BYOTI GraphQL API

On this page: ⫘

Query ⫘

Queries to support searching for customer threat intelligence data

Field ⫘

searchIndicators Type: SearchIndicatorsResponse! ⫘

Query to support searching for indicators using Taegis QL

Arguments ⫘

input Type: SearchIndicatorsInput! ⫘

Field ⫘

getIndicators Type: SearchIndicatorsResponse ⫘

Query indicators using the API. getIndicators will search and return indicators based on provided search parameters. If parameters are empty the query will return any indicators belonging to the caller up to the default of 100 per page.

Arguments ⫘

input Type: GetIndicatorsInput ⫘

Mutation ⫘

Mutations for ingesting or modifying customer threat intelligence data

Field ⫘

upsertSTIXDocuments Type: UpsertIndicatorsResponse! ⫘

Mutation for adding or updating STIX documents as indicators

Arguments ⫘

input Type: [STIXDocumentInput!]! ⫘

Field ⫘

upsertIndicators Type: UpsertIndicatorsResponse! ⫘

Mutation for adding or updating indicators

Arguments ⫘

input Type: [IndicatorInput]! ⫘

Field ⫘

deleteIndicators Type: DeleteIndicatorResponse! ⫘

Mutation for deleting indicators using CQL queries

Arguments ⫘

query Type: String! ⫘

Objects ⫘

ByotiIndicator ⫘

Field ⫘

id Type: ID! ⫘

Field ⫘

object_type Type: ObjectType! ⫘

Field ⫘

object_subtype Type: ObjectSubtype ⫘

Field ⫘

name Type: String! ⫘

Field ⫘

description Type: String ⫘

Field ⫘

tenant_id Type: ID! ⫘

Field ⫘

value Type: String! ⫘

Field ⫘

reference_url Type: String ⫘

Field ⫘

severity Type: Severity ⫘

Field ⫘

source_name Type: String ⫘

Field ⫘

created_at Type: Time! ⫘

Field ⫘

updated_at Type: Time! ⫘

Field ⫘

deleted_at Type: Time ⫘

ByotiRejectedIndicatorResponse ⫘

Field ⫘

value Type: String! ⫘

Field ⫘

reason Type: String! ⫘

DeleteIndicatorResponse ⫘

Response type for the DeleteIndicators mutation

Field ⫘

indicators Type: [ByotiIndicator!] ⫘

Field ⫘

status Type: Boolean! ⫘

SearchIndicatorsResponse ⫘

Response type for the SearchIndicators query

Field ⫘

indicators Type: [ByotiIndicator!] ⫘

A list of indicators returned in response to a query

Field ⫘

page Type: Int! ⫘

Field ⫘

per_page Type: Int! ⫘

Field ⫘

offset Type: Int! ⫘

Field ⫘

total_pages Type: Int! ⫘

Field ⫘

current_entries_returned Type: Int! ⫘

Field ⫘

total_entries_size Type: Int! ⫘

UpsertIndicatorsResponse ⫘

Response type for mutations responsible for creating or updating indicators

Field ⫘

accepted_indicators Type: [ByotiIndicator] ⫘

Field ⫘

rejected_indicators Type: [ByotiRejectedIndicatorResponse] ⫘

Inputs ⫘

GetIndicatorsInput ⫘

Field ⫘

object_type Type: ObjectType ⫘

Filter indicators by object type

Field ⫘

updated_after Type: Time ⫘

Provide a timestamp to filter indicators returned by updated_at >= updated_after

Field ⫘

with_partner_tenants Type: Boolean ⫘

Include additional tenants belonging to the caller

Field ⫘

reference_url Type: String ⫘

Reference_url is the URL describing data about the indicator

Field ⫘

source_name Type: String ⫘

Source_name is the name of the source of the indicator

Field ⫘

severity Type: Severity ⫘

Severity of the indicator in the form INFO, LOW, MEDIUM, HIGH, or CRITICAL

Field ⫘

page Type: Int ⫘

Specify the page to fetch

Field ⫘

per_page Type: Int ⫘

Specify the count of indicators per page

IndicatorInput ⫘

Used as input to the UpsertIndicators mutation

Field ⫘

object_type Type: ObjectType! ⫘

Current supported options: ip, hash, domain, url

Field ⫘

object_subtype Type: ObjectSubtype ⫘

Object_subtypes depend on the object_type

Field ⫘

name Type: String! ⫘

A friendly name for the threat indicator

Field ⫘

description Type: String ⫘

Description of the indicator

Field ⫘

value Type: String! ⫘

The indicator's value

Field ⫘

reference_url Type: String ⫘

Reference_url is the URL describing data about the indicator

Field ⫘

source_name Type: String ⫘

Source_name is the name of the source of the indicator

Field ⫘

severity Type: Severity ⫘

Severity of the indicator in the form INFO, LOW, MEDIUM, HIGH, or CRITICAL

STIXDocumentInput ⫘

Represents a STIX document that's being used as an input to mutations

Field ⫘

type Type: String! ⫘

Current supported type is indicator

Field ⫘

spec_version Type: String ⫘

Current supported version is 2.1 for STIX indicators

Field ⫘

id Type: ID! ⫘

Unique identifier from source, commonly the STIX id

Field ⫘

created Type: Time ⫘

Field ⫘

modified Type: Time ⫘

Field ⫘

name Type: String! ⫘

Name describing the indicator

Field ⫘

description Type: String ⫘

Description of the indicator

Field ⫘

pattern Type: String! ⫘

Pattern is the STIX formatted indicator pattern

Field ⫘

pattern_type Type: String! ⫘

Current supported pattern_type is stix

Field ⫘

severity Type: Severity ⫘

Severity accepts INFO, LOW, MEDIUM, HIGH, or CRITICAL

Field ⫘

source_name Type: String ⫘

Name of the source providing the indicator

Field ⫘

reference_url Type: String ⫘

Reference URL points to a URL describing the indicator

Field ⫘

valid_from Type: Time ⫘

Valid_from sets the time an indicator should take effect

SearchIndicatorsInput ⫘

Input to the SearchIndicators query

Field ⫘

query Type: String! ⫘

Taegis QL query used for searching indicators

Field ⫘

page Type: Int ⫘

Specify the page to fetch

Field ⫘

per_page Type: Int ⫘

Specify the count of indicators per page

Field ⫘

with_partner_tenants Type: Boolean ⫘

Include additional tenants belonging to the caller

Enums ⫘

ObjectSubtype ⫘

ipv4

IPv4 IP type

ipv6

IPv6 IP type

md5

md5 file hash type

sha1

sha1 file hash type

sha256

sha256 file hash type

ObjectType ⫘

domain

Domain name

hash

Accepted file hashes must be md5, sha1, or sha256

Accepted IP address types are ipv4 and ipv6

url

Url address

Severity ⫘

INFO

Information level severity of indicator

LOW

Low level severity of indicator

MEDIUM

Medium level severity of indicator

HIGH

High level severity of indicator

CRITICAL

Critical level severity of indicator

Scalars ⫘

Boolean ⫘

The Boolean scalar type represents true or false.

ID ⫘

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Int ⫘

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.

String ⫘

The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.

Time ⫘

Time implementation for this library.