OBJECT

PolicyFinding

Policy findings

link GraphQL Schema definition

  • type PolicyFinding {
  • # Id
  • id: ID!
  • # Type info regarding this policy finding
  • eventType: EventTypeDetails!
  • # Category of the event type
  • category: EventCategoryType!
  • # The policy that caused this finding
  • policy: Policy!
  • # The title of the policy from which the finding originated
  • policyTitle: String!
  • # Severity of the finding
  • severity: PolicyLevel!
  • # Status of the finding
  • status: FindingStatus!
  • # The src assets of the finding
  • #
  • # Arguments
  • # after: Returns the items in the list that come after the
  • # specified cursor.
  • # first: Returns the first n items from the list.
  • # before: Returns the items in the list that come before the
  • # specified cursor.
  • # last: Returns the last n items from the list.
  • srcAssets(after: String, first: Int, before: String, last: Int): LeanAssetConnection!
  • # List of the names of the src assets
  • srcNames: [String]
  • # The src ips of all events participating in this finding
  • srcIps: [String]
  • # The dst assets of the finding
  • #
  • # Arguments
  • # after: Returns the items in the list that come after the
  • # specified cursor.
  • # first: Returns the first n items from the list.
  • # before: Returns the items in the list that come before the
  • # specified cursor.
  • # last: Returns the last n items from the list.
  • dstAssets(after: String, first: Int, before: String, last: Int): LeanAssetConnection!
  • # List of the names of the dst assets
  • dstNames: [String]
  • # The dst ips of all events participating in this finding
  • dstIps: [String]
  • # The policy hits that this finding consists of
  • policyHits: [Event!]
  • # Number of active (non-resolved) hits for this finding
  • activePolicyHits: Int
  • # The first hit time since creation or mitigation
  • firstHitTime: Time!
  • # The last time this finding received and event
  • lastHitTime: Time!
  • # The id of the last hit that happened on this finding
  • lastHitId: String
  • # List of protocols used in the hits that consist this finding
  • protocols: [String!]
  • # Number of hits from the last time finding became active
  • activeHits: Int
  • # Number of resolved hits for this finding
  • resolvedHits: Int
  • # List of types of both src and dst assets
  • assetsTypes: [AssetType]
  • # List of criticality values of both src and dst assets
  • assetsCriticalities: [Criticality]
  • # List of vendors of both src and dst assets
  • assetsVendors: [String]
  • # List of families of both src and dst assets
  • assetsFamilies: [String]
  • # List of models of both src and dst assets
  • assetsModels: [String]
  • # List of purdue levels values of all assets in src and dst
  • assetsPurdueLevels: [PurdueLevel]
  • # List of locations of both src and dst assets
  • assetsLocations: [String]
  • # List of tags of both src and dst assets
  • assetsTags: [String]
  • # Id of the plugin this finding associates to
  • pluginId: Int
  • # Name of the plugin this finding associates to
  • pluginName: String
  • # Synopsis of the plugin this finding associates to
  • pluginSynopsis: String
  • # Description of the plugin this finding associates to
  • pluginDescription: String
  • # Solution of the plugin this finding associates to
  • pluginSolution: String
  • # MITRE ICS techniques of the plugin this finding associates to
  • mitreTechniques: [String!]
  • # MITRE ICS tactics of the plugin this finding associates to
  • mitreTactics: [String!]
  • # Who resolved the finding, in case it is fixed
  • resolvedUser: String
  • # When finding was resolved, in case it is fixed
  • resolvedOn: Time
  • # Resolve comment on the finding, in case it is fixed
  • comment: String
  • # Trend of how many hits happen each given window of time
  • #
  • # Arguments
  • # window: [Not documented]
  • trend(window: Int): PolicyFindingTrend
  • }

link Require by