OBJECT

Mutation

link GraphQL Schema definition

  • type Mutation {
  • # Store an item with key in the storage
  • #
  • # Arguments
  • # key: [Not documented]
  • # value: [Not documented]
  • setInStorage(key: String!, value: String!): Storage!
  • # Change asset details. This mutation doesn't support reset of list-based values
  • # back to system chosen values.
  • # e.g. to reset a user defined asset type to the value given it by the system one
  • # should use updateAssetWithRemove with type='_RemoveUserDefinedValue'
  • #
  • # Arguments
  • # name: null is no change to value
  • # type: null is no change to value
  • # location: null is no change to value
  • # description: null is no change to value
  • # customFields: null is no change to value
  • # purdueLevel: null is no change to value
  • # criticality: null is no change to value
  • # id: [Not documented]
  • updateAsset(
  • name: String,
  • type: AssetType,
  • location: String,
  • description: String,
  • customFields: CustomFieldValue,
  • purdueLevel: PurdueLevel,
  • criticality: Criticality,
  • id: ID!
  • ): Asset! @deprecated( reason: "Replaced with updateAssetWithRemove" )
  • # Change asset details (with the ability to reset list-based values back to system
  • # values)
  • # moving the asset's ips to another segments is not supported by this mutation
  • # to do that use 'setIpSegments' mutation
  • #
  • # Arguments
  • # name: null is no change to value
  • # type: null is no change to value
  • # location: null is no change to value
  • # description: null is no change to value
  • # customFields: null is no change to value
  • # purdueLevel: null is no change to value
  • # criticality: null is no change to value
  • # id: [Not documented]
  • updateAssetWithRemove(
  • name: String,
  • type: UserDefinedAssetType,
  • location: String,
  • description: String,
  • customFields: CustomFieldValue,
  • purdueLevel: UserDefinedPurdueLevel,
  • criticality: UserDefinedCriticality,
  • id: ID!
  • ): Asset!
  • # Change assets details. This mutation doesn't support reset of list-based values
  • # back to system chosen values.
  • # e.g. to reset user defined assets types to the values given them by the system
  • # one should use bulkEditAssetsWithRemove with type='_RemoveUserDefinedValue'
  • #
  • # Arguments
  • # filter: [Not documented]
  • # search: [Not documented]
  • # sort: [Not documented]
  • # slowCount: When requesting totalCount set this to true to wait
  • # for count query to complete.
  • # Otherwise, countTimeout is used to limit the execution time, resulting in -1
  • # when limit is reached.
  • # countTimeout: Time (in milliseconds) to wait for count query to
  • # return.
  • # Only applicable when slowCount is not set.
  • # name: null is no change to value
  • # type: null is no change to value
  • # location: null is no change to value
  • # description: null is no change to value
  • # customFields: null is no change to value
  • # purdueLevel: null is no change to value
  • # criticality: null is no change to value
  • # segment: Segment's Id
  • bulkEditAssets(
  • filter: AssetExpressionsParams,
  • search: String,
  • sort: [AssetSortParams!],
  • slowCount: Boolean,
  • countTimeout: Int,
  • name: String,
  • type: AssetType,
  • location: String,
  • description: String,
  • customFields: CustomFieldValue,
  • purdueLevel: PurdueLevel,
  • criticality: Criticality,
  • segment: ID
  • ): BulkOpAssetsResult! @deprecated( reason: "Replaced with bulkEditAssetsWithRemove" )
  • # Change assets details (with the ability to reset list-based values back to
  • # system values)
  • # segment bulk edit is supported only for assets with one ip
  • #
  • # Arguments
  • # filter: [Not documented]
  • # search: [Not documented]
  • # sort: [Not documented]
  • # slowCount: When requesting totalCount set this to true to wait
  • # for count query to complete.
  • # Otherwise, countTimeout is used to limit the execution time, resulting in -1
  • # when limit is reached.
  • # countTimeout: Time (in milliseconds) to wait for count query to
  • # return.
  • # Only applicable when slowCount is not set.
  • # name: null is no change to value
  • # type: null is no change to value
  • # location: null is no change to value
  • # description: null is no change to value
  • # customFields: null is no change to value
  • # purdueLevel: null is no change to value
  • # criticality: null is no change to value
  • # segment: Segment's Id
  • bulkEditAssetsWithRemove(
  • filter: AssetExpressionsParams,
  • search: String,
  • sort: [AssetSortParams!],
  • slowCount: Boolean,
  • countTimeout: Int,
  • name: String,
  • type: UserDefinedAssetType,
  • location: String,
  • description: String,
  • customFields: CustomFieldValue,
  • purdueLevel: UserDefinedPurdueLevel,
  • criticality: UserDefinedCriticality,
  • segment: ID
  • ): BulkOpAssetsResult!
  • # Hide assets
  • #
  • # Arguments
  • # filter: [Not documented]
  • # search: [Not documented]
  • # sort: [Not documented]
  • # slowCount: When requesting totalCount set this to true to wait
  • # for count query to complete.
  • # Otherwise, countTimeout is used to limit the execution time, resulting in -1
  • # when limit is reached.
  • # countTimeout: Time (in milliseconds) to wait for count query to
  • # return.
  • # Only applicable when slowCount is not set.
  • # comment: [Not documented]
  • bulkHideAsset(
  • filter: AssetExpressionsParams,
  • search: String,
  • sort: [AssetSortParams!],
  • slowCount: Boolean,
  • countTimeout: Int,
  • comment: String
  • ): BulkOpAssetsResult!
  • # Restore assets
  • #
  • # Arguments
  • # filter: [Not documented]
  • # search: [Not documented]
  • # sort: [Not documented]
  • # slowCount: When requesting totalCount set this to true to wait
  • # for count query to complete.
  • # Otherwise, countTimeout is used to limit the execution time, resulting in -1
  • # when limit is reached.
  • # countTimeout: Time (in milliseconds) to wait for count query to
  • # return.
  • # Only applicable when slowCount is not set.
  • bulkRestoreAsset(
  • filter: AssetExpressionsParams,
  • search: String,
  • sort: [AssetSortParams!],
  • slowCount: Boolean,
  • countTimeout: Int
  • ): BulkOpAssetsResult
  • # Hides an asset
  • #
  • # Arguments
  • # id: [Not documented]
  • # comment: [Not documented]
  • hideAsset(id: ID!, comment: String): HiddenAsset!
  • # Restores a hidden asset
  • #
  • # Arguments
  • # id: [Not documented]
  • restoreAsset(id: ID!): Asset!
  • # Set addresses of assets to delete
  • #
  • # Arguments
  • # addresses: [Not documented]
  • setAddressesPendingDeletion(addresses: [String!]!): AddressesPendingDeletion!
  • # Generate attack vector for asset
  • #
  • # Arguments
  • # dstAsset: [Not documented]
  • # constraints: [Not documented]
  • generateAttackVector(
  • dstAsset: ID!,
  • constraints: AttackVectorLimitationsParams!
  • ): Job!
  • # Rename backplane
  • #
  • # Arguments
  • # id: [Not documented]
  • # name: [Not documented]
  • renameBackplane(id: ID!, name: String!): Backplane!
  • # Resolve unresolved event
  • #
  • # Arguments
  • # id: [Not documented]
  • # comment: [Not documented]
  • resolveEvent(id: ID!, comment: String): Event!
  • # Resolve unresolved events with filter
  • #
  • # Arguments
  • # filter: [Not documented]
  • # search: [Not documented]
  • # sort: [Not documented]
  • # slowCount: When requesting totalCount set this to true to wait
  • # for count query to complete.
  • # Otherwise, countTimeout is used to limit the execution time, resulting in -1
  • # when limit is reached.
  • # countTimeout: Time (in milliseconds) to wait for count query to
  • # return.
  • # Only applicable when slowCount is not set.
  • # comment: [Not documented]
  • resolveEvents(
  • filter: EventsExpressionsParams,
  • search: String,
  • sort: [EventsSortParams!],
  • slowCount: Boolean,
  • countTimeout: Int,
  • comment: String
  • ): ResolveEventsResponse!
  • # Create capture for event
  • #
  • # Arguments
  • # id: [Not documented]
  • createEventCapture(id: ID!): Job!
  • # ReAct on an event
  • #
  • # Arguments
  • # eventId: [Not documented]
  • # actionId: [Not documented]
  • reActOnEvent(eventId: ID!, actionId: ID!): Job!
  • # Enable or disable the system
  • #
  • # Arguments
  • # enabled: [Not documented]
  • changeSystemStatus(enabled: Boolean!): Job!
  • # Shutdown or Reboots the system
  • #
  • # Arguments
  • # type: [Not documented]
  • shutdown(type: SystemShutdownType!): Job!
  • # Perform an identification query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerIdentification(force: Boolean, id: ID!): Job!
  • # Perform characteristics query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerCharacteristics(force: Boolean, id: ID!): Job!
  • # Perform characteristics query on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllCharacteristics(force: Boolean): Job!
  • # Perform a run status query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerRunStatus(force: Boolean, id: ID!): Job!
  • # Perform a run status query on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllRunStatus(force: Boolean): Job!
  • # Perform a snapshot on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerSnapshot(force: Boolean, id: ID!): Job!
  • # Perform a snapshot on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllSnapshot(force: Boolean): Job!
  • # Perform SNMP scan on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerSnmp(force: Boolean, id: ID!): Job!
  • # Perform SNMP scan on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllSnmp(force: Boolean): Job!
  • # Perform NBSTAT scan on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerNbStat(force: Boolean, id: ID!): Job!
  • # Perform NBSTAT scan on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllNbStat(force: Boolean): Job!
  • # Perform backplane scan on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerBackplaneScan(force: Boolean, id: ID!): Job!
  • # Perform backplane scan on all assets
  • triggerAllBackplaneScan: Job!
  • # Perform a DNS name query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerAssetNames(force: Boolean, id: ID!): [Job!]!
  • # Perform an ARP query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerAssetArps(force: Boolean, id: ID!): [Job!]!
  • # Perform a DNS name query on the given network interface
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerName(force: Boolean, id: ID!): Job!
  • # Perform an ARP query to the given network interface
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerArp(force: Boolean, id: ID!): Job!
  • # Perform a broadcast CIP discovery
  • triggerCipDiscovery: Job!
  • # Perform a broadcast DCP discovery
  • triggerDcpDiscovery: Job!
  • # Perform a broadcast FTE discovery
  • triggerFteDiscovery: Job!
  • # Perform a broadcast BACNet discovery
  • triggerBacnetDiscovery: Job!
  • # Perform a broadcast MELSEC discovery
  • triggerMelsecDiscovery: Job!
  • # Perform a broadcast Cognex discovery
  • triggerCognexDiscovery: Job!
  • # Perform a broadcast Beckhoff discovery
  • triggerBeckhoffDiscovery: Job!
  • # Perform a broadcast ABB NC discovery
  • triggerAbbNcDiscovery: Job!
  • # Perform WMI query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerAssetOsScan(force: Boolean, id: ID!): Job!
  • # Perform WMI query on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllOsScan(force: Boolean): Job!
  • # Perform WMI USB query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • triggerAssetWmiUsbScan(force: Boolean, id: ID!): Job!
  • # Perform WMI USB query on all assets
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • triggerAllWmiUsbScan(force: Boolean): Job!
  • # Perform active query on the given asset
  • #
  • # Arguments
  • # force: Forcing the query regardless of previous runs
  • # id: [Not documented]
  • # op: [Not documented]
  • triggerOpOnAsset(force: Boolean, id: ID!, op: AssetOpType!): Job!
  • # Perform active query on the given network interface
  • #
  • # Arguments
  • # id: [Not documented]
  • # op: [Not documented]
  • triggerOpOnNetworkInterface(
  • id: ID!,
  • op: NetworkInterfaceOpType!
  • ): Job!
  • # Perform query on all assets
  • #
  • # Arguments
  • # op: Operation type to execute on all qualifying assets
  • # force: [Not documented]
  • triggerAll(op: AllOpType!, force: Boolean): Job!
  • # Perform discovery for ICS devices on the network
  • triggerICSDiscovery: Job!
  • # Perform test WMI query on the given ip
  • #
  • # Arguments
  • # ip: IP
  • # username: User for WMI
  • # password: Password for WMI
  • testOsScan(ip: String!, username: String!, password: String): Job!
  • # set base revision
  • #
  • # Arguments
  • # asset: ID of the asset whose snapshot we want to set base
  • # revision: Base revision
  • setBase(asset: ID!, revision: ID!): Revision!
  • # Create or edit tag properties
  • #
  • # Arguments
  • # assetId: The asset id of the tag that is modified
  • # abbAc800Tag: [Not documented]
  • setTag(assetId: ID!, abbAc800Tag: AbbAc800FullTagParams): AssetTags!
  • # Delete an existing tag
  • #
  • # Arguments
  • # assetId: The asset id of the tag that is modified
  • # abbAc800Tag: [Not documented]
  • removeTag(assetId: ID!, abbAc800Tag: AbbAc800BaseTagParams): AssetTags!
  • # Set tag group
  • #
  • # Arguments
  • # id: ID
  • # name: the group name
  • # items: The list of tags in this group
  • # tagType: The type of the group
  • setTagGroup(
  • id: ID!,
  • name: String!,
  • items: [TagGroupItemParams!]!,
  • tagType: TagType!
  • ): TagGroup!
  • # Archive tag group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveTagGroup(id: ID!): TagGroup!
  • # Create a new tag group
  • #
  • # Arguments
  • # name: the group name
  • # items: The list of tags in this group
  • # tagType: The type of the group
  • newTagGroup(
  • name: String!,
  • items: [TagGroupItemParams!]!,
  • tagType: TagType!
  • ): TagGroup!
  • # New Tag Value policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • # tagGroup: Tag group
  • # min: min of value group
  • # max: max of value group
  • # any: Any value
  • newTagValuePolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • event: TagPolicyEvent!,
  • schedule: Group!,
  • tagGroup: Group!,
  • min: String,
  • max: String,
  • any: Boolean
  • ): Policy!
  • # Update Tag Value policy
  • #
  • # Arguments
  • # id: ID
  • # valueGroup: Value Group
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • # tagGroup: Tag group
  • # min: min of value group
  • # max: max of value group
  • # any: Any value
  • setTagValuePolicy(
  • id: ID!,
  • valueGroup: Group!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • event: TagPolicyEvent!,
  • schedule: Group!,
  • tagGroup: Group!,
  • min: String,
  • max: String,
  • any: Boolean
  • ): Policy!
  • # Performs initialization of the system
  • #
  • # Arguments
  • # fullName: [Not documented]
  • # userName: [Not documented]
  • # password: [Not documented]
  • # time: Time in RFC3339
  • # location: System location as defined in TZData
  • # config: [Not documented]
  • # reboot: [Not documented]
  • initSystem(
  • fullName: String!,
  • userName: String!,
  • password: String!,
  • time: String,
  • location: String,
  • config: JSON,
  • reboot: Boolean!
  • ): Job!
  • # Change the configuration of the system
  • #
  • # Arguments
  • # CharacteristicsInterval: [Not documented]
  • # NameQueryInterval: [Not documented]
  • # PortScanEnabled: [Not documented]
  • # RunStatusInterval: [Not documented]
  • # SnapshotInterval: [Not documented]
  • # CaptureEnabled: [Not documented]
  • # SelfSniffEnabled: [Not documented]
  • # SensorsAutoApprove: [Not documented]
  • changeConfiguration(
  • CharacteristicsInterval: [ScheduleParams!],
  • NameQueryInterval: [ScheduleParams!],
  • PortScanEnabled: Boolean,
  • RunStatusInterval: [ScheduleParams!],
  • SnapshotInterval: [ScheduleParams!],
  • CaptureEnabled: Boolean,
  • SelfSniffEnabled: Boolean,
  • SensorsAutoApprove: Boolean
  • ): Config!
  • # Performs system factory reset
  • #
  • # Arguments
  • # keepNetworkConfig: Should keep the network configuration or
  • # reset it
  • factoryReset(keepNetworkConfig: Boolean!): Job!
  • # Add user
  • #
  • # Arguments
  • # fullName: [Not documented]
  • # userName: [Not documented]
  • # groups: [Not documented]
  • # password: [Not documented]
  • addUser(fullName: String!, userName: String!, groups: [ID!]!, password: String!): User!
  • # Change user details
  • #
  • # Arguments
  • # userName: The username that performs the operation
  • # fullName: Requested full user name
  • setUserInfo(userName: String, fullName: String): User!
  • # Change user password
  • #
  • # Arguments
  • # newPassword: New Password
  • # password: Current password
  • # userName: The username that performs the operation
  • setPassword(newPassword: String, password: String, userName: String): User!
  • # Set user's groups
  • #
  • # Arguments
  • # userName: The username to set the group for
  • # newGroups: [Not documented]
  • setUserGroups(userName: String, newGroups: [ID!]!): User!
  • # Deletes the user
  • #
  • # Arguments
  • # userName: [Not documented]
  • deleteUser(userName: String!): User!
  • # Sets password of a user (by admin only)
  • #
  • # Arguments
  • # password: New Password
  • # userName: The username to set password for
  • setUserPassword(password: String!, userName: String!): User!
  • # Restart the scanning of this asset
  • #
  • # Arguments
  • # ip: [Not documented]
  • rescanIp(ip: String!): Job!
  • # scan a single port of this asset
  • #
  • # Arguments
  • # ip: [Not documented]
  • # port: [Not documented]
  • scanPort(ip: String!, port: Int!): Job!
  • # Set the system time, this will result in a system restart
  • #
  • # Arguments
  • # time: Time in RFC3339
  • # location: System location as defined in TZData
  • setSystemTime(time: String, location: String): SystemInfo!
  • # Set ips segment
  • #
  • # Arguments
  • # assetId: Asset Id
  • # ipSegments: Ip segments list
  • setIpSegments(assetId: ID!, ipSegments: [IpSegmentArgs!]!): [IpSegment!]!
  • # Set an asset group
  • #
  • # Arguments
  • # id: ID
  • # name: The group name
  • # type: The group type
  • # assetsIds: The list of asset IDs in this group
  • # ips: The list of IPs in this group
  • # startIp: The starting IP for the range
  • # endIp: The ending IP for the range
  • # assetType: The asset type to match. leave empty to any asset
  • # type
  • # family: The family to match. leave empty to any family
  • # vlan: The VLAN of the segment
  • # description: The segment description
  • setAssetGroup(
  • id: ID!,
  • name: String!,
  • type: AssetGroupType!,
  • assetsIds: [ID!],
  • ips: [String!],
  • startIp: String,
  • endIp: String,
  • assetType: AssetType,
  • family: String,
  • vlan: String,
  • description: String
  • ): AssetGroup!
  • # Create a new asset group
  • #
  • # Arguments
  • # name: The group name
  • # type: The group type
  • # assetsIds: The list of asset IDs in this group
  • # ips: The list of IPs in this group
  • # startIp: The starting IP for the range
  • # endIp: The ending IP for the range
  • # assetType: The asset type to match. leave empty to any asset
  • # type
  • # family: The family to match. leave empty to any family
  • # vlan: The VLAN of the segment
  • # description: The segment description
  • newAssetGroup(
  • name: String!,
  • type: AssetGroupType!,
  • assetsIds: [ID!],
  • ips: [String!],
  • startIp: String,
  • endIp: String,
  • assetType: AssetType,
  • family: String,
  • vlan: String,
  • description: String
  • ): AssetGroup!
  • # Archive an asset Group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveAssetGroup(id: ID!): AssetGroup!
  • # Set a schedule group
  • #
  • # Arguments
  • # id: ID
  • # name: The group name
  • # type: The group type
  • # start: The start time of the interval
  • # end: The end time of the interval
  • # schedules: The intervals list
  • setScheduleGroup(
  • id: ID!,
  • name: String!,
  • type: String!,
  • start: Time,
  • end: Time,
  • schedules: [TypedIntervalParams!]
  • ): ScheduleGroup!
  • # Create a new schedule group
  • #
  • # Arguments
  • # name: The group name
  • # type: The group type
  • # start: The start time of the interval
  • # end: The end time of the interval
  • # schedules: The intervals list
  • newScheduleGroup(
  • name: String!,
  • type: String!,
  • start: Time,
  • end: Time,
  • schedules: [TypedIntervalParams!]
  • ): ScheduleGroup!
  • # Archive a schedule group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveScheduleGroup(id: ID!): ScheduleGroup!
  • # Set rule group
  • #
  • # Arguments
  • # id: ID
  • # name: the group name
  • # items: The list of rules in this group
  • setRuleGroup(id: ID!, name: String!, items: [Float!]!): RuleGroup!
  • # Create a new rule group
  • #
  • # Arguments
  • # name: the group name
  • # items: The list of rules in this group
  • newRuleGroup(name: String!, items: [Float!]!): RuleGroup!
  • # Archive a rule group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveRuleGroup(id: ID!): RuleGroup!
  • # Set Syslog server
  • #
  • # Arguments
  • # name: Name
  • # protocol: Protocol of syslog server
  • # address: Address of syslog server
  • # port: Port of syslog server
  • newSyslogServer(
  • name: String!,
  • protocol: String!,
  • address: String!,
  • port: Int!
  • ): SyslogServer!
  • # Update Syslog server
  • #
  • # Arguments
  • # id: ID
  • # name: Name
  • # protocol: Protocol of syslog server
  • # address: Address of syslog server
  • # port: Port of syslog server
  • setSyslogServer(
  • id: ID!,
  • name: String!,
  • protocol: String!,
  • address: String!,
  • port: Int!
  • ): SyslogServer!
  • # Archive Syslog server
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveSyslogServer(id: ID!): SyslogServer!
  • # Set protocol list group
  • #
  • # Arguments
  • # id: ID
  • # name: the group name
  • # items: The list of protocols in this group
  • setProtocolList(
  • id: ID!,
  • name: String!,
  • items: [ProtocolListItemParams!]!
  • ): ProtocolGroup!
  • # Create a new protocol group
  • #
  • # Arguments
  • # name: the group name
  • # items: The list of protocols in this group
  • newProtocolList(name: String!, items: [ProtocolListItemParams!]!): ProtocolGroup!
  • # Archive a protocol group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveProtocolList(id: ID!): ProtocolGroup!
  • # Set port list group
  • #
  • # Arguments
  • # id: ID
  • # name: the group name
  • # items: The list of ports in this group
  • setPortList(id: ID!, name: String!, items: [PortListItemParams!]!): PortGroup!
  • # Create a new port group
  • #
  • # Arguments
  • # name: the group name
  • # items: The list of ports in this group
  • newPortList(name: String!, items: [PortListItemParams!]!): PortGroup!
  • # Archive a port group
  • #
  • # Arguments
  • # id: [Not documented]
  • archivePortList(id: ID!): PortGroup!
  • # Test an existing Syslog server
  • #
  • # Arguments
  • # id: [Not documented]
  • testSyslogServer(id: ID!): Job!
  • # Test ad hoc Syslog server
  • #
  • # Arguments
  • # name: Name
  • # protocol: Protocol of syslog server
  • # address: Address of syslog server
  • # port: Port of syslog server
  • testAdHocSyslogServer(
  • name: String!,
  • protocol: String!,
  • address: String!,
  • port: Int!
  • ): Job!
  • # Set Smtp server
  • #
  • # Arguments
  • # name: Name
  • # smtpServer: smtp server address
  • # smtpUser: smtp user on the server
  • # smtpPort: Port of smtp server
  • # password: Password for smtp server
  • # sender: sender email address
  • newSmtpServer(
  • name: String!,
  • smtpServer: String!,
  • smtpUser: String!,
  • smtpPort: Int!,
  • password: String,
  • sender: String!
  • ): SMTPServer!
  • # Update SMTP server
  • #
  • # Arguments
  • # id: ID
  • # name: Name
  • # smtpServer: smtp server address
  • # smtpUser: smtp user on the server
  • # smtpPort: Port of smtp server
  • # password: Password for smtp server
  • # sender: sender email address
  • setSmtpServer(
  • id: ID!,
  • name: String!,
  • smtpServer: String!,
  • smtpUser: String!,
  • smtpPort: Int!,
  • password: String,
  • sender: String!
  • ): SMTPServer!
  • # Archive SMTP server
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveSmtpServer(id: ID!): SMTPServer!
  • # Test an existing SMTP server
  • #
  • # Arguments
  • # id: ID
  • # recipient: Recipient
  • testSmtpServer(id: ID!, recipient: String!): Job!
  • # Test ad hoc SMTP server
  • #
  • # Arguments
  • # name: Name
  • # password: Password for smtp server
  • # smtpServer: smtp server address
  • # smtpUser: smtp user on the server
  • # smtpPort: Port of smtp server
  • # sender: sender email address
  • # recipient: sender email address
  • testAdHocSmtpServer(
  • name: String!,
  • password: String,
  • smtpServer: String!,
  • smtpUser: String!,
  • smtpPort: Int!,
  • sender: String!,
  • recipient: String!
  • ): Job!
  • # Create FortiGate server
  • #
  • # Arguments
  • # name: Name of FortiGate server
  • # apiKey: API key of FortiGate server
  • # address: Address of FortiGate server, including http/s and port
  • # if needed
  • # enablePolicy: Whether or not to enable the new policy on
  • # FortiGate
  • newFortiGateServer(
  • name: String!,
  • apiKey: String!,
  • address: String!,
  • enablePolicy: Boolean!
  • ): FortiGateServer!
  • # Update FortiGate server
  • #
  • # Arguments
  • # id: ID
  • # name: Name of FortiGate server
  • # apiKey: API key of FortiGate server
  • # address: Address of FortiGate server, including http/s and port
  • # if needed
  • # enablePolicy: Whether or not to enable the new policy on
  • # FortiGate
  • setFortiGateServer(
  • id: ID!,
  • name: String!,
  • apiKey: String,
  • address: String!,
  • enablePolicy: Boolean!
  • ): FortiGateServer!
  • # Archive FortiGate server
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveFortiGateServer(id: ID!): FortiGateServer!
  • # Test an existing FortiGate server
  • #
  • # Arguments
  • # id: [Not documented]
  • testFortiGateServer(id: ID!): Job!
  • # Test ad hoc FortiGate server
  • #
  • # Arguments
  • # name: Name of FortiGate server
  • # apiKey: API key of FortiGate server
  • # address: Address of FortiGate server, including http/s and port
  • # if needed
  • testAdHocFortiGateServer(
  • name: String!,
  • apiKey: String!,
  • address: String!
  • ): Job!
  • # New Palo Alto server
  • #
  • # Arguments
  • # hostname: Hostname
  • # username: Username
  • # password: Password
  • newPaloAltoServer(
  • hostname: String!,
  • username: String!,
  • password: String!
  • ): PaloAltoServer!
  • # Update Palo Alto server
  • #
  • # Arguments
  • # id: ID
  • # hostname: Hostname
  • # username: Username
  • # password: Password
  • setPaloAltoServer(
  • id: ID!,
  • hostname: String!,
  • username: String!,
  • password: String!
  • ): PaloAltoServer!
  • # Delete Palo Alto server
  • #
  • # Arguments
  • # id: [Not documented]
  • deletePaloAltoServer(id: ID!): PaloAltoServer!
  • # New Aruba server
  • #
  • # Arguments
  • # hostname: Hostname
  • # username: Username
  • # password: Password
  • # client: API client
  • # clientSecret: API client secret
  • newArubaServer(
  • hostname: String!,
  • username: String!,
  • password: String!,
  • client: String!,
  • clientSecret: String!
  • ): ArubaServer!
  • # Update Aruba server
  • #
  • # Arguments
  • # id: ID
  • # hostname: Hostname
  • # username: Username
  • # password: Password
  • # client: API client
  • # clientSecret: API client secret
  • setArubaServer(
  • id: ID!,
  • hostname: String!,
  • username: String!,
  • password: String!,
  • client: String!,
  • clientSecret: String!
  • ): ArubaServer!
  • # Delete Aruba server
  • #
  • # Arguments
  • # id: [Not documented]
  • deleteArubaServer(id: ID!): ArubaServer!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • # snapshot: Should take snapshot
  • newActivityPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • event: ActivityPolicyEvent!,
  • schedule: Group!,
  • snapshot: Boolean!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • # snapshot: Should take snapshot
  • setActivityPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • event: ActivityPolicyEvent!,
  • schedule: Group!,
  • snapshot: Boolean!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • newAssetPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • event: AssetPolicyEvent!,
  • schedule: Group!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • setAssetPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • event: AssetPolicyEvent!,
  • schedule: Group!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • # protocolGroup: Protocol Group
  • newProtocolPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • event: ProtocolPolicyEvent!,
  • schedule: Group!,
  • protocolGroup: Group!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • # protocolGroup: Protocol Group
  • setProtocolPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • event: ProtocolPolicyEvent!,
  • schedule: Group!,
  • protocolGroup: Group!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # event: Event type
  • # portGroup: Port Group
  • newPortPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • event: PortPolicyEvent!,
  • portGroup: Group!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # event: Event type
  • # portGroup: Port Group
  • setPortPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • event: PortPolicyEvent!,
  • portGroup: Group!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • newIDSSrcDstPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • event: IDSSrcDstEvent!,
  • schedule: Group!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # event: Event type
  • # schedule: Schedule Group
  • setIDSSrcDstPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • event: IDSSrcDstEvent!,
  • schedule: Group!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # event: Event type
  • # schedule: Schedule Group
  • newIDSGeneralPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • event: IDSGeneralNewEvent!,
  • schedule: Group!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # event: Event type
  • # schedule: Schedule Group
  • setIDSGeneralPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • event: IDSGeneralNewEvent!,
  • schedule: Group!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # event: Event type
  • # schedule: Schedule Group
  • # params: Extra Params
  • newSpikePolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • event: SpikeEvent!,
  • schedule: Group!,
  • params: SpikeDefParam!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # event: Event type
  • # schedule: Schedule Group
  • # params: Extra Params
  • setSpikePolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • event: SpikeEvent!,
  • schedule: Group!,
  • params: SpikeDefParam!
  • ): Policy!
  • # New Policy
  • #
  • # Arguments
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # event: Event type
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # ruleGroup: Rule Group
  • # schedule: Schedule Group
  • newIntrusionPolicy(
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • event: IntrusionPolicyEvent!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • ruleGroup: Group!,
  • schedule: Group!
  • ): Policy!
  • # Update Policy
  • #
  • # Arguments
  • # id: ID
  • # title: Title
  • # level: Level of policy
  • # disableAfterHit: Should the policy be disabled after first hit
  • # continuous: Indicates if the policy hits on continuous events
  • # actions: Actions for policy
  • # event: Event type
  • # srcAssetGroup: Source Asset Group
  • # dstAssetGroup: Destination Asset Group
  • # ruleGroup: Rule Group
  • # schedule: Schedule Group
  • setIntrusionPolicy(
  • id: ID!,
  • title: String!,
  • level: PolicyLevel!,
  • disableAfterHit: Boolean,
  • continuous: Boolean,
  • actions: [ActionParams!]!,
  • event: IntrusionPolicyEvent!,
  • srcAssetGroup: [[Group!]!]!,
  • dstAssetGroup: [[Group!]!]!,
  • ruleGroup: Group!,
  • schedule: Group!
  • ): Policy!
  • # Archive a policy
  • #
  • # Arguments
  • # id: [Not documented]
  • archivePolicy(id: ID!): Policy!
  • # Disable a policy
  • #
  • # Arguments
  • # id: [Not documented]
  • disablePolicy(id: ID!): Policy!
  • # Enable a policy
  • #
  • # Arguments
  • # id: [Not documented]
  • enablePolicy(id: ID!): Policy!
  • # Enable bulk of policies
  • #
  • # Arguments
  • # ids: [Not documented]
  • enablePolicies(ids: [ID!]!): [Policy!]!
  • # Disable bulk of policies
  • #
  • # Arguments
  • # ids: [Not documented]
  • disablePolicies(ids: [ID!]!): [Policy!]!
  • # Archive a bulk of policies
  • #
  • # Arguments
  • # ids: [Not documented]
  • archivePolicies(ids: [ID!]!): [Policy!]!
  • # Edit bulk of policies
  • #
  • # Arguments
  • # ids: Policy IDs
  • # level: New policies level
  • # syslogActions: List of syslog servers IDs, use empty list to
  • # delete all actions. null to ignore field
  • # emailActions: List of email groups IDs, use empty list to
  • # delete all actions. null to ignore field
  • editPolicies(
  • ids: [ID!]!,
  • level: PolicyLevel,
  • syslogActions: [ID!],
  • emailActions: [ID!]
  • ): [Policy!]!
  • # New email group
  • #
  • # Arguments
  • # name: Name
  • # server: Server ID
  • # recipients: Recipients
  • newEmailGroup(name: String!, server: ID!, recipients: [String!]!): EmailGroup!
  • # Update email group
  • #
  • # Arguments
  • # id: ID
  • # name: Name
  • # server: Server ID
  • # recipients: Recipients
  • setEmailGroup(id: ID!, name: String!, server: ID!, recipients: [String!]!): EmailGroup!
  • # Archive a email group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveEmailGroup(id: ID!): EmailGroup!
  • # Create a system backup
  • #
  • # Arguments
  • # capSize: Max size of caps in bytes.
  • # failedQueriesCapsSize: Max size of failed caps in bytes.
  • createBackup(capSize: Int, failedQueriesCapsSize: Int): Job!
  • # Remove flags
  • #
  • # Arguments
  • # flag: [Not documented]
  • removeFlag(flag: RemovableFlags!): FlagList!
  • # Stop ongoing captures
  • stopOngoingCaptures: Job!
  • # Play the specified pcaps
  • #
  • # Arguments
  • # ids: List of file ids to play
  • # speed: The play speed (multiplication)
  • playPcaps(ids: [String!]!, speed: Int): Job!
  • # Delete a pcap file from the pcap player repository
  • #
  • # Arguments
  • # id: [Not documented]
  • deletePcap(id: ID!): PcapPlayerFileDetails!
  • # add a custom field
  • #
  • # Arguments
  • # userDefinedName: [Not documented]
  • # valueType: [Not documented]
  • addCustomField(
  • userDefinedName: String!,
  • valueType: CustomFieldValueType!
  • ): CustomField!
  • # update a custom field
  • #
  • # Arguments
  • # fieldId: [Not documented]
  • # userDefinedName: [Not documented]
  • # valueType: [Not documented]
  • updateCustomField(
  • fieldId: String!,
  • userDefinedName: String!,
  • valueType: CustomFieldValueType!
  • ): CustomField!
  • # remove a custom field
  • #
  • # Arguments
  • # fieldId: [Not documented]
  • deleteCustomField(fieldId: String!): CustomField!
  • # set the baseline: links since a given time
  • #
  • # Arguments
  • # from: [Not documented]
  • refreshBaseline(from: Time): Baseline!
  • # delete the baseline
  • deleteBaseline: Baseline!
  • # Change tubbigy log level
  • #
  • # Arguments
  • # level: [Not documented]
  • tubbigyLogLevel(level: LogLevel!): LogLevel!
  • # Set wmi username and password
  • #
  • # Arguments
  • # username: WMI username
  • # password: The WMI user password
  • setWmiUserInfo(username: String!, password: String): WMIUserInfo!
  • # Set ssh username and password for credentials of nessus scans
  • #
  • # Arguments
  • # username: SSH username for credentials of nessus scans
  • # password: The SSH user's password for credentials of nessus
  • # scans
  • setSshUserInfo(username: String!, password: String!): SSHUserInfo!
  • # Trigger an online nessus plugin set update
  • updateNessusPluginSet: Job!
  • # Trigger an online Suricata rule set update
  • updateSuricataRuleSet: UpdateResult!
  • # Start discovery
  • startDiscovery: Job!
  • # Cancel discovery
  • cancelDiscovery: Job!
  • # Set Discovery Networks
  • #
  • # Arguments
  • # networks: [Not documented]
  • setDiscoveryNetworks(networks: [String!]!): DiscoveryNetworks!
  • # Create an exclusion for Intrusion Detection event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # sid: suricata's SID
  • # srcAssets: The list of src assets IDs
  • # srcIp: [Not documented]
  • # dstAssets: The list of dst assets IDs
  • # dstIp: [Not documented]
  • newIntrusionDetectionExclusion(
  • policyId: ID!,
  • comment: String,
  • sid: Float,
  • srcAssets: [ID!],
  • srcIp: String,
  • dstAssets: [ID!],
  • dstIp: String
  • ): Exclusion!
  • # Create an exclusion for Activity event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # srcAssets: The list of src assets IDs
  • # srcIp: [Not documented]
  • # dstAssets: The list of dst assets IDs
  • # dstIp: [Not documented]
  • newActivityExclusion(
  • policyId: ID!,
  • comment: String,
  • srcAssets: [ID!],
  • srcIp: String,
  • dstAssets: [ID!],
  • dstIp: String
  • ): Exclusion!
  • # Create an exclusion for Conversation event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # srcAssets: The list of src assets IDs
  • # srcIp: [Not documented]
  • # dstAssets: The list of dst assets IDs
  • # dstIp: [Not documented]
  • # protocol: [Not documented]
  • # port: [Not documented]
  • newConversationExclusion(
  • policyId: ID!,
  • comment: String,
  • srcAssets: [ID!],
  • srcIp: String,
  • dstAssets: [ID!],
  • dstIp: String,
  • protocol: ProtocolType,
  • port: Int
  • ): Exclusion!
  • # Create an exclusion for Ip Conflict event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # ip: [Not documented]
  • # macs: The set of MACs to exclude.
  • # The event's conflicting mac should be contained in this set.
  • # MAC string format is with a ':' separator between bytes.
  • newIpConflictExclusion(
  • policyId: ID!,
  • comment: String,
  • ip: String,
  • macs: [String!]
  • ): Exclusion!
  • # Create an exclusion for Tag Write event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # srcAssets: The list of src assets IDs
  • # srcIp: [Not documented]
  • # dstAssets: The list of dst assets IDs
  • # dstIp: [Not documented]
  • # tag: tag name
  • newTagWriteExclusion(
  • policyId: ID!,
  • comment: String,
  • srcAssets: [ID!],
  • srcIp: String,
  • dstAssets: [ID!],
  • dstIp: String,
  • tag: String
  • ): Exclusion!
  • # Create an exclusion for Asset event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # assets: The list of asset IDs
  • newAssetExclusion(policyId: ID!, comment: String, assets: [ID!]): Exclusion!
  • # Create an exclusion for Scan event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # assets: The list of asset IDs
  • # ip: [Not documented]
  • newScansExclusion(
  • policyId: ID!,
  • comment: String,
  • assets: [ID!],
  • ip: String
  • ): Exclusion!
  • # Create an exclusion for Open Port event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # assets: The list of asset IDs
  • # ip: [Not documented]
  • # port: [Not documented]
  • newOpenPortExclusion(
  • policyId: ID!,
  • comment: String,
  • assets: [ID!],
  • ip: String,
  • port: Int
  • ): Exclusion!
  • # Create an exclusion for Usb Change event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # assets: The list of asset IDs
  • # usbDevice: Device Id
  • newUsbChangeExclusion(
  • policyId: ID!,
  • comment: String,
  • assets: [ID!],
  • usbDevice: String
  • ): Exclusion!
  • # Create an exclusion for IEC104 event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # srcAssets: The list of src assets IDs
  • # srcIp: [Not documented]
  • # dstAssets: The list of dst assets IDs
  • # dstIp: [Not documented]
  • # cot: [Not documented]
  • newIEC104Exclusion(
  • policyId: ID!,
  • comment: String,
  • srcAssets: [ID!],
  • srcIp: String,
  • dstAssets: [ID!],
  • dstIp: String,
  • cot: String
  • ): Exclusion!
  • # Create an exclusion for DNP3 event
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # comment: [Not documented]
  • # srcAssets: The list of src assets IDs
  • # srcIp: [Not documented]
  • # dstAssets: The list of dst assets IDs
  • # dstIp: [Not documented]
  • # srcDnp3Address: uint16 value
  • # dstDnp3Address: uint16 value
  • newDNP3Exclusion(
  • policyId: ID!,
  • comment: String,
  • srcAssets: [ID!],
  • srcIp: String,
  • dstAssets: [ID!],
  • dstIp: String,
  • srcDnp3Address: Int,
  • dstDnp3Address: Int
  • ): Exclusion!
  • # Delete an exclusion rule
  • #
  • # Arguments
  • # policyId: [Not documented]
  • # exclusionId: [Not documented]
  • deleteExclusion(policyId: ID!, exclusionId: String!): Exclusion!
  • # Recalculate risk score for asset
  • #
  • # Arguments
  • # id: [Not documented]
  • recalculateAssetRisk(id: ID!): Job!
  • # Recalculate risk score for all assets
  • #
  • # Arguments
  • # components: List of component to recalculate, empty or empty
  • # list will recalculate all
  • recalculateAllAssetsRisk(components: [ComponentType!]): Job!
  • # Set checkpoint shared key
  • #
  • # Arguments
  • # sharedKey: [Not documented]
  • setCheckpointSharedKey(sharedKey: String!): Boolean!
  • # Delete checkpoint shared key
  • deleteCheckpointSharedKey: Boolean!
  • # Create a new API Key for the current user
  • #
  • # Arguments
  • # description: [Not documented]
  • # expiryTime: [Not documented]
  • createAPIKey(description: String!, expiryTime: Time!): APIKeyResponse!
  • # Delete an existing API Key
  • #
  • # Arguments
  • # id: [Not documented]
  • deleteAPIKey(id: Float!): APIKey!
  • # Add tenable.sc server
  • #
  • # Arguments
  • # address: Address of tenable.sc server, including http/s and
  • # port if needed
  • # user: Username in tenable.sc for the integration
  • # password: Password of the given username
  • # name: Name of tenable.sc server
  • # repoId: The repository in tenable.sc to associate the agent
  • # with
  • # schedule: Schedule for syncing with the tenable.sc server. If
  • # empty or invalid a default schedule will be used
  • newScServer(
  • address: String!,
  • user: String!,
  • password: String!,
  • name: String!,
  • repoId: Int!,
  • schedule: ScheduleParams
  • ): ScServer!
  • # Update tenable.sc server
  • #
  • # Arguments
  • # address: Address of tenable.sc server, including http/s and
  • # port if needed
  • # user: Username in tenable.sc for the integration
  • # password: Password of the given username
  • # name: Name of tenable.sc server
  • # repoId: The repository in tenable.sc to associate the agent
  • # with
  • # schedule: Schedule for syncing with the tenable.sc server. If
  • # empty or invalid a default schedule will be used
  • # id: ID
  • setScServer(
  • address: String!,
  • user: String!,
  • password: String,
  • name: String!,
  • repoId: Int!,
  • schedule: ScheduleParams,
  • id: ID!
  • ): ScServer!
  • # Archive tenable.sc server
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveScServer(id: ID!): ScServer!
  • # Sync Tenable.ot to Tenable.sc now
  • #
  • # Arguments
  • # id: [Not documented]
  • syncScServer(id: ID!): Job!
  • # Test an existing tenable.sc server
  • #
  • # Arguments
  • # id: [Not documented]
  • testScServer(id: ID!): Job!
  • # Test ad hoc tenable.sc server
  • #
  • # Arguments
  • # address: Address of tenable.sc server, including http/s and
  • # port if needed
  • # user: Username in tenable.sc for the integration
  • # password: Password of the given username
  • testAdHocScServer(
  • address: String!,
  • user: String!,
  • password: String!
  • ): Job!
  • # Add tenable.io server
  • #
  • # Arguments
  • # accessKey: AccessKey property of API Keys
  • # secretKey: SecretKey property of API Keys
  • # name: Name for the tenable.io server
  • # schedule: Schedule for syncing with the tenable.io server. If
  • # empty or invalid a default schedule will be used
  • newIoServer(
  • accessKey: String!,
  • secretKey: String!,
  • name: String!,
  • schedule: ScheduleParams
  • ): IoServer!
  • # Update tenable.io server
  • #
  • # Arguments
  • # accessKey: AccessKey property of API Keys
  • # secretKey: SecretKey property of API Keys
  • # name: Name for the tenable.io server
  • # schedule: Schedule for syncing with the tenable.io server. If
  • # empty or invalid a default schedule will be used
  • # id: ID
  • setIoServer(
  • accessKey: String,
  • secretKey: String,
  • name: String!,
  • schedule: ScheduleParams,
  • id: ID!
  • ): IoServer!
  • # Archive tenable.io server
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveIoServer(id: ID!): IoServer!
  • # Sync Tenable.ot to Tenable.io now
  • #
  • # Arguments
  • # id: [Not documented]
  • syncIoServer(id: ID!): Job!
  • # Test an existing tenable.io server
  • #
  • # Arguments
  • # id: [Not documented]
  • testIoServer(id: ID!): Job!
  • # Test ad hoc tenable.io server
  • #
  • # Arguments
  • # accessKey: AccessKey property of API Keys
  • # secretKey: SecretKey property of API Keys
  • testAdHocIoServer(accessKey: String!, secretKey: String!): Job!
  • # Add new blocking firewall rule
  • #
  • # Arguments
  • # op: Empty value means all supported Ops
  • # target: IP/CIDR to block
  • addFirewallRule(op: FirewallOpType, target: String!): FirewallRule!
  • # Delete existing blocking firewall rule
  • #
  • # Arguments
  • # op: Empty value means all supported Ops
  • # target: IP/CIDR to block
  • deleteFirewallRule(op: FirewallOpType, target: String!): FirewallRule!
  • # Add user group
  • #
  • # Arguments
  • # name: Name for the user group
  • # roles: list of roles to set
  • # users: list of users to set
  • newUserGroup(name: String!, roles: [String!]!, users: [String]): UserGroup!
  • # Edit user group
  • #
  • # Arguments
  • # id: User group id
  • # name: Name for the user group
  • # roles: list of roles to set
  • # users: list of users to set
  • editUserGroup(id: ID!, name: String!, roles: [String!]!, users: [String]): UserGroup!
  • # Archive user group
  • #
  • # Arguments
  • # id: [Not documented]
  • archiveUserGroup(id: ID!): UserGroup!
  • # Add authentication provider
  • #
  • # Arguments
  • # providerDetails: [Not documented]
  • # groupsMapping: List of mapped external groups to Tenable.ot
  • # groups
  • addAuthProvider(
  • providerDetails: ProviderDetailsParams!,
  • groupsMapping: [ExternalGroupParams!]
  • ): AuthProvider!
  • # Edit authentication provider
  • #
  • # Arguments
  • # providerDetails: [Not documented]
  • # groupsMapping: List of mapped external groups to Tenable.ot
  • # groups
  • # id: [Not documented]
  • editAuthProvider(
  • providerDetails: ProviderDetailsParams!,
  • groupsMapping: [ExternalGroupParams!],
  • id: ID!
  • ): AuthProvider!
  • # Delete authentication provider
  • #
  • # Arguments
  • # id: [Not documented]
  • deleteAuthProvider(id: ID!): AuthProvider!
  • # Enable authentication provider
  • #
  • # Arguments
  • # id: [Not documented]
  • enableAuthProvider(id: ID!): AuthProvider!
  • # Disable authentication provider
  • #
  • # Arguments
  • # id: [Not documented]
  • disableAuthProvider(id: ID!): AuthProvider!
  • # Upload a web server certificate
  • #
  • # Arguments
  • # cert: PEM of certificate for HTTPS connection (can be
  • # self-signed)
  • # key: PEM of private key for cert
  • # keyPassword: [Not documented]
  • uploadWebServerCertificate(
  • cert: String!,
  • key: String!,
  • keyPassword: String
  • ): Job!
  • # Generate a self-signed web server certificate
  • generateWebServerCertificate: Job!
  • # Register a new activation code. This code receives a pending status until it's
  • # being used to fully activate the license. This code does not replace the
  • # existing license's code until the license is fully activated
  • #
  • # Arguments
  • # activationCode: [Not documented]
  • registerLicenseActivationCode(
  • activationCode: String!
  • ): LicenseActivationRequest!
  • # Remove the pending, previously registered activation code if one exists
  • clearLicenseActivationCode: LicenseActivationCodeClearResponse!
  • # Generate license certificate
  • generateLicenseActivationRequest: LicenseActivationRequest! @deprecated( reason: "Generating a certificate was split to allow generation by using either a pending, registered activation code or the existing license's activation code. Please see generateLicenseActivationCertificate for more information" )
  • # Generate a license activation certificate from either the pending activation
  • # code or from the activation code of the already existing license
  • #
  • # Arguments
  • # activationCodeSource: [Not documented]
  • generateLicenseActivationCertificate(
  • activationCodeSource: ActivationCodeSource!
  • ): LicenseActivationRequest!
  • # Activate license
  • #
  • # Arguments
  • # activationBlob: [Not documented]
  • activateLicense(activationBlob: String!): LicenseInfo!
  • # Bulk set plugins details
  • #
  • # Arguments
  • # plugins: Plugin ID's to update
  • # comment: Comment
  • # owner: Owner
  • setPluginDetails(plugins: [Int!]!, comment: String, owner: String): [Plugin!]!
  • # Delete and unpair a sensor
  • #
  • # Arguments
  • # id: [Not documented]
  • deleteSensor(id: ID!): SensorDetails!
  • # Pause sensor traffic, keep pairing
  • #
  • # Arguments
  • # id: [Not documented]
  • pauseSensor(id: ID!): SensorDetails!
  • # Resume paired sensor traffic
  • #
  • # Arguments
  • # id: [Not documented]
  • resumeSensor(id: ID!): SensorDetails!
  • # Approve sensor for pairing
  • #
  • # Arguments
  • # id: [Not documented]
  • approveSensor(id: ID!): SensorDetails!
  • # Edit sensor
  • #
  • # Arguments
  • # id: Sensor ID
  • # name: Sensor name
  • # active: Allow the sensor to do active queries
  • # activeNetworks: Networks the sensor is active on
  • editSensor(
  • id: String!,
  • name: String,
  • active: Boolean,
  • activeNetworks: [String!]
  • ): SensorDetails!
  • # Create a new user scan
  • #
  • # Arguments
  • # name: User scan name
  • # plugins: User scan plugins
  • # cidrs: User scan CIDRs
  • newNessusUserScan(
  • name: String!,
  • plugins: [PluginFamilyArgs!]!,
  • cidrs: [String!]!
  • ): Job!
  • # Edit a user scan
  • #
  • # Arguments
  • # id: User scan ID
  • # name: User scan name
  • # plugins: User scan plugins
  • # cidrs: User scan CIDRs
  • editNessusUserScan(
  • id: Int!,
  • name: String!,
  • plugins: [PluginFamilyArgs!]!,
  • cidrs: [String!]!
  • ): Job!
  • # Delete a user scan
  • #
  • # Arguments
  • # id: [Not documented]
  • deleteNessusUserScan(id: Int!): Job!
  • # Perform user scan action (run / pause / resume / stop / kill)
  • #
  • # Arguments
  • # id: User scan ID
  • # action: Action to perform
  • nessusUserScanAction(id: Int!, action: ScanAction!): Job!
  • }

link Require by

This element is not required by anyone