Playbooks GraphQL API🔗
Query🔗
Description: Red Cloak TDR API is based on GraphQL, which can either be a read (Query) or a write (Mutation) operation. A GraphQL query is used to read or fetch values; mutations write or post values. Responses are provided in a JSON format.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| node | Node | id: ID | |
| tenantContext | TenantContext | ||
| playbook | Playbook | playbookId: ID | |
| playbookV2 | Playbook | arguments: PlaybookArguments | |
| playbooks | Playbook | categoryId: ID, tags: Tags | |
| playbooksV2 | Playbook | arguments: PlaybooksV2Arguments | |
| playbookList | PlaybooksListResults | arguments: PlaybookListArguments | |
| playbookVersion | PlaybookVersion | arguments: PlaybookVersionArguments | |
| playbookVersions | PlaybookVersion | arguments: PlaybookVersionsArguments | |
| playbookInstance | PlaybookInstance | playbookInstanceId: ID | |
| playbookInstances | PlaybookInstance | playbookInstanceIds: ID, playbookId: ID, tags: Tags, connections: IDs | |
| playbookInstancesV2 | PlaybookInstance | arguments: PlaybookInstancesArguments | |
| playbookInstanceList | PlaybookInstancesListResults | arguments: PlaybookInstanceListArguments | |
| playbookExecution | PlaybookExecution | playbookExecutionId: ID | |
| playbookExecutions | PlaybookExecutions | playbookInstanceId: ID, pagination: Pagination | |
| playbookExecutionsV2 | PlaybookExecutionsV2 | arguments: PlaybookExecutionsV2Arguments | |
| playbookExecutionLogs | PlaybookExecutionLog | playbookExecutionId: ID | |
| playbookTrigger | PlaybookTrigger | playbookTriggerId: ID | |
| playbookTriggers | PlaybookTrigger | playbookTriggerTypeIds: IDs | |
| playbookTriggersV2 | PlaybookTrigger | arguments: PlaybookTriggersV2Arguments | |
| playbookRuntimeTriggers | PlaybookTrigger | arguments: PlaybookTriggersV3Arguments | |
| playbookTriggerType | PlaybookTriggerType | playbookTriggerTypeId: ID, playbookTriggerTypeName: String | |
| playbookTriggerTypesV2 | PlaybookTriggerType | arguments: PlaybookTriggerTypesV2Arguments | |
| playbookTriggerTypes | PlaybookTriggerType | Return the trigger configuration based on the configuration stored in the database. | |
| playbookTriggerConfiguration | PlaybookTriggerType | Return the trigger configuration via introspection. | |
| playbookExport | PlaybookExport | arguments: PlaybookExportArguments | |
| playbookTags | String | ||
| playbookQuery | PlaybookStatistics | query: String, database: String, options: QueryOptions | |
| playbookQueryV2 | PlaybookStatistics | query: String, database: String, options: QueryOptions | |
| playbookQueryV3 | PlaybooksQLResponse | Allows executing a QL (AKA CQL) query and get the results for both, aggregations and search on the current playbooks CQL schema types | input: PlaybooksQLInput |
| playbookInterface | PlaybookInterface | arguments: PlaybookInterfaceArguments | |
| playbookInterfaces | PlaybookInterface | arguments: PlaybookInterfacesArguments | |
| playbookInterfaceVersion | PlaybookInterfaceVersion | arguments: PlaybookInterfaceVersionArguments | |
| playbookInterfaceVersions | PlaybookInterfaceVersion | arguments: PlaybookInterfaceVersionsArguments | |
| playbookInterfaceExport | PlaybookInterfaceExport | arguments: PlaybookInterfaceExportArguments | |
| playbooksImplementingInterface | Playbook | arguments: PlaybooksImplementingArguments | |
| playbookVersionsImplementingInterfaceVersions | PlaybookInterfaceVersionPlaybookVersions | arguments: PlaybooksImplementingArguments | |
| playbookActivities | PlaybookActivityList | Return configured activities and activities that can be configured | arguments: PlaybookActivityArguments |
| playbookQueueStats | PlaybookQueueStatistics | Return playbook queue statistics | |
| playbookTriggerFilters | PlaybookTriggerFilter | Return trigger-platform filters | |
| playbookSchedule | PlaybookSchedule | Retrieve a single Playbook Schedule | arguments: PlaybookScheduleArguments |
| playbookSchedules | PlaybookSchedulesResults | List Playbook Scheduled | arguments: PlaybookSchedulesArguments |
| reconcileInstanceVersions | PlaybookInstance | Reconcile a version change with an existing instance | arguments: ReconcileInstanceVersionsArguments |
| playbookValidateDSLV2 | PlaybookDSLValidation | Validate DSL and tasks | arguments: PlaybookValidationArgumentsV2 |
ID🔗
Description: The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
String🔗
Description: The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
TenantContext🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | String | ||
| name | String | ||
| rccID | String | ||
| ctpID | String |
PlaybookArguments🔗
Description: PlaybookArguments define the fields available to lookup a single playbook. At least one of playbookId or playbookName must be set. If both are set, then both the id and name must match an existing playbook.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| playbookName | String | ||
| simplified | Boolean | optional - if specified and true, then only playbook instances that are marked as simplified are returned |
Boolean🔗
Description: The Boolean scalar type represents true or false.
PlaybooksV2Arguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookIds | ID | ||
| categoryId | ID | ||
| tags | Tags | ||
| createdAfter | Time | ||
| createdBefore | Time | ||
| sortBy | PlaybooksSortField | Sort field. Default to NAME. | |
| orderBy | PaginationOrder | Sort order for Playbook lists. Defaults to Ascending | |
| isDeprecated | Boolean |
PlaybookListArguments🔗
Description: PlaybookListArguments describes the parameters for listing Playbooks
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| page | Int | ||
| perPage | Int | ||
| sortField | PlaybooksSortField | ||
| order | PaginationOrder | ||
| searchText | String | ||
| tags | Tags | ||
| simplifiedTypes | SimplifiedType | ||
| isDeprecated | Boolean | ||
| isGlobal | Boolean | ||
| simplifiedType | SimplifiedType |
Int🔗
Description: The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
PlaybooksListResults🔗
Description: PlaybooksListResults are one set of results for a List Playbooks API action
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| results | Playbook | ||
| count | Int |
PlaybookInstanceListArguments🔗
Description: PlaybookInstanceListArguments describes the parameters for listing Playbook Instances. Note that if connections are included, then any Playbook Instances that directly use one of those connections, or any Playbook Instance Activity that uses one of those connections will be returned.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| page | Int | ||
| perPage | Int | ||
| sortField | PlaybookInstancesSortField | ||
| order | PaginationOrder | ||
| searchText | String | ||
| tags | Tags | ||
| enabled | Boolean | ||
| playbooks | IDs | Optional list of Playbooks IDs. List will contain Playbook Instances that are based on these Playbooks. | |
| connections | IDs | Optional list if Connection IDs. List will contain Playbook Instances that use one of these Connections - either directly or by an Activity. | |
| simplified | Boolean | Optional flag - if set to true, only return instances based on a simplified playbook |
PlaybookInstancesListResults🔗
Description: PlaybookInstancesListResults are one set of results for a List Playbooks API action
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| results | PlaybookInstance | ||
| count | Int |
PlaybookInstancesArguments🔗
Description: PlaybookInstancesArguments define the fields available for looking up a list of Playbook Instances. All fields are optional. Note that if connections are included, then any Playbook Instances that directly use one of those connections, or any Playbook Instance Activity that uses one of those connections will be returned.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceIds | ID | ||
| playbookId | ID | ||
| tags | Tags | ||
| connections | IDs | ||
| sortBy | InstanceSortField | ||
| orderBy | PaginationOrder | ||
| page | Int | ||
| perPage | Int |
PlaybookVersionArguments🔗
Description: PlaybookVersionArguments define the fields available to lookup a single playbook. At least one of playbookVersionId or playbookVersionName must be set. If both are set, then both the id and name must match an existing playbook.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| playbookVersionName | String |
PlaybookVersionsArguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionIds | ID | ||
| connectorVersionIds | ID |
PlaybookTriggersV2Arguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookTriggerIds | ID | ||
| playbookTriggerTypeIds | ID | ||
| enabled | Boolean | If set to true, only return enabled triggers. Return cached results if possible. |
PlaybookTriggersV3Arguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| triggerType | String |
PlaybookTriggerTypesV2Arguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookTriggerTypeIds | ID |
PlaybookExportArguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| name | String | ||
| playbookVersionId | ID | Optional - if set, then the export will export the specified version by id otherwise it will default to the head version. If both version and playbookVersionId are set, then playbookVersionId will override the version field. |
|
| version | SemVer | Optional - if set, then the export will export the specified version by semver otherwise it will default to the head version. If both version and playbookVersionId are set, then playbookVersionId will override this field. |
PlaybookInterfaceArguments🔗
Description: PlaybookInterfaceArguments define the fields to lookup a single PlaybookInterface. At least one of playbookInterfaceId or playbookInterfaceName must be set. If both are set, then both the id and name must match an existing PlaybookInterface.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceId | ID | ||
| playbookInterfaceName | String |
PlaybookInterfacesArguments🔗
Description: PlaybookInterfacesArguments define the fields to lookup many PlaybookInterfaces.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceIds | ID | ||
| tags | Tags |
PlaybookInterfaceVersionArguments🔗
Description: PlaybookInterfaceVersionArguments define the fields to lookup a single PlaybookInterfaceVersion. At least one of playbookInterfaceVersionId or playbookInterfaceVersionName must be set. If both are set, then both the id and name must match an existing PlaybookInterfaceVersion.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionId | ID | ||
| playbookInterfaceVersionName | String |
PlaybookInterfaceVersionsArguments🔗
Description: PlaybookInterfaceVersionsArguments defines the fields to lookup a list of PlaybookInterfaceVersions. All parameters are optional. If the playbookInterfaceID is provided, it will match all PlaybookInterfaceVersions that match that PlaybookInterface ID. If the playbookInterfaceVersionNames is provided, then the names of the PlaybookInterfaceVersions or the PlaybookInterfaces must match this list. While both parematers can be suppled, in most cases only one of the parameters is typically used.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionIds | ID | ||
| playbookInterfaceId | ID | ||
| playbookInterfaceVersionNames | String |
PlaybookInterfaceExportArguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceId | ID | ||
| playbookInterfaceName | String |
PlaybookExecutionsV2Arguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| first | Int | Returns the first n results (used for forward traversal) | |
| after | String | Used to get the next page of results in conjunction with first; after the endCursor of the current page (used for forward traversal) | |
| last | Int | Returns the last n results of a previous page when used in conjunction with before (used for backwards traversal) | |
| before | String | Used to get the previous page of results; before the startCursor of the current page (used for backwards traversal) | |
| sortBy | PlaybookExecutionsSort | ||
| orderBy | PaginationOrder | ||
| playbookInstanceId | ID | ||
| playbookVersionId | ID | ||
| state | PlaybookState | ||
| states | PlaybookState | ||
| createdAtFrom | Time | ||
| createdAtTo | Time | ||
| updatedAtFrom | Time | ||
| updatedAtTo | Time | ||
| executionIDs | ID | ||
| targetResourceIDs | String | ||
| triggerContext | String | ||
| triggerCategory | String |
PlaybookValidationArguments🔗
Description: PlaybookValidationInput defines the inputs required to validate a Playbook. Only one of these fields is used. If both are specified, the "file" value will be used.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| file | Upload | ||
| yaml | String |
PlaybookValidationArgumentsV2🔗
Description: PlaybookValidationArgumentsV2 defines the inputs required to validate a Playbook. Either "yaml" or the "file" field is used. If both are specified, the "file" value will be used.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| file | Upload | ||
| yaml | String | ||
| connectors | ID | ||
| playbooks | ID | ||
| interfaces | ID |
PlaybooksImplementingArguments🔗
Description: PlaybookImplementsArguments defines a list of interface versions to search for playbooks that implement that interface version. Either the IDs of the interface version or the names of the interface version can be supplied. If the both are specified, only the IDs will be used.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionIDs | ID | ||
| playbookInterfaceVersionNames | String |
PlaybookActivityArguments🔗
Description: PlaybookActivityArguments defines the arguments used to find information about a Playbook used for Simplified Playbook Configuration. If the Playbook doesn't support a simplification type then an error is returned.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookID | ID | Playbook ID | |
| playbookInstanceId | ID | Playbook Instance ID |
PlaybookValidationError🔗
Description: PlaybookValidationError represents an error detected on the playbook dsl (format/missing values/etc.)
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| message | String | ||
| lineno | Int |
PlaybookDSLValidation🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| errors | PlaybookValidationError | ||
| warnings | PlaybookValidationError | ||
| dsl | JSONObject |
PlaybookExecutionsSort🔗
Description: PlaybookExecutionsOrder defines the fields that may be used to sort the PlaybookExecutions results
PaginationOrder🔗
Description: PaginationOrder defines the fields that may be used to order the results in ascending or descending order. Note that ASCENDING is the default.
PlaybooksSortField🔗
Description: PlaybooksSortField determines the sort order when retrieving a list of Playbooks. If no sort field is provided, the list will be sorted by NAME.
PlaybookInstancesSortField🔗
Description: PlaybookInstancesSortField determines the sort order when retrieving a list of Playbook Inatancess. If no sort field is provided, the list will be sorted by NAME.
InstanceSortField🔗
Description: InstanceSortFiled determines the sort order when retriveing a list of Playbook Instances. If no sort field is provided, the list will be sorted by NAME.
PlaybookExport🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| export | String |
PlaybookInterfaceExport🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| export | String |
Node🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
TDRUser🔗
Description: Used by Nautilus to resolve the Red Cloak TDR user model.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
ConnectorCategory🔗
Description: ConnectorCategory is a grouping/categorization of available connectors/playbooks (e.g. IP reputation services, DNS lookup, etc)
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
ConnectorInterface🔗
Description: ConnectorInterface defines an abstract interface (set of actions) that could be implemented by multiple connectors
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
ConnectorVersion🔗
Description: ConnectorVersion contains the versioned attributes of a connector interface
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
Connector🔗
Description: Connector is an entry in catalog of available connectors (e.g. service now connector based on generic http connector service)
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
Connection🔗
Description: Connection is a per-tenant configuration of a connector/actions
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
PlaybookTriggerType🔗
Description: PlaybookTriggerType defines an available triggering mechanism
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| parameters | JSONSchema |
PlaybookTrigger🔗
Description: PlaybookTrigger defines a set of attributes common to different trigger types
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tenant | String | ||
| type | PlaybookTriggerType | ||
| config | JSONObject | ||
| isPreApproved | Boolean | Designates that the action is a pre-approved Action | |
| approvedBy | String | If the trigger is pre-approved this field holds the user who created or set the pre-approval | |
| approvedBySubject | Subject | If the trigger is pre-approved this field holds the subject who created or set the pre-approval | |
| instance | PlaybookInstance | ||
| rn | RN | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookTriggerFilter🔗
Description: PlaybookTriggerFilter defines an expression that is used by trigger-platform to filter out unwanted events. During event evaluation, if the event matches one of these filters, it's skipped and no triggers will be executed. While trigger-filters are global, the tenant will be used to designate the rule's tenant if the filter was created as a result of a circuit breaker event.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tenant | String | ||
| config | JSONObject | ||
| ruleId | ID | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookInterface🔗
Description: PlaybookInterface defines a contract that can be implemented by one ore more playbooks
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| tenant | String | ||
| tags | String | ||
| head | PlaybookInterfaceVersion | ||
| versions | PlaybookInterfaceVersion | ||
| rn | RN | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookInterfaceVersion🔗
Description: PlaybookInterfaceVersion maintains a change record of the playbook interface.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| version | SemVer | ||
| published | Time | ||
| publishedBy | String | ||
| publishedBySubject | Subject | ||
| interface | PlaybookInterface | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookInterfaceVersionPlaybookVersions🔗
Description: PlaybookInterfacePlaybookVersions is a mapping of playbook interface version to playbook versions that implement that interface
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| interface | PlaybookInterfaceVersion | ||
| versions | PlaybookVersion |
PlaybookActivityList🔗
Description: PlaybookActivityList is used to return the information about a Playbook and it's configured Activities and Activities that could be configured. This is specialized for Simplified Playbook Configuration where only one Playbook Instance designated "simplified" is possible. Also, the Playbook should use only one interface.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| activities | PlaybookActivity | Activities that have been configured or can be configured | |
| instance | PlaybookInstance | The Playbook Instance, if one is already configured. |
PlaybookActivity🔗
Description: PlaybookActivity represents either an existing configured Activity (PlaybookInterfaceInstance) or one that could be configured. The PlaybookInterface can be found in the main Playbook.Head.Interfaces[0] (there should only be one). The PlaybookInterface will be the same for each entry.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterface | PlaybookInterface | Playbook Interface. This will be the same for all Activities in the same Playbook | |
| connection | Connection | Connections already configured with the Activity or available Connections for this Playbook. Platform Connections are omitted. | |
| connectorVersion | ConnectorVersion | Connector requirement for this Activity, if any. Multiple connector requirements are not supported for simplified playbooks and Platform Connectors are omitted. | |
| configured | Boolean | If configured is true, this is an existing Activity that has already been configured on the provided Instance | |
| interfaceVersion | PlaybookInterfaceVersion | The Playbook Interface Version configured for this instance. This will be the HEAD version of the Interface if not configured. | |
| playbookVersion | PlaybookVersion | The Playbook Version configured for this instance. This will be the HEAD version of the Playbook if not configured. Drafts are not supported. |
Playbook🔗
Description: Playbook is an entry in catalog of available playbooks
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| tags | String | ||
| icon | String | ||
| tenant | String | ||
| head | PlaybookVersion | ||
| versions | PlaybookVersion | ||
| instances | PlaybookInstance | ||
| categories | ConnectorCategory | ||
| rn | RN | ||
| isGlobal | Boolean | ||
| simplifiedType | SimplifiedType | Playbook Type determines if this Playbook can be used by the UI for simplification of configuring Playbook Instances. |
|
| title | String | ||
| description | String | ||
| requires | ConnectorInterface | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
SimplifiedType🔗
Description: SimplifiedType shows the intended use of the Playbook. This field is used to help simplify playbook configuration. Values other than None are typically used for configuring playbooks using the simplified playbook UI.
PlaybookVersion🔗
Description: PlaybookVersion maintains a change record of the playbook definition. Multiple versions of a playbook could be in use concurrently
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| version | SemVer | ||
| published | Time | ||
| publishedBy | String | ||
| publishedBySubject | Subject | ||
| playbook | Playbook | ||
| instances | PlaybookInstance | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| connectors | ConnectorVersion | ||
| playbooks | PlaybookVersion | ||
| interfaces | PlaybookInterfaceVersion | ||
| triggerHints | PlaybookTriggerHint | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| dslSource | String | ||
| implements | PlaybookInterfaceVersion | ||
| dsl | JSONObject | ||
| rn | RN | ||
| deprecated | Boolean | ||
| deprecationReason | String | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser | ||
| fastExecute | Boolean |
PlaybookVersionStrategy🔗
Description: PlaybookVersionStrategy determines how an instance is upgraded when new versions are published
PlaybookInstance🔗
Description: PlaybookInstance defines the configuration of a playbook in a user account
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tags | String | ||
| tenant | String | ||
| playbook | Playbook | ||
| version | PlaybookVersion | ||
| versionStrategy | PlaybookVersionStrategy | ||
| trigger | PlaybookTrigger | ||
| enabled | Boolean | ||
| inputs | JSONObject | ||
| retries | PlaybookRetries | ||
| connections | Connection | ||
| interfaces | PlaybookInterfaceInstance | ||
| schedules | PlaybookSchedule | ||
| rn | RN | ||
| simplified | Boolean | The simplified flag denotes that the instance was created from one of the Playbook Templates denoted to be part of the Playbook Simplification procedures. Only one Playbook Instance can exist per Playbook of this type for a tenant. The value is determined by a parameter in the createPlaybookInstance mutation. |
|
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookSchedule🔗
Description: PlaybookSchedule defines the scheduling of a PlaybookInstance
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tenantId | String | Tenant that owns the playbook. Could be a Partner Tenant | |
| playbookInstance | PlaybookInstance | Playbook Instance to execute | |
| cron | String | cron definition of when to execute the playbook | |
| timeZone | String | IANA Time Zone for the schedule. Defaults to UTC | |
| paused | Boolean | Indicator showing if the schedule is paused in Temporal | |
| inputs | JSONObject | Input to the Playbooks | |
| childType | ChildTypeField | If a Partner Tenant owns the Playbook then childType shows how to run on child Tenant. Defaults to NONE | |
| childExpression | String | If childType is EXPRESSION then childExpression contains CEL expression that determines child Tenants. Some examples: tenant.services.exists(s, s.name in ['MDR']) tenant.services.exists(s, s.name == 'Taegis Native Agent') tenant.id in ['11772', '35959'] |
|
| rn | RN | Resource information | |
| nextRun | Time | Next scheduled execution |
PlaybookInterfaceInstance🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| interface | PlaybookInterface | ||
| version | PlaybookInterfaceVersion | ||
| playbook | PlaybookVersion | ||
| connections | Connection |
PlaybookRetries🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| initialInterval | Int | ||
| maximumInterval | Int | ||
| backoffCoefficient | Float | ||
| maximumRetries | Int | ||
| maximumDuration | Int | ||
| InitialInterval | Int | ||
| MaximumInterval | Int | ||
| BackoffCoefficient | Float | ||
| MaximumRetries | Int | ||
| MaximumDuration | Int |
Float🔗
Description: The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
PlaybookObject🔗
PlaybookState🔗
PlaybookEvent🔗
Description: PlaybookEvents represents a trace event withing the execution of the workflow
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | Int | ||
| object | PlaybookObject | ||
| state | PlaybookState | ||
| name | String | ||
| timestamp | Time | ||
| inputs | JSONObject | ||
| outputs | Any | ||
| reason | String | ||
| attempt | Int |
PlaybookExecution🔗
Description: PlaybookExecution represents the state of a current playbook execution
Multi-Resolving Federation for this type is currently limited to the first 10 ids provided in the federation request. Any more than that and performance issues may arise.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | Subject is not a promised field due to platform created executions not having a subject - these will appear as 'anonymous' in the createdBy field | |
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| state | PlaybookState | Subject is not a promised field due to platform updated executions not having a subject - these will appear as 'anonymous' in the updatedBy field | |
| tenant | String | ||
| instance | PlaybookInstance | ||
| version | PlaybookVersion | ||
| inputs | JSONObject | ||
| outputs | Any | ||
| summary | String | ||
| runId | String | ||
| events | PlaybookEvent | ||
| executionTime | Int | ||
| parentExecution | ID | ||
| targetResource | String | Target Resource describes the platform resource context that this playbook execution was triggered from | |
| targetResourceTenant | String | Tenant where targetResource lives | |
| reason | String | Reason for action | |
| triggerCategory | String | Trigger Category denotes the category of the the trigger that was used to execute the playbook at that time | |
| triggerContext | String | Trigger Context denotes the context of the the trigger that was used to execute the playbook at that time | |
| rn | RN | Resource Information | |
| type | PlaybookExecutionType | deprecated: do not use | |
| updatedByUser | TDRUser | ||
| createdByEmail | String | ||
| createdByUser | TDRUser |
PlaybookExecutionType🔗
Description: deprecated: do not use
PlaybookExecutions🔗
Description: PlaybookExecutions represents a list of executions along with other metadata like pagination
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| executions | PlaybookExecution | ||
| nodes | PlaybookExecution | ||
| totalCount | Int |
PlaybookExecutionsV2🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| totalCount | Int | ||
| playbookExecutions | PlaybookExecution | ||
| pageInfo | PageInfo |
PageInfo🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| endCursor | String | ||
| hasNextPage | Boolean | ||
| startCursor | String | ||
| hasPreviousPage | Boolean |
PlaybookExecutionLog🔗
Description: PlaybookExecutionLog represents a log entry from an executed playbook with it's children and status logs attached
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| taskID | Float | ||
| parentID | Float | ||
| message | JSONObject | ||
| children | Any | ||
| statusLogs | Any | ||
| createdAt | Time |
PlaybookResource🔗
PlaybookQueueStatistics🔗
Description: PlaybookQueueStatistics contains information about queued playbooks
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| maxMsgs | Float | ||
| maxBytes | Float | ||
| msgs | Float | ||
| bytes | Float | ||
| firstSeq | Float | ||
| lastSeq | Float | ||
| highMsgs | Float | ||
| normalMsgs | Float | ||
| executions | ID |
PlaybookTriggerHint🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| isProactiveResponse | Boolean | ||
| type | String | ||
| config | JSONObject | ||
| celHints | PlaybookCelHint |
PlaybookCelHint🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| expr | String |
PlaybooksQLResponse🔗
Description: ConcreteSubject represents the underlying subject
PlaybooksQLResult🔗
Description: Object types that can be returned by QL search queries (will add more as we need them)
PlaybooksQLPagination🔗
Description: Pagination information for QL responses
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| nextCursor | String | Cursor for the next page, if any. Will be null when we are at the end of the result set | |
| previousCursor | String | Cursor for the previous page, if any. Will be null when we are at beginning of the result set | |
| cursor | String | The cursor for the current page. | |
| totalCount | Int | How many records are available for the given search criteria |
PlaybooksQLSearchResponse🔗
Description: Response wrapper for Playbooks QL queries
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| data | PlaybooksQLResult | List of objects being returned, initially only playbook instances, but can be extended if we need to add more stuff (e.g. versions as 'main' type) | |
| pagination | PlaybooksQLPagination | Pagination data for the response above |
PlaybooksQLMapResponse🔗
Description: Represents an aggregated or not graphql model response from a QL query
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| fields | String | Fields or columns being returned in this response | |
| data | Map | The actual response data, an object/map because the fields or columns are defined by the query (either by aggregation or by FIELDS) | |
| pagination | PlaybooksQLPagination | Pagination data if applicable, i.e. when the unstructured response is a search query with FIELDS |
Mutation🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| createPlaybook | Playbook | Create new playbook | input: CreatePlaybookInput |
| clonePlaybook | Playbook | Clone an existing playbook | input: ClonePlaybookInput |
| updatePlaybook | Playbook | Update playbook | input: UpdatePlaybookInput |
| deletePlaybook | Playbook | Delete playbook | input: DeletePlaybookInput |
| importPlaybookV2 | Playbook | Import Playbook from file | input: ImportPlaybookInput |
| importPlaybookResource | PlaybookResource | Import Playbook Resource from file | input: ImportPlaybookInput |
| deprecatePlaybook | Playbook | Deprecate playbook | input: DeprecatePlaybookInput |
| unDeprecatePlaybook | Playbook | Undeprecate playbook | input: UndeprecatePlaybookInput |
| executePlaybook | PlaybookExecution | Execute playbook with supplied parameters | playbookId: ID, parameters: JSONObject, targetResource: String |
| cancelPlaybookExecution | PlaybookExecution | Cancel one or more plabyook executions | input: CancelPlaybookExecutionInput |
| reexecutePlaybooks | PlaybookExecution | Re-execute a playbook | input: ReexecutePlaybooksInput |
| createPlaybookVersion | PlaybookVersion | Creates a new playbook version in draft mode | playbookId: ID, input: CreatePlaybookVersionInput |
| updatePlaybookVersion | PlaybookVersion | Update an existing draft playbook version | input: UpdatePlaybookVersionInput |
| publishPlaybookVersion | PlaybookVersion | Publishing a playbook version makes it immutable and sets it as the current head Deleting a published playbook version is not supported" |
input: PublishPlaybookVersionInput |
| deletePlaybookVersion | PlaybookVersion | Deletes the specified draft playbook version | input: DeletePlaybookVersionInput |
| deprecatePlaybookVersion | PlaybookVersion | Deprecate Playbook Version | input: DeprecatePlaybookVersionInput |
| unDeprecatePlaybookVersion | PlaybookVersion | Undeprecate Playbook Version | input: UndeprecatePlaybookVersionInput |
| createPlaybookInstance | PlaybookInstance | Create new playbook instance | playbookId: ID, instance: PlaybookInstanceInput |
| updatePlaybookInstanceV2 | PlaybookInstance | Update playbook instance This update, unlike updatePlaybookInstance, will not update fields that are not sent in the request. It is a PATCH not a PUT |
input: UpdatePlaybookInstanceInput |
| deletePlaybookInstance | PlaybookInstance | Delete playbook instance | playbookInstanceId: ID |
| updateResponseActionPreApproval | PlaybookInstance | Update the pre-approval status for all pro-active response actions in a tenant. Returns a list of Playbook Instances that were updated. | input: UpdatePreApprovalInput |
| createPlaybookExecution | PlaybookExecution | Log playbook trigger / execution status | input: PlaybookExecutionInput |
| executePlaybookInstanceV2 | PlaybookExecution | Execute playbook instance | input: ExecutePlaybookInstanceV2Input |
| playbookValidate | PlaybookValidationError | Validate Playbook or just the DSL | arguments: PlaybookValidationArguments |
| createPlaybookInterfaceVersion | PlaybookInterfaceVersion | Create PlaybookInterfaceVersion | playbookInterfaceId: ID, input: CreatePlaybookInterfaceVersionInput |
| updatePlaybookInterfaceVersion | PlaybookInterfaceVersion | Update PlaybookInterfaceVersion | input: UpdatePlaybookInterfaceVersionInput |
| deletePlaybookInterfaceVersion | PlaybookInterfaceVersion | Deletes the specified playbook interface version | input: DeletePlaybookInterfaceVersionInput |
| publishPlaybookInterfaceVersion | PlaybookInterfaceVersion | Publish a Playbook Interface Version | input: PublishPlaybookInterfaceVersionInput |
| createPlaybookInterface | PlaybookInterface | Create new playbook interface | input: CreatePlaybookInterfaceInput |
| updatePlaybookInterface | PlaybookInterface | Update playbook interface | input: UpdatePlaybookInterfaceInput |
| deletePlaybookInterface | PlaybookInterface | Delete the specified playbook interface | input: DeletePlaybookInterfaceInput |
| createPlaybookTriggerFilter | PlaybookTriggerFilter | Create a new trigger filter | input: CreatePlaybookTriggerFilterInput |
| updatePlaybookTriggerFilter | PlaybookTriggerFilter | Update an existing trigger filter | input: UpdatePlaybookTriggerFilterInput |
| deletePlaybookTriggerFilter | PlaybookTriggerFilter | Delete a trigger filter | input: DeletePlaybookTriggerFilterInput |
| createPlaybookSchedule | PlaybookSchedule | Create a Playbook Schedule | input: CreatePlaybookScheduleInput |
| updatePlaybookSchedule | PlaybookSchedule | Update a Playbook Schedule | input: UpdatePlaybookScheduleInput |
| pausePlaybookSchedule | PlaybookSchedule | Pause a Playbook Schedule | input: PausePlaybookScheduleInput |
| unpausePlaybookSchedule | PlaybookSchedule | Unpause a Playbook Schedule | input: PausePlaybookScheduleInput |
| deletePlaybookSchedule | PlaybookSchedule | Delete a Playbook Schedule | input: DeletePlaybookScheduleInput |
| updatePlaybookInstance | PlaybookInstance | playbookInstanceId: ID, instance: PlaybookInstanceInput | |
| setPlaybookInstanceState | PlaybookInstance | playbookInstanceId: ID, enabled: Boolean | |
| executePlaybookInstance | PlaybookExecution | playbookInstanceId: ID, parameters: JSONObject, targetResource: String | |
| playbookValidateDSL | PlaybookValidationError | arguments: PlaybookValidationArguments |
PlaybooksQLInput🔗
Description: Input object for Taegis QL queries
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| ql | String | QL (CQL) query string | |
| cursor | String | Optional Cursor for pagination, get from the previous request. It represents a page and a record count | |
| count | Int | If present, and cursor is not present, use this as page size (otherwise the data in the cursor will be used). Be aware, this does not override HEAD or TAIL in the query |
ExecutePlaybookInstanceV2Input🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ID of the playbook instance to execute | |
| parameters | JSONObject | Parameters (inputs) to pass to the playbook instance to use for execution | |
| targetResource | String | Target Resource describes the platform resource context that this playbook execution was triggered from. IE: Alert ID, Investigation ID, Event ID, Asset ID, Entity ID, etc... |
|
| targetResourceTenant | String | Tenant where the targetResource lives - may be different than the playbook tenant | |
| reason | String | Reason for action | |
| investigationId | ID | investigationId is an optional field that is used to associate a proactive response action with an investigation. It should only be set if the execution is a proactive response action and the user triggering the action is a Secureworks user. |
CreatePlaybookInput🔗
Description: CreatePlaybookInput defines the playbook fields that are required and/or available on creation of a playbook
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| tags | Tags | ||
| icon | String | ||
| categories | IDs | ||
| version | CreatePlaybookVersionInput | ||
| simplifiedType | SimplifiedType | ||
| isGlobal | Boolean |
UpdatePlaybookInput🔗
Description: UpdatePlaybookInput defines the fields required and the mutable fields that can be used to update a playbook.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| tags | String | ||
| icon | String | ||
| categories | IDs | ||
| head | ID |
ClonePlaybookInput🔗
Description: ClonePlaybookInput defines the fields required to clone a playbook
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | name of the playbook. The name cannot contain spaces and may be used as a reference in other playbooks. Once set, it cannot be changed. |
|
| playbookId | ID | playbookId is the id of the playbook to clone Deprecated: It is no longer required, only a versionId is needed. |
|
| versionId | ID | versionId is the id of the playbook version that should be cloned | |
| title | String | title is an optional field to define a display name for the playbook. If this is left nil then the name will be used for display. |
|
| isGlobal | Boolean | Deprecated: do not use |
DeletePlaybookInput🔗
Description: DeletePlaybookInput defines the fields required to delete a playbook
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID |
ReexecutePlaybooksInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| executionIDs | ID |
ImportPlaybookInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| file | Upload | ||
| isGlobal | Boolean |
DeprecatePlaybookInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| deprecationReason | String |
UndeprecatePlaybookInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID |
DeprecatePlaybookVersionInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| deprecationReason | String |
UndeprecatePlaybookVersionInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID |
CreatePlaybookVersionInput🔗
Description: CreatePlaybookVersionInput defines the fields used to create a playbook version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| connectors | IDs | ||
| playbooks | IDs | ||
| triggerHints | PlaybookTriggerHintInput | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| dsl | YAMLObject | ||
| version | SemVer | ||
| implements | ID | ||
| interfaces | IDs | ||
| requires | IDs | ||
| fastExecute | Boolean |
UpdatePlaybookVersionInput🔗
Description: UpdatePlaybookVersionInput defines the mutable fields of a playbook version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| connectors | IDs | ||
| playbooks | IDs | ||
| triggerHints | PlaybookTriggerHintInput | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| dsl | YAMLObject | ||
| version | SemVer | ||
| implements | ID | ||
| interfaces | IDs | ||
| requires | IDs | ||
| fastExecute | Boolean |
PublishPlaybookVersionInput🔗
Description: PublishPlaybookVersionInput defines the fields required to publish a playbook version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| version | SemVer |
DeletePlaybookVersionInput🔗
Description: DeletePlaybookVersionInput defines the fields needed to delete a playbook version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID |
PlaybookInstanceInput🔗
Description: PlaybookInstanceInput defines the mutable fields of a playbook instance
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| tags | Tags | ||
| versionStrategy | PlaybookVersionStrategy | The desired strategy that should be followed when a playbook is updated or a new version is published. This field should be treated as if it was required (subsequent api versions will require it) but if not provided, it will default FollowMajorVersion or the existing strategy for the instance. |
|
| fixedVersion | ID | ||
| version | ID | The desired playbook version the instance should use. If not provided, it will default to the current head version of the playbook. If the versionStrategy is set to fixed, the version will not automatically update; for all other strategies, the version will automatically update based on the selected strategy when new playbooks are published. |
|
| trigger | PlaybookTriggerInput | ||
| enabled | Boolean | ||
| inputs | JSONObject | ||
| connections | IDs | ||
| interfaces | PlaybookInterfaceInstanceInput | ||
| simplified | Boolean | The simplified flag is passed in by the UI denoting that the Playbook Instance is being created from the simpilified UI and not the normal UI used to created Playbook Instances. This ensures that only one Playbook Instances is created for each Playbook used for simplified configuration. This flag is only used for the create call and otherwise defaults to False. |
UpdatePlaybookInstanceInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| name | String | ||
| description | String | ||
| tags | Tags | ||
| versionStrategy | PlaybookVersionStrategy | The desired strategy that should be followed when a playbook is updated or a new version is published. This field should be treated as if it was required (subsequent api versions will require it) but if not provided, it will default FollowMajorVersion or the existing strategy for the instance. |
|
| version | ID | The desired playbook version the instance should use. If not provided, it will default to the current head version of the playbook. If the versionStrategy is set to fixed, the version will not automatically update; for all other strategies, the version will automatically update based on the selected strategy when new playbooks are published. |
|
| trigger | UpdatePlaybookTriggerInput | ||
| enabled | Boolean | ||
| inputs | JSONObject | ||
| connections | IDs | ||
| interfaces | PlaybookInterfaceInstanceInput |
PlaybookTriggerHintInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| isProactiveResponse | Boolean | ||
| type | String | ||
| config | JSONObject |
PlaybookTriggerInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| tags | Tags | ||
| typeId | ID | ||
| config | JSONObject | ||
| isPreApproved | Boolean |
UpdatePlaybookTriggerInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| tags | Tags | ||
| typeId | ID | ||
| config | JSONObject | ||
| isPreApproved | Boolean |
PlaybookInterfaceInstanceInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| interface | ID | ||
| version | ID | ||
| playbook | ID | ||
| connections | IDs |
PlaybookExecutionLogLevel🔗
PlaybookExecutionLogInput🔗
Description: PlaybookExecutionLogInput defines logs to be recorded
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| level | PlaybookExecutionLogLevel | ||
| message | String | ||
| fields | JSONObject | ||
| error | String |
PlaybookExecutionInput🔗
Description: PlaybookExecutionInput allows for an external trigger to create a playbook execution to record errors evaluating filter conditions
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| state | PlaybookState | ||
| inputs | JSONObject | ||
| logs | PlaybookExecutionLogInput | ||
| targetResource | String | ||
| targetResourceTenant | String |
Pagination🔗
Description: Pagination defines the options for requesting specific pages and the number of results per page
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| page | Int | ||
| perPage | Int |
CreatePlaybookInterfaceVersionInput🔗
Description: CreatePlaybookInterfaceVersionInput defines the fields used to create a playbook interface version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| version | SemVer |
UpdatePlaybookInterfaceVersionInput🔗
Description: UpdatePlaybookInterfaceVersionInput defines the fields used to update a playbook interface version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| interfaceVersionId | ID | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| version | SemVer |
DeletePlaybookInterfaceVersionInput🔗
Description: DeletePlaybookInterfaceVersionInput defines the fields needed to delete a playbook interface version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionId | ID |
PublishPlaybookInterfaceVersionInput🔗
Description: PublishPlaybookInterfaceVersionInput defines the fields required to publish a playbook interface version
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionId | ID | ||
| version | SemVer |
CreatePlaybookInterfaceInput🔗
Description: CreatePlaybookInterfaceInput defines the fields needed to create a playbook interface
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| tags | String | ||
| icon | String | ||
| version | CreatePlaybookInterfaceVersionInput |
UpdatePlaybookInterfaceInput🔗
Description: UpdatePlaybookInterfaceInput defines the fields needed to update a playbook interface
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| interfaceId | ID | ||
| tags | String | ||
| icon | String | ||
| head | ID |
DeletePlaybookInterfaceInput🔗
Description: DeletePlaybookInterfaceInput defines the fields needed to delete a playbook interface
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceId | ID |
QueryOptions🔗
Description: QueryOptions provides the ability to override default query behavior
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| timestampAscending | Boolean | reversed default timestamp order of descending | |
| maxRows | Int | ||
| timestampField | String |
PlaybookStatistics🔗
Description: Playbook Statistics
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| table | String | ||
| columns | String | ||
| rows | Any |
CancelPlaybookExecutionInput🔗
Description: Cancel Playbook Executions
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| executionIDs | ID | ||
| instanceIDs | ID | ||
| startTime | Time | ||
| endTime | Time | ||
| clearQueue | Boolean | ||
| cancelExecutions | Boolean | ||
| reason | String | ||
| global | Boolean | ||
| query | String | ||
| skipAuditLogs | Boolean |
CreatePlaybookTriggerFilterInput🔗
Description: Create Playbook Trigger
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| config | JSONObject | ||
| ruleId | ID |
UpdatePlaybookTriggerFilterInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| name | String | ||
| description | String | ||
| config | JSONObject | ||
| ruleId | String |
DeletePlaybookTriggerFilterInput🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
PlaybookScheduleArguments🔗
Description: PlaybookScheduleArguments contains the parameters to retrieve a Playbook Schedule
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| scheduleId | ID |
PlaybookSchedulesArguments🔗
Description: PlaybookSchedulesArguments holds the query parameters for listing a set of Playbook Schedules
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| sortBy | ScheduleSortField | ||
| orderBy | PaginationOrder | ||
| page | Int | ||
| perPage | Int |
ScheduleSortField🔗
Description: InstanceSortFiled determines the sort order when retrieving a list of Playbook Schedules. If no sort field is provided, the list will be sorted by NAME.
PlaybookSchedulesResults🔗
Description: PlaybookSchedulesResults contains the list of Playbook Schedules returned as a result of the Playbook Schedule Search
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| results | PlaybookSchedule | ||
| count | Int |
CreatePlaybookScheduleInput🔗
Description: CreatePlaybookScheduleInput contains the parameters to create a new Playbook Schedule
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | Name of the Playbook schedule | |
| description | String | Playbook schedule description | |
| playbookInstance | ID | Playbook Instance to run when schedule is triggered | |
| cron | String | cron definition of schedule | |
| timeZone | String | IANA Time Zone for the schedule. Defaults to UTC | |
| paused | Boolean | Indication that the schedule is currently paused | |
| inputs | JSONObject | Playbook execution inputs | |
| childType | ChildTypeField | Indicates whether the Playbook execution is on the specified Tenant or child Tenants | |
| childExpression | String | Expression used to find child Tenants if childType is EXPRESSION |
UpdatePlaybookScheduleInput🔗
Description: UpdatePlaybookScheduleInput contains the parameters to update an existing Playbook Schedule
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | Schedule ID | |
| name | String | Name of the Playbook schedule | |
| description | String | Playbook schedule description | |
| playbookInstance | ID | Playbook Instance to run when schedule is triggered | |
| cron | String | cron definition of schedule | |
| timeZone | String | IANA Time Zone for the schedule. Defaults to UTC. Must be specified if the cron string is provided. Ignored otherwise. | |
| inputs | JSONObject | Playbook execution inputs | |
| childType | ChildTypeField | Indicates whether the Playbook execution is on the specified Tenant or child Tenants | |
| childExpression | String | Expression used to find child Tenants if childType is EXPRESSION |
ChildTypeField🔗
Description: ChildTypeField defines the types allowed for locating child tenants when scheduling a Playbook to run on child tenants. If the tenant is not a Partner tenant, then NONE is the only possible value.
PausePlaybookScheduleInput🔗
Description: PausePlaybookScheduleInput contains the parameters to pause or unpause a Playbook Schedule
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| scheduleId | ID | Schedule ID | |
| reason | String | Reason for pausing or unpausing the schedule |
DeletePlaybookScheduleInput🔗
Description: DeletePlaybookScheduleInput contains the parameters to delete a Playbook Schedule
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| scheduleId | ID | Schedule ID |
Subscription🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookExecutionUpdates | PlaybookExecution | arguments: PlaybookExecutionUpdatesArguments |
PlaybookExecutionUpdatesArguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookExecutionIds | ID |
ReconcileInstanceVersionsArguments🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| playbookVersionId | ID |
UpdatePreApprovalInput🔗
Description: UpdatePreApprovalInput contains the parameters for updating the pre-approved status of all proactive response actions for a tenant. The tenant is identified by the X-Tenant-Context header. All 'simplified' actions that are designated as proactive response actions will have the isPreApproved flag reset to the 'approved' value.
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| approved | Boolean | approved designates whether the pre-approval status should be enabled or disabled. The 'true' option isn't currently supported. Defaults to 'false' |
Subject🔗
Fields🔗
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
Time🔗
Description: Time implementation for this library.
JSONSchema🔗
Description: JSON schema
JSONObject🔗
Description: JSON payload
YAMLObject🔗
Description: YAML payload
SemVer🔗
Description: Semantic Version
Any🔗
Description: interface
Tags🔗
Description: list of tags
IDs🔗
Description: list of IDs
Upload🔗
Description: File to upload
RN🔗
Description: resource information
Map🔗
Description: map scalar