Mutations

GraphQL mutations allow you to update TOS data. For example you could modify zone mapping or add a security zone to a USP.

The following types of mutations are available:

• riskAnalysis: Create a USP risk analysis task.

• ruleOperations: Creates a ticket draft in SecureChange

• ruleUserData: Update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rule

• system: Creates, deletes, or modifies a system, or root device. For example, you could add a device to an existing system.

• userTQLSearch: Create, update, or delete TQL queries.

• usp: Creates, deletes, or modifies USPs. For example, you could add a zone to a USP

• alertConfig: Creates, modifies, or deletes USP alerts.

• uspException: Creates, modifies, or deletes USP Exceptions.

• zoneMapping: Adds, modifies, or deletes the mapping of SecureTrack network zones to a device.

• deviceConfiguration: Updates device configurations

  • Designer rule name settings: Configures the rule name prefix, pattern, and maximum length used by Designer for OPM devices.

Mutation examples

Modifying USP exceptions

The following mutation creates a USP exception that applies to all domains and includes IPs, zones, and entities for the source and destination.

mutation{
 uspException{
   createUspTrafficException(input:{
     appliedToAnyDomain:true
     approver:"Approver Name"
     description:"Description text"
     disabled:false
     name:"Usp traffic exception name"
     sources:["1.1.1.1","2.2.2.2"]
     sourceZoneIds:["zone1 id", "zone2 id"]
     sourceEntityIds:["entity id"]
     destinations:["1.2.3.4"]
     destinationZoneIds:["zone3 id", "zone4 id"]
     destinationEntityIds:["entity id"]
     servicesAndApplications:{
       services:["TCP","UDP","SSH"],
       applications:["Youtube","Facebook","DNS Protocol"]
     }
   })
   {
     id
     resultStatus{
       errors{
         errorCode
       }
       successful
     }
   }
 }
}

Modifying zone mapping

The following mutation adds the security zone zone-1 to the device device-1.

mutation {
  zoneMapping {
    updateMappings(input: {
      deviceId: "device-1",
      interfaceId: "interface-1"
      mappingType: ROUTE
      zonesIds: {action: ADD, securityZoneId: "zone-1"}
     }
    )
  }
}

Modifying USP

The following mutation adds the Zone zone-1 to the USP myUSP.

mutation {
  usp {
    addSecurityZonesToUsp(input: {
      uspId: "MyUSP",
      securityZonesIds: ["zone-1"]
     }
    )
     {
    resultStatus {
      successful
      errorMessage
    }
   }
  }
}

Updating device configurations

Changing the data collection window globally for Rule Optimizer recommendations

The following mutation changes the global data collection period for Rule Optimizer recommendations. The value represents the number of days, which in this example is set to 40.

mutation {
deviceConfiguration {
    updateDefaultDeviceAdjustment(input: {
        adjustment: {name:
            RULE_OPTIMIZER_COLLECTING_WINDOW_IN_DAYS,
            value: {intValue: 40},
            valueType: INT_VALUE},
            }){
        resultStatus {
        successful
        }
    }
  }
}

Changing the data collection window per device for Rule Optimizer recommendations

The following mutation changes the data collection period per device for Rule Optimizer recommendations. The value represents the number of days, which in this example is set to 40 for the device with the ID viHEb6vtzjfU53ft6H_eWA==.

mutation {
deviceConfiguration {
    updateDefaultDeviceAdjustment(input: {  deviceAdjustments: [{name:
        RULE_OPTIMIZER_COLLECTING_WINDOW_IN_DAYS,
        value: {IntValue: 40},
        valueType: INT_VALUE}],
    deviceId : "viHEb6vtzjfU53ft6H_eWA=="
    }
        ){
        resultStatus {
        successful
      }
    }
  }
}

Configuring special object mode globally for Rule Optimizer recommendations

The following mutation explains how to configure special object mode globally for Rule Optimizer recommendations. If set to true, fields with special objects remain unchanged in the recommendation. If set to false, fields with special objects will have IP-based recommendations.

mutation {
deviceConfiguration {
    updateDefaultDeviceAdjustment(input: {
        adjustment: {name:
            RULE_OPTIMIZER_IS_SPECIAL_OBJECT_MODE_ENABLED,
            value: {boolValue: true},
            valueType: BOOL_VALUE},
            }){
        resultStatus {
        successful
        }
    }
  }
}

Configuring special object mode per device for Rule Optimizer recommendations

The following mutation explains how to configure special object mode per device for Rule Optimizer recommendations. Per device settings override global settings

mutation {
deviceConfiguration {
    updateDeviceAdjustments(input: {      deviceAdjustments: [ {name:
        RULE_OPTIMIZER_IS_SPECIAL_OBJECT_MODE_ENABLED,
        value: {boolValue: true},
        valueType: BOOL_VALUE}],
        deviceId : "viHEb6vtzjfU53ft6H_eWA=="
    }
        ){
        resultStatus{
        successful
           }
      }
     }
}

Configuring Designer rule name settings

Available starting in R25-2 HF1. Use these mutations to customize the rule name that Designer suggests for OPM devices. You can set the maximum length, allowed pattern, and a prefix. Global settings apply to all devices. Per-device settings override the global configuration.

Setting the maximum rule name length globally

The default maximum is 32 characters. The example below sets the maximum to 64 characters for all devices.

mutation {
  deviceConfiguration {
    updateDefaultDeviceAdjustment(
      input: {
        adjustment: {
          name: RULE_NAME_MAX_CHARACTERS
          valueType: INT_VALUE
          value: { intValue: 64 }
        }
      }
    ) {
      resultStatus {
        successful
        errors {
          errorCode
          errorMessage
        }
      }
    }
  }
}

Setting the maximum rule name length per device

The example below sets the maximum to 128 characters for a specific device.

mutation {
  deviceConfiguration {
    updateDeviceAdjustments(
      input: {
        deviceId: "fUntK-YVst6-Zs6weytKRA=="
        deviceAdjustments: [
          {
            name: RULE_NAME_MAX_CHARACTERS
            valueType: INT_VALUE
            value: { intValue: 128 }
          }
        ]
      }
    ) {
      resultStatus {
        successful
        errors {
          errorCode
          errorMessage
        }
      }
    }
  }
}

Setting the rule name pattern

By default, Designer allows only alphanumeric characters. The example below allows names that start with a digit and include letters, digits, underscores, or hyphens.

mutation {
  deviceConfiguration {
    updateDefaultDeviceAdjustment(
      input: {
        adjustment: {
          name: RULE_NAME_PATTERN
          valueType: PATTERN_VALUE
          value: { patternValue: "^[0-9][A-Za-z0-9_-]*$" }
        }
      }
    ) {
      resultStatus {
        successful
        errors {
          errorCode
          errorMessage
        }
      }
    }
  }
}

Setting a rule name prefix globally

The example below sets a Custom_ prefix for all suggested rule names on all devices.

mutation {
  deviceConfiguration {
    updateDefaultDeviceAdjustment(
      input: {
        adjustment: {
          name: RULE_NAME_PREFIX
          valueType: STRING_VALUE
          value: { stringValue: "Custom_" }
        }
      }
    ) {
      resultStatus {
        successful
        errors {
          errorCode
          errorMessage
        }
      }
    }
  }
}