catocli 3.0.14__py3-none-any.whl → 3.0.22__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of catocli might be problematic. Click here for more details.
- catocli/Utils/clidriver.py +16 -8
- catocli/Utils/formatter_account_metrics.py +544 -0
- catocli/Utils/formatter_app_stats.py +184 -0
- catocli/Utils/formatter_app_stats_timeseries.py +377 -0
- catocli/Utils/formatter_events_timeseries.py +459 -0
- catocli/Utils/formatter_socket_port_metrics.py +189 -0
- catocli/Utils/formatter_socket_port_metrics_timeseries.py +339 -0
- catocli/Utils/formatter_utils.py +251 -0
- catocli/Utils/help_formatter.py +1 -1
- catocli/__init__.py +1 -1
- catocli/clisettings.json +37 -5
- catocli/parsers/custom/query_eventsFeed/README.md +94 -0
- catocli/parsers/custom/scim/README.md +346 -0
- catocli/parsers/custom/scim/scim_client.py +132 -26
- catocli/parsers/custom/scim/scim_commands.py +14 -56
- catocli/parsers/customParserApiClient.py +213 -65
- catocli/parsers/mutation_policy/__init__.py +405 -405
- catocli/parsers/mutation_site/__init__.py +15 -15
- catocli/parsers/mutation_sites/__init__.py +15 -15
- catocli/parsers/query_accountMetrics/README.md +99 -9
- catocli/parsers/query_accountMetrics/__init__.py +6 -0
- catocli/parsers/query_appStats/README.md +11 -11
- catocli/parsers/query_appStats/__init__.py +4 -2
- catocli/parsers/query_appStatsTimeSeries/README.md +10 -10
- catocli/parsers/query_appStatsTimeSeries/__init__.py +4 -2
- catocli/parsers/query_auditFeed/README.md +9 -9
- catocli/parsers/query_events/README.md +9 -9
- catocli/parsers/query_eventsTimeSeries/README.md +289 -9
- catocli/parsers/query_eventsTimeSeries/__init__.py +6 -0
- catocli/parsers/query_policy/__init__.py +42 -42
- catocli/parsers/query_socketPortMetrics/README.md +53 -9
- catocli/parsers/query_socketPortMetrics/__init__.py +6 -0
- catocli/parsers/query_socketPortMetricsTimeSeries/README.md +92 -9
- catocli/parsers/query_socketPortMetricsTimeSeries/__init__.py +4 -2
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/METADATA +1 -1
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/RECORD +187 -183
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/top_level.txt +0 -1
- models/mutation.policy.antiMalwareFileHash.addRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.addSection.json +103 -0
- models/mutation.policy.antiMalwareFileHash.createPolicyRevision.json +123 -0
- models/mutation.policy.antiMalwareFileHash.discardPolicyRevision.json +123 -0
- models/mutation.policy.antiMalwareFileHash.moveRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.moveSection.json +103 -0
- models/mutation.policy.antiMalwareFileHash.publishPolicyRevision.json +123 -0
- models/mutation.policy.antiMalwareFileHash.removeRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.removeSection.json +103 -0
- models/mutation.policy.antiMalwareFileHash.updatePolicy.json +123 -0
- models/mutation.policy.antiMalwareFileHash.updateRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.updateSection.json +103 -0
- models/mutation.policy.appTenantRestriction.addRule.json +20 -0
- models/mutation.policy.appTenantRestriction.addSection.json +103 -0
- models/mutation.policy.appTenantRestriction.createPolicyRevision.json +123 -0
- models/mutation.policy.appTenantRestriction.discardPolicyRevision.json +123 -0
- models/mutation.policy.appTenantRestriction.moveRule.json +20 -0
- models/mutation.policy.appTenantRestriction.moveSection.json +103 -0
- models/mutation.policy.appTenantRestriction.publishPolicyRevision.json +123 -0
- models/mutation.policy.appTenantRestriction.removeRule.json +20 -0
- models/mutation.policy.appTenantRestriction.removeSection.json +103 -0
- models/mutation.policy.appTenantRestriction.updatePolicy.json +123 -0
- models/mutation.policy.appTenantRestriction.updateRule.json +20 -0
- models/mutation.policy.appTenantRestriction.updateSection.json +103 -0
- models/mutation.policy.applicationControl.addRule.json +20 -0
- models/mutation.policy.applicationControl.addSection.json +103 -0
- models/mutation.policy.applicationControl.createPolicyRevision.json +123 -0
- models/mutation.policy.applicationControl.discardPolicyRevision.json +123 -0
- models/mutation.policy.applicationControl.moveRule.json +20 -0
- models/mutation.policy.applicationControl.moveSection.json +103 -0
- models/mutation.policy.applicationControl.publishPolicyRevision.json +123 -0
- models/mutation.policy.applicationControl.removeRule.json +20 -0
- models/mutation.policy.applicationControl.removeSection.json +103 -0
- models/mutation.policy.applicationControl.updatePolicy.json +123 -0
- models/mutation.policy.applicationControl.updateRule.json +20 -0
- models/mutation.policy.applicationControl.updateSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.addRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.addSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +123 -0
- models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +123 -0
- models/mutation.policy.dynamicIpAllocation.moveRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.moveSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +123 -0
- models/mutation.policy.dynamicIpAllocation.removeRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.removeSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.updatePolicy.json +123 -0
- models/mutation.policy.dynamicIpAllocation.updateRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.updateSection.json +103 -0
- models/mutation.policy.internetFirewall.addRule.json +20 -0
- models/mutation.policy.internetFirewall.addSection.json +103 -0
- models/mutation.policy.internetFirewall.createPolicyRevision.json +123 -0
- models/mutation.policy.internetFirewall.discardPolicyRevision.json +123 -0
- models/mutation.policy.internetFirewall.moveRule.json +20 -0
- models/mutation.policy.internetFirewall.moveSection.json +103 -0
- models/mutation.policy.internetFirewall.publishPolicyRevision.json +123 -0
- models/mutation.policy.internetFirewall.removeRule.json +20 -0
- models/mutation.policy.internetFirewall.removeSection.json +103 -0
- models/mutation.policy.internetFirewall.updatePolicy.json +123 -0
- models/mutation.policy.internetFirewall.updateRule.json +20 -0
- models/mutation.policy.internetFirewall.updateSection.json +103 -0
- models/mutation.policy.remotePortFwd.addRule.json +20 -0
- models/mutation.policy.remotePortFwd.addSection.json +103 -0
- models/mutation.policy.remotePortFwd.createPolicyRevision.json +123 -0
- models/mutation.policy.remotePortFwd.discardPolicyRevision.json +123 -0
- models/mutation.policy.remotePortFwd.moveRule.json +20 -0
- models/mutation.policy.remotePortFwd.moveSection.json +103 -0
- models/mutation.policy.remotePortFwd.publishPolicyRevision.json +123 -0
- models/mutation.policy.remotePortFwd.removeRule.json +20 -0
- models/mutation.policy.remotePortFwd.removeSection.json +103 -0
- models/mutation.policy.remotePortFwd.updatePolicy.json +123 -0
- models/mutation.policy.remotePortFwd.updateRule.json +20 -0
- models/mutation.policy.remotePortFwd.updateSection.json +103 -0
- models/mutation.policy.socketLan.addRule.json +40 -0
- models/mutation.policy.socketLan.addSection.json +103 -0
- models/mutation.policy.socketLan.createPolicyRevision.json +143 -0
- models/mutation.policy.socketLan.discardPolicyRevision.json +143 -0
- models/mutation.policy.socketLan.moveRule.json +40 -0
- models/mutation.policy.socketLan.moveSection.json +103 -0
- models/mutation.policy.socketLan.publishPolicyRevision.json +143 -0
- models/mutation.policy.socketLan.removeRule.json +40 -0
- models/mutation.policy.socketLan.removeSection.json +103 -0
- models/mutation.policy.socketLan.updatePolicy.json +143 -0
- models/mutation.policy.socketLan.updateRule.json +40 -0
- models/mutation.policy.socketLan.updateSection.json +103 -0
- models/mutation.policy.terminalServer.addRule.json +20 -0
- models/mutation.policy.terminalServer.addSection.json +103 -0
- models/mutation.policy.terminalServer.createPolicyRevision.json +123 -0
- models/mutation.policy.terminalServer.discardPolicyRevision.json +123 -0
- models/mutation.policy.terminalServer.moveRule.json +20 -0
- models/mutation.policy.terminalServer.moveSection.json +103 -0
- models/mutation.policy.terminalServer.publishPolicyRevision.json +123 -0
- models/mutation.policy.terminalServer.removeRule.json +20 -0
- models/mutation.policy.terminalServer.removeSection.json +103 -0
- models/mutation.policy.terminalServer.updatePolicy.json +123 -0
- models/mutation.policy.terminalServer.updateRule.json +20 -0
- models/mutation.policy.terminalServer.updateSection.json +103 -0
- models/mutation.policy.tlsInspect.addRule.json +20 -0
- models/mutation.policy.tlsInspect.addSection.json +103 -0
- models/mutation.policy.tlsInspect.createPolicyRevision.json +123 -0
- models/mutation.policy.tlsInspect.discardPolicyRevision.json +123 -0
- models/mutation.policy.tlsInspect.moveRule.json +20 -0
- models/mutation.policy.tlsInspect.moveSection.json +103 -0
- models/mutation.policy.tlsInspect.publishPolicyRevision.json +123 -0
- models/mutation.policy.tlsInspect.removeRule.json +20 -0
- models/mutation.policy.tlsInspect.removeSection.json +103 -0
- models/mutation.policy.tlsInspect.updatePolicy.json +123 -0
- models/mutation.policy.tlsInspect.updateRule.json +20 -0
- models/mutation.policy.tlsInspect.updateSection.json +103 -0
- models/mutation.policy.wanFirewall.addRule.json +20 -0
- models/mutation.policy.wanFirewall.addSection.json +103 -0
- models/mutation.policy.wanFirewall.createPolicyRevision.json +123 -0
- models/mutation.policy.wanFirewall.discardPolicyRevision.json +123 -0
- models/mutation.policy.wanFirewall.moveRule.json +20 -0
- models/mutation.policy.wanFirewall.moveSection.json +103 -0
- models/mutation.policy.wanFirewall.publishPolicyRevision.json +123 -0
- models/mutation.policy.wanFirewall.removeRule.json +20 -0
- models/mutation.policy.wanFirewall.removeSection.json +103 -0
- models/mutation.policy.wanFirewall.updatePolicy.json +123 -0
- models/mutation.policy.wanFirewall.updateRule.json +20 -0
- models/mutation.policy.wanFirewall.updateSection.json +103 -0
- models/mutation.policy.wanNetwork.addRule.json +20 -0
- models/mutation.policy.wanNetwork.addSection.json +103 -0
- models/mutation.policy.wanNetwork.createPolicyRevision.json +123 -0
- models/mutation.policy.wanNetwork.discardPolicyRevision.json +123 -0
- models/mutation.policy.wanNetwork.moveRule.json +20 -0
- models/mutation.policy.wanNetwork.moveSection.json +103 -0
- models/mutation.policy.wanNetwork.publishPolicyRevision.json +123 -0
- models/mutation.policy.wanNetwork.removeRule.json +20 -0
- models/mutation.policy.wanNetwork.removeSection.json +103 -0
- models/mutation.policy.wanNetwork.updatePolicy.json +123 -0
- models/mutation.policy.wanNetwork.updateRule.json +20 -0
- models/mutation.policy.wanNetwork.updateSection.json +103 -0
- models/mutation.xdr.analystFeedback.json +822 -87
- models/query.policy.antiMalwareFileHash.policy.json +123 -0
- models/query.policy.appTenantRestriction.policy.json +123 -0
- models/query.policy.applicationControl.policy.json +123 -0
- models/query.policy.dynamicIpAllocation.policy.json +123 -0
- models/query.policy.internetFirewall.policy.json +123 -0
- models/query.policy.remotePortFwd.policy.json +123 -0
- models/query.policy.socketLan.policy.json +143 -0
- models/query.policy.terminalServer.policy.json +123 -0
- models/query.policy.tlsInspect.policy.json +123 -0
- models/query.policy.wanFirewall.policy.json +123 -0
- models/query.policy.wanNetwork.policy.json +123 -0
- models/query.xdr.stories.json +822 -87
- models/query.xdr.story.json +822 -87
- schema/catolib.py +34 -17
- catocli/Utils/csv_formatter.py +0 -663
- scripts/catolib.py +0 -62
- scripts/export_if_rules_to_json.py +0 -188
- scripts/export_wf_rules_to_json.py +0 -111
- scripts/import_wf_rules_to_tfstate.py +0 -331
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/WHEEL +0 -0
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/entry_points.txt +0 -0
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/licenses/LICENSE +0 -0
|
@@ -3805,6 +3805,26 @@
|
|
|
3805
3805
|
"description": "The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.",
|
|
3806
3806
|
"enumValues": null,
|
|
3807
3807
|
"fields": {
|
|
3808
|
+
"action": {
|
|
3809
|
+
"args": {},
|
|
3810
|
+
"deprecationReason": null,
|
|
3811
|
+
"description": null,
|
|
3812
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___action",
|
|
3813
|
+
"isDeprecated": false,
|
|
3814
|
+
"name": "action",
|
|
3815
|
+
"path": "analystFeedback.story.incident.alerts.resources.action",
|
|
3816
|
+
"requestStr": "$action:String ",
|
|
3817
|
+
"required": false,
|
|
3818
|
+
"responseStr": "action:$action ",
|
|
3819
|
+
"type": {
|
|
3820
|
+
"kind": [
|
|
3821
|
+
"SCALAR"
|
|
3822
|
+
],
|
|
3823
|
+
"name": "String",
|
|
3824
|
+
"non_null": false
|
|
3825
|
+
},
|
|
3826
|
+
"varName": "action"
|
|
3827
|
+
},
|
|
3808
3828
|
"createdDateTime": {
|
|
3809
3829
|
"args": {},
|
|
3810
3830
|
"deprecationReason": null,
|
|
@@ -5387,7 +5407,546 @@
|
|
|
5387
5407
|
"name": "String",
|
|
5388
5408
|
"non_null": false
|
|
5389
5409
|
},
|
|
5390
|
-
"varName": "tags"
|
|
5410
|
+
"varName": "tags"
|
|
5411
|
+
},
|
|
5412
|
+
"verdict": {
|
|
5413
|
+
"args": {},
|
|
5414
|
+
"deprecationReason": null,
|
|
5415
|
+
"description": null,
|
|
5416
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___verdict",
|
|
5417
|
+
"isDeprecated": false,
|
|
5418
|
+
"name": "verdict",
|
|
5419
|
+
"path": "analystFeedback.story.incident.alerts.resources.verdict",
|
|
5420
|
+
"requestStr": "$verdict:MsResourceVerdictEnum ",
|
|
5421
|
+
"required": false,
|
|
5422
|
+
"responseStr": "verdict:$verdict ",
|
|
5423
|
+
"type": {
|
|
5424
|
+
"definition": {
|
|
5425
|
+
"description": null,
|
|
5426
|
+
"enumValues": [
|
|
5427
|
+
{
|
|
5428
|
+
"deprecationReason": null,
|
|
5429
|
+
"description": null,
|
|
5430
|
+
"isDeprecated": false,
|
|
5431
|
+
"name": "Suspicious"
|
|
5432
|
+
},
|
|
5433
|
+
{
|
|
5434
|
+
"deprecationReason": null,
|
|
5435
|
+
"description": null,
|
|
5436
|
+
"isDeprecated": false,
|
|
5437
|
+
"name": "Malicious"
|
|
5438
|
+
},
|
|
5439
|
+
{
|
|
5440
|
+
"deprecationReason": null,
|
|
5441
|
+
"description": null,
|
|
5442
|
+
"isDeprecated": false,
|
|
5443
|
+
"name": "Informational"
|
|
5444
|
+
},
|
|
5445
|
+
{
|
|
5446
|
+
"deprecationReason": null,
|
|
5447
|
+
"description": null,
|
|
5448
|
+
"isDeprecated": false,
|
|
5449
|
+
"name": "Benign"
|
|
5450
|
+
}
|
|
5451
|
+
],
|
|
5452
|
+
"fields": null,
|
|
5453
|
+
"inputFields": null,
|
|
5454
|
+
"interfaces": null,
|
|
5455
|
+
"kind": "ENUM",
|
|
5456
|
+
"name": "MsResourceVerdictEnum",
|
|
5457
|
+
"possibleTypes": null
|
|
5458
|
+
},
|
|
5459
|
+
"indexType": "enum",
|
|
5460
|
+
"kind": [
|
|
5461
|
+
"ENUM"
|
|
5462
|
+
],
|
|
5463
|
+
"name": "MsResourceVerdictEnum",
|
|
5464
|
+
"non_null": false
|
|
5465
|
+
},
|
|
5466
|
+
"varName": "verdict"
|
|
5467
|
+
}
|
|
5468
|
+
},
|
|
5469
|
+
"inputFields": null,
|
|
5470
|
+
"interfaces": [
|
|
5471
|
+
{
|
|
5472
|
+
"kind": "INTERFACE",
|
|
5473
|
+
"name": "FileResource",
|
|
5474
|
+
"ofType": null
|
|
5475
|
+
},
|
|
5476
|
+
{
|
|
5477
|
+
"kind": "INTERFACE",
|
|
5478
|
+
"name": "MicrosoftEndpointResource",
|
|
5479
|
+
"ofType": null
|
|
5480
|
+
},
|
|
5481
|
+
{
|
|
5482
|
+
"kind": "INTERFACE",
|
|
5483
|
+
"name": "EndpointResource",
|
|
5484
|
+
"ofType": null
|
|
5485
|
+
}
|
|
5486
|
+
],
|
|
5487
|
+
"kind": "OBJECT",
|
|
5488
|
+
"name": "MicrosoftFileResource",
|
|
5489
|
+
"ofType": null,
|
|
5490
|
+
"possibleTypes": null
|
|
5491
|
+
},
|
|
5492
|
+
{
|
|
5493
|
+
"description": "The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
|
|
5494
|
+
"enumValues": null,
|
|
5495
|
+
"fields": {
|
|
5496
|
+
"createdDateTime": {
|
|
5497
|
+
"args": {},
|
|
5498
|
+
"deprecationReason": null,
|
|
5499
|
+
"description": null,
|
|
5500
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___createdDateTime",
|
|
5501
|
+
"isDeprecated": false,
|
|
5502
|
+
"name": "createdDateTime",
|
|
5503
|
+
"path": "analystFeedback.story.incident.alerts.resources.createdDateTime",
|
|
5504
|
+
"requestStr": "$createdDateTime:DateTime ",
|
|
5505
|
+
"required": false,
|
|
5506
|
+
"responseStr": "createdDateTime:$createdDateTime ",
|
|
5507
|
+
"type": {
|
|
5508
|
+
"kind": [
|
|
5509
|
+
"SCALAR"
|
|
5510
|
+
],
|
|
5511
|
+
"name": "DateTime",
|
|
5512
|
+
"non_null": false
|
|
5513
|
+
},
|
|
5514
|
+
"varName": "createdDateTime"
|
|
5515
|
+
},
|
|
5516
|
+
"hive": {
|
|
5517
|
+
"args": {},
|
|
5518
|
+
"deprecationReason": null,
|
|
5519
|
+
"description": null,
|
|
5520
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___hive",
|
|
5521
|
+
"isDeprecated": false,
|
|
5522
|
+
"name": "hive",
|
|
5523
|
+
"path": "analystFeedback.story.incident.alerts.resources.hive",
|
|
5524
|
+
"requestStr": "$hive:String ",
|
|
5525
|
+
"required": false,
|
|
5526
|
+
"responseStr": "hive:$hive ",
|
|
5527
|
+
"type": {
|
|
5528
|
+
"kind": [
|
|
5529
|
+
"SCALAR"
|
|
5530
|
+
],
|
|
5531
|
+
"name": "String",
|
|
5532
|
+
"non_null": false
|
|
5533
|
+
},
|
|
5534
|
+
"varName": "hive"
|
|
5535
|
+
},
|
|
5536
|
+
"id": {
|
|
5537
|
+
"args": {},
|
|
5538
|
+
"deprecationReason": null,
|
|
5539
|
+
"description": null,
|
|
5540
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___id",
|
|
5541
|
+
"isDeprecated": false,
|
|
5542
|
+
"name": "id",
|
|
5543
|
+
"path": "analystFeedback.story.incident.alerts.resources.id",
|
|
5544
|
+
"requestStr": "$id:ID! ",
|
|
5545
|
+
"required": true,
|
|
5546
|
+
"responseStr": "id:$id ",
|
|
5547
|
+
"type": {
|
|
5548
|
+
"kind": [
|
|
5549
|
+
"NON_NULL",
|
|
5550
|
+
"SCALAR"
|
|
5551
|
+
],
|
|
5552
|
+
"name": "ID",
|
|
5553
|
+
"non_null": false
|
|
5554
|
+
},
|
|
5555
|
+
"varName": "id"
|
|
5556
|
+
},
|
|
5557
|
+
"key": {
|
|
5558
|
+
"args": {},
|
|
5559
|
+
"deprecationReason": null,
|
|
5560
|
+
"description": null,
|
|
5561
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___key",
|
|
5562
|
+
"isDeprecated": false,
|
|
5563
|
+
"name": "key",
|
|
5564
|
+
"path": "analystFeedback.story.incident.alerts.resources.key",
|
|
5565
|
+
"requestStr": "$key:String ",
|
|
5566
|
+
"required": false,
|
|
5567
|
+
"responseStr": "key:$key ",
|
|
5568
|
+
"type": {
|
|
5569
|
+
"kind": [
|
|
5570
|
+
"SCALAR"
|
|
5571
|
+
],
|
|
5572
|
+
"name": "String",
|
|
5573
|
+
"non_null": false
|
|
5574
|
+
},
|
|
5575
|
+
"varName": "key"
|
|
5576
|
+
},
|
|
5577
|
+
"remediationStatus": {
|
|
5578
|
+
"args": {},
|
|
5579
|
+
"deprecationReason": null,
|
|
5580
|
+
"description": null,
|
|
5581
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___remediationStatus",
|
|
5582
|
+
"isDeprecated": false,
|
|
5583
|
+
"name": "remediationStatus",
|
|
5584
|
+
"path": "analystFeedback.story.incident.alerts.resources.remediationStatus",
|
|
5585
|
+
"requestStr": "$remediationStatus:RemediationStatusEnum ",
|
|
5586
|
+
"required": false,
|
|
5587
|
+
"responseStr": "remediationStatus:$remediationStatus ",
|
|
5588
|
+
"type": {
|
|
5589
|
+
"definition": {
|
|
5590
|
+
"description": null,
|
|
5591
|
+
"enumValues": [
|
|
5592
|
+
{
|
|
5593
|
+
"deprecationReason": null,
|
|
5594
|
+
"description": null,
|
|
5595
|
+
"isDeprecated": false,
|
|
5596
|
+
"name": "REMEDIATED"
|
|
5597
|
+
},
|
|
5598
|
+
{
|
|
5599
|
+
"deprecationReason": null,
|
|
5600
|
+
"description": null,
|
|
5601
|
+
"isDeprecated": false,
|
|
5602
|
+
"name": "PREVENTED"
|
|
5603
|
+
},
|
|
5604
|
+
{
|
|
5605
|
+
"deprecationReason": null,
|
|
5606
|
+
"description": null,
|
|
5607
|
+
"isDeprecated": false,
|
|
5608
|
+
"name": "BLOCKED"
|
|
5609
|
+
},
|
|
5610
|
+
{
|
|
5611
|
+
"deprecationReason": null,
|
|
5612
|
+
"description": null,
|
|
5613
|
+
"isDeprecated": false,
|
|
5614
|
+
"name": "NOT_FOUND"
|
|
5615
|
+
},
|
|
5616
|
+
{
|
|
5617
|
+
"deprecationReason": null,
|
|
5618
|
+
"description": null,
|
|
5619
|
+
"isDeprecated": false,
|
|
5620
|
+
"name": "SCAN_FAILED"
|
|
5621
|
+
},
|
|
5622
|
+
{
|
|
5623
|
+
"deprecationReason": null,
|
|
5624
|
+
"description": null,
|
|
5625
|
+
"isDeprecated": false,
|
|
5626
|
+
"name": "CLEAN"
|
|
5627
|
+
},
|
|
5628
|
+
{
|
|
5629
|
+
"deprecationReason": null,
|
|
5630
|
+
"description": null,
|
|
5631
|
+
"isDeprecated": false,
|
|
5632
|
+
"name": "DISINFECTED"
|
|
5633
|
+
},
|
|
5634
|
+
{
|
|
5635
|
+
"deprecationReason": null,
|
|
5636
|
+
"description": null,
|
|
5637
|
+
"isDeprecated": false,
|
|
5638
|
+
"name": "INFECTED"
|
|
5639
|
+
},
|
|
5640
|
+
{
|
|
5641
|
+
"deprecationReason": null,
|
|
5642
|
+
"description": null,
|
|
5643
|
+
"isDeprecated": false,
|
|
5644
|
+
"name": "SUSPICIOUS"
|
|
5645
|
+
},
|
|
5646
|
+
{
|
|
5647
|
+
"deprecationReason": null,
|
|
5648
|
+
"description": null,
|
|
5649
|
+
"isDeprecated": false,
|
|
5650
|
+
"name": "DELETED"
|
|
5651
|
+
},
|
|
5652
|
+
{
|
|
5653
|
+
"deprecationReason": null,
|
|
5654
|
+
"description": null,
|
|
5655
|
+
"isDeprecated": false,
|
|
5656
|
+
"name": "MOVED"
|
|
5657
|
+
},
|
|
5658
|
+
{
|
|
5659
|
+
"deprecationReason": null,
|
|
5660
|
+
"description": null,
|
|
5661
|
+
"isDeprecated": false,
|
|
5662
|
+
"name": "UNKNOWN"
|
|
5663
|
+
},
|
|
5664
|
+
{
|
|
5665
|
+
"deprecationReason": null,
|
|
5666
|
+
"description": null,
|
|
5667
|
+
"isDeprecated": false,
|
|
5668
|
+
"name": "DELETED_REBOOT"
|
|
5669
|
+
},
|
|
5670
|
+
{
|
|
5671
|
+
"deprecationReason": null,
|
|
5672
|
+
"description": null,
|
|
5673
|
+
"isDeprecated": false,
|
|
5674
|
+
"name": "PASSWORD_PROTECTED"
|
|
5675
|
+
},
|
|
5676
|
+
{
|
|
5677
|
+
"deprecationReason": null,
|
|
5678
|
+
"description": null,
|
|
5679
|
+
"isDeprecated": false,
|
|
5680
|
+
"name": "MOVED_REBOOT"
|
|
5681
|
+
},
|
|
5682
|
+
{
|
|
5683
|
+
"deprecationReason": null,
|
|
5684
|
+
"description": null,
|
|
5685
|
+
"isDeprecated": false,
|
|
5686
|
+
"name": "NOT_STARTED"
|
|
5687
|
+
},
|
|
5688
|
+
{
|
|
5689
|
+
"deprecationReason": null,
|
|
5690
|
+
"description": null,
|
|
5691
|
+
"isDeprecated": false,
|
|
5692
|
+
"name": "SUCCESS"
|
|
5693
|
+
},
|
|
5694
|
+
{
|
|
5695
|
+
"deprecationReason": null,
|
|
5696
|
+
"description": null,
|
|
5697
|
+
"isDeprecated": false,
|
|
5698
|
+
"name": "REBOOT_REQUIRED"
|
|
5699
|
+
},
|
|
5700
|
+
{
|
|
5701
|
+
"deprecationReason": null,
|
|
5702
|
+
"description": null,
|
|
5703
|
+
"isDeprecated": false,
|
|
5704
|
+
"name": "DISABLED"
|
|
5705
|
+
},
|
|
5706
|
+
{
|
|
5707
|
+
"deprecationReason": null,
|
|
5708
|
+
"description": null,
|
|
5709
|
+
"isDeprecated": false,
|
|
5710
|
+
"name": "DISINFECT_FAILED"
|
|
5711
|
+
}
|
|
5712
|
+
],
|
|
5713
|
+
"fields": null,
|
|
5714
|
+
"inputFields": null,
|
|
5715
|
+
"interfaces": null,
|
|
5716
|
+
"kind": "ENUM",
|
|
5717
|
+
"name": "RemediationStatusEnum",
|
|
5718
|
+
"possibleTypes": null
|
|
5719
|
+
},
|
|
5720
|
+
"indexType": "enum",
|
|
5721
|
+
"kind": [
|
|
5722
|
+
"ENUM"
|
|
5723
|
+
],
|
|
5724
|
+
"name": "RemediationStatusEnum",
|
|
5725
|
+
"non_null": false
|
|
5726
|
+
},
|
|
5727
|
+
"varName": "remediationStatus"
|
|
5728
|
+
},
|
|
5729
|
+
"remediationStatusDetails": {
|
|
5730
|
+
"args": {},
|
|
5731
|
+
"deprecationReason": null,
|
|
5732
|
+
"description": null,
|
|
5733
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___remediationStatusDetails",
|
|
5734
|
+
"isDeprecated": false,
|
|
5735
|
+
"name": "remediationStatusDetails",
|
|
5736
|
+
"path": "analystFeedback.story.incident.alerts.resources.remediationStatusDetails",
|
|
5737
|
+
"requestStr": "$remediationStatusDetails:String ",
|
|
5738
|
+
"required": false,
|
|
5739
|
+
"responseStr": "remediationStatusDetails:$remediationStatusDetails ",
|
|
5740
|
+
"type": {
|
|
5741
|
+
"kind": [
|
|
5742
|
+
"SCALAR"
|
|
5743
|
+
],
|
|
5744
|
+
"name": "String",
|
|
5745
|
+
"non_null": false
|
|
5746
|
+
},
|
|
5747
|
+
"varName": "remediationStatusDetails"
|
|
5748
|
+
},
|
|
5749
|
+
"roles": {
|
|
5750
|
+
"args": {},
|
|
5751
|
+
"deprecationReason": null,
|
|
5752
|
+
"description": null,
|
|
5753
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___roles",
|
|
5754
|
+
"isDeprecated": false,
|
|
5755
|
+
"name": "roles",
|
|
5756
|
+
"path": "analystFeedback.story.incident.alerts.resources.roles",
|
|
5757
|
+
"requestStr": "$roles:[ResourceRoleEnum]! ",
|
|
5758
|
+
"required": true,
|
|
5759
|
+
"responseStr": "roles:$roles ",
|
|
5760
|
+
"type": {
|
|
5761
|
+
"definition": {
|
|
5762
|
+
"description": null,
|
|
5763
|
+
"enumValues": [
|
|
5764
|
+
{
|
|
5765
|
+
"deprecationReason": null,
|
|
5766
|
+
"description": null,
|
|
5767
|
+
"isDeprecated": false,
|
|
5768
|
+
"name": "CONTEXTUAL"
|
|
5769
|
+
},
|
|
5770
|
+
{
|
|
5771
|
+
"deprecationReason": null,
|
|
5772
|
+
"description": null,
|
|
5773
|
+
"isDeprecated": false,
|
|
5774
|
+
"name": "SCANNED"
|
|
5775
|
+
},
|
|
5776
|
+
{
|
|
5777
|
+
"deprecationReason": null,
|
|
5778
|
+
"description": null,
|
|
5779
|
+
"isDeprecated": false,
|
|
5780
|
+
"name": "SOURCE"
|
|
5781
|
+
},
|
|
5782
|
+
{
|
|
5783
|
+
"deprecationReason": null,
|
|
5784
|
+
"description": null,
|
|
5785
|
+
"isDeprecated": false,
|
|
5786
|
+
"name": "DESTINATION"
|
|
5787
|
+
},
|
|
5788
|
+
{
|
|
5789
|
+
"deprecationReason": null,
|
|
5790
|
+
"description": null,
|
|
5791
|
+
"isDeprecated": false,
|
|
5792
|
+
"name": "CREATED"
|
|
5793
|
+
},
|
|
5794
|
+
{
|
|
5795
|
+
"deprecationReason": null,
|
|
5796
|
+
"description": null,
|
|
5797
|
+
"isDeprecated": false,
|
|
5798
|
+
"name": "ADDED"
|
|
5799
|
+
},
|
|
5800
|
+
{
|
|
5801
|
+
"deprecationReason": null,
|
|
5802
|
+
"description": null,
|
|
5803
|
+
"isDeprecated": false,
|
|
5804
|
+
"name": "COMPROMISED"
|
|
5805
|
+
},
|
|
5806
|
+
{
|
|
5807
|
+
"deprecationReason": null,
|
|
5808
|
+
"description": null,
|
|
5809
|
+
"isDeprecated": false,
|
|
5810
|
+
"name": "EDITED"
|
|
5811
|
+
},
|
|
5812
|
+
{
|
|
5813
|
+
"deprecationReason": null,
|
|
5814
|
+
"description": null,
|
|
5815
|
+
"isDeprecated": false,
|
|
5816
|
+
"name": "ATTACKED"
|
|
5817
|
+
},
|
|
5818
|
+
{
|
|
5819
|
+
"deprecationReason": null,
|
|
5820
|
+
"description": null,
|
|
5821
|
+
"isDeprecated": false,
|
|
5822
|
+
"name": "ATTACKER"
|
|
5823
|
+
},
|
|
5824
|
+
{
|
|
5825
|
+
"deprecationReason": null,
|
|
5826
|
+
"description": null,
|
|
5827
|
+
"isDeprecated": false,
|
|
5828
|
+
"name": "COMMAND_AND_CONTROL"
|
|
5829
|
+
},
|
|
5830
|
+
{
|
|
5831
|
+
"deprecationReason": null,
|
|
5832
|
+
"description": null,
|
|
5833
|
+
"isDeprecated": false,
|
|
5834
|
+
"name": "LOADED"
|
|
5835
|
+
},
|
|
5836
|
+
{
|
|
5837
|
+
"deprecationReason": null,
|
|
5838
|
+
"description": null,
|
|
5839
|
+
"isDeprecated": false,
|
|
5840
|
+
"name": "SUSPICIOUS"
|
|
5841
|
+
},
|
|
5842
|
+
{
|
|
5843
|
+
"deprecationReason": null,
|
|
5844
|
+
"description": null,
|
|
5845
|
+
"isDeprecated": false,
|
|
5846
|
+
"name": "POLICY_VIOLATOR"
|
|
5847
|
+
}
|
|
5848
|
+
],
|
|
5849
|
+
"fields": null,
|
|
5850
|
+
"inputFields": null,
|
|
5851
|
+
"interfaces": null,
|
|
5852
|
+
"kind": "ENUM",
|
|
5853
|
+
"name": "ResourceRoleEnum",
|
|
5854
|
+
"possibleTypes": null
|
|
5855
|
+
},
|
|
5856
|
+
"indexType": "enum",
|
|
5857
|
+
"kind": [
|
|
5858
|
+
"NON_NULL",
|
|
5859
|
+
"LIST",
|
|
5860
|
+
"NON_NULL",
|
|
5861
|
+
"ENUM"
|
|
5862
|
+
],
|
|
5863
|
+
"name": "ResourceRoleEnum",
|
|
5864
|
+
"non_null": false
|
|
5865
|
+
},
|
|
5866
|
+
"varName": "roles"
|
|
5867
|
+
},
|
|
5868
|
+
"tags": {
|
|
5869
|
+
"args": {},
|
|
5870
|
+
"deprecationReason": null,
|
|
5871
|
+
"description": null,
|
|
5872
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___tags",
|
|
5873
|
+
"isDeprecated": false,
|
|
5874
|
+
"name": "tags",
|
|
5875
|
+
"path": "analystFeedback.story.incident.alerts.resources.tags",
|
|
5876
|
+
"requestStr": "$tags:[String]! ",
|
|
5877
|
+
"required": true,
|
|
5878
|
+
"responseStr": "tags:$tags ",
|
|
5879
|
+
"type": {
|
|
5880
|
+
"kind": [
|
|
5881
|
+
"NON_NULL",
|
|
5882
|
+
"LIST",
|
|
5883
|
+
"NON_NULL",
|
|
5884
|
+
"SCALAR"
|
|
5885
|
+
],
|
|
5886
|
+
"name": "String",
|
|
5887
|
+
"non_null": false
|
|
5888
|
+
},
|
|
5889
|
+
"varName": "tags"
|
|
5890
|
+
},
|
|
5891
|
+
"value": {
|
|
5892
|
+
"args": {},
|
|
5893
|
+
"deprecationReason": null,
|
|
5894
|
+
"description": null,
|
|
5895
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___value",
|
|
5896
|
+
"isDeprecated": false,
|
|
5897
|
+
"name": "value",
|
|
5898
|
+
"path": "analystFeedback.story.incident.alerts.resources.value",
|
|
5899
|
+
"requestStr": "$value:String ",
|
|
5900
|
+
"required": false,
|
|
5901
|
+
"responseStr": "value:$value ",
|
|
5902
|
+
"type": {
|
|
5903
|
+
"kind": [
|
|
5904
|
+
"SCALAR"
|
|
5905
|
+
],
|
|
5906
|
+
"name": "String",
|
|
5907
|
+
"non_null": false
|
|
5908
|
+
},
|
|
5909
|
+
"varName": "value"
|
|
5910
|
+
},
|
|
5911
|
+
"valueName": {
|
|
5912
|
+
"args": {},
|
|
5913
|
+
"deprecationReason": null,
|
|
5914
|
+
"description": null,
|
|
5915
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___valueName",
|
|
5916
|
+
"isDeprecated": false,
|
|
5917
|
+
"name": "valueName",
|
|
5918
|
+
"path": "analystFeedback.story.incident.alerts.resources.valueName",
|
|
5919
|
+
"requestStr": "$valueName:String ",
|
|
5920
|
+
"required": false,
|
|
5921
|
+
"responseStr": "valueName:$valueName ",
|
|
5922
|
+
"type": {
|
|
5923
|
+
"kind": [
|
|
5924
|
+
"SCALAR"
|
|
5925
|
+
],
|
|
5926
|
+
"name": "String",
|
|
5927
|
+
"non_null": false
|
|
5928
|
+
},
|
|
5929
|
+
"varName": "valueName"
|
|
5930
|
+
},
|
|
5931
|
+
"valueType": {
|
|
5932
|
+
"args": {},
|
|
5933
|
+
"deprecationReason": null,
|
|
5934
|
+
"description": null,
|
|
5935
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___valueType",
|
|
5936
|
+
"isDeprecated": false,
|
|
5937
|
+
"name": "valueType",
|
|
5938
|
+
"path": "analystFeedback.story.incident.alerts.resources.valueType",
|
|
5939
|
+
"requestStr": "$valueType:String ",
|
|
5940
|
+
"required": false,
|
|
5941
|
+
"responseStr": "valueType:$valueType ",
|
|
5942
|
+
"type": {
|
|
5943
|
+
"kind": [
|
|
5944
|
+
"SCALAR"
|
|
5945
|
+
],
|
|
5946
|
+
"name": "String",
|
|
5947
|
+
"non_null": false
|
|
5948
|
+
},
|
|
5949
|
+
"varName": "valueType"
|
|
5391
5950
|
},
|
|
5392
5951
|
"verdict": {
|
|
5393
5952
|
"args": {},
|
|
@@ -5450,7 +6009,7 @@
|
|
|
5450
6009
|
"interfaces": [
|
|
5451
6010
|
{
|
|
5452
6011
|
"kind": "INTERFACE",
|
|
5453
|
-
"name": "
|
|
6012
|
+
"name": "RegistryResource",
|
|
5454
6013
|
"ofType": null
|
|
5455
6014
|
},
|
|
5456
6015
|
{
|
|
@@ -5465,14 +6024,34 @@
|
|
|
5465
6024
|
}
|
|
5466
6025
|
],
|
|
5467
6026
|
"kind": "OBJECT",
|
|
5468
|
-
"name": "
|
|
6027
|
+
"name": "MicrosoftRegistryResource",
|
|
5469
6028
|
"ofType": null,
|
|
5470
6029
|
"possibleTypes": null
|
|
5471
6030
|
},
|
|
5472
6031
|
{
|
|
5473
|
-
"description": "The `
|
|
6032
|
+
"description": "The `MicrosoftNetworkResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
|
|
5474
6033
|
"enumValues": null,
|
|
5475
6034
|
"fields": {
|
|
6035
|
+
"action": {
|
|
6036
|
+
"args": {},
|
|
6037
|
+
"deprecationReason": null,
|
|
6038
|
+
"description": null,
|
|
6039
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___action",
|
|
6040
|
+
"isDeprecated": false,
|
|
6041
|
+
"name": "action",
|
|
6042
|
+
"path": "analystFeedback.story.incident.alerts.resources.action",
|
|
6043
|
+
"requestStr": "$action:String ",
|
|
6044
|
+
"required": false,
|
|
6045
|
+
"responseStr": "action:$action ",
|
|
6046
|
+
"type": {
|
|
6047
|
+
"kind": [
|
|
6048
|
+
"SCALAR"
|
|
6049
|
+
],
|
|
6050
|
+
"name": "String",
|
|
6051
|
+
"non_null": false
|
|
6052
|
+
},
|
|
6053
|
+
"varName": "action"
|
|
6054
|
+
},
|
|
5476
6055
|
"createdDateTime": {
|
|
5477
6056
|
"args": {},
|
|
5478
6057
|
"deprecationReason": null,
|
|
@@ -5493,17 +6072,17 @@
|
|
|
5493
6072
|
},
|
|
5494
6073
|
"varName": "createdDateTime"
|
|
5495
6074
|
},
|
|
5496
|
-
"
|
|
6075
|
+
"destinationIp": {
|
|
5497
6076
|
"args": {},
|
|
5498
6077
|
"deprecationReason": null,
|
|
5499
6078
|
"description": null,
|
|
5500
|
-
"id_str": "
|
|
6079
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___destinationIp",
|
|
5501
6080
|
"isDeprecated": false,
|
|
5502
|
-
"name": "
|
|
5503
|
-
"path": "analystFeedback.story.incident.alerts.resources.
|
|
5504
|
-
"requestStr": "$
|
|
6081
|
+
"name": "destinationIp",
|
|
6082
|
+
"path": "analystFeedback.story.incident.alerts.resources.destinationIp",
|
|
6083
|
+
"requestStr": "$destinationIp:String ",
|
|
5505
6084
|
"required": false,
|
|
5506
|
-
"responseStr": "
|
|
6085
|
+
"responseStr": "destinationIp:$destinationIp ",
|
|
5507
6086
|
"type": {
|
|
5508
6087
|
"kind": [
|
|
5509
6088
|
"SCALAR"
|
|
@@ -5511,7 +6090,67 @@
|
|
|
5511
6090
|
"name": "String",
|
|
5512
6091
|
"non_null": false
|
|
5513
6092
|
},
|
|
5514
|
-
"varName": "
|
|
6093
|
+
"varName": "destinationIp"
|
|
6094
|
+
},
|
|
6095
|
+
"destinationPort": {
|
|
6096
|
+
"args": {},
|
|
6097
|
+
"deprecationReason": null,
|
|
6098
|
+
"description": null,
|
|
6099
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___destinationPort",
|
|
6100
|
+
"isDeprecated": false,
|
|
6101
|
+
"name": "destinationPort",
|
|
6102
|
+
"path": "analystFeedback.story.incident.alerts.resources.destinationPort",
|
|
6103
|
+
"requestStr": "$destinationPort:Int ",
|
|
6104
|
+
"required": false,
|
|
6105
|
+
"responseStr": "destinationPort:$destinationPort ",
|
|
6106
|
+
"type": {
|
|
6107
|
+
"kind": [
|
|
6108
|
+
"SCALAR"
|
|
6109
|
+
],
|
|
6110
|
+
"name": "Int",
|
|
6111
|
+
"non_null": false
|
|
6112
|
+
},
|
|
6113
|
+
"varName": "destinationPort"
|
|
6114
|
+
},
|
|
6115
|
+
"dnsRequest": {
|
|
6116
|
+
"args": {},
|
|
6117
|
+
"deprecationReason": null,
|
|
6118
|
+
"description": null,
|
|
6119
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___dnsRequest",
|
|
6120
|
+
"isDeprecated": false,
|
|
6121
|
+
"name": "dnsRequest",
|
|
6122
|
+
"path": "analystFeedback.story.incident.alerts.resources.dnsRequest",
|
|
6123
|
+
"requestStr": "$dnsRequest:String ",
|
|
6124
|
+
"required": false,
|
|
6125
|
+
"responseStr": "dnsRequest:$dnsRequest ",
|
|
6126
|
+
"type": {
|
|
6127
|
+
"kind": [
|
|
6128
|
+
"SCALAR"
|
|
6129
|
+
],
|
|
6130
|
+
"name": "String",
|
|
6131
|
+
"non_null": false
|
|
6132
|
+
},
|
|
6133
|
+
"varName": "dnsRequest"
|
|
6134
|
+
},
|
|
6135
|
+
"dnsResponse": {
|
|
6136
|
+
"args": {},
|
|
6137
|
+
"deprecationReason": null,
|
|
6138
|
+
"description": null,
|
|
6139
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___dnsResponse",
|
|
6140
|
+
"isDeprecated": false,
|
|
6141
|
+
"name": "dnsResponse",
|
|
6142
|
+
"path": "analystFeedback.story.incident.alerts.resources.dnsResponse",
|
|
6143
|
+
"requestStr": "$dnsResponse:String ",
|
|
6144
|
+
"required": false,
|
|
6145
|
+
"responseStr": "dnsResponse:$dnsResponse ",
|
|
6146
|
+
"type": {
|
|
6147
|
+
"kind": [
|
|
6148
|
+
"SCALAR"
|
|
6149
|
+
],
|
|
6150
|
+
"name": "String",
|
|
6151
|
+
"non_null": false
|
|
6152
|
+
},
|
|
6153
|
+
"varName": "dnsResponse"
|
|
5515
6154
|
},
|
|
5516
6155
|
"id": {
|
|
5517
6156
|
"args": {},
|
|
@@ -5534,17 +6173,17 @@
|
|
|
5534
6173
|
},
|
|
5535
6174
|
"varName": "id"
|
|
5536
6175
|
},
|
|
5537
|
-
"
|
|
6176
|
+
"method": {
|
|
5538
6177
|
"args": {},
|
|
5539
6178
|
"deprecationReason": null,
|
|
5540
6179
|
"description": null,
|
|
5541
|
-
"id_str": "
|
|
6180
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___method",
|
|
5542
6181
|
"isDeprecated": false,
|
|
5543
|
-
"name": "
|
|
5544
|
-
"path": "analystFeedback.story.incident.alerts.resources.
|
|
5545
|
-
"requestStr": "$
|
|
6182
|
+
"name": "method",
|
|
6183
|
+
"path": "analystFeedback.story.incident.alerts.resources.method",
|
|
6184
|
+
"requestStr": "$method:String ",
|
|
5546
6185
|
"required": false,
|
|
5547
|
-
"responseStr": "
|
|
6186
|
+
"responseStr": "method:$method ",
|
|
5548
6187
|
"type": {
|
|
5549
6188
|
"kind": [
|
|
5550
6189
|
"SCALAR"
|
|
@@ -5552,7 +6191,7 @@
|
|
|
5552
6191
|
"name": "String",
|
|
5553
6192
|
"non_null": false
|
|
5554
6193
|
},
|
|
5555
|
-
"varName": "
|
|
6194
|
+
"varName": "method"
|
|
5556
6195
|
},
|
|
5557
6196
|
"remediationStatus": {
|
|
5558
6197
|
"args": {},
|
|
@@ -5845,80 +6484,60 @@
|
|
|
5845
6484
|
},
|
|
5846
6485
|
"varName": "roles"
|
|
5847
6486
|
},
|
|
5848
|
-
"
|
|
5849
|
-
"args": {},
|
|
5850
|
-
"deprecationReason": null,
|
|
5851
|
-
"description": null,
|
|
5852
|
-
"id_str": "analystFeedback___story___incident___alerts___resources___tags",
|
|
5853
|
-
"isDeprecated": false,
|
|
5854
|
-
"name": "tags",
|
|
5855
|
-
"path": "analystFeedback.story.incident.alerts.resources.tags",
|
|
5856
|
-
"requestStr": "$tags:[String]! ",
|
|
5857
|
-
"required": true,
|
|
5858
|
-
"responseStr": "tags:$tags ",
|
|
5859
|
-
"type": {
|
|
5860
|
-
"kind": [
|
|
5861
|
-
"NON_NULL",
|
|
5862
|
-
"LIST",
|
|
5863
|
-
"NON_NULL",
|
|
5864
|
-
"SCALAR"
|
|
5865
|
-
],
|
|
5866
|
-
"name": "String",
|
|
5867
|
-
"non_null": false
|
|
5868
|
-
},
|
|
5869
|
-
"varName": "tags"
|
|
5870
|
-
},
|
|
5871
|
-
"value": {
|
|
6487
|
+
"sourcePort": {
|
|
5872
6488
|
"args": {},
|
|
5873
6489
|
"deprecationReason": null,
|
|
5874
6490
|
"description": null,
|
|
5875
|
-
"id_str": "
|
|
6491
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___sourcePort",
|
|
5876
6492
|
"isDeprecated": false,
|
|
5877
|
-
"name": "
|
|
5878
|
-
"path": "analystFeedback.story.incident.alerts.resources.
|
|
5879
|
-
"requestStr": "$
|
|
6493
|
+
"name": "sourcePort",
|
|
6494
|
+
"path": "analystFeedback.story.incident.alerts.resources.sourcePort",
|
|
6495
|
+
"requestStr": "$sourcePort:Int ",
|
|
5880
6496
|
"required": false,
|
|
5881
|
-
"responseStr": "
|
|
6497
|
+
"responseStr": "sourcePort:$sourcePort ",
|
|
5882
6498
|
"type": {
|
|
5883
6499
|
"kind": [
|
|
5884
6500
|
"SCALAR"
|
|
5885
6501
|
],
|
|
5886
|
-
"name": "
|
|
6502
|
+
"name": "Int",
|
|
5887
6503
|
"non_null": false
|
|
5888
6504
|
},
|
|
5889
|
-
"varName": "
|
|
6505
|
+
"varName": "sourcePort"
|
|
5890
6506
|
},
|
|
5891
|
-
"
|
|
6507
|
+
"tags": {
|
|
5892
6508
|
"args": {},
|
|
5893
6509
|
"deprecationReason": null,
|
|
5894
6510
|
"description": null,
|
|
5895
|
-
"id_str": "
|
|
6511
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___tags",
|
|
5896
6512
|
"isDeprecated": false,
|
|
5897
|
-
"name": "
|
|
5898
|
-
"path": "analystFeedback.story.incident.alerts.resources.
|
|
5899
|
-
"requestStr": "$
|
|
5900
|
-
"required":
|
|
5901
|
-
"responseStr": "
|
|
6513
|
+
"name": "tags",
|
|
6514
|
+
"path": "analystFeedback.story.incident.alerts.resources.tags",
|
|
6515
|
+
"requestStr": "$tags:[String]! ",
|
|
6516
|
+
"required": true,
|
|
6517
|
+
"responseStr": "tags:$tags ",
|
|
5902
6518
|
"type": {
|
|
5903
6519
|
"kind": [
|
|
6520
|
+
"NON_NULL",
|
|
6521
|
+
"LIST",
|
|
6522
|
+
"NON_NULL",
|
|
5904
6523
|
"SCALAR"
|
|
5905
6524
|
],
|
|
5906
6525
|
"name": "String",
|
|
5907
6526
|
"non_null": false
|
|
5908
6527
|
},
|
|
5909
|
-
"varName": "
|
|
6528
|
+
"varName": "tags"
|
|
5910
6529
|
},
|
|
5911
|
-
"
|
|
6530
|
+
"url": {
|
|
5912
6531
|
"args": {},
|
|
5913
6532
|
"deprecationReason": null,
|
|
5914
6533
|
"description": null,
|
|
5915
|
-
"id_str": "
|
|
6534
|
+
"id_str": "analystFeedback___story___incident___alerts___resources___url",
|
|
5916
6535
|
"isDeprecated": false,
|
|
5917
|
-
"name": "
|
|
5918
|
-
"path": "analystFeedback.story.incident.alerts.resources.
|
|
5919
|
-
"requestStr": "$
|
|
6536
|
+
"name": "url",
|
|
6537
|
+
"path": "analystFeedback.story.incident.alerts.resources.url",
|
|
6538
|
+
"requestStr": "$url:String ",
|
|
5920
6539
|
"required": false,
|
|
5921
|
-
"responseStr": "
|
|
6540
|
+
"responseStr": "url:$url ",
|
|
5922
6541
|
"type": {
|
|
5923
6542
|
"kind": [
|
|
5924
6543
|
"SCALAR"
|
|
@@ -5926,7 +6545,7 @@
|
|
|
5926
6545
|
"name": "String",
|
|
5927
6546
|
"non_null": false
|
|
5928
6547
|
},
|
|
5929
|
-
"varName": "
|
|
6548
|
+
"varName": "url"
|
|
5930
6549
|
},
|
|
5931
6550
|
"verdict": {
|
|
5932
6551
|
"args": {},
|
|
@@ -5989,12 +6608,12 @@
|
|
|
5989
6608
|
"interfaces": [
|
|
5990
6609
|
{
|
|
5991
6610
|
"kind": "INTERFACE",
|
|
5992
|
-
"name": "
|
|
6611
|
+
"name": "MicrosoftEndpointResource",
|
|
5993
6612
|
"ofType": null
|
|
5994
6613
|
},
|
|
5995
6614
|
{
|
|
5996
6615
|
"kind": "INTERFACE",
|
|
5997
|
-
"name": "
|
|
6616
|
+
"name": "NetworkResource",
|
|
5998
6617
|
"ofType": null
|
|
5999
6618
|
},
|
|
6000
6619
|
{
|
|
@@ -6004,7 +6623,7 @@
|
|
|
6004
6623
|
}
|
|
6005
6624
|
],
|
|
6006
6625
|
"kind": "OBJECT",
|
|
6007
|
-
"name": "
|
|
6626
|
+
"name": "MicrosoftNetworkResource",
|
|
6008
6627
|
"ofType": null,
|
|
6009
6628
|
"possibleTypes": null
|
|
6010
6629
|
}
|
|
@@ -24640,26 +25259,6 @@
|
|
|
24640
25259
|
"description": null,
|
|
24641
25260
|
"enumValues": null,
|
|
24642
25261
|
"fields": {
|
|
24643
|
-
"impact": {
|
|
24644
|
-
"args": {},
|
|
24645
|
-
"deprecationReason": null,
|
|
24646
|
-
"description": null,
|
|
24647
|
-
"id_str": "analystFeedback___story___incident___accountOperationIncident___impact",
|
|
24648
|
-
"isDeprecated": false,
|
|
24649
|
-
"name": "impact",
|
|
24650
|
-
"path": "analystFeedback.story.incident.accountOperationIncident.impact",
|
|
24651
|
-
"requestStr": "$impact:String ",
|
|
24652
|
-
"required": false,
|
|
24653
|
-
"responseStr": "impact:$impact ",
|
|
24654
|
-
"type": {
|
|
24655
|
-
"kind": [
|
|
24656
|
-
"SCALAR"
|
|
24657
|
-
],
|
|
24658
|
-
"name": "String",
|
|
24659
|
-
"non_null": false
|
|
24660
|
-
},
|
|
24661
|
-
"varName": "impact"
|
|
24662
|
-
},
|
|
24663
25262
|
"incidentTimeline": {
|
|
24664
25263
|
"args": {},
|
|
24665
25264
|
"deprecationReason": null,
|
|
@@ -25015,6 +25614,122 @@
|
|
|
25015
25614
|
"non_null": false
|
|
25016
25615
|
},
|
|
25017
25616
|
"varName": "accountOperationsTimelineBase"
|
|
25617
|
+
},
|
|
25618
|
+
"metadata": {
|
|
25619
|
+
"args": {},
|
|
25620
|
+
"deprecationReason": null,
|
|
25621
|
+
"description": null,
|
|
25622
|
+
"id_str": "analystFeedback___story___incident___accountOperationIncident___metadata",
|
|
25623
|
+
"isDeprecated": false,
|
|
25624
|
+
"name": "metadata",
|
|
25625
|
+
"path": "analystFeedback.story.incident.accountOperationIncident.metadata",
|
|
25626
|
+
"requestStr": "$accountOperationsMetadata:[AccountOperationsMetadata]! ",
|
|
25627
|
+
"required": true,
|
|
25628
|
+
"responseStr": "metadata:$accountOperationsMetadata ",
|
|
25629
|
+
"type": {
|
|
25630
|
+
"definition": {
|
|
25631
|
+
"description": null,
|
|
25632
|
+
"enumValues": null,
|
|
25633
|
+
"fields": {
|
|
25634
|
+
"key": {
|
|
25635
|
+
"args": {},
|
|
25636
|
+
"deprecationReason": null,
|
|
25637
|
+
"description": null,
|
|
25638
|
+
"id_str": "analystFeedback___story___incident___accountOperationIncident___metadata___key",
|
|
25639
|
+
"isDeprecated": false,
|
|
25640
|
+
"name": "key",
|
|
25641
|
+
"path": "analystFeedback.story.incident.accountOperationIncident.metadata.key",
|
|
25642
|
+
"requestStr": "$key:String! ",
|
|
25643
|
+
"required": true,
|
|
25644
|
+
"responseStr": "key:$key ",
|
|
25645
|
+
"type": {
|
|
25646
|
+
"kind": [
|
|
25647
|
+
"NON_NULL",
|
|
25648
|
+
"SCALAR"
|
|
25649
|
+
],
|
|
25650
|
+
"name": "String",
|
|
25651
|
+
"non_null": false
|
|
25652
|
+
},
|
|
25653
|
+
"varName": "key"
|
|
25654
|
+
},
|
|
25655
|
+
"type": {
|
|
25656
|
+
"args": {},
|
|
25657
|
+
"deprecationReason": null,
|
|
25658
|
+
"description": null,
|
|
25659
|
+
"id_str": "analystFeedback___story___incident___accountOperationIncident___metadata___type",
|
|
25660
|
+
"isDeprecated": false,
|
|
25661
|
+
"name": "type",
|
|
25662
|
+
"path": "analystFeedback.story.incident.accountOperationIncident.metadata.type",
|
|
25663
|
+
"requestStr": "$type:MetadataType! ",
|
|
25664
|
+
"required": true,
|
|
25665
|
+
"responseStr": "type:$type ",
|
|
25666
|
+
"type": {
|
|
25667
|
+
"definition": {
|
|
25668
|
+
"description": null,
|
|
25669
|
+
"enumValues": [
|
|
25670
|
+
{
|
|
25671
|
+
"deprecationReason": null,
|
|
25672
|
+
"description": null,
|
|
25673
|
+
"isDeprecated": false,
|
|
25674
|
+
"name": "TXT"
|
|
25675
|
+
}
|
|
25676
|
+
],
|
|
25677
|
+
"fields": null,
|
|
25678
|
+
"inputFields": null,
|
|
25679
|
+
"interfaces": null,
|
|
25680
|
+
"kind": "ENUM",
|
|
25681
|
+
"name": "MetadataType",
|
|
25682
|
+
"possibleTypes": null
|
|
25683
|
+
},
|
|
25684
|
+
"indexType": "enum",
|
|
25685
|
+
"kind": [
|
|
25686
|
+
"NON_NULL",
|
|
25687
|
+
"ENUM"
|
|
25688
|
+
],
|
|
25689
|
+
"name": "MetadataType",
|
|
25690
|
+
"non_null": false
|
|
25691
|
+
},
|
|
25692
|
+
"varName": "type"
|
|
25693
|
+
},
|
|
25694
|
+
"value": {
|
|
25695
|
+
"args": {},
|
|
25696
|
+
"deprecationReason": null,
|
|
25697
|
+
"description": null,
|
|
25698
|
+
"id_str": "analystFeedback___story___incident___accountOperationIncident___metadata___value",
|
|
25699
|
+
"isDeprecated": false,
|
|
25700
|
+
"name": "value",
|
|
25701
|
+
"path": "analystFeedback.story.incident.accountOperationIncident.metadata.value",
|
|
25702
|
+
"requestStr": "$value:String! ",
|
|
25703
|
+
"required": true,
|
|
25704
|
+
"responseStr": "value:$value ",
|
|
25705
|
+
"type": {
|
|
25706
|
+
"kind": [
|
|
25707
|
+
"NON_NULL",
|
|
25708
|
+
"SCALAR"
|
|
25709
|
+
],
|
|
25710
|
+
"name": "String",
|
|
25711
|
+
"non_null": false
|
|
25712
|
+
},
|
|
25713
|
+
"varName": "value"
|
|
25714
|
+
}
|
|
25715
|
+
},
|
|
25716
|
+
"inputFields": null,
|
|
25717
|
+
"interfaces": [],
|
|
25718
|
+
"kind": "OBJECT",
|
|
25719
|
+
"name": "AccountOperationsMetadata",
|
|
25720
|
+
"possibleTypes": null
|
|
25721
|
+
},
|
|
25722
|
+
"indexType": "object",
|
|
25723
|
+
"kind": [
|
|
25724
|
+
"NON_NULL",
|
|
25725
|
+
"LIST",
|
|
25726
|
+
"NON_NULL",
|
|
25727
|
+
"OBJECT"
|
|
25728
|
+
],
|
|
25729
|
+
"name": "AccountOperationsMetadata",
|
|
25730
|
+
"non_null": false
|
|
25731
|
+
},
|
|
25732
|
+
"varName": "accountOperationsMetadata"
|
|
25018
25733
|
}
|
|
25019
25734
|
},
|
|
25020
25735
|
"inputFields": null,
|
|
@@ -25601,6 +26316,26 @@
|
|
|
25601
26316
|
},
|
|
25602
26317
|
"varName": "lastSignal"
|
|
25603
26318
|
},
|
|
26319
|
+
"occurrences": {
|
|
26320
|
+
"args": {},
|
|
26321
|
+
"deprecationReason": null,
|
|
26322
|
+
"description": null,
|
|
26323
|
+
"id_str": "analystFeedback___story___incident___occurrences",
|
|
26324
|
+
"isDeprecated": false,
|
|
26325
|
+
"name": "occurrences",
|
|
26326
|
+
"path": "analystFeedback.story.incident.occurrences",
|
|
26327
|
+
"requestStr": "$occurrences:Int ",
|
|
26328
|
+
"required": false,
|
|
26329
|
+
"responseStr": "occurrences:$occurrences ",
|
|
26330
|
+
"type": {
|
|
26331
|
+
"kind": [
|
|
26332
|
+
"SCALAR"
|
|
26333
|
+
],
|
|
26334
|
+
"name": "Int",
|
|
26335
|
+
"non_null": false
|
|
26336
|
+
},
|
|
26337
|
+
"varName": "occurrences"
|
|
26338
|
+
},
|
|
25604
26339
|
"predictedThreatType": {
|
|
25605
26340
|
"args": {},
|
|
25606
26341
|
"deprecationReason": null,
|