will be performed by firewall if network traffic matches this rule
actionDisplayName - String Action name
application - RuleApplicationTraffic Definition of the network applications
applicationsUsage - [ApplicationUsage!] Last time traffic was recorded for a specific application on this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

appliedTo - [String!] Devices that the rule is installed on
appliedToObjects - RuleAppliedToObjects Network objects that this rule is applied to
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
destination - RuleNetworkTraffic Definition of the destination network objects
destinationZone - RuleZoneTraffic Definition of the destination network zones
device - BasicDevice The device that this entity belongs to
direction - Direction Direction of this rule (inbound or outbound)
disabled - Boolean True indicates that this rule is disabled on the device
exceptions - [BasicRuleUspExceptionInfo!]
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

goToTarget - SecurityPolicy Target security policy for GOTO rule action
id - ID! The internal unique identifier for this entity
idOnDevice - String Device specific rule identifier. Usually identifies the rule order in the security policy.
installedOn - RuleInstallationTargetTraffic Devices that the rule is installed on
isExemptedFromUsp - Boolean True indicates that the rule will be excluded from violation calculations
location - String The level of the rule within the rule hierarchy
logging - RuleLogging Rule logging definition
name - String The name of the entity
permissivenessLevel - PermissivenessScoreLevel

The permissiveness level (high/medium/low). The permissiveness level is an indication of how widely a rule is defined. Rules with high permissiveness can be a security risk because they allow too much access through the firewall. For example:

  • A rule with one source host, one destination host, and one service is low permissiveness
  • A rule with Source "ANY", Destination "ANY", and Protocol "ANY" is high permissiveness
policy - SecurityPolicy The security policy the rule belongs to
policyIndex - Int
priority - Int
ruleTypeName - String
ruleUsageStatus - RuleUsageStatus Status of last hit check
ruleUserData - RuleUserData Additional information such as a description that can be customized by administrators
sectionGroup - String
sectionTitle - String Title of the section that rule belongs to
securityProfiles - [SecurityProfileValue!] List of security profiles
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

service - RuleServiceTraffic Definition of the network service objects
shadowed - ShadowedStatus Indicates whether the rule is shadowed by a previous rule which handles traffic before it gets to this rule, This may indicate that the rule is redundant.
source - RuleNetworkTraffic Definition of the source network objects
sourceZone - RuleZoneTraffic Definition of the source network zones
system - BasicSystem The system (root device) that this entity belongs to
tags - [String!] List of tags
time - RuleTimeTraffic Time and date that the rule is scheduled
timeLastHit - DateTime The last time traffic that passed through the device matched either the rule, user, or application identity details
timeLastModified - DateTime The most recent time that this rule was directly modified or there was a change in a related object which impacted the rule
urlCategory - RuleUrlCategory The category of the URL as determined by the device
user - RuleUserTraffic Definition of the network user objects
usersUsage - [UserUsage!] Last time traffic was recorded for a specific user on this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

version - Int! A sequential number assigned to each change to identify the order in which changes were made
violationHighestSeverity - ViolationSeverity Maximum security risk severity
violations - [RuleViolation!] A list of all security risks found in this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

vpn - RuleVpnTraffic Definition of the VPN communities. A VPN community is a collection of VPN enabled gateways capable of communicating via VPN tunnels.
zonesRelation - ZonesRelation Zone relation definition on the device
expirationDate - DateTime
Example
{
  "action": "ALLOW",
  "actionDisplayName": "xyz789",
  "application": RuleApplicationTraffic,
  "applicationsUsage": [ApplicationUsage],
  "appliedTo": ["abc123"],
  "appliedToObjects": RuleAppliedToObjects,
  "changed": "2007-12-03T10:15:30Z",
  "comment": "abc123",
  "destination": RuleNetworkTraffic,
  "destinationZone": RuleZoneTraffic,
  "device": BasicDevice,
  "direction": "BOTH",
  "disabled": false,
  "exceptions": [BasicRuleUspExceptionInfo],
  "goToTarget": SecurityPolicy,
  "id": "4",
  "idOnDevice": "xyz789",
  "installedOn": RuleInstallationTargetTraffic,
  "isExemptedFromUsp": true,
  "location": "xyz789",
  "logging": RuleLogging,
  "name": "abc123",
  "permissivenessLevel": "HIGH",
  "policy": SecurityPolicy,
  "policyIndex": 987,
  "priority": 987,
  "ruleTypeName": "xyz789",
  "ruleUsageStatus": "RULE_LAST_HIT_ERROR",
  "ruleUserData": RuleUserData,
  "sectionGroup": "abc123",
  "sectionTitle": "abc123",
  "securityProfiles": [Group],
  "service": RuleServiceTraffic,
  "shadowed": "FULLY_SHADOWED",
  "source": RuleNetworkTraffic,
  "sourceZone": RuleZoneTraffic,
  "system": BasicSystem,
  "tags": ["xyz789"],
  "time": RuleTimeTraffic,
  "timeLastHit": "2007-12-03T10:15:30Z",
  "timeLastModified": "2007-12-03T10:15:30Z",
  "urlCategory": RuleUrlCategory,
  "user": RuleUserTraffic,
  "usersUsage": [UserUsage],
  "version": 987,
  "violationHighestSeverity": "CRITICAL",
  "violations": [RuleViolation],
  "vpn": RuleVpnTraffic,
  "zonesRelation": "INTERZONE",
  "expirationDate": "2007-12-03T10:15:30Z"
}

RuleActionType

Description

Type of action that will be performed by firewall if network traffic matches this rule

Values
Enum Value Description

ALLOW

Traffic specified by the rule will be allowed

CLIENT_AUTHENTICATION

DENY

Traffic specified by the rule will not be allowed

GOTO

Traffic specified by the rule must be checked by other policy. See goToTarget parameter in Rule

UNSUPPORTED

This usages is just a fallback for not supported data
Example
"ALLOW"

RuleApplicationTraffic

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - ApplicationPredefinedValue Predefined value for Any application
typeDisplay - String RuleApplicationTraffic will always be of type "Application"
values - [RuleApplicationValue!] List of network applications
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": false,
  "predefinedValue": "ANY_APPLICATION",
  "typeDisplay": "abc123",
  "values": [Application]
}

RuleApplicationValue

Types
Union Types

Application

Group

Example
Application

RuleAppliedToObjects

Description

"Applied to objects" definition for rule

Fields
Field Name Description
predefinedValue - AppliedToObjectsPredefinedValue Value for predefined type (Any or No object)
typeDisplay - String RuleAppliedToObjects will always be of type "Applied to objects"
values - [NetworkObject!] List of device network objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY",
  "typeDisplay": "abc123",
  "values": [AccessRole]
}

RuleExceptionConditionInput

Description

Condition on Rules

Fields
Input Field Description
rules - [IdString!]!

List of Rule's ID.

Example
{"rules": [IdString]}

RuleFlowsViolationData

Description

The RuleFlowsViolationData entity holds data of the flows that are being violated by the rule

Fields
Field Name Description
flowRestriction - FlowUspRestriction The FlowUspRestriction that was violated by this rule
negatedViolatingDestination - Boolean True if violatingDestinationNetworkObjects is a negated value
negatedViolatingSource - Boolean True if violatingSourceNetworkObjects is a negated value
violatedFlowType - FlowRestrictionType The FlowRestrictionType that was violated by this rule
violatingDestPredefinedValue - NetworkPredefinedValue The NetworkPredefinedValue of the destinationNetworkObjects that are violated by the rule
violatingDestinationNetworkObjects - [NetworkObject!] The destination NetworkObjects that are violated by the rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourceNetworkObjects - [NetworkObject!] The source NetworkObjects that are violated by the rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingSourcePredefinedValue - NetworkPredefinedValue The NetworkPredefinedValue of the source NetworkObjects that are violated by the rule
Example
{
  "flowRestriction": FlowUspRestriction,
  "negatedViolatingDestination": true,
  "negatedViolatingSource": false,
  "violatedFlowType": "HOST_TO_HOST",
  "violatingDestPredefinedValue": "ANY_IPV4_NETWORK",
  "violatingDestinationNetworkObjects": [AccessRole],
  "violatingSourceNetworkObjects": [AccessRole],
  "violatingSourcePredefinedValue": "ANY_IPV4_NETWORK"
}

RuleInstallationTargetTraffic

Description

Installation targets definition for rule

Fields
Field Name Description
predefinedValue - InstallationTargetPredefinedValue Value for installation target of type Any
typeDisplay - String RuleInstallationTargetTraffic will always be of type "Install On"
values - [NetworkObject!] List of device network objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_IT",
  "typeDisplay": "xyz789",
  "values": [AccessRole]
}

RuleLogging

Description

Rule logging definition

Fields
Field Name Description
logProfile - LogProfile Logging profile name
logged - Boolean If true, the rule logged on device
timing - RuleLoggingTiming Specify when rule logging should start
trackInterval - Int Interval (vendor specific)
trackLevel - RuleTrackLevel Rule logging track level
Example
{
  "logProfile": LogProfile,
  "logged": true,
  "timing": "BOTH_START_AND_END",
  "trackInterval": 987,
  "trackLevel": "ACCOUNT"
}

RuleLoggingTiming

Description

Specify when rule logging should start

Values
Enum Value Description

BOTH_START_AND_END

Log rule usage on both, session start and end

SESSION_END

Log rule usage on session end

SESSION_START

Log rule usage on session start
Example
"BOTH_START_AND_END"

RuleNetworkTraffic

Description

Network objects definition for rule source and destination fields

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - NetworkPredefinedValue Definition for network of type Any
typeDisplay - String Network traffic direction in rule (Source, Destination)
values - [NetworkObject!] List of device network objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": false,
  "predefinedValue": "ANY_IPV4_NETWORK",
  "typeDisplay": "abc123",
  "values": [AccessRole]
}

RuleOperationsMutation

Description

Lets you create SecureChange tickets for rules modification, recertification or decommission

Fields
Field Name Description
createTicketDraft - CreateTicketDraftResult! Create a ticket draft in SecureChange
Arguments
Example
{"createTicketDraft": CreateTicketDraftResult}

RuleQuery

Description

Query for Rule objects. These objects can be filtered with a TQL query.

Fields
Field Name Description
count - Long! The total count of Rule objects matching the specified filter.
counts - [CountsResult!]! Gets the number of entities matching a filter, grouped by selected fields.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

groupBy - [String!]!

Results are grouped either by Device parameters or USP parameters. Fields that can be used to group the results: "vendor","device.id","device.name","violations.usp.name","violations.usp.id"

offset - Long

Offset results for paging.

orderBy - countsOrderBy

Sorts the results by the specified field. When not explicitly set, the default field is "GROUP"

orderDirection - orderDirection

Specifies whether the results should be sorted in ascending or descending order. When not explicitly set, the default order is "ASC"

values - [Rule!]! A list of Rule objects matching the specified filter.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "count": {},
  "counts": [CountsResult],
  "values": [Rule]
}

RuleSchedule

Description

Schedule values for rule

Fields
Field Name Description
changed - DateTime The most recent time that this entity was directly modified
comment - String A text comment associated with this entity
device - BasicDevice The device that this entity belongs to
endTime - DateTime End time
id - ID! The internal unique identifier for this entity
name - String The name of the entity
scheduledDays - String Days
scheduledMonth - String Month
scheduledMonthDays - String Days of month
startTime - DateTime Start time
system - BasicSystem The system (root device) that this entity belongs to
timePeriods - [TimePeriodInDay!] List of time periods
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

version - Int! A sequential number assigned to each change to identify the order in which changes were made
Example
{
  "changed": "2007-12-03T10:15:30Z",
  "comment": "xyz789",
  "device": BasicDevice,
  "endTime": "2007-12-03T10:15:30Z",
  "id": 4,
  "name": "abc123",
  "scheduledDays": "xyz789",
  "scheduledMonth": "xyz789",
  "scheduledMonthDays": "xyz789",
  "startTime": "2007-12-03T10:15:30Z",
  "system": BasicSystem,
  "timePeriods": [TimePeriodInDay],
  "version": 123
}

RuleServiceTraffic

Description

Network service objects definition for rule service field

Fields
Field Name Description
negated - Boolean Whether this object represents traffic that is the negated value of the details specified in its other properties.
predefinedValue - ServicePredefinedValue Predefined value to define Any service
typeDisplay - String RuleServiceTraffic will always be of type "Service"
values - [ServiceObject!] List of device network services objects
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "negated": true,
  "predefinedValue": "ANY_IPV4_SERVICE",
  "typeDisplay": "abc123",
  "values": [Group]
}

RuleTimeTraffic

Description

Schedules definition for rule

Fields
Field Name Description
predefinedValue - SchedulePredefinedValue Predefined value for schedule of type Any
typeDisplay - String RuleTimeTraffic will always be of type "Time"
values - [RuleSchedule!] List of schedules
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_SCHEDULE",
  "typeDisplay": "xyz789",
  "values": [RuleSchedule]
}

RuleTrackLevel

Description

Rule logging track level

Values
Enum Value Description

ACCOUNT

Update the log at given intervals

ALERT

Generate a log of type Alert and run a command

ALERTS

Generate a log if immediate action is required

CRITICAL

Generate a log if functionality is affected

DEBUGGING

Generate a log for debugging

DEFAULT

Default logging track level

DISABLED

Logging is disabled

EMERGENCIES

Generate a log if system becomes unstable.

ERRORS

Generate a log if there is an error condition exists and functionality could be affected

INFORMATIONAL

Generate a log with general information about system operations

MAIL

Generate a log of type Alert and send an email to the administrator

NOTIFICATIONS

Generate a log with information about normal events

RTL_LOG

This is the default Track option

RTL_NONE

Do not generate a log

SNMP

Generate a log of type Alert and send an SNMP alert

USER_DEFINED

Generate a log of type Alert and send customized alerts

WARNINGS

Generate a log if functionality could be affected
Example
"ACCOUNT"

RuleTrafficViolationData

Description

The RuleTrafficViolationData entity holds data of the traffic values that are being violated by the rule

Fields
Field Name Description
trafficRestriction - TrafficUspRestriction The TrafficUspRestriction value that was violated by this rule
violatedApplicationPredefinedValue - ApplicationPredefinedValue The ApplicationPredefinedValue that was violated by the rule
violatedServicePredefinedValue - ServicePredefinedValue The ServicePredefinedValue that was violated by the rule
violatingApplications - [Application!] A list of every Application that was violated by the rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

violatingServices - [Service!] A list of every Service that was violated by this rule
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "trafficRestriction": TrafficUspRestriction,
  "violatedApplicationPredefinedValue": "ANY_APPLICATION",
  "violatedServicePredefinedValue": "ANY_IPV4_SERVICE",
  "violatingApplications": [Application],
  "violatingServices": [IcmpService]
}

RuleUrlCategory

Description

URLs category with optional predefined value

Fields
Field Name Description
predefinedValue - UrlCategoryPredefinedValue Predefined value for URL categories of type Any
typeDisplay - String RuleUrlCategory will always be of type "URL category"
values - [UrlCategory!] List of URLs categories
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "predefinedValue": "ANY_URL_CATEGORY",
  "typeDisplay": "xyz789",
  "values": [UrlCategory]
}

RuleUsageStatus

Description

Status of last hit check

Values
Enum Value Description

RULE_LAST_HIT_ERROR

Last hit information has not been received for 3 days

RULE_LAST_HIT_READY

Last hit information is up-to-date
Example
"RULE_LAST_HIT_ERROR"

RuleUserData

Description

Additional information such as a description that can be customized

Fields
Field Name Description
automationAttribute - AutomationAttribute Rule type (regular or stealth)
certification - Certification Rule recertification is used to document and verify the need for a rule, often for standards compliance and auditing.
ruleDescription - String Rule description.
saApplications - [SaApplication!] List of SecureApp applications, associated to this rule.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

securechangeTicketInProgressId - String SecureChange ticket in progress
technicalOwner - User Owner for the rule
technicalOwnerName - String
tickets - [Ticket!] List of tickets, opened for this rule.
Arguments
first - Int

Limit results count to this amount. If no limit is explicitly set, the default limit is 100.

offset - Long

Offset results for paging.

Example
{
  "automationAttribute": "LEGACY",
  "certification": Certification,
  "ruleDescription": "abc123",
  "saApplications": [SaApplication],
  "securechangeTicketInProgressId": "xyz789",
  "technicalOwner": User,
  "technicalOwnerName": "abc123",
  "tickets": [Ticket]
}

RuleUserDataMutation

Description

Use this entity to update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rules.

Fields
Field Name Description