Mutations

GraphQL mutations allow you to update TOS data. For example you could modify zone mapping or add a security zone to a USP.

The following types of mutations are available:

  • riskAnalysisMutation: Create a USP risk analysis task.

  • ruleOperationsMutation: Creates a ticket draft in SecureChange

  • ruleUserDataMutation: Update the description, technical owner, or automation attributes, or to create, delete, or update tickets associated with a single or multiple rule

  • systemMutation: Creates, deletes, or modifies a system, or root device. For example, you could add a device to an existing system.

  • userTQLSearchMutation: Create, update, or delete TQL queries.

  • uspMutation: Creates, deletes, or modifies USPs. For example, you could add a zone to a USP

  • alertConfigMutation: Creates, modifies, or deletes USP alerts.

  • Modifying USP Exceptions: Creates, modifies, or deletes USP Exceptions.

  • ZoneMappingMutation: Adds, modifies, or deletes the mapping of SecureTrack network zones to a device.

  • deviceConfigurationMutation: Updates device configurations

Mutation Examples

Modifying USP Exceptions

The following mutation creates a USP exception that applies to all domains and includes IPs, zones, and entities for the source and destination.

mutation{
 uspException{
   createUspTrafficException(input:{
     appliedToAnyDomain:true
     approver:"Approver Name"
     description:"Description text"
     disabled:false
     name:"Usp traffic exception name"
     sources:["1.1.1.1","2.2.2.2"]
     sourceZoneIds:["zone1 id", "zone2 id"]
     sourceEntityIds:["entity id"]
     destinations:["1.2.3.4"]
     destinationZoneIds:["zone3 id", "zone4 id"]
     destinationEntityIds:["entity id"]
     servicesAndApplications:{
       services:["TCP","UDP","SSH"],
       applications:["Youtube","Facebook","DNS Protocol"]
     }
   })
   {
     id
     resultStatus{
       errors{
         errorCode
       }
       successful
     }
   }
 }
}

Modifying Zone Mapping

The following mutation adds the security zone zone-1 to the device device-1.

mutation {
  zoneMapping {
    updateMappings(input: {
      deviceId: "device-1",
      interfaceId: "interface-1"
      mappingType: ROUTE
      zonesIds: {action: ADD, securityZoneId: "zone-1"}
     }
    )
  }
}

Modifying USP

The following mutation adds the Zone zone-1 to the USP myUSP.

mutation {
  usp {
    addSecurityZonesToUsp(input: {
      uspId: "MyUSP",
      securityZonesIds: ["zone-1"]
     }
    )
     {
    resultStatus {
      successful
      errorMessage
    }
   }
  }
}

Updating Device Configurations

Changing the Data Collection Window Globally for Rule Optimizer Recommendations

The following mutation explains how to change the Data Collection Window globally for Rule Optimizer recommendations. The value is the number of days in the Data Collection Window. In the example below the Data Collection Window is set to 40 days.

mutation {
deviceConfiguration {
    updateDefaultDeviceAdjustment(input: {
        adjustment: {name:
            RULE_OPTIMIZER_COLLECTING_WINDOW_IN_DAYS,
            value: {intValue: 40},
            valueType: INT_VALUE},
            }){
        resultStatus {
        successful
        }
    }
  }
}

Changing the Data Collection Window Per Device for Rule Optimizer Recommendations

The following mutation explains how to change the Data Collection Window per device for Rule Optimizer recommendations. The value is the number of days in the Data Collection Window. In the example below the Data Collection Window is set to 40 days for the device with the deviceID: viHEb6vtzjfU53ft6H_eWA==.

mutation {
deviceConfiguration {
    updateDefaultDeviceAdjustment(input: {  deviceAdjustments: [{name:
        RULE_OPTIMIZER_COLLECTING_WINDOW_IN_DAYS,
        value: {IntValue: 40},
        valueType: INT_VALUE}],
    deviceId : "viHEb6vtzjfU53ft6H_eWA=="
    }
        ){
        resultStatus {
        successful
      }
    }
  }
}

Configuring Special Object Mode Globally for Rule Optimizer Recommendations

The following mutation explains how to configure special object mode globally for Rule Optimizer recommendations. If set to true, fields with special objects remain unchanged in the recommendation. If set to false, fields with special objects will have IP-based recommendations.

mutation {
deviceConfiguration {
    updateDefaultDeviceAdjustment(input: {
        adjustment: {name:
            RULE_OPTIMIZER_IS_SPECIAL_OBJECT_MODE_ENABLED,
            value: {boolValue: true},
            valueType: BOOL_VALUE},
            }){
        resultStatus {
        successful
        }
    }
  }
}

Configuring Special Object Mode Per Device for Rule Optimizer Recommendations

The following mutation explains how to configure special object mode per device for Rule Optimizer recommendations. Per device settings override global settings

mutation {
deviceConfiguration {
    updateDeviceAdjustments(input: {      deviceAdjustments: [ {name:
        RULE_OPTIMIZER_IS_SPECIAL_OBJECT_MODE_ENABLED,
        value: {boolValue: true},
        valueType: BOOL_VALUE}],
        deviceId : "viHEb6vtzjfU53ft6H_eWA=="
    }
        ){
        resultStatus{
        successful
           }
      }
     }
}