Query ⫘
This XDR API is based on GraphQL, which can either be a read (Query) or a write (Mutation) operation. A GraphQL query is used to read or fetch values; mutations write or post values. Responses are provided in a JSON format.
Field ⫘
node Type: Node ⫘
Arguments ⫘
id Type: ID! ⫘
Field ⫘
playbook Type: Playbook ⫘
Arguments ⫘
playbookId Type: ID! ⫘
Field ⫘
playbooks Type: Playbook! ⫘
Arguments ⫘
categoryId Type: ID ⫘
tags Type: Tags ⫘
Field ⫘
playbookInstance Type: PlaybookInstance ⫘
Arguments ⫘
playbookInstanceId Type: ID! ⫘
Field ⫘
playbookInstances Type: PlaybookInstance! ⫘
Arguments ⫘
playbookId Type: ID ⫘
tags Type: Tags ⫘
connections Type: IDs ⫘
Field ⫘
playbookInstancesV2 Type: PlaybookInstance! ⫘
Arguments ⫘
playbookInstancesArguments Type: PlaybookInstancesArguments! ⫘
Field ⫘
playbookExecution Type: PlaybookExecution ⫘
Arguments ⫘
playbookExecutionId Type: ID! ⫘
Field ⫘
playbookExecutions Type: PlaybookExecutions ⫘
Arguments ⫘
playbookInstanceId Type: ID! ⫘
pagination Type: Pagination ⫘
Field ⫘
playbookExecutionsV2 Type: PlaybookExecutionsV2 ⫘
Arguments ⫘
arguments Type: PlaybookExecutionsV2Arguments ⫘
Field ⫘
playbookExecutionLogs Type: PlaybookExecutionLog ⫘
Arguments ⫘
playbookExecutionId Type: ID ⫘
Field ⫘
playbookTrigger Type: PlaybookTrigger ⫘
Arguments ⫘
playbookTriggerId Type: ID ⫘
Field ⫘
playbookTriggers Type: PlaybookTrigger ⫘
Arguments ⫘
playbookTriggerTypeIds Type: IDs ⫘
Field ⫘
playbookTriggerType Type: PlaybookTriggerType ⫘
Arguments ⫘
playbookTriggerTypeId Type: ID ⫘
playbookTriggerTypeName Type: String ⫘
Field ⫘
playbookTriggerTypes Type: PlaybookTriggerType ⫘
Field ⫘
playbookExport Type: PlaybookExport ⫘
Arguments ⫘
arguments Type: PlaybookExportArguments ⫘
Field ⫘
playbookTags Type: String ⫘
Field ⫘
playbookQuery Type: PlaybookStatistics ⫘
Arguments ⫘
query Type: String ⫘
database Type: String ⫘
options Type: QueryOptions ⫘
Mutation ⫘
Field ⫘
createPlaybook Type: Playbook ⫘
Create new playbook
Arguments ⫘
playbook Type: CreatePlaybookInput! ⫘
Field ⫘
clonePlaybook Type: Playbook ⫘
Clone an existing playbook
Arguments ⫘
input Type: ClonePlaybookInput ⫘
Field ⫘
updatePlaybook Type: Playbook ⫘
Update playbook
Arguments ⫘
input Type: UpdatePlaybookInput! ⫘
Field ⫘
deletePlaybook Type: Playbook ⫘
Delete playbook
Arguments ⫘
playbookId Type: ID! ⫘
Field ⫘
importPlaybook Type: Playbook ⫘
DEPRECATED - use importPlaybookV2
Arguments ⫘
file Type: Upload! ⫘
Field ⫘
importPlaybookV2 Type: Playbook ⫘
Import Playbook from file
Arguments ⫘
input Type: ImportPlaybookInput! ⫘
Field ⫘
executePlaybook Type: PlaybookExecution ⫘
Execute playbook with supplied parameters
Arguments ⫘
playbookId Type: ID! ⫘
parameters Type: JSONObject ⫘
Field ⫘
createPlaybookVersion Type: PlaybookVersion ⫘
Creates a new playbook version in draft mode
Arguments ⫘
playbookId Type: ID! ⫘
playbookVersion Type: PlaybookVersionInput! ⫘
Field ⫘
updatePlaybookVersion Type: PlaybookVersion ⫘
Update an existing draft playbook version
Arguments ⫘
playbookVersionId Type: ID! ⫘
playbookVersion Type: PlaybookVersionInput! ⫘
Field ⫘
publishPlaybookVersion Type: PlaybookVersion ⫘
Publishing a playbook version makes it immutable and sets it as the current head Deleting a published playbook version is not supported"
Arguments ⫘
playbookVersionId Type: ID! ⫘
Field ⫘
deletePlaybookVersion Type: PlaybookVersion ⫘
Deletes the specified draft playbook version
Arguments ⫘
playbookVersionId Type: ID! ⫘
Field ⫘
createPlaybookInstance Type: PlaybookInstance ⫘
Create new playbook instance
Arguments ⫘
playbookId Type: ID ⫘
instance Type: PlaybookInstanceInput ⫘
Field ⫘
updatePlaybookInstance Type: PlaybookInstance ⫘
Update playbook instance
Arguments ⫘
playbookInstanceId Type: ID ⫘
instance Type: PlaybookInstanceInput ⫘
Field ⫘
deletePlaybookInstance Type: PlaybookInstance ⫘
Delete playbook instance
Arguments ⫘
playbookInstanceId Type: ID! ⫘
Field ⫘
setPlaybookInstanceState Type: PlaybookInstance ⫘
Enabled/disable playbook instance
Arguments ⫘
playbookInstanceId Type: ID! ⫘
enabled Type: Boolean! ⫘
Field ⫘
executePlaybookInstance Type: PlaybookExecution ⫘
Execute playbook instance
Arguments ⫘
playbookInstanceId Type: ID ⫘
parameters Type: JSONObject ⫘
Objects ⫘
Connection ⫘
Connection is a per-tenant configuration of a connector/actions
Field ⫘
id Type: ID ⫘
Connector ⫘
Connector is an entry in catalog of available connectors (e.g. service now connector based on generic http connector service)
Field ⫘
id Type: ID! ⫘
ConnectorAction ⫘
ConnectorAction declares a method or activity that can be called on a connector and its corresponding input and output
Field ⫘
id Type: ID ⫘
ConnectorCategory ⫘
ConnectorCategory is a grouping/categorization of available connectors/playbooks (e.g. IP reputation services, DNS lookup, etc)
Field ⫘
id Type: ID ⫘
ConnectorInterface ⫘
ConnectorInterface defines an abstract interface (set of actions) that could be implemented by multiple connectors
Field ⫘
id Type: ID ⫘
DeletedObject ⫘
Field ⫘
id Type: ID ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
createdBy Type: String ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
updatedBy Type: String ⫘
Field ⫘
name Type: String ⫘
Field ⫘
description Type: String ⫘
Field ⫘
tags Type: String ⫘
Field ⫘
sequence Type: Int ⫘
PageInfo ⫘
Field ⫘
endCursor Type: String ⫘
Field ⫘
hasNextPage Type: Boolean ⫘
Field ⫘
startCursor Type: String ⫘
Field ⫘
hasPreviousPage Type: Boolean ⫘
Playbook ⫘
Playbook is an entry in catalog of available playbooks
Field ⫘
id Type: ID ⫘
Field ⫘
createdAt Type: Time ⫘
Field ⫘
createdBy Type: String ⫘
Field ⫘
updatedAt Type: Time ⫘
Field ⫘
updatedBy Type: String ⫘
Field ⫘
name Type: String! ⫘
Field ⫘
tags Type: String! ⫘
Field ⫘
icon Type: String ⫘
Field ⫘
sequence Type: Int ⫘
Field ⫘
tenant Type: String ⫘
Field ⫘
head Type: PlaybookVersion! ⫘
Field ⫘
versions Type: PlaybookVersion! ⫘
Field ⫘
instances Type: PlaybookInstance! ⫘
Field ⫘
categories Type: ConnectorCategory! ⫘
Field ⫘
title Type: String ⫘
Field ⫘
description Type: String ⫘
Field ⫘
requires Type: ConnectorInterface! ⫘
PlaybookEvent ⫘
PlaybookEvents represents a trace event withing the execution of the workflow
Field ⫘
id Type: Int ⫘
Field ⫘
object Type: PlaybookObject! ⫘
Field ⫘
state Type: PlaybookState! ⫘
Field ⫘
name Type: String ⫘
Field ⫘
timestamp Type: Time! ⫘
Field ⫘
inputs Type: JSONObject ⫘
Field ⫘
outputs Type: Any ⫘
Field ⫘
reason Type: String ⫘
Field ⫘
attempt Type: Int ⫘
PlaybookExecution ⫘
PlaybookExecution represents the state of a current playbook execution
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
createdBy Type: String! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
updatedBy Type: String! ⫘
Field ⫘
state Type: PlaybookState ⫘
Field ⫘
tenant Type: String! ⫘
Field ⫘
instance Type: PlaybookInstance! ⫘
Field ⫘
version Type: PlaybookVersion ⫘
Field ⫘
inputs Type: JSONObject ⫘
Field ⫘
outputs Type: Any ⫘
Field ⫘
runId Type: String! ⫘
Field ⫘
events Type: PlaybookEvent! ⫘
PlaybookExecutionLog ⫘
PlaybookExecutionLog represents a log entry from an executed playbook with its children and status logs attached
Field ⫘
id Type: ID! ⫘
Field ⫘
taskID Type: Float ⫘
Field ⫘
parentID Type: Float ⫘
Field ⫘
message Type: JSONObject ⫘
Field ⫘
children Type: Any ⫘
Field ⫘
statusLogs Type: Any ⫘
PlaybookExecutions ⫘
PlaybookExecutions represents a list of executions along with other metadata like pagination
Field ⫘
executions Type: PlaybookExecution ⫘
Field ⫘
nodes Type: PlaybookExecution! ⫘
Field ⫘
totalCount Type: Int! ⫘
PlaybookExecutionsV2 ⫘
Field ⫘
totalCount Type: Int! ⫘
Field ⫘
playbookExecutions Type: PlaybookExecution! ⫘
Field ⫘
pageInfo Type: PageInfo! ⫘
PlaybookExport ⫘
Field ⫘
export Type: String! ⫘
PlaybookInstance ⫘
PlaybookInstance defines the configuration of a playbook in a user account
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
createdBy Type: String! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
updatedBy Type: String! ⫘
Field ⫘
name Type: String! ⫘
Field ⫘
description Type: String ⫘
Field ⫘
tags Type: String! ⫘
Field ⫘
sequence Type: Int ⫘
Field ⫘
tenant Type: String ⫘
Field ⫘
playbook Type: Playbook! ⫘
Field ⫘
version Type: PlaybookVersion ⫘
Field ⫘
versionLock Type: String! ⫘
Field ⫘
versionStrategy Type: PlaybookVersionStrategy ⫘
Field ⫘
trigger Type: PlaybookTrigger ⫘
Field ⫘
enabled Type: Boolean! ⫘
Field ⫘
inputs Type: JSONObject ⫘
Field ⫘
retries Type: PlaybookRetries ⫘
Field ⫘
connections Type: Connection! ⫘
PlaybookRetries ⫘
Field ⫘
initialInterval Type: Int ⫘
Field ⫘
maximumInterval Type: Int ⫘
Field ⫘
backoffCoefficient Type: Float ⫘
Field ⫘
maximumRetries Type: Int ⫘
Field ⫘
maximumDuration Type: Int ⫘
Field ⫘
InitialInterval Type: Int ⫘
Field ⫘
MaximumInterval Type: Int ⫘
Field ⫘
BackoffCoefficient Type: Float ⫘
Field ⫘
MaximumRetries Type: Int ⫘
Field ⫘
MaximumDuration Type: Int ⫘
PlaybookStatistics ⫘
Playbook Statistics
Field ⫘
table Type: String ⫘
Field ⫘
columns Type: String! ⫘
Field ⫘
rows Type: Any ⫘
PlaybookTrigger ⫘
PlaybookTrigger defines a set of attributes common to different trigger types
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
createdBy Type: String! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
updatedBy Type: String! ⫘
Field ⫘
name Type: String! ⫘
Field ⫘
description Type: String ⫘
Field ⫘
tenant Type: String! ⫘
Field ⫘
type Type: PlaybookTriggerType! ⫘
Field ⫘
config Type: JSONObject! ⫘
Field ⫘
instance Type: PlaybookInstance! ⫘
PlaybookTriggerType ⫘
PlaybookTriggerType defines an available triggering mechanism
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
createdBy Type: String! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
updatedBy Type: String! ⫘
Field ⫘
name Type: String! ⫘
Field ⫘
description Type: String ⫘
Field ⫘
parameters Type: JSONSchema ⫘
PlaybookVersion ⫘
PlaybookVersion maintains a change record of the playbook definition. Multiple versions of a playbook could be in use concurrently
Field ⫘
id Type: ID! ⫘
Field ⫘
createdAt Type: Time! ⫘
Field ⫘
createdBy Type: String! ⫘
Field ⫘
updatedAt Type: Time! ⫘
Field ⫘
updatedBy Type: String! ⫘
Field ⫘
version Type: String! ⫘
Field ⫘
published Type: Time ⫘
Field ⫘
publishedBy Type: String ⫘
Field ⫘
playbook Type: Playbook! ⫘
Field ⫘
instances Type: PlaybookInstance! ⫘
Field ⫘
title Type: String ⫘
Field ⫘
description Type: String ⫘
Field ⫘
documentation Type: String ⫘
Field ⫘
requires Type: ConnectorInterface! ⫘
Field ⫘
inputs Type: JSONSchema ⫘
Field ⫘
outputs Type: JSONSchema ⫘
Field ⫘
dslSource Type: String ⫘
Field ⫘
dsl Type: JSONObject ⫘
Subscription ⫘
Subscriptions provide ability to receive asynchronous notification of CRUD events
Field ⫘
playbookCreated Type: Playbook! ⫘
Field ⫘
playbookUpdated Type: Playbook! ⫘
Field ⫘
playbookDeleted Type: DeletedObject! ⫘
Field ⫘
playbookInstanceCreated Type: PlaybookInstance! ⫘
Arguments ⫘
playbookIds Type: IDs ⫘
Field ⫘
playbookInstanceUpdated Type: PlaybookInstance! ⫘
Arguments ⫘
playbookIds Type: IDs ⫘
Field ⫘
playbookInstanceDeleted Type: DeletedObject! ⫘
Arguments ⫘
playbookIds Type: IDs ⫘
Inputs ⫘
ClonePlaybookInput ⫘
Field ⫘
name Type: String! ⫘
Field ⫘
playbookId Type: ID! ⫘
Field ⫘
versionId Type: ID! ⫘
Field ⫘
isGlobal Type: Boolean ⫘
CreatePlaybookInput ⫘
PlaybookInput defines the playbook fields that are required and/or avaliable on creation of a playbook
Field ⫘
name Type: String! ⫘
Field ⫘
tags Type: Tags ⫘
Field ⫘
icon Type: String ⫘
Field ⫘
categories Type: IDs ⫘
Field ⫘
version Type: PlaybookVersionInput! ⫘
Field ⫘
isGlobal Type: Boolean ⫘
ImportPlaybookInput ⫘
Field ⫘
file Type: Upload! ⫘
Field ⫘
isGlobal Type: Boolean ⫘
Pagination ⫘
Pagination defines the options for requesting specific pages and the number of results per page
Field ⫘
page Type: Int ⫘
Field ⫘
perPage Type: Int ⫘
PlaybookExecutionsV2Arguments ⫘
Field ⫘
first Type: Int ⫘
Returns the first n results (used for forward traversal)
Field ⫘
after Type: String ⫘
Used to get the next page of results in conjunction with first; after the endCursor of the current page (used for forward traversal)
Field ⫘
last Type: Int ⫘
Returns the last n results of a previous page when used in conjunction with before (used for backwards traversal)
Field ⫘
before Type: String ⫘
Used to get the previous page of results; before the startCursor of the current page (used for backwards traversal).
Field ⫘
sortBy Type: PlaybookExecutionsSort ⫘
Field ⫘
orderBy Type: PaginationOrder ⫘
Field ⫘
playbookInstanceId Type: ID ⫘
Field ⫘
playbookVersionId Type: ID ⫘
PlaybookExportArguments ⫘
Field ⫘
playbookId Type: ID ⫘
Field ⫘
name Type: String ⫘
PlaybookInstanceInput ⫘
PlaybookInstanceInput defines the mutable fields of a playbook instance
Field ⫘
name Type: String! ⫘
Field ⫘
description Type: String ⫘
Field ⫘
tags Type: Tags ⫘
Field ⫘
trigger Type: PlaybookTriggerInput! ⫘
Field ⫘
enabled Type: Boolean! ⫘
Field ⫘
inputs Type: JSONObject ⫘
Field ⫘
connections Type: IDs ⫘
PlaybookInstancesArguments ⫘
PlaybookInstancesArguments defines the fields available for looking up a list of Playbook instances. All fields are optional.
Field ⫘
playbookInstanceIds Type: ID ⫘
Field ⫘
playbookId Type: ID ⫘
Field ⫘
tags Type: Tags ⫘
Field ⫘
connections Type: IDs ⫘
Field ⫘
sortBy Type: InstanceSortField ⫘
Field ⫘
orderBy Type: PaginationOrder ⫘
PlaybookTriggerInput ⫘
Field ⫘
name Type: String! ⫘
Field ⫘
description Type: String ⫘
Field ⫘
tags Type: Tags ⫘
Field ⫘
typeId Type: ID! ⫘
Field ⫘
config Type: JSONObject! ⫘
PlaybookVersionInput ⫘
PlaybookVersionInput defines the mutable fields of a playbook version
Field ⫘
title Type: String ⫘
Field ⫘
description Type: String ⫘
Field ⫘
documentation Type: String ⫘
Field ⫘
requires Type: IDs ⫘
Field ⫘
implements Type: ID ⫘
Field ⫘
inputs Type: JSONSchema ⫘
Field ⫘
outputs Type: JSONSchema ⫘
Field ⫘
dsl Type: YAMLObject ⫘
QueryOptions ⫘
QueryOptions provides the ability to override default query behavior.
Field ⫘
timestampAscending Type: Boolean ⫘
Reversed default timestamp.
Field ⫘
maxRows Type: Int ⫘
UpdatePlaybookInput ⫘
UpdatePlaybookInput defines the fields required and the mutable fields that can be used to update a playbook.
Field ⫘
playbookId Type: ID! ⫘
Field ⫘
tags Type: String! ⫘
Field ⫘
icon Type: String ⫘
Field ⫘
categories Type: IDs ⫘
Field ⫘
head Type: ID ⫘
Enums ⫘
InstanceSortField ⫘
InstanceSortField determines the sort order when retrieving a list of Playbook instances. If no sort field is provided, the list will be sorted by NAME.
NAME
STATUS
CREATED
UPDATED
PaginationOrder ⫘
ASCENDING
Orders the resulting page in ascending order
DESCENDING
Orders the resulting page in descending order
PlaybookExecutionsSort ⫘
createdAt
Sorts the resulting page by the createdAt field
updatedAt
Sorts the resulting page by the updatedAt field
PlaybookObject ⫘
Workflow
Decision
Action
PlaybookState ⫘
Scheduled
Started
Completed
TimedOut
PlaybookVersionStrategy ⫘
PlaybookVersionStrategy determines how an instance is upgraded when new versions are published
Fixed
FollowMinorVersion
FollowMajorVersion
Scalars ⫘
Any ⫘
interface
Boolean ⫘
The Boolean scalar type represents true or false.
Float ⫘
The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
ID ⫘
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
IDs ⫘
list of IDs
Int ⫘
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
JSONObject ⫘
JSON payload
JSONSchema ⫘
JSON schema
String ⫘
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Tags ⫘
list of tags
Time ⫘
Time implementation for this library.
Upload ⫘
File to upload
YAMLObject ⫘
YAML payload
Interfaces ⫘
Node ⫘
Field ⫘
id Type: ID! ⫘