catocli 3.0.14__py3-none-any.whl → 3.0.22__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of catocli might be problematic. Click here for more details.
- catocli/Utils/clidriver.py +16 -8
- catocli/Utils/formatter_account_metrics.py +544 -0
- catocli/Utils/formatter_app_stats.py +184 -0
- catocli/Utils/formatter_app_stats_timeseries.py +377 -0
- catocli/Utils/formatter_events_timeseries.py +459 -0
- catocli/Utils/formatter_socket_port_metrics.py +189 -0
- catocli/Utils/formatter_socket_port_metrics_timeseries.py +339 -0
- catocli/Utils/formatter_utils.py +251 -0
- catocli/Utils/help_formatter.py +1 -1
- catocli/__init__.py +1 -1
- catocli/clisettings.json +37 -5
- catocli/parsers/custom/query_eventsFeed/README.md +94 -0
- catocli/parsers/custom/scim/README.md +346 -0
- catocli/parsers/custom/scim/scim_client.py +132 -26
- catocli/parsers/custom/scim/scim_commands.py +14 -56
- catocli/parsers/customParserApiClient.py +213 -65
- catocli/parsers/mutation_policy/__init__.py +405 -405
- catocli/parsers/mutation_site/__init__.py +15 -15
- catocli/parsers/mutation_sites/__init__.py +15 -15
- catocli/parsers/query_accountMetrics/README.md +99 -9
- catocli/parsers/query_accountMetrics/__init__.py +6 -0
- catocli/parsers/query_appStats/README.md +11 -11
- catocli/parsers/query_appStats/__init__.py +4 -2
- catocli/parsers/query_appStatsTimeSeries/README.md +10 -10
- catocli/parsers/query_appStatsTimeSeries/__init__.py +4 -2
- catocli/parsers/query_auditFeed/README.md +9 -9
- catocli/parsers/query_events/README.md +9 -9
- catocli/parsers/query_eventsTimeSeries/README.md +289 -9
- catocli/parsers/query_eventsTimeSeries/__init__.py +6 -0
- catocli/parsers/query_policy/__init__.py +42 -42
- catocli/parsers/query_socketPortMetrics/README.md +53 -9
- catocli/parsers/query_socketPortMetrics/__init__.py +6 -0
- catocli/parsers/query_socketPortMetricsTimeSeries/README.md +92 -9
- catocli/parsers/query_socketPortMetricsTimeSeries/__init__.py +4 -2
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/METADATA +1 -1
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/RECORD +187 -183
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/top_level.txt +0 -1
- models/mutation.policy.antiMalwareFileHash.addRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.addSection.json +103 -0
- models/mutation.policy.antiMalwareFileHash.createPolicyRevision.json +123 -0
- models/mutation.policy.antiMalwareFileHash.discardPolicyRevision.json +123 -0
- models/mutation.policy.antiMalwareFileHash.moveRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.moveSection.json +103 -0
- models/mutation.policy.antiMalwareFileHash.publishPolicyRevision.json +123 -0
- models/mutation.policy.antiMalwareFileHash.removeRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.removeSection.json +103 -0
- models/mutation.policy.antiMalwareFileHash.updatePolicy.json +123 -0
- models/mutation.policy.antiMalwareFileHash.updateRule.json +20 -0
- models/mutation.policy.antiMalwareFileHash.updateSection.json +103 -0
- models/mutation.policy.appTenantRestriction.addRule.json +20 -0
- models/mutation.policy.appTenantRestriction.addSection.json +103 -0
- models/mutation.policy.appTenantRestriction.createPolicyRevision.json +123 -0
- models/mutation.policy.appTenantRestriction.discardPolicyRevision.json +123 -0
- models/mutation.policy.appTenantRestriction.moveRule.json +20 -0
- models/mutation.policy.appTenantRestriction.moveSection.json +103 -0
- models/mutation.policy.appTenantRestriction.publishPolicyRevision.json +123 -0
- models/mutation.policy.appTenantRestriction.removeRule.json +20 -0
- models/mutation.policy.appTenantRestriction.removeSection.json +103 -0
- models/mutation.policy.appTenantRestriction.updatePolicy.json +123 -0
- models/mutation.policy.appTenantRestriction.updateRule.json +20 -0
- models/mutation.policy.appTenantRestriction.updateSection.json +103 -0
- models/mutation.policy.applicationControl.addRule.json +20 -0
- models/mutation.policy.applicationControl.addSection.json +103 -0
- models/mutation.policy.applicationControl.createPolicyRevision.json +123 -0
- models/mutation.policy.applicationControl.discardPolicyRevision.json +123 -0
- models/mutation.policy.applicationControl.moveRule.json +20 -0
- models/mutation.policy.applicationControl.moveSection.json +103 -0
- models/mutation.policy.applicationControl.publishPolicyRevision.json +123 -0
- models/mutation.policy.applicationControl.removeRule.json +20 -0
- models/mutation.policy.applicationControl.removeSection.json +103 -0
- models/mutation.policy.applicationControl.updatePolicy.json +123 -0
- models/mutation.policy.applicationControl.updateRule.json +20 -0
- models/mutation.policy.applicationControl.updateSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.addRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.addSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +123 -0
- models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +123 -0
- models/mutation.policy.dynamicIpAllocation.moveRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.moveSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +123 -0
- models/mutation.policy.dynamicIpAllocation.removeRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.removeSection.json +103 -0
- models/mutation.policy.dynamicIpAllocation.updatePolicy.json +123 -0
- models/mutation.policy.dynamicIpAllocation.updateRule.json +20 -0
- models/mutation.policy.dynamicIpAllocation.updateSection.json +103 -0
- models/mutation.policy.internetFirewall.addRule.json +20 -0
- models/mutation.policy.internetFirewall.addSection.json +103 -0
- models/mutation.policy.internetFirewall.createPolicyRevision.json +123 -0
- models/mutation.policy.internetFirewall.discardPolicyRevision.json +123 -0
- models/mutation.policy.internetFirewall.moveRule.json +20 -0
- models/mutation.policy.internetFirewall.moveSection.json +103 -0
- models/mutation.policy.internetFirewall.publishPolicyRevision.json +123 -0
- models/mutation.policy.internetFirewall.removeRule.json +20 -0
- models/mutation.policy.internetFirewall.removeSection.json +103 -0
- models/mutation.policy.internetFirewall.updatePolicy.json +123 -0
- models/mutation.policy.internetFirewall.updateRule.json +20 -0
- models/mutation.policy.internetFirewall.updateSection.json +103 -0
- models/mutation.policy.remotePortFwd.addRule.json +20 -0
- models/mutation.policy.remotePortFwd.addSection.json +103 -0
- models/mutation.policy.remotePortFwd.createPolicyRevision.json +123 -0
- models/mutation.policy.remotePortFwd.discardPolicyRevision.json +123 -0
- models/mutation.policy.remotePortFwd.moveRule.json +20 -0
- models/mutation.policy.remotePortFwd.moveSection.json +103 -0
- models/mutation.policy.remotePortFwd.publishPolicyRevision.json +123 -0
- models/mutation.policy.remotePortFwd.removeRule.json +20 -0
- models/mutation.policy.remotePortFwd.removeSection.json +103 -0
- models/mutation.policy.remotePortFwd.updatePolicy.json +123 -0
- models/mutation.policy.remotePortFwd.updateRule.json +20 -0
- models/mutation.policy.remotePortFwd.updateSection.json +103 -0
- models/mutation.policy.socketLan.addRule.json +40 -0
- models/mutation.policy.socketLan.addSection.json +103 -0
- models/mutation.policy.socketLan.createPolicyRevision.json +143 -0
- models/mutation.policy.socketLan.discardPolicyRevision.json +143 -0
- models/mutation.policy.socketLan.moveRule.json +40 -0
- models/mutation.policy.socketLan.moveSection.json +103 -0
- models/mutation.policy.socketLan.publishPolicyRevision.json +143 -0
- models/mutation.policy.socketLan.removeRule.json +40 -0
- models/mutation.policy.socketLan.removeSection.json +103 -0
- models/mutation.policy.socketLan.updatePolicy.json +143 -0
- models/mutation.policy.socketLan.updateRule.json +40 -0
- models/mutation.policy.socketLan.updateSection.json +103 -0
- models/mutation.policy.terminalServer.addRule.json +20 -0
- models/mutation.policy.terminalServer.addSection.json +103 -0
- models/mutation.policy.terminalServer.createPolicyRevision.json +123 -0
- models/mutation.policy.terminalServer.discardPolicyRevision.json +123 -0
- models/mutation.policy.terminalServer.moveRule.json +20 -0
- models/mutation.policy.terminalServer.moveSection.json +103 -0
- models/mutation.policy.terminalServer.publishPolicyRevision.json +123 -0
- models/mutation.policy.terminalServer.removeRule.json +20 -0
- models/mutation.policy.terminalServer.removeSection.json +103 -0
- models/mutation.policy.terminalServer.updatePolicy.json +123 -0
- models/mutation.policy.terminalServer.updateRule.json +20 -0
- models/mutation.policy.terminalServer.updateSection.json +103 -0
- models/mutation.policy.tlsInspect.addRule.json +20 -0
- models/mutation.policy.tlsInspect.addSection.json +103 -0
- models/mutation.policy.tlsInspect.createPolicyRevision.json +123 -0
- models/mutation.policy.tlsInspect.discardPolicyRevision.json +123 -0
- models/mutation.policy.tlsInspect.moveRule.json +20 -0
- models/mutation.policy.tlsInspect.moveSection.json +103 -0
- models/mutation.policy.tlsInspect.publishPolicyRevision.json +123 -0
- models/mutation.policy.tlsInspect.removeRule.json +20 -0
- models/mutation.policy.tlsInspect.removeSection.json +103 -0
- models/mutation.policy.tlsInspect.updatePolicy.json +123 -0
- models/mutation.policy.tlsInspect.updateRule.json +20 -0
- models/mutation.policy.tlsInspect.updateSection.json +103 -0
- models/mutation.policy.wanFirewall.addRule.json +20 -0
- models/mutation.policy.wanFirewall.addSection.json +103 -0
- models/mutation.policy.wanFirewall.createPolicyRevision.json +123 -0
- models/mutation.policy.wanFirewall.discardPolicyRevision.json +123 -0
- models/mutation.policy.wanFirewall.moveRule.json +20 -0
- models/mutation.policy.wanFirewall.moveSection.json +103 -0
- models/mutation.policy.wanFirewall.publishPolicyRevision.json +123 -0
- models/mutation.policy.wanFirewall.removeRule.json +20 -0
- models/mutation.policy.wanFirewall.removeSection.json +103 -0
- models/mutation.policy.wanFirewall.updatePolicy.json +123 -0
- models/mutation.policy.wanFirewall.updateRule.json +20 -0
- models/mutation.policy.wanFirewall.updateSection.json +103 -0
- models/mutation.policy.wanNetwork.addRule.json +20 -0
- models/mutation.policy.wanNetwork.addSection.json +103 -0
- models/mutation.policy.wanNetwork.createPolicyRevision.json +123 -0
- models/mutation.policy.wanNetwork.discardPolicyRevision.json +123 -0
- models/mutation.policy.wanNetwork.moveRule.json +20 -0
- models/mutation.policy.wanNetwork.moveSection.json +103 -0
- models/mutation.policy.wanNetwork.publishPolicyRevision.json +123 -0
- models/mutation.policy.wanNetwork.removeRule.json +20 -0
- models/mutation.policy.wanNetwork.removeSection.json +103 -0
- models/mutation.policy.wanNetwork.updatePolicy.json +123 -0
- models/mutation.policy.wanNetwork.updateRule.json +20 -0
- models/mutation.policy.wanNetwork.updateSection.json +103 -0
- models/mutation.xdr.analystFeedback.json +822 -87
- models/query.policy.antiMalwareFileHash.policy.json +123 -0
- models/query.policy.appTenantRestriction.policy.json +123 -0
- models/query.policy.applicationControl.policy.json +123 -0
- models/query.policy.dynamicIpAllocation.policy.json +123 -0
- models/query.policy.internetFirewall.policy.json +123 -0
- models/query.policy.remotePortFwd.policy.json +123 -0
- models/query.policy.socketLan.policy.json +143 -0
- models/query.policy.terminalServer.policy.json +123 -0
- models/query.policy.tlsInspect.policy.json +123 -0
- models/query.policy.wanFirewall.policy.json +123 -0
- models/query.policy.wanNetwork.policy.json +123 -0
- models/query.xdr.stories.json +822 -87
- models/query.xdr.story.json +822 -87
- schema/catolib.py +34 -17
- catocli/Utils/csv_formatter.py +0 -663
- scripts/catolib.py +0 -62
- scripts/export_if_rules_to_json.py +0 -188
- scripts/export_wf_rules_to_json.py +0 -111
- scripts/import_wf_rules_to_tfstate.py +0 -331
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/WHEEL +0 -0
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/entry_points.txt +0 -0
- {catocli-3.0.14.dist-info → catocli-3.0.22.dist-info}/licenses/LICENSE +0 -0
models/query.xdr.story.json
CHANGED
|
@@ -3150,6 +3150,26 @@
|
|
|
3150
3150
|
"description": "The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.",
|
|
3151
3151
|
"enumValues": null,
|
|
3152
3152
|
"fields": {
|
|
3153
|
+
"action": {
|
|
3154
|
+
"args": {},
|
|
3155
|
+
"deprecationReason": null,
|
|
3156
|
+
"description": null,
|
|
3157
|
+
"id_str": "story___incident___alerts___resources___action",
|
|
3158
|
+
"isDeprecated": false,
|
|
3159
|
+
"name": "action",
|
|
3160
|
+
"path": "story.incident.alerts.resources.action",
|
|
3161
|
+
"requestStr": "$action:String ",
|
|
3162
|
+
"required": false,
|
|
3163
|
+
"responseStr": "action:$action ",
|
|
3164
|
+
"type": {
|
|
3165
|
+
"kind": [
|
|
3166
|
+
"SCALAR"
|
|
3167
|
+
],
|
|
3168
|
+
"name": "String",
|
|
3169
|
+
"non_null": false
|
|
3170
|
+
},
|
|
3171
|
+
"varName": "action"
|
|
3172
|
+
},
|
|
3153
3173
|
"createdDateTime": {
|
|
3154
3174
|
"args": {},
|
|
3155
3175
|
"deprecationReason": null,
|
|
@@ -4732,7 +4752,546 @@
|
|
|
4732
4752
|
"name": "String",
|
|
4733
4753
|
"non_null": false
|
|
4734
4754
|
},
|
|
4735
|
-
"varName": "tags"
|
|
4755
|
+
"varName": "tags"
|
|
4756
|
+
},
|
|
4757
|
+
"verdict": {
|
|
4758
|
+
"args": {},
|
|
4759
|
+
"deprecationReason": null,
|
|
4760
|
+
"description": null,
|
|
4761
|
+
"id_str": "story___incident___alerts___resources___verdict",
|
|
4762
|
+
"isDeprecated": false,
|
|
4763
|
+
"name": "verdict",
|
|
4764
|
+
"path": "story.incident.alerts.resources.verdict",
|
|
4765
|
+
"requestStr": "$verdict:MsResourceVerdictEnum ",
|
|
4766
|
+
"required": false,
|
|
4767
|
+
"responseStr": "verdict:$verdict ",
|
|
4768
|
+
"type": {
|
|
4769
|
+
"definition": {
|
|
4770
|
+
"description": null,
|
|
4771
|
+
"enumValues": [
|
|
4772
|
+
{
|
|
4773
|
+
"deprecationReason": null,
|
|
4774
|
+
"description": null,
|
|
4775
|
+
"isDeprecated": false,
|
|
4776
|
+
"name": "Suspicious"
|
|
4777
|
+
},
|
|
4778
|
+
{
|
|
4779
|
+
"deprecationReason": null,
|
|
4780
|
+
"description": null,
|
|
4781
|
+
"isDeprecated": false,
|
|
4782
|
+
"name": "Malicious"
|
|
4783
|
+
},
|
|
4784
|
+
{
|
|
4785
|
+
"deprecationReason": null,
|
|
4786
|
+
"description": null,
|
|
4787
|
+
"isDeprecated": false,
|
|
4788
|
+
"name": "Informational"
|
|
4789
|
+
},
|
|
4790
|
+
{
|
|
4791
|
+
"deprecationReason": null,
|
|
4792
|
+
"description": null,
|
|
4793
|
+
"isDeprecated": false,
|
|
4794
|
+
"name": "Benign"
|
|
4795
|
+
}
|
|
4796
|
+
],
|
|
4797
|
+
"fields": null,
|
|
4798
|
+
"inputFields": null,
|
|
4799
|
+
"interfaces": null,
|
|
4800
|
+
"kind": "ENUM",
|
|
4801
|
+
"name": "MsResourceVerdictEnum",
|
|
4802
|
+
"possibleTypes": null
|
|
4803
|
+
},
|
|
4804
|
+
"indexType": "enum",
|
|
4805
|
+
"kind": [
|
|
4806
|
+
"ENUM"
|
|
4807
|
+
],
|
|
4808
|
+
"name": "MsResourceVerdictEnum",
|
|
4809
|
+
"non_null": false
|
|
4810
|
+
},
|
|
4811
|
+
"varName": "verdict"
|
|
4812
|
+
}
|
|
4813
|
+
},
|
|
4814
|
+
"inputFields": null,
|
|
4815
|
+
"interfaces": [
|
|
4816
|
+
{
|
|
4817
|
+
"kind": "INTERFACE",
|
|
4818
|
+
"name": "FileResource",
|
|
4819
|
+
"ofType": null
|
|
4820
|
+
},
|
|
4821
|
+
{
|
|
4822
|
+
"kind": "INTERFACE",
|
|
4823
|
+
"name": "MicrosoftEndpointResource",
|
|
4824
|
+
"ofType": null
|
|
4825
|
+
},
|
|
4826
|
+
{
|
|
4827
|
+
"kind": "INTERFACE",
|
|
4828
|
+
"name": "EndpointResource",
|
|
4829
|
+
"ofType": null
|
|
4830
|
+
}
|
|
4831
|
+
],
|
|
4832
|
+
"kind": "OBJECT",
|
|
4833
|
+
"name": "MicrosoftFileResource",
|
|
4834
|
+
"ofType": null,
|
|
4835
|
+
"possibleTypes": null
|
|
4836
|
+
},
|
|
4837
|
+
{
|
|
4838
|
+
"description": "The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
|
|
4839
|
+
"enumValues": null,
|
|
4840
|
+
"fields": {
|
|
4841
|
+
"createdDateTime": {
|
|
4842
|
+
"args": {},
|
|
4843
|
+
"deprecationReason": null,
|
|
4844
|
+
"description": null,
|
|
4845
|
+
"id_str": "story___incident___alerts___resources___createdDateTime",
|
|
4846
|
+
"isDeprecated": false,
|
|
4847
|
+
"name": "createdDateTime",
|
|
4848
|
+
"path": "story.incident.alerts.resources.createdDateTime",
|
|
4849
|
+
"requestStr": "$createdDateTime:DateTime ",
|
|
4850
|
+
"required": false,
|
|
4851
|
+
"responseStr": "createdDateTime:$createdDateTime ",
|
|
4852
|
+
"type": {
|
|
4853
|
+
"kind": [
|
|
4854
|
+
"SCALAR"
|
|
4855
|
+
],
|
|
4856
|
+
"name": "DateTime",
|
|
4857
|
+
"non_null": false
|
|
4858
|
+
},
|
|
4859
|
+
"varName": "createdDateTime"
|
|
4860
|
+
},
|
|
4861
|
+
"hive": {
|
|
4862
|
+
"args": {},
|
|
4863
|
+
"deprecationReason": null,
|
|
4864
|
+
"description": null,
|
|
4865
|
+
"id_str": "story___incident___alerts___resources___hive",
|
|
4866
|
+
"isDeprecated": false,
|
|
4867
|
+
"name": "hive",
|
|
4868
|
+
"path": "story.incident.alerts.resources.hive",
|
|
4869
|
+
"requestStr": "$hive:String ",
|
|
4870
|
+
"required": false,
|
|
4871
|
+
"responseStr": "hive:$hive ",
|
|
4872
|
+
"type": {
|
|
4873
|
+
"kind": [
|
|
4874
|
+
"SCALAR"
|
|
4875
|
+
],
|
|
4876
|
+
"name": "String",
|
|
4877
|
+
"non_null": false
|
|
4878
|
+
},
|
|
4879
|
+
"varName": "hive"
|
|
4880
|
+
},
|
|
4881
|
+
"id": {
|
|
4882
|
+
"args": {},
|
|
4883
|
+
"deprecationReason": null,
|
|
4884
|
+
"description": null,
|
|
4885
|
+
"id_str": "story___incident___alerts___resources___id",
|
|
4886
|
+
"isDeprecated": false,
|
|
4887
|
+
"name": "id",
|
|
4888
|
+
"path": "story.incident.alerts.resources.id",
|
|
4889
|
+
"requestStr": "$id:ID! ",
|
|
4890
|
+
"required": true,
|
|
4891
|
+
"responseStr": "id:$id ",
|
|
4892
|
+
"type": {
|
|
4893
|
+
"kind": [
|
|
4894
|
+
"NON_NULL",
|
|
4895
|
+
"SCALAR"
|
|
4896
|
+
],
|
|
4897
|
+
"name": "ID",
|
|
4898
|
+
"non_null": false
|
|
4899
|
+
},
|
|
4900
|
+
"varName": "id"
|
|
4901
|
+
},
|
|
4902
|
+
"key": {
|
|
4903
|
+
"args": {},
|
|
4904
|
+
"deprecationReason": null,
|
|
4905
|
+
"description": null,
|
|
4906
|
+
"id_str": "story___incident___alerts___resources___key",
|
|
4907
|
+
"isDeprecated": false,
|
|
4908
|
+
"name": "key",
|
|
4909
|
+
"path": "story.incident.alerts.resources.key",
|
|
4910
|
+
"requestStr": "$key:String ",
|
|
4911
|
+
"required": false,
|
|
4912
|
+
"responseStr": "key:$key ",
|
|
4913
|
+
"type": {
|
|
4914
|
+
"kind": [
|
|
4915
|
+
"SCALAR"
|
|
4916
|
+
],
|
|
4917
|
+
"name": "String",
|
|
4918
|
+
"non_null": false
|
|
4919
|
+
},
|
|
4920
|
+
"varName": "key"
|
|
4921
|
+
},
|
|
4922
|
+
"remediationStatus": {
|
|
4923
|
+
"args": {},
|
|
4924
|
+
"deprecationReason": null,
|
|
4925
|
+
"description": null,
|
|
4926
|
+
"id_str": "story___incident___alerts___resources___remediationStatus",
|
|
4927
|
+
"isDeprecated": false,
|
|
4928
|
+
"name": "remediationStatus",
|
|
4929
|
+
"path": "story.incident.alerts.resources.remediationStatus",
|
|
4930
|
+
"requestStr": "$remediationStatus:RemediationStatusEnum ",
|
|
4931
|
+
"required": false,
|
|
4932
|
+
"responseStr": "remediationStatus:$remediationStatus ",
|
|
4933
|
+
"type": {
|
|
4934
|
+
"definition": {
|
|
4935
|
+
"description": null,
|
|
4936
|
+
"enumValues": [
|
|
4937
|
+
{
|
|
4938
|
+
"deprecationReason": null,
|
|
4939
|
+
"description": null,
|
|
4940
|
+
"isDeprecated": false,
|
|
4941
|
+
"name": "REMEDIATED"
|
|
4942
|
+
},
|
|
4943
|
+
{
|
|
4944
|
+
"deprecationReason": null,
|
|
4945
|
+
"description": null,
|
|
4946
|
+
"isDeprecated": false,
|
|
4947
|
+
"name": "PREVENTED"
|
|
4948
|
+
},
|
|
4949
|
+
{
|
|
4950
|
+
"deprecationReason": null,
|
|
4951
|
+
"description": null,
|
|
4952
|
+
"isDeprecated": false,
|
|
4953
|
+
"name": "BLOCKED"
|
|
4954
|
+
},
|
|
4955
|
+
{
|
|
4956
|
+
"deprecationReason": null,
|
|
4957
|
+
"description": null,
|
|
4958
|
+
"isDeprecated": false,
|
|
4959
|
+
"name": "NOT_FOUND"
|
|
4960
|
+
},
|
|
4961
|
+
{
|
|
4962
|
+
"deprecationReason": null,
|
|
4963
|
+
"description": null,
|
|
4964
|
+
"isDeprecated": false,
|
|
4965
|
+
"name": "SCAN_FAILED"
|
|
4966
|
+
},
|
|
4967
|
+
{
|
|
4968
|
+
"deprecationReason": null,
|
|
4969
|
+
"description": null,
|
|
4970
|
+
"isDeprecated": false,
|
|
4971
|
+
"name": "CLEAN"
|
|
4972
|
+
},
|
|
4973
|
+
{
|
|
4974
|
+
"deprecationReason": null,
|
|
4975
|
+
"description": null,
|
|
4976
|
+
"isDeprecated": false,
|
|
4977
|
+
"name": "DISINFECTED"
|
|
4978
|
+
},
|
|
4979
|
+
{
|
|
4980
|
+
"deprecationReason": null,
|
|
4981
|
+
"description": null,
|
|
4982
|
+
"isDeprecated": false,
|
|
4983
|
+
"name": "INFECTED"
|
|
4984
|
+
},
|
|
4985
|
+
{
|
|
4986
|
+
"deprecationReason": null,
|
|
4987
|
+
"description": null,
|
|
4988
|
+
"isDeprecated": false,
|
|
4989
|
+
"name": "SUSPICIOUS"
|
|
4990
|
+
},
|
|
4991
|
+
{
|
|
4992
|
+
"deprecationReason": null,
|
|
4993
|
+
"description": null,
|
|
4994
|
+
"isDeprecated": false,
|
|
4995
|
+
"name": "DELETED"
|
|
4996
|
+
},
|
|
4997
|
+
{
|
|
4998
|
+
"deprecationReason": null,
|
|
4999
|
+
"description": null,
|
|
5000
|
+
"isDeprecated": false,
|
|
5001
|
+
"name": "MOVED"
|
|
5002
|
+
},
|
|
5003
|
+
{
|
|
5004
|
+
"deprecationReason": null,
|
|
5005
|
+
"description": null,
|
|
5006
|
+
"isDeprecated": false,
|
|
5007
|
+
"name": "UNKNOWN"
|
|
5008
|
+
},
|
|
5009
|
+
{
|
|
5010
|
+
"deprecationReason": null,
|
|
5011
|
+
"description": null,
|
|
5012
|
+
"isDeprecated": false,
|
|
5013
|
+
"name": "DELETED_REBOOT"
|
|
5014
|
+
},
|
|
5015
|
+
{
|
|
5016
|
+
"deprecationReason": null,
|
|
5017
|
+
"description": null,
|
|
5018
|
+
"isDeprecated": false,
|
|
5019
|
+
"name": "PASSWORD_PROTECTED"
|
|
5020
|
+
},
|
|
5021
|
+
{
|
|
5022
|
+
"deprecationReason": null,
|
|
5023
|
+
"description": null,
|
|
5024
|
+
"isDeprecated": false,
|
|
5025
|
+
"name": "MOVED_REBOOT"
|
|
5026
|
+
},
|
|
5027
|
+
{
|
|
5028
|
+
"deprecationReason": null,
|
|
5029
|
+
"description": null,
|
|
5030
|
+
"isDeprecated": false,
|
|
5031
|
+
"name": "NOT_STARTED"
|
|
5032
|
+
},
|
|
5033
|
+
{
|
|
5034
|
+
"deprecationReason": null,
|
|
5035
|
+
"description": null,
|
|
5036
|
+
"isDeprecated": false,
|
|
5037
|
+
"name": "SUCCESS"
|
|
5038
|
+
},
|
|
5039
|
+
{
|
|
5040
|
+
"deprecationReason": null,
|
|
5041
|
+
"description": null,
|
|
5042
|
+
"isDeprecated": false,
|
|
5043
|
+
"name": "REBOOT_REQUIRED"
|
|
5044
|
+
},
|
|
5045
|
+
{
|
|
5046
|
+
"deprecationReason": null,
|
|
5047
|
+
"description": null,
|
|
5048
|
+
"isDeprecated": false,
|
|
5049
|
+
"name": "DISABLED"
|
|
5050
|
+
},
|
|
5051
|
+
{
|
|
5052
|
+
"deprecationReason": null,
|
|
5053
|
+
"description": null,
|
|
5054
|
+
"isDeprecated": false,
|
|
5055
|
+
"name": "DISINFECT_FAILED"
|
|
5056
|
+
}
|
|
5057
|
+
],
|
|
5058
|
+
"fields": null,
|
|
5059
|
+
"inputFields": null,
|
|
5060
|
+
"interfaces": null,
|
|
5061
|
+
"kind": "ENUM",
|
|
5062
|
+
"name": "RemediationStatusEnum",
|
|
5063
|
+
"possibleTypes": null
|
|
5064
|
+
},
|
|
5065
|
+
"indexType": "enum",
|
|
5066
|
+
"kind": [
|
|
5067
|
+
"ENUM"
|
|
5068
|
+
],
|
|
5069
|
+
"name": "RemediationStatusEnum",
|
|
5070
|
+
"non_null": false
|
|
5071
|
+
},
|
|
5072
|
+
"varName": "remediationStatus"
|
|
5073
|
+
},
|
|
5074
|
+
"remediationStatusDetails": {
|
|
5075
|
+
"args": {},
|
|
5076
|
+
"deprecationReason": null,
|
|
5077
|
+
"description": null,
|
|
5078
|
+
"id_str": "story___incident___alerts___resources___remediationStatusDetails",
|
|
5079
|
+
"isDeprecated": false,
|
|
5080
|
+
"name": "remediationStatusDetails",
|
|
5081
|
+
"path": "story.incident.alerts.resources.remediationStatusDetails",
|
|
5082
|
+
"requestStr": "$remediationStatusDetails:String ",
|
|
5083
|
+
"required": false,
|
|
5084
|
+
"responseStr": "remediationStatusDetails:$remediationStatusDetails ",
|
|
5085
|
+
"type": {
|
|
5086
|
+
"kind": [
|
|
5087
|
+
"SCALAR"
|
|
5088
|
+
],
|
|
5089
|
+
"name": "String",
|
|
5090
|
+
"non_null": false
|
|
5091
|
+
},
|
|
5092
|
+
"varName": "remediationStatusDetails"
|
|
5093
|
+
},
|
|
5094
|
+
"roles": {
|
|
5095
|
+
"args": {},
|
|
5096
|
+
"deprecationReason": null,
|
|
5097
|
+
"description": null,
|
|
5098
|
+
"id_str": "story___incident___alerts___resources___roles",
|
|
5099
|
+
"isDeprecated": false,
|
|
5100
|
+
"name": "roles",
|
|
5101
|
+
"path": "story.incident.alerts.resources.roles",
|
|
5102
|
+
"requestStr": "$roles:[ResourceRoleEnum]! ",
|
|
5103
|
+
"required": true,
|
|
5104
|
+
"responseStr": "roles:$roles ",
|
|
5105
|
+
"type": {
|
|
5106
|
+
"definition": {
|
|
5107
|
+
"description": null,
|
|
5108
|
+
"enumValues": [
|
|
5109
|
+
{
|
|
5110
|
+
"deprecationReason": null,
|
|
5111
|
+
"description": null,
|
|
5112
|
+
"isDeprecated": false,
|
|
5113
|
+
"name": "CONTEXTUAL"
|
|
5114
|
+
},
|
|
5115
|
+
{
|
|
5116
|
+
"deprecationReason": null,
|
|
5117
|
+
"description": null,
|
|
5118
|
+
"isDeprecated": false,
|
|
5119
|
+
"name": "SCANNED"
|
|
5120
|
+
},
|
|
5121
|
+
{
|
|
5122
|
+
"deprecationReason": null,
|
|
5123
|
+
"description": null,
|
|
5124
|
+
"isDeprecated": false,
|
|
5125
|
+
"name": "SOURCE"
|
|
5126
|
+
},
|
|
5127
|
+
{
|
|
5128
|
+
"deprecationReason": null,
|
|
5129
|
+
"description": null,
|
|
5130
|
+
"isDeprecated": false,
|
|
5131
|
+
"name": "DESTINATION"
|
|
5132
|
+
},
|
|
5133
|
+
{
|
|
5134
|
+
"deprecationReason": null,
|
|
5135
|
+
"description": null,
|
|
5136
|
+
"isDeprecated": false,
|
|
5137
|
+
"name": "CREATED"
|
|
5138
|
+
},
|
|
5139
|
+
{
|
|
5140
|
+
"deprecationReason": null,
|
|
5141
|
+
"description": null,
|
|
5142
|
+
"isDeprecated": false,
|
|
5143
|
+
"name": "ADDED"
|
|
5144
|
+
},
|
|
5145
|
+
{
|
|
5146
|
+
"deprecationReason": null,
|
|
5147
|
+
"description": null,
|
|
5148
|
+
"isDeprecated": false,
|
|
5149
|
+
"name": "COMPROMISED"
|
|
5150
|
+
},
|
|
5151
|
+
{
|
|
5152
|
+
"deprecationReason": null,
|
|
5153
|
+
"description": null,
|
|
5154
|
+
"isDeprecated": false,
|
|
5155
|
+
"name": "EDITED"
|
|
5156
|
+
},
|
|
5157
|
+
{
|
|
5158
|
+
"deprecationReason": null,
|
|
5159
|
+
"description": null,
|
|
5160
|
+
"isDeprecated": false,
|
|
5161
|
+
"name": "ATTACKED"
|
|
5162
|
+
},
|
|
5163
|
+
{
|
|
5164
|
+
"deprecationReason": null,
|
|
5165
|
+
"description": null,
|
|
5166
|
+
"isDeprecated": false,
|
|
5167
|
+
"name": "ATTACKER"
|
|
5168
|
+
},
|
|
5169
|
+
{
|
|
5170
|
+
"deprecationReason": null,
|
|
5171
|
+
"description": null,
|
|
5172
|
+
"isDeprecated": false,
|
|
5173
|
+
"name": "COMMAND_AND_CONTROL"
|
|
5174
|
+
},
|
|
5175
|
+
{
|
|
5176
|
+
"deprecationReason": null,
|
|
5177
|
+
"description": null,
|
|
5178
|
+
"isDeprecated": false,
|
|
5179
|
+
"name": "LOADED"
|
|
5180
|
+
},
|
|
5181
|
+
{
|
|
5182
|
+
"deprecationReason": null,
|
|
5183
|
+
"description": null,
|
|
5184
|
+
"isDeprecated": false,
|
|
5185
|
+
"name": "SUSPICIOUS"
|
|
5186
|
+
},
|
|
5187
|
+
{
|
|
5188
|
+
"deprecationReason": null,
|
|
5189
|
+
"description": null,
|
|
5190
|
+
"isDeprecated": false,
|
|
5191
|
+
"name": "POLICY_VIOLATOR"
|
|
5192
|
+
}
|
|
5193
|
+
],
|
|
5194
|
+
"fields": null,
|
|
5195
|
+
"inputFields": null,
|
|
5196
|
+
"interfaces": null,
|
|
5197
|
+
"kind": "ENUM",
|
|
5198
|
+
"name": "ResourceRoleEnum",
|
|
5199
|
+
"possibleTypes": null
|
|
5200
|
+
},
|
|
5201
|
+
"indexType": "enum",
|
|
5202
|
+
"kind": [
|
|
5203
|
+
"NON_NULL",
|
|
5204
|
+
"LIST",
|
|
5205
|
+
"NON_NULL",
|
|
5206
|
+
"ENUM"
|
|
5207
|
+
],
|
|
5208
|
+
"name": "ResourceRoleEnum",
|
|
5209
|
+
"non_null": false
|
|
5210
|
+
},
|
|
5211
|
+
"varName": "roles"
|
|
5212
|
+
},
|
|
5213
|
+
"tags": {
|
|
5214
|
+
"args": {},
|
|
5215
|
+
"deprecationReason": null,
|
|
5216
|
+
"description": null,
|
|
5217
|
+
"id_str": "story___incident___alerts___resources___tags",
|
|
5218
|
+
"isDeprecated": false,
|
|
5219
|
+
"name": "tags",
|
|
5220
|
+
"path": "story.incident.alerts.resources.tags",
|
|
5221
|
+
"requestStr": "$tags:[String]! ",
|
|
5222
|
+
"required": true,
|
|
5223
|
+
"responseStr": "tags:$tags ",
|
|
5224
|
+
"type": {
|
|
5225
|
+
"kind": [
|
|
5226
|
+
"NON_NULL",
|
|
5227
|
+
"LIST",
|
|
5228
|
+
"NON_NULL",
|
|
5229
|
+
"SCALAR"
|
|
5230
|
+
],
|
|
5231
|
+
"name": "String",
|
|
5232
|
+
"non_null": false
|
|
5233
|
+
},
|
|
5234
|
+
"varName": "tags"
|
|
5235
|
+
},
|
|
5236
|
+
"value": {
|
|
5237
|
+
"args": {},
|
|
5238
|
+
"deprecationReason": null,
|
|
5239
|
+
"description": null,
|
|
5240
|
+
"id_str": "story___incident___alerts___resources___value",
|
|
5241
|
+
"isDeprecated": false,
|
|
5242
|
+
"name": "value",
|
|
5243
|
+
"path": "story.incident.alerts.resources.value",
|
|
5244
|
+
"requestStr": "$value:String ",
|
|
5245
|
+
"required": false,
|
|
5246
|
+
"responseStr": "value:$value ",
|
|
5247
|
+
"type": {
|
|
5248
|
+
"kind": [
|
|
5249
|
+
"SCALAR"
|
|
5250
|
+
],
|
|
5251
|
+
"name": "String",
|
|
5252
|
+
"non_null": false
|
|
5253
|
+
},
|
|
5254
|
+
"varName": "value"
|
|
5255
|
+
},
|
|
5256
|
+
"valueName": {
|
|
5257
|
+
"args": {},
|
|
5258
|
+
"deprecationReason": null,
|
|
5259
|
+
"description": null,
|
|
5260
|
+
"id_str": "story___incident___alerts___resources___valueName",
|
|
5261
|
+
"isDeprecated": false,
|
|
5262
|
+
"name": "valueName",
|
|
5263
|
+
"path": "story.incident.alerts.resources.valueName",
|
|
5264
|
+
"requestStr": "$valueName:String ",
|
|
5265
|
+
"required": false,
|
|
5266
|
+
"responseStr": "valueName:$valueName ",
|
|
5267
|
+
"type": {
|
|
5268
|
+
"kind": [
|
|
5269
|
+
"SCALAR"
|
|
5270
|
+
],
|
|
5271
|
+
"name": "String",
|
|
5272
|
+
"non_null": false
|
|
5273
|
+
},
|
|
5274
|
+
"varName": "valueName"
|
|
5275
|
+
},
|
|
5276
|
+
"valueType": {
|
|
5277
|
+
"args": {},
|
|
5278
|
+
"deprecationReason": null,
|
|
5279
|
+
"description": null,
|
|
5280
|
+
"id_str": "story___incident___alerts___resources___valueType",
|
|
5281
|
+
"isDeprecated": false,
|
|
5282
|
+
"name": "valueType",
|
|
5283
|
+
"path": "story.incident.alerts.resources.valueType",
|
|
5284
|
+
"requestStr": "$valueType:String ",
|
|
5285
|
+
"required": false,
|
|
5286
|
+
"responseStr": "valueType:$valueType ",
|
|
5287
|
+
"type": {
|
|
5288
|
+
"kind": [
|
|
5289
|
+
"SCALAR"
|
|
5290
|
+
],
|
|
5291
|
+
"name": "String",
|
|
5292
|
+
"non_null": false
|
|
5293
|
+
},
|
|
5294
|
+
"varName": "valueType"
|
|
4736
5295
|
},
|
|
4737
5296
|
"verdict": {
|
|
4738
5297
|
"args": {},
|
|
@@ -4795,7 +5354,7 @@
|
|
|
4795
5354
|
"interfaces": [
|
|
4796
5355
|
{
|
|
4797
5356
|
"kind": "INTERFACE",
|
|
4798
|
-
"name": "
|
|
5357
|
+
"name": "RegistryResource",
|
|
4799
5358
|
"ofType": null
|
|
4800
5359
|
},
|
|
4801
5360
|
{
|
|
@@ -4810,14 +5369,34 @@
|
|
|
4810
5369
|
}
|
|
4811
5370
|
],
|
|
4812
5371
|
"kind": "OBJECT",
|
|
4813
|
-
"name": "
|
|
5372
|
+
"name": "MicrosoftRegistryResource",
|
|
4814
5373
|
"ofType": null,
|
|
4815
5374
|
"possibleTypes": null
|
|
4816
5375
|
},
|
|
4817
5376
|
{
|
|
4818
|
-
"description": "The `
|
|
5377
|
+
"description": "The `MicrosoftNetworkResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
|
|
4819
5378
|
"enumValues": null,
|
|
4820
5379
|
"fields": {
|
|
5380
|
+
"action": {
|
|
5381
|
+
"args": {},
|
|
5382
|
+
"deprecationReason": null,
|
|
5383
|
+
"description": null,
|
|
5384
|
+
"id_str": "story___incident___alerts___resources___action",
|
|
5385
|
+
"isDeprecated": false,
|
|
5386
|
+
"name": "action",
|
|
5387
|
+
"path": "story.incident.alerts.resources.action",
|
|
5388
|
+
"requestStr": "$action:String ",
|
|
5389
|
+
"required": false,
|
|
5390
|
+
"responseStr": "action:$action ",
|
|
5391
|
+
"type": {
|
|
5392
|
+
"kind": [
|
|
5393
|
+
"SCALAR"
|
|
5394
|
+
],
|
|
5395
|
+
"name": "String",
|
|
5396
|
+
"non_null": false
|
|
5397
|
+
},
|
|
5398
|
+
"varName": "action"
|
|
5399
|
+
},
|
|
4821
5400
|
"createdDateTime": {
|
|
4822
5401
|
"args": {},
|
|
4823
5402
|
"deprecationReason": null,
|
|
@@ -4838,17 +5417,17 @@
|
|
|
4838
5417
|
},
|
|
4839
5418
|
"varName": "createdDateTime"
|
|
4840
5419
|
},
|
|
4841
|
-
"
|
|
5420
|
+
"destinationIp": {
|
|
4842
5421
|
"args": {},
|
|
4843
5422
|
"deprecationReason": null,
|
|
4844
5423
|
"description": null,
|
|
4845
|
-
"id_str": "
|
|
5424
|
+
"id_str": "story___incident___alerts___resources___destinationIp",
|
|
4846
5425
|
"isDeprecated": false,
|
|
4847
|
-
"name": "
|
|
4848
|
-
"path": "story.incident.alerts.resources.
|
|
4849
|
-
"requestStr": "$
|
|
5426
|
+
"name": "destinationIp",
|
|
5427
|
+
"path": "story.incident.alerts.resources.destinationIp",
|
|
5428
|
+
"requestStr": "$destinationIp:String ",
|
|
4850
5429
|
"required": false,
|
|
4851
|
-
"responseStr": "
|
|
5430
|
+
"responseStr": "destinationIp:$destinationIp ",
|
|
4852
5431
|
"type": {
|
|
4853
5432
|
"kind": [
|
|
4854
5433
|
"SCALAR"
|
|
@@ -4856,7 +5435,67 @@
|
|
|
4856
5435
|
"name": "String",
|
|
4857
5436
|
"non_null": false
|
|
4858
5437
|
},
|
|
4859
|
-
"varName": "
|
|
5438
|
+
"varName": "destinationIp"
|
|
5439
|
+
},
|
|
5440
|
+
"destinationPort": {
|
|
5441
|
+
"args": {},
|
|
5442
|
+
"deprecationReason": null,
|
|
5443
|
+
"description": null,
|
|
5444
|
+
"id_str": "story___incident___alerts___resources___destinationPort",
|
|
5445
|
+
"isDeprecated": false,
|
|
5446
|
+
"name": "destinationPort",
|
|
5447
|
+
"path": "story.incident.alerts.resources.destinationPort",
|
|
5448
|
+
"requestStr": "$destinationPort:Int ",
|
|
5449
|
+
"required": false,
|
|
5450
|
+
"responseStr": "destinationPort:$destinationPort ",
|
|
5451
|
+
"type": {
|
|
5452
|
+
"kind": [
|
|
5453
|
+
"SCALAR"
|
|
5454
|
+
],
|
|
5455
|
+
"name": "Int",
|
|
5456
|
+
"non_null": false
|
|
5457
|
+
},
|
|
5458
|
+
"varName": "destinationPort"
|
|
5459
|
+
},
|
|
5460
|
+
"dnsRequest": {
|
|
5461
|
+
"args": {},
|
|
5462
|
+
"deprecationReason": null,
|
|
5463
|
+
"description": null,
|
|
5464
|
+
"id_str": "story___incident___alerts___resources___dnsRequest",
|
|
5465
|
+
"isDeprecated": false,
|
|
5466
|
+
"name": "dnsRequest",
|
|
5467
|
+
"path": "story.incident.alerts.resources.dnsRequest",
|
|
5468
|
+
"requestStr": "$dnsRequest:String ",
|
|
5469
|
+
"required": false,
|
|
5470
|
+
"responseStr": "dnsRequest:$dnsRequest ",
|
|
5471
|
+
"type": {
|
|
5472
|
+
"kind": [
|
|
5473
|
+
"SCALAR"
|
|
5474
|
+
],
|
|
5475
|
+
"name": "String",
|
|
5476
|
+
"non_null": false
|
|
5477
|
+
},
|
|
5478
|
+
"varName": "dnsRequest"
|
|
5479
|
+
},
|
|
5480
|
+
"dnsResponse": {
|
|
5481
|
+
"args": {},
|
|
5482
|
+
"deprecationReason": null,
|
|
5483
|
+
"description": null,
|
|
5484
|
+
"id_str": "story___incident___alerts___resources___dnsResponse",
|
|
5485
|
+
"isDeprecated": false,
|
|
5486
|
+
"name": "dnsResponse",
|
|
5487
|
+
"path": "story.incident.alerts.resources.dnsResponse",
|
|
5488
|
+
"requestStr": "$dnsResponse:String ",
|
|
5489
|
+
"required": false,
|
|
5490
|
+
"responseStr": "dnsResponse:$dnsResponse ",
|
|
5491
|
+
"type": {
|
|
5492
|
+
"kind": [
|
|
5493
|
+
"SCALAR"
|
|
5494
|
+
],
|
|
5495
|
+
"name": "String",
|
|
5496
|
+
"non_null": false
|
|
5497
|
+
},
|
|
5498
|
+
"varName": "dnsResponse"
|
|
4860
5499
|
},
|
|
4861
5500
|
"id": {
|
|
4862
5501
|
"args": {},
|
|
@@ -4879,17 +5518,17 @@
|
|
|
4879
5518
|
},
|
|
4880
5519
|
"varName": "id"
|
|
4881
5520
|
},
|
|
4882
|
-
"
|
|
5521
|
+
"method": {
|
|
4883
5522
|
"args": {},
|
|
4884
5523
|
"deprecationReason": null,
|
|
4885
5524
|
"description": null,
|
|
4886
|
-
"id_str": "
|
|
5525
|
+
"id_str": "story___incident___alerts___resources___method",
|
|
4887
5526
|
"isDeprecated": false,
|
|
4888
|
-
"name": "
|
|
4889
|
-
"path": "story.incident.alerts.resources.
|
|
4890
|
-
"requestStr": "$
|
|
5527
|
+
"name": "method",
|
|
5528
|
+
"path": "story.incident.alerts.resources.method",
|
|
5529
|
+
"requestStr": "$method:String ",
|
|
4891
5530
|
"required": false,
|
|
4892
|
-
"responseStr": "
|
|
5531
|
+
"responseStr": "method:$method ",
|
|
4893
5532
|
"type": {
|
|
4894
5533
|
"kind": [
|
|
4895
5534
|
"SCALAR"
|
|
@@ -4897,7 +5536,7 @@
|
|
|
4897
5536
|
"name": "String",
|
|
4898
5537
|
"non_null": false
|
|
4899
5538
|
},
|
|
4900
|
-
"varName": "
|
|
5539
|
+
"varName": "method"
|
|
4901
5540
|
},
|
|
4902
5541
|
"remediationStatus": {
|
|
4903
5542
|
"args": {},
|
|
@@ -5190,80 +5829,60 @@
|
|
|
5190
5829
|
},
|
|
5191
5830
|
"varName": "roles"
|
|
5192
5831
|
},
|
|
5193
|
-
"
|
|
5194
|
-
"args": {},
|
|
5195
|
-
"deprecationReason": null,
|
|
5196
|
-
"description": null,
|
|
5197
|
-
"id_str": "story___incident___alerts___resources___tags",
|
|
5198
|
-
"isDeprecated": false,
|
|
5199
|
-
"name": "tags",
|
|
5200
|
-
"path": "story.incident.alerts.resources.tags",
|
|
5201
|
-
"requestStr": "$tags:[String]! ",
|
|
5202
|
-
"required": true,
|
|
5203
|
-
"responseStr": "tags:$tags ",
|
|
5204
|
-
"type": {
|
|
5205
|
-
"kind": [
|
|
5206
|
-
"NON_NULL",
|
|
5207
|
-
"LIST",
|
|
5208
|
-
"NON_NULL",
|
|
5209
|
-
"SCALAR"
|
|
5210
|
-
],
|
|
5211
|
-
"name": "String",
|
|
5212
|
-
"non_null": false
|
|
5213
|
-
},
|
|
5214
|
-
"varName": "tags"
|
|
5215
|
-
},
|
|
5216
|
-
"value": {
|
|
5832
|
+
"sourcePort": {
|
|
5217
5833
|
"args": {},
|
|
5218
5834
|
"deprecationReason": null,
|
|
5219
5835
|
"description": null,
|
|
5220
|
-
"id_str": "
|
|
5836
|
+
"id_str": "story___incident___alerts___resources___sourcePort",
|
|
5221
5837
|
"isDeprecated": false,
|
|
5222
|
-
"name": "
|
|
5223
|
-
"path": "story.incident.alerts.resources.
|
|
5224
|
-
"requestStr": "$
|
|
5838
|
+
"name": "sourcePort",
|
|
5839
|
+
"path": "story.incident.alerts.resources.sourcePort",
|
|
5840
|
+
"requestStr": "$sourcePort:Int ",
|
|
5225
5841
|
"required": false,
|
|
5226
|
-
"responseStr": "
|
|
5842
|
+
"responseStr": "sourcePort:$sourcePort ",
|
|
5227
5843
|
"type": {
|
|
5228
5844
|
"kind": [
|
|
5229
5845
|
"SCALAR"
|
|
5230
5846
|
],
|
|
5231
|
-
"name": "
|
|
5847
|
+
"name": "Int",
|
|
5232
5848
|
"non_null": false
|
|
5233
5849
|
},
|
|
5234
|
-
"varName": "
|
|
5850
|
+
"varName": "sourcePort"
|
|
5235
5851
|
},
|
|
5236
|
-
"
|
|
5852
|
+
"tags": {
|
|
5237
5853
|
"args": {},
|
|
5238
5854
|
"deprecationReason": null,
|
|
5239
5855
|
"description": null,
|
|
5240
|
-
"id_str": "
|
|
5856
|
+
"id_str": "story___incident___alerts___resources___tags",
|
|
5241
5857
|
"isDeprecated": false,
|
|
5242
|
-
"name": "
|
|
5243
|
-
"path": "story.incident.alerts.resources.
|
|
5244
|
-
"requestStr": "$
|
|
5245
|
-
"required":
|
|
5246
|
-
"responseStr": "
|
|
5858
|
+
"name": "tags",
|
|
5859
|
+
"path": "story.incident.alerts.resources.tags",
|
|
5860
|
+
"requestStr": "$tags:[String]! ",
|
|
5861
|
+
"required": true,
|
|
5862
|
+
"responseStr": "tags:$tags ",
|
|
5247
5863
|
"type": {
|
|
5248
5864
|
"kind": [
|
|
5865
|
+
"NON_NULL",
|
|
5866
|
+
"LIST",
|
|
5867
|
+
"NON_NULL",
|
|
5249
5868
|
"SCALAR"
|
|
5250
5869
|
],
|
|
5251
5870
|
"name": "String",
|
|
5252
5871
|
"non_null": false
|
|
5253
5872
|
},
|
|
5254
|
-
"varName": "
|
|
5873
|
+
"varName": "tags"
|
|
5255
5874
|
},
|
|
5256
|
-
"
|
|
5875
|
+
"url": {
|
|
5257
5876
|
"args": {},
|
|
5258
5877
|
"deprecationReason": null,
|
|
5259
5878
|
"description": null,
|
|
5260
|
-
"id_str": "
|
|
5879
|
+
"id_str": "story___incident___alerts___resources___url",
|
|
5261
5880
|
"isDeprecated": false,
|
|
5262
|
-
"name": "
|
|
5263
|
-
"path": "story.incident.alerts.resources.
|
|
5264
|
-
"requestStr": "$
|
|
5881
|
+
"name": "url",
|
|
5882
|
+
"path": "story.incident.alerts.resources.url",
|
|
5883
|
+
"requestStr": "$url:String ",
|
|
5265
5884
|
"required": false,
|
|
5266
|
-
"responseStr": "
|
|
5885
|
+
"responseStr": "url:$url ",
|
|
5267
5886
|
"type": {
|
|
5268
5887
|
"kind": [
|
|
5269
5888
|
"SCALAR"
|
|
@@ -5271,7 +5890,7 @@
|
|
|
5271
5890
|
"name": "String",
|
|
5272
5891
|
"non_null": false
|
|
5273
5892
|
},
|
|
5274
|
-
"varName": "
|
|
5893
|
+
"varName": "url"
|
|
5275
5894
|
},
|
|
5276
5895
|
"verdict": {
|
|
5277
5896
|
"args": {},
|
|
@@ -5334,12 +5953,12 @@
|
|
|
5334
5953
|
"interfaces": [
|
|
5335
5954
|
{
|
|
5336
5955
|
"kind": "INTERFACE",
|
|
5337
|
-
"name": "
|
|
5956
|
+
"name": "MicrosoftEndpointResource",
|
|
5338
5957
|
"ofType": null
|
|
5339
5958
|
},
|
|
5340
5959
|
{
|
|
5341
5960
|
"kind": "INTERFACE",
|
|
5342
|
-
"name": "
|
|
5961
|
+
"name": "NetworkResource",
|
|
5343
5962
|
"ofType": null
|
|
5344
5963
|
},
|
|
5345
5964
|
{
|
|
@@ -5349,7 +5968,7 @@
|
|
|
5349
5968
|
}
|
|
5350
5969
|
],
|
|
5351
5970
|
"kind": "OBJECT",
|
|
5352
|
-
"name": "
|
|
5971
|
+
"name": "MicrosoftNetworkResource",
|
|
5353
5972
|
"ofType": null,
|
|
5354
5973
|
"possibleTypes": null
|
|
5355
5974
|
}
|
|
@@ -23985,26 +24604,6 @@
|
|
|
23985
24604
|
"description": null,
|
|
23986
24605
|
"enumValues": null,
|
|
23987
24606
|
"fields": {
|
|
23988
|
-
"impact": {
|
|
23989
|
-
"args": {},
|
|
23990
|
-
"deprecationReason": null,
|
|
23991
|
-
"description": null,
|
|
23992
|
-
"id_str": "story___incident___accountOperationIncident___impact",
|
|
23993
|
-
"isDeprecated": false,
|
|
23994
|
-
"name": "impact",
|
|
23995
|
-
"path": "story.incident.accountOperationIncident.impact",
|
|
23996
|
-
"requestStr": "$impact:String ",
|
|
23997
|
-
"required": false,
|
|
23998
|
-
"responseStr": "impact:$impact ",
|
|
23999
|
-
"type": {
|
|
24000
|
-
"kind": [
|
|
24001
|
-
"SCALAR"
|
|
24002
|
-
],
|
|
24003
|
-
"name": "String",
|
|
24004
|
-
"non_null": false
|
|
24005
|
-
},
|
|
24006
|
-
"varName": "impact"
|
|
24007
|
-
},
|
|
24008
24607
|
"incidentTimeline": {
|
|
24009
24608
|
"args": {},
|
|
24010
24609
|
"deprecationReason": null,
|
|
@@ -24360,6 +24959,122 @@
|
|
|
24360
24959
|
"non_null": false
|
|
24361
24960
|
},
|
|
24362
24961
|
"varName": "accountOperationsTimelineBase"
|
|
24962
|
+
},
|
|
24963
|
+
"metadata": {
|
|
24964
|
+
"args": {},
|
|
24965
|
+
"deprecationReason": null,
|
|
24966
|
+
"description": null,
|
|
24967
|
+
"id_str": "story___incident___accountOperationIncident___metadata",
|
|
24968
|
+
"isDeprecated": false,
|
|
24969
|
+
"name": "metadata",
|
|
24970
|
+
"path": "story.incident.accountOperationIncident.metadata",
|
|
24971
|
+
"requestStr": "$accountOperationsMetadata:[AccountOperationsMetadata]! ",
|
|
24972
|
+
"required": true,
|
|
24973
|
+
"responseStr": "metadata:$accountOperationsMetadata ",
|
|
24974
|
+
"type": {
|
|
24975
|
+
"definition": {
|
|
24976
|
+
"description": null,
|
|
24977
|
+
"enumValues": null,
|
|
24978
|
+
"fields": {
|
|
24979
|
+
"key": {
|
|
24980
|
+
"args": {},
|
|
24981
|
+
"deprecationReason": null,
|
|
24982
|
+
"description": null,
|
|
24983
|
+
"id_str": "story___incident___accountOperationIncident___metadata___key",
|
|
24984
|
+
"isDeprecated": false,
|
|
24985
|
+
"name": "key",
|
|
24986
|
+
"path": "story.incident.accountOperationIncident.metadata.key",
|
|
24987
|
+
"requestStr": "$key:String! ",
|
|
24988
|
+
"required": true,
|
|
24989
|
+
"responseStr": "key:$key ",
|
|
24990
|
+
"type": {
|
|
24991
|
+
"kind": [
|
|
24992
|
+
"NON_NULL",
|
|
24993
|
+
"SCALAR"
|
|
24994
|
+
],
|
|
24995
|
+
"name": "String",
|
|
24996
|
+
"non_null": false
|
|
24997
|
+
},
|
|
24998
|
+
"varName": "key"
|
|
24999
|
+
},
|
|
25000
|
+
"type": {
|
|
25001
|
+
"args": {},
|
|
25002
|
+
"deprecationReason": null,
|
|
25003
|
+
"description": null,
|
|
25004
|
+
"id_str": "story___incident___accountOperationIncident___metadata___type",
|
|
25005
|
+
"isDeprecated": false,
|
|
25006
|
+
"name": "type",
|
|
25007
|
+
"path": "story.incident.accountOperationIncident.metadata.type",
|
|
25008
|
+
"requestStr": "$type:MetadataType! ",
|
|
25009
|
+
"required": true,
|
|
25010
|
+
"responseStr": "type:$type ",
|
|
25011
|
+
"type": {
|
|
25012
|
+
"definition": {
|
|
25013
|
+
"description": null,
|
|
25014
|
+
"enumValues": [
|
|
25015
|
+
{
|
|
25016
|
+
"deprecationReason": null,
|
|
25017
|
+
"description": null,
|
|
25018
|
+
"isDeprecated": false,
|
|
25019
|
+
"name": "TXT"
|
|
25020
|
+
}
|
|
25021
|
+
],
|
|
25022
|
+
"fields": null,
|
|
25023
|
+
"inputFields": null,
|
|
25024
|
+
"interfaces": null,
|
|
25025
|
+
"kind": "ENUM",
|
|
25026
|
+
"name": "MetadataType",
|
|
25027
|
+
"possibleTypes": null
|
|
25028
|
+
},
|
|
25029
|
+
"indexType": "enum",
|
|
25030
|
+
"kind": [
|
|
25031
|
+
"NON_NULL",
|
|
25032
|
+
"ENUM"
|
|
25033
|
+
],
|
|
25034
|
+
"name": "MetadataType",
|
|
25035
|
+
"non_null": false
|
|
25036
|
+
},
|
|
25037
|
+
"varName": "type"
|
|
25038
|
+
},
|
|
25039
|
+
"value": {
|
|
25040
|
+
"args": {},
|
|
25041
|
+
"deprecationReason": null,
|
|
25042
|
+
"description": null,
|
|
25043
|
+
"id_str": "story___incident___accountOperationIncident___metadata___value",
|
|
25044
|
+
"isDeprecated": false,
|
|
25045
|
+
"name": "value",
|
|
25046
|
+
"path": "story.incident.accountOperationIncident.metadata.value",
|
|
25047
|
+
"requestStr": "$value:String! ",
|
|
25048
|
+
"required": true,
|
|
25049
|
+
"responseStr": "value:$value ",
|
|
25050
|
+
"type": {
|
|
25051
|
+
"kind": [
|
|
25052
|
+
"NON_NULL",
|
|
25053
|
+
"SCALAR"
|
|
25054
|
+
],
|
|
25055
|
+
"name": "String",
|
|
25056
|
+
"non_null": false
|
|
25057
|
+
},
|
|
25058
|
+
"varName": "value"
|
|
25059
|
+
}
|
|
25060
|
+
},
|
|
25061
|
+
"inputFields": null,
|
|
25062
|
+
"interfaces": [],
|
|
25063
|
+
"kind": "OBJECT",
|
|
25064
|
+
"name": "AccountOperationsMetadata",
|
|
25065
|
+
"possibleTypes": null
|
|
25066
|
+
},
|
|
25067
|
+
"indexType": "object",
|
|
25068
|
+
"kind": [
|
|
25069
|
+
"NON_NULL",
|
|
25070
|
+
"LIST",
|
|
25071
|
+
"NON_NULL",
|
|
25072
|
+
"OBJECT"
|
|
25073
|
+
],
|
|
25074
|
+
"name": "AccountOperationsMetadata",
|
|
25075
|
+
"non_null": false
|
|
25076
|
+
},
|
|
25077
|
+
"varName": "accountOperationsMetadata"
|
|
24363
25078
|
}
|
|
24364
25079
|
},
|
|
24365
25080
|
"inputFields": null,
|
|
@@ -24946,6 +25661,26 @@
|
|
|
24946
25661
|
},
|
|
24947
25662
|
"varName": "lastSignal"
|
|
24948
25663
|
},
|
|
25664
|
+
"occurrences": {
|
|
25665
|
+
"args": {},
|
|
25666
|
+
"deprecationReason": null,
|
|
25667
|
+
"description": null,
|
|
25668
|
+
"id_str": "story___incident___occurrences",
|
|
25669
|
+
"isDeprecated": false,
|
|
25670
|
+
"name": "occurrences",
|
|
25671
|
+
"path": "story.incident.occurrences",
|
|
25672
|
+
"requestStr": "$occurrences:Int ",
|
|
25673
|
+
"required": false,
|
|
25674
|
+
"responseStr": "occurrences:$occurrences ",
|
|
25675
|
+
"type": {
|
|
25676
|
+
"kind": [
|
|
25677
|
+
"SCALAR"
|
|
25678
|
+
],
|
|
25679
|
+
"name": "Int",
|
|
25680
|
+
"non_null": false
|
|
25681
|
+
},
|
|
25682
|
+
"varName": "occurrences"
|
|
25683
|
+
},
|
|
24949
25684
|
"predictedThreatType": {
|
|
24950
25685
|
"args": {},
|
|
24951
25686
|
"deprecationReason": null,
|