From b65b170354e8447d96968342e1c1247bdcf4b1b9 Mon Sep 17 00:00:00 2001 From: dobarx <111326505+dobarx@users.noreply.github.com> Date: Fri, 2 Feb 2024 15:52:37 +0200 Subject: [PATCH] `v0.3` plugins (#50) --- go.mod | 16 +- go.sum | 47 +- .../v1/plugin.go | 0 .../v1/semver.go | 0 plugins/data/github/internal/mocks/client.go | 108 + plugins/data/github/plugin.go | 242 + plugins/data/github/plugin_test.go | 173 + plugins/data/graphql/plugin.go | 143 + plugins/data/graphql/plugin_test.go | 238 + plugins/data/opencti/opencti.graphql | 12569 ++++++++++++++++ plugins/data/opencti/plugin.go | 182 + plugins/data/opencti/plugin_test.go | 284 + plugins/data/postgresql/plugin.go | 194 + .../postgresql/plugin_integration_test.go | 267 + plugins/data/postgresql/plugin_test.go | 21 + plugins/data/postgresql/testdata/data.sql | 14 + plugins/data/sqlite/helpers_test.go | 94 + plugins/data/sqlite/plugin.go | 191 + plugins/data/sqlite/plugin_test.go | 290 + plugins/data/terraform/plugin.go | 75 + plugins/data/terraform/plugin_test.go | 92 + .../data/terraform/testdata/terraform.tfstate | 11 + 22 files changed, 15239 insertions(+), 12 deletions(-) rename {pluginInterface => plugininterface}/v1/plugin.go (100%) rename {pluginInterface => plugininterface}/v1/semver.go (100%) create mode 100644 plugins/data/github/internal/mocks/client.go create mode 100644 plugins/data/github/plugin.go create mode 100644 plugins/data/github/plugin_test.go create mode 100644 plugins/data/graphql/plugin.go create mode 100644 plugins/data/graphql/plugin_test.go create mode 100644 plugins/data/opencti/opencti.graphql create mode 100644 plugins/data/opencti/plugin.go create mode 100644 plugins/data/opencti/plugin_test.go create mode 100644 plugins/data/postgresql/plugin.go create mode 100644 plugins/data/postgresql/plugin_integration_test.go create mode 100644 plugins/data/postgresql/plugin_test.go create mode 100644 plugins/data/postgresql/testdata/data.sql create mode 100644 plugins/data/sqlite/helpers_test.go create mode 100644 plugins/data/sqlite/plugin.go create mode 100644 plugins/data/sqlite/plugin_test.go create mode 100644 plugins/data/terraform/plugin.go create mode 100644 plugins/data/terraform/plugin_test.go create mode 100644 plugins/data/terraform/testdata/terraform.tfstate diff --git a/go.mod b/go.mod index 6193f95f..c324a421 100644 --- a/go.mod +++ b/go.mod @@ -5,19 +5,28 @@ go 1.21 require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/elastic/go-elasticsearch/v8 v8.11.1 + github.com/google/go-github/v58 v58.0.0 + github.com/hashicorp/go-hclog v0.14.1 github.com/hashicorp/go-plugin v1.6.0 github.com/hashicorp/hcl/v2 v2.19.1 github.com/itchyny/gojq v0.12.14 + github.com/lib/pq v1.10.9 + github.com/mattn/go-sqlite3 v1.14.20 + github.com/pelletier/go-toml/v2 v2.1.1 github.com/sanity-io/litter v1.5.5 github.com/stretchr/testify v1.8.4 github.com/testcontainers/testcontainers-go v0.27.0 github.com/testcontainers/testcontainers-go/modules/elasticsearch v0.27.0 + github.com/testcontainers/testcontainers-go/modules/postgres v0.27.0 + github.com/wundergraph/graphql-go-tools/v2 v2.0.0-rc.5 github.com/zclconf/go-cty v1.13.0 golang.org/x/exp v0.0.0-20231226003508-02704c960a9b golang.org/x/term v0.15.0 gopkg.in/yaml.v3 v3.0.1 ) +require github.com/cespare/xxhash/v2 v2.2.0 // indirect + require ( dario.cat/mergo v1.0.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect @@ -41,15 +50,14 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-cmp v0.6.0 // indirect + github.com/google/go-querystring v1.1.0 // indirect github.com/google/uuid v1.4.0 // indirect - github.com/hashicorp/go-hclog v0.14.1 github.com/hashicorp/yamux v0.1.1 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect - github.com/klauspost/compress v1.16.0 // indirect - github.com/kr/text v0.2.0 // indirect + github.com/klauspost/compress v1.17.0 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/magiconair/properties v1.8.7 // indirect - github.com/mattn/go-colorable v0.1.4 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 // indirect github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 // indirect diff --git a/go.sum b/go.sum index d0735c61..e27b8c46 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,12 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= @@ -34,7 +38,6 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= @@ -69,12 +72,17 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-github/v58 v58.0.0 h1:Una7GGERlF/37XfkPwpzYJe0Vp4dt2k1kCjlxwjIvzw= +github.com/google/go-github/v58 v58.0.0/go.mod h1:k4hxDKEfoWpSqFlc8LTpGd9fu2KrV1YAa6Hi6FmDNY4= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-hclog v0.14.1 h1:nQcJDQwIAGnmoUWp8ubocEX40cCml/17YkF6csQLReU= @@ -89,31 +97,39 @@ github.com/itchyny/gojq v0.12.14 h1:6k8vVtsrhQSYgSGg827AD+PVVaB1NLXEdX+dda2oZCc= github.com/itchyny/gojq v0.12.14/go.mod h1:y1G7oO7XkcR1LPZO59KyoCRy08T3j9vDYRV0GgYSS+s= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= +github.com/jensneuse/diffview v1.0.0 h1:4b6FQJ7y3295JUHU3tRko6euyEboL825ZsXeZZM47Z4= +github.com/jensneuse/diffview v1.0.0/go.mod h1:i6IacuD8LnEaPuiyzMHA+Wfz5mAuycMOf3R/orUY9y4= github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= +github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-sqlite3 v1.14.20 h1:BAZ50Ns0OFBNxdAqFhbZqdPcht1Xlb16pDCqkq1spr0= +github.com/mattn/go-sqlite3 v1.14.20/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 h1:7GoSOOW2jpsfkntVKaS2rAr1TJqfcxotyaUcuxoZSzg= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 h1:DpOJ2HYzCv8LZP15IdmG+YdwD2luVPHITV96TkirNBM= @@ -152,9 +168,11 @@ github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sanity-io/litter v1.5.5 h1:iE+sBxPBzoK6uaEP5Lt3fHNgpKcHXc/A2HGETy0uJQo= github.com/sanity-io/litter v1.5.5/go.mod h1:9gzJgR2i4ZpjZHsKvUXIRQVk7P+yM3e+jAF7bU2UI5U= +github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y= +github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil/v3 v3.23.11 h1:i3jP9NjCPUz7FiZKxlMnODZkdSIp2gnzfrvsu9CuWEQ= github.com/shirou/gopsutil/v3 v3.23.11/go.mod h1:1FrWgea594Jp7qmjHUUPlJDTPgcsb9mGnXDxavtikzM= github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM= @@ -181,6 +199,16 @@ github.com/testcontainers/testcontainers-go v0.27.0 h1:IeIrJN4twonTDuMuBNQdKZ+K9 github.com/testcontainers/testcontainers-go v0.27.0/go.mod h1:+HgYZcd17GshBUZv9b+jKFJ198heWPQq3KQIp2+N+7U= github.com/testcontainers/testcontainers-go/modules/elasticsearch v0.27.0 h1:BkJPG6s1aXJ7yeFweG6nq2VMRl6xToRn8ht2z0RocR8= github.com/testcontainers/testcontainers-go/modules/elasticsearch v0.27.0/go.mod h1:WMaQCBStEkJXHdFEL9vvb5RWDjdAd3NrdR9tbTcsetU= +github.com/testcontainers/testcontainers-go/modules/postgres v0.27.0 h1:gbA/HYjBIwOwhE/t4p3kIprfI0qsxCk+YVW7P9XFOus= +github.com/testcontainers/testcontainers-go/modules/postgres v0.27.0/go.mod h1:VFrFKUUgET2hNXStdtaC7uOIJWviFUrixhKeaVw/4F4= +github.com/tidwall/gjson v1.11.0 h1:C16pk7tQNiH6VlCrtIXL1w8GaOsi1X3W8KDkE1BuYd4= +github.com/tidwall/gjson v1.11.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/sjson v1.0.4 h1:UcdIRXff12Lpnu3OLtZvnc03g4vH2suXDXhBwBqmzYg= +github.com/tidwall/sjson v1.0.4/go.mod h1:bURseu1nuBkFpIES5cz6zBtjmYeOQmEESshn7VpF15Y= github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU= github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI= github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk= @@ -188,6 +216,8 @@ github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9f github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= +github.com/wundergraph/graphql-go-tools/v2 v2.0.0-rc.5 h1:gma91S7qXoAPGalSnLWx49ID8aMNCNkgJ93h4M+uuPw= +github.com/wundergraph/graphql-go-tools/v2 v2.0.0-rc.5/go.mod h1:dYjlFOaVap9Gz7XyHxBbU8ww0z7++KO+0E4XwmX5Mjg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw= @@ -234,6 +264,7 @@ golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/pluginInterface/v1/plugin.go b/plugininterface/v1/plugin.go similarity index 100% rename from pluginInterface/v1/plugin.go rename to plugininterface/v1/plugin.go diff --git a/pluginInterface/v1/semver.go b/plugininterface/v1/semver.go similarity index 100% rename from pluginInterface/v1/semver.go rename to plugininterface/v1/semver.go diff --git a/plugins/data/github/internal/mocks/client.go b/plugins/data/github/internal/mocks/client.go new file mode 100644 index 00000000..5e95a82b --- /dev/null +++ b/plugins/data/github/internal/mocks/client.go @@ -0,0 +1,108 @@ +// Code generated by mockery v2.39.1. DO NOT EDIT. + +package mocks + +import ( + context "context" + + github "github.com/google/go-github/v58/github" + + mock "github.com/stretchr/testify/mock" +) + +// Client is an autogenerated mock type for the Client type +type Client struct { + mock.Mock +} + +type Client_Expecter struct { + mock *mock.Mock +} + +func (_m *Client) EXPECT() *Client_Expecter { + return &Client_Expecter{mock: &_m.Mock} +} + +// ListByRepo provides a mock function with given fields: ctx, owner, repo, opts +func (_m *Client) ListByRepo(ctx context.Context, owner string, repo string, opts *github.IssueListByRepoOptions) ([]*github.Issue, *github.Response, error) { + ret := _m.Called(ctx, owner, repo, opts) + + if len(ret) == 0 { + panic("no return value specified for ListByRepo") + } + + var r0 []*github.Issue + var r1 *github.Response + var r2 error + if rf, ok := ret.Get(0).(func(context.Context, string, string, *github.IssueListByRepoOptions) ([]*github.Issue, *github.Response, error)); ok { + return rf(ctx, owner, repo, opts) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string, *github.IssueListByRepoOptions) []*github.Issue); ok { + r0 = rf(ctx, owner, repo, opts) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*github.Issue) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string, *github.IssueListByRepoOptions) *github.Response); ok { + r1 = rf(ctx, owner, repo, opts) + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(*github.Response) + } + } + + if rf, ok := ret.Get(2).(func(context.Context, string, string, *github.IssueListByRepoOptions) error); ok { + r2 = rf(ctx, owner, repo, opts) + } else { + r2 = ret.Error(2) + } + + return r0, r1, r2 +} + +// Client_ListByRepo_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListByRepo' +type Client_ListByRepo_Call struct { + *mock.Call +} + +// ListByRepo is a helper method to define mock.On call +// - ctx context.Context +// - owner string +// - repo string +// - opts *github.IssueListByRepoOptions +func (_e *Client_Expecter) ListByRepo(ctx interface{}, owner interface{}, repo interface{}, opts interface{}) *Client_ListByRepo_Call { + return &Client_ListByRepo_Call{Call: _e.mock.On("ListByRepo", ctx, owner, repo, opts)} +} + +func (_c *Client_ListByRepo_Call) Run(run func(ctx context.Context, owner string, repo string, opts *github.IssueListByRepoOptions)) *Client_ListByRepo_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string), args[2].(string), args[3].(*github.IssueListByRepoOptions)) + }) + return _c +} + +func (_c *Client_ListByRepo_Call) Return(_a0 []*github.Issue, _a1 *github.Response, _a2 error) *Client_ListByRepo_Call { + _c.Call.Return(_a0, _a1, _a2) + return _c +} + +func (_c *Client_ListByRepo_Call) RunAndReturn(run func(context.Context, string, string, *github.IssueListByRepoOptions) ([]*github.Issue, *github.Response, error)) *Client_ListByRepo_Call { + _c.Call.Return(run) + return _c +} + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/plugins/data/github/plugin.go b/plugins/data/github/plugin.go new file mode 100644 index 00000000..547c62e1 --- /dev/null +++ b/plugins/data/github/plugin.go @@ -0,0 +1,242 @@ +package github + +import ( + "context" + "errors" + "strings" + "time" + + "github.com/Masterminds/semver/v3" + "github.com/blackstork-io/fabric/plugininterface/v1" + gh "github.com/google/go-github/v58/github" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hcldec" + "github.com/zclconf/go-cty/cty" +) + +const ( + minPage = 1 + pageSize = 30 +) + +var ( + DefaultClientLoader = func(token string) Client { + return gh.NewClient(nil).WithAuthToken(token).Issues + } + Version = semver.MustParse("0.1.0") +) + +type ClientLoaderFn func(token string) Client + +type Client interface { + ListByRepo(ctx context.Context, owner string, repo string, opts *gh.IssueListByRepoOptions) ([]*gh.Issue, *gh.Response, error) +} + +type Plugin struct { + Loader ClientLoaderFn +} + +func (Plugin) GetPlugins() []plugininterface.Plugin { + return []plugininterface.Plugin{ + { + Namespace: "blackstork", + Kind: "data", + Name: "github_issues", + Version: plugininterface.Version(*Version), + ConfigSpec: &hcldec.ObjectSpec{ + "github_token": &hcldec.AttrSpec{ + Name: "github_token", + Type: cty.String, + Required: true, + }, + }, + InvocationSpec: &hcldec.ObjectSpec{ + "repository": &hcldec.AttrSpec{ + Name: "repository", + Type: cty.String, + Required: true, + }, + "milestone": &hcldec.AttrSpec{ + Name: "milestone", + Type: cty.String, + Required: false, + }, + "state": &hcldec.AttrSpec{ + Name: "state", + Type: cty.String, + Required: false, + }, + "assignee": &hcldec.AttrSpec{ + Name: "assignee", + Type: cty.String, + Required: false, + }, + "creator": &hcldec.AttrSpec{ + Name: "creator", + Type: cty.String, + Required: false, + }, + "mentioned": &hcldec.AttrSpec{ + Name: "mentioned", + Type: cty.String, + Required: false, + }, + "labels": &hcldec.AttrSpec{ + Name: "labels", + Type: cty.List(cty.String), + Required: false, + }, + "sort": &hcldec.AttrSpec{ + Name: "sort", + Type: cty.String, + Required: false, + }, + "direction": &hcldec.AttrSpec{ + Name: "direction", + Type: cty.String, + Required: false, + }, + "since": &hcldec.AttrSpec{ + Name: "since", + Type: cty.String, + Required: false, + }, + "limit": &hcldec.AttrSpec{ + Name: "limit", + Type: cty.Number, + Required: false, + }, + }, + }, + } +} + +func (Plugin) parseConfig(cfg cty.Value) (string, error) { + githubToken := cfg.GetAttr("github_token") + if githubToken.IsNull() || githubToken.AsString() == "" { + return "", errors.New("github_token is required") + } + return githubToken.AsString(), nil +} + +type parsedArgs struct { + owner string + name string + limit int64 + opts *gh.IssueListByRepoOptions +} + +func (p Plugin) parseArgs(args cty.Value) (*parsedArgs, error) { + repository := args.GetAttr("repository") + if repository.IsNull() || repository.AsString() == "" { + return nil, errors.New("repository is required") + } + repositoryParts := strings.Split(repository.AsString(), "/") + if len(repositoryParts) != 2 { + return nil, errors.New("repository must be in the format of owner/name") + } + owner := repositoryParts[0] + name := repositoryParts[1] + opts := &gh.IssueListByRepoOptions{} + if milestone := args.GetAttr("milestone"); !milestone.IsNull() && milestone.AsString() != "" { + opts.Milestone = milestone.AsString() + } + if state := args.GetAttr("state"); !state.IsNull() && state.AsString() != "" { + opts.State = state.AsString() + } + if assignee := args.GetAttr("assignee"); !assignee.IsNull() && assignee.AsString() != "" { + opts.Assignee = assignee.AsString() + } + if creator := args.GetAttr("creator"); !creator.IsNull() && creator.AsString() != "" { + opts.Creator = creator.AsString() + } + if mentioned := args.GetAttr("mentioned"); !mentioned.IsNull() && mentioned.AsString() != "" { + opts.Mentioned = mentioned.AsString() + } + if labels := args.GetAttr("labels"); !labels.IsNull() && labels.LengthInt() > 0 { + arr := make([]string, labels.LengthInt()) + for i, label := range labels.AsValueSlice() { + arr[i] = label.AsString() + } + opts.Labels = arr + } + if sort := args.GetAttr("sort"); !sort.IsNull() && sort.AsString() != "" { + opts.Sort = sort.AsString() + } + if direction := args.GetAttr("direction"); !direction.IsNull() && direction.AsString() != "" { + opts.Direction = direction.AsString() + } + if since := args.GetAttr("since"); !since.IsNull() && since.AsString() != "" { + ts, err := time.Parse(time.RFC3339, since.AsString()) + if err != nil { + return nil, errors.New("since must be in RFC3339 format") + } + opts.Since = ts + } + parsed := &parsedArgs{ + owner: owner, + name: name, + opts: opts, + limit: -1, + } + if limit := args.GetAttr("limit"); !limit.IsNull() && limit.AsBigFloat().IsInt() { + parsed.limit, _ = limit.AsBigFloat().Int64() + if parsed.limit <= 0 { + return nil, errors.New("limit must be greater than 0") + } + } + return parsed, nil + +} +func (p Plugin) Call(args plugininterface.Args) plugininterface.Result { + tkn, err := p.parseConfig(args.Config) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse configuration", + Detail: err.Error(), + }}, + } + } + opts, err := p.parseArgs(args.Args) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse arguments", + Detail: err.Error(), + }}, + } + } + client := p.Loader(tkn) + // iterate over pages until we get all issues or reach the limit if specified + var issues []any + for page := minPage; ; page++ { + opts.opts.Page = page + opts.opts.PerPage = pageSize + issuesPage, resp, err := client.ListByRepo(context.Background(), opts.owner, opts.name, opts.opts) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to list issues", + Detail: err.Error(), + }}, + } + } + for _, issue := range issuesPage { + issues = append(issues, issue) + } + if resp.NextPage == 0 || (opts.limit > 0 && int64(len(issues)) >= opts.limit) { + break + } + } + // if limit is specified, truncate the issues slice + if opts.limit > 0 && int64(len(issues)) > opts.limit { + issues = issues[:opts.limit] + } + return plugininterface.Result{ + Result: issues, + } +} diff --git a/plugins/data/github/plugin_test.go b/plugins/data/github/plugin_test.go new file mode 100644 index 00000000..2f02aa52 --- /dev/null +++ b/plugins/data/github/plugin_test.go @@ -0,0 +1,173 @@ +package github + +import ( + "testing" + "time" + + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/blackstork-io/fabric/plugins/data/github/internal/mocks" + gh "github.com/google/go-github/v58/github" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/suite" + "github.com/zclconf/go-cty/cty" +) + +type PluginTestSuite struct { + suite.Suite + plugin plugininterface.PluginRPC + cli *mocks.Client +} + +func TestPluginSuite(t *testing.T) { + suite.Run(t, &PluginTestSuite{}) +} + +func (s *PluginTestSuite) SetupSuite() { + s.plugin = Plugin{ + Loader: func(token string) Client { + return s.cli + }, + } +} + +func (s *PluginTestSuite) SetupTest() { + s.cli = &mocks.Client{} +} + +func (s *PluginTestSuite) TearDownTest() { + s.cli.AssertExpectations(s.T()) +} + +func (s *PluginTestSuite) TestGetPlugins() { + plugins := s.plugin.GetPlugins() + s.Require().Len(plugins, 1, "expected 1 plugin") + got := plugins[0] + s.Equal("github_issues", got.Name) + s.Equal("data", got.Kind) + s.Equal("blackstork", got.Namespace) + s.Equal(Version.String(), got.Version.Cast().String()) + s.NotNil(got.ConfigSpec) + s.NotNil(got.InvocationSpec) +} + +func int64ptr(i int64) *int64 { return &i } + +func (s *PluginTestSuite) TestCallBasic() { + s.cli.On("ListByRepo", mock.Anything, "testorg", "testrepo", &gh.IssueListByRepoOptions{ + ListOptions: gh.ListOptions{ + PerPage: 30, + Page: 1, + }, + }). + Return([]*gh.Issue{ + { + ID: int64ptr(123), + }, + { + ID: int64ptr(124), + }, + }, &gh.Response{}, nil) + + args := plugininterface.Args{ + Kind: "data", + Name: "github_issues", + Config: cty.ObjectVal(map[string]cty.Value{ + "github_token": cty.StringVal("testtoken"), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "repository": cty.StringVal("testorg/testrepo"), + "limit": cty.NullVal(cty.Number), + "milestone": cty.NullVal(cty.String), + "state": cty.NullVal(cty.String), + "assignee": cty.NullVal(cty.String), + "creator": cty.NullVal(cty.String), + "mentioned": cty.NullVal(cty.String), + "labels": cty.ListValEmpty(cty.String), + "sort": cty.NullVal(cty.String), + "direction": cty.NullVal(cty.String), + "since": cty.NullVal(cty.String), + }), + } + result := s.plugin.Call(args) + expected := plugininterface.Result{ + Result: []any{ + &gh.Issue{ + ID: int64ptr(123), + }, + &gh.Issue{ + ID: int64ptr(124), + }, + }, + } + s.Equal(expected, result) +} + +func (s *PluginTestSuite) TestCallAdvanced() { + since, err := time.Parse(time.RFC3339, "2021-01-01T00:00:00Z") + s.Require().NoError(err) + s.cli.On("ListByRepo", mock.Anything, "testorg", "testrepo", &gh.IssueListByRepoOptions{ + Milestone: "testmilestone", + State: "open", + Assignee: "testassignee", + Creator: "testcreator", + Labels: []string{ + "testlabel1", + "testlabel2", + }, + Sort: "created", + Direction: "asc", + Mentioned: "testmentioned", + Since: since, + ListOptions: gh.ListOptions{ + PerPage: 30, + Page: 1, + }, + }). + Return([]*gh.Issue{ + { + ID: int64ptr(123), + }, + { + ID: int64ptr(124), + }, + { + ID: int64ptr(125), + }, + }, &gh.Response{}, nil) + + args := plugininterface.Args{ + Kind: "data", + Name: "github_issues", + Config: cty.ObjectVal(map[string]cty.Value{ + "github_token": cty.StringVal("testtoken"), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "repository": cty.StringVal("testorg/testrepo"), + "limit": cty.NumberIntVal(2), + "milestone": cty.StringVal("testmilestone"), + "state": cty.StringVal("open"), + "assignee": cty.StringVal("testassignee"), + "creator": cty.StringVal("testcreator"), + "mentioned": cty.StringVal("testmentioned"), + "labels": cty.ListVal([]cty.Value{ + cty.StringVal("testlabel1"), + cty.StringVal("testlabel2"), + }), + "sort": cty.StringVal("created"), + "direction": cty.StringVal("asc"), + "since": cty.StringVal("2021-01-01T00:00:00Z"), + }), + } + result := s.plugin.Call(args) + expected := plugininterface.Result{ + Result: []any{ + &gh.Issue{ + ID: int64ptr(123), + }, + &gh.Issue{ + ID: int64ptr(124), + }, + }, + } + s.Equal(expected, result) +} diff --git a/plugins/data/graphql/plugin.go b/plugins/data/graphql/plugin.go new file mode 100644 index 00000000..ef4eae02 --- /dev/null +++ b/plugins/data/graphql/plugin.go @@ -0,0 +1,143 @@ +package graphql + +import ( + "bytes" + "encoding/json" + "fmt" + "net/http" + + "github.com/Masterminds/semver/v3" + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hcldec" + "github.com/zclconf/go-cty/cty" +) + +var Version = semver.MustParse("0.1.0") + +type Plugin struct{} + +func (Plugin) GetPlugins() []plugininterface.Plugin { + return []plugininterface.Plugin{ + { + Namespace: "blackstork", + Kind: "data", + Name: "graphql", + Version: plugininterface.Version(*Version), + ConfigSpec: &hcldec.ObjectSpec{ + "url": &hcldec.AttrSpec{ + Name: "url", + Type: cty.String, + Required: true, + }, + "auth_token": &hcldec.AttrSpec{ + Name: "auth_token", + Type: cty.String, + Required: false, + }, + }, + InvocationSpec: &hcldec.ObjectSpec{ + "query": &hcldec.AttrSpec{ + Name: "path", + Type: cty.String, + Required: true, + }, + }, + }, + } +} + +func (Plugin) parseConfig(cfg cty.Value) (string, string, error) { + url := cfg.GetAttr("url") + if url.IsNull() || url.AsString() == "" { + return "", "", fmt.Errorf("url is required") + } + authToken := cfg.GetAttr("auth_token") + if authToken.IsNull() { + authToken = cty.StringVal("") + } + return url.AsString(), authToken.AsString(), nil +} + +func (Plugin) parseArgs(args cty.Value) (string, error) { + query := args.GetAttr("query") + if query.IsNull() || query.AsString() == "" { + return "", fmt.Errorf("query is required") + } + return query.AsString(), nil +} + +func (p Plugin) Call(args plugininterface.Args) plugininterface.Result { + url, authToken, err := p.parseConfig(args.Config) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse config", + Detail: err.Error(), + }}, + } + } + query, err := p.parseArgs(args.Args) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse arguments", + Detail: err.Error(), + }}, + } + } + + result, err := p.query(url, query, authToken) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to execute query", + Detail: err.Error(), + }}, + } + } + + return plugininterface.Result{ + Result: result, + } +} + +type requestData struct { + Query string `json:"query"` +} + +func (Plugin) query(url, query, authToken string) (any, error) { + data, err := json.Marshal(requestData{Query: query}) + if err != nil { + return "", err + } + req, err := http.NewRequest("POST", url, bytes.NewReader(data)) + if err != nil { + return "", err + } + // Set the appropriate headers + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Accept", "application/json") + if authToken != "" { + req.Header.Set("Authorization", "Bearer "+authToken) + } + // Send the request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("unexpected status code: %d", resp.StatusCode) + } + var result any + err = json.NewDecoder(resp.Body).Decode(&result) + if err != nil { + return "", err + } + return result, nil +} diff --git a/plugins/data/graphql/plugin_test.go b/plugins/data/graphql/plugin_test.go new file mode 100644 index 00000000..9f11296f --- /dev/null +++ b/plugins/data/graphql/plugin_test.go @@ -0,0 +1,238 @@ +package graphql + +import ( + "context" + "encoding/json" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/stretchr/testify/suite" + "github.com/zclconf/go-cty/cty" +) + +type PluginTestSuite struct { + suite.Suite + ctx context.Context + cancel context.CancelFunc +} + +func (s *PluginTestSuite) SetupTest() { + s.ctx, s.cancel = context.WithCancel(context.Background()) +} + +func (s *PluginTestSuite) TearDownTest() { + s.cancel() +} +func TestPluginTestSuite(t *testing.T) { + suite.Run(t, new(PluginTestSuite)) +} + +func (s *PluginTestSuite) TestGetPlugins() { + plugins := Plugin{}.GetPlugins() + s.Require().Len(plugins, 1, "expected 1 plugin") + got := plugins[0] + s.Equal("graphql", got.Name) + s.Equal("data", got.Kind) + s.Equal("blackstork", got.Namespace) + s.Equal(Version.String(), got.Version.Cast().String()) + s.NotNil(got.ConfigSpec) + s.NotNil(got.InvocationSpec) +} + +func (s *PluginTestSuite) TestBasic() { + want := plugininterface.Result{ + Result: jsonAny(` + { + "data": { + "user": { + "id": "id-1", + "name": "joe" + } + } + } + `), + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + s.Equal("application/json", r.Header.Get("Content-Type")) + s.Equal("application/json", r.Header.Get("Accept")) + body, err := io.ReadAll(r.Body) + s.NoError(err) + s.Equal(`{"query":"query{user{id,name}}"}`, string(body)) + s.Equal("POST", r.Method) + w.Write([]byte(`{ + "data": { + "user": { + "id": "id-1", + "name": "joe" + } + } + }`)) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.StringVal(srv.URL), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestWithAuth() { + want := plugininterface.Result{ + Result: jsonAny(` + { + "data": { + "user": { + "id": "id-1", + "name": "joe" + } + } + } + `), + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + s.Equal("Bearer token-1", r.Header.Get("Authorization")) + s.Equal("application/json", r.Header.Get("Content-Type")) + s.Equal("application/json", r.Header.Get("Accept")) + body, err := io.ReadAll(r.Body) + s.NoError(err) + s.Equal(`{"query":"query{user{id,name}}"}`, string(body)) + s.Equal("POST", r.Method) + w.Write([]byte(`{ + "data": { + "user": { + "id": "id-1", + "name": "joe" + } + } + }`)) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.StringVal(srv.URL), + "auth_token": cty.StringVal("token-1"), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestFailRequest() { + want := plugininterface.Result{ + Diags: hcl.Diagnostics{ + &hcl.Diagnostic{ + Severity: hcl.DiagError, + Summary: "Failed to execute query", + Detail: "unexpected status code: 404", + }, + }, + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusNotFound) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.StringVal(srv.URL), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestNullURL() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.NullVal(cty.String), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse config", result.Diags[0].Summary) +} +func (s *PluginTestSuite) TestEmptyURL() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.StringVal(""), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse config", result.Diags[0].Summary) +} +func (s *PluginTestSuite) TestEmptyQuery() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.StringVal("http://localhost"), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.StringVal(""), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse arguments", result.Diags[0].Summary) +} +func (s *PluginTestSuite) TestNullQuery() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "graphql", + Config: cty.ObjectVal(map[string]cty.Value{ + "url": cty.StringVal("http://localhost"), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "query": cty.NullVal(cty.String), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse arguments", result.Diags[0].Summary) +} + +func jsonAny(s string) any { + var v any + err := json.Unmarshal([]byte(s), &v) + if err != nil { + panic(err) + } + return v +} diff --git a/plugins/data/opencti/opencti.graphql b/plugins/data/opencti/opencti.graphql new file mode 100644 index 00000000..bc329704 --- /dev/null +++ b/plugins/data/opencti/opencti.graphql @@ -0,0 +1,12569 @@ +### DIRECTIVES + +directive @auth(for: [Capabilities] = [], and: Boolean = false) on OBJECT | FIELD_DEFINITION +directive @constraint( + # String constraints + minLength: Int + maxLength: Int + startsWith: String + endsWith: String + notContains: String + pattern: String + format: String + + # Number constraints + min: Int + max: Int + exclusiveMin: Int + exclusiveMax: Int + multipleOf: Int +) on INPUT_FIELD_DEFINITION + +### SCALAR + +scalar DateTime +scalar ConstraintString +scalar ConstraintNumber +scalar Upload +scalar StixId +scalar StixRef +scalar Any +scalar JSON +enum State { + wait + progress + complete + timeout +} +enum Capabilities { + CONNECTORAPI + KNOWLEDGE + KNOWLEDGE_KNUPDATE + KNOWLEDGE_KNPARTICIPATE + KNOWLEDGE_KNUPDATE_KNDELETE + KNOWLEDGE_KNUPDATE_KNORGARESTRICT + KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS + KNOWLEDGE_KNUPLOAD + KNOWLEDGE_KNASKIMPORT + KNOWLEDGE_KNGETEXPORT + KNOWLEDGE_KNGETEXPORT_KNASKEXPORT + KNOWLEDGE_KNENRICHMENT + EXPLORE + EXPLORE_EXUPDATE + EXPLORE_EXUPDATE_EXDELETE + MODULES + MODULES_MODMANAGE + SETTINGS + SETTINGS_SETACCESSES + SETTINGS_SETMARKINGS + SETTINGS_SETLABELS + TAXIIAPI_SETCOLLECTIONS + TAXIIAPI_SETCSVMAPPERS + VIRTUAL_ORGANIZATION_ADMIN +} +enum MemberType { + User + Group + Organization +} + +### RELAY + +type PageInfo { + startCursor: String! + endCursor: String! + hasNextPage: Boolean! + hasPreviousPage: Boolean! + globalCount: Int! +} +enum OrderingMode { + asc + desc +} +enum FilterMode { + and + or +} +enum FilterOperator { + eq + not_eq + lt + lte + gt + gte + match + wildcard + contains + not_contains + ends_with + not_ends_with + starts_with + not_starts_with + script + nil + not_nil +} + +input FilterGroup { + mode: FilterMode! + filters: [Filter!]! + filterGroups: [FilterGroup!]! +} +input Filter { + key: [String!]! + values: [Any!]! + operator: FilterOperator + mode: FilterMode +} + +type RepresentativeWithId { + id: String! + value: String +} + +### EDIT + +enum EditOperation { + add + replace + remove +} +input EditInput { + key: String! # Field name to change + object_path: String # Path to apply change (for complex object) + value: [Any]! # Values to apply + operation: EditOperation # Undefined = REPLACE +} +input EditContext { + focusOn: String # Field name +} +type EditUserContext { + name: String! + focusOn: String # Field name +} +input DictionaryInput { + key: String! + value: String! +} +type Dictionary { + key: String! + value: String! +} + +### INFO + +""" +Dependency information containing the name and the deployed version. +""" +type DependencyVersion { + name: String! + version: String! +} + +""" +NodeJs memory. +https://nodejs.org/api/process.html#process_process_memoryusage +https://nodejs.org/docs/latest-v11.x/api/v8.html#v8_v8_getheapstatistics +""" +type AppMemory { + rss: Float + heapTotal: Float + heapUsed: Float + external: Float + arrayBuffers: Float + total_heap_size: Float + total_heap_size_executable: Float + total_physical_size: Float + total_available_size: Float + used_heap_size: Float + heap_size_limit: Float + malloced_memory: Float + peak_malloced_memory: Float + does_zap_garbage: Float +} + +input ExportContext { + entity_id: String + entity_type: String! +} + +type AppDebugDistribution { + label: String! + value: Int +} + +type AppDebugStatistics { + objects: [AppDebugDistribution] + relationships: [AppDebugDistribution] +} + +""" +Retrieve the application information version add dependencies +""" +type AppInfo { + """ + The OpenCTI application version + """ + version: String! + """ + The OpenCTI api current memory usage + """ + memory: AppMemory @auth(for: [SETTINGS]) + """ + The list of OpenCTI software dependencies + """ + dependencies: [DependencyVersion!]! @auth(for: [SETTINGS]) + """ + The objects statistics + """ + debugStats: AppDebugStatistics @auth(for: [SETTINGS]) +} + +### STATS + +type AckDetails { + rate: Float +} +type MessagesStats { + ack: String + ack_details: AckDetails +} +type QueueArguments { + config: String +} +type QueueMetrics { + name: String! + arguments: QueueArguments + messages: String + messages_ready: String + messages_unacknowledged: String + consumers: String + idle_since: DateTime + message_stats: MessagesStats +} +type QueueTotals { + messages: String + messages_ready: String + messages_unacknowledged: String +} +type ObjectTotals { + channels: String + consumers: String + queues: String +} +type OverviewMetrics { + node: String + object_totals: ObjectTotals + queue_totals: QueueTotals + message_stats: MessagesStats +} +type RabbitMQMetrics { + consumers: String + queues: [QueueMetrics] + overview: OverviewMetrics +} +type SearchMetrics { + query_total: String + fetch_total: String +} +type IndexingMetrics { + index_total: String + delete_total: String +} +type GetMetrics { + total: String +} +type DocsMetrics { + count: String +} +type ElasticSearchMetrics { + docs: DocsMetrics + search: SearchMetrics + get: GetMetrics + indexing: IndexingMetrics +} +enum StatsOperation { + count + sum +} +type TimeSeries { + date: DateTime! + value: Int! +} +type MultiTimeSeries { + data: [TimeSeries] +} +input AuditsTimeSeriesParameters { + field: String! + types: [String] + filters: FilterGroup + search: String +} +input StixCoreObjectsTimeSeriesParameters { + field: String! + types: [String] + filters: FilterGroup + search: String +} +input StixRelationshipsTimeSeriesParameters { + field: String! + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup +} +input StixCoreRelationshipsTimeSeriesParameters { + field: String! + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup +} +type Distribution { + label: String! + entity: StixObjectOrStixRelationshipOrCreator + value: Int +} +type MultiDistribution { + data: [Distribution] +} +input StixCoreObjectsDistributionParameters { + objectId: String + relationship_type: [String] + toTypes: [String] + types: [String] + filters: FilterGroup + search: String +} +input StixCoreRelationshipsDistributionParameters { + field: String! + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup +} +type Number { + total: Int! + count: Int! +} +input StixCoreObjectsNumberParameters { + types: [String] + filters: FilterGroup + search: String +} + +### INTERFACES & TYPES + +###### INTERNAL + +############## Logs +type LogsWorkerConfig { + elasticsearch_url: [String]! + elasticsearch_proxy: String + elasticsearch_index: String! + elasticsearch_username: String + elasticsearch_password: String + elasticsearch_api_key: String + elasticsearch_ssl_reject_unauthorized: Boolean +} +enum LogsOrdering { + event + timestamp + created_at + event_type + event_scope +} +type LogConnection { + pageInfo: PageInfo! + edges: [LogEdge] +} +type LogEdge { + cursor: String! + node: Log! +} +type ContextData { + entity_id: String + entity_name: String + entity_type: String + from_id: String + to_id: String + message: String! + commit: String + external_references: [ExternalReference!] +} +type Log { + id: ID! + entity_type: String + event_type: String! + event_scope: String + event_status: String! + timestamp: DateTime! + user_id: String! + user: Creator + raw_data: String @auth(for: [SETTINGS]) + context_uri: String + context_data: ContextData +} + +############## Attributes +enum AttributesOrdering { + value +} +type AttributeConnection { + pageInfo: PageInfo! + edges: [AttributeEdge!]! +} +type AttributeEdge { + cursor: String! + node: Attribute! +} +type Attribute { + id: ID! + key: String! + value: String! +} +input WorkErrorInput { + error: String + source: String +} + + +############## Taxii +type TaxiiCollection { + id: ID! + name: String + description: String + filters: String + taxii_public: Boolean + authorized_members: [MemberAccess!] @auth(for: [TAXIIAPI_SETCOLLECTIONS]) +} +type TaxiiCollectionConnection { + pageInfo: PageInfo! + edges: [TaxiiCollectionEdge]! +} + +type TaxiiCollectionEdge { + cursor: String! + node: TaxiiCollection! +} +input TaxiiCollectionAddInput { + name: String! + description: String + filters: String + taxii_public: Boolean + authorized_members: [MemberAccessInput!] +} +enum TaxiiCollectionOrdering { + name + description + id +} + +type FeedMapping { + type: String! + attribute: String! +} + +type FeedAttribute { + attribute: String! + mappings: [FeedMapping!]! +} + +type Feed { + id: ID! + standard_id: ID! + name: String! + description: String + filters: String + separator: String! + rolling_time: Int! + feed_date_attribute: String + include_header: Boolean! + feed_types: [String!]! + feed_attributes: [FeedAttribute!]! + feed_public: Boolean + authorized_members: [MemberAccess!] @auth(for: [TAXIIAPI_SETCOLLECTIONS]) +} + +input FeedMappingInput { + type: String! + attribute: String! +} + +input FeedAttributeMappingInput { + attribute: String! + mappings: [FeedMappingInput!]! +} + +input FeedAddInput { + name: String! + description: String + filters: String + separator: String! + feed_date_attribute: String! + rolling_time: Int! + include_header: Boolean! + feed_types: [String!]! + feed_public: Boolean + feed_attributes: [FeedAttributeMappingInput!]! + authorized_members: [MemberAccessInput!] +} + +enum FeedOrdering { + name + rolling_time + feed_types +} + +type FeedEdge { + cursor: String! + node: Feed! +} + +type FeedConnection { + pageInfo: PageInfo! + edges: [FeedEdge]! +} + +############## Stream +type RemoteStreamCollection { + id: ID! + name: String + description: String + filters: String +} +type StreamCollection { + id: ID! + name: String + description: String + filters: String + stream_live: Boolean + stream_public: Boolean + authorized_members: [MemberAccess!] @auth(for: [TAXIIAPI_SETCOLLECTIONS]) +} +type StreamCollectionConnection { + pageInfo: PageInfo! + edges: [StreamCollectionEdge!]! +} +type StreamCollectionEdge { + cursor: String! + node: StreamCollection! +} +input StreamCollectionAddInput { + name: String! + description: String + filters: String + stream_live: Boolean + stream_public: Boolean + authorized_members: [MemberAccessInput!] +} +enum StreamCollectionOrdering { + name + description + stream_public + id + stream_live +} + +############## SubTypes +enum SubTypesOrdering { + label +} +type SubTypeConnection { + pageInfo: PageInfo! + edges: [SubTypeEdge!]! +} +type SubTypeEdge { + cursor: String! + node: SubType! +} +type SubType { + id: ID! + label: String! + statuses: [Status!]! + workflowEnabled: Boolean + settings: EntitySetting # Simpler before moving workflow +} + +############## Statuses +enum StatusTemplateOrdering { + name +} +type StatusTemplate { + id: ID! + name: String! + color: String! + editContext: [EditUserContext!] + usages: Int +} +type StatusTemplateConnection { + pageInfo: PageInfo! + edges: [StatusTemplateEdge] +} +type StatusTemplateEdge { + cursor: String! + node: StatusTemplate! +} +enum StatusOrdering { + type + order +} +type Status { + id: ID! + template_id: String! + template: StatusTemplate + type: String! + order: Int! + disabled: Boolean +} +type StatusConnection { + pageInfo: PageInfo! + edges: [StatusEdge!]! +} +type StatusEdge { + cursor: String! + node: Status! +} +input StatusAddInput { + template_id: String! + order: Int! +} +input StatusTemplateAddInput { + name: String! + color: String! +} + +############## Sync +enum SynchronizersOrdering { + id + name + current_state_date + running + uri + stream_id +} + +type Synchronizer { + id: ID! + name: String! + uri: String! + token: String + stream_id: String! + user: Creator + running: Boolean! + current_state_date: DateTime + listen_deletion: Boolean! + no_dependencies: Boolean! + ssl_verify: Boolean + synchronized: Boolean +} + +type SynchronizerEdge { + cursor: String! + node: Synchronizer! +} + +type SynchronizerConnection { + pageInfo: PageInfo! + edges: [SynchronizerEdge] +} + +input SynchronizerAddInput { + name: String! @constraint(minLength: 2) + uri: String! @constraint(minLength: 2) + token: String + stream_id: String! @constraint(minLength: 2) + user_id: String + recover: DateTime + current_state_date: DateTime + listen_deletion: Boolean! + no_dependencies: Boolean! + ssl_verify: Boolean + synchronized: Boolean +} + +input SynchronizerFetchInput { + uri: String! + token: String + ssl_verify: Boolean +} + +############## Files +enum WorksOrdering { + status + timestamp +} +type WorkMessage { + timestamp: DateTime + message: String + sequence: Int + source: String +} +type WorkTracking { + import_expected_number: Int + import_last_processed: DateTime + import_processed_number: Int +} +type Work { + id: ID! + name: String + user: Creator + connector: Connector + timestamp: DateTime! + status: State! + event_source_id: String + received_time: DateTime + processed_time: DateTime + completed_time: DateTime + completed_number: Int + messages: [WorkMessage] + errors: [WorkMessage] + tracking: WorkTracking +} +type WorkEdge { + cursor: String! + node: Work! +} +type WorkConnection { + pageInfo: PageInfo! + edges: [WorkEdge] +} +type FileMetadata { + encoding: String + mimetype: String + version: String + messages: [WorkMessage] + errors: [WorkMessage] + list_filters: String + entity_id: String + entity: StixObject + labels_text: String + labels: [String] + creator_id: String + external_reference_id: String + creator: Creator + description: String + order: Int + inCarousel: Boolean +} +type File { + id: ID! + name: String! + size: Int + lastModified: DateTime + lastModifiedSinceMin: Int + metaData: FileMetadata + uploadStatus: State! + works: [Work] +} +type FileEdge { + cursor: String! + node: File! +} +type FileConnection { + pageInfo: PageInfo! + edges: [FileEdge] +} + +type IndexedFile { + id: ID! + name: String! + file_id: String! + uploaded_at: DateTime! + entity: StixObject + searchOccurrences: Int +} +type IndexedFileEdge { + cursor: String! + node: IndexedFile! +} +type IndexedFileConnection { + pageInfo: PageInfo! + edges: [IndexedFileEdge] +} + +type MetricsByMimeType { + mimeType: String! + count: Int! + size: Float! +} + +type FilesMetrics { + globalCount: Int! + globalSize: Float! + metricsByMimeType: [MetricsByMimeType!] +} + +type OpenCtiFile { + id: ID! + name: String! + mime_type: String! + description: String + order: Int + inCarousel: Boolean +} + +############## BackgroundTask +enum BackgroundTaskType { + QUERY + LIST + RULE +} +type BackgroundTaskError { + id: ID! + timestamp: DateTime + message: String +} +enum BackgroundTaskScope { + KNOWLEDGE + USER + SETTINGS +} +enum BackgroundTaskActionType { + DELETE + ADD + REMOVE + REPLACE + MERGE + ENRICHMENT + PROMOTE + RULE_ELEMENT_RESCAN + SHARE + UNSHARE +} +enum BackgroundTaskContextType { + ATTRIBUTE + RELATION + REVERSED_RELATION +} +enum BackgroundTasksOrdering { + id + type + completed + created_at + last_execution_date +} +type BackgroundTaskContext { + field: String + type: BackgroundTaskContextType + values: [String]! +} +type BackgroundTaskAction { + type: BackgroundTaskActionType + context: BackgroundTaskContext +} + +interface BackgroundTask { + id: ID! + type: BackgroundTaskType + initiator: Creator + actions: [BackgroundTaskAction] + created_at: DateTime + last_execution_date: DateTime + completed: Boolean + task_expected_number: Int + task_processed_number: Int + errors: [BackgroundTaskError] +} + +type RuleTask implements BackgroundTask { + id: ID! + type: BackgroundTaskType + initiator: Creator + actions: [BackgroundTaskAction] + created_at: DateTime + last_execution_date: DateTime + completed: Boolean + task_expected_number: Int + task_processed_number: Int + errors: [BackgroundTaskError] + # RuleTask + rule: ID! + enable: Boolean +} + +type ListTask implements BackgroundTask { + id: ID! + type: BackgroundTaskType + initiator: Creator + actions: [BackgroundTaskAction] + created_at: DateTime + last_execution_date: DateTime + completed: Boolean + task_expected_number: Int + task_processed_number: Int + errors: [BackgroundTaskError] + # QueryTask and ListTask + scope: BackgroundTaskScope! + authorized_members: [MemberAccess!], + authorized_authorities: [String] + # ListTask + task_ids: [ID!] +} + +type QueryTask implements BackgroundTask { + id: ID! + type: BackgroundTaskType + initiator: Creator + actions: [BackgroundTaskAction] + created_at: DateTime + last_execution_date: DateTime + completed: Boolean + task_expected_number: Int + task_processed_number: Int + errors: [BackgroundTaskError] + # QueryTask and ListTask + scope: BackgroundTaskScope! + authorized_members: [MemberAccess!], + authorized_authorities: [String] + # QueryTask + task_filters: String! + task_search: String +} + +type BackgroundTaskConnectionEdge { + cursor: String! + node: BackgroundTask! +} + +type BackgroundTaskConnection { + pageInfo: PageInfo! + edges: [BackgroundTaskConnectionEdge] +} + +input BackgroundTaskContextOptionsInput { + includeNeighbours: Boolean +} + +input BackgroundTaskContextInput { + field: String + type: BackgroundTaskContextType + values: [String]! + options: BackgroundTaskContextOptionsInput +} +input BackgroundTaskActionInput { + type: BackgroundTaskActionType! + context: BackgroundTaskContextInput +} +input ListTaskAddInput { + ids: [ID!] + actions: [BackgroundTaskActionInput]! + scope: BackgroundTaskScope! +} +input QueryTaskAddInput { + filters: String! + search: String + excluded_ids: [ID] + actions: [BackgroundTaskActionInput]! + scope: BackgroundTaskScope! +} + +input RetentionRuleAddInput { + name: String! + filters: String! + max_retention: Int! @constraint(min: 1) +} +type RetentionRule { + id: ID! + standard_id: String! + name: String! + filters: String! + max_retention: Int! + last_execution_date: DateTime + last_deleted_count: Int + remaining_count: Int +} +type RetentionRuleConnection { + pageInfo: PageInfo! + edges: [RetentionRuleEdge] +} +type RetentionRuleEdge { + cursor: String! + node: RetentionRule! +} +type RetentionRuleEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): RetentionRule +} +###### ENTITIES +interface BasicObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! +} + +######## INTERNAL OBJECT ENTITIES +interface InternalObject { + # BasicObject + id: ID! # internal_id! + entity_type: String! +} + +############## Settings +type Module { + id: ID! + enable: Boolean! + running: Boolean! + warning: Boolean +} +type Cluster { + instances_number: Int! +} +type Provider { + name: String! + type: String + strategy: String + provider: String +} +type UserStatus { + status: String! + message: String! +} +input SettingsMessageInput { + id: ID + message: String! + activated: Boolean! + dismissible: Boolean! + color: String + recipients: [String!] +} +type SettingsMessage { + id: ID! + message: String! + activated: Boolean! + dismissible: Boolean! + updated_at: DateTime! + color: String + recipients: [Member!] @auth(for: [SETTINGS]) +} + +enum PlatformCriticalAlertType { + GROUP_WITH_NULL_CONFIDENCE_LEVEL +} +type PlatformCriticalAlertDetails { + groups: [Group!]! +} +type PlatformCriticalAlert { + message: String! + type: PlatformCriticalAlertType! + details: PlatformCriticalAlertDetails +} + +type Settings implements InternalObject & BasicObject { + id: ID! + standard_id: String! @auth + entity_type: String! @auth + parent_types: [String!]! @auth + # Settings + platform_organization: Organization + platform_title: String + platform_favicon: String + platform_email: String @auth + platform_cluster: Cluster! @auth + platform_modules: [Module!] @auth + platform_url: String + platform_providers: [Provider!]! + platform_user_statuses: [UserStatus!]! + platform_language: String + platform_theme: String + platform_theme_dark_background: String + platform_theme_dark_paper: String + platform_theme_dark_nav: String + platform_theme_dark_primary: String + platform_theme_dark_secondary: String + platform_theme_dark_accent: String + platform_theme_dark_logo: String + platform_theme_dark_logo_collapsed: String + platform_theme_dark_logo_login: String + platform_theme_light_background: String + platform_theme_light_paper: String + platform_theme_light_nav: String + platform_theme_light_primary: String + platform_theme_light_secondary: String + platform_theme_light_accent: String + platform_theme_light_logo: String + platform_theme_light_logo_collapsed: String + platform_theme_light_logo_login: String + platform_map_tile_server_dark: String + platform_map_tile_server_light: String + platform_login_message: String + platform_consent_message: String + platform_consent_confirm_text: String + platform_banner_text: String + platform_banner_level: String + platform_session_idle_timeout: Int + platform_session_timeout: Int + platform_whitemark: Boolean + platform_demo: Boolean + platform_reference_attachment: Boolean @auth + platform_feature_flags: [Module!] @auth + platform_critical_alerts: [PlatformCriticalAlert!]! + created_at: DateTime! @auth + updated_at: DateTime! @auth + enterprise_edition: DateTime + activity_listeners: [Member!] @auth(for: [SETTINGS]) + otp_mandatory: Boolean @auth + password_policy_min_length: Int @auth + password_policy_max_length: Int @auth + password_policy_min_symbols: Int @auth + password_policy_min_numbers: Int @auth + password_policy_min_words: Int @auth + password_policy_min_lowercase: Int @auth + password_policy_min_uppercase: Int @auth + platform_messages: [SettingsMessage!] @auth + messages_administration: [SettingsMessage!] @auth(for: [SETTINGS]) + analytics_google_analytics_v4: String @auth + # Technical + editContext: [EditUserContext!] @auth(for: [SETTINGS]) +} + +############## Groups +enum GroupsOrdering { + name + default_assignation + auto_new_marking + created_at + updated_at +} + +type GroupConnection { + pageInfo: PageInfo! + edges: [GroupEdge] +} +type GroupEdge { + cursor: String! + node: Group! +} +input DefaultMarkingInput { + entity_type: String! + values: [String!] +} +type DefaultMarking { + entity_type: String + values: [MarkingDefinition!] +} +type Group implements InternalObject & BasicObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # Group + name: String! + default_assignation: Boolean + auto_new_marking: Boolean + description: String + default_dashboard: Workspace + members( + first: Int + after: ID + orderBy: UsersOrdering + orderMode: OrderingMode + search: String + ): UserConnection @auth(for: [SETTINGS_SETACCESSES]) + created_at: DateTime + updated_at: DateTime + roles(orderBy: RolesOrdering, orderMode: OrderingMode): RoleConnection + allowed_marking: [MarkingDefinition!] + default_marking: [DefaultMarking!] + default_hidden_types: [String!] + group_confidence_level: ConfidenceLevel + # Technical + editContext: [EditUserContext!] +} +input GroupAddInput { + name: String! + description: String + default_assignation: Boolean + auto_new_marking: Boolean + clientMutationId: String + group_confidence_level: ConfidenceLevelInput! +} + +############## Users +enum UnitSystem { + auto + Metric + Imperial +} +enum UsersOrdering { + name + user_email + firstname + lastname + language + external + created_at + updated_at +} +type UserConnection { + pageInfo: PageInfo! + edges: [UserEdge!]! +} +type CreatorConnection { + pageInfo: PageInfo! + edges: [CreatorEdge] +} +type AssigneeConnection { + pageInfo: PageInfo! + edges: [AssigneeEdge!]! +} +type ParticipantConnection { + pageInfo: PageInfo! + edges: [ParticipantEdge!]! +} +type MemberConnection { + pageInfo: PageInfo! + edges: [MemberEdge!]! +} +type UserEdge { + cursor: String! + node: User! +} +type CreatorEdge { + cursor: String! + node: Creator! +} +type AssigneeEdge { + cursor: String! + node: Assignee! +} +type ParticipantEdge { + cursor: String! + node: Participant! +} +type MemberEdge { + cursor: String! + node: Member! +} +type Assignee { + id: ID! # internal_id + name: String! + entity_type: String! +} +type Participant { + id: ID! # internal_id + name: String! + entity_type: String! +} +type Member { + id: ID! # internal_id + name: String! + entity_type: String! +} +type MemberAccess { + id: ID! # internal_id + name: String! + entity_type: String! + access_right: String! +} +input MemberAccessInput { + id: ID! # internal_id + access_right: String! +} +type OtpElement { + secret: String! + uri: String! +} +type Creator { + id: ID! # internal_id + name: String! + entity_type: String! + representative: Representative! +} + +type ConfidenceLevel { + max_confidence: Int! + overrides: [ConfidenceLevelOverride!]! +} +type ConfidenceLevelOverride { + entity_type: String! + max_confidence: Int! +} +type EffectiveConfidenceLevel { + max_confidence: Int! + source: EffectiveConfidenceLevelSource! +} +union EffectiveConfidenceLevelSource = Group | User + +type User implements BasicObject & InternalObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # User + user_email: String! + api_token: String! @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + individual_id: String + name: String! + description: String + firstname: String + otp_activated: Boolean + otp_qr: String + otp_mandatory: Boolean + lastname: String + theme: String + language: String + external: Boolean + roles: [Role!]! + capabilities: [Capability]! + default_hidden_types: [String!]! + user_confidence_level: ConfidenceLevel + effective_confidence_level: EffectiveConfidenceLevel + groups( + orderBy: GroupsOrdering + orderMode: OrderingMode + ): GroupConnection @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + objectOrganization( + orderBy: OrganizationsOrdering + orderMode: OrderingMode + ): OrganizationConnection @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + created_at: DateTime! + updated_at: DateTime! + sessions: [SessionDetail] @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + default_time_field: String + account_status: String! @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + account_lock_after_date: DateTime @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + administrated_organizations: [Organization!]! + unit_system: UnitSystem + # Technical + editContext: [EditUserContext!] +} + +type MeUser implements BasicObject & InternalObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String!]! + user_email: String! + name: String! + description: String + firstname: String + otp_activated: Boolean + otp_qr: String + lastname: String + theme: String + language: String + external: Boolean + individual_id: String + api_token: String! + objectOrganization: MeOrganizationConnection + capabilities: [Capability!]! + default_hidden_types: [String]! + allowed_marking: [MarkingDefinition!] + default_marking: [DefaultMarking!] + otp_mandatory: Boolean + groups( + orderBy: GroupsOrdering + orderMode: OrderingMode + ): GroupConnection + default_dashboards: [Workspace!]! + default_dashboard: Workspace + default_time_field: String + account_status: String! + account_lock_after_date: DateTime + administrated_organizations: [Organization!]! + unit_system: UnitSystem +} +type SessionDetail { + id: ID! + created: DateTime + ttl: Int + originalMaxAge: Int +} +type UserSession { + user: Creator + sessions: [SessionDetail] +} +input UserAddInput { + user_email: String! @constraint(minLength: 5, format: "email") + name: String! @constraint(minLength: 2) + password: String! + firstname: String + lastname: String + description: String + language: String + theme: String + objectOrganization: [ID!] + account_status: String + account_lock_after_date: DateTime + unit_system: String + groups: [ID!] + user_confidence_level: ConfidenceLevelInput +} + +input ConfidenceLevelInput { + max_confidence: Int! + overrides: [ConfidenceLevelOverrideInput!]! +} + +input ConfidenceLevelOverrideInput { + entity_type: String! + max_confidence: Int! +} + +input UserLoginInput { + email: String! + password: String! +} + +input UserOTPLoginInput { + code: String! +} + +input UserOTPActivationInput { + secret: String! + code: String! +} + +############## Roles +enum RolesOrdering { + name + created_at + updated_at +} +type RoleConnection { + pageInfo: PageInfo! + edges: [RoleEdge!] +} +type RoleEdge { + cursor: String! + node: Role! +} +type Role implements BasicObject & InternalObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # Role + name: String! + description: String + created_at: DateTime! + updated_at: DateTime! + capabilities: [Capability] + editContext: [EditUserContext!] +} +input RoleAddInput { + name: String! + description: String + clientMutationId: String +} + +############## Capabilities +type CapabilityConnection { + pageInfo: PageInfo! + edges: [CapabilityEdge] +} +type CapabilityEdge { + cursor: String! + node: Capability! +} +type Capability implements BasicObject & InternalObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # Capability + name: String! + description: String + attribute_order: Int + created_at: DateTime! + updated_at: DateTime! + # Technical + editContext: [EditUserContext!] +} + +############## Connectors +enum ConnectorType { + EXTERNAL_IMPORT + INTERNAL_IMPORT_FILE + INTERNAL_ENRICHMENT + INTERNAL_EXPORT_FILE + STREAM +} +input RegisterConnectorInput { + id: ID! + name: String! + type: ConnectorType! + scope: [String!] + auto: Boolean + only_contextual: Boolean + playbook_compatible: Boolean +} +type RabbitMQConnection { + host: String! + vhost: String! + use_ssl: Boolean! + port: Int! + user: String! + pass: String! +} +type ConnectorConfig { + connection: RabbitMQConnection! @auth(for: [CONNECTORAPI]) + listen: String! + listen_routing: String! + listen_exchange: String! + push: String! + push_routing: String! + push_exchange: String! +} + +type ConnectorMetadata { + configuration: String! +} +type ConnectorConfiguration { + id: ID! + name: String! + configuration: String! +} +type Connector implements BasicObject & InternalObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # Connector + name: String! + active: Boolean + auto: Boolean + only_contextual: Boolean + playbook_compatible: Boolean + connector_type: String + connector_scope: [String!] + connector_state: String + connector_schema: String + connector_schema_ui: String + connector_state_reset: Boolean + connector_user_id: ID + updated_at: DateTime + created_at: DateTime + config: ConnectorConfig + works(status: String): [Work] + ## Built in Connector + built_in: Boolean + configurations: [ConnectorConfiguration!] +} + +############## Rules +type RuleExecutionError { + timestamp: DateTime + source: String + error: String +} +type RuleManager { + id: ID! # internal_id + activated: Boolean! + lastEventId: String + errors: [RuleExecutionError] +} + +type DisplayStep { + source: String + source_color: String + relation: String + target: String + target_color: String + identifier: String + identifier_color: String + action: String +} + +type Display { + if: [DisplayStep] + then: [DisplayStep] +} + +type Rule { + id: ID! # internal_id + name: String! + description: String! + activated: Boolean! + category: String + display: Display +} + +######## STIX OBJECT ENTITIES +type InferenceAttribute { + field: String! + value: String! +} +type Inference { + rule: Rule! + explanation: [StixObjectOrStixRelationship]! + attributes: [InferenceAttribute] +} + +interface StixObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # Technical + creators: [Creator!] + # inferences + x_opencti_inferences: [Inference] +} + +######## STIX META OBJECT ENTITIES +enum StixMetaObjectsOrdering { + entity_type + created + modified + spec_version + created_at + updated_at +} +type StixMetaObjectConnection { + pageInfo: PageInfo! + edges: [StixMetaObjectEdge] +} +type StixMetaObjectEdge { + cursor: String! + node: StixMetaObject! +} +interface StixMetaObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixMetaObject + created: DateTime + modified: DateTime +} + +############## MarkingDefinitions +enum MarkingDefinitionsOrdering { + definition_type + definition + x_opencti_order + x_opencti_color + created + modified + created_at + updated_at +} +type MarkingDefinitionConnection { + pageInfo: PageInfo! + edges: [MarkingDefinitionEdge!]! +} +type MarkingDefinitionEdge { + cursor: String! + node: MarkingDefinition! +} +type MarkingDefinition implements BasicObject & StixObject & StixMetaObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixMetaObject + created: DateTime + modified: DateTime + # MarkingDefinition + definition_type: String + definition: String + x_opencti_order: Int! + x_opencti_color: String + # Technical + creators: [Creator!] + toStix: String + editContext: [EditUserContext!] +} +input MarkingDefinitionAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + definition_type: String! + definition: String! + x_opencti_order: Int! + x_opencti_color: String + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean +} + +############## Labels +enum LabelsOrdering { + value + color + created + modified + created_at + updated_at +} +type LabelConnection { + pageInfo: PageInfo! + edges: [LabelEdge!]! +} +type LabelEdge { + cursor: String! + node: Label! +} +type Label implements BasicObject & StixObject & StixMetaObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixMetaObject + created: DateTime + modified: DateTime + # MarkingDefinition + value: String + color: String + # Technical + creators: [Creator!] + toStix: String + editContext: [EditUserContext!] +} +input LabelAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + value: String! + color: String + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean +} + +############## ExternalReferences +enum ExternalReferencesOrdering { + source_name + url + hash + external_id + created + modified + created_at + updated_at + creator +} +type ExternalReferenceConnection { + pageInfo: PageInfo! + edges: [ExternalReferenceEdge!]! +} +type ExternalReferenceEdge { + cursor: String! + node: ExternalReference! +} +type ExternalReference implements BasicObject & StixObject & StixMetaObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixMetaObject + created: DateTime + modified: DateTime + # ExternalReference + source_name: String! + description: String + url: String + hash: String + external_id: String + references(types: [String]): StixObjectOrStixRelationshipConnection + fileId: String + # Technical + creators: [Creator!] + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input ExternalReferenceAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + source_name: String! @constraint(minLength: 2) + description: String + url: String + hash: String + file: Upload + external_id: String + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean +} + +############## KillChainPhases +enum KillChainPhasesOrdering { + x_opencti_order + kill_chain_name + phase_name + created + modified + created_at + updated_at +} +type KillChainPhaseConnection { + pageInfo: PageInfo! + edges: [KillChainPhaseEdge!]! +} +type KillChainPhaseEdge { + cursor: String! + node: KillChainPhase! +} +type KillChainPhase implements BasicObject & StixObject & StixMetaObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixMetaObject + created: DateTime + modified: DateTime + # KillChainPhase + kill_chain_name: String! + phase_name: String! + x_opencti_order: Int + # Technical + creators: [Creator!] + editContext: [EditUserContext!] +} +input KillChainPhaseAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + kill_chain_name: String! + phase_name: String! + x_opencti_order: Int! + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean +} + +######## STIX CORE OBJECT ENTITIES + +type Representative { + main: String! + secondary: String +} + +enum StixCoreObjectsOrdering { + name + entity_type + created + modified + created_at + updated_at + start_time + stop_time + published + valid_from + valid_until + first_seen + last_seen + indicator_pattern + x_opencti_workflow_id + createdBy + creator + objectMarking + observable_value + subject + value + _score +} +type StixCoreObjectConnection { + pageInfo: PageInfo! + edges: [StixCoreObjectEdge] +} +type StixCoreObjectEdge { + cursor: String! + node: StixCoreObject! +} +union OrganizationOrIndividual = Organization | Individual +interface StixCoreObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} + +########## STIX DOMAIN OBJECT ENTITIES + +enum StixDomainObjectsOrdering { + name + entity_type + created + modified + created_at + updated_at + published + valid_from + valid_until + indicator_pattern + x_opencti_workflow_id + createdBy + creator + objectMarking + _score + first_seen + last_seen + attribute_count + x_opencti_negative + confidence + first_observed + last_observed + number_observed + incident_type + severity + priority + rating + context + attribute_abstract + opinion + pattern_type + report_types + note_types + channel_types + x_opencti_base_severity + event_types + x_opencti_organization_type + submitted + product + result_name + operatingSystem +} +type StixDomainObjectConnection { + pageInfo: PageInfo! + edges: [StixDomainObjectEdge] +} +type StixDomainObjectEdge { + cursor: String! + node: StixDomainObject! +} +interface StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input StixDomainObjectAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + confidence: Int + pattern_type: String + context: String + pattern: String + aliases: [String] + x_opencti_aliases: [String] + type: String! + createdBy: String + objectMarking: [String] + objectLabel: [String] + killChainPhases: [String] + externalReferences: [String] + objects: [String] + clientMutationId: String + created: DateTime + modified: DateTime + update: Boolean +} + +############## AttackPatterns +enum AttackPatternsOrdering { + x_mitre_id + name + created + modified + created_at + updated_at + x_opencti_workflow_id +} +type AttackPatternConnection { + pageInfo: PageInfo! + edges: [AttackPatternEdge!]! +} +type AttackPatternEdge { + cursor: String! + node: AttackPattern! +} +type AttackPattern implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # AttackPattern + name: String! + description: String + aliases: [String] + x_mitre_platforms: [String!] + x_mitre_permissions_required: [String] + x_mitre_detection: String + x_mitre_id: String + killChainPhases: [KillChainPhase!] + coursesOfAction: CourseOfActionConnection + parentAttackPatterns: AttackPatternConnection + subAttackPatterns: AttackPatternConnection + isSubAttackPattern: Boolean + dataComponents: DataComponentConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input AttackPatternAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + aliases: [String] + revoked: Boolean + lang: String + confidence: Int + x_mitre_platforms: [String!] + x_mitre_permissions_required: [String] + x_mitre_detection: String + x_mitre_id: String + createdBy: String + objectMarking: [String] + objectOrganization: [String] + objectLabel: [String] + killChainPhases: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Campaigns +enum CampaignsOrdering { + name + first_seen + last_seen + role_played + created + modified + created_at + updated_at + x_opencti_workflow_id + confidence +} +type CampaignConnection { + pageInfo: PageInfo! + edges: [CampaignEdge] +} +type CampaignEdge { + cursor: String! + node: Campaign! +} +type Campaign implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Campaign + name: String! + description: String + aliases: [String] + first_seen: DateTime + last_seen: DateTime + objective: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input CampaignAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + aliases: [String] + revoked: Boolean + lang: String + confidence: Int + first_seen: DateTime + last_seen: DateTime + objective: String + createdBy: String + objectMarking: [String] + objectAssignee: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +############## Containers +enum ContainersOrdering { + name + published + created + modified + created_at + updated_at + createdBy + objectMarking + x_opencti_workflow_id + creator + entity_type + _score +} +type ContainerConnection { + pageInfo: PageInfo! + edges: [ContainerEdge] +} +type ContainerEdge { + cursor: String! + node: Container! +} +interface Container { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Container + objects( + first: Int + after: ID + orderBy: StixObjectOrStixRelationshipsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + all: Boolean + ): StixObjectOrStixRelationshipRefConnection + relatedContainers( + first: Int + after: ID + orderBy: ContainersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + viaTypes: [String] + ): ContainerConnection + # Technical + creators: [Creator!] + workflowEnabled: Boolean + status: Status +} + +################ Notes +enum NotesOrdering { + attribute_abstract + created + modified + created_at + updated_at + createdBy + x_opencti_workflow_id + objectMarking + note_types + creator +} +type NoteConnection { + pageInfo: PageInfo! + edges: [NoteEdge!]! +} +type NoteEdge { + cursor: String! + node: Note! +} +type Note implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Container + objects( + first: Int + after: ID + orderBy: StixObjectOrStixRelationshipsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + all: Boolean + ): StixObjectOrStixRelationshipRefConnection + relatedContainers( + first: Int + after: ID + orderBy: ContainersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + viaTypes: [String] + ): ContainerConnection + # Note + attribute_abstract: String + content: String! + authors: [String] + note_types: [String] + likelihood: Int + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input NoteAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + attribute_abstract: String + content: String! @constraint(minLength: 2) + authors: [String] + note_types: [String] + likelihood: Int + revoked: Boolean + lang: String + createdBy: String + confidence: Int + objectMarking: [String] + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + objects: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} +input NoteUserAddInput { + stix_id: String + x_opencti_stix_ids: [String] + attribute_abstract: String + content: String! @constraint(minLength: 2) + note_types: [String] + likelihood: Int + revoked: Boolean + lang: String + confidence: Int + objectMarking: [String] + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + objects: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean +} + +################ ObservedDatas +enum ObservedDatasOrdering { + first_observed + last_observed + number_observed + created + modified + created_at + updated_at + createdBy + x_opencti_workflow_id + objectMarking + confidence +} +type ObservedDataConnection { + pageInfo: PageInfo! + edges: [ObservedDataEdge] +} +type ObservedDataEdge { + cursor: String! + node: ObservedData! +} +type ObservedData implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Container + objects( + first: Int + after: ID + orderBy: StixObjectOrStixRelationshipsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + all: Boolean + ): StixObjectOrStixRelationshipRefConnection + relatedContainers( + first: Int + after: ID + orderBy: ContainersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + viaTypes: [String] + ): ContainerConnection + # ObservedData + first_observed: DateTime! + last_observed: DateTime! + number_observed: Int! + name: String! + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input ObservedDataAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + first_observed: DateTime! + last_observed: DateTime! + number_observed: Int! + revoked: Boolean + lang: String + confidence: Int + createdBy: String + objectMarking: [String] + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + objects: [String]! + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +################ Opinions +enum OpinionsOrdering { + opinion + created + modified + created_at + updated_at + createdBy + objectMarking + x_opencti_workflow_id + confidence + creator +} +type OpinionConnection { + pageInfo: PageInfo! + edges: [OpinionEdge] +} +type OpinionEdge { + cursor: String! + node: Opinion! +} +type Opinion implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Container + objects( + first: Int + after: ID + orderBy: StixObjectOrStixRelationshipsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + all: Boolean + ): StixObjectOrStixRelationshipRefConnection + relatedContainers( + first: Int + after: ID + orderBy: ContainersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + viaTypes: [String] + ): ContainerConnection + # Opinion + explanation: String + authors: [String] + opinion: String! + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input OpinionAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + opinion: String! + explanation: String + authors: [String] + revoked: Boolean + lang: String + confidence: Int + createdBy: String + objectMarking: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + objects: [String] + created: DateTime + modified: DateTime + update: Boolean + clientMutationId: String + file: Upload +} +input OpinionUserAddInput { + stix_id: String + x_opencti_stix_ids: [String] + opinion: String! + explanation: String + authors: [String] + revoked: Boolean + lang: String + confidence: Int + objectMarking: [String] + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + objects: [String] + created: DateTime + modified: DateTime + update: Boolean + clientMutationId: String +} + +################ Reports +enum ReportsOrdering { + name + created + modified + published + created_at + updated_at + createdBy + creator + objectMarking + report_types + x_opencti_workflow_id +} +type ReportConnection { + pageInfo: PageInfo! + edges: [ReportEdge] +} +type ReportEdge { + cursor: String! + node: Report! +} +type Report implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Container + objects( + first: Int + after: ID + orderBy: StixObjectOrStixRelationshipsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + all: Boolean + ): StixObjectOrStixRelationshipRefConnection + relatedContainers( + first: Int + after: ID + orderBy: ContainersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + types: [String] + viaTypes: [String] + ): ContainerConnection + # Report + name: String! + description: String + content: String + content_mapping: String + report_types: [String] + x_opencti_reliability: String + published: DateTime + objectParticipant: [Participant!] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean + deleteWithElementsCount: Int @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) +} +input ReportAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + content: String + content_mapping: String + published: DateTime! + report_types: [String] + x_opencti_reliability: String + revoked: Boolean + lang: String + confidence: Int + createdBy: String + objectOrganization: [String] + objectMarking: [String] + objectAssignee: [String] + objectParticipant: [String] + objectLabel: [String] + externalReferences: [String] + objects: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +############## CoursesOfAction +enum CoursesOfActionOrdering { + name + created + modified + created_at + updated_at + x_opencti_workflow_id + objectMarking + x_mitre_id +} +type CourseOfActionConnection { + pageInfo: PageInfo! + edges: [CourseOfActionEdge] +} +type CourseOfActionEdge { + cursor: String! + node: CourseOfAction! +} +type CourseOfAction implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # CourseOfAction + name: String! + description: String + x_opencti_aliases: [String] + x_mitre_id: String + x_opencti_threat_hunting: String + x_opencti_log_sources: [String] + attackPatterns: AttackPatternConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input CourseOfActionAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + x_opencti_aliases: [String] + x_mitre_id: String + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Identities +enum IdentitiesOrdering { + name + created + modified + created_at + updated_at + x_opencti_workflow_id + _score +} +type IdentityConnection { + pageInfo: PageInfo! + edges: [IdentityEdge] +} +type IdentityEdge { + cursor: String! + node: Identity! +} +enum IdentityType { + Sector + Organization + Individual + System +} +interface Identity { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Identity + identity_class: String! + name: String! + description: String + roles: [String] + contact_information: String + x_opencti_aliases: [String] + x_opencti_reliability: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input IdentityAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + type: IdentityType! + name: String! + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + x_opencti_workflow_id: String + clientMutationId: String + created: DateTime + modified: DateTime + update: Boolean +} + +################ Individuals +enum IndividualsOrdering { + name + firstname + lastname + created + modified + x_opencti_workflow_id + objectMarking +} +type IndividualConnection { + pageInfo: PageInfo! + edges: [IndividualEdge] +} +type IndividualEdge { + cursor: String! + node: Individual! +} +type Individual implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Identity { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Identity + identity_class: String! + name: String! + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + x_opencti_reliability: String + # Individual + x_opencti_firstname: String + x_opencti_lastname: String + organizations: OrganizationConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean + isUser: Boolean @auth(for: [SETTINGS_SETACCESSES]) +} +input IndividualAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + x_opencti_firstname: String + x_opencti_lastname: String + x_opencti_reliability: String + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +################ Sectors +enum SectorsOrdering { + name + description + created + modified + created_at + updated_at + x_opencti_workflow_id + objectMarking +} +type SectorConnection { + pageInfo: PageInfo! + edges: [SectorEdge] +} +type SectorEdge { + cursor: String! + types: [String] + node: Sector! +} +type Sector implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Identity { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Identity + identity_class: String! + name: String! + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + x_opencti_reliability: String + # Sector + parentSectors: SectorConnection + subSectors: SectorConnection + isSubSector: Boolean + targetedOrganizations: StixCoreRelationshipConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input SectorAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +################ Systems +enum SystemsOrdering { + name + confidence + firstname + lastname + created + modified + x_opencti_workflow_id +} +type SystemConnection { + pageInfo: PageInfo! + edges: [SystemEdge] +} +type SystemEdge { + cursor: String! + node: System! +} +type System implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Identity { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Identity + identity_class: String! + name: String! + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + x_opencti_reliability: String + # System + x_opencti_firstname: String + x_opencti_lastname: String + organizations: OrganizationConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input SystemAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + contact_information: String + roles: [String] + x_opencti_aliases: [String] + x_opencti_firstname: String + x_opencti_lastname: String + x_opencti_reliability: String + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +############## Infrastructures +enum InfrastructuresOrdering { + name + infrastructure_types + first_seen + last_seen + created + modified + created_at + updated_at + x_opencti_workflow_id + confidence + createdBy + objectMarking + creator +} +type InfrastructureConnection { + pageInfo: PageInfo! + edges: [InfrastructureEdge] +} +type InfrastructureEdge { + cursor: String! + node: Infrastructure! +} +type Infrastructure implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Infrastructure + name: String! + aliases: [String] + description: String + infrastructure_types: [String] + first_seen: DateTime + last_seen: DateTime + killChainPhases: [KillChainPhase!] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input InfrastructureAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + aliases: [String] + infrastructure_types: [String] + first_seen: DateTime + last_seen: DateTime + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectOrganization: [String] + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + killChainPhases: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## IntrusionSets +enum IntrusionSetsOrdering { + name + created + modified + created_at + updated_at + x_opencti_workflow_id + confidence +} +type IntrusionSetConnection { + pageInfo: PageInfo! + edges: [IntrusionSetEdge] +} +type IntrusionSetEdge { + cursor: String! + node: IntrusionSet! +} +type IntrusionSet implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # IntrusionSet + name: String! + description: String + aliases: [String] + first_seen: DateTime + last_seen: DateTime + goals: [String] + resource_level: String + primary_motivation: String + secondary_motivations: [String] + locations: LocationConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input IntrusionSetAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + aliases: [String] + first_seen: DateTime + last_seen: DateTime + goals: [String] + resource_level: String + primary_motivation: String + secondary_motivations: [String] + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectAssignee: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Locations +enum LocationsOrdering { + name + latitude + longitude + created + modified + created_at + updated_at + x_opencti_workflow_id +} +type LocationConnection { + pageInfo: PageInfo! + edges: [LocationEdge] +} +type LocationEdge { + cursor: String! + types: [String] + node: Location! +} +interface Location { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Location + name: String! + description: String + latitude: Float + longitude: Float + precision: Float + x_opencti_aliases: [String] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input LocationAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + type: String! + name: String! + description: String + latitude: Float + longitude: Float + precision: Float + x_opencti_aliases: [String] + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + clientMutationId: String + created: DateTime + modified: DateTime + update: Boolean +} + +################ Positions +enum PositionsOrdering { + name + postal_address + postal_code + created + modified + created_at + updated_at + x_opencti_workflow_id +} +type PositionConnection { + pageInfo: PageInfo! + edges: [PositionEdge] +} +type PositionEdge { + cursor: String! + node: Position! +} +type Position implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Location + name: String! + description: String + latitude: Float + longitude: Float + precision: Float + x_opencti_aliases: [String] + # Position + street_address: String + postal_code: String + city: City + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input PositionAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + latitude: Float + longitude: Float + precision: Float + street_address: String + postal_code: String + confidence: Int + revoked: Boolean + lang: String + x_opencti_aliases: [String] + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +################ Cities +enum CitiesOrdering { + name + description + aliases + created + modified + created_at + updated_at + objectMarking + objectLabel + x_opencti_workflow_id +} +type CityConnection { + pageInfo: PageInfo! + edges: [CityEdge] +} +type CityEdge { + cursor: String! + node: City! +} +type City implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Location + name: String! + description: String + latitude: Float + longitude: Float + precision: Float + x_opencti_aliases: [String] + # City + country: Country + administrativeArea: AdministrativeArea + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input CityAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + latitude: Float + longitude: Float + precision: Float + confidence: Int + revoked: Boolean + lang: String + x_opencti_aliases: [String] + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +enum CountriesOrdering { + name + description + created + modified + created_at + updated_at + x_opencti_workflow_id +} +type CountryConnection { + pageInfo: PageInfo! + edges: [CountryEdge!]! +} +type CountryEdge { + cursor: String! + node: Country! +} +type Country implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Location + name: String! + description: String + latitude: Float + longitude: Float + precision: Float + x_opencti_aliases: [String] + # Country + region: Region + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input CountryAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + latitude: Float + longitude: Float + precision: Float + confidence: Int + revoked: Boolean + lang: String + x_opencti_aliases: [String] + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +################ Regions +enum RegionsOrdering { + name + description + created + modified + created_at + updated_at + x_opencti_workflow_id +} +type RegionConnection { + pageInfo: PageInfo! + edges: [RegionEdge] +} +type RegionEdge { + cursor: String! + node: Region! +} +type Region implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Location + name: String! + description: String + latitude: Float + longitude: Float + precision: Float + x_opencti_aliases: [String] + # Region + parentRegions: RegionConnection + subRegions: RegionConnection + countries: CountryConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input RegionAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + latitude: Float + longitude: Float + precision: Float + confidence: Int + revoked: Boolean + lang: String + x_opencti_aliases: [String] + createdBy: String + objectMarking: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Malware +enum MalwaresOrdering { + name + malware_types + first_seen + last_seen + created + modified + created_at + updated_at + objectMarking + objectLabel + x_opencti_workflow_id + confidence +} +type MalwareConnection { + pageInfo: PageInfo! + edges: [MalwareEdge] +} +type MalwareEdge { + cursor: String! + node: Malware! +} +type Malware implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Malware + name: String! + description: String + aliases: [String] + malware_types: [String] + is_family: Boolean + first_seen: DateTime + last_seen: DateTime + architecture_execution_envs: [String] + implementation_languages: [String] + capabilities: [String] + killChainPhases: [KillChainPhase!] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input MalwareAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + malware_types: [String] + aliases: [String] + is_family: Boolean + first_seen: DateTime + last_seen: DateTime + architecture_execution_envs: [String] + implementation_languages: [String] + capabilities: [String] + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectAssignee: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + killChainPhases: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +############## ThreatActorsGroup +enum ThreatActorsOrdering { + name + created + modified + created_at + updated_at + x_opencti_workflow_id + confidence +} +type ThreatActorGroupConnection { + pageInfo: PageInfo! + edges: [ThreatActorGroupEdge] +} + +type ThreatActorGroupEdge { + cursor: String! + node: ThreatActorGroup! +} + +interface ThreatActor implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # ThreatActorGroup + name: String! + description: String + aliases: [String] + threat_actor_types: [String] + first_seen: DateTime + last_seen: DateTime + roles: [String] + goals: [String] + sophistication: String + resource_level: String + primary_motivation: String + secondary_motivations: [String] + personal_motivations: [String] + locations: LocationConnection + countries: CountryConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} + +type ThreatActorEdge { + cursor: String! + node: ThreatActor! +} + +type ThreatActorConnection { + pageInfo: PageInfo! + edges: [ThreatActorEdge] +} + +type ThreatActorGroup implements BasicObject & StixObject & StixCoreObject & StixDomainObject & ThreatActor { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # ThreatActorGroup + name: String! + description: String + aliases: [String] + threat_actor_types: [String] + first_seen: DateTime + last_seen: DateTime + roles: [String] + goals: [String] + sophistication: String + resource_level: String + primary_motivation: String + secondary_motivations: [String] + personal_motivations: [String] + locations: LocationConnection + countries: CountryConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} + +input ThreatActorGroupAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + aliases: [String] + threat_actor_types: [String] + first_seen: DateTime + last_seen: DateTime + roles: [String] + goals: [String] + sophistication: String + resource_level: String + primary_motivation: String + secondary_motivations: [String] + personal_motivations: [String] + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectOrganization: [String] + objectAssignee: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Tools +enum ToolsOrdering { + name + created + modified + created_at + updated_at + x_opencti_workflow_id + confidence +} +type ToolConnection { + pageInfo: PageInfo! + edges: [ToolEdge] +} +type ToolEdge { + cursor: String! + node: Tool! +} +type Tool implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Tool + name: String! + description: String + aliases: [String] + tool_types: [String] + tool_version: String + killChainPhases: [KillChainPhase!] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input ToolAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + aliases: [String] + tool_types: [String] + tool_version: String + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + killChainPhases: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Vulnerabilities +enum VulnerabilitiesOrdering { + name + x_opencti_cvss_base_score + x_opencti_cvss_base_severity + x_opencti_cvss_attack_vector + created + modified + created_at + updated_at + x_opencti_workflow_id + creator + confidence +} +type VulnerabilityConnection { + pageInfo: PageInfo! + edges: [VulnerabilityEdge] +} +type VulnerabilityEdge { + cursor: String! + node: Vulnerability! +} +type Vulnerability implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Vulnerability + name: String! + description: String + x_opencti_aliases: [String] + x_opencti_cvss_base_score: Float + x_opencti_cvss_base_severity: String + x_opencti_cvss_attack_vector: String + x_opencti_cvss_integrity_impact: String + x_opencti_cvss_availability_impact: String + x_opencti_cvss_confidentiality_impact: String + softwares(first: Int, after: ID, orderBy: StixCyberObservablesOrdering, orderMode: OrderingMode): StixCyberObservableConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input VulnerabilityAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + x_opencti_aliases: [String] + x_opencti_cvss_base_score: Float + x_opencti_cvss_base_severity: String + x_opencti_cvss_attack_vector: String + x_opencti_cvss_integrity_impact: String + x_opencti_cvss_availability_impact: String + x_opencti_cvss_confidentiality_impact: String + confidence: Int + revoked: Boolean + lang: String + createdBy: String + objectMarking: [String] + objectOrganization: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} + +############## Incident +enum IncidentsOrdering { + name + first_seen + last_seen + incident_type + severity + source + created + modified + created_at + updated_at + x_opencti_workflow_id + objectMarking + confidence + objectAssignee + creator +} +type IncidentConnection { + pageInfo: PageInfo! + edges: [IncidentEdge] +} +type IncidentEdge { + cursor: String! + node: Incident! +} +type Incident implements BasicObject & StixObject & StixCoreObject & StixDomainObject { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixDomainObject + revoked: Boolean! + confidence: Int + lang: String + created: DateTime + modified: DateTime + x_opencti_graph_data: String + objectAssignee: [Assignee!] + avatar: OpenCtiFile + # Incident + name: String! + description: String + aliases: [String] + first_seen: DateTime + last_seen: DateTime + objective: String + incident_type: String + severity: String + source: String + objectParticipant: [Participant!] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] + status: Status + workflowEnabled: Boolean +} +input IncidentAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + name: String! @constraint(minLength: 2) + description: String + confidence: Int + revoked: Boolean + lang: String + objective: String + first_seen: DateTime + last_seen: DateTime + aliases: [String] + incident_type: String + severity: String + source: String + createdBy: String + objectOrganization: [String] + objectMarking: [String] + objectAssignee: [String] + objectParticipant: [String] + objectLabel: [String] + externalReferences: [String] + created: DateTime + modified: DateTime + x_opencti_workflow_id: String + clientMutationId: String + update: Boolean + file: Upload +} + +######## STIX CYBER OBSERVABLES ENTITIES + +enum StixCyberObservablesOrdering { + entity_type + created_at + updated_at + observable_value + objectMarking + createdBy + creator +} +type StixCyberObservableConnection { + pageInfo: PageInfo! + edges: [StixCyberObservableEdge!]! +} +type StixCyberObservableEdge { + cursor: String! + node: StixCyberObservable! +} +interface StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +type AutonomousSystem implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # AutonomousSystem + number: Int + name: String + rir: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input AutonomousSystemAddInput { + number: Int! + name: String + rir: String + file: Upload +} +type Directory implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Directory + path: String! + path_enc: String + ctime: DateTime + mtime: DateTime + atime: DateTime + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input DirectoryAddInput { + path: String! + path_enc: String + ctime: DateTime + mtime: DateTime + atime: DateTime + file: Upload +} +type DomainName implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + observable_value: String! + x_opencti_score: Int + x_opencti_description: String + indicators(first: Int): IndicatorConnection + # DomainName + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input DomainNameAddInput { + value: String! + file: Upload +} +type EmailAddr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # EmailAddr + value: String + display_name: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input EmailAddrAddInput { + value: String + display_name: String + file: Upload +} +type EmailMessage implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # EmailMessage + is_multipart: Boolean + attribute_date: DateTime + content_type: String + message_id: String + subject: String + received_lines: [String] + body: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input EmailMessageAddInput { + is_multipart: Boolean + attribute_date: DateTime + content_type: String + message_id: String + subject: String + received_lines: [String] + body: String + file: Upload +} +type EmailMimePartType implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # EmailMimePartType + body: String + content_type: String + content_disposition: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input EmailMimePartTypeAddInput { + body: String + content_type: String + content_disposition: String + file: Upload +} +############## HashedObservable +input HashInput { + algorithm: String! @constraint(minLength: 3) + hash: String! @constraint(minLength: 5) +} +type Hash { + algorithm: String! + hash: String +} +type StixFileEdge { + cursor: String! + node: StixFile! +} +type StixFileConnection { + pageInfo: PageInfo! + edges: [StixFileEdge] +} + +interface HashedObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # HashedObservable + hashes: [Hash] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +type Artifact implements BasicObject & StixObject & StixCoreObject & StixCyberObservable & HashedObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # HashedObservable + hashes: [Hash] + # Artifact + mime_type: String + payload_bin: String + url: String + encryption_algorithm: String + decryption_key: String + x_opencti_additional_names: [String] + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input ArtifactAddInput { + hashes: [HashInput] + mime_type: String + payload_bin: String + url: String + encryption_algorithm: String + decryption_key: String + x_opencti_additional_names: [String] + file: Upload +} +type StixFile implements BasicObject & StixObject & StixCoreObject & StixCyberObservable & HashedObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # HashedObservable + hashes: [Hash] + # File + extensions: String + size: Int + name: String + name_enc: String + magic_number_hex: String + mime_type: String + ctime: DateTime + mtime: DateTime + atime: DateTime + x_opencti_additional_names: [String] + obsContent: Artifact + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input StixFileAddInput { + hashes: [HashInput] + size: Int + name: String + name_enc: String + magic_number_hex: String + mime_type: String + ctime: DateTime + mtime: DateTime + atime: DateTime + x_opencti_additional_names: [String] + obsContent: ID + file: Upload +} +type X509Certificate implements BasicObject & StixObject & StixCoreObject & StixCyberObservable & HashedObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # HashedObservable + hashes: [Hash] + # X509Certificate + is_self_signed: Boolean + version: String + serial_number: String + signature_algorithm: String + issuer: String + subject: String + subject_public_key_algorithm: String + subject_public_key_modulus: String + subject_public_key_exponent: Int + validity_not_before: DateTime + validity_not_after: DateTime + # X509V3ExtensionsType + basic_constraints: String + name_constraints: String + policy_constraints: String + key_usage: String + extended_key_usage: String + subject_key_identifier: String + authority_key_identifier: String + subject_alternative_name: String + issuer_alternative_name: String + subject_directory_attributes: String + crl_distribution_points: String + inhibit_any_policy: String + private_key_usage_period_not_before: DateTime + private_key_usage_period_not_after: DateTime + certificate_policies: String + policy_mappings: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input X509CertificateAddInput { + hashes: [HashInput] + is_self_signed: Boolean + version: String + serial_number: String + signature_algorithm: String + issuer: String + subject: String + subject_public_key_algorithm: String + subject_public_key_modulus: String + subject_public_key_exponent: Int + validity_not_before: DateTime + validity_not_after: DateTime + # X509V3ExtensionsType + basic_constraints: String + name_constraints: String + policy_constraints: String + key_usage: String + extended_key_usage: String + subject_key_identifier: String + authority_key_identifier: String + subject_alternative_name: String + issuer_alternative_name: String + subject_directory_attributes: String + crl_distribution_points: String + inhibit_any_policy: String + private_key_usage_period_not_before: DateTime + private_key_usage_period_not_after: DateTime + certificate_policies: String + policy_mappings: String + file: Upload +} +type IPv4Addr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # IPv4Addr + value: String + countries: CountryConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input IPv4AddrAddInput { + value: String + belongsTo: [String] + resolvesTo: [String] + file: Upload +} +type IPv6Addr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # IPv4Addr + value: String + countries: CountryConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input IPv6AddrAddInput { + value: String + file: Upload +} +type MacAddr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # MacAddr + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input MacAddrAddInput { + value: String + file: Upload +} +type Mutex implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Mutex + name: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input MutexAddInput { + name: String + file: Upload +} +type NetworkTraffic implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # NetworkTraffic + extensions: String + start: DateTime + end: DateTime + is_active: Boolean + src_port: Int + dst_port: Int + protocols: [String] + src_byte_count: Int + dst_byte_count: Int + src_packets: Int + dst_packets: Int + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input NetworkTrafficAddInput { + start: DateTime + end: DateTime + is_active: Boolean + src: String + dst: String + src_port: Int + dst_port: Int + protocols: [String] + src_byte_count: Int + dst_byte_count: Int + src_packets: Int + dst_packets: Int + file: Upload +} +type Process implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Process + extensions: String + is_hidden: Boolean + pid: Int + created_time: DateTime + cwd: String + command_line: String + environment_variables: [String] + ## windows-process-ext + aslr_enabled: Boolean + dep_enabled: Boolean + priority: String + owner_sid: String + window_title: String + startup_info: [Dictionary] + integrity_level: String + ## windows-service-ext + service_name: String + descriptions: [String] + display_name: String + group_name: String + start_type: String + serviceDlls: StixFileConnection + service_type: String + service_status: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input ProcessAddInput { + is_hidden: Boolean + pid: Int + created_time: DateTime + cwd: String + x_opencti_description: String + command_line: String! + environment_variables: [String] + ## windows-process-ext + aslr_enabled: Boolean + dep_enabled: Boolean + priority: String + owner_sid: String + window_title: String + startup_info: [DictionaryInput] + integrity_level: String # windows-integrity-level-enum + ## windows-service-ext + service_name: String + descriptions: [String] + display_name: String + group_name: String + start_type: String # windows-service-start-type-enum + serviceDlls: [String] # service_dll_refs + service_type: String # windows-service-type-enum + service_status: String # windows-service-status-enum + file: Upload +} +type Software implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Software + name: String + cpe: String + swid: String + languages: [String] + vendor: String + version: String + vulnerabilities: VulnerabilityConnection + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +type SoftwareConnection { + pageInfo: PageInfo! + edges: [SoftwareEdge!]! +} +type SoftwareEdge { + cursor: String! + node: Software! +} +input SoftwareAddInput { + name: String + cpe: String + swid: String + languages: [String] + vendor: String + version: String + file: Upload +} +type Url implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Url + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input UrlAddInput { + value: String + file: Upload +} +type UserAccount implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # UserAccount + extensions: String + user_id: String + credential: String + account_login: String + account_type: String + display_name: String + is_service_account: Boolean + is_privileged: Boolean + can_escalate_privs: Boolean + is_disabled: Boolean + account_created: DateTime + account_expires: DateTime + credential_last_changed: DateTime + account_first_login: DateTime + account_last_login: DateTime + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input UserAccountAddInput { + user_id: String + credential: String + account_login: String + account_type: String + display_name: String + is_service_account: Boolean + is_privileged: Boolean + can_escalate_privs: Boolean + is_disabled: Boolean + account_created: DateTime + account_expires: DateTime + credential_last_changed: DateTime + account_first_login: DateTime + account_last_login: DateTime + file: Upload +} +type WindowsRegistryKey implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # WindowsRegistryKey + attribute_key: String + modified_time: DateTime + number_of_subkeys: Int + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input WindowsRegistryKeyAddInput { + attribute_key: String + modified_time: DateTime + file: Upload + number_of_subkeys: Int +} +type WindowsRegistryValueType implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # WindowsRegistryKey + name: String + data: String + data_type: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input WindowsRegistryValueTypeAddInput { + name: String + data: String + data_type: String + file: Upload +} +type CryptographicKey implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # CryptographicKey + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input CryptographicKeyAddInput { + value: String + file: Upload +} +type CryptocurrencyWallet implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # CryptocurrencyWallet + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input CryptocurrencyWalletAddInput { + value: String + file: Upload +} +type Hostname implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Hostname + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input HostnameAddInput { + value: String + file: Upload +} +type Text implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # Text + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input TextAddInput { + value: String + file: Upload +} +type UserAgent implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # UserAgent + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input UserAgentAddInput { + value: String + file: Upload +} +type BankAccount implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # BankAccount + iban: String + bic: String + account_number: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input BankAccountAddInput { + iban: String + bic: String + account_number: String + file: Upload +} +type PhoneNumber implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # PhoneNumber + value: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input PhoneNumberAddInput { + value: String + file: Upload +} +type PaymentCard implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + objectLabel: [Label!] + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # CreditCard + card_number: String + expiration_date: DateTime + cvv: Int + holder_name: String + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input PaymentCardAddInput { + card_number: String! + expiration_date: DateTime + cvv: Int + holder_name: String + file: Upload +} +type MediaContent implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + # StixObject + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + spec_version: String! + created_at: DateTime! + updated_at: DateTime! + # inferences + x_opencti_inferences: [Inference] + # StixCoreObject + createdBy: Identity + numberOfConnectedElement: Int! + objectMarking: [MarkingDefinition!] + objectLabel: [Label!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + observedData(first: Int): ObservedDataConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + stixCoreObjectsDistribution( + relationship_type: [String] + toTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + # StixCyberObservable + x_opencti_score: Int + x_opencti_description: String + observable_value: String! + indicators(first: Int): IndicatorConnection + # MediaContent + title: String + description: String + content: String + media_category: String + url: String + publication_date: DateTime + # Technical + creators: [Creator!] + toStix: String + importFiles(first: Int, prefixMimeType: String): FileConnection + pendingFiles(first: Int): FileConnection + exportFiles(first: Int): FileConnection + editContext: [EditUserContext!] + connectors(onlyAlive: Boolean): [Connector] + jobs(first: Int): [Work] +} +input MediaContentAddInput { + title: String + content: String + media_category: String + url: String! + publication_date: DateTime + file: Upload +} +###### RELATIONSHIPS + +interface BasicRelationship { + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + fromRole: String + toRole: String + created_at: DateTime! + updated_at: DateTime! + # Technical + creators: [Creator!] +} + +######## INTERNAL RELATIONSHIPS + +type InternalRelationship implements BasicRelationship { + # BasicRelationship + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + fromRole: String + toRole: String + created_at: DateTime! + updated_at: DateTime! + # InternalRelationship + from: InternalObject + to: InternalObject + # Technical + creators: [Creator!] +} +input InternalRelationshipAddInput { + relationship_type: String! # Will be check by code + fromId: ID + toId: ID +} + +######## STIX RELATIONSHIPS +enum StixObjectOrStixRelationshipsOrdering { + name + entity_type + created_at + updated_at + createdBy + objectMarking + objectLabel + observable_value + start_time + created + modified + relationship_type + creator +} +type StixObjectOrStixRelationshipConnection { + pageInfo: PageInfo! + edges: [StixObjectOrStixRelationshipEdge] +} +type StixObjectOrStixRelationshipRefConnection { + pageInfo: PageInfo! + edges: [StixObjectOrStixRelationshipRefEdge] +} +type StixObjectOrStixRelationshipEdge { + cursor: String! + node: StixObjectOrStixRelationship! +} +type StixObjectOrStixRelationshipRefEdge { + cursor: String! + types: [String]! + node: StixObjectOrStixRelationship! +} +union StixObjectOrStixRelationshipOrCreator = + MarkingDefinition + | Label + | KillChainPhase + | ExternalReference + | AttackPattern + | Campaign + | Channel + | Event + | Narrative + | Note + | ObservedData + | Opinion + | Report + | Grouping + | CourseOfAction + | Individual + | Organization + | Sector + | System + | Indicator + | Infrastructure + | IntrusionSet + | Language + | City + | AdministrativeArea + | Country + | Region + | Position + | Malware + | MalwareAnalysis + | ThreatActorGroup + | ThreatActorIndividual + | Tool + | Vulnerability + | Incident + | AutonomousSystem + | Directory + | DomainName + | EmailAddr + | EmailMessage + | EmailMimePartType + | Artifact + | StixFile + | X509Certificate + | IPv4Addr + | IPv6Addr + | MacAddr + | Mutex + | NetworkTraffic + | Process + | Software + | Url + | UserAccount + | WindowsRegistryKey + | WindowsRegistryValueType + | CryptographicKey + | CryptocurrencyWallet + | Hostname + | Text + | UserAgent + | BankAccount + | PhoneNumber + | PaymentCard + | MediaContent + | StixCoreRelationship + | StixSightingRelationship + | StixRefRelationship + | Task + | DataComponent + | DataSource + | CaseIncident + | CaseRfi + | CaseRft + | Feedback + | CaseTemplate + | EntitySetting + | ManagerConfiguration + | Creator + | Group + | Workspace + | CsvMapper + | Status +union StixObjectOrStixRelationship = + MarkingDefinition + | Label + | KillChainPhase + | ExternalReference + | AttackPattern + | Campaign + | Channel + | Event + | Narrative + | Note + | ObservedData + | Opinion + | Report + | Grouping + | CourseOfAction + | Individual + | Organization + | Sector + | System + | Indicator + | Infrastructure + | IntrusionSet + | Language + | City + | AdministrativeArea + | Country + | Region + | Position + | Malware + | MalwareAnalysis + | ThreatActorGroup + | ThreatActorIndividual + | Tool + | Vulnerability + | Incident + | AutonomousSystem + | Directory + | DomainName + | EmailAddr + | EmailMessage + | EmailMimePartType + | Artifact + | StixFile + | X509Certificate + | IPv4Addr + | IPv6Addr + | MacAddr + | Mutex + | NetworkTraffic + | Process + | Software + | Url + | UserAccount + | WindowsRegistryKey + | WindowsRegistryValueType + | CryptographicKey + | CryptocurrencyWallet + | Hostname + | Text + | UserAgent + | BankAccount + | PhoneNumber + | PaymentCard + | MediaContent + | StixCoreRelationship + | StixSightingRelationship + | StixRefRelationship + | DataComponent + | DataSource + | CaseIncident + | CaseRfi + | CaseRft + | Feedback + | CaseTemplate + | Task + | EntitySetting + | ManagerConfiguration + | Workspace + | CsvMapper +union StixCoreObjectOrStixCoreRelationship = +#### Stix Core Objects +## Stix Domain Objects + AttackPattern + | Campaign + | Channel + | Event + | Note + | ObservedData + | Opinion + | Report + | Grouping + | CourseOfAction + | Individual + | Organization + | Sector + | Indicator + | Infrastructure + | IntrusionSet + | Language + | City + | AdministrativeArea + | Country + | Region + | Position + | Malware + | MalwareAnalysis + | Narrative + | ThreatActorGroup + | ThreatActorIndividual + | Tool + | Vulnerability + | Incident ## Six Cyber Observables + | AutonomousSystem + | Directory + | DomainName + | EmailAddr + | EmailMessage + | EmailMimePartType + | Artifact + | StixFile + | X509Certificate + | IPv4Addr + | IPv6Addr + | MacAddr + | Mutex + | NetworkTraffic + | Process + | Software + | Url + | UserAccount + | WindowsRegistryKey + | WindowsRegistryValueType + | CryptographicKey + | CryptocurrencyWallet + | Hostname + | Text + | UserAgent + | BankAccount + | PhoneNumber + | PaymentCard + | MediaContent + | StixCoreRelationship + | DataComponent + | DataSource + | CaseIncident + | CaseRfi + | CaseRft + | Feedback + | CaseTemplate + | Task + | EntitySetting + | ManagerConfiguration + | Workspace + +enum StixRelationshipsOrdering { + entity_type + relationship_type + confidence + start_time + stop_time + created + modified + created_at + updated_at + objectMarking + objectLabel + killChainPhase + toName + toValidFrom + toValidUntil + toObservableValue + toPatternType + x_opencti_workflow_id + createdBy + creator +} +type StixRelationshipConnection { + pageInfo: PageInfo! + edges: [StixRelationshipEdge] +} +type StixRelationshipEdge { + cursor: String! + node: StixRelationship! +} +interface StixRelationship { + # BasicRelationship + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + fromRole: String + toRole: String + created_at: DateTime! + updated_at: DateTime! + # StixRelationship + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + from: StixObjectOrStixRelationshipOrCreator + to: StixObjectOrStixRelationshipOrCreator + x_opencti_inferences: [Inference] + spec_version: String! + created: DateTime + modified: DateTime + confidence: Int + relationship_type: String! + createdBy: Identity + objectMarking: [MarkingDefinition!] + toStix: String + # Technical + creators: [Creator!] +} +type StixRelationshipSchema { + key: String! + values: [String!]! +} + +############## StixCoreRelationships +enum StixCoreRelationshipsOrdering { + entity_type + relationship_type + confidence + start_time + stop_time + created + modified + created_at + updated_at + objectMarking + objectLabel + killChainPhase + toName + toValidFrom + toValidUntil + toObservableValue + toPatternType + x_opencti_workflow_id + createdBy + creator +} +type StixCoreRelationshipConnection { + pageInfo: PageInfo! + edges: [StixCoreRelationshipEdge!]! +} +type StixCoreRelationshipEdge { + cursor: String! + node: StixCoreRelationship! +} +type StixCoreRelationship implements BasicRelationship & StixRelationship { + # BasicRelationship + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + fromRole: String + toRole: String + created_at: DateTime! + updated_at: DateTime! + # StixRelationship + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + from: StixObjectOrStixRelationshipOrCreator + fromId: String! + fromType: String! + to: StixObjectOrStixRelationshipOrCreator + toId: String! + toType: String! + x_opencti_inferences: [Inference] + spec_version: String! + created: DateTime + modified: DateTime + confidence: Int + relationship_type: String! + createdBy: Identity + objectMarking: [MarkingDefinition!] + # StixCoreRelationship + description: String + start_time: DateTime + stop_time: DateTime + revoked: Boolean! + lang: String + objectLabel: [Label!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: String + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + confidences: [Int] + search: String + filters: FilterGroup + ): StixCoreRelationshipConnection + killChainPhases: [KillChainPhase!] + # Technical + creators: [Creator!] + toStix: String + editContext: [EditUserContext!] + status: Status + workflowEnabled: Boolean +} +input StixCoreRelationshipAddInput { + # StixRelationship + stix_id: StixId + x_opencti_stix_ids: [StixId] + fromId: StixRef! + toId: StixRef! + created: DateTime + modified: DateTime + confidence: Int + relationship_type: String! + createdBy: String + objectMarking: [String] + # StixCoreRelationship + description: String + start_time: DateTime + stop_time: DateTime + revoked: Boolean + lang: String + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + killChainPhases: [String] + clientMutationId: String + update: Boolean +} + +############## StixSightingRelationships +enum StixSightingRelationshipsOrdering { + confidence + x_opencti_negative + first_seen + last_seen + created + modified + created_at + updated_at + objectMarking + objectLabel + toName + toValidFrom + toValidUntil + toPatternType + toCreatedAt + attribute_count + x_opencti_workflow_id +} +type StixSightingRelationshipConnection { + pageInfo: PageInfo! + edges: [StixSightingRelationshipsEdge] +} +type StixSightingRelationshipsEdge { + cursor: String! + node: StixSightingRelationship! +} +type StixSightingRelationship implements BasicRelationship & StixRelationship { + # BasicRelationship + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + fromRole: String + toRole: String + created_at: DateTime! + updated_at: DateTime! + # StixRelationship + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + from: StixObjectOrStixRelationshipOrCreator + fromId: String! + fromType: String! + to: StixObjectOrStixRelationshipOrCreator + toId: String! + toType: String! + x_opencti_inferences: [Inference] + spec_version: String! + created: DateTime + modified: DateTime + confidence: Int + relationship_type: String! + createdBy: Identity + objectMarking: [MarkingDefinition!] + # StixSightingRelationship + description: String + first_seen: DateTime + last_seen: DateTime + attribute_count: Int! + x_opencti_negative: Boolean! + objectLabel: [Label!] + objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + externalReferences(first: Int): ExternalReferenceConnection + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + reports(first: Int): ReportConnection + notes(first: Int): NoteConnection + opinions(first: Int): OpinionConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + # Technical + creators: [Creator!] + toStix: String + editContext: [EditUserContext!] + status: Status + workflowEnabled: Boolean +} +input StixSightingRelationshipAddInput { + # StixRelationship + stix_id: StixId + x_opencti_stix_ids: [StixId] + fromId: StixRef! + toId: StixRef! + created: DateTime + modified: DateTime + confidence: Int + createdBy: String + objectMarking: [String] + # StixSightingRelationship + description: String + first_seen: DateTime + last_seen: DateTime + attribute_count: Int! + x_opencti_negative: Boolean + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + clientMutationId: String + update: Boolean +} + +############## StixRefRelationships +enum StixRefRelationshipsOrdering { + relationship_type + entity_type + confidence + start_time + stop_time + created + modified + created_at + updated_at + toName + toValidFrom + toValidUntil + toPatternType + toCreatedAt +} +type StixRefRelationshipConnection { + pageInfo: PageInfo! + edges: [StixRefRelationshipEdge] +} +type StixRefRelationshipEdge { + cursor: String! + node: StixRefRelationship! +} +type StixRefRelationship implements BasicRelationship & StixRelationship { + # BasicRelationship + id: ID! # internal_id + standard_id: String! + entity_type: String! + parent_types: [String]! + fromRole: String + toRole: String + created_at: DateTime! + updated_at: DateTime! + # StixRelationship + representative: Representative! + x_opencti_stix_ids: [StixId] + is_inferred: Boolean! + from: StixObjectOrStixRelationshipOrCreator + to: StixObjectOrStixRelationshipOrCreator + x_opencti_inferences: [Inference] + spec_version: String! + created: DateTime + modified: DateTime + confidence: Int + relationship_type: String! + createdBy: Identity + objectMarking: [MarkingDefinition!] + # StixRefRelationship + start_time: DateTime + stop_time: DateTime + datable: Boolean + containersNumber: Number + containers(first: Int, entityTypes: [String!]): ContainerConnection + notes(first: Int): NoteConnection + reports(first: Int): ReportConnection + opinions(first: Int): OpinionConnection + groupings(first: Int): GroupingConnection + cases(first: Int): CaseConnection + toStix: String + # Technical + creators: [Creator!] + editContext: [EditUserContext!] +} + +type DefinitionRefRelationship { + entity: StixObjectOrStixRelationshipOrCreator! + from: [String!] + to: [String!] +} + +# Mutations +input StixRefRelationshipAddInput { + stix_id: StixId + x_opencti_stix_ids: [StixId] + fromId: StixRef + toId: StixRef + relationship_type: String! + confidence: Int + createdBy: String + start_time: DateTime + stop_time: DateTime + objectMarking: [String] + objectLabel: [String] + created: DateTime + modified: DateTime + clientMutationId: String + update: Boolean + file: Upload +} +input StixRefRelationshipsAddInput { + relationship_type: String! + fromIds: [StixRef] + toIds: [StixRef!]! +} + +### QUERIES + +type Query { + stix(id: String!): String @auth(for: [KNOWLEDGE]) + enrichmentConnectors(type: String!): [Connector] @auth(for: [MODULES]) + ###### INTERNAL + + platform_theme: String + about: AppInfo + logsWorkerConfig: LogsWorkerConfig @auth(for: [MODULES]) + rabbitMQMetrics(prefix: String): RabbitMQMetrics @auth(for: [MODULES]) + elasticSearchMetrics: ElasticSearchMetrics @auth(for: [MODULES]) + logs( + first: Int + after: ID + orderBy: LogsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): LogConnection @auth(for: [KNOWLEDGE]) + audits( + first: Int + after: ID + types: [String!] + orderBy: LogsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): LogConnection @auth(for: [SETTINGS]) + auditsNumber( + dateAttribute: String + types: [String] + startDate: DateTime + endDate: DateTime + onlyInferred: Boolean + filters: FilterGroup + search: String + ): Number @auth(for: [KNOWLEDGE, EXPLORE]) + auditsTimeSeries( + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + types: [String] + filters: FilterGroup + search: String + ): [TimeSeries] @auth(for: [SETTINGS, VIRTUAL_ORGANIZATION_ADMIN]) + auditsDistribution( + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [SETTINGS]) + auditsMultiTimeSeries( + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + timeSeriesParameters: [AuditsTimeSeriesParameters] + ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + subType(id: String!): SubType @auth(for: [KNOWLEDGE]) + subTypes( + first: Int + after: ID + orderBy: SubTypesOrdering + orderMode: OrderingMode + type: String + includeParents: Boolean + search: String + ): SubTypeConnection! @auth + file(id: String!): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) + importFiles(first: Int): FileConnection @auth(for: [KNOWLEDGE_KNASKIMPORT]) + pendingFiles(first: Int): FileConnection @auth(for: [KNOWLEDGE_KNASKIMPORT]) + filesMetrics: FilesMetrics @auth(for: [SETTINGS]) + + ######## INDEXED FILES + indexedFiles(first: Int, after: ID, search: String): IndexedFileConnection @auth(for: [KNOWLEDGE]) + indexedFilesCount(search: String): Int @auth(for: [KNOWLEDGE]) + indexedFilesMetrics: FilesMetrics @auth(for: [SETTINGS]) + + ###### ENTITIES + + ######## INTERNAL OBJECT ENTITIES + + settings: Settings! + group(id: String!): Group @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + groups(first: Int, after: ID, orderBy: GroupsOrdering, orderMode: OrderingMode, search: String): GroupConnection + @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + roles(first: Int, after: ID, orderBy: RolesOrdering, orderMode: OrderingMode, search: String): RoleConnection + @auth(for: [SETTINGS_SETACCESSES]) + me: MeUser! @auth + otpGeneration: OtpElement @auth + user(id: String!): User @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + creators(entityTypes: [String!]): CreatorConnection @auth(for: [KNOWLEDGE]) + assignees(entityTypes: [String!]): AssigneeConnection @auth(for: [KNOWLEDGE]) + participants(entityTypes: [String!]): ParticipantConnection @auth(for: [KNOWLEDGE]) + members( + first: Int, + search: String, + filters: FilterGroup, + filterMode: FilterMode, + entityTypes: [MemberType!] + ): MemberConnection @auth(for: [KNOWLEDGE_KNUPDATE, EXPLORE_EXUPDATE CONNECTORAPI, SETTINGS]) + users( + first: Int + after: ID + orderBy: UsersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): UserConnection @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + sessions: [UserSession] @auth(for: [SETTINGS_SETACCESSES]) + role(id: String!): Role @auth(for: [SETTINGS_SETACCESSES]) + capabilities(first: Int): CapabilityConnection @auth(for: [SETTINGS_SETACCESSES]) + connector(id: String!): Connector @auth(for: [MODULES]) + connectors: [Connector] @auth(for: [MODULES]) + connectorsForWorker: [Connector] @auth(for: [MODULES]) + connectorsForExport: [Connector] @auth(for: [KNOWLEDGE]) + connectorsForImport: [Connector] @auth(for: [KNOWLEDGE]) + connectorsForNotification: [Connector] @auth(for: [SETTINGS_SETACCESSES]) + work(id: ID!): Work @auth(for: [MODULES]) + works( + first: Int + after: ID + orderBy: WorksOrdering + orderMode: OrderingMode + search: String + filters: FilterGroup + ): WorkConnection @auth(for: [MODULES]) + runtimeAttributes( + first: Int + search: String + orderMode: OrderingMode + attributeName: String! + ): AttributeConnection @auth(for: [KNOWLEDGE]) + schemaAttributeNames(elementType: [String]!) : AttributeConnection @auth(for: [KNOWLEDGE]) + retentionRule(id: String!): RetentionRule @auth(for: [SETTINGS]) + retentionRules(first: Int, after: ID, search: String): RetentionRuleConnection @auth(for: [SETTINGS]) + taxiiCollection(id: String!): TaxiiCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + taxiiCollections( + first: Int + after: ID + orderBy: TaxiiCollectionOrdering + orderMode: OrderingMode + search: String + filters: FilterGroup + ): TaxiiCollectionConnection + streamCollection(id: String!): StreamCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + feed(id: String!): Feed @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + feeds( + first: Int + after: ID + orderBy: FeedOrdering + orderMode: OrderingMode + search: String + filters: FilterGroup + ): FeedConnection + streamCollections( + first: Int + after: ID + orderBy: StreamCollectionOrdering + orderMode: OrderingMode + search: String + filters: FilterGroup + ): StreamCollectionConnection! + statusTemplate(id: String!): StatusTemplate @auth + statusTemplates( + first: Int + after: ID + orderBy: StatusTemplateOrdering + orderMode: OrderingMode + search: String + ): StatusTemplateConnection @auth + status(id: String!): Status @auth + statuses( + first: Int + after: ID + orderBy: StatusOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): StatusConnection @auth + backgroundTask(id: String!): BackgroundTask @auth(for: [KNOWLEDGE]) + backgroundTasks( + first: Int + after: ID + orderBy: BackgroundTasksOrdering + orderMode: OrderingMode + includeAuthorities: Boolean + filters: FilterGroup + search: String + ): BackgroundTaskConnection @auth(for: [KNOWLEDGE]) + rule(id: String!): Rule @auth(for: [KNOWLEDGE]) + rules: [Rule] @auth(for: [KNOWLEDGE]) + ruleManagerInfo: RuleManager @auth(for: [SETTINGS]) + synchronizer(id: String!): Synchronizer @auth(for: [SETTINGS]) + synchronizers( + first: Int + after: ID + orderBy: SynchronizersOrdering + orderMode: OrderingMode + search: String + ): SynchronizerConnection @auth(for: [SETTINGS]) + synchronizerFetch(input: SynchronizerFetchInput): [RemoteStreamCollection] @auth(for: [SETTINGS]) + ######## STIX OBJECT ENTITIES + + ######## STIX META OBJECT ENTITIES + stixMetaObject(id: String!): StixMetaObject @auth(for: [KNOWLEDGE]) + stixMetaObjects( + first: Int + after: ID + types: [String] + orderBy: StixMetaObjectsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): StixMetaObjectConnection @auth(for: [KNOWLEDGE]) + markingDefinition(id: String!): MarkingDefinition @auth(for: [KNOWLEDGE]) + markingDefinitions( + first: Int + after: ID + orderBy: MarkingDefinitionsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): MarkingDefinitionConnection @auth(for: [KNOWLEDGE]) + label(id: String!): Label @auth(for: [KNOWLEDGE]) + labels( + first: Int + after: ID + orderBy: LabelsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): LabelConnection @auth(for: [KNOWLEDGE]) + externalReference(id: String!): ExternalReference @auth(for: [KNOWLEDGE]) + externalReferences( + first: Int + after: ID + orderBy: ExternalReferencesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): ExternalReferenceConnection @auth(for: [KNOWLEDGE]) + killChainPhase(id: String!): KillChainPhase @auth(for: [KNOWLEDGE]) + killChainPhases( + first: Int + after: ID + orderBy: KillChainPhasesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): KillChainPhaseConnection @auth(for: [KNOWLEDGE]) + + ######## STIX CORE OBJECT ENTITIES + + stixCoreObjectRaw(id: String!): String @auth(for: [KNOWLEDGE]) + stixCoreObject(id: String!): StixCoreObject @auth(for: [KNOWLEDGE]) + stixCoreObjects( + first: Int + after: ID + types: [String] + orderBy: StixCoreObjectsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): StixCoreObjectConnection @auth(for: [KNOWLEDGE]) + globalSearch( + first: Int + after: ID + search: String + types: [String] + orderBy: StixCoreObjectsOrdering + orderMode: OrderingMode + filters: FilterGroup + ): StixCoreObjectConnection @auth(for: [KNOWLEDGE]) + stixCoreObjectsExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) + stixCoreObjectsTimeSeries( + authorId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + types: [String] + filters: FilterGroup + search: String + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreObjectsMultiTimeSeries( + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + timeSeriesParameters: [StixCoreObjectsTimeSeriesParameters] + ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreObjectsNumber( + dateAttribute: String + types: [String] + startDate: DateTime + endDate: DateTime + onlyInferred: Boolean + filters: FilterGroup + search: String + ): Number @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreObjectsMultiNumber( + dateAttribute: String + startDate: DateTime + endDate: DateTime + onlyInferred: Boolean + numberParameters: [StixCoreObjectsNumberParameters] + ): [Number] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreObjectsDistribution( + objectId: [String] + relationship_type: [String] + toTypes: [String] + elementWithTargetTypes: [String] + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreObjectsMultiDistribution( + field: String! + startDate: DateTime + endDate: DateTime + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + distributionParameters: StixCoreObjectsDistributionParameters + ): [MultiDistribution] @auth(for: [KNOWLEDGE, EXPLORE]) + filtersRepresentatives(filters: FilterGroup!): [RepresentativeWithId!]! @auth(for: [KNOWLEDGE]) + + ######## STIX DOMAIN OBJECT ENTITIES + + stixDomainObject(id: String!): StixDomainObject @auth(for: [KNOWLEDGE]) + stixDomainObjects( + first: Int + after: ID + types: [String] + orderBy: StixDomainObjectsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): StixDomainObjectConnection @auth(for: [KNOWLEDGE]) + bookmarks(first: Int, after: ID, types: [String], filters: FilterGroup): StixDomainObjectConnection @auth(for: [KNOWLEDGE]) + stixDomainObjectsExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) + stixDomainObjectsTimeSeries( + authorId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + types: [String] + onlyInferred: Boolean + filters: FilterGroup + search: String + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixDomainObjectsNumber( + dateAttribute: String + types: [String] + endDate: DateTime + onlyInferred: Boolean + filters: FilterGroup + search: String): Number @auth(for: [KNOWLEDGE, EXPLORE]) + stixDomainObjectsDistribution( + objectId: [String] + relationship_type: [String] + toTypes: [String] + elementWithTargetTypes: [String] + field: String! + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + types: [String] + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + attackPattern(id: String): AttackPattern @auth(for: [KNOWLEDGE]) + attackPatterns( + first: Int + after: ID + orderBy: AttackPatternsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): AttackPatternConnection @auth(for: [KNOWLEDGE]) + campaign(id: String): Campaign @auth(for: [KNOWLEDGE]) + campaigns( + first: Int + after: ID + orderBy: CampaignsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): CampaignConnection @auth(for: [KNOWLEDGE]) + campaignsTimeSeries( + objectId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + relationship_type: [String] + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + # Containers + container(id: String): Container @auth(for: [KNOWLEDGE]) + containers( + first: Int + after: ID + orderBy: ContainersOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): ContainerConnection @auth(for: [KNOWLEDGE]) + containersObjectsOfObject( + id: String! + types: [String] + filters: FilterGroup + search: String + ): StixObjectOrStixRelationshipConnection @auth(for: [KNOWLEDGE]) + note(id: String): Note @auth(for: [KNOWLEDGE]) + notes( + first: Int + after: ID + orderBy: NotesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): NoteConnection @auth(for: [KNOWLEDGE]) + notesNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) + notesTimeSeries( + objectId: String + authorId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + notesDistribution( + objectId: String + field: String! + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + noteContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean + @auth(for: [KNOWLEDGE]) + observedData(id: String): ObservedData @auth(for: [KNOWLEDGE]) + observedDatas( + first: Int + after: ID + orderBy: ObservedDatasOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): ObservedDataConnection @auth(for: [KNOWLEDGE]) + observedDatasTimeSeries( + objectId: String + authorId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + observedDatasNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) + observedDatasDistribution( + objectId: String + field: String! + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + observedDataContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean + @auth(for: [KNOWLEDGE]) + opinion(id: String): Opinion @auth(for: [KNOWLEDGE]) + opinions( + first: Int + after: ID + orderBy: OpinionsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): OpinionConnection @auth(for: [KNOWLEDGE]) + opinionsTimeSeries( + objectId: String + authorId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + opinionsNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) + opinionsDistribution( + objectId: String + field: String! + dateAttribute: String + operation: StatsOperation! + limit: Int + order: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + opinionContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean + @auth(for: [KNOWLEDGE]) + myOpinion(id: String!): Opinion @auth(for: [KNOWLEDGE]) + report(id: String): Report @auth(for: [KNOWLEDGE]) + reports( + first: Int + after: ID + orderBy: ReportsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): ReportConnection @auth(for: [KNOWLEDGE]) + reportsTimeSeries( + objectId: String + authorId: String + reportType: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + filters: FilterGroup + search: String + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + reportsNumber( + reportType: String + objectId: String + authorId: String + endDate: DateTime + filters: FilterGroup + search: String + ): Number @auth(for: [KNOWLEDGE, EXPLORE]) + reportsDistribution( + objectId: String + authorId: String + field: String! + operation: StatsOperation! + limit: Int + order: String + startDate: DateTime + endDate: DateTime + dateAttribute: String + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + reportContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean + @auth(for: [KNOWLEDGE]) + courseOfAction(id: String): CourseOfAction @auth(for: [KNOWLEDGE]) + coursesOfAction( + first: Int + after: ID + orderBy: CoursesOfActionOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): CourseOfActionConnection @auth(for: [KNOWLEDGE]) + # Identities + identity(id: String!): Identity @auth(for: [KNOWLEDGE]) + identities( + first: Int + after: ID + types: [String] + orderBy: IdentitiesOrdering + orderMode: OrderingMode + search: String + filters: FilterGroup + toStix: Boolean + ): IdentityConnection @auth(for: [KNOWLEDGE]) + individual(id: String!): Individual @auth(for: [KNOWLEDGE]) + individuals( + first: Int + after: ID + orderBy: IndividualsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): IndividualConnection @auth(for: [KNOWLEDGE]) + sector(id: String): Sector @auth(for: [KNOWLEDGE]) + sectors( + first: Int + after: ID + orderBy: SectorsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): SectorConnection @auth(for: [KNOWLEDGE]) + system(id: String): System @auth(for: [KNOWLEDGE]) + systems( + first: Int + after: ID + orderBy: SystemsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): SystemConnection @auth(for: [KNOWLEDGE]) + + infrastructure(id: String!): Infrastructure @auth(for: [KNOWLEDGE]) + infrastructures( + first: Int + after: ID + orderBy: InfrastructuresOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + ): InfrastructureConnection @auth(for: [KNOWLEDGE]) + intrusionSet(id: String): IntrusionSet @auth(for: [KNOWLEDGE]) + intrusionSets( + first: Int + after: ID + orderBy: IntrusionSetsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): IntrusionSetConnection @auth(for: [KNOWLEDGE]) + # Locations + location(id: String!): Location @auth(for: [KNOWLEDGE]) + locations( + first: Int + after: ID + types: [String] + orderBy: LocationsOrdering + orderMode: OrderingMode + search: String + filters: FilterGroup + toStix: Boolean + ): LocationConnection @auth(for: [KNOWLEDGE]) + city(id: String): City @auth(for: [KNOWLEDGE]) + cities( + first: Int + after: ID + orderBy: CitiesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): CityConnection @auth(for: [KNOWLEDGE]) + country(id: String): Country @auth(for: [KNOWLEDGE]) + countries( + first: Int + after: ID + orderBy: CountriesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): CountryConnection @auth(for: [KNOWLEDGE]) + region(id: String!): Region @auth(for: [KNOWLEDGE]) + regions( + first: Int + after: ID + orderBy: RegionsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): RegionConnection @auth(for: [KNOWLEDGE]) + position(id: String!): Position @auth(for: [KNOWLEDGE]) + positions( + first: Int + after: ID + orderBy: PositionsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): PositionConnection @auth(for: [KNOWLEDGE]) + malware(id: String): Malware @auth(for: [KNOWLEDGE]) + malwares( + first: Int + after: ID + orderBy: MalwaresOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): MalwareConnection @auth(for: [KNOWLEDGE]) + threatActor(id: String): ThreatActor @auth(for: [KNOWLEDGE]) + threatActors( + first: Int + after: ID + orderBy: ThreatActorsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): ThreatActorConnection @auth(for: [KNOWLEDGE]) + threatActorGroup(id: String): ThreatActorGroup @auth(for: [KNOWLEDGE]) + threatActorsGroup( + first: Int + after: ID + orderBy: ThreatActorsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): ThreatActorGroupConnection @auth(for: [KNOWLEDGE]) + tool(id: String): Tool @auth(for: [KNOWLEDGE]) + tools( + first: Int + after: ID + orderBy: ToolsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): ToolConnection @auth(for: [KNOWLEDGE]) + vulnerability(id: String): Vulnerability @auth(for: [KNOWLEDGE]) + vulnerabilities( + first: Int + after: ID + orderBy: VulnerabilitiesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): VulnerabilityConnection @auth(for: [KNOWLEDGE]) + incident(id: String): Incident @auth(for: [KNOWLEDGE]) + incidents( + first: Int + after: ID + orderBy: IncidentsOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): IncidentConnection @auth(for: [KNOWLEDGE]) + incidentsTimeSeries( + objectId: String + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + relationship_type: [String] + ): [TimeSeries] @auth(for: [KNOWLEDGE]) + + ######## STIX CYBER OBSERVABLE ENTITIES + + stixCyberObservable(id: String!): StixCyberObservable @auth(for: [KNOWLEDGE]) + stixCyberObservables( + first: Int + after: ID + types: [String] + orderBy: StixCyberObservablesOrdering + orderMode: OrderingMode + filters: FilterGroup + search: String + toStix: Boolean + ): StixCyberObservableConnection @auth(for: [KNOWLEDGE]) + stixCyberObservablesExportFiles(first: Int, exportContext: ExportContext!): FileConnection + stixCyberObservablesNumber( + dateAttribute: String + types: [String] + authorId: String + endDate: DateTime + filters: FilterGroup + search: String + ): Number @auth(for: [KNOWLEDGE, EXPLORE]) + stixCyberObservablesTimeSeries( + types: [String] + filters: FilterGroup + search: String + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCyberObservablesDistribution( + objectId: String + field: String! + dateAttribute: String + operation: String! + filters: FilterGroup + search: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + + ######## STIX RELATIONSHIPS + stixRelationship(id: String): StixRelationship @auth(for: [KNOWLEDGE]) + stixRelationships( + first: Int + after: ID + orderBy: StixRelationshipsOrdering + orderMode: OrderingMode + fromOrToId: String + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + startDate: DateTime + endDate: DateTime + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + stix: Boolean + ): StixRelationshipConnection @auth(for: [KNOWLEDGE]) + stixRelationshipsTimeSeries( + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixRelationshipsMultiTimeSeries( + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + timeSeriesParameters: [StixRelationshipsTimeSeriesParameters] + ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + aggregateOnConnections: Boolean + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixRelationshipsNumber( + dateAttribute: String + authorId: String + noDirection: Boolean + endDate: DateTime + onlyInferred: Boolean + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + ): Number @auth(for: [KNOWLEDGE, EXPLORE]) + schemaRelationsTypesMapping: [StixRelationshipSchema!]! @auth + schemaRelationsRefTypesMapping: [StixRelationshipSchema!]! @auth + + ######## STIX CORE RELATIONSHIPS + + stixCoreRelationship(id: String): StixCoreRelationship @auth(for: [KNOWLEDGE]) + stixCoreRelationships( + first: Int + after: ID + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + startDate: DateTime + endDate: DateTime + confidences: [Int] + search: String + filters: FilterGroup + stix: Boolean + ): StixCoreRelationshipConnection @auth(for: [KNOWLEDGE]) + stixCoreRelationshipsTimeSeries( + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsMultiTimeSeries( + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime + interval: String! + onlyInferred: Boolean + timeSeriesParameters: [StixCoreRelationshipsTimeSeriesParameters] + ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsDistribution( + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + isTo: Boolean + limit: Int + order: String + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + aggregateOnConnections: Boolean + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsNumber( + dateAttribute: String + authorId: String + noDirection: Boolean + endDate: DateTime + onlyInferred: Boolean + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + confidences: [Int] + search: String + filters: FilterGroup + dynamicFrom: FilterGroup + dynamicTo: FilterGroup + ): Number @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreRelationshipsExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) + + ######## STIX SIGHTING RELATIONSHIPS + + stixSightingRelationship(id: String): StixSightingRelationship @auth(for: [KNOWLEDGE]) + stixSightingRelationships( + first: Int + after: ID + orderBy: StixSightingRelationshipsOrdering + orderMode: OrderingMode + fromOrToId: String + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + firstSeenStart: DateTime + firstSeenStop: DateTime + lastSeenStart: DateTime + lastSeenStop: DateTime + search: String + filters: FilterGroup + toStix: Boolean + ): StixSightingRelationshipConnection @auth(for: [KNOWLEDGE]) + stixSightingRelationshipsTimeSeries( + fromOrToId: String + fromId: StixRef + toId: StixRef + field: String! + operation: StatsOperation! + startDate: DateTime! + endDate: DateTime! + interval: String! + fromTypes: [String] + toTypes: [String] + search: String + filters: FilterGroup + ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) + stixSightingRelationshipsDistribution( + fromOrToId: String + fromId: StixRef + toId: StixRef + field: String! + operation: StatsOperation! + startDate: DateTime + endDate: DateTime + dateAttribute: String + limit: Int + order: String + fromTypes: [String] + toTypes: [String] + search: String + filters: FilterGroup + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixSightingRelationshipsNumber( + dateAttribute: String + fromOrToId: String + fromId: StixRef + toId: StixRef + endDate: DateTime + fromTypes: [String] + toTypes: [String] + search: String + filters: FilterGroup): Number @auth(for: [KNOWLEDGE, EXPLORE]) + + ######## STIX REF RELATIONSHIPS + + stixRefRelationship(id: String): StixRefRelationship @auth(for: [KNOWLEDGE]) + stixRefRelationships( + first: Int + after: ID + orderBy: StixRefRelationshipsOrdering + orderMode: OrderingMode + fromOrToId: String + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: [String] + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + search: String + filters: FilterGroup + toStix: Boolean + ): StixRefRelationshipConnection @auth(for: [KNOWLEDGE]) + stixNestedRefRelationships( + first: Int + after: ID + orderBy: StixRefRelationshipsOrdering + orderMode: OrderingMode + fromOrToId: String + fromId: StixRef + toId: StixRef + fromTypes: [String] + toTypes: [String] + relationship_type: [String] + startTimeStart: DateTime + startTimeStop: DateTime + stopTimeStart: DateTime + stopTimeStop: DateTime + search: String + filters: FilterGroup + toStix: Boolean + ): StixRefRelationshipConnection @auth(for: [KNOWLEDGE]) + stixSchemaRefRelationships( + id: String + toType: String + ): DefinitionRefRelationship @auth(for: [KNOWLEDGE]) + stixRefRelationshipsDistribution( + field: String! + operation: StatsOperation! + relationship_type: [String] + isTo: Boolean + toRole: String + toTypes: [String] + startDate: DateTime + endDate: DateTime + dateAttribute: String + limit: Int + order: String + ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) + stixRefRelationshipsNumber(types: [String!], fromId: StixRef, endDate: DateTime): Number @auth(for: [KNOWLEDGE]) + + ####### ALL + stixObjectOrStixRelationship(id: String!): StixObjectOrStixRelationship @auth(for: [KNOWLEDGE, EXPLORE]) + stixCoreObjectOrStixCoreRelationship(id: String!): StixCoreObjectOrStixCoreRelationship + @auth(for: [KNOWLEDGE, EXPLORE]) +} + +### SUBSCRIPTIONS + +type Subscription { + settings(id: ID!): Settings @auth(for: [SETTINGS]) + settingsMessages(id: ID!): Settings @auth + group(id: ID!): Group @auth(for: [SETTINGS_SETACCESSES]) + user(id: ID!): User @auth(for: [SETTINGS_SETACCESSES]) + label(id: ID!): Label @auth(for: [SETTINGS]) + statusTemplate(id: ID!): StatusTemplate @auth(for: [SETTINGS]) + markingDefinition(id: ID!): MarkingDefinition @auth(for: [SETTINGS]) + killChainPhase(id: ID!): KillChainPhase @auth(for: [SETTINGS]) + stixCoreObject(id: ID!): StixCoreObject @auth(for: [KNOWLEDGE]) + internalObject(id: ID!): InternalObject @auth(for: [SETTINGS]) + stixDomainObject(id: ID!): StixDomainObject @auth(for: [KNOWLEDGE]) + stixCyberObservable(id: ID!): StixCyberObservable @auth(for: [KNOWLEDGE]) + stixCoreRelationship(id: ID!): StixCoreRelationship @auth(for: [KNOWLEDGE]) + stixSightingRelationship(id: ID!): StixSightingRelationship @auth(for: [KNOWLEDGE]) + stixRefRelationship(id: ID!): StixRefRelationship @auth(for: [KNOWLEDGE]) + externalReference(id: ID!): ExternalReference @auth(for: [KNOWLEDGE]) +} + +### MUTATIONS + +###### INTERNAL + +type WorkEditMutations { + delete: ID! + ping: ID! + reportExpectation(error: WorkErrorInput): ID! + addExpectations(expectations: Int): ID! + toReceived(message: String): ID! + toProcessed(message: String, inError: Boolean): ID! +} + +######## INTERNAL OBJECT ENTITIES + +type SettingsEditMutations { + fieldPatch(input: [EditInput]!): Settings + contextPatch(input: EditContext): Settings + contextClean: Settings + editMessage(input: SettingsMessageInput!): Settings + deleteMessage(input: String!): Settings +} +type SubTypeEditMutations { + statusAdd(input: StatusAddInput!): SubType + statusFieldPatch(statusId: String!, input: [EditInput]!): SubType + statusDelete(statusId: String!): SubType +} +type GroupEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): Group + contextPatch(input: EditContext): Group + contextClean: Group + relationAdd(input: InternalRelationshipAddInput!): InternalRelationship + relationDelete(fromId: StixRef, toId: StixRef, relationship_type: String!): Group + editDefaultMarking(input: DefaultMarkingInput!): Group +} +type UserEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): User + contextPatch(input: EditContext): User + contextClean: User + tokenRenew: User + relationAdd(input: InternalRelationshipAddInput!): InternalRelationship + relationDelete(toId: StixRef!, relationship_type: String!): User + organizationAdd(organizationId: ID!): User + organizationDelete(organizationId: ID!): User +} +type RoleEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): Role + contextPatch(input: EditContext): Role + contextClean: Role + relationAdd(input: InternalRelationshipAddInput!): InternalRelationship + relationDelete(toId: StixRef!, relationship_type: String!): Role +} +type AttributeEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): Attribute +} + +type TaxiiCollectionEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): TaxiiCollection +} + +type StreamCollectionEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): StreamCollection + addGroup(id: ID!): StreamCollection + deleteGroup(id: ID!): StreamCollection +} + +type SynchronizerEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): Synchronizer +} + +######## STIX OBJECT +type StixEditMutations { + delete: ID + merge(stixObjectsIds: [String]!): StixObject +} + +######## STIX OBJECT ENTITIES + +######## STIX META OBJECT ENTITIES + +type MarkingDefinitionEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): MarkingDefinition + contextPatch(input: EditContext): MarkingDefinition + contextClean: MarkingDefinition +} +type LabelEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): Label + contextPatch(input: EditContext): Label + contextClean: Label +} +type ExternalReferenceEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(fromId: StixRef!, relationship_type: String!): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) + askEnrichment(connectorId: ID!): Work @auth(for: [KNOWLEDGE_KNENRICHMENT]) + importPush(file: Upload!, noTriggerImport: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) +} +type KillChainPhaseEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): KillChainPhase + contextPatch(input: EditContext): KillChainPhase + contextClean: KillChainPhase + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship + relationDelete(toId: StixRef!, relationship_type: String!): KillChainPhase +} + +######## STIX CORE OBJECT ENTITIES + +type StixCoreObjectEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship + relationsAdd(input: StixRefRelationshipsAddInput!, commitMessage: String, references: [String]): StixCoreObject + relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): StixCoreObject + restrictionOrganizationAdd(organizationId: ID!): StixCoreObject @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + restrictionOrganizationDelete(organizationId: ID!): StixCoreObject @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + askEnrichment(connectorId: ID!): Work @auth(for: [KNOWLEDGE_KNENRICHMENT]) + importPush(file: Upload!, noTriggerImport: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) + exportAsk(format: String!, exportType: String!, maxMarkingDefinition: String): [File!] + @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + exportPush(file: Upload!): Boolean @auth(for: [CONNECTORAPI]) +} + +######## STIX DOMAIN OBJECT ENTITIES + +input StixDomainObjectFileEditInput { + id: String! + order: Int + description: String + inCarousel: Boolean +} + +type StixDomainObjectEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + changeType(newType: String!): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixDomainObject + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationsAdd(input: StixRefRelationshipsAddInput!): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) + importPush(file: Upload!, noTriggerImport: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) + exportAsk(format: String!, exportType: String!, maxMarkingDefinition: String): [File!] + @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + exportPush(file: Upload!): Boolean @auth(for: [CONNECTORAPI]) + stixDomainObjectFileEdit(input: StixDomainObjectFileEditInput): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type AttackPatternEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): AttackPattern + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type CampaignEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Campaign + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) +} +############### Containers +type ContainerEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Container + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Container @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Container @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Container @auth(for: [KNOWLEDGE_KNUPDATE]) + investigationAdd: Workspace @auth(for: [KNOWLEDGE_KNUPDATE]) + knowledgeAddFromInvestigation(workspaceId: ID!): Container @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type NoteEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE, KNOWLEDGE_KNPARTICIPATE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + contextPatch(input: EditContext): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + contextClean: Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) +} +type ObservedDataEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): ObservedData + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type OpinionEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE, KNOWLEDGE_KNPARTICIPATE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + contextPatch(input: EditContext): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + contextClean: Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) +} +type ReportEditMutations { + delete(purgeElements: Boolean): ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Report @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Report @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Report @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Report @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type CourseOfActionEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): CourseOfAction + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) +} +############### Identities +type IdentityEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Identity + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Identity @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type IndividualEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Individual @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type SectorEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Sector @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type SystemEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): System @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): System @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: System @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): System @auth(for: [KNOWLEDGE_KNUPDATE]) +} + +type InfrastructureEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Infrastructure + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type IntrusionSetEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): IntrusionSet + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) +} +############### Locations +type LocationEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Location + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Location @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Location @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Location @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type CityEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): City @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): City @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: City @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): City @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type CountryEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Country @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Country @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Country @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Country @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type RegionEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Region @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Region @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Region @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Region @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type PositionEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Position + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Position @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Position @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Position @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type MalwareEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Malware @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type ThreatActorGroupEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): ThreatActorGroup + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type ToolEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Tool @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type VulnerabilityEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Vulnerability + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) +} +type IncidentEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Incident + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: Incident @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) +} + +######## STIX CYBER OBSERVABLE ENTITIES + +type StixCyberObservableEditMutations { + delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixCyberObservable + @auth(for: [KNOWLEDGE_KNUPDATE]) + contextPatch(input: EditContext): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) + contextClean: StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) + relationsAdd(input: StixRefRelationshipsAddInput!): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) + relationDelete(toId: StixRef!, relationship_type: String!): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) + promote: StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) + importPush(file: Upload!, noTriggerImport: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) + exportAsk(format: String!, exportType: String!, maxMarkingDefinition: String): [File!] + @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + exportPush(file: Upload!): Boolean @auth(for: [CONNECTORAPI]) +} + +######## STIX RELATIONSHIPS + +type StixRelationshipEditMutations { + delete: ID +} + +######## STIX CORE RELATIONSHIPS + +type StixCoreRelationshipEditMutations { + delete: ID + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixCoreRelationship + contextPatch(input: EditContext): StixCoreRelationship + contextClean: StixCoreRelationship + relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship + relationsAdd(input: StixRefRelationshipsAddInput!, commitMessage: String, references: [String]): StixCoreRelationship + relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): StixCoreRelationship + restrictionOrganizationAdd(organizationId: ID!): StixCoreRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + restrictionOrganizationDelete(organizationId: ID!): StixCoreRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) +} + +######## STIX SIGHTING RELATIONSHIPS + +type StixSightingRelationshipEditMutations { + delete: ID + fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixSightingRelationship + contextPatch(input: EditContext): StixSightingRelationship + contextClean: StixSightingRelationship + relationAdd(input: StixRefRelationshipAddInput!): StixSightingRelationship + relationsAdd(input: StixRefRelationshipsAddInput!, commitMessage: String, references: [String]): StixSightingRelationship + relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): StixSightingRelationship + restrictionOrganizationAdd(organizationId: ID!): StixSightingRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) + restrictionOrganizationDelete(organizationId: ID!): StixSightingRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) +} + +######## STIX REF RELATIONSHIPS + +type StixRefRelationshipEditMutations { + delete: ID + fieldPatch(input: [EditInput]!): StixRefRelationship + contextPatch(input: EditContext): StixRefRelationship +} + +### MUTATIONS DECLARATION + +type Mutation { + ###### INTERNAL + deleteImport(fileName: String): ID @auth(for: [KNOWLEDGE_KNASKIMPORT]) + uploadImport(file: Upload!): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) + uploadPending(file: Upload!, entityId: String, labels: [String], errorOnExisting: Boolean): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) + askJobImport(fileName: ID!, connectorId: String, configuration: String, bypassEntityId: String, bypassValidation: Boolean): File + @auth(for: [KNOWLEDGE_KNASKIMPORT]) + resetFileIndexing: Boolean @auth(for: [SETTINGS]) + + ### SYNC + synchronizerAdd(input: SynchronizerAddInput!): Synchronizer @auth(for: [CONNECTORAPI]) + synchronizerEdit(id: ID!): SynchronizerEditMutations @auth(for: [CONNECTORAPI]) + synchronizerStart(id: ID!): Synchronizer @auth(for: [CONNECTORAPI]) + synchronizerStop(id: ID!): Synchronizer @auth(for: [CONNECTORAPI]) + synchronizerTest(input: SynchronizerAddInput): String @auth(for: [CONNECTORAPI]) + + ### WORK + workAdd(connectorId: String!, friendlyName: String): Work! + @auth(for: [KNOWLEDGE_KNASKIMPORT, KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + workEdit(id: ID!): WorkEditMutations @auth(for: [KNOWLEDGE_KNASKIMPORT, KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + workDelete(connectorId: String!): Boolean + + ### TASK + deleteBackgroundTask(id: ID!): ID! + listTaskAdd(input: ListTaskAddInput!): BackgroundTask! + queryTaskAdd(input: QueryTaskAddInput!): BackgroundTask! + + ### RETENTION RULE + retentionRuleAdd(input: RetentionRuleAddInput!): RetentionRule! @auth(for: [SETTINGS]) + retentionRuleCheck(input: RetentionRuleAddInput): Int! @auth(for: [SETTINGS]) + retentionRuleEdit(id: ID!): RetentionRuleEditMutations @auth(for: [SETTINGS]) + + ### RULE + ruleSetActivation(id: ID!, enable: Boolean!): Rule! @auth(for: [SETTINGS]) + ruleManagerClean(eventId: ID): RuleManager! @auth(for: [SETTINGS]) + + ######## INTERNAL OBJECT ENTITIES + token(input: UserLoginInput): String + otpActivation(input: UserOTPActivationInput): MeUser @auth + otpDeactivation: MeUser @auth + otpUserDeactivation(id: ID!): MeUser @auth(for: [SETTINGS_SETACCESSES]) + otpLogin(input: UserOTPLoginInput): Boolean @auth + settingsEdit(id: ID!): SettingsEditMutations @auth(for: [SETTINGS]) + otpSetActivation(input: UserOTPActivationInput): User @auth(for: [SETTINGS]) + subTypeEdit(id: ID!): SubTypeEditMutations @auth(for: [SETTINGS]) + statusTemplateAdd(input: StatusTemplateAddInput!): StatusTemplate! @auth(for: [SETTINGS]) + statusTemplateDelete(id: ID!): ID! @auth(for: [SETTINGS]) + statusTemplateFieldPatch(id: ID!, input: [EditInput!]!): StatusTemplate! @auth(for: [SETTINGS]) + statusTemplateContextPatch(id: ID!, input: EditContext!): StatusTemplate! @auth(for: [SETTINGS]) + statusTemplateContextClean(id: ID!): StatusTemplate! @auth(for: [SETTINGS]) + groupAdd(input: GroupAddInput!): Group @auth(for: [SETTINGS_SETACCESSES]) + groupEdit(id: ID!): GroupEditMutations @auth(for: [SETTINGS_SETACCESSES]) + userAdd(input: UserAddInput!): User @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + userEdit(id: ID!): UserEditMutations @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) + meTokenRenew: MeUser @auth + meEdit(input: [EditInput]!, password: String): MeUser @auth + bookmarkAdd(id: ID!, type: String!): StixDomainObject @auth(for: [KNOWLEDGE]) + bookmarkDelete(id: ID!): ID @auth(for: [KNOWLEDGE]) + logout: ID @auth + roleAdd(input: RoleAddInput!): Role @auth(for: [SETTINGS_SETACCESSES]) + sessionKill(id: ID!): ID @auth(for: [SETTINGS_SETACCESSES]) + userSessionsKill(id: ID!): [ID] @auth(for: [SETTINGS_SETACCESSES]) + roleEdit(id: ID!): RoleEditMutations @auth(for: [SETTINGS_SETACCESSES]) + pingConnector(id: ID!, state: String): Connector @auth(for: [CONNECTORAPI]) + registerConnector(input: RegisterConnectorInput): Connector @auth(for: [CONNECTORAPI]) + resetStateConnector(id: ID!): Connector @auth(for: [MODULES_MODMANAGE]) + deleteConnector(id: ID!): ID! @auth(for: [MODULES_MODMANAGE]) + runtimeAttributeEdit(id: String!, previous: String!, current: String!): ID! @auth(for: [SETTINGS]) + feedAdd(input: FeedAddInput!): Feed @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + feedDelete(id: ID!): ID! @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + feedEdit(id: ID!, input: FeedAddInput!): Feed! @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + taxiiCollectionAdd(input: TaxiiCollectionAddInput!): TaxiiCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + taxiiCollectionEdit(id: ID!): TaxiiCollectionEditMutations @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + streamCollectionAdd(input: StreamCollectionAddInput!): StreamCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + streamCollectionEdit(id: ID!): StreamCollectionEditMutations @auth(for: [TAXIIAPI_SETCOLLECTIONS]) + + ######## STIX OBJECT + stixEdit(id: ID!): StixEditMutations @auth(for: [SETTINGS]) + + ######## STIX OBJECT ENTITIES + + ######## STIX META OBJECT ENTITIES + markingDefinitionAdd(input: MarkingDefinitionAddInput!): MarkingDefinition @auth(for: [SETTINGS_SETMARKINGS]) + markingDefinitionEdit(id: ID!): MarkingDefinitionEditMutations @auth(for: [SETTINGS_SETMARKINGS]) + labelAdd(input: LabelAddInput!): Label @auth(for: [SETTINGS_SETLABELS]) + labelEdit(id: ID!): LabelEditMutations @auth(for: [SETTINGS_SETLABELS]) + externalReferenceAdd(input: ExternalReferenceAddInput!): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) + externalReferenceEdit(id: ID!): ExternalReferenceEditMutations + killChainPhaseAdd(input: KillChainPhaseAddInput!): KillChainPhase @auth(for: [SETTINGS_SETLABELS]) + killChainPhaseEdit(id: ID!): KillChainPhaseEditMutations @auth(for: [SETTINGS_SETLABELS]) + + ######## STIX CORE OBJECT ENTITIES + stixCoreObjectEdit(id: ID!): StixCoreObjectEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) + stixCoreObjectsExportAsk( + format: String! + exportType: String! + maxMarkingDefinition: String + search: String + exportContext: ExportContext + orderBy: StixCoreObjectsOrdering + orderMode: OrderingMode + filters: FilterGroup + selectedIds: [String] + ): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + stixCoreObjectsExportPush(entity_id: String, entity_type: String!, file: Upload!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) + + ######## STIX DOMAIN OBJECT ENTITIES + stixDomainObjectAdd(input: StixDomainObjectAddInput!): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) + stixDomainObjectEdit(id: ID!): StixDomainObjectEditMutations + stixDomainObjectsExportAsk( + format: String! + exportType: String! + maxMarkingDefinition: String + search: String + exportContext: ExportContext + relationship_type: [String] + orderBy: StixDomainObjectsOrdering + orderMode: OrderingMode + filters: FilterGroup + selectedIds: [String] + ): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + stixDomainObjectsDelete(id: [ID]!): [ID]! + stixDomainObjectsExportPush(entity_id: String, entity_type: String!, file: Upload!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) + attackPatternAdd(input: AttackPatternAddInput!): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) + attackPatternEdit(id: ID!): AttackPatternEditMutations + campaignAdd(input: CampaignAddInput!): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) + campaignEdit(id: ID!): CampaignEditMutations + ############### Containers + containerEdit(id: ID!): ContainerEditMutations + noteAdd(input: NoteAddInput!): Note @auth(for: [KNOWLEDGE_KNUPDATE]) + userNoteAdd(input: NoteUserAddInput!): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + noteEdit(id: ID!): NoteEditMutations + observedDataAdd(input: ObservedDataAddInput!): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) + observedDataEdit(id: ID!): ObservedDataEditMutations + opinionAdd(input: OpinionAddInput!): Opinion @auth(for: [KNOWLEDGE_KNUPDATE]) + userOpinionAdd(input: OpinionUserAddInput!): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) + opinionEdit(id: ID!): OpinionEditMutations + reportAdd(input: ReportAddInput!): Report @auth(for: [KNOWLEDGE_KNUPDATE]) + reportEdit(id: ID!): ReportEditMutations + courseOfActionAdd(input: CourseOfActionAddInput!): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) + courseOfActionEdit(id: ID!): CourseOfActionEditMutations + ############### Identities + identityAdd(input: IdentityAddInput!): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) + identityEdit(id: ID!): IdentityEditMutations + individualAdd(input: IndividualAddInput!): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) + individualEdit(id: ID!): IndividualEditMutations + sectorAdd(input: SectorAddInput!): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) + sectorEdit(id: ID!): SectorEditMutations + systemAdd(input: SystemAddInput!): System @auth(for: [KNOWLEDGE_KNUPDATE]) + systemEdit(id: ID!): SystemEditMutations + infrastructureAdd(input: InfrastructureAddInput!): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) + infrastructureEdit(id: ID!): InfrastructureEditMutations + intrusionSetAdd(input: IntrusionSetAddInput!): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) + intrusionSetEdit(id: ID!): IntrusionSetEditMutations + ############### Locations + locationAdd(input: LocationAddInput!): Location @auth(for: [KNOWLEDGE_KNUPDATE]) + locationEdit(id: ID!): LocationEditMutations + cityAdd(input: CityAddInput!): City @auth(for: [KNOWLEDGE_KNUPDATE]) + cityEdit(id: ID!): CityEditMutations + countryAdd(input: CountryAddInput!): Country @auth(for: [KNOWLEDGE_KNUPDATE]) + countryEdit(id: ID!): CountryEditMutations + regionAdd(input: RegionAddInput!): Region @auth(for: [KNOWLEDGE_KNUPDATE]) + regionEdit(id: ID!): RegionEditMutations + positionAdd(input: PositionAddInput!): Position @auth(for: [KNOWLEDGE_KNUPDATE]) + positionEdit(id: ID!): PositionEditMutations + malwareAdd(input: MalwareAddInput!): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) + malwareEdit(id: ID!): MalwareEditMutations + threatActorGroupAdd(input: ThreatActorGroupAddInput!): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) + threatActorGroupEdit(id: ID!): ThreatActorGroupEditMutations + toolAdd(input: ToolAddInput!): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) + toolEdit(id: ID!): ToolEditMutations + vulnerabilityAdd(input: VulnerabilityAddInput!): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) + vulnerabilityEdit(id: ID!): VulnerabilityEditMutations + incidentAdd(input: IncidentAddInput!): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) + incidentEdit(id: ID!): IncidentEditMutations + + ######## STIX CYBER OBSERVABLE ENTITIES + stixCyberObservableAdd( + type: String! + stix_id: StixId + x_opencti_score: Int + x_opencti_description: String + createIndicator: Boolean + createdBy: String + objectMarking: [String] + objectLabel: [String] + objectOrganization: [String] + externalReferences: [String] + clientMutationId: String + update: Boolean + AutonomousSystem: AutonomousSystemAddInput + Directory: DirectoryAddInput + DomainName: DomainNameAddInput + EmailAddr: EmailAddrAddInput + EmailMessage: EmailMessageAddInput + EmailMimePartType: EmailMimePartTypeAddInput + Artifact: ArtifactAddInput + StixFile: StixFileAddInput + X509Certificate: X509CertificateAddInput + IPv4Addr: IPv4AddrAddInput + IPv6Addr: IPv6AddrAddInput + MacAddr: MacAddrAddInput + Mutex: MutexAddInput + NetworkTraffic: NetworkTrafficAddInput + Process: ProcessAddInput + Software: SoftwareAddInput + Url: UrlAddInput + UserAccount: UserAccountAddInput + WindowsRegistryKey: WindowsRegistryKeyAddInput + WindowsRegistryValueType: WindowsRegistryValueTypeAddInput + CryptographicKey: CryptographicKeyAddInput + CryptocurrencyWallet: CryptocurrencyWalletAddInput + Hostname: HostnameAddInput + Text: TextAddInput + UserAgent: UserAgentAddInput + BankAccount: BankAccountAddInput + PhoneNumber: PhoneNumberAddInput + PaymentCard: PaymentCardAddInput + MediaContent: MediaContentAddInput + ): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) + stixCyberObservableEdit(id: ID!): StixCyberObservableEditMutations + stixCyberObservablesExportAsk( + format: String! + exportType: String! + exportContext: ExportContext + maxMarkingDefinition: String + search: String + orderBy: StixCyberObservablesOrdering + orderMode: OrderingMode + filters: FilterGroup + selectedIds: [String] + ): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + stixCyberObservablesExportPush(entity_id: String, entity_type: String!, file: Upload!, listFilters: String): Boolean + artifactImport( + file: Upload! + x_opencti_description: String + createdBy: String + objectMarking: [String] + objectLabel: [String] + ): Artifact + + ######## STIX RELATIONSHIPS + stixRelationshipEdit(id: ID!): StixRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) + + ######## STIX CORE RELATIONSHIPS + stixCoreRelationshipAdd(input: StixCoreRelationshipAddInput, reversedReturn: Boolean): StixCoreRelationship + @auth(for: [KNOWLEDGE_KNUPDATE]) + stixCoreRelationshipEdit(id: ID!): StixCoreRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) + stixCoreRelationshipsExportAsk( + format: String! + exportType: String! + maxMarkingDefinition: String + exportContext: ExportContext + search: String + orderBy: StixCoreRelationshipsOrdering + orderMode: OrderingMode + selectedIds: [String] + fromOrToId: [String] + elementWithTargetTypes: [String] + fromId: [String] + fromRole: String + fromTypes: [String] + toId: [String] + toRole: String + toTypes: [String] + relationship_type: [String] + filters: FilterGroup + ): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) + stixCoreRelationshipDelete(fromId: StixRef!, toId: StixRef!, relationship_type: String!): Boolean! + @auth(for: [KNOWLEDGE_KNUPDATE]) + stixCoreRelationshipsExportPush(entity_id: String, entity_type: String!, file: Upload!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) + + ######## STIX REF RELATIONSHIPS + stixRefRelationshipAdd(input: StixRefRelationshipAddInput!): StixRefRelationship + @auth(for: [KNOWLEDGE_KNUPDATE]) + stixRefRelationshipEdit(id: ID!): StixRefRelationshipEditMutations + @auth(for: [KNOWLEDGE_KNUPDATE]) + + ######## STIX SIGHTING RELATIONSHIPS + stixSightingRelationshipAdd(input: StixSightingRelationshipAddInput!): StixSightingRelationship + @auth(for: [KNOWLEDGE_KNUPDATE]) + stixSightingRelationshipEdit(id: ID!): StixSightingRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) +} diff --git a/plugins/data/opencti/plugin.go b/plugins/data/opencti/plugin.go new file mode 100644 index 00000000..df352108 --- /dev/null +++ b/plugins/data/opencti/plugin.go @@ -0,0 +1,182 @@ +package opencti + +import ( + "bytes" + _ "embed" + "encoding/json" + "fmt" + "net/http" + + "github.com/Masterminds/semver/v3" + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hcldec" + "github.com/wundergraph/graphql-go-tools/v2/pkg/ast" + "github.com/wundergraph/graphql-go-tools/v2/pkg/astparser" + "github.com/wundergraph/graphql-go-tools/v2/pkg/astvalidation" + "github.com/zclconf/go-cty/cty" +) + +var Version = semver.MustParse("0.1.0") + +type Plugin struct{} + +//go:embed opencti.graphql +var graphqlSchema string +var graphqlSchemaBase = ` +schema { + query: Query +}` + +func (Plugin) GetPlugins() []plugininterface.Plugin { + return []plugininterface.Plugin{ + { + Namespace: "blackstork", + Kind: "data", + Name: "opencti", + Version: plugininterface.Version(*Version), + ConfigSpec: &hcldec.ObjectSpec{ + "graphql_url": &hcldec.AttrSpec{ + Name: "graphql_url", + Type: cty.String, + Required: true, + }, + "auth_token": &hcldec.AttrSpec{ + Name: "auth_token", + Type: cty.String, + Required: false, + }, + }, + InvocationSpec: &hcldec.ObjectSpec{ + "graphql_query": &hcldec.AttrSpec{ + Name: "graphql_query", + Type: cty.String, + Required: true, + }, + }, + }, + } +} + +func (Plugin) parseConfig(cfg cty.Value) (string, string, error) { + url := cfg.GetAttr("graphql_url") + if url.IsNull() || url.AsString() == "" { + return "", "", fmt.Errorf("graphql_url is required") + } + authToken := cfg.GetAttr("auth_token") + if authToken.IsNull() { + authToken = cty.StringVal("") + } + return url.AsString(), authToken.AsString(), nil +} + +func (Plugin) parseArgs(args cty.Value) (string, error) { + query := args.GetAttr("graphql_query") + if query.IsNull() || query.AsString() == "" { + return "", fmt.Errorf("graphql_query is required") + } + return query.AsString(), nil +} + +func (p Plugin) Call(args plugininterface.Args) plugininterface.Result { + url, authToken, err := p.parseConfig(args.Config) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse config", + Detail: err.Error(), + }}, + } + } + query, err := p.parseArgs(args.Args) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse arguments", + Detail: err.Error(), + }}, + } + } + + if err := p.validateQuery(query); err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Invalid GraphQL query", + Detail: err.Error(), + }}, + } + } + result, err := p.query(url, query, authToken) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to execute query", + Detail: err.Error(), + }}, + } + } + + return plugininterface.Result{ + Result: result, + } +} + +type requestData struct { + Query string `json:"query"` +} + +func (Plugin) query(url, query, authToken string) (any, error) { + data, err := json.Marshal(requestData{Query: query}) + if err != nil { + return "", err + } + req, err := http.NewRequest("POST", url, bytes.NewReader(data)) + if err != nil { + return "", err + } + // Set the appropriate headers + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Accept", "application/json") + if authToken != "" { + req.Header.Set("Authorization", "Bearer "+authToken) + } + // Send the request + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("unexpected status code: %d", resp.StatusCode) + } + var result any + err = json.NewDecoder(resp.Body).Decode(&result) + if err != nil { + return "", err + } + return result, nil +} + +func (p Plugin) validateQuery(query string) error { + schema, report := astparser.ParseGraphqlDocumentString(graphqlSchema + graphqlSchemaBase) + if report.HasErrors() { + return report + } + doc := ast.NewDocument() + doc.Input.ResetInputString(query) + astparser.NewParser().Parse(doc, &report) + if report.HasErrors() { + return report + } + validator := astvalidation.DefaultOperationValidator() + validator.Validate(doc, &schema, &report) + if report.HasErrors() { + return report + } + return nil +} diff --git a/plugins/data/opencti/plugin_test.go b/plugins/data/opencti/plugin_test.go new file mode 100644 index 00000000..d91119ff --- /dev/null +++ b/plugins/data/opencti/plugin_test.go @@ -0,0 +1,284 @@ +package opencti + +import ( + "context" + "encoding/json" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/stretchr/testify/suite" + "github.com/zclconf/go-cty/cty" +) + +type PluginTestSuite struct { + suite.Suite + ctx context.Context + cancel context.CancelFunc +} + +func (s *PluginTestSuite) SetupTest() { + s.ctx, s.cancel = context.WithCancel(context.Background()) +} + +func (s *PluginTestSuite) TearDownTest() { + s.cancel() +} +func TestPluginTestSuite(t *testing.T) { + suite.Run(t, new(PluginTestSuite)) +} + +func (s *PluginTestSuite) TestGetPlugins() { + plugins := Plugin{}.GetPlugins() + s.Require().Len(plugins, 1, "expected 1 plugin") + got := plugins[0] + s.Equal("opencti", got.Name) + s.Equal("data", got.Kind) + s.Equal("blackstork", got.Namespace) + s.Equal(Version.String(), got.Version.Cast().String()) + s.NotNil(got.ConfigSpec) + s.NotNil(got.InvocationSpec) +} + +func (s *PluginTestSuite) TestBasicValid() { + want := plugininterface.Result{ + Result: jsonAny(` + { + "data": { + "stixCoreRelationships": { + "edges": [] + } + } + } + `), + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + s.Equal("application/json", r.Header.Get("Content-Type")) + s.Equal("application/json", r.Header.Get("Accept")) + body, err := io.ReadAll(r.Body) + s.NoError(err) + s.Equal(`{"query":"query issue { stixCoreRelationships { edges { node { x_opencti_stix_ids } } } }"}`, string(body)) + s.Equal("POST", r.Method) + w.Write([]byte(` + { + "data": { + "stixCoreRelationships": { + "edges": [] + } + } + } + `)) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal(srv.URL), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal("query issue { stixCoreRelationships { edges { node { x_opencti_stix_ids } } } }"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestFailRequest() { + want := plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to execute query", + Detail: "unexpected status code: 404", + }, + }, + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusNotFound) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal(srv.URL), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal("query issue { stixCoreRelationships { edges { node { x_opencti_stix_ids } } } }"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestInvalidQuery() { + want := plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid GraphQL query", + Detail: "external: field: stixCoreRelationshipsInvalid not defined on type: Query, locations: [], path: [query]", + }, + }, + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + s.Equal("application/json", r.Header.Get("Content-Type")) + s.Equal("application/json", r.Header.Get("Accept")) + body, err := io.ReadAll(r.Body) + s.NoError(err) + s.Equal(`{"query":"query issue { stixCoreRelationshipsInvalid { edges { node { x_opencti_stix_ids } } } }"}`, string(body)) + s.Equal("POST", r.Method) + w.Write([]byte(` + { + "data": { + "stixCoreRelationships": { + "edges": [] + } + } + } + `)) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal(srv.URL), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal("query issue { stixCoreRelationshipsInvalid { edges { node { x_opencti_stix_ids } } } }"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestWithAuth() { + want := plugininterface.Result{ + Result: jsonAny(` + { + "data": { + "stixCoreRelationships": { + "edges": [] + } + } + } + `), + } + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + s.Equal("Bearer token-123", r.Header.Get("Authorization")) + s.Equal("application/json", r.Header.Get("Content-Type")) + s.Equal("application/json", r.Header.Get("Accept")) + body, err := io.ReadAll(r.Body) + s.NoError(err) + s.Equal(`{"query":"query issue { stixCoreRelationships { edges { node { x_opencti_stix_ids } } } }"}`, string(body)) + s.Equal("POST", r.Method) + w.Write([]byte(` + { + "data": { + "stixCoreRelationships": { + "edges": [] + } + } + } + `)) + })) + defer srv.Close() + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal(srv.URL), + "auth_token": cty.StringVal("token-123"), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal("query issue { stixCoreRelationships { edges { node { x_opencti_stix_ids } } } }"), + }), + }) + s.Equal(want, result) +} + +func (s *PluginTestSuite) TestNullURL() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.NullVal(cty.String), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse config", result.Diags[0].Summary) +} + +func (s *PluginTestSuite) TestEmptyURL() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal(""), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal("query{user{id,name}}"), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse config", result.Diags[0].Summary) +} + +func (s *PluginTestSuite) TestEmptyQuery() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal("http://localhost"), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.StringVal(""), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse arguments", result.Diags[0].Summary) +} + +func (s *PluginTestSuite) TestNullQuery() { + p := Plugin{} + result := p.Call(plugininterface.Args{ + Kind: "data", + Name: "opencti", + Config: cty.ObjectVal(map[string]cty.Value{ + "graphql_url": cty.StringVal("http://localhost"), + "auth_token": cty.NullVal(cty.String), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "graphql_query": cty.NullVal(cty.String), + }), + }) + s.Len(result.Diags, 1) + s.Equal("Failed to parse arguments", result.Diags[0].Summary) +} + +func jsonAny(s string) any { + var v any + err := json.Unmarshal([]byte(s), &v) + if err != nil { + panic(err) + } + return v +} diff --git a/plugins/data/postgresql/plugin.go b/plugins/data/postgresql/plugin.go new file mode 100644 index 00000000..03d9875f --- /dev/null +++ b/plugins/data/postgresql/plugin.go @@ -0,0 +1,194 @@ +package postgresql + +import ( + "database/sql" + "errors" + "fmt" + + "github.com/Masterminds/semver/v3" + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hcldec" + _ "github.com/lib/pq" + "github.com/zclconf/go-cty/cty" +) + +var Version = semver.MustParse("0.1.0") + +type Plugin struct{} + +func (Plugin) GetPlugins() []plugininterface.Plugin { + return []plugininterface.Plugin{ + { + Namespace: "blackstork", + Kind: "data", + Name: "postgresql", + Version: plugininterface.Version(*Version), + ConfigSpec: &hcldec.ObjectSpec{ + "database_url": &hcldec.AttrSpec{ + Name: "database_url", + Type: cty.String, + Required: true, + }, + }, + InvocationSpec: &hcldec.ObjectSpec{ + "sql_query": &hcldec.AttrSpec{ + Name: "sql_query", + Type: cty.String, + Required: true, + }, + "sql_args": &hcldec.AttrSpec{ + Name: "sql_args", + Type: cty.List(cty.DynamicPseudoType), + Required: false, + }, + }, + }, + } +} + +func (Plugin) parseConfig(cfg cty.Value) (string, error) { + dbURL := cfg.GetAttr("database_url") + if dbURL.IsNull() || dbURL.AsString() == "" { + return "", errors.New("database_url is required") + } + return dbURL.AsString(), nil +} + +func (Plugin) parseArgs(args cty.Value) (string, []any, error) { + sqlQuery := args.GetAttr("sql_query") + if sqlQuery.IsNull() || sqlQuery.AsString() == "" { + return "", nil, errors.New("sql_query is required") + } + sqlArgs := args.GetAttr("sql_args") + if sqlArgs.IsNull() || sqlArgs.LengthInt() == 0 { + return sqlQuery.AsString(), nil, nil + } + argsList := sqlArgs.AsValueSlice() + argsResult := make([]any, len(argsList)) + for i, arg := range argsList { + switch { + case arg.IsNull(): + argsResult[i] = nil + case arg.Type() == cty.Number: + n, _ := arg.AsBigFloat().Float64() + argsResult[i] = n + case arg.Type() == cty.String: + argsResult[i] = arg.AsString() + case arg.Type() == cty.Bool: + argsResult[i] = arg.True() + default: + return "", nil, errors.New("sql_args must be a list of strings, numbers, or booleans") + } + } + return sqlQuery.AsString(), argsResult, nil + +} +func (p Plugin) Call(args plugininterface.Args) plugininterface.Result { + dbURL, err := p.parseConfig(args.Config) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid configuration", + Detail: err.Error(), + }, + }, + } + } + sqlQuery, sqlArgs, err := p.parseArgs(args.Args) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid arguments", + Detail: err.Error(), + }, + }, + } + } + + db, err := sql.Open("postgres", dbURL) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to open database", + Detail: err.Error(), + }, + }, + } + } + err = db.Ping() + fmt.Printf("ping: %v\n", err) + defer db.Close() + rows, err := db.Query(sqlQuery, sqlArgs...) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to query database", + Detail: err.Error(), + }, + }, + } + } + // read columns + columns, err := rows.Columns() + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to get column names", + Detail: err.Error(), + }, + }, + } + } + result := make([]map[string]any, 0) + // read rows + for rows.Next() { + // create a map of column name to column value + columnValArr := make([]any, len(columns)) + columnPtrArr := make([]any, len(columns)) + for i := range columns { + columnPtrArr[i] = &columnValArr[i] + } + err = rows.Scan(columnPtrArr...) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to scan row", + Detail: err.Error(), + }, + }, + } + } + row := make(map[string]any) + for i, column := range columns { + row[column] = columnValArr[i] + } + result = append(result, row) + } + if err := rows.Err(); err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to read rows", + Detail: err.Error(), + }, + }, + } + } + return plugininterface.Result{ + Result: result, + } +} diff --git a/plugins/data/postgresql/plugin_integration_test.go b/plugins/data/postgresql/plugin_integration_test.go new file mode 100644 index 00000000..c28b4a42 --- /dev/null +++ b/plugins/data/postgresql/plugin_integration_test.go @@ -0,0 +1,267 @@ +package postgresql + +import ( + "context" + "database/sql" + "path/filepath" + "testing" + "time" + + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/stretchr/testify/suite" + "github.com/testcontainers/testcontainers-go" + "github.com/testcontainers/testcontainers-go/modules/postgres" + "github.com/testcontainers/testcontainers-go/wait" + "github.com/zclconf/go-cty/cty" +) + +// IntegrationTestSuite is a test suite to test integration with real postgres instance +type IntegrationTestSuite struct { + suite.Suite + container *postgres.PostgresContainer + connURL string + plugin Plugin + ctx context.Context +} + +func TestIntegrationSuite(t *testing.T) { + if testing.Short() { + t.Skip("skipping integration tests") + } + suite.Run(t, &IntegrationTestSuite{}) +} + +func (s *IntegrationTestSuite) SetupSuite() { + s.ctx = context.Background() + opts := []testcontainers.ContainerCustomizer{ + testcontainers.WithImage("docker.io/postgres:15.2-alpine"), + postgres.WithInitScripts(filepath.Join("testdata", "data.sql")), + postgres.WithDatabase("testusr123"), + postgres.WithPassword("testpsw123"), + testcontainers.WithWaitStrategy( + wait.ForLog("database system is ready to accept connections"). + WithOccurrence(2). + WithStartupTimeout(5 * time.Second)), + } + container, err := postgres.RunContainer(s.ctx, opts...) + s.Require().NoError(err, "failed to start postgres container") + s.container = container + connURL, err := container.ConnectionString(s.ctx, "sslmode=disable") + s.Require().NoError(err, "failed to get postgres connection string") + s.connURL = connURL + db, err := sql.Open("postgres", connURL) + s.Require().NoError(err, "failed to open postgres database") + err = db.Ping() + s.Require().NoError(err, "failed to ping postgres database") + err = db.Close() + s.Require().NoError(err, "failed to close postgres database") +} + +func (s *IntegrationTestSuite) TearDownSuite() { + s.Require().NoError(s.container.Terminate(s.ctx), "failed to stop postgres container") +} + +func (s *IntegrationTestSuite) TestEmptyDatabaseURL() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(""), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid configuration", + Detail: "database_url is required", + }, + }, + }) +} +func (s *IntegrationTestSuite) TestNilDatabaseURL() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.NullVal(cty.String), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid configuration", + Detail: "database_url is required", + }, + }, + }) +} + +func (s *IntegrationTestSuite) TestEmptySQLQuery() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(""), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid arguments", + Detail: "sql_query is required", + }, + }, + }) +} +func (s *IntegrationTestSuite) TestNilSQLQuery() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.NullVal(cty.String), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid arguments", + Detail: "sql_query is required", + }, + }, + }) +} + +func (s *IntegrationTestSuite) TestSelectEmptyTable() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(`SELECT * FROM testdata_empty`), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Result: []map[string]any{}, + }) +} + +func (s *IntegrationTestSuite) TestSelect() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(`SELECT * FROM testdata`), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Result: []map[string]any{ + { + "id": int64(1), + "text_val": "text_1", + "int_val": int64(1), + "bool_val": true, + }, + { + "id": int64(2), + "text_val": "text_2", + "int_val": int64(2), + "bool_val": false, + }, + }, + }) +} + +func (s *IntegrationTestSuite) TestSelectSomeFields() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(`SELECT id, text_val AS text FROM testdata`), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Result: []map[string]any{ + { + "id": int64(1), + "text": "text_1", + }, + { + "id": int64(2), + "text": "text_2", + }, + }, + }) +} + +func (s *IntegrationTestSuite) TestSelectWithArgs() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(`SELECT * FROM testdata WHERE bool_val = $1;`), + "sql_args": cty.ListVal([]cty.Value{ + cty.BoolVal(false), + }), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Result: []map[string]any{ + { + "id": int64(2), + "text_val": "text_2", + "int_val": int64(2), + "bool_val": false, + }, + }, + }) +} + +func (s *IntegrationTestSuite) TestSelectWithMissingArgs() { + res := s.plugin.Call(plugininterface.Args{ + Kind: "data", + Name: "postgresql", + Config: cty.ObjectVal(map[string]cty.Value{ + "database_url": cty.StringVal(s.connURL), + }), + Args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(`SELECT * FROM testdata WHERE bool_val = $1;`), + "sql_args": cty.NullVal(cty.List(cty.DynamicPseudoType)), + }), + }) + s.Require().Equal(res, plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to query database", + Detail: "pq: there is no parameter $1", + }, + }, + }) +} diff --git a/plugins/data/postgresql/plugin_test.go b/plugins/data/postgresql/plugin_test.go new file mode 100644 index 00000000..77b2dbf7 --- /dev/null +++ b/plugins/data/postgresql/plugin_test.go @@ -0,0 +1,21 @@ +package postgresql + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestPlugin_GetPlugins(t *testing.T) { + plugin := Plugin{} + plugins := plugin.GetPlugins() + require.Len(t, plugins, 1, "expected 1 plugin") + got := plugins[0] + assert.Equal(t, "postgresql", got.Name) + assert.Equal(t, "data", got.Kind) + assert.Equal(t, "blackstork", got.Namespace) + assert.Equal(t, Version.String(), got.Version.Cast().String()) + assert.NotNil(t, got.ConfigSpec) + assert.NotNil(t, got.InvocationSpec) +} diff --git a/plugins/data/postgresql/testdata/data.sql b/plugins/data/postgresql/testdata/data.sql new file mode 100644 index 00000000..ca0cbf54 --- /dev/null +++ b/plugins/data/postgresql/testdata/data.sql @@ -0,0 +1,14 @@ +CREATE TABLE testdata_empty ( + id SERIAL PRIMARY KEY, + name text +); + +CREATE TABLE testdata ( + id SERIAL PRIMARY KEY, + text_val text, + int_val integer, + bool_val boolean +); + +INSERT INTO testdata (text_val, int_val, bool_val) VALUES ('text_1', 1, true); +INSERT INTO testdata (text_val, int_val, bool_val) VALUES ('text_2', 2, false); \ No newline at end of file diff --git a/plugins/data/sqlite/helpers_test.go b/plugins/data/sqlite/helpers_test.go new file mode 100644 index 00000000..7d9ee7e7 --- /dev/null +++ b/plugins/data/sqlite/helpers_test.go @@ -0,0 +1,94 @@ +package sqlite + +import ( + "database/sql" + "fmt" + "io/fs" + "os" + "path/filepath" + "strings" + "testing" +) + +type testFS struct { + FS fs.FS + path string +} + +func makeTestFS(tb testing.TB) testFS { + tb.Helper() + + path, err := filepath.EvalSymlinks(tb.TempDir()) + if err != nil { + tb.Fatalf("failed to create testFS: %s", err) + } + + path = filepath.ToSlash(path) + + tb.Logf("creating testFS at %s", path) + return testFS{ + FS: os.DirFS(path), + path: path, + } +} + +func (t testFS) Open(name string) (fs.File, error) { + return t.FS.Open(filepath.ToSlash(name)) +} + +func (t testFS) Path() string { + return t.path +} + +func (t testFS) WriteFile(name string, data []byte, perm os.FileMode) error { + name = filepath.ToSlash(name) + if filepath.IsAbs(name) { + if strings.HasPrefix(name, t.path) { + return os.WriteFile(name, data, perm) + } + return fmt.Errorf("path is outside test fs root folder") + } + return os.WriteFile(filepath.ToSlash(filepath.Join(t.path, name)), data, perm) +} + +func (t testFS) MkdirAll(path string, perm os.FileMode) error { + path = filepath.ToSlash(path) + if filepath.IsAbs(path) { + if strings.HasPrefix(path, t.path) { + return os.MkdirAll(path, perm) + } + return fmt.Errorf("path is outside test fs root folder") + } + return os.MkdirAll(filepath.ToSlash(filepath.Join(t.path, path)), perm) +} + +func prepareTestDB(tb testing.TB, data testData) { + tb.Helper() + db, err := sql.Open("sqlite3", data.dsn) + if err != nil { + tb.Fatalf("failed to open database: %s", err) + } + defer db.Close() + _, err = db.Exec(data.schema) + if err != nil { + tb.Fatalf("failed to create schema: %s", err) + } + for _, row := range data.data { + columns := make([]string, 0, len(row)) + values := make([]any, 0, len(row)) + for column, value := range row { + columns = append(columns, column) + values = append(values, value) + } + _, err = db.Exec(fmt.Sprintf("INSERT INTO testdata (%s) VALUES (%s)", strings.Join(columns, ","), strings.Join(strings.Split(strings.Repeat("?", len(values)), ""), ",")), values...) + if err != nil { + tb.Fatalf("failed to insert row: %s", err) + } + } +} + +type testData struct { + dsn string + schema string + data []map[string]any +} diff --git a/plugins/data/sqlite/plugin.go b/plugins/data/sqlite/plugin.go new file mode 100644 index 00000000..d13314b7 --- /dev/null +++ b/plugins/data/sqlite/plugin.go @@ -0,0 +1,191 @@ +package sqlite + +import ( + "database/sql" + "errors" + + "github.com/Masterminds/semver/v3" + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hcldec" + _ "github.com/mattn/go-sqlite3" + "github.com/zclconf/go-cty/cty" +) + +var Version = semver.MustParse("0.1.0") + +type Plugin struct{} + +func (Plugin) GetPlugins() []plugininterface.Plugin { + return []plugininterface.Plugin{ + { + Namespace: "blackstork", + Kind: "data", + Name: "sqlite", + Version: plugininterface.Version(*Version), + ConfigSpec: &hcldec.ObjectSpec{ + "database_uri": &hcldec.AttrSpec{ + Name: "database_uri", + Type: cty.String, + Required: true, + }, + }, + InvocationSpec: &hcldec.ObjectSpec{ + "sql_query": &hcldec.AttrSpec{ + Name: "sql_query", + Type: cty.String, + Required: true, + }, + "sql_args": &hcldec.AttrSpec{ + Name: "sql_args", + Type: cty.List(cty.DynamicPseudoType), + Required: false, + }, + }, + }, + } +} + +func (Plugin) parseConfig(cfg cty.Value) (string, error) { + dbURI := cfg.GetAttr("database_uri") + if dbURI.IsNull() || dbURI.AsString() == "" { + return "", errors.New("database_uri is required") + } + return dbURI.AsString(), nil +} + +func (Plugin) parseArgs(args cty.Value) (string, []any, error) { + sqlQuery := args.GetAttr("sql_query") + if sqlQuery.IsNull() || sqlQuery.AsString() == "" { + return "", nil, errors.New("sql_query is required") + } + sqlArgs := args.GetAttr("sql_args") + if sqlArgs.IsNull() || sqlArgs.LengthInt() == 0 { + return sqlQuery.AsString(), nil, nil + } + argsList := sqlArgs.AsValueSlice() + argsResult := make([]any, len(argsList)) + for i, arg := range argsList { + switch { + case arg.IsNull(): + argsResult[i] = nil + case arg.Type() == cty.Number: + n, _ := arg.AsBigFloat().Float64() + argsResult[i] = n + case arg.Type() == cty.String: + argsResult[i] = arg.AsString() + case arg.Type() == cty.Bool: + argsResult[i] = arg.True() + default: + return "", nil, errors.New("sql_args must be a list of strings, numbers, or booleans") + } + } + return sqlQuery.AsString(), argsResult, nil + +} +func (p Plugin) Call(args plugininterface.Args) plugininterface.Result { + dbURI, err := p.parseConfig(args.Config) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid configuration", + Detail: err.Error(), + }, + }, + } + } + sqlQuery, sqlArgs, err := p.parseArgs(args.Args) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid arguments", + Detail: err.Error(), + }, + }, + } + } + + db, err := sql.Open("sqlite3", dbURI) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to open database", + Detail: err.Error(), + }, + }, + } + } + defer db.Close() + rows, err := db.Query(sqlQuery, sqlArgs...) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to query database", + Detail: err.Error(), + }, + }, + } + } + // read columns + columns, err := rows.Columns() + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to get column names", + Detail: err.Error(), + }, + }, + } + } + result := make([]map[string]any, 0) + // read rows + for rows.Next() { + // create a map of column name to column value + columnValArr := make([]any, len(columns)) + columnPtrArr := make([]any, len(columns)) + for i := range columns { + columnPtrArr[i] = &columnValArr[i] + } + err = rows.Scan(columnPtrArr...) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to scan row", + Detail: err.Error(), + }, + }, + } + } + row := make(map[string]any) + for i, column := range columns { + row[column] = columnValArr[i] + } + result = append(result, row) + } + if err := rows.Err(); err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to read rows", + Detail: err.Error(), + }, + }, + } + } + return plugininterface.Result{ + Result: result, + } +} diff --git a/plugins/data/sqlite/plugin_test.go b/plugins/data/sqlite/plugin_test.go new file mode 100644 index 00000000..12be7a26 --- /dev/null +++ b/plugins/data/sqlite/plugin_test.go @@ -0,0 +1,290 @@ +package sqlite + +import ( + "path" + "testing" + + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/zclconf/go-cty/cty" +) + +func TestPlugin_GetPlugins(t *testing.T) { + plugin := Plugin{} + plugins := plugin.GetPlugins() + require.Len(t, plugins, 1, "expected 1 plugin") + got := plugins[0] + assert.Equal(t, "sqlite", got.Name) + assert.Equal(t, "data", got.Kind) + assert.Equal(t, "blackstork", got.Namespace) + assert.Equal(t, Version.String(), got.Version.Cast().String()) + assert.NotNil(t, got.ConfigSpec) + assert.NotNil(t, got.InvocationSpec) +} + +func TestPlugin_Call(t *testing.T) { + tt := []struct { + name string + cfg cty.Value + args cty.Value + before func(tb testing.TB, fs testFS) string + expected plugininterface.Result + }{ + { + name: "empty_database_uri", + cfg: cty.ObjectVal(map[string]cty.Value{ + "database_uri": cty.StringVal(""), + }), + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid configuration", + Detail: "database_uri is required", + }, + }, + }, + }, + { + name: "nil_database_uri", + cfg: cty.ObjectVal(map[string]cty.Value{ + "database_uri": cty.NullVal(cty.String), + }), + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid configuration", + Detail: "database_uri is required", + }, + }, + }, + }, + { + name: "empty_sql_query", + cfg: cty.ObjectVal(map[string]cty.Value{ + "database_uri": cty.StringVal("file:./file.db"), + }), + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal(""), + }), + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid arguments", + Detail: "sql_query is required", + }, + }, + }, + }, + { + name: "nil_sql_query", + cfg: cty.ObjectVal(map[string]cty.Value{ + "database_uri": cty.StringVal("file:./file.db"), + }), + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.NullVal(cty.String), + }), + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Invalid arguments", + Detail: "sql_query is required", + }, + }, + }, + }, + { + name: "empty_table", + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal("SELECT * FROM testdata"), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + before: func(tb testing.TB, fs testFS) string { + dsn := "file:" + path.Join(fs.path, "file.db") + prepareTestDB(tb, testData{ + dsn: dsn, + schema: "CREATE TABLE testdata (id INTEGER PRIMARY KEY, text_val TEXT)", + data: []map[string]any{}, + }) + return dsn + }, + expected: plugininterface.Result{ + Result: []map[string]any{}, + }, + }, + { + name: "non_empty_table", + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal("SELECT * FROM testdata"), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + before: func(tb testing.TB, fs testFS) string { + dsn := "file:" + path.Join(fs.path, "file.db") + prepareTestDB(tb, testData{ + dsn: dsn, + schema: "CREATE TABLE testdata (id INTEGER PRIMARY KEY, text_val TEXT, num_val INTEGER, bool_val BOOLEAN)", + data: []map[string]any{ + { + "id": int64(1), + "text_val": "text_1", + "num_val": int64(1), + "bool_val": true, + }, + { + "id": int64(2), + "text_val": "text_2", + "num_val": int64(2), + "bool_val": false, + }, + }, + }) + return dsn + }, + expected: plugininterface.Result{ + Result: []map[string]any{ + { + "id": int64(1), + "text_val": "text_1", + "num_val": int64(1), + "bool_val": true, + }, + { + "id": int64(2), + "text_val": "text_2", + "num_val": int64(2), + "bool_val": false, + }, + }, + }, + }, + { + name: "with_sql_args", + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal("SELECT * FROM testdata WHERE bool_val = $1;"), + "sql_args": cty.ListVal([]cty.Value{cty.BoolVal(false)}), + }), + before: func(tb testing.TB, fs testFS) string { + dsn := "file:" + path.Join(fs.path, "file.db") + prepareTestDB(tb, testData{ + dsn: dsn, + schema: "CREATE TABLE testdata (id INTEGER PRIMARY KEY, text_val TEXT, num_val INTEGER, bool_val BOOLEAN)", + data: []map[string]any{ + { + "id": int64(1), + "text_val": "text_1", + "num_val": int64(1), + "bool_val": true, + }, + { + "id": int64(2), + "text_val": "text_2", + "num_val": int64(2), + "bool_val": false, + }, + }, + }) + return dsn + }, + expected: plugininterface.Result{ + Result: []map[string]any{ + { + "id": int64(2), + "text_val": "text_2", + "num_val": int64(2), + "bool_val": false, + }, + }, + }, + }, + { + name: "missing_sql_args", + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal("SELECT * FROM testdata WHERE bool_val = $1;"), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + before: func(tb testing.TB, fs testFS) string { + dsn := "file:" + path.Join(fs.path, "file.db") + prepareTestDB(tb, testData{ + dsn: dsn, + schema: "CREATE TABLE testdata (id INTEGER PRIMARY KEY, text_val TEXT, num_val INTEGER, bool_val BOOLEAN)", + data: []map[string]any{ + { + "id": int64(1), + "text_val": "text_1", + "num_val": int64(1), + "bool_val": true, + }, + { + "id": int64(2), + "text_val": "text_2", + "num_val": int64(2), + "bool_val": false, + }, + }, + }) + return dsn + }, + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to query database", + Detail: "not enough args to execute query: want 1 got 0", + }, + }, + }, + }, + { + name: "table_not_found", + args: cty.ObjectVal(map[string]cty.Value{ + "sql_query": cty.StringVal("SELECT * FROM testdata"), + "sql_args": cty.ListValEmpty(cty.DynamicPseudoType), + }), + before: func(tb testing.TB, fs testFS) string { + dsn := "file:" + path.Join(fs.path, "file.db") + prepareTestDB(tb, testData{ + dsn: dsn, + schema: "CREATE TABLE testdata_other (id INTEGER PRIMARY KEY)", + data: []map[string]any{}, + }) + return dsn + }, + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to query database", + Detail: "no such table: testdata", + }, + }, + }, + }, + } + + for _, tc := range tt { + t.Run(tc.name, func(t *testing.T) { + plugin := Plugin{} + args := plugininterface.Args{ + Kind: "data", + Name: "sqlite", + Config: tc.cfg, + Args: tc.args, + } + if tc.before != nil { + fs := makeTestFS(t) + dsn := tc.before(t, fs) + args.Config = cty.ObjectVal(map[string]cty.Value{ + "database_uri": cty.StringVal(dsn), + }) + } + got := plugin.Call(args) + assert.Equal(t, tc.expected, got) + }) + } + +} diff --git a/plugins/data/terraform/plugin.go b/plugins/data/terraform/plugin.go new file mode 100644 index 00000000..92b26ad7 --- /dev/null +++ b/plugins/data/terraform/plugin.go @@ -0,0 +1,75 @@ +package terraform + +import ( + "encoding/json" + "fmt" + "os" + + "github.com/Masterminds/semver/v3" + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hcldec" + "github.com/zclconf/go-cty/cty" +) + +var Version = semver.MustParse("0.1.0") + +type Plugin struct{} + +func (Plugin) GetPlugins() []plugininterface.Plugin { + return []plugininterface.Plugin{ + { + Namespace: "blackstork", + Kind: "data", + Name: "terraform_state_local", + Version: plugininterface.Version(*Version), + ConfigSpec: nil, + InvocationSpec: &hcldec.ObjectSpec{ + "path": &hcldec.AttrSpec{ + Name: "path", + Type: cty.String, + Required: true, + }, + }, + }, + } +} + +func (p Plugin) Call(args plugininterface.Args) plugininterface.Result { + path := args.Args.GetAttr("path") + if path.IsNull() || path.AsString() == "" { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to parse arguments", + Detail: "path is required", + }}, + } + } + data, err := p.readFS(path.AsString()) + if err != nil { + return plugininterface.Result{ + Diags: hcl.Diagnostics{{ + Severity: hcl.DiagError, + Summary: "Failed to read terraform state", + Detail: err.Error(), + }}, + } + } + return plugininterface.Result{ + Result: data, + } +} + +func (p Plugin) readFS(fp string) (map[string]any, error) { + data, err := os.ReadFile(fp) + if err != nil { + return nil, err + } + var result map[string]any + err = json.Unmarshal(data, &result) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal json: %w", err) + } + return result, nil +} diff --git a/plugins/data/terraform/plugin_test.go b/plugins/data/terraform/plugin_test.go new file mode 100644 index 00000000..c6029267 --- /dev/null +++ b/plugins/data/terraform/plugin_test.go @@ -0,0 +1,92 @@ +package terraform + +import ( + "testing" + + "github.com/blackstork-io/fabric/plugininterface/v1" + "github.com/hashicorp/hcl/v2" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/zclconf/go-cty/cty" +) + +func TestPlugin_GetPlugins(t *testing.T) { + plugin := Plugin{} + plugins := plugin.GetPlugins() + require.Len(t, plugins, 1, "expected 1 plugin") + got := plugins[0] + assert.Equal(t, "terraform_state_local", got.Name) + assert.Equal(t, "data", got.Kind) + assert.Equal(t, "blackstork", got.Namespace) + assert.Equal(t, Version.String(), got.Version.Cast().String()) + assert.Nil(t, got.ConfigSpec) + assert.NotNil(t, got.InvocationSpec) +} + +func TestPlugin_Call(t *testing.T) { + tt := []struct { + name string + path string + expected plugininterface.Result + }{ + { + name: "notfound", + path: "testdata/notfound.tfstate", + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to read terraform state", + Detail: "open testdata/notfound.tfstate: no such file or directory", + }, + }, + }, + }, + { + name: "empty_path", + path: "", + expected: plugininterface.Result{ + Diags: hcl.Diagnostics{ + { + Severity: hcl.DiagError, + Summary: "Failed to parse arguments", + Detail: "path is required", + }, + }, + }, + }, + { + name: "valid", + path: "testdata/terraform.tfstate", + expected: plugininterface.Result{ + Result: map[string]any{ + "version": float64(1), + "serial": float64(0), + "modules": []any{ + map[string]any{ + "path": []any{"root"}, + "outputs": map[string]any{}, + "resources": map[string]any{}, + }, + }, + }, + }, + }, + } + + for _, tc := range tt { + t.Run(tc.name, func(t *testing.T) { + plugin := Plugin{} + args := plugininterface.Args{ + Kind: "data", + Name: "terraform_state_local", + Args: cty.ObjectVal(map[string]cty.Value{ + "path": cty.StringVal(tc.path), + }), + } + got := plugin.Call(args) + assert.Equal(t, tc.expected, got) + }) + } + +} diff --git a/plugins/data/terraform/testdata/terraform.tfstate b/plugins/data/terraform/testdata/terraform.tfstate new file mode 100644 index 00000000..93360746 --- /dev/null +++ b/plugins/data/terraform/testdata/terraform.tfstate @@ -0,0 +1,11 @@ +{ + "version": 1, + "serial": 0, + "modules": [ + { + "path": ["root"], + "outputs": {}, + "resources": {} + } + ] +}