Identity Credential Compromise GraphQL API๐
Query๐
Description: Public queries
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| breaches | BreachesResponse | Returns compromised identities for the given query options. | query: BreachesQuery, sorting: BreachesSorting, paging: BreachesPaging |
| breachesFacets | BreachesFacets | Returns aggregated counts per facet for the compromised identities query parameters. Restricted to the current tenant context. | query: BreachesQuery |
| identityCompromiseMetrics | IdentityCompromiseMetrics | Get the identity compromise metrics for the given query options. | input: IdentityCompromiseMetricsQuery |
| identityCompromiseMonitoredDomains | String | Returns the currently monitored domains for identity compromise. | |
| availableIdentityCompromiseDomains | PotentialCompromiseDomain | Returns the potential compromise domains that can be monitored. | limit: Int |
| numAllowedIdentityCompromiseDomains | Int64 | Returns how many domains the current tenant is allowed to monitor for identity compromise. | |
| vipInfo | VIP | Returns VIP (Very Important Person) monitoring information for a specific identity. Returns null if the identity is not configured as a VIP. | externalId: String |
| vipInfos | VIPsQueryResponse | Returns VIP (Very Important Person) monitoring information for multiple identities. | query: VIPsQuery |
String๐
Description: The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Int๐
Description: The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Mutation๐
Description: Public mutations
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| setIdentityCompromiseMonitoredDomains | Boolean | Replaces the currently monitored domains with the provided list of domains. Only permitted to set up to numAllowedIdentityCompromiseDomains. | domains: String |
| upsertVIP | Boolean | Create or update VIP (Very Important Person) monitoring information for an identity. This enables enhanced credential leak monitoring for high-value identities. Returns true if the VIP information was successfully created or updated. | vip: VIPInput |
| deleteVIP | Boolean | Remove VIP (Very Important Person) status from an identity. This will stop enhanced monitoring for the specified identity. Returns true if the VIP status was successfully removed. False if the identity was not a VIP. | externalId: String |
Boolean๐
Description: The Boolean scalar type represents true or false.
Time๐
Description: A timestamp type.
Duration๐
Description: A duration type.
Int64๐
Description: A scalar for 64-bit integers.
IdentityCompromiseMetricsQuery๐
Description: Query Options for IdentityCompromiseMetrics.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| startTime | Time | The start time window for the metrics inclusive; if not included, defaults to 30 days ago. | |
| endTime | Time | The end time window for the metrics exclusive; if not included, defaults to now. | |
| interval | Duration | The interval for the metrics; if not included, default to 1 day. |
IdentityCompromiseMetrics๐
Description: The IdentityCompromiseMetrics type represents aggregated metrics for identity compromise events for monitored domains.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| activeBreaches | CompromiseMetric | The number of active breaches | |
| plaintextPasswords | CompromiseMetric | The number of breached accounts | |
| hashedPasswords | CompromiseMetric | The number of hashed passwords | |
| uniquePasswords | CompromiseMetric | The number of unique passwords | |
| breachSources | CompromiseMetric | The number of breach sources | |
| breachedAccounts | CompromiseMetric | The number of breached accounts | |
| breachedAdminAccounts | CompromiseMetric | The number of breached admin accounts | |
| avgBreachesPerDomain | CompromiseMetric | The average number of breaches per domain |
CompromiseMetricUnit๐
Description: CompromiseMetricUnit defines the unit of measurement a metric was calculated from.
CompromiseMetric๐
Description: Type representing a CompromiseMetric UI component.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| value | Float | The latest value of the component | |
| percentChange | Float | The percent change over the time window | |
| sparklineData | Float | The sparkline data for the component, one number per interval | |
| unit | CompromiseMetricUnit | The unit of measurement for the metric |
Float๐
Description: The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
PotentialCompromiseDomain๐
Description: An email domain that can be used for identity compromise monitoring.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| domain | String | The domain | |
| userCount | Int64 | The number of users with this domain |
BreachesSort๐
Description: Available fields to sort breach records by.
BreachesSortOrder๐
Description: Available order to sort breach records by.
BreachesSorting๐
Description: Used to set sorting parameters for fetching breach records.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| sortBy | BreachesSort | The field to sort breaches by | |
| sortOrder | BreachesSortOrder | The order to sort breaches by |
BreachesPaging๐
Description: Used to set paging parameters for fetching breach records.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| limit | Int64 | Paging limit defaults to 100. Maximum limit value is 500. If limit is over 500, limit will default to 500. If limit is less than or equal to 0, limit will default to 100. | |
| offset | Int64 | Paging offset defaults to 0. |
BreachesStringFacet๐
Description: Used for returning a string type facet.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| value | String | The distinct value of the facet | |
| label | String | A human readable label for the value | |
| count | Int64 | The count of the distinct value |
BreachesBooleanFacet๐
Description: Used for returning a boolean type facet.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| value | Boolean | The distinct value of the facet | |
| count | Int64 | The count of the distinct value |
BreachStatus๐
Description: Describes the status of a breach.
BreachesBreachStatusFacet๐
Description: Used for returning a BreachStatus type facet.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| value | BreachStatus | The distinct value of the facet | |
| count | Int64 | The count of the distinct value |
BreachPasswordType๐
Description: Describes the password type of a breach.
BreachesPasswordTypeFacet๐
Description: Used for returning a BreachPasswordType facet.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| value | BreachPasswordType | The distinct value of the facet | |
| count | Int64 | The count of the distinct value |
BreachesFacets๐
Description: Used for returning distinct facet values and their associated counts.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| breachSource | BreachesStringFacet | Distinct breach source values and their counts | |
| breachStatus | BreachesBreachStatusFacet | Distinct breach status values and their counts | |
| username | BreachesStringFacet | Distinct username values and their counts | |
| passwordType | BreachesPasswordTypeFacet | Distinct password type values and their counts | |
| domain | BreachesStringFacet | Distinct domain values and their counts | |
| status | BreachesStringFacet | Distinct identity status values and their counts | |
| department | BreachesStringFacet | Distinct identity department values and their counts | |
| employeeType | BreachesStringFacet | Distinct employee type values and their counts | |
| isAdmin | BreachesBooleanFacet | Distinct isAdmin values and their counts | |
| isStale | BreachesBooleanFacet | Distinct isStale values and their counts | |
| hasMfa | BreachesBooleanFacet | Distinct hasMfa values and their counts | |
| hasPasswordLessMfa | BreachesBooleanFacet | Distinct hasPasswordLessMfa values and their counts | |
| primaryMfaMethod | BreachesStringFacet | Distinct primary MFA methods and their counts | |
| country | BreachesStringFacet | Distinct countries and their counts |
BreachSource๐
Description: Describes the source of a breach record.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | String | The ID of the breach source | |
| source | String | The data source of the breach source | |
| title | String | The title of the breach source | |
| description | String | The description of the breach source | |
| breachDate | Time | The date the breach occurred | |
| leakedDate | Time | The date the breach leaked credentials | |
| relatedUrls | String | Related URLs of the breach source | |
| createdAt | Time | The date the BreachSource record was created | |
| updatedAt | Time | The date the BreachSource record was last updated |
BreachesQuery๐
Description: Use for querying breach records.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| breachSourceIDs | ID | Used to query Breach records by breach sources | |
| identityIDs | ID | Used to query Breach records by the identity ID | |
| breachStatus | BreachStatus | Used to query Breach records by the breach status | |
| usernames | String | Used to query Breach records by the username the breach compromised | |
| passwordTypes | BreachPasswordType | Used to query Breach records by the type of password that the breach compromised | |
| domains | String | Used to query Breach records by the domain that leaked the credentials | |
| status | String | Used to query Breach records by the status of the linked identities, if available | |
| departments | String | Used to query Breach records by the department of the linked identities, if available | |
| isAdmin | Boolean | Used to query Breach records whether the linked identities are admin or guest | |
| isStale | Boolean | Used to query Breach records whether the linked identities are stale or not | |
| hasMfa | Boolean | Used to query Breach records whether the linked identities have MFA or not | |
| hasPasswordlessMfa | Boolean | Used to query Breach records whether the linked identities have passwordless MFA or not | |
| primaryMfaMethods | String | Used to query Breach records by the linked identities primary MFA methods | |
| employeeTypes | String | Used to query Breach records by the linked identity employee types | |
| countries | String | Used to query Breach records by the linked identity countries | |
| publishDateRange | IdentityCompromiseTimeRange | Used to query Breach records by the publishDate field | |
| breachDateRange | IdentityCompromiseTimeRange | Used to query Breach records by the breachDate field | |
| fuzzy | String | Used to perform a fuzzy search on Breach username, domain, and breach source |
ID๐
Description: The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
IdentityCompromiseTimeRange๐
Description: Container for describing a time range.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| start | Time | The start time of the time range (inclusive) | |
| end | Time | The end time of the time range (inclusive) |
BreachesResponse๐
Description: Container for returning a list of breach records.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| total | Int64 | The total number of records available | |
| breaches | Breach | The list of breach records returned for the given query, paging, and sorting parameters |
Breach๐
Description: Used to describe the breach of an identity.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| thirdpartyId | String | The thirdparty ID of the breach. This coincides with the line number of where the breach appeared. | |
| date | Time | The date of the breach. | |
| source | BreachSource | The source of the breach. | |
| domain | String | The domain of where the breach occurred. | |
| username | String | The username that was compromised. | |
| isActive | Boolean | Describes if the breach is currently active. | |
| plaintextPassword | Boolean | Describes if the breach exposed the credential password in plaintext. | |
| hashPassword | Boolean | Describes if the breach exposed the credential password hash. | |
| publishDate | Time | The date the breach was published. | |
| identity | Identity | The linked compromised identity of the breach. | |
| tenant | TenantV4 | The tenant of the Breach record. | |
| createdAt | Time | The date the Breach record was created. | |
| updatedAt | Time | The date the Breach record was last updated. | |
| inactiveAt | Time | If non-null, the date the breach became inactive. | |
| maskedPassword | String | Masked Password is a UI safe string to display the password in the UI. |
IdentityProvider๐
Description: Represents an identity provider that manages external identities. This type is federated and serves as a reference to identity provider data managed by another service.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | The unique identifier of the identity provider |
Identity๐
Description: Represents an external identity that can be compromised. This type is federated and extends the Identity type from the identities service to include icon and tags information.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| externalId | String | The unique external identifier of the identity | |
| provider | IdentityProvider | The provider managing this identity |
TenantV4๐
Description: Represents a tenant entity in version 4 of the API. This type is used as an external reference and is not resolvable within this service. The tenant is identified by a unique ID and serves as a federated entity key.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | The unique identifier of the tenant |
VIP๐
Description: Represents VIP (Very Important Person) monitoring information for an identity.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| identity | Identity | The identity this VIP information is associated with (only populated if requested) | |
| emails | String | Array of email addresses associated with this VIP | |
| phoneNumbers | String | Array of phone numbers associated with this VIP | |
| socialMedia | String | Array of social media handles associated with this VIP | |
| zipCode | String | Zip code associated with this VIP |
VIPsQuery๐
Description: Input for querying VIP information. By default, returns all VIPs for the tenant.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| externalIds | String | External IDs of the identities to query VIP information for. If empty, returns all VIPs for the tenant. |
VIPsQueryResponse๐
Description: Response for querying VIP information.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| vips | VIP | The VIP records that match the query | |
| total | Int64 | The total number of VIP records that match the query |
VIPInput๐
Description: Input for creating or updating VIP information.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| providerId | ID | The identity provider this VIP is associated with | |
| externalId | String | External ID of the identity | |
| emails | String | Array of email addresses associated with this VIP | |
| phoneNumbers | String | Array of phone numbers associated with this VIP | |
| socialMedia | String | Array of social media handles associated with this VIP | |
| zipCode | String | Zip code associated with this VIP (nullable) |