Query ⫘
Red Cloak TDR uses GraphQL queries, which can either be a read (Query) or a write (Mutation) operation. A GraphQL query is used to read or fetch values; mutations write or post values. Responses are provided in a JSON format.
Field ⫘
node Type: Node ⫘
Arguments ⫘
id Type: ID! ⫘
Field ⫘
tag Type: Tag! ⫘
Gen an asset tag by id
Arguments ⫘
id Type: ID! ⫘
Field ⫘
asset Type: Asset! ⫘
Get an asset by id
Arguments ⫘
id Type: ID! ⫘
Field ⫘
assetsByTag Type: [Asset!]! ⫘
Get a list of assets with tag
Arguments ⫘
tags Type: [String!]! ⫘
Field ⫘
allUniqueTags Type: [String!]! ⫘
Get a list of all unique tags
Field ⫘
assetEndpointInfo Type: EndpointInfo! ⫘
Get RedCloak endpoint info by id
Arguments ⫘
id Type: ID! ⫘
Field ⫘
assetEndpointInfoV2 Type: EndpointInfo! ⫘
Get RedCloak endpoint info by id with TDR module health
Arguments ⫘
id Type: ID! ⫘
Field ⫘
allAssets Type: AssetsResult ⫘
Get a list of assets
Arguments ⫘
offset Type: Int ⫘
limit Type: Int ⫘
order_by Type: AssetsOrderByInput ⫘
order_direction Type: AssetsOrderDirectionInput ⫘
filter_asset_state Type: AssetStateFilter ⫘
only_most_recent Type: Boolean ⫘
Field ⫘
allAssetsExport Type: AssetsResult ⫘
Get a list of assets for export to CSV
Arguments ⫘
offset Type: Int ⫘
limit Type: Int ⫘
Field ⫘
assetCount Type: AssetCounts! ⫘
Count of assets of a specific endpoint_type
Arguments ⫘
endpoint_type Type: AgentType ⫘
Field ⫘
assetCountGroupByEndpointType Type: [AssetCountsByEndpointType!]! ⫘
Important
assetCountGroupByEndpointType does not return data for Taegis Endpoint Agents. Use facetInfoV2 with the Endpoint Assets GraphQL API to return data for all endpoint types instead.
Count of assets grouped by endpoint_type
Field ⫘
allAssetsCount Type: AssetCounts! ⫘
Count of all assets
Field ⫘
assetsByIds Type: [Asset!]! ⫘
Bulk lookup by ids
Arguments ⫘
ids Type: [ID!] ⫘
Field ⫘
assetsByHostIds Type: [Asset!]! ⫘
Bulk lookup by hostIds
Arguments ⫘
hostIds Type: [String!] ⫘
Field ⫘
assetsByIpAddresses Type: [Asset!]! ⫘
Bulk lookup by ipAddress
Arguments ⫘
ipAddresses Type: [String!] ⫘
Field ⫘
allAssetHistories Type: [AssetHistory!]! ⫘
Get a list of asset histories for the tenant
Arguments ⫘
offset Type: Int ⫘
limit Type: Int ⫘
Field ⫘
assetRedCloakHistories Type: [AssetRedCloakHistory!]! ⫘
Get history of actions on an asset by id (includes RedCloack history)
Arguments ⫘
id Type: ID! ⫘
offset Type: Int ⫘
limit Type: Int ⫘
Field ⫘
searchAssets Type: AssetsResult ⫘
search assets. Soon to be deprecated
Arguments ⫘
offset Type: Int ⫘
limit Type: Int ⫘
hostname Type: String ⫘
host_id Type: String ⫘
ip_address Type: String ⫘
mac_address Type: String ⫘
os_version Type: String ⫘
os_family Type: String ⫘
os_distributor Type: String ⫘
sensor_version Type: String ⫘
username Type: String ⫘
endpoint_type Type: String ⫘
tag Type: String ⫘
host_id_partial_match Type: Boolean ⫘
only_most_recent Type: Boolean ⫘
order_by Type: AssetsOrderByInput ⫘
order_direction Type: AssetsOrderDirectionInput ⫘
or_search Type: Boolean ⫘
filter_asset_state Type: AssetStateFilter ⫘
Field ⫘
searchAssetsV2 Type: AssetsResult ⫘
search assets v2
Arguments ⫘
input Type: SearchAssetsInput! ⫘
paginationInput Type: SearchAssetsPaginationInput ⫘
Field ⫘
exportSearchAssets Type: AssetsExportOutput ⫘
export search assets results
Arguments ⫘
input Type: SearchAssetsInput! ⫘
paginationInput Type: SearchAssetsPaginationInput ⫘
legacy Type: Boolean ⫘
Field ⫘
facets Type: [Facet]! ⫘
retrieve a list of facets for a given endpoint type
Field ⫘
facetInfo Type: [FacetInfo]! ⫘
get facet info based on a currently selected facet
Arguments ⫘
facets Type: [String!]! ⫘
orderBy Type: FacetInfoOrderByInput ⫘
where Type: AssetWhereInput ⫘
Field ⫘
assets Type: Assets! ⫘
retrieve assets
Arguments ⫘
first Type: Int ⫘
last Type: Int ⫘
after Type: String ⫘
before Type: String ⫘
where Type: AssetWhereInput ⫘
orderBy Type: AssetSearchOrderByInput ⫘
Field ⫘
assetsBySession Type: [Asset!]! ⫘
Return a list of assets for multiple tenants
Arguments ⫘
arguments Type: AssetsBySessionArguments! ⫘
Mutation ⫘
Mutations in GraphQL enable you to modify data. For the Red Cloak TDR Alerts GraphQL API, mutations allow you to create alerts and input information into alerts. For more information on GraphQL mutations see Mutation and Input Types.
Field ⫘
isolateAsset Type: Asset! ⫘
Isolate an asset by id
Arguments ⫘
id Type: ID! ⫘
reason Type: String! ⫘
Field ⫘
sendIsolate Type: Asset! ⫘
Arguments ⫘
id Type: ID! ⫘
reason Type: String! ⫘
Field ⫘
sendDeisolate Type: Asset! ⫘
Arguments ⫘
id Type: ID! ⫘
reason Type: String! ⫘
Field ⫘
integrateAsset Type: Asset! ⫘
Integrate an asset by id
Arguments ⫘
id Type: ID! ⫘
reason Type: String! ⫘
Field ⫘
deleteAssets Type: Boolean ⫘
Delete or un-delete asset
Arguments ⫘
ids Type: [ID!]! ⫘
undelete Type: Boolean ⫘
Field ⫘
createAssetTag Type: Tag! ⫘
Create a new tag for an asset
Arguments ⫘
hostId Type: String! ⫘
tag Type: String! ⫘
Field ⫘
updateAssetTag Type: Tag! ⫘
Updates a tag for an asset
Arguments ⫘
id Type: ID! ⫘
tag Type: String! ⫘
Field ⫘
deleteAssetTag Type: Tag ⫘
Deletes a tag for an asset
Arguments ⫘
id Type: ID! ⫘
Field ⫘
updateAsset Type: Asset! ⫘
Arguments ⫘
assetInput Type: AssetInput ⫘
Field ⫘
addInvestigationAssets Type: [Asset!]! ⫘
add investigation assets relation for the list of host_ids and return the asset ids
Arguments ⫘
hostIds Type: [String] ⫘
assetIds Type: [String] ⫘
investigationId Type: String! ⫘
Field ⫘
removeInvestigationAssets Type: Boolean! ⫘
remove investigation assets relation
Arguments ⫘
assetIds Type: [String!] ⫘
investigationId Type: String! ⫘
Objects ⫘
Asset ⫘
Describes an Asset in Red Cloak TDR.
Field ⫘
id Type: ID! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
rn Type: String! ⫘
Field ⫘
tenantId Type: String! ⫘
Field ⫘
sensorTenant Type: String! ⫘
Field ⫘
sensorId Type: String! ⫘
Field ⫘
ingestTime Type: Time! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
deletedAt Type: Time ⫘
Field ⫘
biosSerial Type: String ⫘
Field ⫘
firstDiskSerial Type: String ⫘
Field ⫘
systemVolumeSerial Type: String ⫘
Field ⫘
sensorVersion Type: String ⫘
Field ⫘
endpointType Type: String ⫘
Field ⫘
endpointPlatform Type: String ⫘
Field ⫘
hostnames Type: [Hostname!]! ⫘
Field ⫘
ethernetAddresses Type: [EthernetAddress!]! ⫘
Field ⫘
ipAddresses Type: [IpAddress!]! ⫘
Field ⫘
users Type: [User!]! ⫘
Field ⫘
architecture Type: String ⫘
Field ⫘
osFamily Type: String ⫘
Field ⫘
osVersion Type: String ⫘
Field ⫘
osDistributor Type: String ⫘
Field ⫘
osRelease Type: String ⫘
Field ⫘
systemType Type: String ⫘
Field ⫘
osCodename Type: String ⫘
Field ⫘
kernelRelease Type: String ⫘
Field ⫘
kernelVersion Type: String ⫘
Field ⫘
tags Type: [Tag!]! ⫘
Field ⫘
connectionStatus Type: String ⫘
Field ⫘
model Type: String ⫘
Field ⫘
cloudProviderName Type: String ⫘
Field ⫘
cloudInstanceId Type: String ⫘
Field ⫘
endpointGroup Type: EndpointGroup ⫘
Field ⫘
status Type: String ⫘
AssetCounts ⫘
Count of assets
Field ⫘
count Type: Int! ⫘
AssetCountsByEndpointType ⫘
Field ⫘
endpointType Type: String! ⫘
Field ⫘
count Type: Int! ⫘
AssetHistory ⫘
Describes the history of an asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
assetId Type: ID! ⫘
Field ⫘
tenantId Type: String! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
action Type: String! ⫘
Field ⫘
who Type: String! ⫘
Field ⫘
reason Type: String! ⫘
AssetHistoryContact ⫘
Describes the contact of an asset history.
Field ⫘
email Type: String ⫘
Field ⫘
name Type: String ⫘
Field ⫘
sub Type: String ⫘
AssetHistoryEvent ⫘
Describes the event of an asset history.
Field ⫘
domainName Type: String ⫘
Field ⫘
hostName Type: String ⫘
AssetHistoryId ⫘
Contains the host id and instance id of an asset history.
Field ⫘
hostId Type: String ⫘
Field ⫘
instanceId Type: String ⫘
AssetRedCloakHistory ⫘
Describes the Red Cloak agent history of an asset.
Field ⫘
action Type: String ⫘
Field ⫘
allowedDomain Type: [String] ⫘
Field ⫘
assetId Type: String ⫘
Field ⫘
contact Type: AssetHistoryContact ⫘
Field ⫘
createdAt Type: String ⫘
Field ⫘
event Type: AssetHistoryEvent ⫘
Field ⫘
id Type: AssetHistoryId ⫘
Field ⫘
reason Type: String ⫘
Field ⫘
tenantId Type: String ⫘
Assets ⫘
Field ⫘
totalCount Type: Int! ⫘
Field ⫘
assets Type: [Asset]! ⫘
Field ⫘
pageInfo Type: PageInfo ⫘
AssetsExportOutput ⫘
Field ⫘
columnDef Type: [String!]! ⫘
Field ⫘
rows Type: [[String!]!]! ⫘
Field ⫘
totalCount Type: Int ⫘
AssetsResult ⫘
Describes the return type of the AllAssets and SearchAssets queries.
Field ⫘
totalResults Type: Int! ⫘
Field ⫘
offset Type: Int! ⫘
Field ⫘
limit Type: Int! ⫘
Field ⫘
assets Type: [Asset!]! ⫘
EndpointGroup ⫘
Describes the endpoint group information of a asset.
Field ⫘
id Type: ID! ⫘
EndpointInfo ⫘
Describes the endpoint information of a Red Cloak agent asset.
Field ⫘
actualIsolationStatus Type: Boolean ⫘
Field ⫘
allowedDomain Type: [String] ⫘
Field ⫘
color Type: String ⫘
Field ⫘
desiredIsolationStatus Type: Boolean ⫘
Field ⫘
firstConnectTime Type: String ⫘
Field ⫘
hostId Type: String ⫘
Field ⫘
hostName Type: String ⫘
Field ⫘
ignitionDetails Type: IgnitionDetails ⫘
Field ⫘
lastConnectAddress Type: String ⫘
Field ⫘
lastConnectServer Type: String ⫘
Field ⫘
lastConnectTime Type: String ⫘
Field ⫘
lastCrashCheck Type: String ⫘
Field ⫘
lastModuleStatusTime Type: String ⫘
Field ⫘
lastPredicateAuthtap Type: String ⫘
Field ⫘
lastPredicateCyclorama Type: String ⫘
Field ⫘
lastPredicateEntwine Type: String ⫘
Field ⫘
lastPredicateGroundling Type: String ⫘
Field ⫘
lastPredicateHostel Type: String ⫘
Field ⫘
lastPredicateLacuna Type: String ⫘
Field ⫘
lastPredicateMukluk Type: String ⫘
Field ⫘
lastPredicatePeriodicscanControl Type: String ⫘
Field ⫘
lastPredicatePeriodicscanResult Type: String ⫘
Field ⫘
lastPredicateProcwall Type: String ⫘
Field ⫘
lastPredicateSystemInformation Type: String ⫘
Field ⫘
moduleHealth Type: [ModuleHealth] ⫘
Field ⫘
moduleStatus Type: [ModuleStatus] ⫘
Field ⫘
notableEventCount Type: Int ⫘
Field ⫘
sensorVersion Type: Int ⫘
Field ⫘
systemInformation Type: SystemInformation ⫘
Field ⫘
moduleHealthV2 Type: [ModuleHealthV2] ⫘
EthernetAddress ⫘
Describes the ethernet address of an asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
mac Type: String! ⫘
Facet ⫘
Field ⫘
label Type: String! ⫘
Field ⫘
facet Type: String! ⫘
Field ⫘
searchOnly Type: Boolean! ⫘
FacetFieldInfo ⫘
Field ⫘
field Type: String! ⫘
Field ⫘
count Type: Int ⫘
FacetInfo ⫘
Field ⫘
facet Type: String! ⫘
Field ⫘
fields Type: [FacetFieldInfo]! ⫘
Hostname ⫘
Describes the hostname of an asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
hostname Type: String! ⫘
IgnitionDetails ⫘
Describes the ignition details of a Red Cloak agent asset.
Field ⫘
isEndpointConfigExist Type: Boolean ⫘
Field ⫘
requestStatus Type: String ⫘
IpAddress ⫘
Describes the IP Address of an asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
ip Type: String! ⫘
Field ⫘
hostId Type: String! ⫘
ModuleHealth ⫘
Describes the ModuleHealth of a Red Cloak agent asset.
Field ⫘
enabled Type: String ⫘
Field ⫘
lastPredicateTime Type: String ⫘
Field ⫘
lastRunningTime Type: String ⫘
Field ⫘
moduleColor Type: String ⫘
Field ⫘
moduleDisplayName Type: String ⫘
ModuleHealthV2 ⫘
Describes the module event processing time of a Red Cloak agent asset on TDR.
Field ⫘
lastEventProcessingTime Type: Time ⫘
Field ⫘
moduleName Type: String ⫘
ModuleStatus ⫘
Describes the module status of a Red Cloak agent asset.
Field ⫘
enabled Type: Boolean ⫘
Field ⫘
moduleName Type: String ⫘
Field ⫘
moduleState Type: String ⫘
PageInfo ⫘
Field ⫘
endCursor Type: String ⫘
Field ⫘
startCursor Type: String ⫘
Field ⫘
hasNextPage Type: Boolean! ⫘
Field ⫘
hasPreviousPage Type: Boolean! ⫘
SystemInformation ⫘
Describes the system information of a Red Cloak agent asset.
Field ⫘
architecture Type: String ⫘
Field ⫘
biosSerial Type: String ⫘
Field ⫘
ethernetAddress Type: [String] ⫘
Field ⫘
firstDiskSerial Type: String ⫘
Field ⫘
hostName Type: String ⫘
Field ⫘
ipAddress Type: [String] ⫘
Field ⫘
isServerR2For2003And2008 Type: Boolean ⫘
Field ⫘
productType Type: String ⫘
Field ⫘
redcloakVersion Type: Int ⫘
Field ⫘
servicePack Type: String ⫘
Field ⫘
systemVolumeSerial Type: String ⫘
Field ⫘
windowsVersion Type: String ⫘
Tag ⫘
Describes the tag data associated with an asset
Field ⫘
id Type: ID! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
tenantId Type: String! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
tag Type: String! ⫘
UpdateTag ⫘
Describes the tag data associated with an asset
Field ⫘
id Type: ID! ⫘
Field ⫘
tenantId Type: String! ⫘
Field ⫘
tag Type: String! ⫘
User ⫘
Describes the user of an asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
username Type: String! ⫘
Inputs ⫘
AssetInput ⫘
Describes the input of Asset data for creating an Asset Tag
Field ⫘
id Type: ID! ⫘
Field ⫘
tags Type: [String!]! ⫘
AssetWhereInput ⫘
Field ⫘
and Type: [AssetWhereInput] ⫘
Field ⫘
or Type: [AssetWhereInput] ⫘
Field ⫘
not Type: AssetWhereInput ⫘
Field ⫘
id Type: ID ⫘
Field ⫘
hostname Type: String ⫘
Field ⫘
hostname_contains Type: String ⫘
Field ⫘
hostId Type: String ⫘
Field ⫘
hostId_contains Type: String ⫘
Field ⫘
ipAddress Type: String ⫘
Field ⫘
ipAddress_contains Type: String ⫘
Field ⫘
macAddress Type: String ⫘
Field ⫘
macAddress_contains Type: String ⫘
Field ⫘
osVersion Type: String ⫘
Field ⫘
osFamily Type: String ⫘
Field ⫘
osDistributor Type: String ⫘
Field ⫘
sensorVersion Type: String ⫘
Field ⫘
systemType Type: String ⫘
Field ⫘
endpointType Type: String ⫘
Field ⫘
filterAssetState Type: AssetStateFilter ⫘
Field ⫘
username Type: String ⫘
Field ⫘
username_contains Type: String ⫘
Field ⫘
tag Type: String ⫘
Field ⫘
tag_contains Type: String ⫘
AssetsBySessionArguments ⫘
Field ⫘
key Type: String! ⫘
Field ⫘
offset Type: Int ⫘
Field ⫘
limit Type: Int ⫘
SearchAssetsInput ⫘
Field ⫘
hostname Type: String ⫘
Field ⫘
host_id Type: String ⫘
Field ⫘
ip_address Type: String ⫘
Field ⫘
mac_address Type: String ⫘
Field ⫘
os_version Type: String ⫘
Field ⫘
os_family Type: String ⫘
Field ⫘
os_distributor Type: String ⫘
Field ⫘
sensor_version Type: String ⫘
Field ⫘
username Type: String ⫘
Field ⫘
endpoint_type Type: String ⫘
Field ⫘
tag Type: String ⫘
Field ⫘
host_id_partial_match Type: Boolean ⫘
Field ⫘
only_most_recent Type: Boolean ⫘
Field ⫘
or_search Type: Boolean ⫘
Field ⫘
filter_asset_state Type: AssetStateFilter ⫘
Field ⫘
investigation_id Type: String ⫘
SearchAssetsPaginationInput ⫘
Field ⫘
offset Type: Int ⫘
Field ⫘
limit Type: Int ⫘
Field ⫘
order_by Type: AssetsOrderByInput ⫘
Field ⫘
order_direction Type: AssetsOrderDirectionInput ⫘
Enums ⫘
AgentType ⫘
Type of Red Cloak endpoint agent.
ENDPOINT_REDCLOAK
ENDPOINT_CARBON_BLACK
ENDPOINT_CROWD_STRIKE
ENDPOINT_MICROSOFT_ATP
ENDPOINT_CARBON_BLACK_PSC
AssetSearchOrderByInput ⫘
os_version_asc
os_version_desc
created_at_asc
created_at_desc
updated_at_asc
updated_at_desc
os_family_asc
os_family_desc
os_distributor_asc
os_distributor_desc
sensor_version_asc
sensor_version_desc
AssetStateFilter ⫘
All
Deleted
Active
Unhealthy
AssetsOrderByInput ⫘
Describes the enums available for the ordering of the AllAssets and SearchAssets queries.
hostname
ip_address
mac_address
tag
username
os_version
endpoint_type
created_at
updated_at
deleted_at
os_family
os_distributor
sensor_version
AssetsOrderDirectionInput ⫘
Describes the order direction available for the order field of the AllAssets and SearchAssets queries.
asc
desc
EndpointType ⫘
ENDPOINT_REDCLOAK
ENDPOINT_THIRD_PARTY
FacetInfoOrderByInput ⫘
count_desc
count_asc
Scalars ⫘
Boolean ⫘
The Boolean scalar type represents true or false.
ID ⫘
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Int ⫘
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
String ⫘
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Time ⫘
Default time implementation for this library.
Interfaces ⫘
Node ⫘
Field ⫘
id Type: ID! ⫘