Playbooks GraphQL API๐
Query๐
Description: Red Cloak TDR API is based on GraphQL, which can either be a read (Query) or a write (Mutation) operation. A GraphQL query is used to read or fetch values; mutations write or post values. Responses are provided in a JSON format.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| node | Node | id: ID | |
| tenantContext | TenantContext | ||
| playbook | Playbook | playbookId: ID | |
| playbookV2 | Playbook | arguments: PlaybookArguments | |
| playbooks | Playbook | categoryId: ID, tags: Tags | |
| playbooksV2 | Playbook | arguments: PlaybooksV2Arguments | |
| playbookList | PlaybooksListResults | arguments: PlaybookListArguments | |
| playbookVersion | PlaybookVersion | arguments: PlaybookVersionArguments | |
| playbookVersions | PlaybookVersion | arguments: PlaybookVersionsArguments | |
| playbookInstance | PlaybookInstance | playbookInstanceId: ID | |
| playbookInstances | PlaybookInstance | playbookInstanceIds: ID, playbookId: ID, tags: Tags, connections: IDs | |
| playbookInstancesV2 | PlaybookInstance | arguments: PlaybookInstancesArguments | |
| playbookInstanceList | PlaybookInstancesListResults | arguments: PlaybookInstanceListArguments | |
| playbookExecution | PlaybookExecution | playbookExecutionId: ID | |
| playbookExecutions | PlaybookExecutions | playbookInstanceId: ID, pagination: Pagination | |
| playbookExecutionsV2 | PlaybookExecutionsV2 | arguments: PlaybookExecutionsV2Arguments | |
| playbookExecutionLogs | PlaybookExecutionLog | playbookExecutionId: ID | |
| playbookTrigger | PlaybookTrigger | playbookTriggerId: ID | |
| playbookTriggers | PlaybookTrigger | playbookTriggerTypeIds: IDs | |
| playbookTriggersV2 | PlaybookTrigger | arguments: PlaybookTriggersV2Arguments | |
| playbookRuntimeTriggers | PlaybookTrigger | arguments: PlaybookTriggersV3Arguments | |
| playbookTriggerType | PlaybookTriggerType | playbookTriggerTypeId: ID, playbookTriggerTypeName: String | |
| playbookTriggerTypesV2 | PlaybookTriggerType | arguments: PlaybookTriggerTypesV2Arguments | |
| playbookTriggerTypes | PlaybookTriggerType | Return the trigger configuration based on the configuration stored in the database. | |
| playbookTriggerConfiguration | PlaybookTriggerType | Return the trigger configuration via introspection. | |
| playbookExport | PlaybookExport | arguments: PlaybookExportArguments | |
| playbookTags | String | ||
| playbookQuery | PlaybookStatistics | query: String, database: String, options: QueryOptions | |
| playbookQueryV2 | PlaybookStatistics | query: String, database: String, options: QueryOptions | |
| playbookQueryV3 | PlaybooksQLResponse | Allows executing a QL (AKA CQL) query and get the results for both, aggregations and search on the current playbooks CQL schema types | input: PlaybooksQLInput |
| playbookInterface | PlaybookInterface | arguments: PlaybookInterfaceArguments | |
| playbookInterfaces | PlaybookInterface | arguments: PlaybookInterfacesArguments | |
| playbookInterfaceVersion | PlaybookInterfaceVersion | arguments: PlaybookInterfaceVersionArguments | |
| playbookInterfaceVersions | PlaybookInterfaceVersion | arguments: PlaybookInterfaceVersionsArguments | |
| playbookInterfaceExport | PlaybookInterfaceExport | arguments: PlaybookInterfaceExportArguments | |
| playbooksImplementingInterface | Playbook | arguments: PlaybooksImplementingArguments | |
| playbookVersionsImplementingInterfaceVersions | PlaybookInterfaceVersionPlaybookVersions | arguments: PlaybooksImplementingArguments | |
| playbookActivities | PlaybookActivityList | Return configured activities and activities that can be configured | arguments: PlaybookActivityArguments |
| playbookQueueStats | PlaybookQueueStatistics | Return playbook queue statistics | |
| playbookTriggerFilters | PlaybookTriggerFilter | Return trigger-platform filters | |
| playbookSchedule | PlaybookSchedule | Retrieve a single Playbook Schedule | arguments: PlaybookScheduleArguments |
| playbookSchedules | PlaybookSchedulesResults | List Playbook Scheduled | arguments: PlaybookSchedulesArguments |
| reconcileInstanceVersions | PlaybookInstance | Reconcile a version change with an existing instance | arguments: ReconcileInstanceVersionsArguments |
| playbookValidateDSLV2 | PlaybookDSLValidation | Validate DSL and tasks | arguments: PlaybookValidationArgumentsV2 |
ID๐
Description: The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
String๐
Description: The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
TenantContext๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | String | ||
| name | String | ||
| rccID | String | ||
| ctpID | String |
PlaybookArguments๐
Description: PlaybookArguments define the fields available to lookup a single playbook. At least one of playbookId or playbookName must be set. If both are set, then both the id and name must match an existing playbook.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| playbookName | String | ||
| simplified | Boolean | optional - if specified and true, then only playbook instances that are marked as simplified are returned |
Boolean๐
Description: The Boolean scalar type represents true or false.
PlaybooksV2Arguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookIds | ID | ||
| categoryId | ID | ||
| tags | Tags | ||
| createdAfter | Time | ||
| createdBefore | Time | ||
| sortBy | PlaybooksSortField | Sort field. Default to NAME. | |
| orderBy | PaginationOrder | Sort order for Playbook lists. Defaults to Ascending | |
| isDeprecated | Boolean |
PlaybookListArguments๐
Description: PlaybookListArguments describes the parameters for listing Playbooks
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| page | Int | ||
| perPage | Int | ||
| sortField | PlaybooksSortField | ||
| order | PaginationOrder | ||
| searchText | String | ||
| tags | Tags | ||
| simplifiedTypes | SimplifiedType | ||
| isDeprecated | Boolean | ||
| isGlobal | Boolean | ||
| simplifiedType | SimplifiedType |
Int๐
Description: The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
PlaybooksListResults๐
Description: PlaybooksListResults are one set of results for a List Playbooks API action
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| results | Playbook | ||
| count | Int |
PlaybookInstanceListArguments๐
Description: PlaybookInstanceListArguments describes the parameters for listing Playbook Instances. Note that if connections are included, then any Playbook Instances that directly use one of those connections, or any Playbook Instance Activity that uses one of those connections will be returned.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| page | Int | ||
| perPage | Int | ||
| sortField | PlaybookInstancesSortField | ||
| order | PaginationOrder | ||
| searchText | String | ||
| tags | Tags | ||
| enabled | Boolean | ||
| playbooks | IDs | Optional list of Playbooks IDs. List will contain Playbook Instances that are based on these Playbooks. | |
| connections | IDs | Optional list if Connection IDs. List will contain Playbook Instances that use one of these Connections - either directly or by an Activity. | |
| simplified | Boolean | Optional flag - if set to true, only return instances based on a simplified playbook |
PlaybookInstancesListResults๐
Description: PlaybookInstancesListResults are one set of results for a List Playbooks API action
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| results | PlaybookInstance | ||
| count | Int |
PlaybookInstancesArguments๐
Description: PlaybookInstancesArguments define the fields available for looking up a list of Playbook Instances. All fields are optional. Note that if connections are included, then any Playbook Instances that directly use one of those connections, or any Playbook Instance Activity that uses one of those connections will be returned.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceIds | ID | ||
| playbookId | ID | ||
| tags | Tags | ||
| connections | IDs | ||
| sortBy | InstanceSortField | ||
| orderBy | PaginationOrder | ||
| page | Int | ||
| perPage | Int |
PlaybookVersionArguments๐
Description: PlaybookVersionArguments define the fields available to lookup a single playbook. At least one of playbookVersionId or playbookVersionName must be set. If both are set, then both the id and name must match an existing playbook.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| playbookVersionName | String |
PlaybookVersionsArguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionIds | ID | ||
| connectorVersionIds | ID |
PlaybookTriggersV2Arguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookTriggerIds | ID | ||
| playbookTriggerTypeIds | ID | ||
| enabled | Boolean | If set to true, only return enabled triggers. Return cached results if possible. |
PlaybookTriggersV3Arguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| triggerType | String |
PlaybookTriggerTypesV2Arguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookTriggerTypeIds | ID |
PlaybookExportArguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| name | String | ||
| playbookVersionId | ID | Optional - if set, then the export will export the specified version by id otherwise it will default to the head version. If both version and playbookVersionId are set, then playbookVersionId will override the version field. |
|
| version | SemVer | Optional - if set, then the export will export the specified version by semver otherwise it will default to the head version. If both version and playbookVersionId are set, then playbookVersionId will override this field. |
PlaybookInterfaceArguments๐
Description: PlaybookInterfaceArguments define the fields to lookup a single PlaybookInterface. At least one of playbookInterfaceId or playbookInterfaceName must be set. If both are set, then both the id and name must match an existing PlaybookInterface.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceId | ID | ||
| playbookInterfaceName | String |
PlaybookInterfacesArguments๐
Description: PlaybookInterfacesArguments define the fields to lookup many PlaybookInterfaces.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceIds | ID | ||
| tags | Tags |
PlaybookInterfaceVersionArguments๐
Description: PlaybookInterfaceVersionArguments define the fields to lookup a single PlaybookInterfaceVersion. At least one of playbookInterfaceVersionId or playbookInterfaceVersionName must be set. If both are set, then both the id and name must match an existing PlaybookInterfaceVersion.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionId | ID | ||
| playbookInterfaceVersionName | String |
PlaybookInterfaceVersionsArguments๐
Description: PlaybookInterfaceVersionsArguments defines the fields to lookup a list of PlaybookInterfaceVersions. All parameters are optional. If the playbookInterfaceID is provided, it will match all PlaybookInterfaceVersions that match that PlaybookInterface ID. If the playbookInterfaceVersionNames is provided, then the names of the PlaybookInterfaceVersions or the PlaybookInterfaces must match this list. While both parematers can be suppled, in most cases only one of the parameters is typically used.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionIds | ID | ||
| playbookInterfaceId | ID | ||
| playbookInterfaceVersionNames | String |
PlaybookInterfaceExportArguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceId | ID | ||
| playbookInterfaceName | String |
PlaybookExecutionsV2Arguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| first | Int | Returns the first n results (used for forward traversal) | |
| after | String | Used to get the next page of results in conjunction with first; after the endCursor of the current page (used for forward traversal) | |
| last | Int | Returns the last n results of a previous page when used in conjunction with before (used for backwards traversal) | |
| before | String | Used to get the previous page of results; before the startCursor of the current page (used for backwards traversal) | |
| sortBy | PlaybookExecutionsSort | ||
| orderBy | PaginationOrder | ||
| playbookInstanceId | ID | ||
| playbookVersionId | ID | ||
| state | PlaybookState | ||
| states | PlaybookState | ||
| createdAtFrom | Time | ||
| createdAtTo | Time | ||
| updatedAtFrom | Time | ||
| updatedAtTo | Time | ||
| executionIDs | ID | ||
| targetResourceIDs | String | ||
| triggerContext | String | ||
| triggerCategory | String |
PlaybookValidationArguments๐
Description: PlaybookValidationInput defines the inputs required to validate a Playbook. Only one of these fields is used. If both are specified, the "file" value will be used.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| file | Upload | ||
| yaml | String |
PlaybookValidationArgumentsV2๐
Description: PlaybookValidationArgumentsV2 defines the inputs required to validate a Playbook. Either "yaml" or the "file" field is used. If both are specified, the "file" value will be used.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| file | Upload | ||
| yaml | String | ||
| connectors | ID | ||
| playbooks | ID | ||
| interfaces | ID |
PlaybooksImplementingArguments๐
Description: PlaybookImplementsArguments defines a list of interface versions to search for playbooks that implement that interface version. Either the IDs of the interface version or the names of the interface version can be supplied. If the both are specified, only the IDs will be used.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionIDs | ID | ||
| playbookInterfaceVersionNames | String |
PlaybookActivityArguments๐
Description: PlaybookActivityArguments defines the arguments used to find information about a Playbook used for Simplified Playbook Configuration. If the Playbook doesn't support a simplification type then an error is returned.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookID | ID | Playbook ID | |
| playbookInstanceId | ID | Playbook Instance ID |
PlaybookValidationError๐
Description: PlaybookValidationError represents an error detected on the playbook dsl (format/missing values/etc.)
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| message | String | ||
| lineno | Int |
PlaybookDSLValidation๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| errors | PlaybookValidationError | ||
| warnings | PlaybookValidationError | ||
| dsl | JSONObject |
PlaybookExecutionsSort๐
Description: PlaybookExecutionsOrder defines the fields that may be used to sort the PlaybookExecutions results
PaginationOrder๐
Description: PaginationOrder defines the fields that may be used to order the results in ascending or descending order. Note that ASCENDING is the default.
PlaybooksSortField๐
Description: PlaybooksSortField determines the sort order when retrieving a list of Playbooks. If no sort field is provided, the list will be sorted by NAME.
PlaybookInstancesSortField๐
Description: PlaybookInstancesSortField determines the sort order when retrieving a list of Playbook Inatancess. If no sort field is provided, the list will be sorted by NAME.
InstanceSortField๐
Description: InstanceSortFiled determines the sort order when retriveing a list of Playbook Instances. If no sort field is provided, the list will be sorted by NAME.
PlaybookExport๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| export | String |
PlaybookInterfaceExport๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| export | String |
Node๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
TDRUser๐
Description: Used by Nautilus to resolve the Red Cloak TDR user model.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
ConnectorCategory๐
Description: ConnectorCategory is a grouping/categorization of available connectors/playbooks (e.g. IP reputation services, DNS lookup, etc)
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
ConnectorInterface๐
Description: ConnectorInterface defines an abstract interface (set of actions) that could be implemented by multiple connectors
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
ConnectorVersion๐
Description: ConnectorVersion contains the versioned attributes of a connector interface
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
Connector๐
Description: Connector is an entry in catalog of available connectors (e.g. service now connector based on generic http connector service)
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
Connection๐
Description: Connection is a per-tenant configuration of a connector/actions
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
PlaybookTriggerType๐
Description: PlaybookTriggerType defines an available triggering mechanism
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| parameters | JSONSchema |
PlaybookTrigger๐
Description: PlaybookTrigger defines a set of attributes common to different trigger types
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tenant | String | ||
| type | PlaybookTriggerType | ||
| config | JSONObject | ||
| isPreApproved | Boolean | Designates that the action is a pre-approved Action | |
| approvedBy | String | If the trigger is pre-approved this field holds the user who created or set the pre-approval | |
| approvedBySubject | Subject | If the trigger is pre-approved this field holds the subject who created or set the pre-approval | |
| instance | PlaybookInstance | ||
| rn | RN | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookTriggerFilter๐
Description: PlaybookTriggerFilter defines an expression that is used by trigger-platform to filter out unwanted events. During event evaluation, if the event matches one of these filters, it's skipped and no triggers will be executed. While trigger-filters are global, the tenant will be used to designate the rule's tenant if the filter was created as a result of a circuit breaker event.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tenant | String | ||
| config | JSONObject | ||
| ruleId | ID | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookInterface๐
Description: PlaybookInterface defines a contract that can be implemented by one ore more playbooks
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| tenant | String | ||
| tags | String | ||
| head | PlaybookInterfaceVersion | ||
| versions | PlaybookInterfaceVersion | ||
| rn | RN | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookInterfaceVersion๐
Description: PlaybookInterfaceVersion maintains a change record of the playbook interface.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| version | SemVer | ||
| published | Time | ||
| publishedBy | String | ||
| publishedBySubject | Subject | ||
| interface | PlaybookInterface | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookInterfaceVersionPlaybookVersions๐
Description: PlaybookInterfacePlaybookVersions is a mapping of playbook interface version to playbook versions that implement that interface
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| interface | PlaybookInterfaceVersion | ||
| versions | PlaybookVersion |
PlaybookActivityList๐
Description: PlaybookActivityList is used to return the information about a Playbook and it's configured Activities and Activities that could be configured. This is specialized for Simplified Playbook Configuration where only one Playbook Instance designated "simplified" is possible. Also, the Playbook should use only one interface.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| activities | PlaybookActivity | Activities that have been configured or can be configured | |
| instance | PlaybookInstance | The Playbook Instance, if one is already configured. |
PlaybookActivity๐
Description: PlaybookActivity represents either an existing configured Activity (PlaybookInterfaceInstance) or one that could be configured. The PlaybookInterface can be found in the main Playbook.Head.Interfaces[0] (there should only be one). The PlaybookInterface will be the same for each entry.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterface | PlaybookInterface | Playbook Interface. This will be the same for all Activities in the same Playbook | |
| connection | Connection | Connections already configured with the Activity or available Connections for this Playbook. Platform Connections are omitted. | |
| connectorVersion | ConnectorVersion | Connector requirement for this Activity, if any. Multiple connector requirements are not supported for simplified playbooks and Platform Connectors are omitted. | |
| configured | Boolean | If configured is true, this is an existing Activity that has already been configured on the provided Instance | |
| interfaceVersion | PlaybookInterfaceVersion | The Playbook Interface Version configured for this instance. This will be the HEAD version of the Interface if not configured. | |
| playbookVersion | PlaybookVersion | The Playbook Version configured for this instance. This will be the HEAD version of the Playbook if not configured. Drafts are not supported. |
Playbook๐
Description: Playbook is an entry in catalog of available playbooks
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| tags | String | ||
| icon | String | ||
| tenant | String | ||
| head | PlaybookVersion | ||
| versions | PlaybookVersion | ||
| instances | PlaybookInstance | ||
| categories | ConnectorCategory | ||
| rn | RN | ||
| isGlobal | Boolean | ||
| simplifiedType | SimplifiedType | Playbook Type determines if this Playbook can be used by the UI for simplification of configuring Playbook Instances. |
|
| title | String | ||
| description | String | ||
| requires | ConnectorInterface | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
SimplifiedType๐
Description: SimplifiedType shows the intended use of the Playbook. This field is used to help simplify playbook configuration. Values other than None are typically used for configuring playbooks using the simplified playbook UI.
PlaybookVersion๐
Description: PlaybookVersion maintains a change record of the playbook definition. Multiple versions of a playbook could be in use concurrently
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| version | SemVer | ||
| published | Time | ||
| publishedBy | String | ||
| publishedBySubject | Subject | ||
| playbook | Playbook | ||
| instances | PlaybookInstance | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| connectors | ConnectorVersion | ||
| playbooks | PlaybookVersion | ||
| interfaces | PlaybookInterfaceVersion | ||
| triggerHints | PlaybookTriggerHint | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| dslSource | String | ||
| implements | PlaybookInterfaceVersion | ||
| dsl | JSONObject | ||
| rn | RN | ||
| deprecated | Boolean | ||
| deprecationReason | String | ||
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser | ||
| fastExecute | Boolean |
PlaybookVersionStrategy๐
Description: PlaybookVersionStrategy determines how an instance is upgraded when new versions are published
PlaybookInstance๐
Description: PlaybookInstance defines the configuration of a playbook in a user account
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tags | String | ||
| tenant | String | ||
| playbook | Playbook | ||
| version | PlaybookVersion | ||
| versionStrategy | PlaybookVersionStrategy | ||
| trigger | PlaybookTrigger | ||
| enabled | Boolean | ||
| inputs | JSONObject | ||
| retries | PlaybookRetries | ||
| connections | Connection | ||
| interfaces | PlaybookInterfaceInstance | ||
| schedules | PlaybookSchedule | ||
| rn | RN | ||
| simplified | Boolean | The simplified flag denotes that the instance was created from one of the Playbook Templates denoted to be part of the Playbook Simplification procedures. Only one Playbook Instance can exist per Playbook of this type for a tenant. The value is determined by a parameter in the createPlaybookInstance mutation. |
|
| updatedByUser | TDRUser | deprecated: do not use | |
| createdByUser | TDRUser |
PlaybookSchedule๐
Description: PlaybookSchedule defines the scheduling of a PlaybookInstance
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | ||
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| name | String | ||
| description | String | ||
| tenantId | String | Tenant that owns the playbook. Could be a Partner Tenant | |
| playbookInstance | PlaybookInstance | Playbook Instance to execute | |
| cron | String | cron definition of when to execute the playbook | |
| timeZone | String | IANA Time Zone for the schedule. Defaults to UTC | |
| paused | Boolean | Indicator showing if the schedule is paused in Temporal | |
| inputs | JSONObject | Input to the Playbooks | |
| childType | ChildTypeField | If a Partner Tenant owns the Playbook then childType shows how to run on child Tenant. Defaults to NONE | |
| childExpression | String | If childType is EXPRESSION then childExpression contains CEL expression that determines child Tenants. Some examples: tenant.services.exists(s, s.name in ['MDR']) tenant.services.exists(s, s.name == 'Taegis Native Agent') tenant.id in ['11772', '35959'] |
|
| rn | RN | Resource information | |
| nextRun | Time | Next scheduled execution |
PlaybookInterfaceInstance๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| interface | PlaybookInterface | ||
| version | PlaybookInterfaceVersion | ||
| playbook | PlaybookVersion | ||
| connections | Connection |
PlaybookRetries๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| initialInterval | Int | ||
| maximumInterval | Int | ||
| backoffCoefficient | Float | ||
| maximumRetries | Int | ||
| maximumDuration | Int | ||
| InitialInterval | Int | ||
| MaximumInterval | Int | ||
| BackoffCoefficient | Float | ||
| MaximumRetries | Int | ||
| MaximumDuration | Int |
Float๐
Description: The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
PlaybookObject๐
PlaybookState๐
PlaybookEvent๐
Description: PlaybookEvents represents a trace event withing the execution of the workflow
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | Int | ||
| object | PlaybookObject | ||
| state | PlaybookState | ||
| name | String | ||
| timestamp | Time | ||
| inputs | JSONObject | ||
| outputs | Any | ||
| reason | String | ||
| attempt | Int |
PlaybookExecution๐
Description: PlaybookExecution represents the state of a current playbook execution
Multi-Resolving Federation for this type is currently limited to the first 10 ids provided in the federation request. Any more than that and performance issues may arise.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| createdAt | Time | ||
| createdBy | String | ||
| createdBySubject | Subject | ||
| updatedAt | Time | Subject is not a promised field due to platform created executions not having a subject - these will appear as 'anonymous' in the createdBy field | |
| updatedBy | String | ||
| updatedBySubject | Subject | ||
| state | PlaybookState | Subject is not a promised field due to platform updated executions not having a subject - these will appear as 'anonymous' in the updatedBy field | |
| tenant | String | ||
| instance | PlaybookInstance | ||
| version | PlaybookVersion | ||
| inputs | JSONObject | ||
| outputs | Any | ||
| summary | String | ||
| runId | String | ||
| events | PlaybookEvent | ||
| executionTime | Int | ||
| parentExecution | ID | ||
| targetResource | String | Target Resource describes the platform resource context that this playbook execution was triggered from | |
| targetResourceTenant | String | Tenant where targetResource lives | |
| reason | String | Reason for action | |
| triggerCategory | String | Trigger Category denotes the category of the the trigger that was used to execute the playbook at that time | |
| triggerContext | String | Trigger Context denotes the context of the the trigger that was used to execute the playbook at that time | |
| rn | RN | Resource Information | |
| type | PlaybookExecutionType | deprecated: do not use | |
| updatedByUser | TDRUser | ||
| createdByEmail | String | ||
| createdByUser | TDRUser |
PlaybookExecutionType๐
Description: deprecated: do not use
PlaybookExecutions๐
Description: PlaybookExecutions represents a list of executions along with other metadata like pagination
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| executions | PlaybookExecution | ||
| nodes | PlaybookExecution | ||
| totalCount | Int |
PlaybookExecutionsV2๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| totalCount | Int | ||
| playbookExecutions | PlaybookExecution | ||
| pageInfo | PageInfo |
PageInfo๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| endCursor | String | ||
| hasNextPage | Boolean | ||
| startCursor | String | ||
| hasPreviousPage | Boolean |
PlaybookExecutionLog๐
Description: PlaybookExecutionLog represents a log entry from an executed playbook with it's children and status logs attached
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| taskID | Float | ||
| parentID | Float | ||
| message | JSONObject | ||
| children | Any | ||
| statusLogs | Any | ||
| createdAt | Time |
PlaybookResource๐
PlaybookQueueStatistics๐
Description: PlaybookQueueStatistics contains information about queued playbooks
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| maxMsgs | Float | ||
| maxBytes | Float | ||
| msgs | Float | ||
| bytes | Float | ||
| firstSeq | Float | ||
| lastSeq | Float | ||
| highMsgs | Float | ||
| normalMsgs | Float | ||
| executions | ID |
PlaybookTriggerHint๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| isProactiveResponse | Boolean | ||
| type | String | ||
| config | JSONObject | ||
| celHints | PlaybookCelHint |
PlaybookCelHint๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| expr | String |
PlaybooksQLResponse๐
Description: ConcreteSubject represents the underlying subject
PlaybooksQLResult๐
Description: Object types that can be returned by QL search queries (will add more as we need them)
PlaybooksQLPagination๐
Description: Pagination information for QL responses
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| nextCursor | String | Cursor for the next page, if any. Will be null when we are at the end of the result set | |
| previousCursor | String | Cursor for the previous page, if any. Will be null when we are at beginning of the result set | |
| cursor | String | The cursor for the current page. | |
| totalCount | Int | How many records are available for the given search criteria |
PlaybooksQLSearchResponse๐
Description: Response wrapper for Playbooks QL queries
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| data | PlaybooksQLResult | List of objects being returned, initially only playbook instances, but can be extended if we need to add more stuff (e.g. versions as 'main' type) | |
| pagination | PlaybooksQLPagination | Pagination data for the response above |
PlaybooksQLMapResponse๐
Description: Represents an aggregated or not graphql model response from a QL query
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| fields | String | Fields or columns being returned in this response | |
| data | Map | The actual response data, an object/map because the fields or columns are defined by the query (either by aggregation or by FIELDS) | |
| pagination | PlaybooksQLPagination | Pagination data if applicable, i.e. when the unstructured response is a search query with FIELDS |
Mutation๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| createPlaybook | Playbook | Create new playbook | input: CreatePlaybookInput |
| clonePlaybook | Playbook | Clone an existing playbook | input: ClonePlaybookInput |
| updatePlaybook | Playbook | Update playbook | input: UpdatePlaybookInput |
| deletePlaybook | Playbook | Delete playbook | input: DeletePlaybookInput |
| importPlaybookV2 | Playbook | Import Playbook from file | input: ImportPlaybookInput |
| importPlaybookResource | PlaybookResource | Import Playbook Resource from file | input: ImportPlaybookInput |
| deprecatePlaybook | Playbook | Deprecate playbook | input: DeprecatePlaybookInput |
| unDeprecatePlaybook | Playbook | Undeprecate playbook | input: UndeprecatePlaybookInput |
| executePlaybook | PlaybookExecution | Execute playbook with supplied parameters | playbookId: ID, parameters: JSONObject, targetResource: String |
| cancelPlaybookExecution | PlaybookExecution | Cancel one or more plabyook executions | input: CancelPlaybookExecutionInput |
| reexecutePlaybooks | PlaybookExecution | Re-execute a playbook | input: ReexecutePlaybooksInput |
| createPlaybookVersion | PlaybookVersion | Creates a new playbook version in draft mode | playbookId: ID, input: CreatePlaybookVersionInput |
| updatePlaybookVersion | PlaybookVersion | Update an existing draft playbook version | input: UpdatePlaybookVersionInput |
| publishPlaybookVersion | PlaybookVersion | Publishing a playbook version makes it immutable and sets it as the current head Deleting a published playbook version is not supported" |
input: PublishPlaybookVersionInput |
| deletePlaybookVersion | PlaybookVersion | Deletes the specified draft playbook version | input: DeletePlaybookVersionInput |
| deprecatePlaybookVersion | PlaybookVersion | Deprecate Playbook Version | input: DeprecatePlaybookVersionInput |
| unDeprecatePlaybookVersion | PlaybookVersion | Undeprecate Playbook Version | input: UndeprecatePlaybookVersionInput |
| createPlaybookInstance | PlaybookInstance | Create new playbook instance | playbookId: ID, instance: PlaybookInstanceInput |
| updatePlaybookInstanceV2 | PlaybookInstance | Update playbook instance This update, unlike updatePlaybookInstance, will not update fields that are not sent in the request. It is a PATCH not a PUT |
input: UpdatePlaybookInstanceInput |
| deletePlaybookInstance | PlaybookInstance | Delete playbook instance | playbookInstanceId: ID |
| updateResponseActionPreApproval | PlaybookInstance | Update the pre-approval status for all pro-active response actions in a tenant. Returns a list of Playbook Instances that were updated. | input: UpdatePreApprovalInput |
| createPlaybookExecution | PlaybookExecution | Log playbook trigger / execution status | input: PlaybookExecutionInput |
| executePlaybookInstanceV2 | PlaybookExecution | Execute playbook instance | input: ExecutePlaybookInstanceV2Input |
| playbookValidate | PlaybookValidationError | Validate Playbook or just the DSL | arguments: PlaybookValidationArguments |
| createPlaybookInterfaceVersion | PlaybookInterfaceVersion | Create PlaybookInterfaceVersion | playbookInterfaceId: ID, input: CreatePlaybookInterfaceVersionInput |
| updatePlaybookInterfaceVersion | PlaybookInterfaceVersion | Update PlaybookInterfaceVersion | input: UpdatePlaybookInterfaceVersionInput |
| deletePlaybookInterfaceVersion | PlaybookInterfaceVersion | Deletes the specified playbook interface version | input: DeletePlaybookInterfaceVersionInput |
| publishPlaybookInterfaceVersion | PlaybookInterfaceVersion | Publish a Playbook Interface Version | input: PublishPlaybookInterfaceVersionInput |
| createPlaybookInterface | PlaybookInterface | Create new playbook interface | input: CreatePlaybookInterfaceInput |
| updatePlaybookInterface | PlaybookInterface | Update playbook interface | input: UpdatePlaybookInterfaceInput |
| deletePlaybookInterface | PlaybookInterface | Delete the specified playbook interface | input: DeletePlaybookInterfaceInput |
| createPlaybookTriggerFilter | PlaybookTriggerFilter | Create a new trigger filter | input: CreatePlaybookTriggerFilterInput |
| updatePlaybookTriggerFilter | PlaybookTriggerFilter | Update an existing trigger filter | input: UpdatePlaybookTriggerFilterInput |
| deletePlaybookTriggerFilter | PlaybookTriggerFilter | Delete a trigger filter | input: DeletePlaybookTriggerFilterInput |
| createPlaybookSchedule | PlaybookSchedule | Create a Playbook Schedule | input: CreatePlaybookScheduleInput |
| updatePlaybookSchedule | PlaybookSchedule | Update a Playbook Schedule | input: UpdatePlaybookScheduleInput |
| pausePlaybookSchedule | PlaybookSchedule | Pause a Playbook Schedule | input: PausePlaybookScheduleInput |
| unpausePlaybookSchedule | PlaybookSchedule | Unpause a Playbook Schedule | input: PausePlaybookScheduleInput |
| deletePlaybookSchedule | PlaybookSchedule | Delete a Playbook Schedule | input: DeletePlaybookScheduleInput |
| updatePlaybookInstance | PlaybookInstance | playbookInstanceId: ID, instance: PlaybookInstanceInput | |
| setPlaybookInstanceState | PlaybookInstance | playbookInstanceId: ID, enabled: Boolean | |
| executePlaybookInstance | PlaybookExecution | playbookInstanceId: ID, parameters: JSONObject, targetResource: String | |
| playbookValidateDSL | PlaybookValidationError | arguments: PlaybookValidationArguments |
PlaybooksQLInput๐
Description: Input object for Taegis QL queries
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| ql | String | QL (CQL) query string | |
| cursor | String | Optional Cursor for pagination, get from the previous request. It represents a page and a record count | |
| count | Int | If present, and cursor is not present, use this as page size (otherwise the data in the cursor will be used). Be aware, this does not override HEAD or TAIL in the query |
ExecutePlaybookInstanceV2Input๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ID of the playbook instance to execute | |
| parameters | JSONObject | Parameters (inputs) to pass to the playbook instance to use for execution | |
| targetResource | String | Target Resource describes the platform resource context that this playbook execution was triggered from. IE: Alert ID, Investigation ID, Event ID, Asset ID, Entity ID, etc... |
|
| targetResourceTenant | String | Tenant where the targetResource lives - may be different than the playbook tenant | |
| reason | String | Reason for action | |
| investigationId | ID | investigationId is an optional field that is used to associate a proactive response action with an investigation. It should only be set if the execution is a proactive response action and the user triggering the action is a Secureworks user. |
CreatePlaybookInput๐
Description: CreatePlaybookInput defines the playbook fields that are required and/or available on creation of a playbook
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| tags | Tags | ||
| icon | String | ||
| categories | IDs | ||
| version | CreatePlaybookVersionInput | ||
| simplifiedType | SimplifiedType | ||
| isGlobal | Boolean |
UpdatePlaybookInput๐
Description: UpdatePlaybookInput defines the fields required and the mutable fields that can be used to update a playbook.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| tags | String | ||
| icon | String | ||
| categories | IDs | ||
| head | ID |
ClonePlaybookInput๐
Description: ClonePlaybookInput defines the fields required to clone a playbook
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | name of the playbook. The name cannot contain spaces and may be used as a reference in other playbooks. Once set, it cannot be changed. |
|
| playbookId | ID | playbookId is the id of the playbook to clone Deprecated: It is no longer required, only a versionId is needed. |
|
| versionId | ID | versionId is the id of the playbook version that should be cloned | |
| title | String | title is an optional field to define a display name for the playbook. If this is left nil then the name will be used for display. |
|
| isGlobal | Boolean | Deprecated: do not use |
DeletePlaybookInput๐
Description: DeletePlaybookInput defines the fields required to delete a playbook
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID |
ReexecutePlaybooksInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| executionIDs | ID |
ImportPlaybookInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| file | Upload | ||
| isGlobal | Boolean |
DeprecatePlaybookInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID | ||
| deprecationReason | String |
UndeprecatePlaybookInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookId | ID |
DeprecatePlaybookVersionInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| deprecationReason | String |
UndeprecatePlaybookVersionInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID |
CreatePlaybookVersionInput๐
Description: CreatePlaybookVersionInput defines the fields used to create a playbook version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| connectors | IDs | ||
| playbooks | IDs | ||
| triggerHints | PlaybookTriggerHintInput | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| dsl | YAMLObject | ||
| version | SemVer | ||
| implements | ID | ||
| interfaces | IDs | ||
| requires | IDs | ||
| fastExecute | Boolean |
UpdatePlaybookVersionInput๐
Description: UpdatePlaybookVersionInput defines the mutable fields of a playbook version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| connectors | IDs | ||
| playbooks | IDs | ||
| triggerHints | PlaybookTriggerHintInput | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| dsl | YAMLObject | ||
| version | SemVer | ||
| implements | ID | ||
| interfaces | IDs | ||
| requires | IDs | ||
| fastExecute | Boolean |
PublishPlaybookVersionInput๐
Description: PublishPlaybookVersionInput defines the fields required to publish a playbook version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID | ||
| version | SemVer |
DeletePlaybookVersionInput๐
Description: DeletePlaybookVersionInput defines the fields needed to delete a playbook version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookVersionId | ID |
PlaybookInstanceInput๐
Description: PlaybookInstanceInput defines the mutable fields of a playbook instance
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| tags | Tags | ||
| versionStrategy | PlaybookVersionStrategy | The desired strategy that should be followed when a playbook is updated or a new version is published. This field should be treated as if it was required (subsequent api versions will require it) but if not provided, it will default FollowMajorVersion or the existing strategy for the instance. |
|
| fixedVersion | ID | ||
| version | ID | The desired playbook version the instance should use. If not provided, it will default to the current head version of the playbook. If the versionStrategy is set to fixed, the version will not automatically update; for all other strategies, the version will automatically update based on the selected strategy when new playbooks are published. |
|
| trigger | PlaybookTriggerInput | ||
| enabled | Boolean | ||
| inputs | JSONObject | ||
| connections | IDs | ||
| interfaces | PlaybookInterfaceInstanceInput | ||
| simplified | Boolean | The simplified flag is passed in by the UI denoting that the Playbook Instance is being created from the simpilified UI and not the normal UI used to created Playbook Instances. This ensures that only one Playbook Instances is created for each Playbook used for simplified configuration. This flag is only used for the create call and otherwise defaults to False. |
UpdatePlaybookInstanceInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| name | String | ||
| description | String | ||
| tags | Tags | ||
| versionStrategy | PlaybookVersionStrategy | The desired strategy that should be followed when a playbook is updated or a new version is published. This field should be treated as if it was required (subsequent api versions will require it) but if not provided, it will default FollowMajorVersion or the existing strategy for the instance. |
|
| version | ID | The desired playbook version the instance should use. If not provided, it will default to the current head version of the playbook. If the versionStrategy is set to fixed, the version will not automatically update; for all other strategies, the version will automatically update based on the selected strategy when new playbooks are published. |
|
| trigger | UpdatePlaybookTriggerInput | ||
| enabled | Boolean | ||
| inputs | JSONObject | ||
| connections | IDs | ||
| interfaces | PlaybookInterfaceInstanceInput |
PlaybookTriggerHintInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| isProactiveResponse | Boolean | ||
| type | String | ||
| config | JSONObject |
PlaybookTriggerInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| tags | Tags | ||
| typeId | ID | ||
| config | JSONObject | ||
| isPreApproved | Boolean |
UpdatePlaybookTriggerInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| tags | Tags | ||
| typeId | ID | ||
| config | JSONObject | ||
| isPreApproved | Boolean |
PlaybookInterfaceInstanceInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| interface | ID | ||
| version | ID | ||
| playbook | ID | ||
| connections | IDs |
PlaybookExecutionLogLevel๐
PlaybookExecutionLogInput๐
Description: PlaybookExecutionLogInput defines logs to be recorded
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| level | PlaybookExecutionLogLevel | ||
| message | String | ||
| fields | JSONObject | ||
| error | String |
PlaybookExecutionInput๐
Description: PlaybookExecutionInput allows for an external trigger to create a playbook execution to record errors evaluating filter conditions
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| state | PlaybookState | ||
| inputs | JSONObject | ||
| logs | PlaybookExecutionLogInput | ||
| targetResource | String | ||
| targetResourceTenant | String |
Pagination๐
Description: Pagination defines the options for requesting specific pages and the number of results per page
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| page | Int | ||
| perPage | Int |
CreatePlaybookInterfaceVersionInput๐
Description: CreatePlaybookInterfaceVersionInput defines the fields used to create a playbook interface version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| version | SemVer |
UpdatePlaybookInterfaceVersionInput๐
Description: UpdatePlaybookInterfaceVersionInput defines the fields used to update a playbook interface version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| interfaceVersionId | ID | ||
| title | String | ||
| description | String | ||
| documentation | String | ||
| changeNotes | String | ||
| changeNotesMarkdown | String | ||
| inputs | JSONSchema | ||
| outputs | JSONSchema | ||
| version | SemVer |
DeletePlaybookInterfaceVersionInput๐
Description: DeletePlaybookInterfaceVersionInput defines the fields needed to delete a playbook interface version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionId | ID |
PublishPlaybookInterfaceVersionInput๐
Description: PublishPlaybookInterfaceVersionInput defines the fields required to publish a playbook interface version
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceVersionId | ID | ||
| version | SemVer |
CreatePlaybookInterfaceInput๐
Description: CreatePlaybookInterfaceInput defines the fields needed to create a playbook interface
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| tags | String | ||
| icon | String | ||
| version | CreatePlaybookInterfaceVersionInput |
UpdatePlaybookInterfaceInput๐
Description: UpdatePlaybookInterfaceInput defines the fields needed to update a playbook interface
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| interfaceId | ID | ||
| tags | String | ||
| icon | String | ||
| head | ID |
DeletePlaybookInterfaceInput๐
Description: DeletePlaybookInterfaceInput defines the fields needed to delete a playbook interface
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInterfaceId | ID |
QueryOptions๐
Description: QueryOptions provides the ability to override default query behavior
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| timestampAscending | Boolean | reversed default timestamp order of descending | |
| maxRows | Int | ||
| timestampField | String |
PlaybookStatistics๐
Description: Playbook Statistics
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| table | String | ||
| columns | String | ||
| rows | Any |
CancelPlaybookExecutionInput๐
Description: Cancel Playbook Executions
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| executionIDs | ID | ||
| instanceIDs | ID | ||
| startTime | Time | ||
| endTime | Time | ||
| clearQueue | Boolean | ||
| cancelExecutions | Boolean | ||
| reason | String | ||
| global | Boolean | ||
| query | String | ||
| skipAuditLogs | Boolean |
CreatePlaybookTriggerFilterInput๐
Description: Create Playbook Trigger
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | ||
| description | String | ||
| config | JSONObject | ||
| ruleId | ID |
UpdatePlaybookTriggerFilterInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | ||
| name | String | ||
| description | String | ||
| config | JSONObject | ||
| ruleId | String |
DeletePlaybookTriggerFilterInput๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
PlaybookScheduleArguments๐
Description: PlaybookScheduleArguments contains the parameters to retrieve a Playbook Schedule
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| scheduleId | ID |
PlaybookSchedulesArguments๐
Description: PlaybookSchedulesArguments holds the query parameters for listing a set of Playbook Schedules
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| sortBy | ScheduleSortField | ||
| orderBy | PaginationOrder | ||
| page | Int | ||
| perPage | Int |
ScheduleSortField๐
Description: InstanceSortFiled determines the sort order when retrieving a list of Playbook Schedules. If no sort field is provided, the list will be sorted by NAME.
PlaybookSchedulesResults๐
Description: PlaybookSchedulesResults contains the list of Playbook Schedules returned as a result of the Playbook Schedule Search
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| results | PlaybookSchedule | ||
| count | Int |
CreatePlaybookScheduleInput๐
Description: CreatePlaybookScheduleInput contains the parameters to create a new Playbook Schedule
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| name | String | Name of the Playbook schedule | |
| description | String | Playbook schedule description | |
| playbookInstance | ID | Playbook Instance to run when schedule is triggered | |
| cron | String | cron definition of schedule | |
| timeZone | String | IANA Time Zone for the schedule. Defaults to UTC | |
| paused | Boolean | Indication that the schedule is currently paused | |
| inputs | JSONObject | Playbook execution inputs | |
| childType | ChildTypeField | Indicates whether the Playbook execution is on the specified Tenant or child Tenants | |
| childExpression | String | Expression used to find child Tenants if childType is EXPRESSION |
UpdatePlaybookScheduleInput๐
Description: UpdatePlaybookScheduleInput contains the parameters to update an existing Playbook Schedule
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID | Schedule ID | |
| name | String | Name of the Playbook schedule | |
| description | String | Playbook schedule description | |
| playbookInstance | ID | Playbook Instance to run when schedule is triggered | |
| cron | String | cron definition of schedule | |
| timeZone | String | IANA Time Zone for the schedule. Defaults to UTC. Must be specified if the cron string is provided. Ignored otherwise. | |
| inputs | JSONObject | Playbook execution inputs | |
| childType | ChildTypeField | Indicates whether the Playbook execution is on the specified Tenant or child Tenants | |
| childExpression | String | Expression used to find child Tenants if childType is EXPRESSION |
ChildTypeField๐
Description: ChildTypeField defines the types allowed for locating child tenants when scheduling a Playbook to run on child tenants. If the tenant is not a Partner tenant, then NONE is the only possible value.
PausePlaybookScheduleInput๐
Description: PausePlaybookScheduleInput contains the parameters to pause or unpause a Playbook Schedule
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| scheduleId | ID | Schedule ID | |
| reason | String | Reason for pausing or unpausing the schedule |
DeletePlaybookScheduleInput๐
Description: DeletePlaybookScheduleInput contains the parameters to delete a Playbook Schedule
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| scheduleId | ID | Schedule ID |
Subscription๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookExecutionUpdates | PlaybookExecution | arguments: PlaybookExecutionUpdatesArguments |
PlaybookExecutionUpdatesArguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookExecutionIds | ID |
ReconcileInstanceVersionsArguments๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| playbookInstanceId | ID | ||
| playbookVersionId | ID |
UpdatePreApprovalInput๐
Description: UpdatePreApprovalInput contains the parameters for updating the pre-approved status of all proactive response actions for a tenant. The tenant is identified by the X-Tenant-Context header. All 'simplified' actions that are designated as proactive response actions will have the isPreApproved flag reset to the 'approved' value.
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| approved | Boolean | approved designates whether the pre-approval status should be enabled or disabled. The 'true' option isn't currently supported. Defaults to 'false' |
Subject๐
Fields๐
| Field | Type | Description | Arguments |
|---|---|---|---|
| id | ID |
Time๐
Description: Time implementation for this library.
JSONSchema๐
Description: JSON schema
JSONObject๐
Description: JSON payload
YAMLObject๐
Description: YAML payload
SemVer๐
Description: Semantic Version
Any๐
Description: interface
Tags๐
Description: list of tags
IDs๐
Description: list of IDs
Upload๐
Description: File to upload
RN๐
Description: resource information
Map๐
Description: map scalar