Query ⫘
Field ⫘
node Type: Node ⫘
Arguments ⫘
id Type: ID! ⫘
Field ⫘
facetsV2 Type: [FacetV2]! ⫘
Retrieve a list of facets for a given endpoint type.
Arguments ⫘
endpointType Type: [EndpointTypeV2!] ⫘
Field ⫘
facetInfoV2 Type: [FacetInfoV2]! ⫘
Get facet info based on a currently selected facet.
Arguments ⫘
facets Type: [String!]! ⫘
Are the facets to retrieve info about.
orderBy Type: FacetInfoOrderByInputV2 ⫘
filter Type: AssetFilter ⫘
Field ⫘
assetsV2 Type: AssetsV2! ⫘
Retrieve assets.
Arguments ⫘
first Type: Int ⫘
Used for forward pagination, limits the results returned.
last Type: Int ⫘
Used for backward pagination, limits the results returned.
after Type: String ⫘
Used for forward pagination: determines where to begin fetching results from.
before Type: String ⫘
Used for backward pagination: determines where to begin fetching results from.
filter Type: AssetFilter ⫘
orderBy Type: AssetSearchOrderByInputV2 ⫘
Field ⫘
exportAssetsV2 Type: AssetsExportOutputV2! ⫘
Retrieve assets in a form coercible into CSV files.
Arguments ⫘
first Type: Int ⫘
Used for forward pagination, limits the results returned.
after Type: String ⫘
Used for forward pagination: determines where to begin fetching results from.
filter Type: AssetFilter ⫘
orderBy Type: AssetSearchOrderByInputV2 ⫘
Field ⫘
tagKeysV2 Type: [String] ⫘
Fetch the tag keys matching the filter criteria.
Arguments ⫘
filter Type: TagFilter ⫘
Field ⫘
tagValuesV2 Type: [String] ⫘
Fetch the tag values matching the filter criteria.
Arguments ⫘
filter Type: TagFilter ⫘
Field ⫘
updateTagsForEndpointStatusV2 Type: TaskInfoPayload! ⫘
Return the status of the updateTagsForEndpointV2 operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
deleteAssetsStatusV2 Type: TaskInfoPayload! ⫘
Return the status of the deleteAssetsV2 operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
restoreAssetsStatusV2 Type: TaskInfoPayload! ⫘
Return the status of the restoreAssetsV2 operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
assignBulkAssetsToGroupStatus Type: TaskInfoPayload! ⫘
Return the status of the assignBulkAssetsToGroup operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
bulkUpdateTagsForEndpointsStatusV2 Type: TaskInfoPayload! ⫘
Return the status of the bulkUpdateTagsForEndpointsV2 operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
bulkDeleteTagsForEndpointsStatusV2 Type: TaskInfoPayload! ⫘
Return the status of the bulkDeleteTagsForEndpointsV2 operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
assignBulkAssetsToInvestigationStatus Type: TaskInfoPayload! ⫘
Return the status of the assignBulkAssetsToInvestigation operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
bulkDeleteInvestigationForEndpointsStatus Type: TaskInfoPayload! ⫘
Return the status of the bulkDeleteInvestigationForEndpoints operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
bulkReconnectNativeAssetsStatus Type: TaskInfoPayload! ⫘
Return the status of the bulkReconnectNativeAssets operation.
Arguments ⫘
id Type: ID! ⫘
Field ⫘
assetDeadPeriod Type: String ⫘
Return the tenant's asset dead period threshold used by the api. The value from the tenants preference api is used if present, otherwise the default of 720h (30 days) is used.
Field ⫘
subjectCanIsolate Type: Boolean! ⫘
Returns whether a subject can isolate an asset for the current tenant context
Mutation ⫘
Field ⫘
updateTagsForEndpointV2 Type: BulkOpPayloadV2 ⫘
Start a job to update the tags for a given endpoint. Use the task ID in the response to poll the updateTagsForEndpointStatusV2 query to determine if the job succeeded.
Note: any tags passed in the input will completely replace the current tags for the endpoint. If the intention is to change/remove a single tag, query the asset first to get the current set of tags for the endpoint, then pass the complete set of tags desired with the changes included.
Arguments ⫘
input Type: UpdateTagsForEndpointInputV2! ⫘
Field ⫘
bulkUpdateTagsForEndpointsV2 Type: BulkOpPayloadV2 ⫘
Start a job to update the tags for multiple endpoints: it does not overwrite tags, it adds the tags in the input to the endpoints. If any endpoints have tags with the same key, but a different value, the value will be updated with the value in the input. Use the task ID in the response to poll the bulkUpdateTagsForEndpointsStatusV2 query to determine if the job succeeded.
Arguments ⫘
input Type: BulkUpdateTagsForEndpointsInputV2! ⫘
Field ⫘
deleteAssetsV2 Type: BulkOpPayloadV2 ⫘
Start a job to "soft" delete the assets matching the filter criteria. Use the task ID in the response to poll the deleteAssetsStatusV2 query to determine if the job succeeded.
Arguments ⫘
input Type: DeleteAssetsInputV2! ⫘
Field ⫘
restoreAssetsV2 Type: BulkOpPayloadV2 ⫘
Start a job to restore assets that were previously deleted and that match the filter criteria. Use the task ID in the response to poll the restoreAssetsStatusV2 query to determine if the job succeeded.
Arguments ⫘
input Type: RestoreAssetsInputV2! ⫘
Field ⫘
assignBulkAssetsToGroup Type: BulkOpPayloadV2 ⫘
Start a job to assign the endpoints matching the filter criteria to the endpoint group in the input. Use the task ID in the response to poll the assignBulkAssetsToGroupStatus query to determine if the job succeeded.
Arguments ⫘
input Type: AssignBulkAssetsToGroupInput! ⫘
Field ⫘
bulkDeleteTagsForEndpointsV2 Type: BulkOpPayloadV2 ⫘
Start a job to delete the provided tags from the endpoints matching the filter criteria in the input. Use the task ID in the response to poll the bulkDeleteTagsForEndpointsStatusV2 query to determine if the job succeeded.
Arguments ⫘
input Type: BulkDeleteTagsForEndpointsInputV2! ⫘
Field ⫘
assignBulkAssetsToInvestigation Type: BulkOpPayloadV2 ⫘
Start a job to assign the endpoints matching the filter criteria to the investigation in the input. Use the task ID in the response to poll the assignBulkAssetsToInvestigationStatus query to determine if the job succeeded.
Arguments ⫘
input Type: AssignBulkAssetsToInvestigationInput! ⫘
Field ⫘
bulkDeleteInvestigationForEndpoints Type: BulkOpPayloadV2 ⫘
Start a job to delete the provided investigation from the endpoints matching the filter criteria in the input. Use the task ID in the response to poll the bulkDeleteInvestigationForEndpointsStatus query to determine if the job succeeded.
Arguments ⫘
input Type: BulkDeleteInvestigationForEndpointsInput! ⫘
Field ⫘
bulkReconnectNativeAssets Type: BulkOpPayloadV2 ⫘
Arguments ⫘
input Type: BulkReconnectNativeAssetsInput! ⫘
Field ⫘
sendIsolate Type: BulkOpPayloadV2 ⫘
Arguments ⫘
input Type: sendIsolate! ⫘
Field ⫘
sendDeisolate Type: BulkOpPayloadV2 ⫘
Arguments ⫘
input Type: sendDeisolate! ⫘
Objects ⫘
AssetV2 ⫘
Represents an asset in the Taegis ecosystem. Assets combine information from programs known as "agents" and the machines they are installed on. Agents emit telemetry to Taegis XDR, and approved ones (the Taegis, RCC, Defender, CrowdStrike, and CarbonBlack agents) are available as assets.
Field ⫘
id Type: ID! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
rn Type: String! ⫘
Field ⫘
tenantId Type: String! ⫘
Field ⫘
sensorTenant Type: String! ⫘
Field ⫘
sensorId Type: String! ⫘
Field ⫘
ingestTime Type: Time ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
deletedAt Type: Time ⫘
Field ⫘
lastSeenAt Type: Time ⫘
Field ⫘
biosSerial Type: String ⫘
Field ⫘
firstDiskSerial Type: String ⫘
Field ⫘
systemVolumeSerial Type: String ⫘
Field ⫘
sensorVersion Type: String ⫘
Field ⫘
endpointType Type: String ⫘
Field ⫘
endpointPlatform Type: String ⫘
Field ⫘
hostnames Type: [HostnameV2!]! ⫘
Field ⫘
ethernetAddresses Type: [EthernetAddressV2!]! ⫘
Field ⫘
ipAddresses Type: [IpAddressV2!]! ⫘
Field ⫘
users Type: [UserV2!]! ⫘
Field ⫘
architecture Type: String ⫘
Field ⫘
osFamily Type: String ⫘
Field ⫘
osVersion Type: String ⫘
Field ⫘
osDistributor Type: String ⫘
Field ⫘
osRelease Type: String ⫘
Field ⫘
systemType Type: String ⫘
Field ⫘
osCodename Type: String ⫘
Field ⫘
kernelRelease Type: String ⫘
Field ⫘
kernelVersion Type: String ⫘
Field ⫘
tags Type: [TagV2!]! ⫘
Field ⫘
connectionStatus Type: String ⫘
Field ⫘
isolationStatus Type: String ⫘
Field ⫘
model Type: String ⫘
Field ⫘
cloudProviderName Type: String ⫘
Field ⫘
cloudInstanceId Type: String ⫘
Field ⫘
endpointGroup Type: EndpointGroupV2 ⫘
Field ⫘
status Type: String ⫘
Field ⫘
investigations Type: [Investigation] ⫘
AssetsExportOutputV2 ⫘
Field ⫘
columnDef Type: [String!]! ⫘
Field ⫘
rows Type: [[String!]!]! ⫘
Field ⫘
totalCount Type: Int ⫘
Field ⫘
pageInfo Type: PageInfoV2 ⫘
AssetsV2 ⫘
Field ⫘
totalCount Type: Int! ⫘
Field ⫘
assets Type: [AssetV2]! ⫘
Field ⫘
pageInfo Type: PageInfoV2 ⫘
BulkOpPayloadV2 ⫘
Field ⫘
id Type: ID! ⫘
Field ⫘
status Type: BulkOpStatusV2! ⫘
EndpointGroupV2 ⫘
Describes the endpoint group information of a Taegis agent asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
name Type: String ⫘
EthernetAddressV2 ⫘
Describes the ethernet address of an asset.
Field ⫘
id Type: ID ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
hostId Type: String ⫘
Field ⫘
mac Type: String! ⫘
FacetFieldInfoV2 ⫘
Describes the details for a given facet.
Field ⫘
field Type: String! ⫘
Field ⫘
count Type: Int ⫘
FacetInfoV2 ⫘
Field ⫘
facet Type: String! ⫘
Field ⫘
fields Type: [FacetFieldInfoV2]! ⫘
FacetV2 ⫘
Describes a facet which can be used to filter assets.
Field ⫘
label Type: String! ⫘
Field ⫘
facet Type: String! ⫘
Field ⫘
searchOnly Type: Boolean! ⫘
HostnameV2 ⫘
Describes the hostname of an asset.
Field ⫘
id Type: ID ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
hostId Type: String ⫘
Field ⫘
hostname Type: String! ⫘
Investigation ⫘
Describes the investigations data associated with an asset.
Field ⫘
id Type: ID! ⫘
IpAddressV2 ⫘
Describes the IP Address of an asset.
Field ⫘
id Type: ID ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
ip Type: String! ⫘
Field ⫘
hostId Type: String ⫘
PageInfoV2 ⫘
Describes the fields to support forward and backward pagination.
The API defaults to forward pagination. Sending a mix of forward and backward pagination arguments should be avoided: if arguments are a mix of forward and backward pagination, any arguments pertaining to backward pagination will be ignored, and only the arguments that relate to forward pagination will be used.
Field ⫘
endCursor Type: String ⫘
Is passed to after
to support forward pagination.
Field ⫘
startCursor Type: String ⫘
Is passed to before
to support backward pagination.
Field ⫘
hasNextPage Type: Boolean! ⫘
Is used to determine if there are more results to fetch during forward pagination.
When using backward pagination this will be false, even if there are results from a previously fetched page.
Field ⫘
hasPreviousPage Type: Boolean! ⫘
Is used to determine if there are more results to fetch during backward pagination.
When using forward pagination this will be false, even if there are results from a previously viewed page.
TagV2 ⫘
Describes the tag data associated with an asset.
Field ⫘
id Type: ID! ⫘
Field ⫘
hostId Type: String! ⫘
Field ⫘
tenantId Type: String! ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
tag Type: String! ⫘
Field ⫘
key Type: String! ⫘
Field ⫘
value Type: String ⫘
TaskInfoMetadata ⫘
Field ⫘
numEndpoints Type: Int! ⫘
Field ⫘
numSucceeded Type: Int! ⫘
Field ⫘
numFailed Type: Int! ⫘
Field ⫘
syncSucceeded Type: Boolean ⫘
TaskInfoPayload ⫘
Field ⫘
id Type: ID! ⫘
Field ⫘
status Type: BulkOpStatusV2! ⫘
Field ⫘
metadata Type: TaskInfoMetadata ⫘
UserV2 ⫘
Describes the user of an asset.
Field ⫘
id Type: ID ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
hostId Type: String ⫘
Field ⫘
username Type: String! ⫘
Inputs ⫘
AssetFilter ⫘
Is the mechanism that filters asset results returned from a query, or filters the assets selected for mutations.
Field ⫘
endpointTypes Type: [EndpointTypeV2] ⫘
Field ⫘
assetState Type: [AssetState] ⫘
Field ⫘
where Type: AssetWhereInputV2 ⫘
AssetWhereInputV2 ⫘
Field ⫘
and Type: [AssetWhereInputV2] ⫘
Field ⫘
or Type: [AssetWhereInputV2] ⫘
Field ⫘
not Type: AssetWhereInputV2 ⫘
Field ⫘
id Type: ID ⫘
Field ⫘
connectionStatus Type: String ⫘
Field ⫘
groupName Type: String ⫘
Field ⫘
groupName_contains Type: String ⫘
Field ⫘
hostId Type: String ⫘
Field ⫘
hostId_contains Type: String ⫘
Field ⫘
hostname Type: String ⫘
Field ⫘
hostname_contains Type: String ⫘
Field ⫘
investigationId Type: String ⫘
Field ⫘
investigationId_contains Type: String ⫘
Field ⫘
ipAddress Type: String ⫘
Field ⫘
ipAddress_contains Type: String ⫘
Field ⫘
isolationStatus Type: String ⫘
Field ⫘
macAddress Type: String ⫘
Field ⫘
macAddress_contains Type: String ⫘
Field ⫘
osDistributor Type: String ⫘
Field ⫘
osFamily Type: String ⫘
Field ⫘
osVersion Type: String ⫘
Field ⫘
sensorVersion Type: String ⫘
Field ⫘
systemType Type: String ⫘
Field ⫘
tags Type: TagWhereInputV2 ⫘
Field ⫘
tags_contains Type: TagWhereInputV2 ⫘
Field ⫘
username Type: String ⫘
Field ⫘
username_contains Type: String ⫘
AssignBulkAssetsToGroupInput ⫘
Field ⫘
groupId Type: String! ⫘
Field ⫘
filter Type: AssetFilter! ⫘
AssignBulkAssetsToInvestigationInput ⫘
Field ⫘
investigationId Type: String! ⫘
Field ⫘
filter Type: AssetFilter! ⫘
BulkDeleteInvestigationForEndpointsInput ⫘
Field ⫘
filter Type: AssetFilter! ⫘
Field ⫘
investigationId Type: String! ⫘
BulkDeleteTagsForEndpointsInputV2 ⫘
Field ⫘
filter Type: AssetFilter! ⫘
Field ⫘
tagKeys Type: [String!]! ⫘
BulkReconnectNativeAssetsInput ⫘
Field ⫘
where Type: AssetWhereInputV2! ⫘
Field ⫘
reason Type: String! ⫘
BulkUpdateTagsForEndpointsInputV2 ⫘
Field ⫘
filter Type: AssetFilter! ⫘
Field ⫘
tags Type: [KVTagInputV2!]! ⫘
DeleteAssetsInputV2 ⫘
Field ⫘
filter Type: AssetFilter! ⫘
KVTagInputV2 ⫘
Is the key/value format tag input to the asset tagging mutations.
Field ⫘
key Type: String! ⫘
Field ⫘
value Type: String! ⫘
RestoreAssetsInputV2 ⫘
Field ⫘
filter Type: AssetFilter! ⫘
TagFilter ⫘
Is used to filter the results of the tagKeysV2 and tagValuesV2 queries.
Field ⫘
endpointTypes Type: [EndpointTypeV2] ⫘
Field ⫘
where Type: TagWhereInputV2 ⫘
TagWhereInputV2 ⫘
Filters the tag keys/values as part of the TagFilter input.
Field ⫘
key Type: String ⫘
Field ⫘
key_contains Type: String ⫘
Field ⫘
value Type: String ⫘
Field ⫘
value_contains Type: String ⫘
Field ⫘
tag Type: String ⫘
Field ⫘
tag_contains Type: String ⫘
UpdateTagsForEndpointInputV2 ⫘
Field ⫘
endpointId Type: ID! ⫘
Field ⫘
tags Type: [KVTagInputV2]! ⫘
Enums ⫘
AssetSearchOrderByInputV2 ⫘
Determines the order of asset results returned.
os_version_asc
os_version_desc
created_at_asc
created_at_desc
updated_at_asc
updated_at_desc
os_family_asc
os_family_desc
os_distributor_asc
os_distributor_desc
sensor_version_asc
sensor_version_desc
hostname_asc
hostname_desc
connection_status_asc
connection_status_desc
isolation_status_asc
isolation_status_desc
ip_address_asc
ip_address_desc
endpoint_type_asc
endpoint_type_desc
last_seen_asc
last_seen_desc
ethernet_addresses_asc
ethernet_addresses_desc
system_type_asc
system_type_desc
group_asc
group_desc
tag_key_asc
tag_key_desc
tag_value_asc
tag_value_desc
tag_asc
tag_desc
AssetState ⫘
Describes the current state of the asset.
All
Archived
Active
Unhealthy
BulkOpStatusV2 ⫘
Represents the possible states of a mutation.
TASK_STATE_PENDING
TASK_STATE_FAILED
TASK_STATE_COMPLETED
TASK_STATE_IN_PROGRESS
EndpointTypeV2 ⫘
Represents the different endpoint types supported by the API.
ENDPOINT_REDCLOAK
ENDPOINT_TAEGIS
ENDPOINT_CROWD_STRIKE
ENDPOINT_CARBON_BLACK_PSC
ENDPOINT_MICROSOFT_ATP
ENDPOINT_SENTINELONE
FacetInfoOrderByInputV2 ⫘
Determines the ordering of the facet info results.
count_desc
count_asc
Scalars ⫘
Boolean ⫘
The Boolean
scalar type represents true
or false
.
ID ⫘
The ID
scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4"
) or integer (such as 4
) input value will be accepted as an ID.
Int ⫘
The Int
scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
String ⫘
The String
scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Time ⫘
The default time implementation for this library.
Interfaces ⫘
Node ⫘
Field ⫘
id Type: ID! ⫘