SecureTrack Aurora GraphQL API Documentation R24-1
SecureTrack Aurora GraphQL API Documentation R24-1
Below you can find examples and references for our GraphQL schema
-Link to SecureTrack REST API Documentation
-Link to SecureTrack GraphQL Overview
Queries
auth
Description
Query over all 'auth' related information in session
Response
Returns an AuthQuery
Example
Query
query auth {
auth {
sessionUser {
...SessionUserFragment
}
}
}
Response
{"data": {"auth": {"sessionUser": SessionUser}}}
devices
Description
Query over Device objects.
Response
Returns a DeviceQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching Device entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query devices($filter: String) {
devices(filter: $filter) {
count
values {
...DeviceFragment
}
}
}
Variables
{"filter": ""}
Response
{"data": {"devices": {"count": {}, "values": [Device]}}}
devicesStatus
Description
Query over DeviceStatus objects.
Response
Returns a DeviceStatusQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching DeviceStatus entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query devicesStatus($filter: String) {
devicesStatus(filter: $filter) {
count
values {
...DeviceStatusFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"devicesStatus": {
"count": {},
"values": [DeviceStatus]
}
}
}
domains
Description
Query over Domain objects.
Response
Returns a DomainQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching Domain entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query domains($filter: String) {
domains(filter: $filter) {
count
values {
...DomainFragment
}
}
}
Variables
{"filter": ""}
Response
{"data": {"domains": {"count": {}, "values": [Domain]}}}
getUsps
Response
Returns [Usp]
Example
Query
query getUsps {
getUsps {
appliedToAnyDomain
changed
description
differentZonesDefaultRestrictions {
...UspRestrictionsFragment
}
domain {
...DomainFragment
}
id
name
requirements {
...UspRequirementFragment
}
sameZoneDefaultRestrictions {
...UspRestrictionsFragment
}
securityZones {
...SecurityZoneFragment
}
}
}
Response
{
"data": {
"getUsps": [
{
"appliedToAnyDomain": false,
"changed": "2007-12-03T10:15:30Z",
"description": "abc123",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": "4",
"name": "xyz789",
"requirements": [UspRequirement],
"sameZoneDefaultRestrictions": UspRestrictions,
"securityZones": [SecurityZone]
}
]
}
}
interfaces
Description
Query over Interface objects.
Response
Returns an InterfaceQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching Interface entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query interfaces($filter: String) {
interfaces(filter: $filter) {
count
values {
...InterfaceFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"interfaces": {"count": {}, "values": [Interface]}
}
}
networkObjects
Description
Query over NetworkObject objects.
Response
Returns a NetworkObjectQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching NetworkObject entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query networkObjects($filter: String) {
networkObjects(filter: $filter) {
count
values {
... on AccessRole {
...AccessRoleFragment
}
... on Fqdn {
...FqdnFragment
}
... on Group {
...GroupFragment
}
... on Host {
...HostFragment
}
... on InternetService {
...InternetServiceFragment
}
... on IpRange {
...IpRangeFragment
}
... on LdapUser {
...LdapUserFragment
}
... on LocalUser {
...LocalUserFragment
}
... on Location {
...LocationFragment
}
... on NIC {
...NICFragment
}
... on OtherObject {
...OtherObjectFragment
}
... on Subnet {
...SubnetFragment
}
... on UrlCategory {
...UrlCategoryFragment
}
... on VM {
...VMFragment
}
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"networkObjects": {
"count": {},
"values": [AccessRole]
}
}
}
opmAgents
Description
Query over OPMAgent objects.
Response
Returns an OPMAgentQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching OPMAgent entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query opmAgents($filter: String) {
opmAgents(filter: $filter) {
count
values {
...OPMAgentFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"opmAgents": {"count": {}, "values": [OPMAgent]}
}
}
rules
Description
Query over Rule objects.
Response
Returns a RuleQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching Rule entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query rules($filter: String) {
rules(filter: $filter) {
count
counts {
...CountsResultFragment
}
values {
...RuleFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"rules": {
"count": {},
"counts": [CountsResult],
"values": [Rule]
}
}
}
securityZones
Description
Query over SecurityZone objects.
Response
Returns a SecurityZoneQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching SecurityZone entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query securityZones($filter: String) {
securityZones(filter: $filter) {
count
values {
...SecurityZoneFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"securityZones": {
"count": {},
"values": [SecurityZone]
}
}
}
systems
Description
Query over System objects.
Response
Returns a SystemQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching System entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query systems($filter: String) {
systems(filter: $filter) {
count
values {
...SystemFragment
}
}
}
Variables
{"filter": ""}
Response
{"data": {"systems": {"count": {}, "values": [System]}}}
trend
Description
Query over trend. ##version Query over versions information.
Response
Returns a TrendResult!
Arguments
| Name | Description |
|---|---|
input - TrendQueryInput!
|
Example
Query
query trend($input: TrendQueryInput!) {
trend(input: $input) {
resultStatus {
...ResultStatusFragment
}
timedCounts {
...TimedCountFragment
}
}
}
Variables
{"input": TrendQueryInput}
Response
{
"data": {
"trend": {
"resultStatus": ResultStatus,
"timedCounts": [TimedCount]
}
}
}
userTQLSearches
Description
Query over UserTQLSearch objects.
Response
Returns an UserTQLSearchQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching UserTQLSearch entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query userTQLSearches($filter: String) {
userTQLSearches(filter: $filter) {
count
values {
...UserTQLSearchFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"userTQLSearches": {
"count": {},
"values": [UserTQLSearch]
}
}
}
userWorkflows
Description
Query over UserWorkflow objects.
Response
Returns a UserWorkflowsQuery!
Example
Query
query userWorkflows {
userWorkflows {
resultStatus {
...ResultStatusFragment
}
values {
...UserWorkflowFragment
}
}
}
Response
{
"data": {
"userWorkflows": {
"resultStatus": ResultStatus,
"values": [UserWorkflow]
}
}
}
users
Description
Query over User objects.
Response
Returns a UserQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching User entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query users($filter: String) {
users(filter: $filter) {
count
values {
...UserFragment
}
}
}
Variables
{"filter": ""}
Response
{"data": {"users": {"count": {}, "values": [User]}}}
uspAlertConfigs
Description
Query over UspAlertConfig objects.
Response
Returns an UspAlertConfigQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching UspAlertConfig entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspAlertConfigs($filter: String) {
uspAlertConfigs(filter: $filter) {
count
values {
...UspAlertConfigFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"uspAlertConfigs": {
"count": {},
"values": [UspAlertConfig]
}
}
}
uspExceptions
Description
Query over UspException objects.
Response
Returns an UspExceptionQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching UspException entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspExceptions($filter: String) {
uspExceptions(filter: $filter) {
count
values {
...UspExceptionFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"uspExceptions": {
"count": {},
"values": [UspException]
}
}
}
uspRequirements
Description
Query over UspRequirement objects.
Response
Returns an UspRequirementQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching UspRequirement entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspRequirements($filter: String) {
uspRequirements(filter: $filter) {
count
values {
...UspRequirementFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"uspRequirements": {
"count": {},
"values": [UspRequirement]
}
}
}
uspRiskAnalysisTask
Description
Query over UspRiskAnalysisTask objects.
Response
Returns an UspRiskAnalysisTaskQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching UspRiskAnalysisTask entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query uspRiskAnalysisTask($filter: String) {
uspRiskAnalysisTask(filter: $filter) {
count
values {
...UspRiskAnalysisTaskFragment
}
}
}
Variables
{"filter": ""}
Response
{
"data": {
"uspRiskAnalysisTask": {
"count": {},
"values": [UspRiskAnalysisTask]
}
}
}
usps
Description
Query over Usp objects.
Response
Returns an UspQuery
Arguments
| Name | Description |
|---|---|
filter - String
|
TQL query to filter for matching Usp entities. Please refer to the TQL documentation. Default = "" |
Example
Query
query usps($filter: String) {
usps(filter: $filter) {
count
values {
...UspFragment
}
}
}
Variables
{"filter": ""}
Response
{"data": {"usps": {"count": {}, "values": [Usp]}}}
version
Response
Returns a VersionQuery!
Example
Query
query version {
version {
entityChanges {
...EntityChangesQueryFragment
}
entityVersions {
...EntityVersionsQueryFragment
}
}
}
Response
{
"data": {
"version": {
"entityChanges": EntityChangesQuery,
"entityVersions": EntityVersionsQuery
}
}
}
zones
Response
Returns [Zone!]!
Example
Query
query zones {
zones {
changed
comment
device {
...BasicDeviceFragment
}
id
name
system {
...BasicSystemFragment
}
version
zoneType
}
}
Response
{
"data": {
"zones": [
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"id": 4,
"name": "abc123",
"system": BasicSystem,
"version": 987,
"zoneType": "ZONE_LAYER2"
}
]
}
}
Mutations
riskAnalysis
Response
Returns a RiskAnalysisMutation!
Example
Query
mutation riskAnalysis {
riskAnalysis {
createUspRiskAnalysisTask {
...CreateUspRiskAnalysisTaskResultFragment
}
}
}
Response
{
"data": {
"riskAnalysis": {
"createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}
}
}
ruleOperations
Response
Returns a RuleOperationsMutation!
Example
Query
mutation ruleOperations {
ruleOperations {
createTicketDraft {
...CreateTicketDraftResultFragment
}
}
}
Response
{
"data": {
"ruleOperations": {
"createTicketDraft": CreateTicketDraftResult
}
}
}
ruleUserData
Response
Returns a RuleUserDataMutation!
Example
Query
mutation ruleUserData {
ruleUserData {
createTicket {
...CreateTicketResultFragment
}
deleteTickets {
...DeleteTicketsResultFragment
}
updateRuleAutomationAttribute {
...UpdateRuleAutomationAttributeResultFragment
}
updateRuleDescription {
...UpdateRuleDescriptionResultFragment
}
updateRuleTechnicalOwner {
...UpdateRuleTechnicalOwnerResultFragment
}
updateTicket {
...UpdateTicketResultFragment
}
}
}
Response
{
"data": {
"ruleUserData": {
"createTicket": CreateTicketResult,
"deleteTickets": DeleteTicketsResult,
"updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
"updateRuleDescription": UpdateRuleDescriptionResult,
"updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
"updateTicket": UpdateTicketResult
}
}
}
system
Response
Returns a SystemMutation!
Example
Query
mutation system {
system {
createSystem {
...CreateSystemResultFragment
}
deleteSystem {
...DeleteSystemResultFragment
}
updateSystem {
...UpdateSystemResultFragment
}
}
}
Response
{
"data": {
"system": {
"createSystem": CreateSystemResult,
"deleteSystem": DeleteSystemResult,
"updateSystem": UpdateSystemResult
}
}
}
userTQLSearch
Response
Returns an UserTQLSearchMutation!
Example
Query
mutation userTQLSearch {
userTQLSearch {
changeUserTQLSearchesOwner {
...ChangeUserTQLSearchesOwnerResultFragment
}
createUserTQLSearch {
...CreateUserTQLSearchResultFragment
}
deleteUserTQLSearch {
...DeleteUserTQLSearchResultFragment
}
updateUserTQLSearch {
...UpdateUserTQLSearchResultFragment
}
}
}
Response
{
"data": {
"userTQLSearch": {
"changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
"createUserTQLSearch": CreateUserTQLSearchResult,
"deleteUserTQLSearch": DeleteUserTQLSearchResult,
"updateUserTQLSearch": UpdateUserTQLSearchResult
}
}
}
usp
Response
Returns an UspMutation!
Example
Query
mutation usp {
usp {
addSecurityZonesToUsp {
...AddSecurityZonesToUspResultFragment
}
createPredefinedUsp {
...CreatePredefinedUspResultFragment
}
createUsp {
...CreateUspResultFragment
}
deleteUsp {
...DeleteUspResultFragment
}
removeSecurityZonesFromUsp {
...RemoveSecurityZonesFromUspResultFragment
}
updateUsp {
...UpdateUspResultFragment
}
updateUspRequirement {
...UpdateUspRequirementResultFragment
}
}
}
Response
{
"data": {
"usp": {
"addSecurityZonesToUsp": AddSecurityZonesToUspResult,
"createPredefinedUsp": CreatePredefinedUspResult,
"createUsp": CreateUspResult,
"deleteUsp": DeleteUspResult,
"removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
"updateUsp": UpdateUspResult,
"updateUspRequirement": UpdateUspRequirementResult
}
}
}
uspAlertConfig
Response
Returns an AlertConfigMutation!
Example
Query
mutation uspAlertConfig {
uspAlertConfig {
createUspAlertConfig {
...CreateUspAlertConfigResultFragment
}
deleteAlertConfig {
...DeleteAlertConfigResultFragment
}
updateUspAlertConfig {
...UpdateUspAlertConfigResultFragment
}
}
}
Response
{
"data": {
"uspAlertConfig": {
"createUspAlertConfig": CreateUspAlertConfigResult,
"deleteAlertConfig": DeleteAlertConfigResult,
"updateUspAlertConfig": UpdateUspAlertConfigResult
}
}
}
uspException
Response
Returns an UspExceptionMutation!
Example
Query
mutation uspException {
uspException {
addRulesToRuleException {
...AddRulesToRuleExceptionResultFragment
}
createUspRuleException {
...CreateUspRuleExceptionResultFragment
}
createUspTrafficException {
...CreateUspTrafficExceptionResultFragment
}
deleteUspExceptions {
...DeleteUspExceptionResultFragment
}
updateUspRuleException {
...UpdateUspRuleExceptionResultFragment
}
updateUspTrafficException {
...UpdateUspTrafficExceptionResultFragment
}
}
}
Response
{
"data": {
"uspException": {
"addRulesToRuleException": AddRulesToRuleExceptionResult,
"createUspRuleException": CreateUspRuleExceptionResult,
"createUspTrafficException": CreateUspTrafficExceptionResult,
"deleteUspExceptions": DeleteUspExceptionResult,
"updateUspRuleException": UpdateUspRuleExceptionResult,
"updateUspTrafficException": UpdateUspTrafficExceptionResult
}
}
}
zoneMapping
Response
Returns a ZoneMappingMutation!
Example
Query
mutation zoneMapping {
zoneMapping {
updateDeviceInclusionInCalculation {
...UpdateDeviceInclusionInCalculationResultFragment
}
updateMappings {
...ZoneManualMappingResultFragment
}
updateProtectionMode {
...UpdateProtectionModeResultFragment
}
}
}
Response
{
"data": {
"zoneMapping": {
"updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
"updateMappings": ZoneManualMappingResult,
"updateProtectionMode": UpdateProtectionModeResult
}
}
}
Types
AccessRequestActionType
Description
The action of the access request. Equivalent to a security rule action.
Values
| Enum Value | Description |
|---|---|
|
|
Allow all traffic. |
|
|
Deny all traffic. |
Example
"ALLOW"
AccessRequestApplicationInput
Fields
| Input Field | Description |
|---|---|
name - String!
|
|
nonDefaultPorts - Boolean
|
|
services - [ServiceExpressionString!]
|
Example
{
"name": "xyz789",
"nonDefaultPorts": true,
"services": [ServiceExpressionString]
}
AccessRequestApplicationPredefinedValue
Values
| Enum Value | Description |
|---|---|
|
|
Example
"ANY_APPLICATION"
AccessRequestDomainInput
AccessRequestError
AccessRequestInput
Description
Represents a traffic access request to be checked for violation of any of the configured USPs.
Fields
| Input Field | Description |
|---|---|
actionType - AccessRequestActionType!
|
AccessRequestActionType of the access request.
|
applicationPredefinedValue - AccessRequestApplicationPredefinedValue
|
Predefined value of ApplicationPredefinedValue type for the access request applications. If this value is set, the list of applications should not be configured. |
applications - [AccessRequestApplicationInput!]
|
List of AccessRequestApplication that represents the access request applications. |
destinationDomain - AccessRequestDomainInput
|
The access request destination AccessRequestDomain. |
destinationPredefinedValue - AccessRequestNetworkPredefinedValue
|
Predefined value of NetworkPredefinedValue type for the access request destination. If this value is set, the list of destinations should not be configured. |
destinationZones - [IdString!]
|
List of SecureTrack zones that represent the access request destination zones. |
destinations - [NetworkObjectTrafficInput!]
|
List of NetworkObjectTraffic that represents the access request destinations. |
id - FreeText!
|
|
servicePredefinedValue - AccessRequestServicePredefinedValue
|
Predefined value of ServicePredefinedValue type for the access request services. If this value is set, the list of services should not be configured. |
services - [ServiceExpressionString!]
|
List of ServiceTraffic that represents the access request services. |
sourceDomain - AccessRequestDomainInput
|
The access request source AccessRequestDomain. |
sourcePredefinedValue - AccessRequestNetworkPredefinedValue
|
Predefined value of NetworkPredefinedValue type for the access request source. If this value is set, the list of sources should not be configured. |
sourceZones - [IdString!]
|
List of SecureTrack zones that represent the access request source zones. |
sources - [NetworkObjectTrafficInput!]
|
List of NetworkObjectTraffic that represents the access request sources. |
useTopology - Boolean
|
Use topology to determine access request domains if the source zone is not the destination zone of the access request. |
Example
{
"actionType": "ALLOW",
"applicationPredefinedValue": "ANY_APPLICATION",
"applications": [AccessRequestApplicationInput],
"destinationDomain": AccessRequestDomainInput,
"destinationPredefinedValue": "ANY",
"destinationZones": [IdString],
"destinations": [NetworkObjectTrafficInput],
"id": FreeText,
"servicePredefinedValue": "ANY_SERVICE",
"services": [ServiceExpressionString],
"sourceDomain": AccessRequestDomainInput,
"sourcePredefinedValue": "ANY",
"sourceZones": [IdString],
"sources": [NetworkObjectTrafficInput],
"useTopology": false
}
AccessRequestNetworkPredefinedValue
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ANY"
AccessRequestServicePredefinedValue
Values
| Enum Value | Description |
|---|---|
|
|
Example
"ANY_SERVICE"
AccessRole
Description
Set of permitted objects
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
networks - [NetworkObject!]
|
List of network objects this access role has right to see |
networksPredefinedValue - NetworkPredefinedValue
|
Could be any network, IPv4 only network or IPv6 only network |
system - BasicSystem
|
The system (root device) that this entity belongs to |
users - [UserValue!]
|
List of users this access role has been assigned for |
usersPredefinedValue - UserPredefinedValue
|
Predefined values to define well known user behavior |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": 4,
"name": "xyz789",
"networks": [AccessRole],
"networksPredefinedValue": "ANY_IPV4_NETWORK",
"system": BasicSystem,
"users": [Group],
"usersPredefinedValue": "ALL_IDENTIFY",
"version": 123
}
AddRulesToRuleExceptionInput
Fields
| Input Field | Description |
|---|---|
id - IdString!
|
|
rulesIds - [IdString!]!
|
Example
{
"id": IdString,
"rulesIds": [IdString]
}
AddRulesToRuleExceptionResult
Fields
| Field Name | Description |
|---|---|
id - ID
|
|
resultStatus - ResultStatus!
|
Example
{
"id": "4",
"resultStatus": ResultStatus
}
AddSecurityZonesToUspInput
Description
Adding SecureTrack network zones to an existing USP.
Fields
| Input Field | Description |
|---|---|
securityZonesIds - [IdString!]!
|
SecureTrack network zones IDs. |
uspId - IdString!
|
USP ID. |
Example
{
"securityZonesIds": [IdString],
"uspId": IdString
}
AddSecurityZonesToUspResult
Description
Returns the status results when adding SecureTrack network zones to an existing USP.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of request to add SecureTrack network zones to an existing USP. |
Example
{"resultStatus": ResultStatus}
AlertConfigMutation
Description
The AlertConfigMutation entity lets you create, update or delete USP alerts. For a full list of configuration options see the createUspAlertConfig and updateUspAlertConfig entities.
Fields
| Field Name | Description |
|---|---|
createUspAlertConfig - CreateUspAlertConfigResult!
|
Create a USP alert. |
Arguments
|
|
deleteAlertConfig - DeleteAlertConfigResult!
|
Delete a USP alert. |
Arguments
|
|
updateUspAlertConfig - UpdateUspAlertConfigResult!
|
Update a USP alert. |
Arguments
|
|
Example
{
"createUspAlertConfig": CreateUspAlertConfigResult,
"deleteAlertConfig": DeleteAlertConfigResult,
"updateUspAlertConfig": UpdateUspAlertConfigResult
}
Application
Description
Network application.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
services - [Service!]
|
TCP/IP services of the application. |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"name": "xyz789",
"services": [IcmpService],
"system": BasicSystem,
"version": 987
}
ApplicationPredefinedValue
Description
Predefined values to define Any application
Values
| Enum Value | Description |
|---|---|
|
|
Any application |
Example
"ANY_APPLICATION"
ApplicationString
Description
An application string. Must be a predefined application. Input as a String literal, for example, 'Facebook'
Example
ApplicationString
ApplicationUsage
Description
Object which represents usage information of applications on the rule
Fields
| Field Name | Description |
|---|---|
application - RuleApplicationValue
|
The identity of an application |
timeLastHit - DateTime
|
Represents time when traffic was recorded for the application |
Example
{
"application": Application,
"timeLastHit": "2007-12-03T10:15:30Z"
}
AppliedToObjectsPredefinedValue
Description
Predefined values for "AppliedToObjects"
Values
| Enum Value | Description |
|---|---|
|
|
Any object |
|
|
No object |
Example
"ANY"
AuthQuery
Description
A container for authentication-related information (such as principles) from the current session context.
Fields
| Field Name | Description |
|---|---|
sessionUser - SessionUser
|
The current principle user in session. |
Example
{"sessionUser": SessionUser}
AutomationAttribute
Description
Determines the way that Designer and Verifier will relate to the legacy rule that is being modified.
Values
| Enum Value | Description |
|---|---|
|
|
Designer and Verifier will treat the specified legacy rule as a shadowed rule when making recommendations or verifying access. |
|
|
Designer and Verifier will treat the specified rule as a stealth rule when making recommendations or verifying access. |
Example
"LEGACY"
BasicDevice
Description
A dependent device. Each device is assigned to a unique System device.
Fields
| Field Name | Description |
|---|---|
cannotHaveRules - Boolean
|
True indicates that the device has no rules
|
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
deviceType - DeviceType
|
Type of this device |
displayName - String
|
Name of this device |
domain - Domain
|
The domains of the device |
id - ID!
|
The internal unique identifier for this entity |
model - ModelName
|
Model of this device |
name - String
|
The name of the entity |
parent - Device
|
Device or system parent device |
root - Boolean
|
True indicates that this device is the topmost device in the hierarchy
|
system - BasicSystem
|
The system (root device) that this entity belongs to |
vendor - VendorName
|
Vendor type of this device |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"cannotHaveRules": false,
"comment": "xyz789",
"device": BasicDevice,
"deviceType": "CLOUD_VIRTUAL_NETWORK",
"displayName": "xyz789",
"domain": Domain,
"id": 4,
"model": "ACI",
"name": "xyz789",
"parent": Device,
"root": false,
"system": BasicSystem,
"vendor": "AMAZON",
"version": 123
}
BasicRuleUspExceptionInfo
Description
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
Example
{
"description": "xyz789",
"id": 4,
"name": "abc123"
}
BasicSystem
Description
Root device that manages the dependent devices
Fields
| Field Name | Description |
|---|---|
id - ID!
|
The internal unique identifier for this entity |
model - ModelName
|
Model of this device |
modelDisplayName - String
|
Model name of this device |
monitoredByOPMAgent - Boolean
|
True indicates that the system monitored by OPM agent |
name - String
|
The name of the entity |
vendor - VendorName
|
Vendor type of this device |
Example
{
"id": 4,
"model": "ACI",
"modelDisplayName": "abc123",
"monitoredByOPMAgent": true,
"name": "abc123",
"vendor": "AMAZON"
}
BasicUspExceptionInfo
Description
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
Example
{
"description": "xyz789",
"id": "4",
"name": "abc123"
}
BasicUspExceptionInfoForRiskAnalysis
Description
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
Example
{
"description": "abc123",
"id": 4,
"name": "abc123"
}
BasicUspInfo
Description
The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
|
description - String
|
Description of the USP. |
differentZonesDefaultRestrictions - UspRestrictions
|
Configures default restrictions on security rules for different zones in source and destination. |
domain - Domain
|
Domain of the USP. |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
Name of the USP. |
sameZoneDefaultRestrictions - UspRestrictions
|
Configures default restrictions on security rules for the same zone in source and destination. |
Example
{
"appliedToAnyDomain": false,
"description": "abc123",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": "4",
"name": "xyz789",
"sameZoneDefaultRestrictions": UspRestrictions
}
BasicUspInfoForRiskAnalysis
Description
The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.
Fields
| Field Name | Description |
|---|---|
description - String
|
Description of the USP. |
differentZonesDefaultRestrictions - UspRestrictions
|
Configures default restrictions on security rules for different zones in source and destination. |
domain - Domain
|
Domain of the USP. |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
Name of the USP. |
sameZoneDefaultRestrictions - UspRestrictions
|
Configures default restrictions on security rules for the same zone in source and destination. |
Example
{
"description": "abc123",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": "4",
"name": "abc123",
"sameZoneDefaultRestrictions": UspRestrictions
}
Boolean
Description
The Boolean scalar type represents true or false.
Example
true
Certification
Fields
| Field Name | Description |
|---|---|
status - CertificationStatus
|
The status of the rule (certified, decertified) |
timeCertified - DateTime
|
The date the rule certification expires, after which, it must be reviewed and recertified |
timeExpiration - DateTime
|
The date that the certification decision was implemented |
Example
{
"status": "CERTIFIED",
"timeCertified": "2007-12-03T10:15:30Z",
"timeExpiration": "2007-12-03T10:15:30Z"
}
CertificationStatus
Description
The status of the rule (certified/decertified)
Values
| Enum Value | Description |
|---|---|
|
|
Rule status is certified (has a business justification) |
|
|
Rule status is not certified (does not have a business justification) |
Example
"CERTIFIED"
ChangeDetails
Description
The details of the change
Fields
| Field Name | Description |
|---|---|
changeType - ChangeType
|
The type of change. Possible values: added, removed or modified |
fieldName - String
|
The name of the field that has changed |
fieldType - String!
|
The type of field. Possible values: boolean, string, object |
originValue - String
|
The original value of the field, before the change |
relatedEntity - EntityData
|
Used for object fields only, otherwise NULL |
value - String!
|
The value of the field after the change |
Example
{
"changeType": "ADDED",
"fieldName": "xyz789",
"fieldType": "xyz789",
"originValue": "abc123",
"relatedEntity": EntityData,
"value": "xyz789"
}
ChangeType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ADDED"
ChangeUserTQLSearchesOwnerInput
Description
Change the owner of multiple TQL queries in bulk. Input can be either source owner, or a list of query IDs, but not both.
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]
|
IDs of the queries |
sourceOwnerId - IdString
|
The current owner of the queries |
targetOwnerId - IdString!
|
The future owner of the queries |
Example
{
"ids": [IdString],
"sourceOwnerId": IdString,
"targetOwnerId": IdString
}
ChangeUserTQLSearchesOwnerResult
Description
Returns the status results when changing the owner of multiple TQL queries
Fields
| Field Name | Description |
|---|---|
ids - [ID!]
|
IDs of the updated queries |
resultStatus - ResultStatus!
|
Result of the operation |
Example
{
"ids": ["4"],
"resultStatus": ResultStatus
}
CountsResult
CreateDraftInvalidRuleReason
Description
The possible reasons for rules to be invalid for creating a SecureChange ticket
Values
| Enum Value | Description |
|---|---|
|
|
Rule is associated with a device that the user does not have permission to manage in SecureChange |
|
|
Rule is associated with a device that the user does not have permission to manage in SecureTrack |
|
|
The rule already has a ticket in progress |
|
|
This rule, or another rule in the request from the same device, is inherited |
|
|
Rule belongs to a device that does not support rule modification |
|
|
The requested rule ID is not found |
|
|
Example
"DEVICE_NO_USER_PERMISSIONS_SC"
CreatePredefinedUspInput
Description
Create a predefined USP from known regulation templates. The supported regulations are:
- PCI
- NERC CIPV5
- ISO 27001
- NIST 800-53
- Tufin's Best Practices
- Tufin's Advanced Best Practices
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
|
description - FreeText
|
USP description. |
domain - IdString
|
|
name - Name!
|
USP name. |
type - PredefinedUspType!
|
Regulation type. |
zoneMappings - [ZoneMappingInput!]!
|
Mapping between the regulation zones from the template to the SecureTrack network zones to be enforced by the created USP. |
Example
{
"appliedToAnyDomain": true,
"description": FreeText,
"domain": IdString,
"name": Name,
"type": "ADVANCED_BEST_PRACTICES",
"zoneMappings": [ZoneMappingInput]
}
CreatePredefinedUspResult
Description
Returns the status results when creating a new predefined USP.
Fields
| Field Name | Description |
|---|---|
id - ID
|
Newly created USP ID. |
resultStatus - ResultStatus!
|
Status of request to create a new USP. |
Example
{"id": 4, "resultStatus": ResultStatus}
CreateSystemInput
Description
Create system request input
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean
|
This property is not currently supported |
domain - IdString
|
This property is not currently supported |
ipAddress - IpAddressString
|
IP address |
model - ModelName!
|
Model of this device |
modelDisplayName - FreeText!
|
Model name of this device |
name - Name!
|
System name |
opmAgentId - FreeText!
|
Open policy management (OPM) agent ID |
properties - [SystemFieldValueInput!]
|
System properties |
vendor - VendorName!
|
Vendor type of this device |
Example
{
"appliedToAnyDomain": true,
"domain": IdString,
"ipAddress": IpAddressString,
"model": "ACI",
"modelDisplayName": FreeText,
"name": Name,
"opmAgentId": FreeText,
"properties": [SystemFieldValueInput],
"vendor": "AMAZON"
}
CreateSystemResult
Description
Create system request output
Fields
| Field Name | Description |
|---|---|
id - ID
|
Application internal ID of created system |
resultStatus - ResultStatus!
|
Result of the operation |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
CreateTicketDraftInput
Description
Create a ticket draft in SecureChange
Fields
| Input Field | Description |
|---|---|
decommissionRulesAction - DecommissionRulesAction
|
Supported actions are: ?disable rules? and ?remove rules? |
dryRun - Boolean
|
If set to True, SecureChange will not create a ticket draft, will only return the result of input validation |
ruleUids - [IdString!]!
|
List of rule UIDs to create the ticket for |
subject - Name
|
The subject for the ticket draft |
workflowName - Name
|
The name of SecureChange workflow used to create the ticket |
workflowType - WorkFlowType!
|
The type of workflow (RECERTIFY_RULES, DECOMMISSION_RULES or MODIFY_RULES) |
Example
{
"decommissionRulesAction": "DISABLE_RULES",
"dryRun": true,
"ruleUids": [IdString],
"subject": Name,
"workflowName": Name,
"workflowType": "DECOMMISSION_RULES"
}
CreateTicketDraftResult
Description
Returns the status results when creating a ticket draft
Fields
| Field Name | Description |
|---|---|
invalidRules - [InvalidRule!]!
|
List of the rules that are invalid for creating a ticket, and the reason that they are invalid |
resultStatus - ResultStatus!
|
Status of the request to create ticket draft |
validRuleUids - [ID!]
|
List of the rules that are valid for creating a ticket, out of the rules in the request |
Example
{
"invalidRules": [InvalidRule],
"resultStatus": ResultStatus,
"validRuleUids": ["4"]
}
CreateTicketInput
Description
Create a ticket for a rule.
Fields
| Input Field | Description |
|---|---|
businessOwner - FreeText
|
Business owner name for a rule. |
comment - FreeText
|
Comment for a ticket. |
email - EmailAddress
|
Business owner Email address for a rule. |
expirationDate - DateTime
|
Expiration date for a ticket. |
externalUrl - URL
|
External URL for a ticket. |
originTicketId - FreeText
|
ID information for a ticket, only required if a SecureChange ticket is linked. |
ruleIds - [IdString!]!
|
List of affected rule IDs. |
secureChangeTicket - Boolean
|
Mark as true if the ticket is a SecureChange ticket. |
Example
{
"businessOwner": FreeText,
"comment": FreeText,
"email": "[email protected]",
"expirationDate": "2007-12-03T10:15:30Z",
"externalUrl": "http://www.test.com/",
"originTicketId": FreeText,
"ruleIds": [IdString],
"secureChangeTicket": true
}
CreateTicketResult
Description
Returns the status results when creating a ticket for a rule.
Fields
| Field Name | Description |
|---|---|
modifiedRules - [ModifiedRule!]!
|
List of affected rules. |
resultStatus - ResultStatus!
|
Result of the create ticket operation. |
Example
{
"modifiedRules": [ModifiedRule],
"resultStatus": ResultStatus
}
CreateUserTQLSearchInput
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
If true, the query belongs to the 'All Domains' context |
description - FreeText
|
Description of the query |
domain - IdString
|
Domain in which the query was saved |
name - Name!
|
Name of the query |
public - Boolean!
|
If true, the query is public |
query - String!
|
TQL expression saved as part of the query |
type - TQLSearchType!
|
The Entity returned by the query |
Example
{
"appliedToAnyDomain": false,
"description": FreeText,
"domain": IdString,
"name": Name,
"public": false,
"query": "abc123",
"type": "RULE"
}
CreateUserTQLSearchResult
Description
Create and save a TQL query
Fields
| Field Name | Description |
|---|---|
id - ID
|
Application internal ID of created TQL query |
resultStatus - ResultStatus!
|
Result of the operation |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
CreateUspAlertConfigInput
Description
Create a USP alert.
Fields
| Input Field | Description |
|---|---|
allDevices - Boolean!
|
If set to True, the devicesIds field is ignored and this alert applies to all devices. |
allUsps - Boolean!
|
If set to True, the uspId field is ignored and this alert applies to all USPs. |
appliedToAnyDomain - Boolean!
|
If set to True, the domain field should be empty and this alert applies to all domains. |
description - FreeText
|
Alert description. |
devicesIds - [IdString!]
|
This alert applies only for the specified devices. Add a list Device IDs. |
disabled - Boolean!
|
Set to true to disable this alert. |
domain - IdString
|
This alert will be configured in the specified domain. Add a single domain ID only. |
externalRecipientsEmails - [EmailAddress!]
|
Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users. |
name - Name!
|
Alert name. |
recipientsIds - [IdString!]
|
Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user. |
severities - [ViolationSeverity!]!
|
This alert is sent for violations of all the selected severities. |
syslogEnabled - Boolean!
|
Set to True if syslog the alert should also be sent via syslog. |
uspId - IdString
|
This alert applies only to the specified USP. Add a single USP ID only. |
Example
{
"allDevices": false,
"allUsps": true,
"appliedToAnyDomain": false,
"description": FreeText,
"devicesIds": [IdString],
"disabled": true,
"domain": IdString,
"externalRecipientsEmails": [
"[email protected]"
],
"name": Name,
"recipientsIds": [IdString],
"severities": ["CRITICAL"],
"syslogEnabled": true,
"uspId": IdString
}
CreateUspAlertConfigResult
Description
Returns the status results when creating a new USP alert .
Fields
| Field Name | Description |
|---|---|
id - ID
|
ID of the new alert. |
resultStatus - ResultStatus!
|
Status of request to create a new USP alert. |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
CreateUspInput
Description
Create a USP.
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
|
description - FreeText
|
USP description. |
domain - IdString
|
|
name - Name!
|
USP name. |
securityZonesIds - [IdString!]
|
SecureTrack network zones IDs to be used by the USP. |
Example
{
"appliedToAnyDomain": true,
"description": FreeText,
"domain": IdString,
"name": Name,
"securityZonesIds": [IdString]
}
CreateUspResult
Description
Returns the status results when creating a new USP.
Fields
| Field Name | Description |
|---|---|
id - ID
|
Newly created USP ID. |
resultStatus - ResultStatus!
|
Status of request to create a new USP. |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
CreateUspRiskAnalysisTaskInput
Description
Create a new UspRiskAnalysisTask for risk analysis calculation.
Fields
| Input Field | Description |
|---|---|
accessRequests - [AccessRequestInput!]!
|
List of AccessRequestInputs for risk analysis calculations. |
runCalculationOnAllUsps - Boolean!
|
If true, calculation will run on all USPs in all domains, otherwise, it will run on USPs that are configured on the domains for the specified source and destination. |
Example
{
"accessRequests": [AccessRequestInput],
"runCalculationOnAllUsps": true
}
CreateUspRiskAnalysisTaskResult
Description
Returns the status results when creating a new UspRiskAnalysisTask.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
ResultStatus of the request to create a new risk analysis task.
|
taskId - ID
|
The created task ID. The ID is used for querying for the calculation result of UspRiskAnalysisTask. |
Example
{"resultStatus": ResultStatus, "taskId": 4}
CreateUspRuleExceptionInput
Description
Create a rule UspException.
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.
|
approver - FreeText
|
User that approved the rule UspException. |
creator - FreeText
|
User that created the rule UspException . |
description - FreeText
|
Rule UspException description. |
disabled - Boolean!
|
Set to true to disable this rule UspException. When disabled, rule UspException will have no impact on RuleViolations. |
domain - IdString
|
The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored. |
endDate - Date
|
Last date that the rule UspException is active. |
name - Name!
|
Rule UspException name. |
rules - RuleExceptionConditionInput!
|
RulesConditionInput of the UspException.
|
startDate - Date
|
First date that the rule UspException is active. |
ticketId - FreeText
|
SecureChange ticket ID. |
usps - [UspExceptionConditionInput!]
|
List of UspExceptionConditionInput. |
Example
{
"appliedToAnyDomain": true,
"approver": FreeText,
"creator": FreeText,
"description": FreeText,
"disabled": false,
"domain": IdString,
"endDate": "2007-12-03",
"name": Name,
"rules": RuleExceptionConditionInput,
"startDate": "2007-12-03",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
CreateUspRuleExceptionResult
Description
Returns the status results when creating a new rule UspException.
Fields
| Field Name | Description |
|---|---|
id - ID
|
Newly created rule UspException ID. |
resultStatus - ResultStatus!
|
Status of request to create a new rule UspException. |
Example
{"id": 4, "resultStatus": ResultStatus}
CreateUspTrafficExceptionInput
Description
Create a traffic UspException.
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
True indicates that the exception affects All Domains. False indicates that the exception affects only the specified domain.
|
approver - FreeText
|
User that approved the traffic UspException. |
creator - FreeText
|
User that created the traffic UspException . |
description - FreeText
|
Traffic UspException description. |
destinationEntityIds - [IdString!]
|
Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. |
destinations - [IpAddressString!]
|
Destination condition - list of IPs/subnets. |
disabled - Boolean!
|
Set to true to disable this traffic UspException. When disabled, traffic UspException will have no impact on RuleViolations. |
domain - IdString
|
The ID of the domain that the exception will be created for. Note: If appliedToAnyDomain is set to True this value is ignored. |
endDate - Date
|
Last date that the traffic UspException is active. |
name - Name!
|
Traffic UspException name. |
servicesAndApplications - ServiceAndApplicationConditionInput
|
List of ServiceAndApplicationConditionInput. |
sourceEntityIds - [IdString!]
|
Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. |
sources - [IpAddressString!]
|
Source condition - list of IPs/subnets. |
startDate - Date
|
First date that the traffic UspException is active. |
ticketId - FreeText
|
SecureChange ticket ID. |
usps - [UspExceptionConditionInput!]
|
List of UspExceptionConditionInput. |
Example
{
"appliedToAnyDomain": true,
"approver": FreeText,
"creator": FreeText,
"description": FreeText,
"destinationEntityIds": [IdString],
"destinations": [IpAddressString],
"disabled": false,
"domain": IdString,
"endDate": "2007-12-03",
"name": Name,
"servicesAndApplications": ServiceAndApplicationConditionInput,
"sourceEntityIds": [IdString],
"sources": [IpAddressString],
"startDate": "2007-12-03",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
CreateUspTrafficExceptionResult
Description
Returns the status results when creating a new traffic UspException.
Fields
| Field Name | Description |
|---|---|
id - ID
|
Newly created traffic UspException ID. |
resultStatus - ResultStatus!
|
Status of request to create a new traffic UspException. |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
Date
Description
An RFC-3339 compliant Full Date Scalar
Example
"2007-12-03"
DateTime
Description
An RFC-3339 compliant DateTime Scalar
Example
"2007-12-03T10:15:30Z"
DecommissionRulesAction
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DISABLE_RULES"
DeleteAlertConfigInput
Description
Delete a USP alert.
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
IDs of the alerts you want to delete. |
Example
{"ids": [IdString]}
DeleteAlertConfigResult
Description
Returns the status results when deleting USP alerts.
Fields
| Field Name | Description |
|---|---|
ids - [String!]
|
|
resultStatus - ResultStatus!
|
Status of request to delete USP alerts. |
Example
{
"ids": ["xyz789"],
"resultStatus": ResultStatus
}
DeleteSystemInput
Description
Delete systems request input
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
Systems IDs to delete |
Example
{"ids": [IdString]}
DeleteSystemResult
Description
Delete system request output
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Result of the operation |
Example
{"resultStatus": ResultStatus}
DeleteTicketsInput
Description
Delete tickets.
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
IDs of the tickets to be deleted. |
Example
{"ids": [IdString]}
DeleteTicketsResult
Description
Returns the status results when deleting tickets.
Fields
| Field Name | Description |
|---|---|
ids - [ID!]
|
IDs of the deleted tickets. |
resultStatus - ResultStatus!
|
Status of request to delete tickets. |
Example
{"ids": [4], "resultStatus": ResultStatus}
DeleteUserTQLSearchInput
Description
Delete saved TQL queries
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
IDs of the queries to be deleted |
Example
{"ids": [IdString]}
DeleteUserTQLSearchResult
Description
Returns the status results when deleting TQL queries
Fields
| Field Name | Description |
|---|---|
ids - [ID!]
|
IDs of the deleted queries |
resultStatus - ResultStatus!
|
Status of request to delete queries |
Example
{
"ids": ["4"],
"resultStatus": ResultStatus
}
DeleteUspExceptionInput
Description
Delete one or more UspExceptions.
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
UspException IDs.
|
Example
{"ids": [IdString]}
DeleteUspExceptionResult
Description
Returns the status results when deleting UspExceptions.
Fields
| Field Name | Description |
|---|---|
ids - [ID!]
|
|
resultStatus - ResultStatus!
|
Status of request to delete UspExceptions. |
Example
{"ids": [4], "resultStatus": ResultStatus}
DeleteUspInput
Description
Delete one or multiple USPs.
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
USP IDs. |
Example
{"ids": [IdString]}
DeleteUspResult
Description
Returns the status results when deleting USPs.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of request to delete USPs. |
Example
{"resultStatus": ResultStatus}
Device
Description
A dependent device. Each device is assigned to a unique System device.
Fields
| Field Name | Description |
|---|---|
cannotHaveRules - Boolean
|
True indicates that the device has no rules Permission requires
|
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
comment - String
|
A text comment associated with this entity Permission requires |
device - BasicDevice
|
The device that this entity belongs to Permission requires |
deviceType - DeviceType
|
Type of this device |
displayName - String
|
Name of this device |
domain - Domain
|
The domains of the device |
domainDeviceConf - [DomainDeviceConf!]
|
List of device domain configurations which are excluded from violation calculations and protection mode Permission requires |
id - ID!
|
The internal unique identifier for this entity |
model - ModelName
|
Model of this device Permission requires |
modelDisplayName - String
|
Model name of this device Permission requires |
name - String
|
The name of the entity |
nameOnDevice - String
|
Context name of this device Permission requires |
parent - Device
|
Device or system parent device Permission requires |
root - Boolean
|
True indicates that this device is the topmost device in the hierarchy
|
swVersion - String
|
Software version of this device Permission requires |
system - BasicSystem
|
The system (root device) that this entity belongs to |
vendor - VendorName
|
Vendor type of this device |
vendorDisplayName - String
|
Vendor name of this device |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"cannotHaveRules": false,
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"deviceType": "CLOUD_VIRTUAL_NETWORK",
"displayName": "xyz789",
"domain": Domain,
"domainDeviceConf": [DomainDeviceConf],
"id": "4",
"model": "ACI",
"modelDisplayName": "abc123",
"name": "xyz789",
"nameOnDevice": "xyz789",
"parent": Device,
"root": true,
"swVersion": "abc123",
"system": BasicSystem,
"vendor": "AMAZON",
"vendorDisplayName": "xyz789",
"version": 987
}
DeviceQuery
Description
Query for Device objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of Device objects matching the specified filter. |
values - [Device!]!
|
A list of Device objects matching the specified filter. |
Example
{"count": {}, "values": [Device]}
DeviceStatus
Description
The progress status of the device version processing and calculations (IN_PROGRESS, COMPLETED, or ERROR).
Fields
| Field Name | Description |
|---|---|
apiV1DeviceId - String
|
The internal unique identifier of the device in the legacy API. |
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
device - Device
|
The device that the status applies to. Permission requires |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
This property is not supported. Permission requires |
versions - [VersionStatus!]
|
The versions of the changes on the device. Permission requires |
Example
{
"apiV1DeviceId": "abc123",
"changed": "2007-12-03T10:15:30Z",
"device": Device,
"id": 4,
"name": "xyz789",
"versions": [VersionStatus]
}
DeviceStatusQuery
Description
Query for DeviceStatus objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of DeviceStatus objects matching the specified filter. |
values - [DeviceStatus!]!
|
A list of DeviceStatus objects matching the specified filter. |
Example
{"count": {}, "values": [DeviceStatus]}
DeviceType
Description
Type of dependant device.
Values
| Enum Value | Description |
|---|---|
|
|
Public or private cloud virtual network. For example: Microsoft Azure public cloud virtual network. |
|
|
Cluster of devices |
|
|
Firewall |
|
|
Device of this type holds global firewall information, like global policy |
|
|
Virtual firewall managed by root management device |
|
|
Device manages other devices. |
|
|
Device that represents management domain or scope. |
|
|
Device that represents global domain or scope. |
|
|
Example
"CLOUD_VIRTUAL_NETWORK"
Direction
Description
Direction.
Values
| Enum Value | Description |
|---|---|
|
|
Inbound-Outbound direction. |
|
|
Inbound direction. |
|
|
Outbound direction. |
Example
"BOTH"
Domain
Example
{
"changed": "2007-12-03T10:15:30Z",
"default": true,
"id": "4",
"name": "abc123"
}
DomainDeviceConf
Description
List of device domain configurations which are excluded from violation calculations and protection mode
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
True indicates that the configuration applies to All Domain. False indicates that the configuration applies to a specific domain. Permission requires
|
enableProtectionModeChange - Boolean
|
Permission requires |
excludedForViolation - Boolean
|
True indicates that the application will not calculate security risks for this device Permission requires
|
protectionMode - ProtectionMode
|
Identifies how to select network zones available for checking security risks, whether the mode is Connected (the IP address is directly connected) or Routable (the connection is via route table) Permission requires |
Example
{
"appliedToAnyDomain": true,
"enableProtectionModeChange": true,
"excludedForViolation": false,
"protectionMode": "CONNECTED_ZONES"
}
DomainQuery
Description
Query for Domain objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of Domain objects matching the specified filter. |
values - [Domain!]!
|
A list of Domain objects matching the specified filter. |
Example
{"count": {}, "values": [Domain]}
EmailAddress
Description
An email address
Example
"[email protected]"
EntityChange
Description
The entity change
Fields
| Field Name | Description |
|---|---|
changeDetails - ChangeDetails!
|
The details of the change |
changeType - ChangeType
|
The type of change. Possible values: added, removed or modified |
changedEntity - EntityData!
|
Details of the changed entity |
relationContext - String!
|
The field name or type of component that has changed. Possible values include: source, member, comment |
Example
{
"changeDetails": ChangeDetails,
"changeType": "ADDED",
"changedEntity": EntityData,
"relationContext": "xyz789"
}
EntityChangesInput
Description
The input of the query
Fields
| Input Field | Description |
|---|---|
endVersion - Long!
|
The version to compare with its previous version |
entityId - IdString!
|
The ID of the entity to which the related changes apply |
first - Int
|
The maximum number of changed entities to return. The default is 500 |
versionEntityType - VersionEntityType
|
Example
{
"endVersion": {},
"entityId": IdString,
"first": 123,
"versionEntityType": "RULE"
}
EntityChangesQuery
Description
Return a list of changes related to an entity
Fields
| Field Name | Description |
|---|---|
changes - [EntityChange!]!
|
List of changes |
hasMoreResults - Boolean!
|
More results exist than the value defined in first |
resultStatus - ResultStatus!
|
Status of the request |
Example
{
"changes": [EntityChange],
"hasMoreResults": false,
"resultStatus": ResultStatus
}
EntityData
Description
The data of the entity
Example
{
"displayName": "abc123",
"id": "4",
"overriddenId": "4",
"overriding": true,
"type": "abc123"
}
EntityVersion
Description
Version information for entity
Fields
| Field Name | Description |
|---|---|
apiV1RevisionDeviceId - ID
|
The deviceId of the reported revision (in some cases same revision reported on different devices in hierarchy) |
apiV1RevisionNumber - Long
|
The internal unique identifier of the revision in the legacy APIs |
changedBy - [String!]
|
List of users who caused the change |
changedOnTimestamp - Long
|
The UTC timestamp the entity was last changed |
deviceId - ID!
|
The device ID |
entityId - ID!
|
The ID of the entity that was changed in the related versions |
receivedOnTimestamp - Long!
|
The UTC timestamp the entity was received on |
versionId - Long!
|
The version ID |
Example
{
"apiV1RevisionDeviceId": 4,
"apiV1RevisionNumber": {},
"changedBy": ["xyz789"],
"changedOnTimestamp": {},
"deviceId": "4",
"entityId": 4,
"receivedOnTimestamp": {},
"versionId": {}
}
EntityVersionsInput
Description
The EntityVersionsInput displays all versions for a specific entity
Fields
| Input Field | Description |
|---|---|
endDate - DateTime
|
Result will contain versions with |
entityId - IdString!
|
The ID of the entity that was changed in the related versions |
startDate - DateTime
|
Result will contain versions with |
versionEntityType - VersionEntityType
|
Specific entity type. If no type is explicitly set, the default type is RULE. |
Example
{
"endDate": "2007-12-03T10:15:30Z",
"entityId": IdString,
"startDate": "2007-12-03T10:15:30Z",
"versionEntityType": "RULE"
}
EntityVersionsQuery
Description
Return the query status and all versions for entity ID
Fields
| Field Name | Description |
|---|---|
count - Long
|
The total count of versions for entity ID |
resultStatus - ResultStatus!
|
Status of the request |
values - [EntityVersion!]!
|
All versions for entity ID |
Arguments |
|
Example
{
"count": {},
"resultStatus": ResultStatus,
"values": [EntityVersion]
}
Error
ErrorType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CLASS_A_IN_TOPOLOGY"
FlowRestrictionType
Description
The required format of the source and the destination in a rule.
Values
| Enum Value | Description |
|---|---|
|
|
Rule requirement that both the source and destination are defined by host objects. |
|
|
Rule requirement that the source of the traffic flow is defined by host and the destination is defined by subnet objects. |
|
|
Rule requirement that the source of the traffic flow is defined by subnet objects and the destination is defined by host. |
Example
"HOST_TO_HOST"
FlowUspRestriction
Description
A condition that defines the allowed flow type from one SecureTrack network zone to another (Host to Host, Subnet to Host, or Host to Subnet).
Fields
| Field Name | Description |
|---|---|
flowType - FlowRestrictionType
|
The flow type. |
restrictionType - RestrictionType
|
Restriction type. |
Example
{"flowType": "HOST_TO_HOST", "restrictionType": "DESTINATION_IPS_MAX_COUNT"}
FlowUspRestrictionInput
Description
Flow USP restriction.
Fields
| Input Field | Description |
|---|---|
flowType - FlowRestrictionType!
|
Flow type (FlowRestrictionType). |
Example
{"flowType": "HOST_TO_HOST"}
Fqdn
Description
Fully qualified domain name. Identifier that fully identifies the resource
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
domainAddress - String
|
Fully qualified domain name |
id - ID!
|
The internal unique identifier for this entity |
ipAddresses - [IpAddress!]
|
List of IP addresses |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"domainAddress": "abc123",
"id": "4",
"ipAddresses": [IpAddress],
"name": "xyz789",
"system": BasicSystem,
"version": 987
}
FreeText
Description
Free text
Example
FreeText
Group
Description
Network objects group. Contains other network objects
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
exclusionMembers - [GroupMember!]
|
Network objects that must be excluded from this group. For example: particular network objects in included sub-network. |
groupType - GroupType!
|
Group type. For example: NETWORK_WITH_EXCLUSION. See GroupType definition |
id - ID!
|
The internal unique identifier for this entity |
members - [GroupMember!]
|
Network objects that are direct members of this group |
membersPredefinedValue - NetworkPredefinedValue
|
Members of type "Any" |
membershipCriteria - String
|
The matching criteria of a Security Group can be a security tag, and a workload that is tagged can be automatically placed into a Security Group |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"exclusionMembers": [AccessRole],
"groupType": "APPLICATION",
"id": 4,
"members": [AccessRole],
"membersPredefinedValue": "ANY_IPV4_NETWORK",
"membershipCriteria": "abc123",
"name": "abc123",
"system": BasicSystem,
"version": 123
}
GroupMember
Example
AccessRole
GroupType
Description
Network objects group type.
Values
| Enum Value | Description |
|---|---|
|
|
The group containing network applications. |
|
|
A dynamic address group uses tags as a filtering criteria to determine its members. |
|
|
The group containing locations. |
|
|
The group containing vendor specific objects. For example: network interface cards (NIC). |
|
|
The group containing networks. |
|
|
The group containing networks with exclusions. |
|
|
The group containing security profiles. |
|
|
The group containing TCP/IP services. |
|
|
The group containing users. |
|
|
Example
"APPLICATION"
HasIP
Description
An object that has an IP address field.
Example
{"ip": "xyz789", "ipType": "IPV4"}
Host
Description
Computer or other device connected to a computer network.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
ip - String
|
The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291). |
ipAddresses - [IpAddress!]
|
List of additional IP addresses |
ipType - IpType
|
The IP address this host has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"id": "4",
"ip": "xyz789",
"ipAddresses": [IpAddress],
"ipType": "IPV4",
"name": "abc123",
"system": BasicSystem,
"version": 987
}
ID
Description
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
"4"
IcmpService
Description
ICMP service
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
icmpCode - Int
|
ICMP code number for a particular ICMP type |
id - ID!
|
The internal unique identifier for this entity |
maxIcmpType - Int
|
The last ICMP type number in range, including |
minIcmpType - Int
|
The first ICMP type number in range, including |
name - String
|
The name of the entity |
negated - Boolean
|
Rule will use all ICMP types, except specified in minIcmpType and maxIcmpType in case this value is true |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"icmpCode": 123,
"id": "4",
"maxIcmpType": 987,
"minIcmpType": 123,
"name": "xyz789",
"negated": false,
"system": BasicSystem,
"version": 123
}
IdString
Description
ID type
Example
IdString
InstallationTargetPredefinedValue
Description
Predefined values for installation target of type Any
Values
| Enum Value | Description |
|---|---|
|
|
Any installation target |
Example
"ANY_IT"
Int
Description
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
987
Interface
Description
The Interface entity shows the current configuration of an interface and the information received from the device.
Fields
| Field Name | Description |
|---|---|
autoMappingDirectlyConnectedZones - [SecurityZone!]
|
List of SecureTrack network zone IDs that are directly connected to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires |
autoMappingRouteableZones - [SecurityZone!]
|
List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were calculated automatically by SecureTrack and includes both specific domains and All Domains. Permission requires |
changed - DateTime
|
The time and date the interface was last changed. Permission requires |
comment - String
|
This property is not supported. Permission requires |
device - BasicDevice
|
The Device ID that the interface is connected to. Interfaces are only associated with gateways. Permission requires |
id - ID!
|
The interface ID. |
ipAddresses - [IpAddress!]
|
The IP addresses of the interface. Permission requires |
manualAddedDirectlyConnectedZones - [SecurityZone!]
|
List of SecureTrack network zone IDs that are directly connected to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires |
manualAddedRouteableZones - [SecurityZone!]
|
List of SecureTrack network zone IDs that are connected through a route to the interface. These zones were added manually and includes both specific domains and All Domains. Permission requires |
manualExcludedDirectlyConnectedZones - [SecurityZone!]
|
List of SecureTrack network zone IDs that are directly connected to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires |
manualExcludedRouteableZones - [SecurityZone!]
|
List of SecureTrack network zone IDs that are connected through a route to the interface and were manually excluded and includes both specific domains and All Domains. Permission requires |
name - String
|
The interface name. |
system - BasicSystem
|
The system ID that the interface is related to. Permission requires |
version - Int!
|
The last version ID that was received for the interface. |
zone - Zone
|
The ID of the SecureTrack network zone that the interface is associated with. Permission requires |
Example
{
"autoMappingDirectlyConnectedZones": [SecurityZone],
"autoMappingRouteableZones": [SecurityZone],
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"ipAddresses": [IpAddress],
"manualAddedDirectlyConnectedZones": [SecurityZone],
"manualAddedRouteableZones": [SecurityZone],
"manualExcludedDirectlyConnectedZones": [SecurityZone],
"manualExcludedRouteableZones": [SecurityZone],
"name": "xyz789",
"system": BasicSystem,
"version": 987,
"zone": Zone
}
InterfaceQuery
Description
Query for Interface objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of Interface objects matching the specified filter. |
values - [Interface!]!
|
A list of Interface objects matching the specified filter. |
Example
{"count": {}, "values": [Interface]}
InternetService
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"id": 4,
"name": "xyz789",
"system": BasicSystem,
"version": 123
}
InvalidRule
Description
Rule that is invalid for creating a ticket
Fields
| Field Name | Description |
|---|---|
reason - CreateDraftInvalidRuleReason!
|
The reason that the rule is invalid |
ruleUid - ID
|
The rule UID |
Example
{
"reason": "DEVICE_NO_USER_PERMISSIONS_SC",
"ruleUid": "4"
}
IpAddress
Description
IP address
Fields
| Field Name | Description |
|---|---|
ip - String
|
IP address |
ipType - IpType
|
The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
precedence - Precedence
|
IP address placement definition |
subnetMask - String
|
Sub-network mask |
visibility - Visibility
|
IP address visibility definition |
Example
{
"ip": "abc123",
"ipType": "IPV4",
"precedence": "SECONDARY",
"subnetMask": "abc123",
"visibility": "PUBLIC"
}
IpAddressString
IpRange
Description
Set of IP addresses defined by first and last IP address.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
ipType - IpType
|
The IP addresses this range has can be of different types (e.g. IPv4, IPv6). This field specifies which type they are. |
maxIp - String
|
The last IP address, including. |
minIp - String
|
The first IP address, including. |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": 4,
"ipType": "IPV4",
"maxIp": "abc123",
"minIp": "abc123",
"name": "xyz789",
"system": BasicSystem,
"version": 987
}
IpService
Description
TCP/IP service
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
maxProtocol - Int
|
The last protocol number in range, including |
minProtocol - Int
|
The first protocol number in range, including |
name - String
|
The name of the entity |
negated - Boolean
|
Rule will use all service protocols, except specified in minProtocol and maxProtocol in case this value is true |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"maxProtocol": 987,
"minProtocol": 987,
"name": "xyz789",
"negated": false,
"system": BasicSystem,
"version": 123
}
IpType
Description
The IP type.
Values
| Enum Value | Description |
|---|---|
|
|
IPv4 IP type. |
|
|
Either IPv4 or IPv6. |
|
|
IPv6 IP type. |
|
|
Neither IPV4 nor IPV6 |
Example
"IPV4"
LdapUser
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
dn - String
|
LDAP user identifier |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"dn": "abc123",
"id": "4",
"name": "xyz789",
"system": BasicSystem,
"version": 987
}
LocalUser
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"id": 4,
"name": "abc123",
"system": BasicSystem,
"version": 987
}
Location
Description
Locations identify the various networks from which your organization sends its internet traffic. When an organization forwards its traffic to the Zscaler service through a GRE or IPSec tunnel, Zscaler provisions your organization's IP addresses, which you then add as locations in the ZIA Admin Portal.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
ipAddresses - [IpAddress!]
|
List of IP addresses |
name - String
|
The name of the entity |
ports - [Int!]
|
Proxy ports |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"ipAddresses": [IpAddress],
"name": "abc123",
"ports": [987],
"system": BasicSystem,
"version": 123
}
LogProfile
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"name": "xyz789",
"system": BasicSystem,
"version": 123
}
Long
Description
Long type
Example
{}
ModelName
Description
Device model name.
Values
| Enum Value | Description |
|---|---|
|
|
Cisco ACI |
|
|
Cisco ACI Tenant |
|
|
Cisco ASA |
|
|
Amazon AWS public cloud management, contains account information |
|
|
Amazon AWS public cloud "virtual public cloud" |
|
|
Microsoft Azure public cloud management, contains account information |
|
|
|
|
|
|
|
|
|
|
|
Microsoft Azure public cloud virtual network |
|
|
Check Point CMA. |
|
|
Cisco Firepower Managemet Center |
|
|
Fortinet firewall |
|
|
Fortinet management device |
|
|
|
|
|
GCP Project management, contains project information |
|
|
GCP virtual private cloud |
|
|
|
|
|
Check Point MDS |
|
|
Cisco Meraki Account |
|
|
Cisco Meraki Network |
|
|
Cisco Meraki Organization |
|
|
Mx |
|
|
Netscreen |
|
|
Cisco Nexus |
|
|
Palo Alto management device |
|
|
Palo Alto Firewall |
|
|
Cisco router |
|
|
Check Point Smart center |
|
|
|
|
|
Srx |
|
|
|
|
|
Unknown, not supported, device. |
|
|
VMware cloud on AWS |
|
|
VMware NSX distributed firewall |
|
|
VMware NSX Edge |
|
|
VMware NSX management |
|
|
Zscaler Internet Access |
Example
"ACI"
ModifiedRule
NIC
Description
The emulation of a physical network adapter (NIC)
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
ipAddresses - [IpAddress!]
|
List of IP addresses |
name - String
|
The name of the entity |
subnet - Subnet
|
Sub-network that this NIC belongs to |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": 4,
"ipAddresses": [IpAddress],
"name": "abc123",
"subnet": Subnet,
"system": BasicSystem,
"version": 987
}
Name
Description
An entity name
Example
Name
Negatable
Fields
| Field Name | Description |
|---|---|
negated - Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
Possible Types
| Negatable Types |
|---|
Example
{"negated": false}
NetworkObject
Description
Device network object
Types
| Union Types |
|---|
Example
AccessRole
NetworkObjectQuery
Description
Query for NetworkObject objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of NetworkObject objects matching the specified filter. |
values - [NetworkObject!]!
|
A list of NetworkObject objects matching the specified filter. |
Example
{"count": {}, "values": [AccessRole]}
NetworkObjectTraffic
NetworkObjectTrafficInput
Description
Represents a traffic network object. Can contain any one of the following: ip, microSegmentName or urlCategory.
Fields
| Input Field | Description |
|---|---|
ip - IpAddressString
|
Represents ip address of traffic network object. |
microSegmentedName - FreeText
|
Represents a security group name. |
urlCategory - UrlCategoryInput
|
Represents a URL category. |
Example
{
"ip": IpAddressString,
"microSegmentedName": FreeText,
"urlCategory": UrlCategoryInput
}
NetworkPredefinedValue
Description
Definition for network of type Any.
Values
| Enum Value | Description |
|---|---|
|
|
Any IPv4 network. |
|
|
Any IPv6 network. |
|
|
Any IPv4 or IPv6 network. |
Example
"ANY_IPV4_NETWORK"
Node
Description
An API entity. This interface carries the most basic information about an entity.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
Possible Types
| Node Types |
|---|
Example
{
"changed": "2007-12-03T10:15:30Z",
"id": 4,
"name": "xyz789"
}
OPMAgent
Description
Open policy management (OPM) agent definition Permission requires
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
opmAgentId - String
|
OPM agent ID |
systemProperties - [SystemProperties!]
|
System specific text fields |
vendor - VendorName
|
Vendor type of this device |
vendorDisplayName - String
|
Vendor name of this device |
Example
{
"changed": "2007-12-03T10:15:30Z",
"id": "4",
"name": "abc123",
"opmAgentId": "abc123",
"systemProperties": [SystemProperties],
"vendor": "AMAZON",
"vendorDisplayName": "abc123"
}
OPMAgentQuery
Description
Query for OPMAgent objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of OPMAgent objects matching the specified filter. |
values - [OPMAgent!]!
|
A list of OPMAgent objects matching the specified filter. |
Example
{"count": {}, "values": [OPMAgent]}
OntologicalBaseEntity
Description
A base interface shared by all entities that are reported as part of a device's configuration
Fields
| Field Name | Description |
|---|---|
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Possible Types
| OntologicalBaseEntity Types |
|---|
Example
{
"comment": "xyz789",
"device": BasicDevice,
"id": 4,
"name": "xyz789",
"system": BasicSystem,
"version": 123
}
OrderDirection
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ASC"
OtherObject
Description
Network object that does not have TOS known type.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
objectType - String
|
Custom type textual representation. |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"name": "abc123",
"objectType": "abc123",
"system": BasicSystem,
"version": 123
}
OtherService
Description
Service that does not have TOS known type
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
serviceType - String
|
Custom type textual representation |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"name": "abc123",
"serviceType": "xyz789",
"system": BasicSystem,
"version": 987
}
Permission
PermissivenessScoreLevel
Description
Permissiveness level of rule's data.
Values
| Enum Value | Description |
|---|---|
|
|
High permissiveness level. Rule allows access for too much network traffic. |
|
|
Low permissiveness level. Rule allows very small network traffic. |
|
|
Medium permissiveness level. Rule allows not much network traffic. |
Example
"HIGH"
Precedence
Description
Placement definition
Values
| Enum Value | Description |
|---|---|
|
|
Secondary IP address |
Example
"SECONDARY"
PredefinedUspType
Description
The set of predefined templates of USP definitions. Each predefined template type is aimed at a different compliance setting and defines a different set of zone roles.
Values
| Enum Value | Description |
|---|---|
|
|
Defines the following zones:
|
|
|
Defines the following zones:
|
|
|
Information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Provides best practice recommendations on information security management?the management of information risks through information security controls. Defines the following zones:
|
|
|
The NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) version 5 standards are designed to secure the assets required for operating North America?s Bulk Electric System (BES). Defines the following zones:
|
|
|
|
|
|
The Payment Card Industry Data Security Standard (PCI DSS). An information security standard for organizations that handle credit cards from the major card schemes. Defines the following zones:
|
Example
"ADVANCED_BEST_PRACTICES"
ProgressStatus
Description
Progress status
Values
| Enum Value | Description |
|---|---|
|
|
Completed |
|
|
Error |
|
|
In progress |
Example
"COMPLETED"
PropertyUspRestriction
Description
A condition that defines rules related properties of RestrictionTypes:
- MANDATORY_COMMENT
- MANDATORY_LOG
- LAST_HIT_MAX_VAL
- SOURCE_IPS_MAX_COUNT
- DESTINATION_IPS_MAX_COUNT
- SERVICES_MAX_COUNT
- EXPLICIT_SOURCE
- EXPLICIT_DESTINATION
- EXPLICIT_SERVICE
Fields
| Field Name | Description |
|---|---|
restrictionType - RestrictionType
|
Restriction type. |
value - Int
|
A field that defines numeric related properties, of
|
Example
{"restrictionType": "DESTINATION_IPS_MAX_COUNT", "value": 123}
PropertyUspRestrictionInput
Description
Property USP restriction (PropertyUspRestriction).
Fields
| Input Field | Description |
|---|---|
value - Int
|
The numeric related property. |
Example
{"value": 123}
ProtectionMode
Description
Describes how to select network zones available for checking security risks.
Values
| Enum Value | Description |
|---|---|
|
|
Violation will be calculated on zones that are directly connected to the interface |
|
|
Violation will be calculated on zones that have routes through the interface. |
Example
"CONNECTED_ZONES"
RemoveSecurityZonesFromUspInput
Description
Removes one or more SecureTrack network zones from an existing USP.
Fields
| Input Field | Description |
|---|---|
securityZonesIds - [IdString!]!
|
SecureTrack network zones IDs to be added. |
uspId - IdString!
|
USP ID to remove zones from. |
Example
{
"securityZonesIds": [IdString],
"uspId": IdString
}
RemoveSecurityZonesFromUspResult
Description
Returns the status results when removing SecureTrack network zones from an existing USP.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of request to remove SecureTrack network zones from an existing USP. |
Example
{"resultStatus": ResultStatus}
RestrictionType
Description
Enumeration of valid restriction types.
Values
| Enum Value | Description |
|---|---|
|
|
Maximum number of IP address allowed in the destination. |
|
|
Rules must have an explicit destination, not the ANY value. |
|
|
Rules must have an explicit service, not the ANY value. |
|
|
Rules must have an explicit source, not the ANY value. |
|
|
The required format of the source and the destination in a rule (HOST_TO_HOST, SUBNET_TO_HOST, or HOST_TO_SUBNET). |
|
|
Maximum number of days in which the rule must have had a hit. |
|
|
Rules must have text in the comment field. |
|
|
Rules must be configured to create log entries. |
|
|
Maximum number of services allowed. |
|
|
Maximum number of IP address allowed in the source. |
|
|
Traffic access permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all). |
Example
"DESTINATION_IPS_MAX_COUNT"
Result
Description
A type representing a result. This is the generic interface, specific calls may override this type with more specific result.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
The result status of the request. |
Possible Types
| Result Types |
|---|
Example
{"resultStatus": ResultStatus}
ResultStatus
Description
Status result of the operation.
Example
{
"errorMessage": "xyz789",
"errors": [Error],
"successful": false
}
RiskAnalysisFlowsViolationData
Description
Information regarding violations of type Flow.
Fields
| Field Name | Description |
|---|---|
flowUspRestriction - FlowUspRestriction
|
FlowUspRestriction that was violated by the access request.
|
violatedFlowType - FlowRestrictionType
|
The flow restriction type FlowRestrictionType that was violated by the access request. |
violatingDestPredefinedValue - NetworkPredefinedValue
|
The violating NetworkPredefinedValue of the access request's destination. |
violatingDestinationNetworkObjects - [RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that represent the violating objects in the access request's destination. |
violatingSourceNetworkObjects - [RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that represent the violating objects in the access request's source. |
violatingSourcePredefinedValue - NetworkPredefinedValue
|
The violating NetworkPredefinedValue of the access request's source. |
Example
{
"flowUspRestriction": FlowUspRestriction,
"violatedFlowType": "HOST_TO_HOST",
"violatingDestPredefinedValue": "ANY_IPV4_NETWORK",
"violatingDestinationNetworkObjects": [
RiskAnalysisNetworkObject
],
"violatingSourceNetworkObjects": [
RiskAnalysisNetworkObject
],
"violatingSourcePredefinedValue": "ANY_IPV4_NETWORK"
}
RiskAnalysisMutation
Description
The RiskAnalysisMutation entity enables to create a task of AccessRequests for risk calculation.
Fields
| Field Name | Description |
|---|---|
createUspRiskAnalysisTask - CreateUspRiskAnalysisTaskResult!
|
Create a UspRiskAnalysisTask. |
Arguments
|
|
Example
{
"createUspRiskAnalysisTask": CreateUspRiskAnalysisTaskResult
}
RiskAnalysisNetworkObject
Description
A violating network object entity, in a defined SecureTrack zone.
Fields
| Field Name | Description |
|---|---|
networkObjectTraffic - NetworkObjectTraffic
|
The raw traffic representation of the violating network object. |
zone - SecurityZone
|
The SecureTrack zone that violates the network object traffic. |
Example
{
"networkObjectTraffic": NetworkObjectTraffic,
"zone": SecurityZone
}
RiskAnalysisTrafficViolationData
Description
Information regarding violations of type Traffic.
Fields
| Field Name | Description |
|---|---|
trafficUspRestriction - TrafficUspRestriction
|
TrafficUspRestriction that was violated by the access request.
|
violatedApplicationPredefinedValue - ApplicationPredefinedValue
|
The violating ApplicationPredefinedValue of the access request's applications. |
violatedServicePredefinedValue - ServicePredefinedValue
|
The violating ServicePredefinedValue of the access request's service. |
violatingApplications - [String!]
|
List of application names that represent the violating applications in the access request. |
violatingServices - [String!]
|
List of services expressions that represent the violating services in the access request. |
Example
{
"trafficUspRestriction": TrafficUspRestriction,
"violatedApplicationPredefinedValue": "ANY_APPLICATION",
"violatedServicePredefinedValue": "ANY_IPV4_SERVICE",
"violatingApplications": ["xyz789"],
"violatingServices": ["abc123"]
}
RiskAnalysisViolation
Description
The RiskAnalysisViolation entity represents information regarding violations of an access request. Permission requires
Fields
| Field Name | Description |
|---|---|
accessRequestId - String
|
Access request ID. |
changed - DateTime
|
The date that the RiskAnalysisViolation entity was last changed. |
creationDate - DateTime
|
Creation date of the violation. |
exceptions - [BasicUspExceptionInfoForRiskAnalysis!]
|
Exceptions IDs that were applied to the violation. |
flowViolationData - RiskAnalysisFlowsViolationData
|
The flow violation RiskAnalysisFlowsViolationData. |
fromZoneMatchingObjects - [RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that are matching the from-zone of the ZoneToZoneMatcher. Set in case the access request sources are specific (matchingSourcePredefinedValue not set). |
id - ID!
|
Violation ID. |
matchingDestinationPredefinedValue - NetworkPredefinedValue
|
Set in case the access request destination is a predefined value of NetworkPredefinedValue. |
matchingSourcePredefinedValue - NetworkPredefinedValue
|
Set in case the access request source is a predefined value of NetworkPredefinedValue. |
name - String
|
This property is not supported. |
requirement - UspRequirement
|
Violated UspRequirement. |
severity - ViolationSeverity
|
Severity of the violation. |
toZoneMatchingObjects - [RiskAnalysisNetworkObject!]
|
List of NetworkObjectTraffic that are matching the to-zone of the ZoneToZoneMatcher. Set in case the access request destinations are specific (matchingDestinationePredefinedValue not set). |
trafficViolationData - RiskAnalysisTrafficViolationData
|
The traffic violation RiskAnalysisTrafficViolationData. |
usp - BasicUspInfoForRiskAnalysis
|
Violated USP. |
zoneToZoneUspRequirementMatcher - ZoneToZoneUspRequirementMatcher
|
Violated from zone - to zone ZoneToZoneMatcher. |
Example
{
"accessRequestId": "xyz789",
"changed": "2007-12-03T10:15:30Z",
"creationDate": "2007-12-03T10:15:30Z",
"exceptions": [BasicUspExceptionInfoForRiskAnalysis],
"flowViolationData": RiskAnalysisFlowsViolationData,
"fromZoneMatchingObjects": [RiskAnalysisNetworkObject],
"id": 4,
"matchingDestinationPredefinedValue": "ANY_IPV4_NETWORK",
"matchingSourcePredefinedValue": "ANY_IPV4_NETWORK",
"name": "abc123",
"requirement": UspRequirement,
"severity": "CRITICAL",
"toZoneMatchingObjects": [RiskAnalysisNetworkObject],
"trafficViolationData": RiskAnalysisTrafficViolationData,
"usp": BasicUspInfoForRiskAnalysis,
"zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}
Rule
Description
A rule in a security policy
Fields
| Field Name | Description |
|---|---|
action - RuleActionType
|
Action that will be performed by firewall if network traffic matches this rule |
actionDisplayName - String
|
Action name |
application - RuleApplicationTraffic
|
Definition of the network applications |
applicationsUsage - [ApplicationUsage!]
|
Last time traffic was recorded for a specific application on this rule |
appliedTo - [String!]
|
Devices that the rule is installed on |
appliedToObjects - RuleAppliedToObjects
|
Network objects that this rule is applied to |
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
destination - RuleNetworkTraffic
|
Definition of the destination network objects |
destinationZone - RuleZoneTraffic
|
Definition of the destination network zones |
device - BasicDevice
|
The device that this entity belongs to |
direction - Direction
|
Direction of this rule (inbound or outbound) |
disabled - Boolean
|
True indicates that this rule is disabled on the device |
exceptions - [BasicRuleUspExceptionInfo!]
|
|
goToTarget - SecurityPolicy
|
Target security policy for GOTO rule action |
id - ID!
|
The internal unique identifier for this entity |
idOnDevice - String
|
Device specific rule identifier. Usually identifies the rule order in the security policy. |
installedOn - RuleInstallationTargetTraffic
|
Devices that the rule is installed on |
isExemptedFromUsp - Boolean
|
True indicates that the rule will be excluded from violation calculations |
location - String
|
The level of the rule within the rule hierarchy |
logging - RuleLogging
|
Rule logging definition |
name - String
|
The name of the entity |
permissivenessLevel - PermissivenessScoreLevel
|
The permissiveness level (high/medium/low). The permissiveness level is an indication of how widely a rule is defined. Rules with high permissiveness can be a security risk because they allow too much access through the firewall. For example:
|
policy - SecurityPolicy
|
The security policy the rule belongs to |
policyIndex - Int
|
|
priority - Int
|
|
ruleTypeName - String
|
|
ruleUsageStatus - RuleUsageStatus
|
Status of last hit check |
ruleUserData - RuleUserData
|
Additional information such as a description that can be customized by administrators |
sectionGroup - String
|
|
sectionTitle - String
|
Title of the section that rule belongs to |
securityProfiles - [SecurityProfileValue!]
|
List of security profiles |
service - RuleServiceTraffic
|
Definition of the network service objects |
shadowed - ShadowedStatus
|
Indicates whether the rule is shadowed by a previous rule which handles traffic before it gets to this rule, This may indicate that the rule is redundant. |
source - RuleNetworkTraffic
|
Definition of the source network objects |
sourceZone - RuleZoneTraffic
|
Definition of the source network zones |
system - BasicSystem
|
The system (root device) that this entity belongs to |
tags - [String!]
|
List of tags |
time - RuleTimeTraffic
|
Time and date that the rule is scheduled |
timeLastHit - DateTime
|
The last time traffic that passed through the device matched either the rule, user, or application identity details |
timeLastModified - DateTime
|
The most recent time that this rule was directly modified or there was a change in a related object which impacted the rule |
urlCategory - RuleUrlCategory
|
The category of the URL as determined by the device |
user - RuleUserTraffic
|
Definition of the network user objects |
usersUsage - [UserUsage!]
|
Last time traffic was recorded for a specific user on this rule |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
violationHighestSeverity - ViolationSeverity
|
Maximum security risk severity |
violations - [RuleViolation!]
|
A list of all security risks found in this rule |
vpn - RuleVpnTraffic
|
Definition of the VPN communities. A VPN community is a collection of VPN enabled gateways capable of communicating via VPN tunnels. |
zonesRelation - ZonesRelation
|
Zone relation definition on the device |
expirationDate - DateTime
|
|
Example
{
"action": "ALLOW",
"actionDisplayName": "xyz789",
"application": RuleApplicationTraffic,
"applicationsUsage": [ApplicationUsage],
"appliedTo": ["xyz789"],
"appliedToObjects": RuleAppliedToObjects,
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"destination": RuleNetworkTraffic,
"destinationZone": RuleZoneTraffic,
"device": BasicDevice,
"direction": "BOTH",
"disabled": true,
"exceptions": [BasicRuleUspExceptionInfo],
"goToTarget": SecurityPolicy,
"id": "4",
"idOnDevice": "abc123",
"installedOn": RuleInstallationTargetTraffic,
"isExemptedFromUsp": false,
"location": "abc123",
"logging": RuleLogging,
"name": "abc123",
"permissivenessLevel": "HIGH",
"policy": SecurityPolicy,
"policyIndex": 123,
"priority": 987,
"ruleTypeName": "abc123",
"ruleUsageStatus": "RULE_LAST_HIT_ERROR",
"ruleUserData": RuleUserData,
"sectionGroup": "xyz789",
"sectionTitle": "xyz789",
"securityProfiles": [Group],
"service": RuleServiceTraffic,
"shadowed": "FULLY_SHADOWED",
"source": RuleNetworkTraffic,
"sourceZone": RuleZoneTraffic,
"system": BasicSystem,
"tags": ["abc123"],
"time": RuleTimeTraffic,
"timeLastHit": "2007-12-03T10:15:30Z",
"timeLastModified": "2007-12-03T10:15:30Z",
"urlCategory": RuleUrlCategory,
"user": RuleUserTraffic,
"usersUsage": [UserUsage],
"version": 123,
"violationHighestSeverity": "CRITICAL",
"violations": [RuleViolation],
"vpn": RuleVpnTraffic,
"zonesRelation": "INTERZONE",
"expirationDate": "2007-12-03T10:15:30Z"
}
RuleActionType
Description
Type of action that will be performed by firewall if network traffic matches this rule
Values
| Enum Value | Description |
|---|---|
|
|
Traffic specified by the rule will be allowed |
|
|
|
|
|
Traffic specified by the rule will not be allowed |
|
|
Traffic specified by the rule must be checked by other policy. See goToTarget parameter in Rule
|
|
|
This usages is just a fallback for not supported data |
Example
"ALLOW"
RuleApplicationTraffic
Fields
| Field Name | Description |
|---|---|
negated - Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue - ApplicationPredefinedValue
|
Predefined value for Any application |
typeDisplay - String
|
RuleApplicationTraffic will always be of type "Application"
|
values - [RuleApplicationValue!]
|
List of network applications |
Example
{
"negated": true,
"predefinedValue": "ANY_APPLICATION",
"typeDisplay": "abc123",
"values": [Application]
}
RuleApplicationValue
Types
| Union Types |
|---|
Example
Application
RuleAppliedToObjects
Description
"Applied to objects" definition for rule
Fields
| Field Name | Description |
|---|---|
predefinedValue - AppliedToObjectsPredefinedValue
|
Value for predefined type (Any or No object) |
typeDisplay - String
|
RuleAppliedToObjects will always be of type "Applied to objects"
|
values - [NetworkObject!]
|
List of device network objects |
Example
{
"predefinedValue": "ANY",
"typeDisplay": "abc123",
"values": [AccessRole]
}
RuleExceptionConditionInput
Description
Condition on Rules
Fields
| Input Field | Description |
|---|---|
rules - [IdString!]!
|
List of Rule's ID. |
Example
{"rules": [IdString]}
RuleFlowsViolationData
Description
The RuleFlowsViolationData entity holds data of the flows that are being violated by the rule
Fields
| Field Name | Description |
|---|---|
flowRestriction - FlowUspRestriction
|
The FlowUspRestriction that was violated by this rule |
negatedViolatingDestination - Boolean
|
True if violatingDestinationNetworkObjects is a negated value |
negatedViolatingSource - Boolean
|
True if violatingSourceNetworkObjects is a negated value |
violatedFlowType - FlowRestrictionType
|
The FlowRestrictionType that was violated by this rule |
violatingDestPredefinedValue - NetworkPredefinedValue
|
The NetworkPredefinedValue of the destinationNetworkObjects that are violated by the rule |
violatingDestinationNetworkObjects - [NetworkObject!]
|
The destination NetworkObjects that are violated by the rule |
violatingSourceNetworkObjects - [NetworkObject!]
|
The source NetworkObjects that are violated by the rule |
violatingSourcePredefinedValue - NetworkPredefinedValue
|
The NetworkPredefinedValue of the source NetworkObjects that are violated by the rule |
Example
{
"flowRestriction": FlowUspRestriction,
"negatedViolatingDestination": false,
"negatedViolatingSource": true,
"violatedFlowType": "HOST_TO_HOST",
"violatingDestPredefinedValue": "ANY_IPV4_NETWORK",
"violatingDestinationNetworkObjects": [AccessRole],
"violatingSourceNetworkObjects": [AccessRole],
"violatingSourcePredefinedValue": "ANY_IPV4_NETWORK"
}
RuleInstallationTargetTraffic
Description
Installation targets definition for rule
Fields
| Field Name | Description |
|---|---|
predefinedValue - InstallationTargetPredefinedValue
|
Value for installation target of type Any |
typeDisplay - String
|
RuleInstallationTargetTraffic will always be of type "Install On"
|
values - [NetworkObject!]
|
List of device network objects |
Example
{
"predefinedValue": "ANY_IT",
"typeDisplay": "xyz789",
"values": [AccessRole]
}
RuleLogging
Description
Rule logging definition
Fields
| Field Name | Description |
|---|---|
logProfile - LogProfile
|
Logging profile name |
logged - Boolean
|
If true, the rule logged on device |
timing - RuleLoggingTiming
|
Specify when rule logging should start |
trackInterval - Int
|
Interval (vendor specific) |
trackLevel - RuleTrackLevel
|
Rule logging track level |
Example
{
"logProfile": LogProfile,
"logged": true,
"timing": "BOTH_START_AND_END",
"trackInterval": 123,
"trackLevel": "ACCOUNT"
}
RuleLoggingTiming
Description
Specify when rule logging should start
Values
| Enum Value | Description |
|---|---|
|
|
Log rule usage on both, session start and end |
|
|
Log rule usage on session end |
|
|
Log rule usage on session start |
Example
"BOTH_START_AND_END"
RuleNetworkTraffic
Description
Network objects definition for rule source and destination fields
Fields
| Field Name | Description |
|---|---|
negated - Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue - NetworkPredefinedValue
|
Definition for network of type Any |
typeDisplay - String
|
Network traffic direction in rule (Source, Destination) |
values - [NetworkObject!]
|
List of device network objects |
Example
{
"negated": true,
"predefinedValue": "ANY_IPV4_NETWORK",
"typeDisplay": "xyz789",
"values": [AccessRole]
}
RuleOperationsMutation
Description
Lets you create SecureChange tickets for rules modification, recertification or decommission
Fields
| Field Name | Description |
|---|---|
createTicketDraft - CreateTicketDraftResult!
|
Create a ticket draft in SecureChange |
Arguments
|
|
Example
{"createTicketDraft": CreateTicketDraftResult}
RuleQuery
Description
Query for Rule objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of Rule objects matching the specified filter. |
counts - [CountsResult!]!
|
Gets the number of entities matching a filter, grouped by selected fields. |
Arguments
|
|
values - [Rule!]!
|
A list of Rule objects matching the specified filter. |
Example
{
"count": {},
"counts": [CountsResult],
"values": [Rule]
}
RuleSchedule
Description
Schedule values for rule
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
endTime - DateTime
|
End time |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
scheduledDays - String
|
Days |
scheduledMonth - String
|
Month |
scheduledMonthDays - String
|
Days of month |
startTime - DateTime
|
Start time |
system - BasicSystem
|
The system (root device) that this entity belongs to |
timePeriods - [TimePeriodInDay!]
|
List of time periods |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"endTime": "2007-12-03T10:15:30Z",
"id": 4,
"name": "xyz789",
"scheduledDays": "xyz789",
"scheduledMonth": "xyz789",
"scheduledMonthDays": "xyz789",
"startTime": "2007-12-03T10:15:30Z",
"system": BasicSystem,
"timePeriods": [TimePeriodInDay],
"version": 987
}
RuleServiceTraffic
Description
Network service objects definition for rule service field
Fields
| Field Name | Description |
|---|---|
negated - Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue - ServicePredefinedValue
|
Predefined value to define Any service |
typeDisplay - String
|
RuleServiceTraffic will always be of type "Service"
|
values - [ServiceObject!]
|
List of device network services objects |
Example
{
"negated": true,
"predefinedValue": "ANY_IPV4_SERVICE",
"typeDisplay": "abc123",
"values": [Group]
}
RuleTimeTraffic
Description
Schedules definition for rule
Fields
| Field Name | Description |
|---|---|
predefinedValue - SchedulePredefinedValue
|
Predefined value for schedule of type Any |
typeDisplay - String
|
RuleTimeTraffic will always be of type "Time"
|
values - [RuleSchedule!]
|
List of schedules |
Example
{
"predefinedValue": "ANY_SCHEDULE",
"typeDisplay": "xyz789",
"values": [RuleSchedule]
}
RuleTrackLevel
Description
Rule logging track level
Values
| Enum Value | Description |
|---|---|
|
|
Update the log at given intervals |
|
|
Generate a log of type Alert and run a command |
|
|
Generate a log if immediate action is required |
|
|
Generate a log if functionality is affected |
|
|
Generate a log for debugging |
|
|
Default logging track level |
|
|
Logging is disabled |
|
|
Generate a log if system becomes unstable. |
|
|
Generate a log if there is an error condition exists and functionality could be affected |
|
|
Generate a log with general information about system operations |
|
|
Generate a log of type Alert and send an email to the administrator |
|
|
Generate a log with information about normal events |
|
|
This is the default Track option |
|
|
Do not generate a log |
|
|
Generate a log of type Alert and send an SNMP alert |
|
|
Generate a log of type Alert and send customized alerts |
|
|
Generate a log if functionality could be affected |
Example
"ACCOUNT"
RuleTrafficViolationData
Description
The RuleTrafficViolationData entity holds data of the traffic values that are being violated by the rule
Fields
| Field Name | Description |
|---|---|
trafficRestriction - TrafficUspRestriction
|
The TrafficUspRestriction value that was violated by this rule |
violatedApplicationPredefinedValue - ApplicationPredefinedValue
|
The ApplicationPredefinedValue that was violated by the rule |
violatedServicePredefinedValue - ServicePredefinedValue
|
The ServicePredefinedValue that was violated by the rule |
violatingApplications - [Application!]
|
A list of every Application that was violated by the rule |
violatingServices - [Service!]
|
A list of every Service that was violated by this rule |
Example
{
"trafficRestriction": TrafficUspRestriction,
"violatedApplicationPredefinedValue": "ANY_APPLICATION",
"violatedServicePredefinedValue": "ANY_IPV4_SERVICE",
"violatingApplications": [Application],
"violatingServices": [IcmpService]
}
RuleUrlCategory
Description
URLs category with optional predefined value
Fields
| Field Name | Description |
|---|---|
predefinedValue - UrlCategoryPredefinedValue
|
Predefined value for URL categories of type Any |
typeDisplay - String
|
RuleUrlCategory will always be of type "URL category"
|
values - [UrlCategory!]
|
List of URLs categories |
Example
{
"predefinedValue": "ANY_URL_CATEGORY",
"typeDisplay": "xyz789",
"values": [UrlCategory]
}
RuleUsageStatus
Description
Status of last hit check
Values
| Enum Value | Description |
|---|---|
|
|
Last hit information has not been received for 3 days |
|
|
Last hit information is up-to-date |
Example
"RULE_LAST_HIT_ERROR"
RuleUserData
Description
Additional information such as a description that can be customized
Fields
| Field Name | Description |
|---|---|
automationAttribute - AutomationAttribute
|
Rule type (regular or stealth) |
certification - Certification
|
Rule recertification is used to document and verify the need for a rule, often for standards compliance and auditing. |
ruleDescription - String
|
Rule description. |
saApplications - [SaApplication!]
|
List of SecureApp applications, associated to this rule. |
securechangeTicketInProgressId - String
|
SecureChange ticket in progress |
technicalOwner - User
|
Owner for the rule |
technicalOwnerName - String
|
|
tickets - [Ticket!]
|
List of tickets, opened for this rule. |
Example
{
"automationAttribute": "LEGACY",
"certification": Certification,
"ruleDescription": "abc123",
"saApplications": [SaApplication],
"securechangeTicketInProgressId": "abc123",
"technicalOwner": User,
"technicalOwnerName": "abc123",
"tickets": [Ticket]
}
RuleUserDataMutation
Description
Use this entity to update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rules.
Fields
| Field Name | Description |
|---|---|
createTicket - CreateTicketResult!
|
Create a ticket for a rule. |
Arguments
|
|
deleteTickets - DeleteTicketsResult!
|
Delete tickets. |
Arguments
|
|
updateRuleAutomationAttribute - UpdateRuleAutomationAttributeResult!
|
Update an automation attribute for a rule. |
Arguments |
|
updateRuleDescription - UpdateRuleDescriptionResult!
|
Update description for a rule. |
Arguments
|
|
updateRuleTechnicalOwner - UpdateRuleTechnicalOwnerResult!
|
Update a technical owner for a rule. |
Arguments
|
|
updateTicket - UpdateTicketResult!
|
Update a ticket. |
Arguments
|
|
Example
{
"createTicket": CreateTicketResult,
"deleteTickets": DeleteTicketsResult,
"updateRuleAutomationAttribute": UpdateRuleAutomationAttributeResult,
"updateRuleDescription": UpdateRuleDescriptionResult,
"updateRuleTechnicalOwner": UpdateRuleTechnicalOwnerResult,
"updateTicket": UpdateTicketResult
}
RuleUserTraffic
Description
Network users objects definition for rule user field
Fields
| Field Name | Description |
|---|---|
negated - Boolean
|
Whether this object represents traffic that is the negated value of the details specified in its other properties. |
predefinedValue - UserPredefinedValue
|
Predefined values to define well known user behavior |
typeDisplay - String
|
RuleUserTraffic will always be of type "User"
|
values - [RuleUserValue!]
|
List of device network users objects |
Example
{
"negated": true,
"predefinedValue": "ALL_IDENTIFY",
"typeDisplay": "xyz789",
"values": [AccessRole]
}
RuleUserValue
Types
| Union Types |
|---|
Example
AccessRole
RuleViolatedProperty
Description
The RuleViolatedProperty entity holds data of the property values that are being violated by the rule
Fields
| Field Name | Description |
|---|---|
propertyRestriction - PropertyUspRestriction
|
The PropertyUspRestriction that was violated by this rule |
scalarValue - String
|
A numeric value related to the violated property |
Example
{
"propertyRestriction": PropertyUspRestriction,
"scalarValue": "abc123"
}
RuleViolation
Description
Contains data about Rule Violations. Violations can be filtered by rule, USP, source zone, destination zone, and type (flow, property or traffic).
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
exceptions - [BasicUspExceptionInfo!]
|
|
flowsViolationData - RuleFlowsViolationData
|
The RuleFlowsViolationData of the rule violation |
fromZoneMatchingObjects - [NetworkObject!]
|
A list of every NetworkObject in the source zone |
id - ID!
|
The internal unique identifier for this entity |
matchingDestinationPredefinedValue - NetworkPredefinedValue
|
The network type of the destination zones as identified in the zoneToZoneMatcher entity |
matchingSourcePredefinedValue - NetworkPredefinedValue
|
The network type of the source zones as identified in the zoneToZoneMatcher entity |
name - String
|
This property is not supported |
negatedMatchingDestination - Boolean
|
negatedMatchingDestination will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule destination with a negated value. The toZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation.
|
negatedMatchingSource - Boolean
|
negatedMatchingSource will be True if the NetworkObject (such as IP address) that triggered this violation was caused by a rule source with a negated value. The fromZoneMatchingObjects will be empty, and will not contain the list of all possible networkobjects that can trigger this violation.
|
propertyViolationData - RuleViolatedProperty
|
A list of every RuleViolatedProperty that was violated by this rule |
requirement - UspRequirement
|
A set of conditions that apply to a single pair of SecureTrack network zones relation (from-to) that will be enforced by the USP |
ruleViolationSeverity - ViolationSeverity
|
The ViolationSeverity assigned to this violation by the USP |
timeCreated - DateTime
|
The date and time that this violation first occurred |
toZoneMatchingObjects - [NetworkObject!]
|
A list of every NetworkObject in the destination zone |
trafficViolationData - RuleTrafficViolationData
|
The RuleTrafficViolationData of the rule violation |
usp - BasicUspInfo
|
The ID of the USP that is violated by this rule |
violationOrigin - [ViolationOrigin!]
|
This contains a list of every Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on and list of every SecurityPolicy that the rule evaluates |
zoneToZoneMatcher - ZoneToZoneUspRequirementMatcher
|
The ZoneToZoneUspRequirementMatcher entity that identifies the source and destination zones violated by this rule |
Example
{
"changed": "2007-12-03T10:15:30Z",
"exceptions": [BasicUspExceptionInfo],
"flowsViolationData": RuleFlowsViolationData,
"fromZoneMatchingObjects": [AccessRole],
"id": "4",
"matchingDestinationPredefinedValue": "ANY_IPV4_NETWORK",
"matchingSourcePredefinedValue": "ANY_IPV4_NETWORK",
"name": "xyz789",
"negatedMatchingDestination": false,
"negatedMatchingSource": true,
"propertyViolationData": RuleViolatedProperty,
"requirement": UspRequirement,
"ruleViolationSeverity": "CRITICAL",
"timeCreated": "2007-12-03T10:15:30Z",
"toZoneMatchingObjects": [AccessRole],
"trafficViolationData": RuleTrafficViolationData,
"usp": BasicUspInfo,
"violationOrigin": [ViolationOrigin],
"zoneToZoneMatcher": ZoneToZoneUspRequirementMatcher
}
RuleVpnTraffic
Description
VPN communities definition for rule vpn field
Fields
| Field Name | Description |
|---|---|
predefinedValue - VpnPredefinedValue
|
Value for VPN entity of type Any |
typeDisplay - String
|
RuleVpnTraffic will always be of type "VPN"
|
values - [VpnCommunity!]
|
List of VPN communities |
Example
{
"predefinedValue": "ALL_COMMUNITIES",
"typeDisplay": "xyz789",
"values": [VpnCommunity]
}
RuleZoneTraffic
Description
Network zones definition for rule sourceZone and destZone fields
Fields
| Field Name | Description |
|---|---|
predefinedValue - ZonePredefinedValue
|
Any zone |
typeDisplay - String
|
Rule zone traffic direction in rule (Source, Destination) |
values - [Zone!]
|
List of network zones |
Example
{
"predefinedValue": "ANY_ZONE",
"typeDisplay": "abc123",
"values": [Zone]
}
SaApplication
Example
{
"changed": "2007-12-03T10:15:30Z",
"id": "4",
"name": "abc123",
"owner": "xyz789"
}
SchedulePredefinedValue
Description
Predefined values for schedule of type Any
Values
| Enum Value | Description |
|---|---|
|
|
Any schedule |
Example
"ANY_SCHEDULE"
SecurityPolicy
Description
Set of rules which define whether the traffic should be allowed access
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
comment - String
|
A text comment associated with this entity Permission requires |
defaultAction - RuleActionType
|
Default rule action (Allow, Deny, or Goto) Permission requires |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
installedOnTarget - SecurityPolicyInstallationTargets
|
Firewalls where this security policy has been installed Permission requires |
interZoneAction - RuleActionType
|
Rule action (Allow, Deny, or Goto) for external network zones Permission requires |
intraZoneAction - RuleActionType
|
Rule action (Allow, Deny, or Goto) for internal network zones Permission requires |
ipType - IpType
|
The type of IP address (for example IPv4 or IPv6) that this security policy uses |
name - String
|
The name of the entity |
policyTags - [String!]
|
List of tags Permission requires |
possibleInstallationTargets - SecurityPolicyInstallationTargets
|
All possible targets (gateways/interfaces) where this policy can be installed Permission requires |
system - BasicSystem
|
The system (root device) that this entity belongs to Permission requires |
type - SecurityPolicyType!
|
The type of the security policy |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"defaultAction": "ALLOW",
"device": BasicDevice,
"id": 4,
"installedOnTarget": SecurityPolicyInstallationTargets,
"interZoneAction": "ALLOW",
"intraZoneAction": "ALLOW",
"ipType": "IPV4",
"name": "xyz789",
"policyTags": ["abc123"],
"possibleInstallationTargets": SecurityPolicyInstallationTargets,
"system": BasicSystem,
"type": "ACL",
"version": 987
}
SecurityPolicyInstallationTargets
Description
Firewalls and interfaces that use security policy.
Fields
| Field Name | Description |
|---|---|
fwModules - [BasicDevice!]
|
Firewalls that use security policy. |
Example
{"fwModules": [BasicDevice]}
SecurityPolicyType
Description
The type of the security policy, the policy type may be based on the device vendor
Values
| Enum Value | Description |
|---|---|
|
|
Access Control List that rules are placed in. For example CISCO firewalls. |
|
|
The device group container that rules are placed in. For example, all Panorama firewalls could be placed in a group. |
|
|
|
|
|
Generic container for rules |
|
|
The Security Group that rules are placed in. For example Amazon public cloud. |
Example
"ACL"
SecurityProfile
Description
Security profile
Fields
| Field Name | Description |
|---|---|
category - String
|
Category of this profile |
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"category": "xyz789",
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"name": "abc123",
"system": BasicSystem,
"version": 987
}
SecurityProfileValue
Types
| Union Types |
|---|
Example
Group
SecurityZone
Description
Security zone.
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
If true, the security zone belongs to the 'All Domains' context. Permission requires |
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
domain - Domain
|
The domain on which this security zone is configured. |
id - ID!
|
The internal unique identifier for this entity. |
name - String
|
Name of security zone. |
sharedInDomains - [Domain!]
|
If the zone is shared and is exported to other domains, the list contains other domains that imported this zone. Permission requires |
Example
{
"appliedToAnyDomain": true,
"changed": "2007-12-03T10:15:30Z",
"domain": Domain,
"id": 4,
"name": "xyz789",
"sharedInDomains": [Domain]
}
SecurityZoneQuery
Description
Query for SecurityZone objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of SecurityZone objects matching the specified filter. |
values - [SecurityZone!]!
|
A list of SecurityZone objects matching the specified filter. |
Example
{"count": {}, "values": [SecurityZone]}
Service
Types
| Union Types |
|---|
Example
IcmpService
ServiceAndApplicationConditionInput
Description
Condition on services or applications.
Fields
| Input Field | Description |
|---|---|
applications - [ApplicationString!]
|
List of predefined applications names. |
services - [ServiceExpressionString!]
|
List of services expressions. |
Example
{
"applications": [ApplicationString],
"services": [ServiceExpressionString]
}
ServiceExpressionString
Description
A service expression. Can be either one of the known predefined services, or in a protocol format (TCP, UDP, Other, or ICMP).
Valid protocol input patterns:
- TCP
- TCP [port_number] (valid ports 0-65535)
- TCP [min_port]-[max_port] (valid ports 0-65535 where max_port must be greater or equal to min_port)
- Input as a String literal
Examples: "TCP","TCP 20", "TCP 30-40".
Example
ServiceExpressionString
ServiceObject
Description
Device network service object
Types
| Union Types |
|---|
Example
Group
ServicePredefinedValue
Description
Predefined values to define Any service.
Values
| Enum Value | Description |
|---|---|
|
|
Any service to use with IPv4 sources. |
|
|
Any service to use with IPv6 sources. |
|
|
Any service to use either with IPv4 or IPv6 sources. |
|
|
Default service point for the network application. |
Example
"ANY_IPV4_SERVICE"
ServicesAndApplicationsCondition
Description
Condition on RuleViolations' services and applications - list of services expressions and applications names. The condition is satisfied if either services or applications intersect with RuleViolation's services or applications.
Example
{
"applicationNames": ["abc123"],
"servicesExpressions": ["xyz789"]
}
SessionUser
Description
The entity containing the details of the current principle user in session
Fields
| Field Name | Description |
|---|---|
email - String
|
User account details - the user's email address |
firstName - String
|
User account details - first name |
id - String
|
The unique immutable user identifier |
lastName - String
|
User account details - last name |
permissions - [Permission]
|
The set of system functions grants (by name) that are granted to the user |
profileGroupName - String
|
Name of the user's profile group (based on last login) |
username - String
|
The unique name of the user (used for login) |
Example
{
"email": "abc123",
"firstName": "abc123",
"id": "xyz789",
"lastName": "abc123",
"permissions": [Permission],
"profileGroupName": "xyz789",
"username": "abc123"
}
ShadowedStatus
Description
This shows whether firewall could use the rule or there is upper rule that do the same.
Values
| Enum Value | Description |
|---|---|
|
|
Firewall does not use the rule because there is upper rule that do the same. |
|
|
Firewall uses the rule. |
|
|
There are parts of rule that are already covered by upper rules. |
Example
"FULLY_SHADOWED"
StepStatus
Description
The status of a specific version-related calculation.
Fields
| Field Name | Description |
|---|---|
errorMessage - String
|
The error message that was returned from the calculation process in case of failure. |
name - String
|
The name of the calculation. |
status - ProgressStatus
|
The status of the calculation. |
updated - DateTime
|
The last time the calculation step was updated. |
Example
{
"errorMessage": "abc123",
"name": "abc123",
"status": "COMPLETED",
"updated": "2007-12-03T10:15:30Z"
}
String
Description
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Example
"abc123"
Subnet
Description
Logical subdivision of an IP network.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
cidr - Int
|
Specifies bit-length of the prefix in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
ip - String
|
The IP address. It will either take the form of an IPv4 (as speficied in RFC 794) or IPv6 (as specified in RFC 4291). |
ipType - IpType
|
The IP address this network has can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
name - String
|
The name of the entity |
netmask - String
|
Define the class and range of Internet Protocol (IP) addresses. It will either take the form of an IPv4 or IPv6. |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"cidr": 987,
"comment": "abc123",
"device": BasicDevice,
"id": 4,
"ip": "abc123",
"ipType": "IPV4",
"name": "abc123",
"netmask": "abc123",
"system": BasicSystem,
"version": 123
}
SupportingIP
Description
Network element supports IP definition.
Fields
| Field Name | Description |
|---|---|
ipType - IpType
|
The IP address can be of different types (e.g. IPv4, IPv6). This field specifies which type it is. |
Possible Types
| SupportingIP Types |
|---|
Example
{"ipType": "IPV4"}
System
Description
Root device that manages the dependent devices
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
deleted - Boolean
|
Permission requires |
id - ID!
|
The internal unique identifier for this entity |
ipAddress - String
|
IP address of the root device Permission requires |
model - ModelName
|
Model of this device |
modelDisplayName - String
|
Model name of this device |
monitoredByOPMAgent - Boolean
|
True indicates that the system monitored by OPM agent |
name - String
|
The name of the entity |
opmAgentId - String
|
Open policy management (OPM) agent ID Permission requires |
systemFields - [SystemFieldValue!]
|
System specific text fields Permission requires |
vendor - VendorName
|
Vendor type of this device |
Example
{
"changed": "2007-12-03T10:15:30Z",
"deleted": false,
"id": "4",
"ipAddress": "xyz789",
"model": "ACI",
"modelDisplayName": "abc123",
"monitoredByOPMAgent": true,
"name": "xyz789",
"opmAgentId": "xyz789",
"systemFields": [SystemFieldValue],
"vendor": "AMAZON"
}
SystemField
Fields
| Field Name | Description |
|---|---|
fieldType - SystemFieldType
|
Field type |
mandatory - Boolean
|
True indicates that the System Field is required |
name - String
|
Field name |
Example
{
"fieldType": "SECRET",
"mandatory": false,
"name": "xyz789"
}
SystemFieldInput
Description
System field type definition
Fields
| Input Field | Description |
|---|---|
fieldType - SystemFieldType!
|
Field type |
mandatory - Boolean!
|
True indicates that the System Field Value is required |
name - Name!
|
Field name |
Example
{"fieldType": "SECRET", "mandatory": false, "name": Name}
SystemFieldType
Values
| Enum Value | Description |
|---|---|
|
|
Text that will be encrypted by the application, and will be displayed as "Null" in the query results |
|
|
Non-encrypted text |
Example
"SECRET"
SystemFieldValue
Description
System field definition
Fields
| Field Name | Description |
|---|---|
fieldType - SystemFieldType
|
Field type |
mandatory - Boolean
|
True indicates that the System Field Value is required |
name - String
|
Field name |
value - String
|
Text value |
Example
{
"fieldType": "SECRET",
"mandatory": false,
"name": "xyz789",
"value": "xyz789"
}
SystemFieldValueInput
Description
System field definition
Fields
| Input Field | Description |
|---|---|
field - SystemFieldInput!
|
Field type |
value - FreeText!
|
Text value |
Example
{
"field": SystemFieldInput,
"value": FreeText
}
SystemMutation
Fields
| Field Name | Description |
|---|---|
createSystem - CreateSystemResult!
|
Create system |
Arguments
|
|
deleteSystem - DeleteSystemResult!
|
Delete system |
Arguments
|
|
updateSystem - UpdateSystemResult!
|
Update system |
Arguments
|
|
Example
{
"createSystem": CreateSystemResult,
"deleteSystem": DeleteSystemResult,
"updateSystem": UpdateSystemResult
}
SystemProperties
Fields
| Field Name | Description |
|---|---|
modelDisplayName - String
|
Device model name |
systemFields - [SystemField!]
|
System specific text fields |
Example
{
"modelDisplayName": "abc123",
"systemFields": [SystemField]
}
SystemQuery
Description
Query for System objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of System objects matching the specified filter. |
values - [System!]!
|
A list of System objects matching the specified filter. |
Example
{"count": {}, "values": [System]}
TQLSearchType
Values
| Enum Value | Description |
|---|---|
|
|
Example
"RULE"
Ticket
Fields
| Field Name | Description |
|---|---|
automatic - Boolean
|
|
businessOwner - String
|
The owner of the ticket |
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
|
email - String
|
Contact email |
externalUrl - String
|
|
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
originTicketId - String
|
Ticket identifier |
secureChangeTicket - Boolean
|
If true, it is a ticket originated by SecureChange |
timeCreation - DateTime
|
|
timeExpiration - DateTime
|
Ticket expiration date |
Example
{
"automatic": true,
"businessOwner": "abc123",
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"email": "xyz789",
"externalUrl": "abc123",
"id": 4,
"name": "abc123",
"originTicketId": "abc123",
"secureChangeTicket": true,
"timeCreation": "2007-12-03T10:15:30Z",
"timeExpiration": "2007-12-03T10:15:30Z"
}
TimePeriodInDay
TimedCount
TrafficUspRestriction
Description
A condition that defines the allowed traffic from one SecureTrack network zone to another.
Fields
| Field Name | Description |
|---|---|
applicationNames - [String!]
|
List of predefined applications names. |
restrictionType - RestrictionType
|
Traffic USP restriction will always be of type "Traffic". |
servicesExpressions - [String!]
|
List of either predefined services names or custom services defined by protocol and port ("TCP 10-20" or "UDP 80" for example). The supported protocols are:
|
trafficUspRestrictionType - TrafficUspRestrictionType
|
The traffic restriction type (Allow only, Block only, Allow all, Block all). |
Example
{
"applicationNames": ["xyz789"],
"restrictionType": "DESTINATION_IPS_MAX_COUNT",
"servicesExpressions": ["abc123"],
"trafficUspRestrictionType": "ALLOW_ALL"
}
TrafficUspRestrictionInput
Description
Traffic USP restriction (TrafficUspRestriction).
Fields
| Input Field | Description |
|---|---|
applicationNames - [ApplicationString!]
|
Application names. |
servicesExpressions - [ServiceExpressionString!]
|
Services expressions. |
type - TrafficUspRestrictionType!
|
Traffic USP restriction type (TrafficUspRestrictionType). |
Example
{
"applicationNames": [ApplicationString],
"servicesExpressions": [ServiceExpressionString],
"type": "ALLOW_ALL"
}
TrafficUspRestrictionType
Description
Enumeration of valid traffic restriction types.
Values
| Enum Value | Description |
|---|---|
|
|
All traffic is allowed. |
|
|
Traffic is permitted only for the provided services or applications. |
|
|
No traffic is allowed. |
|
|
Traffic is prohibited only for the provided services or applications. |
Example
"ALLOW_ALL"
TransportService
Description
Service definition
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
maxPort - Int
|
The last service port number in range, including |
minPort - Int
|
The first service port number in range, including |
name - String
|
The name of the entity |
negated - Boolean
|
Rule will use all service ports, except specified in minPort and maxPort in case this value is true |
protocol - TransportServiceProtocol
|
Service protocol name. For example: FTP |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"id": "4",
"maxPort": 987,
"minPort": 123,
"name": "xyz789",
"negated": true,
"protocol": "SCTP",
"system": BasicSystem,
"version": 123
}
TransportServiceProtocol
Description
Division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model.
Values
| Enum Value | Description |
|---|---|
|
|
Stream Control Transmission Protocol (SCTP). |
|
|
Transmission Control Protocol (TCP). |
|
|
User Datagram Protocol (UDP). |
Example
"SCTP"
TrendQueryInput
Description
The TrendQueryInput displays information from the metric ID parameter, over time.
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
If true, the metric will be collected from all the system domains. If false, the metric will be collected only from specified domains. |
domain - IdString
|
The domain ID associated with the query. |
metricId - FreeText!
|
The parameter that will be displayed in the trend query for the defined time span. Should be one of: disabled_rules, unused_rules, fully_shadowed_rules, rules_violation_highest_severity_low, rules_violation_highest_severity_medium, rules_violation_highest_severity_high, rules_violation_highest_severity_critical |
timeSpan - Int!
|
The number of days included in the trend query, counted from the day before the current day. |
Example
{
"appliedToAnyDomain": true,
"domain": IdString,
"metricId": FreeText,
"timeSpan": 123
}
TrendResult
Description
Returns the query status, and the set of values collected for the metric over the time span defined.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of the trend request. |
timedCounts - [TimedCount!]!
|
The complete result of the trend query, presented as a list of dates and values. |
Example
{
"resultStatus": ResultStatus,
"timedCounts": [TimedCount]
}
URL
Description
URL entity
Example
"http://www.test.com/"
UpdateDeviceInclusionInCalculationInput
Description
Updates whether the device is included in the violation calculation
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
True indicates that the device will be included in the violation calculations for All Domains. False indicates that the violation calculations will only apply to the specified domain.
|
deviceId - IdString!
|
The Device ID |
domain - IdString
|
The ID of the domain that the violation calculation is applied to. Note: If appliedToAnyDomain is set to True this value is ignored. |
include - Boolean!
|
Indicates whether the device is included or excluded from violation calculation |
Example
{
"appliedToAnyDomain": true,
"deviceId": IdString,
"domain": IdString,
"include": true
}
UpdateDeviceInclusionInCalculationResult
Description
Returns the status result when updating whether the device is included in the violation calculation
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of request to update whether the device is included in the violation calculation |
Example
{"resultStatus": ResultStatus}
UpdateProtectionModeInput
Description
Updates the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface.
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
True indicates that the protection mode of the device will be updated for All Domains. False indicates that the protection mode will be updated only for the specified domain.
|
deviceId - IdString!
|
The Device ID |
domain - IdString
|
The ID of the domain that the protection mode will be updated for. Note: If appliedToAnyDomain is set to True this value is ignored. |
protectionMode - ProtectionMode!
|
The ZoneProtectionMode value |
Example
{
"appliedToAnyDomain": false,
"deviceId": IdString,
"domain": IdString,
"protectionMode": "CONNECTED_ZONES"
}
UpdateProtectionModeResult
Description
Returns the status result when updating the protection mode of a Device to the type of SecureTrack network zones that will be used in the violation calculation
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of request to update the protection mode of Device to the type of SecureTrack network zones that will be used in the violation calculation |
Example
{"resultStatus": ResultStatus}
UpdateRuleAutomationAttributeInput
Description
Update the automation attribute for a rule.
Fields
| Input Field | Description |
|---|---|
automationAttribute - AutomationAttribute
|
Automation attribute to update. |
ids - [IdString!]!
|
List of affected rule IDs. |
Example
{"automationAttribute": "LEGACY", "ids": [IdString]}
UpdateRuleAutomationAttributeResult
Description
Returns the status results when updating automation attribute for a rule.
Fields
| Field Name | Description |
|---|---|
ids - [ID!]!
|
IDs of the updated rules. |
resultStatus - ResultStatus!
|
Result of the operation. |
Example
{"ids": [4], "resultStatus": ResultStatus}
UpdateRuleDescriptionInput
Description
Update description for a rule.
Fields
| Input Field | Description |
|---|---|
description - FreeText
|
Description to update. |
ids - [IdString!]!
|
List of affected rule IDs. |
Example
{
"description": FreeText,
"ids": [IdString]
}
UpdateRuleDescriptionResult
Description
Returns the status results when updating the description for a rule.
Fields
| Field Name | Description |
|---|---|
ids - [ID!]
|
IDs of updated rules. |
resultStatus - ResultStatus!
|
Result of the operation. |
Example
{
"ids": ["4"],
"resultStatus": ResultStatus
}
UpdateRuleTechnicalOwnerInput
Description
Update the technical owner for a rule.
Fields
| Input Field | Description |
|---|---|
ids - [IdString!]!
|
List of affected rule IDs. |
technicalOwnerId - IdString
|
The ID of the technical owner to update. |
Example
{
"ids": [IdString],
"technicalOwnerId": IdString
}
UpdateRuleTechnicalOwnerResult
Description
Returns the status results when updating the technical owner for a rule.
Fields
| Field Name | Description |
|---|---|
ids - [ID!]!
|
IDs of updated rules. |
resultStatus - ResultStatus!
|
Result of the operation. |
Example
{
"ids": ["4"],
"resultStatus": ResultStatus
}
UpdateSystemInput
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean
|
This property is not currently supported |
domain - IdString
|
This property is not currently supported |
id - IdString!
|
Systems ID to update |
ipAddress - IpAddressString
|
IP address of the root device |
name - Name!
|
System name |
properties - [SystemFieldValueInput!]
|
System properties |
Example
{
"appliedToAnyDomain": false,
"domain": IdString,
"id": IdString,
"ipAddress": IpAddressString,
"name": Name,
"properties": [SystemFieldValueInput]
}
UpdateSystemResult
Fields
| Field Name | Description |
|---|---|
id - ID
|
Application internal ID of updated system |
resultStatus - ResultStatus!
|
Result of the operation |
Example
{"id": 4, "resultStatus": ResultStatus}
UpdateTicketInput
Description
Update a ticket for a rule.
Fields
| Input Field | Description |
|---|---|
businessOwner - FreeText
|
Business owner name for a rule. |
comment - FreeText
|
Comment for a ticket. |
email - EmailAddress
|
Business owner Email address for a rule. |
expirationDate - DateTime
|
Expiration date for a ticket. |
externalUrl - URL
|
External URL for a ticket. |
id - IdString!
|
ID of the ticket to update. |
originTicketId - FreeText
|
ID information for a ticket, only required if a SecureChange ticket is linked. |
secureChangeTicket - Boolean
|
Mark as true if the ticket is a SecureChange ticket. |
Example
{
"businessOwner": FreeText,
"comment": FreeText,
"email": "[email protected]",
"expirationDate": "2007-12-03T10:15:30Z",
"externalUrl": "http://www.test.com/",
"id": IdString,
"originTicketId": FreeText,
"secureChangeTicket": false
}
UpdateTicketResult
Description
Returns the status results when updating a ticket for a rule.
Fields
| Field Name | Description |
|---|---|
id - ID
|
ID of the updated ticket. |
resultStatus - ResultStatus!
|
Result of the operation. |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
UpdateUserTQLSearchInput
Description
Update a TQL query
Example
{
"description": FreeText,
"id": IdString,
"name": Name,
"public": true,
"query": "abc123"
}
UpdateUserTQLSearchResult
Description
Returns the status results when updating a TQL query
Fields
| Field Name | Description |
|---|---|
id - ID
|
Unique identifier of the updated query |
resultStatus - ResultStatus!
|
Result of the operation |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
UpdateUspAlertConfigInput
Description
Update a USP alert.
Fields
| Input Field | Description |
|---|---|
allDevices - Boolean!
|
If set to True, the devicesIds field is ignored and this alert applies to all devices. |
allUsps - Boolean!
|
If set to True, the uspId field is ignored and this alert applies to all USPs. |
description - FreeText
|
Alert description. |
devicesIds - [IdString!]
|
This alert applies only for the specified devices. Add a list Device IDs. |
disabled - Boolean!
|
Set to true to disable this alert. |
externalRecipientsEmails - [EmailAddress!]
|
Add list of 1 or more valid email addresses that will receive this alert. Leave this field empty if you do not want to send email to non-SecureTrack users. |
id - IdString!
|
ID of the alert you want to update. |
name - Name!
|
Alert name. |
recipientsIds - [IdString!]
|
Add a list of 1or more SecureTrack User IDs that should receive this alert. Leave this field empty if you do not want to send the alert to a SecureTrack user. |
severities - [ViolationSeverity!]!
|
This alert is sent for violations of all the selected severities. |
syslogEnabled - Boolean!
|
Set to True if syslog the alert should also be sent via syslog. |
uspId - IdString
|
This alert applies only to the specified USP. Add a single USP ID only. |
Example
{
"allDevices": true,
"allUsps": false,
"description": FreeText,
"devicesIds": [IdString],
"disabled": true,
"externalRecipientsEmails": [
"[email protected]"
],
"id": IdString,
"name": Name,
"recipientsIds": [IdString],
"severities": ["CRITICAL"],
"syslogEnabled": true,
"uspId": IdString
}
UpdateUspAlertConfigResult
Description
Returns the status results when updating a new USP alert.
Fields
| Field Name | Description |
|---|---|
id - ID
|
ID of the updated alert. |
resultStatus - ResultStatus!
|
Status of request to update a USP alert. |
Example
{"id": 4, "resultStatus": ResultStatus}
UpdateUspInput
Description
Updates an existing USP.
Fields
| Input Field | Description |
|---|---|
description - FreeText
|
USP description. |
id - IdString!
|
USP ID. |
name - Name!
|
USP name. |
securityZonesIds - [IdString!]!
|
The USP updated SecureTrack network zones IDs. Zones that are in this list this does not exist in the USP will be added. Zones that are not in this list and appear in the USP will be deleted. Zones that are in this list and appear in the USP will remain. |
Example
{
"description": FreeText,
"id": IdString,
"name": Name,
"securityZonesIds": [IdString]
}
UpdateUspRequirementInput
Description
Updates a USP requirement.
Fields
| Input Field | Description |
|---|---|
description - FreeText
|
Requirement description. |
destSecurityZoneId - IdString!
|
Requirement's destination SecureTrack network zone (to zone). |
restrictions - UspRestrictionsInput!
|
Requirement restriction. |
severity - ViolationSeverity!
|
Requirement severity. |
srcSecurityZoneId - IdString!
|
Requirement's source SecureTrack network zone (from zone). |
uspId - IdString!
|
USP ID. |
Example
{
"description": FreeText,
"destSecurityZoneId": IdString,
"restrictions": UspRestrictionsInput,
"severity": "CRITICAL",
"srcSecurityZoneId": IdString,
"uspId": IdString
}
UpdateUspRequirementResult
Description
Returns the status results when updating a USP requirement.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of request to updating a USP requirement. |
Example
{"resultStatus": ResultStatus}
UpdateUspResult
Description
Returns the status results when updating a USP.
Fields
| Field Name | Description |
|---|---|
id - ID
|
USP ID. |
resultStatus - ResultStatus!
|
Status of request to update a USP. |
Example
{
"id": "4",
"resultStatus": ResultStatus
}
UpdateUspRuleExceptionInput
Fields
| Input Field | Description |
|---|---|
approver - FreeText
|
|
description - FreeText
|
|
disabled - Boolean!
|
|
endDate - Date
|
|
id - IdString!
|
|
name - Name!
|
|
rules - RuleExceptionConditionInput!
|
|
startDate - Date
|
|
ticketId - FreeText
|
|
usps - [UspExceptionConditionInput!]
|
Example
{
"approver": FreeText,
"description": FreeText,
"disabled": true,
"endDate": "2007-12-03",
"id": IdString,
"name": Name,
"rules": RuleExceptionConditionInput,
"startDate": "2007-12-03",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
UpdateUspRuleExceptionResult
Fields
| Field Name | Description |
|---|---|
id - ID
|
|
resultStatus - ResultStatus!
|
Example
{
"id": "4",
"resultStatus": ResultStatus
}
UpdateUspTrafficExceptionInput
Description
Update a UspException.
Fields
| Input Field | Description |
|---|---|
approver - FreeText
|
User that approved the UspException. |
description - FreeText
|
UspException description. |
destinationEntityIds - [IdString!]
|
Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. |
destinations - [IpAddressString!]
|
Destination condition - list of IPs/subnets. |
disabled - Boolean!
|
Set to true to disable this UspException. When disabled, UspException will have no impact on RuleViolations. |
endDate - Date
|
Last date that the UspException is active. |
id - IdString!
|
UspException ID. |
name - Name!
|
UspException name. |
servicesAndApplications - ServiceAndApplicationConditionInput
|
|
sourceEntityIds - [IdString!]
|
Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. |
sources - [IpAddressString!]
|
Source condition - list of IPs/subnets. |
startDate - Date
|
First date that the UspException is active. |
ticketId - FreeText
|
SecureChange ticket ID. |
usps - [UspExceptionConditionInput!]
|
Example
{
"approver": FreeText,
"description": FreeText,
"destinationEntityIds": [IdString],
"destinations": [IpAddressString],
"disabled": true,
"endDate": "2007-12-03",
"id": IdString,
"name": Name,
"servicesAndApplications": ServiceAndApplicationConditionInput,
"sourceEntityIds": [IdString],
"sources": [IpAddressString],
"startDate": "2007-12-03",
"ticketId": FreeText,
"usps": [UspExceptionConditionInput]
}
UpdateUspTrafficExceptionResult
Description
Returns the status results when updating a UspException.
Fields
| Field Name | Description |
|---|---|
id - ID
|
Updated UspException ID. |
resultStatus - ResultStatus!
|
Status of request to update a UspException. |
Example
{"id": 4, "resultStatus": ResultStatus}
UrlCategory
Description
The category of the URL as determined by the device
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
urls - [String!]
|
List of URLs |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": "4",
"name": "abc123",
"system": BasicSystem,
"urls": ["abc123"],
"version": 123
}
UrlCategoryInput
Fields
| Input Field | Description |
|---|---|
name - String!
|
Example
{"name": "abc123"}
UrlCategoryPredefinedValue
Description
Predefined values for URL categories of type Any
Values
| Enum Value | Description |
|---|---|
|
|
Any URL category |
Example
"ANY_URL_CATEGORY"
User
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
email - String
|
Permission requires |
firstName - String
|
|
id - ID!
|
The internal unique identifier for this entity |
isProfileGroupMember - Boolean
|
Permission requires |
lastName - String
|
|
name - String
|
The name of the entity |
Example
{
"changed": "2007-12-03T10:15:30Z",
"email": "abc123",
"firstName": "xyz789",
"id": "4",
"isProfileGroupMember": true,
"lastName": "xyz789",
"name": "xyz789"
}
UserPredefinedValue
Description
Predefined values to define well known user behavior
Values
| Enum Value | Description |
|---|---|
|
|
All users existed on device |
|
|
Any user |
|
|
Already authenticated user |
|
|
Guest, not authenticated user |
Example
"ALL_IDENTIFY"
UserQuery
Description
Query for User objects. These objects can be filtered with a TQL query.
Example
{"count": {}, "values": [User]}
UserTQLSearch
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
If true, the query belongs to the 'All Domains' context. |
changed - DateTime
|
The most recent time that this entity was directly modified |
description - String
|
Description of the query |
domain - Domain
|
Domain in which the query was saved. |
id - ID!
|
Unique identifier of the query |
name - String
|
Name of the query |
owner - User!
|
User info of the query creator |
public - Boolean!
|
if true the query is public |
query - String!
|
TQL expression saved as part of the query |
timeCreation - DateTime!
|
Date query was created |
type - TQLSearchType!
|
The entity returned by the query |
Example
{
"appliedToAnyDomain": true,
"changed": "2007-12-03T10:15:30Z",
"description": "abc123",
"domain": Domain,
"id": "4",
"name": "abc123",
"owner": User,
"public": true,
"query": "abc123",
"timeCreation": "2007-12-03T10:15:30Z",
"type": "RULE"
}
UserTQLSearchMutation
Description
The userTQLSearch entity lets you create, update, or delete saved TQL queries
Fields
| Field Name | Description |
|---|---|
changeUserTQLSearchesOwner - ChangeUserTQLSearchesOwnerResult!
|
Change the owner of multiple TQL queries in bulk |
Arguments
|
|
createUserTQLSearch - CreateUserTQLSearchResult!
|
Create and save a TQL query |
Arguments
|
|
deleteUserTQLSearch - DeleteUserTQLSearchResult!
|
Delete saved TQL queries |
Arguments
|
|
updateUserTQLSearch - UpdateUserTQLSearchResult!
|
Edit and save a TQL query |
Arguments
|
|
Example
{
"changeUserTQLSearchesOwner": ChangeUserTQLSearchesOwnerResult,
"createUserTQLSearch": CreateUserTQLSearchResult,
"deleteUserTQLSearch": DeleteUserTQLSearchResult,
"updateUserTQLSearch": UpdateUserTQLSearchResult
}
UserTQLSearchQuery
Description
Query for UserTQLSearch objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of UserTQLSearch objects matching the specified filter. |
values - [UserTQLSearch!]!
|
A list of UserTQLSearch objects matching the specified filter. |
Example
{"count": {}, "values": [UserTQLSearch]}
UserUsage
Description
Object which represents usage information of users on the rule
Fields
| Field Name | Description |
|---|---|
timeLastHit - DateTime
|
Represents time when traffic was recorded for the user |
usageStatus - UserUsageStatus
|
Contains error information why traffic on user was not captured or CONFIGURED otherwise |
user - RuleUserValue
|
The identity of the user |
Example
{
"timeLastHit": "2007-12-03T10:15:30Z",
"usageStatus": "CONFIGURED",
"user": AccessRole
}
UserUsageStatus
Values
| Enum Value | Description |
|---|---|
|
|
Status of last hit for user |
|
|
Last hit information cannot be shown because an LDAP communication error occurred |
|
|
To display last hit information for users, configure LDAP in Admin -> Configuration -> User Identity |
|
|
This user is not found in the LDAP server configured in SecureTrack |
Example
"CONFIGURED"
UserValue
UserWorkflow
Description
The UserWorkflow entity describes a SecureChange workflow. A workflow is a set of steps to complete a change request. For example, rule modification, recertification, or decommission.
Fields
| Field Name | Description |
|---|---|
description - String!
|
The workflow description. |
name - String!
|
The workflow name. |
type - WorkFlowType!
|
The workflow type. |
Example
{
"description": "xyz789",
"name": "abc123",
"type": "DECOMMISSION_RULES"
}
UserWorkflowsQuery
Description
Returns a list of all SecureChange workflows assigned to the current user.
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
|
values - [UserWorkflow!]!
|
Example
{
"resultStatus": ResultStatus,
"values": [UserWorkflow]
}
Usp
Description
The Usp entity shows the configuration of a USP. A USP requirement consists of matched entities, typically a source zone and a destination zone, that have a restriction. For example, a requirement could be based on the matched entities "Source Zone = Administrators" and "Destination Zone = Marketing", with a restriction of "Allow only HTTPS". A rule that violates any of the USP requirements will be reported as a rule violation.
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
Permission requires |
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
description - String
|
Description of the USP. |
differentZonesDefaultRestrictions - UspRestrictions
|
Configures default restrictions on security rules for different zones in source and destination. |
domain - Domain
|
Domain of the USP. Permission requires |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
Name of the USP. |
requirements - [UspRequirement!]
|
Set of conditions that apply to each USP matched entity (typically a source zone and destination zone) that will be enforced by the rule. Permission requires |
sameZoneDefaultRestrictions - UspRestrictions
|
Configures default restrictions on security rules for the same zone in source and destination. |
securityZones - [SecurityZone!]
|
SecureTrack zones that the USP enforces. Permission requires |
Example
{
"appliedToAnyDomain": true,
"changed": "2007-12-03T10:15:30Z",
"description": "xyz789",
"differentZonesDefaultRestrictions": UspRestrictions,
"domain": Domain,
"id": "4",
"name": "abc123",
"requirements": [UspRequirement],
"sameZoneDefaultRestrictions": UspRestrictions,
"securityZones": [SecurityZone]
}
UspAlertConfig
Description
The UspAlertConfig entity shows the current configuration of a USP alert. Alerts can be configured to trigger when they meet the specific conditions you desire, including: a specific USP, a list of specific devices, and specific severity levels. Alerts can be sent via one or more of the following: to SecureTrack users, to external email addresses, and via syslog. Alerts can be disabled or enabled at any time. See AlertsConfigMutation for the complete list of supported configuration options. Permission requires
Fields
| Field Name | Description |
|---|---|
allDevices - Boolean
|
If True, the devicesIds field is ignored and this alert applies to all devices. |
allUsps - Boolean
|
If True, the uspId field is ignored and this alert applies to all USPs. |
appliedToAnyDomain - Boolean
|
|
changed - DateTime
|
The most recent time that this entity was directly modified |
description - String
|
Alert description. |
devices - [Device!]
|
This alert applies only for the specified devices. |
disabled - Boolean
|
If True, the alert is disabled and will not be triggered. |
domain - Domain
|
|
externalRecipientsEmails - [String!]
|
Email addresses that will receive this alert. |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
recipients - [User!]
|
SecureTrack User IDs that will receive this alert. |
syslogEnabled - Boolean
|
If True, the alert will be sent via syslog. |
timeCreated - DateTime
|
Date alert was created. |
usp - Usp
|
This alert applies only to the specified USP. |
valid - Boolean
|
If False, the alert is no longer valid. An alert becomes invalid if all recipients, or all specified devices, or the USP is removed from SecureTrack. |
violationSeverities - [ViolationSeverity!]
|
This alert is sent for violations of all the selected severities. |
Example
{
"allDevices": true,
"allUsps": false,
"appliedToAnyDomain": false,
"changed": "2007-12-03T10:15:30Z",
"description": "xyz789",
"devices": [Device],
"disabled": true,
"domain": Domain,
"externalRecipientsEmails": ["xyz789"],
"id": 4,
"name": "abc123",
"recipients": [User],
"syslogEnabled": true,
"timeCreated": "2007-12-03T10:15:30Z",
"usp": Usp,
"valid": true,
"violationSeverities": ["CRITICAL"]
}
UspAlertConfigQuery
Description
Query for UspAlertConfig objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of UspAlertConfig objects matching the specified filter. |
values - [UspAlertConfig!]!
|
A list of UspAlertConfig objects matching the specified filter. |
Example
{"count": {}, "values": [UspAlertConfig]}
UspCondition
Description
Condition on RuleViolations' Usps and SecurityZone pairs. If no SecureTrack zone pairs are configured in the condition, condition is satisfied for all RuleViolations of the given USP.
Fields
| Field Name | Description |
|---|---|
usp - Usp
|
Usp name.
|
zonePairs - [ZonePair!]
|
Pairs of SecureTrack zones of the given usp. |
Example
{
"usp": Usp,
"zonePairs": [ZonePair]
}
UspException
Description
The UspException entity shows the current configuration of a USP exception. UspException exempts RuleViolations of flow and traffic types, according to the different conditions. UspException must contain at least one configured condition. An empty condition is treated as 'all'. Traffic violations are affected by source, destination, service\application and usp conditions. Flow violations are affected by source, destination and USP conditions. All affecting conditions must be satisfied for a RuleViolation to be exempted (logical AND between conditions).
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
Permission requires |
approver - String
|
User that approved the UspException. Permission requires |
changed - DateTime
|
The date that this UspException entity was last changed. Permission requires |
creator - String
|
Username of UspException creator. Permission requires |
description - String
|
UspException description. |
disabled - Boolean
|
If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires |
domain - Domain
|
Permission requires |
id - ID!
|
The internal unique identifier for this entity. |
invalid - Boolean
|
If true, the USP exception is not valid. Permission requires |
name - String
|
UspException unique name. |
ticketId - String
|
SecureChange ticket ID. Permission requires |
timeCreated - DateTime
|
Date UspException was created. Permission requires |
timeEnd - DateTime
|
Last date that the UspException is active. Permission requires |
timeStart - DateTime
|
First date that the UspException is active. Permission requires |
usps - [UspCondition!]
|
UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires
|
Possible Types
| UspException Types |
|---|
Example
{
"appliedToAnyDomain": true,
"approver": "xyz789",
"changed": "2007-12-03T10:15:30Z",
"creator": "abc123",
"description": "xyz789",
"disabled": true,
"domain": Domain,
"id": 4,
"invalid": true,
"name": "abc123",
"ticketId": "xyz789",
"timeCreated": "2007-12-03T10:15:30Z",
"timeEnd": "2007-12-03T10:15:30Z",
"timeStart": "2007-12-03T10:15:30Z",
"usps": [UspCondition]
}
UspExceptionConditionInput
Description
Condition on USPs and SecureTrack zone pairs.
Fields
| Input Field | Description |
|---|---|
uspId - IdString!
|
USP ID. |
zones - [ZonePairInput!]
|
SecureTrack zone pairs. |
Example
{
"uspId": IdString,
"zones": [ZonePairInput]
}
UspExceptionMutation
Description
The UspExceptionMutation entity lets you create, update or delete UspExceptions.
Fields
| Field Name | Description |
|---|---|
addRulesToRuleException - AddRulesToRuleExceptionResult!
|
|
Arguments
|
|
createUspRuleException - CreateUspRuleExceptionResult!
|
|
Arguments
|
|
createUspTrafficException - CreateUspTrafficExceptionResult!
|
Create a UspException. |
Arguments
|
|
deleteUspExceptions - DeleteUspExceptionResult!
|
Delete one or more UspExceptions. |
Arguments
|
|
updateUspRuleException - UpdateUspRuleExceptionResult!
|
|
Arguments
|
|
updateUspTrafficException - UpdateUspTrafficExceptionResult!
|
Update a UspException. |
Arguments
|
|
Example
{
"addRulesToRuleException": AddRulesToRuleExceptionResult,
"createUspRuleException": CreateUspRuleExceptionResult,
"createUspTrafficException": CreateUspTrafficExceptionResult,
"deleteUspExceptions": DeleteUspExceptionResult,
"updateUspRuleException": UpdateUspRuleExceptionResult,
"updateUspTrafficException": UpdateUspTrafficExceptionResult
}
UspExceptionQuery
Description
Query for UspException objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of UspException objects matching the specified filter. |
values - [UspException!]!
|
A list of UspException objects matching the specified filter. |
Example
{"count": {}, "values": [UspException]}
UspMutation
Description
The UspMutation entity lets you create, update or delete USPs.
Fields
| Field Name | Description |
|---|---|
addSecurityZonesToUsp - AddSecurityZonesToUspResult!
|
Add SecureTrack network zones to an existing USP. |
Arguments
|
|
createPredefinedUsp - CreatePredefinedUspResult!
|
Create a USP based on a regulation template. |
Arguments
|
|
createUsp - CreateUspResult!
|
Create a USP. |
Arguments
|
|
deleteUsp - DeleteUspResult!
|
Delete one or more USPs. |
Arguments
|
|
removeSecurityZonesFromUsp - RemoveSecurityZonesFromUspResult!
|
Remove SecureTrack network zones to an existing USP. |
Arguments
|
|
updateUsp - UpdateUspResult!
|
Update a USP. |
Arguments
|
|
updateUspRequirement - UpdateUspRequirementResult!
|
Create a USP requirement. |
Arguments
|
|
Example
{
"addSecurityZonesToUsp": AddSecurityZonesToUspResult,
"createPredefinedUsp": CreatePredefinedUspResult,
"createUsp": CreateUspResult,
"deleteUsp": DeleteUspResult,
"removeSecurityZonesFromUsp": RemoveSecurityZonesFromUspResult,
"updateUsp": UpdateUspResult,
"updateUspRequirement": UpdateUspRequirementResult
}
UspQuery
UspRequirement
Description
The requirements that apply to a specific USP matched entity (typically a source zone and a destination zone), that will be enforced by this rule.
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
This property is not supported for this entity. |
restrictions - UspRestrictions
|
A set of properties that make up a restriction for a specific USP matched entity (typically a source zone and a destination zone). To be compliant, a rule must meet all restrictions. |
severity - ViolationSeverity
|
The severity (low, medium, high, critical) of a rule violation. |
usp - BasicUspInfo
|
|
uspRequirementDescription - String
|
Description of the USP requirement. |
zoneToZoneUspRequirementMatcher - ZoneToZoneUspRequirementMatcher
|
This describes matching criteria for USP requirement. |
Example
{
"changed": "2007-12-03T10:15:30Z",
"id": 4,
"name": "abc123",
"restrictions": UspRestrictions,
"severity": "CRITICAL",
"usp": BasicUspInfo,
"uspRequirementDescription": "abc123",
"zoneToZoneUspRequirementMatcher": ZoneToZoneUspRequirementMatcher
}
UspRequirementQuery
Description
Query for UspRequirement objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of UspRequirement objects matching the specified filter. |
values - [UspRequirement!]!
|
A list of UspRequirement objects matching the specified filter. |
Example
{"count": {}, "values": [UspRequirement]}
UspRestriction
Description
A condition to be enforced on security rules.
Fields
| Field Name | Description |
|---|---|
restrictionType - RestrictionType
|
Restriction type. |
Possible Types
| UspRestriction Types |
|---|
Example
{"restrictionType": "DESTINATION_IPS_MAX_COUNT"}
UspRestrictions
Description
A set of properties that make up a restriction for a specific matched entity (typically a source zone and a destination zone) in a USP. To be compliant, a rule must meet all USP restrictions.
Fields
| Field Name | Description |
|---|---|
destinationIpsMaxCountRestriction - PropertyUspRestriction
|
Maximum number of IP address allowed in the rule's destination. |
explicitDestinationRestriction - PropertyUspRestriction
|
Rules must have an explicit destination, not the ANY value. |
explicitServiceRestriction - PropertyUspRestriction
|
Rules must have an explicit service, not the ANY value. |
explicitSourceRestriction - PropertyUspRestriction
|
Rules must have an explicit source, not the ANY value. |
flowUspRestriction - FlowUspRestriction
|
Flow restriction (Host to Host, Subnet to Host, or Host to Subnet). |
lastHitMaxValRestriction - PropertyUspRestriction
|
Maximum number of days in which the rule must have had a hit. |
mandatoryCommentRestriction - PropertyUspRestriction
|
Rules must have text in the comment field. |
mandatoryLogRestriction - PropertyUspRestriction
|
Rules must be configured to create log entries. |
servicesMaxCountRestriction - PropertyUspRestriction
|
Maximum number of services allowed. |
sourceIpsMaxCountRestriction - PropertyUspRestriction
|
Maximum number of IP address allowed in the rule's source. |
trafficUspRestriction - TrafficUspRestriction
|
Traffic access that is permitted from a source zone to a destination zone (Allow only, Block only, Allow all, Block all). |
Example
{
"destinationIpsMaxCountRestriction": PropertyUspRestriction,
"explicitDestinationRestriction": PropertyUspRestriction,
"explicitServiceRestriction": PropertyUspRestriction,
"explicitSourceRestriction": PropertyUspRestriction,
"flowUspRestriction": FlowUspRestriction,
"lastHitMaxValRestriction": PropertyUspRestriction,
"mandatoryCommentRestriction": PropertyUspRestriction,
"mandatoryLogRestriction": PropertyUspRestriction,
"servicesMaxCountRestriction": PropertyUspRestriction,
"sourceIpsMaxCountRestriction": PropertyUspRestriction,
"trafficUspRestriction": TrafficUspRestriction
}
UspRestrictionsInput
Description
USP restriction (UspRestriction).
Fields
| Input Field | Description |
|---|---|
destinationIpsMaxCountRestriction - PropertyUspRestrictionInput
|
Defines the maximum IPs addresses allowed by a rule's destination field. |
explicitDestinationRestriction - PropertyUspRestrictionInput
|
Defines that a rule destination field must contain only explicit objects. |
explicitServiceRestriction - PropertyUspRestrictionInput
|
Defines that a rule services field must have contain explicit objects. |
explicitSourceRestriction - PropertyUspRestrictionInput
|
Defines that a rule source field must contain only explicit objects. |
flowUspRestriction - FlowUspRestrictionInput
|
Flow restriction. |
lastHitMaxValRestriction - PropertyUspRestrictionInput
|
Defines how many days a rule could not get passed by any traffic. |
mandatoryCommentRestriction - PropertyUspRestrictionInput
|
Enforces comment in rules. |
mandatoryLogRestriction - PropertyUspRestrictionInput
|
Enforces logging in rules. |
servicesMaxCountRestriction - PropertyUspRestrictionInput
|
Defines the maximum services allowed in a rule's services field. |
sourceIpsMaxCountRestriction - PropertyUspRestrictionInput
|
Defines the maximum IP addresses allowed by a rule's source field. |
trafficUspRestriction - TrafficUspRestrictionInput
|
Traffic restriction. |
Example
{
"destinationIpsMaxCountRestriction": PropertyUspRestrictionInput,
"explicitDestinationRestriction": PropertyUspRestrictionInput,
"explicitServiceRestriction": PropertyUspRestrictionInput,
"explicitSourceRestriction": PropertyUspRestrictionInput,
"flowUspRestriction": FlowUspRestrictionInput,
"lastHitMaxValRestriction": PropertyUspRestrictionInput,
"mandatoryCommentRestriction": PropertyUspRestrictionInput,
"mandatoryLogRestriction": PropertyUspRestrictionInput,
"servicesMaxCountRestriction": PropertyUspRestrictionInput,
"sourceIpsMaxCountRestriction": PropertyUspRestrictionInput,
"trafficUspRestriction": TrafficUspRestrictionInput
}
UspRiskAnalysisTask
Description
Calculation results of a Risk Analysis task. Permission requires
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The date that the task entity was last changed. |
errors - [AccessRequestError!]
|
AccessRequestErrors occurred during calculation.
|
id - ID!
|
Task ID. |
isCompleted - Boolean
|
True when all of the task's access requests calculations are completed. |
name - String
|
This property is not supported. |
processedAccessRequests - [String!]
|
List of the the processed access requests in task. |
requestsCount - Int
|
Number of access requests in task. |
timestamp - DateTime
|
The date and time that the task was created. |
violations - [RiskAnalysisViolation!]
|
List of RiskAnalysisViolation representing the violations calculation results of the tasks' access requests. Permission requires |
Example
{
"changed": "2007-12-03T10:15:30Z",
"errors": [AccessRequestError],
"id": 4,
"isCompleted": false,
"name": "abc123",
"processedAccessRequests": ["xyz789"],
"requestsCount": 987,
"timestamp": "2007-12-03T10:15:30Z",
"violations": [RiskAnalysisViolation]
}
UspRiskAnalysisTaskQuery
Description
Query for UspRiskAnalysisTask objects. These objects can be filtered with a TQL query.
Fields
| Field Name | Description |
|---|---|
count - Long!
|
The total count of UspRiskAnalysisTask objects matching the specified filter. |
values - [UspRiskAnalysisTask!]!
|
A list of UspRiskAnalysisTask objects matching the specified filter. |
Example
{"count": {}, "values": [UspRiskAnalysisTask]}
UspRuleException
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
Permission requires |
approver - String
|
User that approved the UspException. Permission requires |
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
creator - String
|
Username of UspException creator. Permission requires |
description - String
|
UspException description. |
disabled - Boolean
|
If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires |
domain - Domain
|
Permission requires |
id - ID!
|
The internal unique identifier for this entity |
invalid - Boolean
|
If true, the USP exception is not valid. Permission requires |
name - String
|
The name of the entity |
rules - [Rule!]
|
Permission requires |
ticketId - String
|
SecureChange ticket ID. Permission requires |
timeCreated - DateTime
|
Date UspException was created. Permission requires |
timeEnd - DateTime
|
Last date that the UspException is active. Permission requires |
timeStart - DateTime
|
First date that the UspException is active. Permission requires |
usps - [UspCondition!]
|
UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires
|
Example
{
"appliedToAnyDomain": true,
"approver": "xyz789",
"changed": "2007-12-03T10:15:30Z",
"creator": "xyz789",
"description": "abc123",
"disabled": false,
"domain": Domain,
"id": 4,
"invalid": true,
"name": "xyz789",
"rules": [Rule],
"ticketId": "xyz789",
"timeCreated": "2007-12-03T10:15:30Z",
"timeEnd": "2007-12-03T10:15:30Z",
"timeStart": "2007-12-03T10:15:30Z",
"usps": [UspCondition]
}
UspTrafficException
Fields
| Field Name | Description |
|---|---|
appliedToAnyDomain - Boolean
|
Permission requires |
approver - String
|
User that approved the UspException. Permission requires |
changed - DateTime
|
The most recent time that this entity was directly modified Permission requires |
creator - String
|
Username of UspException creator. Permission requires |
description - String
|
UspException description. |
destinationEntities - [NetworkObject!]
|
Destination condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. Permission requires |
destinations - [String!]
|
Condition on RuleViolations' destinations - list of IPs/subnets. The condition is satisfied if destinations intersect with RuleViolation destinations. Permission requires |
disabled - Boolean
|
If true, the UspException is disabled and will not have impact on RuleViolations. Permission requires |
domain - Domain
|
Permission requires |
id - ID!
|
The internal unique identifier for this entity |
invalid - Boolean
|
If true, the USP exception is not valid. Permission requires |
name - String
|
The name of the entity |
servicesAndApplications - ServicesAndApplicationsCondition
|
ServicesAndApplicationsCondition on RuleViolations' services and applications. The condition is satisfied if either services or applications intersect with RuleViolation. Permission requires
|
sourceEntities - [NetworkObject!]
|
Source condition - list of network object UIDs. Supported object types: Host, Subnet, IP Range, Network group, Network-with-exclusion group, Zone intersectable micro-segmented group. Permission requires |
sources - [String!]
|
Condition on RuleViolations' sources - list of IPs/subnets. The condition is satisfied if sources intersect with RuleViolation sources. Permission requires |
ticketId - String
|
SecureChange ticket ID. Permission requires |
timeCreated - DateTime
|
Date UspException was created. Permission requires |
timeEnd - DateTime
|
Last date that the UspException is active. Permission requires |
timeStart - DateTime
|
First date that the UspException is active. Permission requires |
usps - [UspCondition!]
|
UspCondition on RuleViolations' Usps and SecurityZone pairs. The condition is satisfied if RuleViolation violates one of the configured UspConditions. Permission requires
|
Example
{
"appliedToAnyDomain": true,
"approver": "abc123",
"changed": "2007-12-03T10:15:30Z",
"creator": "abc123",
"description": "xyz789",
"destinationEntities": [AccessRole],
"destinations": ["xyz789"],
"disabled": true,
"domain": Domain,
"id": 4,
"invalid": true,
"name": "abc123",
"servicesAndApplications": ServicesAndApplicationsCondition,
"sourceEntities": [AccessRole],
"sources": ["xyz789"],
"ticketId": "abc123",
"timeCreated": "2007-12-03T10:15:30Z",
"timeEnd": "2007-12-03T10:15:30Z",
"timeStart": "2007-12-03T10:15:30Z",
"usps": [UspCondition]
}
VM
Description
A virtual machine (VM) is a software program or operating system that not only exhibits the behavior of a separate computer, but is also capable of performing tasks such as running applications and programs like a separate computer
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
ipAddresses - [IpAddress!]
|
List of IP addresses |
name - String
|
The name of the entity |
nics - [NIC!]
|
Collection of virtual network interface cards. The emulation of a physical network adapters (NICs) |
state - VMTufinState
|
|
subnets - [Subnet!]
|
Collection of sub-networks |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": 4,
"ipAddresses": [IpAddress],
"name": "xyz789",
"nics": [NIC],
"state": "NOT_RUNNING",
"subnets": [Subnet],
"system": BasicSystem,
"version": 987
}
VMTufinState
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"NOT_RUNNING"
VendorName
Description
Device vendor name
Values
| Enum Value | Description |
|---|---|
|
|
Amazon.com, Inc. |
|
|
Barracuda |
|
|
Check Point software technologies |
|
|
Cisco Systems |
|
|
|
|
|
Fortinet |
|
|
Google Cloud Platform (GCP) |
|
|
Juniper Networks, Inc. |
|
|
Microsoft Corporation |
|
|
Palo Alto Networks |
|
|
Fallback value for unknown vendors |
|
|
VMware, Inc. |
|
|
Zscaler |
Example
"AMAZON"
VersionEntityType
Values
| Enum Value | Description |
|---|---|
|
|
Example
"RULE"
VersionQuery
Fields
| Field Name | Description |
|---|---|
entityChanges - EntityChangesQuery!
|
|
Arguments
|
|
entityVersions - EntityVersionsQuery!
|
|
Arguments
|
|
Example
{
"entityChanges": EntityChangesQuery,
"entityVersions": EntityVersionsQuery
}
VersionStatus
Description
The progress status of a specific version of changes (IN_PROGRESS, COMPLETED, or ERROR).
Fields
| Field Name | Description |
|---|---|
apiV1VersionId - String
|
The internal unique identifier of the version in the legacy API. |
created - DateTime
|
The date and time that the version was created. |
status - ProgressStatus
|
The progress status of the version processing. |
steps - [StepStatus!]
|
The progress status of each version-related calculation. |
versionId - Int!
|
A sequential number assigned to each change to identify the order in which changes were made. |
Example
{
"apiV1VersionId": "abc123",
"created": "2007-12-03T10:15:30Z",
"status": "COMPLETED",
"steps": [StepStatus],
"versionId": 123
}
ViolationOrigin
Description
This defines policy and device that the violating securityPolicies are installed on.
Fields
| Field Name | Description |
|---|---|
securityPolicy - SecurityPolicy
|
SecurityPolicy that the rule evaluates.
|
violatingDevice - BasicDevice
|
Device (such as physical devices, virtual devices, cloud, or managed devices) that the violating securityPolicies are installed on.
|
Example
{
"securityPolicy": SecurityPolicy,
"violatingDevice": BasicDevice
}
ViolationSeverity
Description
Level of risk of the violation.
Values
| Enum Value | Description |
|---|---|
|
|
The violation is critical. |
|
|
The violation is very risky. |
|
|
The violation is not risky. |
|
|
The violation is not very risky. |
Example
"CRITICAL"
Visibility
Description
Entity visibility definition.
Values
| Enum Value | Description |
|---|---|
|
|
Visible for all participants. |
Example
"PUBLIC"
VpnCommunity
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "abc123",
"device": BasicDevice,
"id": "4",
"name": "abc123",
"system": BasicSystem,
"version": 123
}
VpnPredefinedValue
Description
Predefined values for VPN entities of type Any
Values
| Enum Value | Description |
|---|---|
|
|
Any VPN community |
|
|
Any gateway to gateway VPN |
|
|
Any VPN |
Example
"ALL_COMMUNITIES"
WorkFlowType
Description
The type of workflow.
Values
| Enum Value | Description |
|---|---|
|
|
Decommission rules. |
|
|
Modify rules. |
|
|
Recertify rules. |
Example
"DECOMMISSION_RULES"
Zone
Description
Group of one or more interfaces or networks
Fields
| Field Name | Description |
|---|---|
changed - DateTime
|
The most recent time that this entity was directly modified |
comment - String
|
A text comment associated with this entity |
device - BasicDevice
|
The device that this entity belongs to |
id - ID!
|
The internal unique identifier for this entity |
name - String
|
The name of the entity |
system - BasicSystem
|
The system (root device) that this entity belongs to |
version - Int!
|
A sequential number assigned to each change to identify the order in which changes were made |
zoneType - ZoneType
|
Device specific zone type |
Example
{
"changed": "2007-12-03T10:15:30Z",
"comment": "xyz789",
"device": BasicDevice,
"id": 4,
"name": "xyz789",
"system": BasicSystem,
"version": 987,
"zoneType": "ZONE_LAYER2"
}
ZoneManualMappingInput
Description
Updates the mapping of the SecureTrack network zones for a specific interface and ZoneMappingType
Fields
| Input Field | Description |
|---|---|
appliedToAnyDomain - Boolean!
|
True indicates that the mapping of the device will be updated for All Domains. False indicates that the mapping will be updated only for the specified domain.
|
deviceId - IdString!
|
The Device ID |
domain - IdString
|
The ID of the domain that the mapping will be updated for. Note: If appliedToAnyDomain is set to True this value is ignored. |
interfaceId - IdString!
|
The Interface ID |
mappingType - ZoneMappingType!
|
The ZoneMappingType value |
zonesIds - [ZoneMappingMutationsInput!]!
|
List of SecureTrack network zone IDs that are manually mapped to the interface and the specified ZoneMappingType |
Example
{
"appliedToAnyDomain": false,
"deviceId": IdString,
"domain": IdString,
"interfaceId": IdString,
"mappingType": "DIRECTLY_CONNECTED",
"zonesIds": [ZoneMappingMutationsInput]
}
ZoneManualMappingResult
Description
Returns the status result when updating the mapping of SecureTrack network zones for a specific interface and ZoneMappingType
Fields
| Field Name | Description |
|---|---|
resultStatus - ResultStatus!
|
Status of the request to update the mapping of SecureTrack network zones for a specific interface and ZoneMappingType |
Example
{"resultStatus": ResultStatus}
ZoneMappingActionType
Description
The action to perform on the zone mapping
Values
| Enum Value | Description |
|---|---|
|
|
Add a zone to the zone mapping |
|
|
Delete a zone from the zone mapping |
|
|
Exclude a zone from the zone mapping |
Example
"ADD"
ZoneMappingInput
Description
Mapping between the regulation zone to the SecureTrack network zone.
Example
{
"appliedToAnyDomain": false,
"domain": IdString,
"predefinedZoneName": Name,
"securityZoneId": IdString
}
ZoneMappingMutation
Description
The ZoneMappingMutation entity enables you to add, update, or delete the mapping of SecureTrack network zones to a Device
Fields
| Field Name | Description |
|---|---|
updateDeviceInclusionInCalculation - UpdateDeviceInclusionInCalculationResult!
|
Update whether the Device is included in the violation calculation |
Arguments |
|
updateMappings - ZoneManualMappingResult!
|
Update the mapping of SecureTrack network zones for a specific interface and ZoneMappingType |
Arguments
|
|
updateProtectionMode - UpdateProtectionModeResult!
|
Update the protection mode of the Device to the type of SecureTrack network zones that will be used in the violation calculation. Zones could be directly connected to the interface or have a route that passes through the interface. |
Arguments
|
|
Example
{
"updateDeviceInclusionInCalculation": UpdateDeviceInclusionInCalculationResult,
"updateMappings": ZoneManualMappingResult,
"updateProtectionMode": UpdateProtectionModeResult
}
ZoneMappingMutationsInput
Fields
| Input Field | Description |
|---|---|
action - ZoneMappingActionType!
|
|
securityZoneId - IdString!
|
Example
{"action": "ADD", "securityZoneId": IdString}
ZoneMappingType
Description
The ZoneMappingType identifies whether the connection is a direct connection between two devices, or is routed through multiple devices
Values
| Enum Value | Description |
|---|---|
|
|
Zones are directly connected to the interface |
|
|
Zones have a connection that is routed through multiple devices |
Example
"DIRECTLY_CONNECTED"
ZonePair
Description
Either or both - fromZone or toZone may be empty. An empty zone is considered as 'all' zones in the given usp.
Fields
| Field Name | Description |
|---|---|
fromZone - SecurityZone
|
SecureTrack zone. |
toZone - SecurityZone
|
SecureTrack zone. |
Example
{
"fromZone": SecurityZone,
"toZone": SecurityZone
}
ZonePairInput
ZonePredefinedValue
Description
Predefined values to define Any zone
Values
| Enum Value | Description |
|---|---|
|
|
Any zone |
Example
"ANY_ZONE"
ZoneToZoneUspRequirementMatcher
Description
The USP pair (source zone, destination zone) that the USP requirement applies to.
Fields
| Field Name | Description |
|---|---|
destination - SecurityZone
|
The destination zone. |
source - SecurityZone
|
The source zone. |
Example
{
"destination": SecurityZone,
"source": SecurityZone
}
ZoneType
Description
Device specific zone type
Values
| Enum Value | Description |
|---|---|
|
|
Zone of layer 2 trunk ports |
|
|
Zone of layer 3 trunk ports |
|
|
Zone of VPN tunnels |
Example
"ZONE_LAYER2"
ZonesRelation
Description
Zone relation definition on device side
Values
| Enum Value | Description |
|---|---|
|
|
External zone |
|
|
Internal zone |
|
|
Zone with not defined relation |
Example
"INTERZONE"
countsOrderBy
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"COUNT"
orderDirection
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ASC"