Babashka MCP Server

### DIRECTIVES directive @auth(for: [Capabilities] = [], and: Boolean = false) on OBJECT | FIELD_DEFINITION directive @public on OBJECT | FIELD_DEFINITION directive @constraint( # String constraints minLength: Int maxLength: Int startsWith: String endsWith: String notContains: String pattern: String format: String # Number constraints min: Int max: Int exclusiveMin: Int exclusiveMax: Int multipleOf: Int ) on INPUT_FIELD_DEFINITION ### SCALAR scalar DateTime scalar ConstraintString scalar ConstraintNumber scalar Upload scalar StixId scalar StixRef scalar Any scalar JSON enum State { wait progress complete timeout } enum Capabilities { CONNECTORAPI KNOWLEDGE KNOWLEDGE_KNUPDATE KNOWLEDGE_KNPARTICIPATE KNOWLEDGE_KNUPDATE_KNDELETE KNOWLEDGE_KNUPDATE_KNORGARESTRICT KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS KNOWLEDGE_KNUPLOAD KNOWLEDGE_KNASKIMPORT KNOWLEDGE_KNGETEXPORT KNOWLEDGE_KNGETEXPORT_KNASKEXPORT KNOWLEDGE_KNENRICHMENT EXPLORE EXPLORE_EXUPDATE EXPLORE_EXUPDATE_EXDELETE EXPLORE_EXUPDATE_PUBLISH INVESTIGATION INVESTIGATION_INUPDATE INVESTIGATION_INUPDATE_INDELETE MODULES MODULES_MODMANAGE SETTINGS SETTINGS_SETPARAMETERS SETTINGS_SETACCESSES SETTINGS_SETMARKINGS SETTINGS_SETLABELS SETTINGS_SETCUSTOMIZATION SETTINGS_SECURITYACTIVITY SETTINGS_FILEINDEXING SETTINGS_SUPPORT TAXIIAPI TAXIIAPI_SETCOLLECTIONS INGESTION INGESTION_SETINGESTIONS CSVMAPPERS VIRTUAL_ORGANIZATION_ADMIN } enum MemberType { User Group Organization } ### RELAY type PageInfo { startCursor: String! endCursor: String! hasNextPage: Boolean! hasPreviousPage: Boolean! globalCount: Int! } enum OrderingMode { asc desc } enum FilterMode { and or } enum FilterOperator { eq not_eq lt lte gt gte match wildcard contains not_contains ends_with not_ends_with starts_with not_starts_with script nil not_nil search } # noinspection GraphQLSchemaValidation input FilterGroup { mode: FilterMode! filters: [Filter!]! filterGroups: [FilterGroup!]! } input Filter { key: [String!]! values: [Any!]! operator: FilterOperator mode: FilterMode } type RepresentativeWithId { id: String! value: String entity_type: String color: String } type FilterKeysSchema { entity_type: String! filters_schema: [FilterDefinitionSchema!]! } type FilterDefinitionSchema { filterKey: String! filterDefinition: FilterDefinition! } type FilterDefinition { filterKey: String! label: String! type: String! multiple: Boolean! subEntityTypes: [String!]! elementsForFilterValuesSearch: [String!]! subFilters: [FilterDefinition!] } ### EDIT enum EditOperation { add replace remove } input EditInput { key: String! # Field name to change object_path: String # Path to apply change (for complex object) value: [Any]! # Values to apply operation: EditOperation # Undefined = REPLACE } input EditContext { focusOn: String # Field name } type EditUserContext { name: String! focusOn: String # Field name } input DictionaryInput { key: String! value: String! } type Dictionary { key: String! value: String! } ### INFO """ Dependency information containing the name and the deployed version. """ type DependencyVersion { name: String! version: String! } """ NodeJs memory. https://nodejs.org/api/process.html#process_process_memoryusage https://nodejs.org/docs/latest-v11.x/api/v8.html#v8_v8_getheapstatistics """ type AppMemory { rss: Float heapTotal: Float heapUsed: Float external: Float arrayBuffers: Float total_heap_size: Float total_heap_size_executable: Float total_physical_size: Float total_available_size: Float used_heap_size: Float heap_size_limit: Float malloced_memory: Float peak_malloced_memory: Float does_zap_garbage: Float } input ExportContext { entity_id: String entity_type: String! } type AppDebugDistribution { label: String! value: Int } type AppDebugStatistics { objects: [AppDebugDistribution] relationships: [AppDebugDistribution] } """ Retrieve the application information version add dependencies """ type AppInfo { """ The OpenCTI application version """ version: String! @auth """ The OpenCTI api current memory usage """ memory: AppMemory @auth(for: [SETTINGS_SETPARAMETERS]) """ The list of OpenCTI software dependencies """ dependencies: [DependencyVersion!]! @auth(for: [SETTINGS_SETPARAMETERS]) """ The objects statistics """ debugStats: AppDebugStatistics @auth(for: [SETTINGS_SETPARAMETERS]) } ### STATS type AckDetails { rate: Float } type MessagesStats { ack: String ack_details: AckDetails } type QueueArguments { config: String } type QueueMetrics { name: String! arguments: QueueArguments messages: String messages_ready: String messages_unacknowledged: String consumers: String idle_since: DateTime message_stats: MessagesStats } type QueueTotals { messages: String messages_ready: String messages_unacknowledged: String } type ObjectTotals { channels: String consumers: String queues: String } type OverviewMetrics { object_totals: ObjectTotals queue_totals: QueueTotals message_stats: MessagesStats } type RabbitMQMetrics { consumers: String queues: [QueueMetrics] overview: OverviewMetrics } type SearchMetrics { query_total: String fetch_total: String } type IndexingMetrics { index_total: String delete_total: String } type GetMetrics { total: String } type DocsMetrics { count: String } type ElasticSearchMetrics { docs: DocsMetrics search: SearchMetrics get: GetMetrics indexing: IndexingMetrics } enum StatsOperation { count sum } type TimeSeries { date: DateTime! value: Int! } type MultiTimeSeries { data: [TimeSeries] } input AuditsTimeSeriesParameters { field: String! types: [String] filters: FilterGroup search: String } input StixCoreObjectsTimeSeriesParameters { field: String! types: [String] filters: FilterGroup search: String } input StixRelationshipsTimeSeriesParameters { field: String! fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup } input StixCoreRelationshipsTimeSeriesParameters { field: String! fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup } type Distribution { label: String! entity: StixObjectOrStixRelationshipOrCreator value: Int } type MultiDistribution { data: [Distribution] } input StixCoreObjectsDistributionParameters { objectId: String relationship_type: [String] toTypes: [String] types: [String] filters: FilterGroup search: String } input StixCoreRelationshipsDistributionParameters { field: String! fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup } type Number { total: Int! count: Int! } input StixCoreObjectsNumberParameters { types: [String] filters: FilterGroup search: String } type OpinionsMetrics { mean: Float min: Int max: Int total: Int } ### INTERFACES & TYPES ###### INTERNAL ############## Logs type LogsWorkerConfig { elasticsearch_url: [String]! elasticsearch_proxy: String elasticsearch_index: String! elasticsearch_username: String elasticsearch_password: String elasticsearch_api_key: String elasticsearch_ssl_reject_unauthorized: Boolean } enum LogsOrdering { event timestamp created_at event_type event_scope _score } type LogConnection { pageInfo: PageInfo! edges: [LogEdge] } type LogEdge { cursor: String! node: Log! } type ContextData { entity_id: String entity_name: String entity_type: String from_id: String to_id: String message: String! commit: String external_references: [ExternalReference!] } type Log { id: ID! entity_type: String event_type: String! event_scope: String event_status: String! timestamp: DateTime! user_id: String! user: Creator raw_data: String @auth(for: [SETTINGS_SECURITYACTIVITY]) context_uri: String context_data: ContextData } ############## Attributes enum AttributesOrdering { value _score } type AttributeConnection { pageInfo: PageInfo! edges: [AttributeEdge!]! } type AttributeEdge { cursor: String! node: Attribute! } type Attribute { id: ID! key: String! value: String! } input WorkErrorInput { error: String source: String } ############## Taxii type TaxiiCollection { id: ID! name: String description: String filters: String include_inferences: Boolean score_to_confidence: Boolean taxii_public: Boolean authorized_members: [MemberAccess!] @auth(for: [TAXIIAPI_SETCOLLECTIONS]) } type TaxiiCollectionConnection { pageInfo: PageInfo! edges: [TaxiiCollectionEdge]! } type TaxiiCollectionEdge { cursor: String! node: TaxiiCollection! } input TaxiiCollectionAddInput { name: String! @constraint(minLength: 2, format: "not-blank") description: String filters: String taxii_public: Boolean authorized_members: [MemberAccessInput!] include_inferences: Boolean score_to_confidence: Boolean } enum TaxiiCollectionOrdering { name id _score } type FeedMapping { type: String! attribute: String! } type FeedAttribute { attribute: String! mappings: [FeedMapping!]! } type Feed { id: ID! standard_id: ID! name: String! description: String filters: String separator: String! rolling_time: Int! feed_date_attribute: String include_header: Boolean! feed_types: [String!]! feed_attributes: [FeedAttribute!]! feed_public: Boolean authorized_members: [MemberAccess!] @auth(for: [TAXIIAPI]) } input FeedMappingInput { type: String! attribute: String! } input FeedAttributeMappingInput { attribute: String! mappings: [FeedMappingInput!]! } input FeedAddInput { name: String! @constraint(minLength: 2, format: "not-blank") description: String filters: String separator: String! feed_date_attribute: String! rolling_time: Int! include_header: Boolean! feed_types: [String!]! feed_public: Boolean feed_attributes: [FeedAttributeMappingInput!]! authorized_members: [MemberAccessInput!] } enum FeedOrdering { name rolling_time feed_types _score } type FeedEdge { cursor: String! node: Feed! } type FeedConnection { pageInfo: PageInfo! edges: [FeedEdge]! } ############## Stream type RemoteStreamCollection { id: ID! name: String description: String filters: String } type StreamCollection { id: ID! name: String description: String filters: String stream_live: Boolean stream_public: Boolean authorized_members: [MemberAccess!] @auth(for: [TAXIIAPI]) } type StreamCollectionConnection { pageInfo: PageInfo! edges: [StreamCollectionEdge!]! } type StreamCollectionEdge { cursor: String! node: StreamCollection! } input StreamCollectionAddInput { name: String! @constraint(minLength:2, format: "not-blank") description: String filters: String stream_live: Boolean stream_public: Boolean authorized_members: [MemberAccessInput!] } enum StreamCollectionOrdering { name stream_public id stream_live _score } ############## SubTypes enum SubTypesOrdering { label _score } type SubTypeConnection { pageInfo: PageInfo! edges: [SubTypeEdge!]! } type SubTypeEdge { cursor: String! node: SubType! } type SubType { id: ID! label: String! statuses: [Status!]! workflowEnabled: Boolean settings: EntitySetting # Simpler before moving workflow } ############## Statuses enum StatusTemplateOrdering { name _score } type StatusTemplate { id: ID! name: String! color: String! editContext: [EditUserContext!] usages: Int } type StatusTemplateConnection { pageInfo: PageInfo! edges: [StatusTemplateEdge] } type StatusTemplateEdge { cursor: String! node: StatusTemplate! } enum StatusOrdering { type order _score } type Status { id: ID! template_id: String! template: StatusTemplate type: String! order: Int! disabled: Boolean } type StatusConnection { pageInfo: PageInfo! edges: [StatusEdge!]! } type StatusEdge { cursor: String! node: Status! } input StatusAddInput { template_id: String! order: Int! } input StatusTemplateAddInput { name: String! @constraint(minLength:2, format: "not-blank") color: String! } ############## Sync enum SynchronizersOrdering { id name current_state_date running uri stream_id _score } type Synchronizer { id: ID! name: String! uri: String! token: String stream_id: String! user: Creator running: Boolean! current_state_date: DateTime listen_deletion: Boolean! no_dependencies: Boolean! ssl_verify: Boolean synchronized: Boolean queue_messages: Int! } type SynchronizerEdge { cursor: String! node: Synchronizer! } type SynchronizerConnection { pageInfo: PageInfo! edges: [SynchronizerEdge] } input SynchronizerAddInput { name: String! @constraint(minLength: 2, format: "not-blank") uri: String! @constraint(minLength: 2) token: String stream_id: String! @constraint(minLength: 2) user_id: String recover: DateTime current_state_date: DateTime listen_deletion: Boolean! no_dependencies: Boolean! ssl_verify: Boolean synchronized: Boolean } input SynchronizerFetchInput { uri: String! token: String ssl_verify: Boolean } ############## Files enum WorksOrdering { status timestamp _score } type WorkMessage { timestamp: DateTime message: String sequence: Int source: String } type WorkTracking { import_expected_number: Int import_last_processed: DateTime import_processed_number: Int } type Work { id: ID! name: String user: Creator connector: Connector timestamp: DateTime! status: State! event_source_id: String received_time: DateTime processed_time: DateTime completed_time: DateTime completed_number: Int messages: [WorkMessage] errors: [WorkMessage] tracking: WorkTracking } type WorkEdge { cursor: String! node: Work! } type WorkConnection { pageInfo: PageInfo! edges: [WorkEdge] } type FileMetadata { encoding: String mimetype: String version: String messages: [WorkMessage] errors: [WorkMessage] list_filters: String entity_id: String entity: StixObject labels_text: String labels: [String] file_markings: [String] creator_id: String external_reference_id: String creator: Creator description: String order: Int inCarousel: Boolean analysis_content_source: String analysis_content_type: String analysis_type: String } enum FileOrdering { _score name lastModified objectMarking } type File { id: ID! entity_type: String! name: String! size: Int lastModified: DateTime lastModifiedSinceMin: Int metaData: FileMetadata objectMarking: [MarkingDefinition!]! uploadStatus: State! works: [Work] } type FileEdge { cursor: String! node: File! } type FileConnection { pageInfo: PageInfo! edges: [FileEdge!]! } enum WidgetPerspective { entities relationships audits } type WidgetColumn { attribute: String! displayStyle: String label: String variableName: String } type WidgetDataSelection { label: String number: Int attribute: String date_attribute: String centerLat: Float centerLng: Float zoom: Float isTo: Boolean perspective: WidgetPerspective filters: String dynamicFrom: String dynamicTo: String columns: [WidgetColumn!] instance_id: String } type WidgetParameters { title: String description: String interval: String stacked: Boolean legend: Boolean distributed: Boolean } type WidgetLayout { w: Float h: Float x: Float y: Float i: Float moved: Boolean static: Boolean } type Widget { id: ID! type: String! perspective: WidgetPerspective dataSelection: [WidgetDataSelection!]! parameters: WidgetParameters layout: WidgetLayout } type Template { id: ID! name: String! description: String filters: String content: String! template_widgets_ids: [String!]! } type TemplateAndUtils { template: Template!, template_widgets: [Widget!]!, } type IndexedFile { id: ID! name: String! file_id: String! uploaded_at: DateTime! entity: StixObject searchOccurrences: Int } type IndexedFileEdge { cursor: String! node: IndexedFile! } type IndexedFileConnection { pageInfo: PageInfo! edges: [IndexedFileEdge] } type MetricsByMimeType { mimeType: String! count: Int! size: Float! } type FilesMetrics { globalCount: Int! globalSize: Float! metricsByMimeType: [MetricsByMimeType!] } type OpenCtiFile { id: ID! name: String! mime_type: String! description: String order: Int inCarousel: Boolean } ############## BackgroundTask enum BackgroundTaskType { QUERY LIST RULE } type BackgroundTaskError { id: ID! timestamp: DateTime message: String } enum BackgroundTaskScope { KNOWLEDGE USER SETTINGS IMPORT DASHBOARD PUBLIC_DASHBOARD INVESTIGATION } enum BackgroundTaskActionType { DELETE COMPLETE_DELETE RESTORE ADD REMOVE REPLACE MERGE ENRICHMENT PROMOTE RULE_ELEMENT_RESCAN SHARE UNSHARE SHARE_MULTIPLE UNSHARE_MULTIPLE } enum BackgroundTaskContextType { ATTRIBUTE RELATION REVERSED_RELATION } enum BackgroundTasksOrdering { id type completed created_at last_execution_date _score } type BackgroundTaskContext { field: String type: BackgroundTaskContextType values: [String]! } type BackgroundTaskAction { type: BackgroundTaskActionType context: BackgroundTaskContext } interface BackgroundTask { id: ID! type: BackgroundTaskType initiator: Creator actions: [BackgroundTaskAction] created_at: DateTime last_execution_date: DateTime completed: Boolean task_expected_number: Int task_processed_number: Int errors: [BackgroundTaskError] } type RuleTask implements BackgroundTask { id: ID! type: BackgroundTaskType initiator: Creator actions: [BackgroundTaskAction] created_at: DateTime last_execution_date: DateTime completed: Boolean task_expected_number: Int task_processed_number: Int errors: [BackgroundTaskError] # RuleTask rule: ID! enable: Boolean } type ListTask implements BackgroundTask { id: ID! type: BackgroundTaskType initiator: Creator actions: [BackgroundTaskAction] created_at: DateTime last_execution_date: DateTime completed: Boolean task_expected_number: Int task_processed_number: Int errors: [BackgroundTaskError] # QueryTask and ListTask scope: BackgroundTaskScope! authorized_members: [MemberAccess!], authorized_authorities: [String] # ListTask task_ids: [ID!] } type QueryTask implements BackgroundTask { id: ID! type: BackgroundTaskType initiator: Creator actions: [BackgroundTaskAction] created_at: DateTime last_execution_date: DateTime completed: Boolean task_expected_number: Int task_processed_number: Int errors: [BackgroundTaskError] # QueryTask and ListTask scope: BackgroundTaskScope! authorized_members: [MemberAccess!], authorized_authorities: [String] # QueryTask task_filters: String! task_search: String } type BackgroundTaskConnectionEdge { cursor: String! node: BackgroundTask! } type BackgroundTaskConnection { pageInfo: PageInfo! edges: [BackgroundTaskConnectionEdge] } input BackgroundTaskContextOptionsInput { includeNeighbours: Boolean } input BackgroundTaskContextInput { field: String type: BackgroundTaskContextType values: [String]! options: BackgroundTaskContextOptionsInput } input BackgroundTaskActionInput { containerId: String type: BackgroundTaskActionType! context: BackgroundTaskContextInput } input ListTaskAddInput { ids: [ID!] actions: [BackgroundTaskActionInput]! scope: BackgroundTaskScope! } input QueryTaskAddInput { filters: String search: String excluded_ids: [ID] actions: [BackgroundTaskActionInput]! scope: BackgroundTaskScope! } input RetentionRuleAddInput { name: String! @constraint(minLength:2, format: "not-blank") filters: String max_retention: Int! @constraint(min: 1) retention_unit: RetentionUnit scope: RetentionRuleScope! } enum RetentionRuleOrdering { name scope remaining_count last_execution_date max_retention _score } enum RetentionRuleScope { knowledge file workbench } enum RetentionUnit { minutes hours days } type RetentionRule { id: ID! standard_id: String! name: String! filters: String! max_retention: Int! retention_unit: RetentionUnit! last_execution_date: DateTime last_deleted_count: Int remaining_count: Int scope: RetentionRuleScope! } type RetentionRuleConnection { pageInfo: PageInfo! edges: [RetentionRuleEdge] } type RetentionRuleEdge { cursor: String! node: RetentionRule! } type RetentionRuleEditMutations { delete: ID fieldPatch(input: [EditInput]!): RetentionRule } ###### ENTITIES interface BasicObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! } ######## INTERNAL OBJECT ENTITIES interface InternalObject { # BasicObject id: ID! # internal_id! entity_type: String! } ############## Settings type Module { id: ID! enable: Boolean! running: Boolean! warning: Boolean } type Cluster { instances_number: Int! } type Provider { name: String! type: String strategy: String provider: String } type UserStatus { status: String! message: String! } input SettingsMessageInput { id: ID message: String! activated: Boolean! dismissible: Boolean! color: String recipients: [String!] } type SettingsMessage { id: ID! message: String! activated: Boolean! dismissible: Boolean! updated_at: DateTime! color: String recipients: [Member!] @auth(for: [SETTINGS_SETPARAMETERS]) } enum PlatformCriticalAlertType { GROUP_WITH_NULL_CONFIDENCE_LEVEL } type PlatformCriticalAlertDetails { groups: [Group!]! } type PlatformCriticalAlert { message: String! type: PlatformCriticalAlertType! details: PlatformCriticalAlertDetails } type PlatformProtectedSubConfig { enabled: Boolean! protected_ids: [String!]! } type PlatformProtectedSensitiveConfig { enabled: Boolean! markings: PlatformProtectedSubConfig! groups: PlatformProtectedSubConfig! roles: PlatformProtectedSubConfig! rules: PlatformProtectedSubConfig! ce_ee_toggle: PlatformProtectedSubConfig! file_indexing: PlatformProtectedSubConfig! platform_organization: PlatformProtectedSubConfig! } type Settings implements InternalObject & BasicObject { id: ID! standard_id: String! @auth entity_type: String! @auth parent_types: [String!]! @auth # Settings platform_organization: Organization platform_title: String platform_favicon: String platform_email: String @auth platform_cluster: Cluster! @auth platform_modules: [Module!] @auth platform_url: String platform_providers: [Provider!]! platform_user_statuses: [UserStatus!]! platform_language: String platform_theme: String platform_theme_dark_background: String platform_theme_dark_paper: String platform_theme_dark_nav: String platform_theme_dark_primary: String platform_theme_dark_secondary: String platform_theme_dark_accent: String platform_theme_dark_logo: String platform_theme_dark_logo_collapsed: String platform_theme_dark_logo_login: String platform_theme_light_background: String platform_theme_light_paper: String platform_theme_light_nav: String platform_theme_light_primary: String platform_theme_light_secondary: String platform_theme_light_accent: String platform_theme_light_logo: String platform_theme_light_logo_collapsed: String platform_theme_light_logo_login: String platform_map_tile_server_dark: String platform_map_tile_server_light: String platform_openbas_url: String platform_openbas_disable_display: Boolean platform_openerm_url: String platform_openmtd_url: String platform_ai_enabled: Boolean! platform_ai_type: String platform_ai_model: String platform_ai_has_token: Boolean! platform_login_message: String platform_consent_message: String platform_consent_confirm_text: String platform_banner_text: String platform_banner_level: String platform_session_idle_timeout: Int platform_session_timeout: Int platform_whitemark: Boolean platform_demo: Boolean platform_reference_attachment: Boolean @auth platform_feature_flags: [Module!] @auth platform_critical_alerts: [PlatformCriticalAlert!]! platform_trash_enabled: Boolean! platform_protected_sensitive_config: PlatformProtectedSensitiveConfig! @auth created_at: DateTime! @auth updated_at: DateTime! @auth enterprise_edition: DateTime activity_listeners: [Member!] @auth(for: [SETTINGS_SECURITYACTIVITY]) otp_mandatory: Boolean @auth password_policy_min_length: Int @auth password_policy_max_length: Int @auth password_policy_min_symbols: Int @auth password_policy_min_numbers: Int @auth password_policy_min_words: Int @auth password_policy_min_lowercase: Int @auth password_policy_min_uppercase: Int @auth platform_messages: [SettingsMessage!] @auth messages_administration: [SettingsMessage!] @auth(for: [SETTINGS_SETPARAMETERS]) analytics_google_analytics_v4: String @auth # Technical editContext: [EditUserContext!] @auth(for: [SETTINGS_SETPARAMETERS]) } ############## Groups enum GroupsOrdering { name default_assignation no_creators restrict_delete auto_new_marking created_at updated_at group_confidence_level _score } type GroupConnection { pageInfo: PageInfo! edges: [GroupEdge] } type GroupEdge { cursor: String! node: Group! } input DefaultMarkingInput { entity_type: String! values: [String!] } type DefaultMarking { entity_type: String values: [MarkingDefinition!] } type Group implements InternalObject & BasicObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # Group name: String! default_assignation: Boolean no_creators: Boolean restrict_delete: Boolean auto_new_marking: Boolean description: String default_dashboard: Workspace members( first: Int after: ID orderBy: UsersOrdering orderMode: OrderingMode search: String ): UserConnection @auth(for: [SETTINGS_SETACCESSES]) created_at: DateTime updated_at: DateTime roles(orderBy: RolesOrdering, orderMode: OrderingMode): RoleConnection allowed_marking: [MarkingDefinition!] default_marking: [DefaultMarking!] not_shareable_marking_types: [String!]! max_shareable_marking: [MarkingDefinition!]! default_hidden_types: [String!] group_confidence_level: ConfidenceLevel # Technical editContext: [EditUserContext!] } input GroupAddInput { name: String! @constraint(minLength: 2, format: "not-blank") description: String default_assignation: Boolean no_creators: Boolean restrict_delete: Boolean auto_new_marking: Boolean clientMutationId: String group_confidence_level: ConfidenceLevelInput! } ############## Users enum UnitSystem { auto Metric Imperial } enum UsersOrdering { name user_email firstname lastname language external created_at updated_at _score } type UserConnection { pageInfo: PageInfo! edges: [UserEdge!]! } type CreatorConnection { pageInfo: PageInfo! edges: [CreatorEdge] } type AssigneeConnection { pageInfo: PageInfo! edges: [AssigneeEdge!]! } type ParticipantConnection { pageInfo: PageInfo! edges: [ParticipantEdge!]! } type MemberConnection { pageInfo: PageInfo! edges: [MemberEdge!]! } type UserEdge { cursor: String! node: User! } type CreatorEdge { cursor: String! node: Creator! } type AssigneeEdge { cursor: String! node: Assignee! } type ParticipantEdge { cursor: String! node: Participant! } type MemberEdge { cursor: String! node: Member! } type Assignee { id: ID! # internal_id name: String! entity_type: String! } type Participant { id: ID! # internal_id name: String! entity_type: String! } type Member { id: ID! # internal_id name: String! entity_type: String! # entity_type == User effective_confidence_level: EffectiveConfidenceLevel # entity_type == Group group_confidence_level: ConfidenceLevel } type MemberAccess { id: ID! # internal_id name: String! entity_type: String! access_right: String! } input MemberAccessInput { id: ID! # internal_id access_right: String! } type OtpElement { secret: String! uri: String! } type Creator { id: ID! # internal_id name: String! entity_type: String! representative: Representative! } type ConfidenceLevel { max_confidence: Int overrides: [ConfidenceLevelOverride!]! } type ConfidenceLevelOverride { entity_type: String! max_confidence: Int! } type EffectiveConfidenceLevelOverride { entity_type: String! max_confidence: Int! source: EffectiveConfidenceLevelSource } type EffectiveConfidenceLevel { max_confidence: Int! overrides: [EffectiveConfidenceLevelOverride!]! source: EffectiveConfidenceLevelSource } type EffectiveConfidenceLevelSource { type: EffectiveConfidenceLevelSourceType! object: EffectiveConfidenceLevelSourceObject } enum EffectiveConfidenceLevelSourceType { User, Group, Bypass } union EffectiveConfidenceLevelSourceObject = Group | User type User implements BasicObject & InternalObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # User user_email: String! api_token: String! @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) personal_notifiers: [Notifier!] individual_id: String name: String! description: String firstname: String otp_activated: Boolean stateless_session: Boolean otp_qr: String otp_mandatory: Boolean lastname: String theme: String language: String external: Boolean roles( orderBy: RolesOrdering orderMode: OrderingMode ): [Role!]! capabilities: [Capability]! default_hidden_types: [String!]! user_confidence_level: ConfidenceLevel effective_confidence_level: EffectiveConfidenceLevel no_creators: Boolean restrict_delete: Boolean groups( orderBy: GroupsOrdering orderMode: OrderingMode ): GroupConnection @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) objectOrganization( orderBy: OrganizationsOrdering orderMode: OrderingMode ): OrganizationConnection @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) created_at: DateTime! updated_at: DateTime! sessions: [SessionDetail] @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) default_time_field: String account_status: String! @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) account_lock_after_date: DateTime @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) administrated_organizations: [Organization!]! unit_system: UnitSystem submenu_show_icons: Boolean submenu_auto_collapse: Boolean monochrome_labels: Boolean # Technical editContext: [EditUserContext!] } type MeUser implements BasicObject & InternalObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String!]! user_email: String! name: String! description: String firstname: String otp_activated: Boolean otp_qr: String lastname: String theme: String language: String external: Boolean individual_id: String api_token: String! personal_notifiers: [Notifier!] objectOrganization: MeOrganizationConnection capabilities: [Capability!]! default_hidden_types: [String]! user_confidence_level: ConfidenceLevel effective_confidence_level: EffectiveConfidenceLevel no_creators: Boolean restrict_delete: Boolean allowed_marking: [MarkingDefinition!] default_marking: [DefaultMarking!] max_shareable_marking: [MarkingDefinition!] otp_mandatory: Boolean groups( orderBy: GroupsOrdering orderMode: OrderingMode ): GroupConnection default_dashboards: [Workspace!]! default_dashboard: Workspace default_time_field: String account_status: String! account_lock_after_date: DateTime administrated_organizations: [Organization!]! unit_system: UnitSystem submenu_show_icons: Boolean submenu_auto_collapse: Boolean monochrome_labels: Boolean can_manage_sensitive_config: Boolean draftContext: DraftWorkspace } type SessionDetail { id: ID! created: DateTime ttl: Int originalMaxAge: Int } type UserSession { user: Creator sessions: [SessionDetail] } input UserAddInput { user_email: String! @constraint(minLength: 5, format: "email") name: String! @constraint(minLength: 2, format: "not-blank") password: String! firstname: String lastname: String description: String language: String theme: String objectOrganization: [ID!] account_status: String account_lock_after_date: DateTime unit_system: String submenu_show_icons: Boolean submenu_auto_collapse: Boolean monochrome_labels: Boolean groups: [ID!] user_confidence_level: ConfidenceLevelInput } input ConfidenceLevelInput { max_confidence: Int overrides: [ConfidenceLevelOverrideInput!]! } input ConfidenceLevelOverrideInput { entity_type: String! max_confidence: Int! } input UserLoginInput { email: String! password: String! } input UserOTPLoginInput { code: String! } input UserOTPActivationInput { secret: String! code: String! } ############## Roles enum RolesOrdering { name created_at updated_at _score } type RoleConnection { pageInfo: PageInfo! edges: [RoleEdge!] } type RoleEdge { cursor: String! node: Role! } type Role implements BasicObject & InternalObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # Role name: String! description: String created_at: DateTime! updated_at: DateTime! capabilities: [Capability] editContext: [EditUserContext!] can_manage_sensitive_config: Boolean } input RoleAddInput { name: String! @constraint(minLength: 2, format: "not-blank") description: String clientMutationId: String } ############## Capabilities type CapabilityConnection { pageInfo: PageInfo! edges: [CapabilityEdge] } type CapabilityEdge { cursor: String! node: Capability! } type Capability implements BasicObject & InternalObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # Capability name: String! description: String attribute_order: Int created_at: DateTime! updated_at: DateTime! # Technical editContext: [EditUserContext!] } ############## Connectors enum ConnectorType { EXTERNAL_IMPORT INTERNAL_IMPORT_FILE INTERNAL_ENRICHMENT INTERNAL_ANALYSIS INTERNAL_EXPORT_FILE STREAM } input ExportAskInput { format: String! exportType: String! contentMaxMarkings: [String] fileMarkings: [String] } input StixCoreObjectsExportAskInput { format: String! exportType: String! contentMaxMarkings: [String] fileMarkings: [String] search: String exportContext: ExportContext orderBy: StixCoreObjectsOrdering orderMode: OrderingMode filters: FilterGroup selectedIds: [String] } input StixCoreRelationshipsExportAskInput { format: String! exportType: String! contentMaxMarkings: [String] fileMarkings: [String] exportContext: ExportContext search: String orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode selectedIds: [String] fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] filters: FilterGroup } input StixCyberObservablesExportAskInput { format: String! exportType: String! exportContext: ExportContext contentMaxMarkings: [String] fileMarkings: [String] search: String orderBy: StixCyberObservablesOrdering orderMode: OrderingMode filters: FilterGroup selectedIds: [String] } input RegisterConnectorInput { id: ID! name: String! @constraint(minLength:2, format: "not-blank") type: ConnectorType! scope: [String!] auto: Boolean only_contextual: Boolean playbook_compatible: Boolean } type RabbitMQConnection { host: String! vhost: String! use_ssl: Boolean! port: Int! user: String! pass: String! } input ConnectorInfoInput { run_and_terminate: Boolean! buffering: Boolean! queue_threshold: Float! queue_messages_size: Float! next_run_datetime: DateTime last_run_datetime: DateTime } type ConnectorInfo { run_and_terminate: Boolean! buffering: Boolean! queue_threshold: Float! queue_messages_size: Float! next_run_datetime: DateTime last_run_datetime: DateTime } type ConnectorConfig { connection: RabbitMQConnection! @auth(for: [CONNECTORAPI]) listen: String! listen_routing: String! listen_exchange: String! push: String! push_routing: String! push_exchange: String! } type ConnectorMetadata { configuration: String! } type ConnectorConfiguration { id: ID! name: String! configuration: String! } type ConnectorQueueDetails { messages_number: Float! messages_size: Float! } type Connector implements BasicObject & InternalObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # Connector name: String! active: Boolean auto: Boolean only_contextual: Boolean playbook_compatible: Boolean connector_trigger_filters: String connector_type: String connector_scope: [String!] connector_state: String connector_schema: String connector_schema_ui: String connector_state_reset: Boolean connector_user_id: ID connector_user: User connector_queue_details: ConnectorQueueDetails! connector_info: ConnectorInfo updated_at: DateTime created_at: DateTime config: ConnectorConfig works(status: String): [Work] ## Built in Connector built_in: Boolean configurations: [ConnectorConfiguration!] } ############## Rules type RuleExecutionError { timestamp: DateTime source: String error: String } type RuleManager { id: ID! # internal_id activated: Boolean! lastEventId: String errors: [RuleExecutionError] } type DisplayStep { source: String source_color: String relation: String target: String target_color: String identifier: String identifier_color: String action: String } type Display { if: [DisplayStep] then: [DisplayStep] } type Rule { id: ID! # internal_id name: String! description: String! activated: Boolean! category: String display: Display } ######## STIX OBJECT ENTITIES type InferenceAttribute { field: String! value: String! } type Inference { rule: Rule! explanation: [StixObjectOrStixRelationship]! attributes: [InferenceAttribute] } enum DraftOperation { create update delete } type DraftVersion { draft_id: String! draft_operation: DraftOperation! } interface StixObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # Technical creators: [Creator!] # inferences x_opencti_inferences: [Inference] } ######## STIX META OBJECT ENTITIES enum StixMetaObjectsOrdering { entity_type created modified spec_version created_at updated_at _score } type StixMetaObjectConnection { pageInfo: PageInfo! edges: [StixMetaObjectEdge] } type StixMetaObjectEdge { cursor: String! node: StixMetaObject! } interface StixMetaObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixMetaObject created: DateTime modified: DateTime } ############## MarkingDefinitions enum MarkingDefinitionsOrdering { definition_type definition x_opencti_order x_opencti_color created modified created_at updated_at _score } type MarkingDefinitionConnection { pageInfo: PageInfo! edges: [MarkingDefinitionEdge!]! } type MarkingDefinitionEdge { cursor: String! node: MarkingDefinition! } type MarkingDefinition implements BasicObject & StixObject & StixMetaObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixMetaObject created: DateTime modified: DateTime # MarkingDefinition definition_type: String definition: String x_opencti_order: Int! x_opencti_color: String # Technical creators: [Creator!] toStix: String editContext: [EditUserContext!] } input MarkingDefinitionAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] definition_type: String! definition: String! x_opencti_order: Int! x_opencti_color: String created: DateTime modified: DateTime clientMutationId: String update: Boolean } type MarkingDefinitionShort { id: ID! # internal_id standard_id: String! entity_type: String! representative: Representative definition_type: String definition: String x_opencti_order: Int! x_opencti_color: String } ############## Labels enum LabelsOrdering { value color created modified created_at updated_at _score } type LabelConnection { pageInfo: PageInfo! edges: [LabelEdge!]! } type LabelEdge { cursor: String! node: Label! } type Label implements BasicObject & StixObject & StixMetaObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixMetaObject created: DateTime modified: DateTime # MarkingDefinition value: String color: String # Technical creators: [Creator!] toStix: String editContext: [EditUserContext!] } input LabelAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] value: String! color: String created: DateTime modified: DateTime clientMutationId: String update: Boolean } ############## ExternalReferences enum ExternalReferencesOrdering { source_name url hash external_id created modified created_at updated_at creator _score } type ExternalReferenceConnection { pageInfo: PageInfo! edges: [ExternalReferenceEdge!]! } type ExternalReferenceEdge { cursor: String! node: ExternalReference! } type ExternalReference implements BasicObject & StixObject & StixMetaObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixMetaObject created: DateTime modified: DateTime # ExternalReference source_name: String! description: String url: String hash: String external_id: String references(types: [String]): StixObjectOrStixRelationshipConnection fileId: String # Technical creators: [Creator!] importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection! pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection! exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input ExternalReferenceAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] source_name: String! @constraint(minLength: 2, format: "not-blank") description: String url: String hash: String file: Upload external_id: String created: DateTime modified: DateTime clientMutationId: String update: Boolean } ############## KillChainPhases enum KillChainPhasesOrdering { x_opencti_order kill_chain_name phase_name created modified created_at updated_at _score } type KillChainPhaseConnection { pageInfo: PageInfo! edges: [KillChainPhaseEdge!]! } type KillChainPhaseEdge { cursor: String! node: KillChainPhase! } type KillChainPhase implements BasicObject & StixObject & StixMetaObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixMetaObject created: DateTime modified: DateTime # KillChainPhase kill_chain_name: String! phase_name: String! x_opencti_order: Int # Technical creators: [Creator!] editContext: [EditUserContext!] } input KillChainPhaseAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] kill_chain_name: String! phase_name: String! x_opencti_order: Int! created: DateTime modified: DateTime clientMutationId: String update: Boolean } ######## STIX CORE OBJECT ENTITIES type Representative { main: String! secondary: String } enum StixCoreObjectsOrdering { name entity_type created modified created_at updated_at start_time stop_time published valid_from valid_until first_seen last_seen indicator_pattern x_opencti_workflow_id createdBy creator objectMarking observable_value subject value opinions_metrics_mean opinions_metrics_min opinions_metrics_max opinions_metrics_total _score } type StixCoreObjectConnection { pageInfo: PageInfo! edges: [StixCoreObjectEdge!]! } type StixCoreObjectEdge { cursor: String! node: StixCoreObject! } union OrganizationOrIndividual = Organization | Individual interface StixCoreObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] opinions_metrics: OpinionsMetrics } ########## STIX DOMAIN OBJECT ENTITIES enum StixDomainObjectsOrdering { name entity_type created modified created_at updated_at published valid_from valid_until indicator_pattern x_opencti_workflow_id createdBy creator objectMarking _score first_seen last_seen attribute_count x_opencti_negative confidence first_observed last_observed number_observed incident_type severity priority rating context attribute_abstract opinion pattern_type report_types note_types channel_types x_opencti_base_severity event_types x_opencti_organization_type submitted product result_name operatingSystem x_opencti_cvss_base_severity } type StixDomainObjectConnection { pageInfo: PageInfo! edges: [StixDomainObjectEdge] } type StixDomainObjectEdge { cursor: String! node: StixDomainObject! } interface StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input StixDomainObjectAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String confidence: Int pattern_type: String context: String pattern: String aliases: [String] x_opencti_aliases: [String] type: String! createdBy: String objectMarking: [String] objectLabel: [String] killChainPhases: [String] externalReferences: [String] objects: [String] clientMutationId: String created: DateTime modified: DateTime update: Boolean } ############## AttackPatterns enum AttackPatternsOrdering { x_mitre_id name created modified created_at updated_at x_opencti_workflow_id _score } type AttackPatternConnection { pageInfo: PageInfo! edges: [AttackPatternEdge!]! } type AttackPatternEdge { cursor: String! node: AttackPattern! } type AttackPattern implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # AttackPattern name: String! description: String aliases: [String] x_mitre_platforms: [String!] x_mitre_permissions_required: [String] x_mitre_detection: String x_mitre_id: String killChainPhases: [KillChainPhase!] coursesOfAction( first: Int after: ID orderBy: CoursesOfActionOrdering orderMode: OrderingMode filters: FilterGroup search: String ): CourseOfActionConnection parentAttackPatterns( first: Int after: ID orderBy: AttackPatternsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): AttackPatternConnection subAttackPatterns( first: Int after: ID orderBy: AttackPatternsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): AttackPatternConnection isSubAttackPattern: Boolean dataComponents: DataComponentConnection # TODO paginate ? is this API used ? # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input AttackPatternAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String aliases: [String] revoked: Boolean lang: String confidence: Int x_mitre_platforms: [String!] x_mitre_permissions_required: [String] x_mitre_detection: String x_mitre_id: String createdBy: String objectMarking: [String] objectOrganization: [String] objectLabel: [String] killChainPhases: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } type AttackPatternForMatrix { attack_pattern_id: String! name: String! description: String x_mitre_id: String subAttackPatternsIds: [String!] subAttackPatternsSearchText: String killChainPhasesIds: [String!] } type AttackPatternsByKillChain { kill_chain_id: String! kill_chain_name: String! phase_name: String! x_opencti_order: Int! attackPatterns: [AttackPatternForMatrix!] } type AttackPatternsMatrix { attackPatternsOfPhases: [AttackPatternsByKillChain!] } ############## Campaigns enum CampaignsOrdering { name first_seen last_seen role_played created modified created_at updated_at objectMarking x_opencti_workflow_id confidence _score } type CampaignConnection { pageInfo: PageInfo! edges: [CampaignEdge] } type CampaignEdge { cursor: String! node: Campaign! } type Campaign implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Campaign name: String! description: String aliases: [String] first_seen: DateTime last_seen: DateTime objective: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input CampaignAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String aliases: [String] revoked: Boolean lang: String confidence: Int first_seen: DateTime last_seen: DateTime objective: String createdBy: String objectMarking: [String] objectAssignee: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Containers enum ContainersOrdering { name published created modified created_at updated_at createdBy objectMarking x_opencti_workflow_id creator entity_type _score } type ContainerConnection { pageInfo: PageInfo! edges: [ContainerEdge] } type ContainerEdge { cursor: String! node: Container! } interface Container { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] avatar: OpenCtiFile # Container authorized_members: [MemberAccess!] currentUserAccessRight: String objects( first: Int after: ID orderBy: StixObjectOrStixRelationshipsOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] all: Boolean ): StixObjectOrStixRelationshipRefConnection relatedContainers( first: Int after: ID orderBy: ContainersOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] viaTypes: [String] ): ContainerConnection contentsFromTemplate( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection templates: [Template!] templateAndUtils( templateId: String! ): TemplateAndUtils # Technical creators: [Creator!] workflowEnabled: Boolean status: Status } ################ Notes enum NotesOrdering { attribute_abstract created modified created_at updated_at createdBy x_opencti_workflow_id objectMarking note_types creator _score } type NoteConnection { pageInfo: PageInfo! edges: [NoteEdge!]! } type NoteEdge { cursor: String! node: Note! } type Note implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Container authorized_members: [MemberAccess!] currentUserAccessRight: String objects( first: Int after: ID orderBy: StixObjectOrStixRelationshipsOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] all: Boolean ): StixObjectOrStixRelationshipRefConnection relatedContainers( first: Int after: ID orderBy: ContainersOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] viaTypes: [String] ): ContainerConnection # Note attribute_abstract: String content: String! authors: [String] note_types: [String] likelihood: Int # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection contentsFromTemplate( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection templates: [Template!] templateAndUtils( templateId: String! ): TemplateAndUtils exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input NoteAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] attribute_abstract: String content: String! @constraint(minLength: 2) authors: [String] note_types: [String] likelihood: Int revoked: Boolean lang: String createdBy: String confidence: Int objectMarking: [String] objectLabel: [String] objectOrganization: [String] externalReferences: [String] objects: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } input NoteUserAddInput { stix_id: String x_opencti_stix_ids: [String] attribute_abstract: String content: String! @constraint(minLength: 2) note_types: [String] likelihood: Int revoked: Boolean lang: String confidence: Int objectMarking: [String] objectLabel: [String] objectOrganization: [String] externalReferences: [String] objects: [String] created: DateTime modified: DateTime clientMutationId: String update: Boolean } ################ ObservedDatas enum ObservedDatasOrdering { first_observed last_observed number_observed created modified created_at updated_at createdBy x_opencti_workflow_id objectMarking confidence _score } type ObservedDataConnection { pageInfo: PageInfo! edges: [ObservedDataEdge] } type ObservedDataEdge { cursor: String! node: ObservedData! } type ObservedData implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Container authorized_members: [MemberAccess!] currentUserAccessRight: String objects( first: Int after: ID orderBy: StixObjectOrStixRelationshipsOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] all: Boolean ): StixObjectOrStixRelationshipRefConnection relatedContainers( first: Int after: ID orderBy: ContainersOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] viaTypes: [String] ): ContainerConnection # ObservedData first_observed: DateTime! last_observed: DateTime! number_observed: Int! name: String! # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection contentsFromTemplate( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection templates: [Template!] templateAndUtils( templateId: String! ): TemplateAndUtils exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input ObservedDataAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] first_observed: DateTime! last_observed: DateTime! number_observed: Int! revoked: Boolean lang: String confidence: Int createdBy: String objectMarking: [String] objectLabel: [String] objectOrganization: [String] externalReferences: [String] objects: [String]! created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ################ Opinions enum OpinionsOrdering { opinion created modified created_at updated_at createdBy objectMarking x_opencti_workflow_id confidence creator _score } type OpinionConnection { pageInfo: PageInfo! edges: [OpinionEdge] } type OpinionEdge { cursor: String! node: Opinion! } type Opinion implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Container authorized_members: [MemberAccess!] currentUserAccessRight: String objects( first: Int after: ID orderBy: StixObjectOrStixRelationshipsOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] all: Boolean ): StixObjectOrStixRelationshipRefConnection relatedContainers( first: Int after: ID orderBy: ContainersOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] viaTypes: [String] ): ContainerConnection # Opinion explanation: String authors: [String] opinion: String! # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection contentsFromTemplate( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection templates: [Template!] templateAndUtils( templateId: String! ): TemplateAndUtils exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input OpinionAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] opinion: String! @constraint(minLength: 2) explanation: String authors: [String] revoked: Boolean lang: String confidence: Int createdBy: String objectMarking: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] objects: [String] created: DateTime modified: DateTime update: Boolean x_opencti_workflow_id: String clientMutationId: String file: Upload } input OpinionUserAddInput { stix_id: String x_opencti_stix_ids: [String] opinion: String! explanation: String authors: [String] revoked: Boolean lang: String confidence: Int objectMarking: [String] objectLabel: [String] objectOrganization: [String] externalReferences: [String] objects: [String] created: DateTime modified: DateTime update: Boolean clientMutationId: String } ################ Reports enum ReportsOrdering { name created modified published created_at updated_at createdBy creator objectMarking report_types x_opencti_workflow_id _score } type ReportConnection { pageInfo: PageInfo! edges: [ReportEdge] } type ReportEdge { cursor: String! node: Report! } type Report implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Container { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] avatar: OpenCtiFile # Container authorized_members: [MemberAccess!] currentUserAccessRight: String objects( first: Int after: ID orderBy: StixObjectOrStixRelationshipsOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] all: Boolean ): StixObjectOrStixRelationshipRefConnection relatedContainers( first: Int after: ID orderBy: ContainersOrdering orderMode: OrderingMode filters: FilterGroup search: String types: [String] viaTypes: [String] ): ContainerConnection # Report name: String! description: String content: String content_mapping: String report_types: [String] x_opencti_reliability: String published: DateTime objectParticipant: [Participant!] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection contentsFromTemplate( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection templates: [Template!] templateAndUtils( templateId: String! ): TemplateAndUtils exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean deleteWithElementsCount: Int @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) } input ReportAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String content: String content_mapping: String published: DateTime! report_types: [String] x_opencti_reliability: String revoked: Boolean lang: String confidence: Int createdBy: String objectOrganization: [String] objectMarking: [String] objectAssignee: [String] objectParticipant: [String] objectLabel: [String] externalReferences: [String] objects: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## CoursesOfAction enum CoursesOfActionOrdering { name created modified created_at updated_at x_opencti_workflow_id objectMarking x_mitre_id _score } type CourseOfActionConnection { pageInfo: PageInfo! edges: [CourseOfActionEdge] } type CourseOfActionEdge { cursor: String! node: CourseOfAction! } type CourseOfAction implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # CourseOfAction name: String! description: String x_opencti_aliases: [String] x_mitre_id: String x_opencti_threat_hunting: String x_opencti_log_sources: [String] attackPatterns: AttackPatternConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input CourseOfActionAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String x_opencti_aliases: [String] x_mitre_id: String confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Identities enum IdentitiesOrdering { name created modified created_at updated_at x_opencti_workflow_id _score } type IdentityConnection { pageInfo: PageInfo! edges: [IdentityEdge] } type IdentityEdge { cursor: String! node: Identity! } enum IdentityType { Sector Organization Individual System } interface Identity { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] avatar: OpenCtiFile # Identity identity_class: String! name: String! description: String roles: [String] contact_information: String x_opencti_aliases: [String] x_opencti_reliability: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input IdentityAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] type: IdentityType! name: String! @constraint(minLength: 2, format: "not-blank") description: String contact_information: String roles: [String] x_opencti_aliases: [String] confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectLabel: [String] externalReferences: [String] x_opencti_workflow_id: String clientMutationId: String created: DateTime modified: DateTime update: Boolean } ################ Individuals enum IndividualsOrdering { name firstname lastname created modified x_opencti_workflow_id objectMarking _score } type IndividualConnection { pageInfo: PageInfo! edges: [IndividualEdge] } type IndividualEdge { cursor: String! node: Individual! } type Individual implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Identity { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Identity identity_class: String! name: String! description: String contact_information: String roles: [String] x_opencti_aliases: [String] x_opencti_reliability: String # Individual x_opencti_firstname: String x_opencti_lastname: String organizations: OrganizationConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean isUser: Boolean @auth(for: [KNOWLEDGE, EXPLORE]) } input IndividualAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String contact_information: String roles: [String] x_opencti_aliases: [String] x_opencti_firstname: String x_opencti_lastname: String x_opencti_reliability: String confidence: Int revoked: Boolean lang: String createdBy: String objectOrganization: [String] objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ################ Sectors enum SectorsOrdering { name created modified created_at updated_at x_opencti_workflow_id objectMarking _score } type SectorConnection { pageInfo: PageInfo! edges: [SectorEdge] } type SectorEdge { cursor: String! types: [String] node: Sector! } type Sector implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Identity { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Identity identity_class: String! name: String! description: String contact_information: String roles: [String] x_opencti_aliases: [String] x_opencti_reliability: String # Sector parentSectors: SectorConnection subSectors: SectorConnection isSubSector: Boolean targetedOrganizations: StixCoreRelationshipConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input SectorAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String contact_information: String roles: [String] x_opencti_aliases: [String] confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ################ Systems enum SystemsOrdering { name confidence firstname lastname created modified x_opencti_workflow_id _score } type SystemConnection { pageInfo: PageInfo! edges: [SystemEdge] } type SystemEdge { cursor: String! node: System! } type System implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Identity { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Identity identity_class: String! name: String! description: String contact_information: String roles: [String] x_opencti_aliases: [String] x_opencti_reliability: String # System x_opencti_firstname: String x_opencti_lastname: String organizations: OrganizationConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input SystemAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String contact_information: String roles: [String] x_opencti_aliases: [String] x_opencti_firstname: String x_opencti_lastname: String x_opencti_reliability: String confidence: Int revoked: Boolean lang: String createdBy: String objectOrganization: [String] objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Infrastructures enum InfrastructuresOrdering { name infrastructure_types first_seen last_seen created modified created_at updated_at x_opencti_workflow_id confidence createdBy objectMarking creator _score } type InfrastructureConnection { pageInfo: PageInfo! edges: [InfrastructureEdge] } type InfrastructureEdge { cursor: String! node: Infrastructure! } type Infrastructure implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Infrastructure name: String! aliases: [String] description: String infrastructure_types: [String] first_seen: DateTime last_seen: DateTime killChainPhases: [KillChainPhase!] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input InfrastructureAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String aliases: [String] infrastructure_types: [String] first_seen: DateTime last_seen: DateTime confidence: Int revoked: Boolean lang: String createdBy: String objectOrganization: [String] objectMarking: [String] objectLabel: [String] externalReferences: [String] killChainPhases: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## IntrusionSets enum IntrusionSetsOrdering { name created modified created_at updated_at x_opencti_workflow_id resource_level primary_motivation confidence _score objectMarking } type IntrusionSetConnection { pageInfo: PageInfo! edges: [IntrusionSetEdge] } type IntrusionSetEdge { cursor: String! node: IntrusionSet! } type IntrusionSet implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # IntrusionSet name: String! description: String aliases: [String] first_seen: DateTime last_seen: DateTime goals: [String] resource_level: String primary_motivation: String secondary_motivations: [String] locations: LocationConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input IntrusionSetAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String aliases: [String] first_seen: DateTime last_seen: DateTime goals: [String] resource_level: String primary_motivation: String secondary_motivations: [String] confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectAssignee: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] x_opencti_workflow_id: String created: DateTime modified: DateTime clientMutationId: String update: Boolean file: Upload } ############## Locations enum LocationsOrdering { name latitude longitude created modified created_at updated_at x_opencti_workflow_id _score } type LocationConnection { pageInfo: PageInfo! edges: [LocationEdge] } type LocationEdge { cursor: String! types: [String] node: Location! } interface Location { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] avatar: OpenCtiFile # Location name: String! description: String latitude: Float longitude: Float precision: Float x_opencti_aliases: [String] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input LocationAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] type: String! name: String! @constraint(minLength: 2, format: "not-blank") description: String latitude: Float longitude: Float precision: Float x_opencti_aliases: [String] confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectLabel: [String] externalReferences: [String] clientMutationId: String created: DateTime modified: DateTime x_opencti_workflow_id: String update: Boolean } ################ Positions enum PositionsOrdering { name postal_address postal_code created modified created_at updated_at x_opencti_workflow_id _score } type PositionConnection { pageInfo: PageInfo! edges: [PositionEdge] } type PositionEdge { cursor: String! node: Position! } type Position implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Location name: String! description: String latitude: Float longitude: Float precision: Float x_opencti_aliases: [String] # Position street_address: String postal_code: String city: City # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input PositionAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String latitude: Float longitude: Float precision: Float street_address: String postal_code: String confidence: Int revoked: Boolean lang: String x_opencti_aliases: [String] createdBy: String objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ################ Cities enum CitiesOrdering { name aliases created modified created_at updated_at objectMarking objectLabel x_opencti_workflow_id _score } type CityConnection { pageInfo: PageInfo! edges: [CityEdge] } type CityEdge { cursor: String! node: City! } type City implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Location name: String! description: String latitude: Float longitude: Float precision: Float x_opencti_aliases: [String] # City country: Country administrativeArea: AdministrativeArea # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input CityAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String latitude: Float longitude: Float precision: Float confidence: Int revoked: Boolean lang: String x_opencti_aliases: [String] createdBy: String objectOrganization: [String] objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } enum CountriesOrdering { name created modified created_at updated_at x_opencti_workflow_id _score } type CountryConnection { pageInfo: PageInfo! edges: [CountryEdge!]! } type CountryEdge { cursor: String! node: Country! } type Country implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Location name: String! description: String latitude: Float longitude: Float precision: Float x_opencti_aliases: [String] # Country region: Region # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input CountryAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String latitude: Float longitude: Float precision: Float confidence: Int revoked: Boolean lang: String x_opencti_aliases: [String] createdBy: String objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ################ Regions enum RegionsOrdering { name created modified created_at updated_at x_opencti_workflow_id _score } type RegionConnection { pageInfo: PageInfo! edges: [RegionEdge] } type RegionEdge { cursor: String! node: Region! } type Region implements BasicObject & StixObject & StixCoreObject & StixDomainObject & Location { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Location name: String! description: String latitude: Float longitude: Float precision: Float x_opencti_aliases: [String] # Region parentRegions: RegionConnection subRegions: RegionConnection countries: CountryConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input RegionAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String latitude: Float longitude: Float precision: Float confidence: Int revoked: Boolean lang: String x_opencti_aliases: [String] createdBy: String objectMarking: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Malware enum MalwaresOrdering { name malware_types first_seen last_seen created modified created_at updated_at objectMarking objectLabel x_opencti_workflow_id is_family confidence _score } type MalwareConnection { pageInfo: PageInfo! edges: [MalwareEdge] } type MalwareEdge { cursor: String! node: Malware! } type Malware implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Malware name: String! description: String aliases: [String] malware_types: [String] is_family: Boolean first_seen: DateTime last_seen: DateTime architecture_execution_envs: [String] implementation_languages: [String] capabilities: [String] killChainPhases: [KillChainPhase!] samples: [StixCyberObservable!] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input MalwareAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String malware_types: [String] aliases: [String] is_family: Boolean first_seen: DateTime last_seen: DateTime architecture_execution_envs: [String] implementation_languages: [String] capabilities: [String] confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectAssignee: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] killChainPhases: [String] samples: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## ThreatActorsGroup enum ThreatActorsOrdering { name created modified created_at updated_at x_opencti_workflow_id confidence sophistication resource_level _score threat_actor_types objectMarking } type ThreatActorGroupConnection { pageInfo: PageInfo! edges: [ThreatActorGroupEdge] } type ThreatActorGroupEdge { cursor: String! node: ThreatActorGroup! } interface ThreatActor implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # ThreatActorGroup name: String! description: String aliases: [String] threat_actor_types: [String] first_seen: DateTime last_seen: DateTime roles: [String] goals: [String] sophistication: String resource_level: String primary_motivation: String secondary_motivations: [String] personal_motivations: [String] locations: LocationConnection countries: CountryConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } type ThreatActorEdge { cursor: String! node: ThreatActor! } type ThreatActorConnection { pageInfo: PageInfo! edges: [ThreatActorEdge] } type ThreatActorGroup implements BasicObject & StixObject & StixCoreObject & StixDomainObject & ThreatActor { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # ThreatActorGroup name: String! description: String aliases: [String] threat_actor_types: [String] first_seen: DateTime last_seen: DateTime roles: [String] goals: [String] sophistication: String resource_level: String primary_motivation: String secondary_motivations: [String] personal_motivations: [String] locations: LocationConnection countries: CountryConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input ThreatActorGroupAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String aliases: [String] threat_actor_types: [String] first_seen: DateTime last_seen: DateTime roles: [String] goals: [String] sophistication: String resource_level: String primary_motivation: String secondary_motivations: [String] personal_motivations: [String] confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectOrganization: [String] objectAssignee: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Tools enum ToolsOrdering { name created modified created_at updated_at x_opencti_workflow_id confidence _score } type ToolConnection { pageInfo: PageInfo! edges: [ToolEdge] } type ToolEdge { cursor: String! node: Tool! } type Tool implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Tool name: String! description: String aliases: [String] tool_types: [String] tool_version: String killChainPhases: [KillChainPhase!] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input ToolAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String aliases: [String] tool_types: [String] tool_version: String confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] killChainPhases: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Vulnerabilities enum VulnerabilitiesOrdering { name x_opencti_cvss_base_score x_opencti_cvss_base_severity x_opencti_cvss_attack_vector created modified created_at updated_at x_opencti_workflow_id creator confidence _score } type VulnerabilityConnection { pageInfo: PageInfo! edges: [VulnerabilityEdge] } type VulnerabilityEdge { cursor: String! node: Vulnerability! } type Vulnerability implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] objectParticipant: [Participant!] avatar: OpenCtiFile # Vulnerability name: String! description: String x_opencti_aliases: [String] x_opencti_cvss_base_score: Float x_opencti_cvss_base_severity: String x_opencti_cvss_attack_vector: String x_opencti_cvss_integrity_impact: String x_opencti_cvss_availability_impact: String x_opencti_cvss_confidentiality_impact: String x_opencti_cisa_kev: Boolean x_opencti_epss_score: Float x_opencti_epss_percentile: Float softwares(first: Int, after: ID, orderBy: StixCyberObservablesOrdering, orderMode: OrderingMode): StixCyberObservableConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input VulnerabilityAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String x_opencti_aliases: [String] x_opencti_cvss_base_score: Float x_opencti_cvss_base_severity: String x_opencti_cvss_attack_vector: String x_opencti_cvss_integrity_impact: String x_opencti_cvss_availability_impact: String x_opencti_cvss_confidentiality_impact: String x_opencti_cisa_kev: Boolean x_opencti_epss_score: Float x_opencti_epss_percentile: Float confidence: Int revoked: Boolean lang: String createdBy: String objectMarking: [String] objectOrganization: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ############## Incident enum IncidentsOrdering { name first_seen last_seen incident_type severity source created modified created_at updated_at x_opencti_workflow_id objectMarking confidence objectAssignee creator _score } type IncidentConnection { pageInfo: PageInfo! edges: [IncidentEdge] } type IncidentEdge { cursor: String! node: Incident! } type Incident implements BasicObject & StixObject & StixCoreObject & StixDomainObject { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixDomainObject revoked: Boolean! confidence: Int lang: String created: DateTime modified: DateTime x_opencti_graph_data: String objectAssignee: [Assignee!] avatar: OpenCtiFile # Incident name: String! description: String aliases: [String] first_seen: DateTime last_seen: DateTime objective: String incident_type: String severity: String source: String objectParticipant: [Participant!] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] status: Status workflowEnabled: Boolean } input IncidentAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] name: String! @constraint(minLength: 2, format: "not-blank") description: String confidence: Int revoked: Boolean lang: String objective: String first_seen: DateTime last_seen: DateTime aliases: [String] incident_type: String severity: String source: String createdBy: String objectOrganization: [String] objectMarking: [String] objectAssignee: [String] objectParticipant: [String] objectLabel: [String] externalReferences: [String] created: DateTime modified: DateTime x_opencti_workflow_id: String clientMutationId: String update: Boolean file: Upload } ######## STIX CYBER OBSERVABLES ENTITIES enum StixCyberObservablesOrdering { entity_type created_at updated_at observable_value objectMarking createdBy creator _score } type StixCyberObservableConnection { pageInfo: PageInfo! edges: [StixCyberObservableEdge!]! } type StixCyberObservableEdge { cursor: String! node: StixCyberObservable! } interface StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } type AutonomousSystem implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # AutonomousSystem number: Int name: String rir: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input AutonomousSystemAddInput { number: Int! name: String rir: String file: Upload } type Directory implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Directory path: String! path_enc: String ctime: DateTime mtime: DateTime atime: DateTime # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input DirectoryAddInput { path: String! path_enc: String ctime: DateTime mtime: DateTime atime: DateTime file: Upload } type DomainName implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable observable_value: String! x_opencti_score: Int x_opencti_description: String indicators(first: Int): IndicatorConnection # DomainName value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input DomainNameAddInput { value: String! file: Upload } type EmailAddr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # EmailAddr value: String display_name: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input EmailAddrAddInput { value: String display_name: String file: Upload } type EmailMessage implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # EmailMessage is_multipart: Boolean attribute_date: DateTime content_type: String message_id: String subject: String received_lines: [String] body: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input EmailMessageAddInput { is_multipart: Boolean attribute_date: DateTime content_type: String message_id: String subject: String received_lines: [String] body: String file: Upload } type EmailMimePartType implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # EmailMimePartType body: String content_type: String content_disposition: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input EmailMimePartTypeAddInput { body: String content_type: String content_disposition: String file: Upload } ############## HashedObservable input HashInput { algorithm: String! @constraint(minLength: 3) hash: String! @constraint(minLength: 5) } type Hash { algorithm: String! hash: String } type StixFileEdge { cursor: String! node: StixFile! } type StixFileConnection { pageInfo: PageInfo! edges: [StixFileEdge] } interface HashedObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # HashedObservable hashes: [Hash] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } type Artifact implements BasicObject & StixObject & StixCoreObject & StixCyberObservable & HashedObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # HashedObservable hashes: [Hash] # Artifact mime_type: String payload_bin: String url: String encryption_algorithm: String decryption_key: String x_opencti_additional_names: [String] # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input ArtifactAddInput { hashes: [HashInput] mime_type: String payload_bin: String url: String encryption_algorithm: String decryption_key: String x_opencti_additional_names: [String] file: Upload } type StixFile implements BasicObject & StixObject & StixCoreObject & StixCyberObservable & HashedObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # HashedObservable hashes: [Hash] # File extensions: String size: Int name: String name_enc: String magic_number_hex: String mime_type: String ctime: DateTime mtime: DateTime atime: DateTime x_opencti_additional_names: [String] obsContent: Artifact # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input StixFileAddInput { hashes: [HashInput] size: Int name: String name_enc: String magic_number_hex: String mime_type: String ctime: DateTime mtime: DateTime atime: DateTime x_opencti_additional_names: [String] obsContent: ID file: Upload } type X509Certificate implements BasicObject & StixObject & StixCoreObject & StixCyberObservable & HashedObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # HashedObservable hashes: [Hash] # X509Certificate is_self_signed: Boolean version: String serial_number: String signature_algorithm: String issuer: String subject: String subject_public_key_algorithm: String subject_public_key_modulus: String subject_public_key_exponent: Int validity_not_before: DateTime validity_not_after: DateTime # X509V3ExtensionsType basic_constraints: String name_constraints: String policy_constraints: String key_usage: String extended_key_usage: String subject_key_identifier: String authority_key_identifier: String subject_alternative_name: String issuer_alternative_name: String subject_directory_attributes: String crl_distribution_points: String inhibit_any_policy: String private_key_usage_period_not_before: DateTime private_key_usage_period_not_after: DateTime certificate_policies: String policy_mappings: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input X509CertificateAddInput { hashes: [HashInput] is_self_signed: Boolean version: String serial_number: String signature_algorithm: String issuer: String subject: String subject_public_key_algorithm: String subject_public_key_modulus: String subject_public_key_exponent: Int validity_not_before: DateTime validity_not_after: DateTime # X509V3ExtensionsType basic_constraints: String name_constraints: String policy_constraints: String key_usage: String extended_key_usage: String subject_key_identifier: String authority_key_identifier: String subject_alternative_name: String issuer_alternative_name: String subject_directory_attributes: String crl_distribution_points: String inhibit_any_policy: String private_key_usage_period_not_before: DateTime private_key_usage_period_not_after: DateTime certificate_policies: String policy_mappings: String file: Upload } type IPv4Addr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # IPv4Addr value: String countries: CountryConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input IPv4AddrAddInput { value: String belongsTo: [String] resolvesTo: [String] file: Upload } type IPv6Addr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # IPv4Addr value: String countries: CountryConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input IPv6AddrAddInput { value: String file: Upload } type MacAddr implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # MacAddr value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input MacAddrAddInput { value: String file: Upload } type Mutex implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Mutex name: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input MutexAddInput { name: String file: Upload } type NetworkTraffic implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # NetworkTraffic extensions: String start: DateTime end: DateTime is_active: Boolean src_port: Int dst_port: Int protocols: [String] src_byte_count: Int dst_byte_count: Int src_packets: Int dst_packets: Int # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input NetworkTrafficAddInput { start: DateTime end: DateTime is_active: Boolean networkSrc: String networkDst: String src_port: Int dst_port: Int protocols: [String] src_byte_count: Int dst_byte_count: Int src_packets: Int dst_packets: Int file: Upload } type Process implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Process extensions: String is_hidden: Boolean pid: Int created_time: DateTime cwd: String command_line: String environment_variables: [String] ## windows-process-ext aslr_enabled: Boolean dep_enabled: Boolean priority: String owner_sid: String window_title: String startup_info: [Dictionary] integrity_level: String ## windows-service-ext service_name: String descriptions: [String] display_name: String group_name: String start_type: String serviceDlls: StixFileConnection service_type: String service_status: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input ProcessAddInput { is_hidden: Boolean pid: Int created_time: DateTime cwd: String x_opencti_description: String command_line: String! environment_variables: [String] ## windows-process-ext aslr_enabled: Boolean dep_enabled: Boolean priority: String owner_sid: String window_title: String startup_info: [DictionaryInput] integrity_level: String # windows-integrity-level-enum ## windows-service-ext service_name: String descriptions: [String] display_name: String group_name: String start_type: String # windows-service-start-type-enum serviceDlls: [String] # service_dll_refs service_type: String # windows-service-type-enum service_status: String # windows-service-status-enum file: Upload } type Software implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Software name: String cpe: String swid: String languages: [String] vendor: String version: String vulnerabilities: VulnerabilityConnection # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } type SoftwareConnection { pageInfo: PageInfo! edges: [SoftwareEdge!]! } type SoftwareEdge { cursor: String! node: Software! } input SoftwareAddInput { name: String cpe: String swid: String languages: [String] vendor: String version: String file: Upload } type Url implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Url value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input UrlAddInput { value: String file: Upload } type UserAccount implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # UserAccount extensions: String user_id: String credential: String account_login: String account_type: String display_name: String is_service_account: Boolean is_privileged: Boolean can_escalate_privs: Boolean is_disabled: Boolean account_created: DateTime account_expires: DateTime credential_last_changed: DateTime account_first_login: DateTime account_last_login: DateTime # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input UserAccountAddInput { user_id: String credential: String account_login: String account_type: String display_name: String is_service_account: Boolean is_privileged: Boolean can_escalate_privs: Boolean is_disabled: Boolean account_created: DateTime account_expires: DateTime credential_last_changed: DateTime account_first_login: DateTime account_last_login: DateTime file: Upload } type WindowsRegistryKey implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # WindowsRegistryKey attribute_key: String modified_time: DateTime number_of_subkeys: Int # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input WindowsRegistryKeyAddInput { attribute_key: String modified_time: DateTime file: Upload number_of_subkeys: Int } type WindowsRegistryValueType implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # WindowsRegistryKey name: String data: String data_type: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input WindowsRegistryValueTypeAddInput { name: String data: String data_type: String file: Upload } type CryptographicKey implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # CryptographicKey value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input CryptographicKeyAddInput { value: String file: Upload } type CryptocurrencyWallet implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # CryptocurrencyWallet value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input CryptocurrencyWalletAddInput { value: String file: Upload } type Hostname implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Hostname value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input HostnameAddInput { value: String file: Upload } type Text implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Text value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input TextAddInput { value: String file: Upload } type UserAgent implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # UserAgent value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input UserAgentAddInput { value: String file: Upload } type BankAccount implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # BankAccount iban: String bic: String account_number: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input BankAccountAddInput { iban: String bic: String account_number: String file: Upload } type TrackingNumber implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!], elementId: [String]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup filterMode: FilterMode ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup filterMode: FilterMode search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup filterMode: FilterMode ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # TrackingNumber value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input TrackingNumberAddInput { value: String file: Upload } type Credential implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!], elementId: [String]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup filterMode: FilterMode ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup filterMode: FilterMode search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup filterMode: FilterMode ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Credential value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input CredentialAddInput { value: String file: Upload } type PhoneNumber implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # PhoneNumber value: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input PhoneNumberAddInput { value: String file: Upload } type PaymentCard implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectOrganization: [Organization!] objectLabel: [Label!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # CreditCard card_number: String expiration_date: DateTime cvv: Int holder_name: String # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input PaymentCardAddInput { card_number: String! expiration_date: DateTime cvv: Int holder_name: String file: Upload } type MediaContent implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectLabel: [Label!] objectOrganization: [Organization!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # MediaContent title: String description: String content: String media_category: String url: String publication_date: DateTime # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input MediaContentAddInput { title: String content: String media_category: String url: String! publication_date: DateTime file: Upload } type Persona implements BasicObject & StixObject & StixCoreObject & StixCyberObservable { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! # StixObject representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! spec_version: String! created_at: DateTime! updated_at: DateTime! draftVersion: DraftVersion # inferences x_opencti_inferences: [Inference] # StixCoreObject createdBy: Identity numberOfConnectedElement: Int! objectMarking: [MarkingDefinition!] objectLabel: [Label!] objectOrganization: [Organization!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection observedData(first: Int): ObservedDataConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection stixCoreObjectsDistribution( relationship_type: [String] toTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinions_metrics: OpinionsMetrics # StixCyberObservable x_opencti_score: Int x_opencti_description: String observable_value: String! indicators(first: Int): IndicatorConnection # Persona persona_name: String! persona_type: String! # Technical creators: [Creator!] toStix: String importFiles( first: Int prefixMimeType: String after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection exportFiles(first: Int): FileConnection editContext: [EditUserContext!] connectors(onlyAlive: Boolean): [Connector] jobs(first: Int): [Work] } input PersonaAddInput { persona_name: String! @constraint(minLength: 2, format: "not-blank") persona_type: String! } ###### RELATIONSHIPS interface BasicRelationship { id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! fromRole: String toRole: String created_at: DateTime! updated_at: DateTime! # Technical creators: [Creator!] } ######## INTERNAL RELATIONSHIPS type InternalRelationship implements BasicRelationship { # BasicRelationship id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! fromRole: String toRole: String created_at: DateTime! updated_at: DateTime! # InternalRelationship from: InternalObject to: InternalObject # Technical creators: [Creator!] } input InternalRelationshipAddInput { relationship_type: String! # Will be checked by code fromId: ID toId: ID } ######## STIX RELATIONSHIPS enum StixObjectOrStixRelationshipsOrdering { name entity_type created_at updated_at createdBy objectMarking objectLabel observable_value start_time created modified relationship_type creator _score } type StixObjectOrStixRelationshipConnection { pageInfo: PageInfo! edges: [StixObjectOrStixRelationshipEdge] } type StixObjectOrStixRelationshipRefConnection { pageInfo: PageInfo! edges: [StixObjectOrStixRelationshipRefEdge] } type StixObjectOrStixRelationshipEdge { cursor: String! node: StixObjectOrStixRelationship! } type StixObjectOrStixRelationshipRefEdge { cursor: String! types: [String]! node: StixObjectOrStixRelationship! } union StixObjectOrStixRelationshipOrCreator = MarkingDefinition | Label | KillChainPhase | ExternalReference | AttackPattern | Campaign | Channel | Event | Narrative | Note | ObservedData | Opinion | Report | Grouping | CourseOfAction | Individual | Organization | Sector | System | Indicator | Infrastructure | IntrusionSet | Language | City | AdministrativeArea | Country | Region | Position | Malware | MalwareAnalysis | ThreatActorGroup | ThreatActorIndividual | Tool | Vulnerability | Incident | AutonomousSystem | Directory | DomainName | EmailAddr | EmailMessage | EmailMimePartType | Artifact | StixFile | X509Certificate | IPv4Addr | IPv6Addr | MacAddr | Mutex | NetworkTraffic | Process | Software | Url | UserAccount | WindowsRegistryKey | WindowsRegistryValueType | CryptographicKey | CryptocurrencyWallet | Hostname | Text | UserAgent | BankAccount | Credential | TrackingNumber | PhoneNumber | PaymentCard | MediaContent | Persona | StixCoreRelationship | StixSightingRelationship | StixRefRelationship | Task | DataComponent | DataSource | CaseIncident | CaseRfi | CaseRft | Feedback | CaseTemplate | EntitySetting | ManagerConfiguration | Creator | Group | Workspace | CsvMapper | Status | PublicDashboard union StixObjectOrStixRelationship = MarkingDefinition | Label | KillChainPhase | ExternalReference | AttackPattern | Campaign | Channel | Event | Narrative | Note | ObservedData | Opinion | Report | Grouping | CourseOfAction | Individual | Organization | Sector | System | Indicator | Infrastructure | IntrusionSet | Language | City | AdministrativeArea | Country | Region | Position | Malware | MalwareAnalysis | ThreatActorGroup | ThreatActorIndividual | Tool | Vulnerability | Incident | AutonomousSystem | Directory | DomainName | EmailAddr | EmailMessage | EmailMimePartType | Artifact | StixFile | X509Certificate | IPv4Addr | IPv6Addr | MacAddr | Mutex | NetworkTraffic | Process | Software | Url | UserAccount | WindowsRegistryKey | WindowsRegistryValueType | CryptographicKey | CryptocurrencyWallet | Hostname | Text | UserAgent | BankAccount | Credential | TrackingNumber | PhoneNumber | PaymentCard | MediaContent | Persona | StixCoreRelationship | StixSightingRelationship | StixRefRelationship | DataComponent | DataSource | CaseIncident | CaseRfi | CaseRft | Feedback | CaseTemplate | Task | EntitySetting | ManagerConfiguration | Workspace | CsvMapper | PublicDashboard union StixCoreObjectOrStixCoreRelationship = #### Stix Core Objects ## Stix Domain Objects AttackPattern | Campaign | Channel | Event | Note | ObservedData | Opinion | Report | Grouping | CourseOfAction | Individual | Organization | Sector | Indicator | Infrastructure | IntrusionSet | Language | City | AdministrativeArea | Country | Region | Position | Malware | MalwareAnalysis | Narrative | ThreatActorGroup | ThreatActorIndividual | Tool | Vulnerability | Incident ## Six Cyber Observables | AutonomousSystem | Directory | DomainName | EmailAddr | EmailMessage | EmailMimePartType | Artifact | StixFile | X509Certificate | IPv4Addr | IPv6Addr | MacAddr | Mutex | NetworkTraffic | Process | Software | Url | UserAccount | WindowsRegistryKey | WindowsRegistryValueType | CryptographicKey | CryptocurrencyWallet | Hostname | Text | UserAgent | BankAccount | Credential | TrackingNumber | PhoneNumber | PaymentCard | MediaContent | Persona | StixCoreRelationship | DataComponent | DataSource | CaseIncident | CaseRfi | CaseRft | Feedback | CaseTemplate | Task | EntitySetting | ManagerConfiguration | Workspace | PublicDashboard enum StixRelationshipsOrdering { entity_type relationship_type confidence start_time stop_time created modified created_at updated_at objectMarking objectLabel killChainPhase toName toValidFrom toValidUntil toObservableValue toPatternType x_opencti_workflow_id createdBy creator _score } type StixRelationshipConnection { pageInfo: PageInfo! edges: [StixRelationshipEdge] } type StixRelationshipEdge { cursor: String! node: StixRelationship! } interface StixRelationship { # BasicRelationship id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! fromRole: String toRole: String created_at: DateTime! updated_at: DateTime! # StixRelationship representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! from: StixObjectOrStixRelationshipOrCreator to: StixObjectOrStixRelationshipOrCreator x_opencti_inferences: [Inference] spec_version: String! created: DateTime modified: DateTime confidence: Int relationship_type: String! createdBy: Identity objectMarking: [MarkingDefinition!] toStix: String draftVersion: DraftVersion # Technical creators: [Creator!] } type StixRelationshipSchema { key: String! values: [String!]! } type StixRelationshipRefSchemaValue { name: String! toTypes: [String!]! } type StixRelationshipRefSchema { key: String! values: [StixRelationshipRefSchemaValue!]! } ############## StixCoreRelationships enum StixCoreRelationshipsOrdering { entity_type relationship_type confidence start_time stop_time created modified created_at updated_at objectMarking objectLabel killChainPhase toName toValidFrom toValidUntil toObservableValue toPatternType x_opencti_workflow_id createdBy creator _score } type StixCoreRelationshipConnection { pageInfo: PageInfo! edges: [StixCoreRelationshipEdge!]! } type StixCoreRelationshipEdge { cursor: String! node: StixCoreRelationship! } type StixCoreRelationship implements BasicRelationship & StixRelationship { # BasicRelationship id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! fromRole: String toRole: String created_at: DateTime! updated_at: DateTime! # StixRelationship representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! from: StixObjectOrStixRelationshipOrCreator fromId: String! fromType: String! to: StixObjectOrStixRelationshipOrCreator toId: String! toType: String! x_opencti_inferences: [Inference] spec_version: String! created: DateTime modified: DateTime confidence: Int relationship_type: String! createdBy: Identity objectMarking: [MarkingDefinition!] draftVersion: DraftVersion # StixCoreRelationship description: String start_time: DateTime stop_time: DateTime revoked: Boolean! lang: String objectLabel: [Label!] objectOrganization: [Organization!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: String startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime confidences: [Int] search: String filters: FilterGroup ): StixCoreRelationshipConnection killChainPhases: [KillChainPhase!] # Technical creators: [Creator!] toStix: String editContext: [EditUserContext!] status: Status workflowEnabled: Boolean } input StixCoreRelationshipAddInput { # StixRelationship stix_id: StixId x_opencti_stix_ids: [StixId] fromId: StixRef! toId: StixRef! created: DateTime modified: DateTime confidence: Int relationship_type: String! createdBy: String objectMarking: [String] # StixCoreRelationship description: String start_time: DateTime stop_time: DateTime revoked: Boolean lang: String objectLabel: [String] objectOrganization: [String] externalReferences: [String] killChainPhases: [String] x_opencti_workflow_id: String clientMutationId: String update: Boolean } ############## StixSightingRelationships enum StixSightingRelationshipsOrdering { confidence x_opencti_negative first_seen last_seen created modified created_at updated_at objectMarking objectLabel toName toValidFrom toValidUntil toPatternType toCreatedAt attribute_count x_opencti_workflow_id _score } type StixSightingRelationshipConnection { pageInfo: PageInfo! edges: [StixSightingRelationshipsEdge] } type StixSightingRelationshipsEdge { cursor: String! node: StixSightingRelationship! } type StixSightingRelationship implements BasicRelationship & StixRelationship { # BasicRelationship id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! fromRole: String toRole: String created_at: DateTime! updated_at: DateTime! # StixRelationship representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! from: StixObjectOrStixRelationshipOrCreator fromId: String! fromType: String! to: StixObjectOrStixRelationshipOrCreator toId: String! toType: String! x_opencti_inferences: [Inference] spec_version: String! created: DateTime modified: DateTime confidence: Int relationship_type: String! createdBy: Identity objectMarking: [MarkingDefinition!] draftVersion: DraftVersion # StixSightingRelationship description: String first_seen: DateTime last_seen: DateTime attribute_count: Int! x_opencti_negative: Boolean! objectLabel: [Label!] objectOrganization: [Organization!] externalReferences(first: Int): ExternalReferenceConnection containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection reports(first: Int): ReportConnection notes(first: Int): NoteConnection opinions(first: Int): OpinionConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection # Technical creators: [Creator!] toStix: String editContext: [EditUserContext!] status: Status workflowEnabled: Boolean } input StixSightingRelationshipAddInput { # StixRelationship stix_id: StixId x_opencti_stix_ids: [StixId] fromId: StixRef! toId: StixRef! created: DateTime modified: DateTime confidence: Int createdBy: String objectMarking: [String] # StixSightingRelationship description: String first_seen: DateTime last_seen: DateTime attribute_count: Int! x_opencti_negative: Boolean objectLabel: [String] objectOrganization: [String] externalReferences: [String] clientMutationId: String update: Boolean x_opencti_workflow_id: String } ############## StixRefRelationships enum StixRefRelationshipsOrdering { relationship_type entity_type confidence start_time stop_time created modified created_at updated_at toName toValidFrom toValidUntil toPatternType toCreatedAt _score } type StixRefRelationshipConnection { pageInfo: PageInfo! edges: [StixRefRelationshipEdge] } type StixRefRelationshipEdge { cursor: String! node: StixRefRelationship! } type StixRefRelationship implements BasicRelationship & StixRelationship { # BasicRelationship id: ID! # internal_id standard_id: String! entity_type: String! parent_types: [String]! fromRole: String toRole: String created_at: DateTime! updated_at: DateTime! # StixRelationship representative: Representative! x_opencti_stix_ids: [StixId] is_inferred: Boolean! from: StixObjectOrStixRelationshipOrCreator to: StixObjectOrStixRelationshipOrCreator x_opencti_inferences: [Inference] spec_version: String! created: DateTime modified: DateTime confidence: Int relationship_type: String! createdBy: Identity objectMarking: [MarkingDefinition!] draftVersion: DraftVersion # StixRefRelationship start_time: DateTime stop_time: DateTime datable: Boolean containersNumber: Number containers(first: Int, entityTypes: [String!]): ContainerConnection notes(first: Int): NoteConnection reports(first: Int): ReportConnection opinions(first: Int): OpinionConnection groupings(first: Int): GroupingConnection cases(first: Int): CaseConnection toStix: String # Technical creators: [Creator!] editContext: [EditUserContext!] } type DefinitionRefRelationship { entity: StixObjectOrStixRelationshipOrCreator! from: [String!] to: [String!] } # Mutations input StixRefRelationshipAddInput { stix_id: StixId x_opencti_stix_ids: [StixId] fromId: StixRef toId: StixRef relationship_type: String! confidence: Int createdBy: String start_time: DateTime stop_time: DateTime objectMarking: [String] objectLabel: [String] created: DateTime modified: DateTime clientMutationId: String update: Boolean file: Upload } input StixRefRelationshipsAddInput { relationship_type: String! fromIds: [StixRef] toIds: [StixRef!]! } ### QUERIES type Query { stix(id: String!): String @auth(for: [KNOWLEDGE]) enrichmentConnectors(type: String!): [Connector] @auth(for: [MODULES]) ###### INTERNAL about: AppInfo @auth logsWorkerConfig: LogsWorkerConfig @auth(for: [CONNECTORAPI]) rabbitMQMetrics(prefix: String): RabbitMQMetrics @auth(for: [MODULES]) elasticSearchMetrics: ElasticSearchMetrics @auth(for: [MODULES]) logs( first: Int after: ID orderBy: LogsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): LogConnection @auth(for: [KNOWLEDGE, SETTINGS_SETACCESSES]) audits( first: Int after: ID types: [String!] orderBy: LogsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): LogConnection @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, VIRTUAL_ORGANIZATION_ADMIN]) auditsNumber( dateAttribute: String types: [String] startDate: DateTime endDate: DateTime onlyInferred: Boolean filters: FilterGroup search: String ): Number @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, VIRTUAL_ORGANIZATION_ADMIN]) auditsTimeSeries( field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! types: [String] filters: FilterGroup search: String ): [TimeSeries] @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, VIRTUAL_ORGANIZATION_ADMIN]) auditsDistribution( field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, VIRTUAL_ORGANIZATION_ADMIN]) auditsMultiTimeSeries( operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean timeSeriesParameters: [AuditsTimeSeriesParameters] ): [MultiTimeSeries] @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, VIRTUAL_ORGANIZATION_ADMIN]) subType(id: String!): SubType @auth(for: [KNOWLEDGE, SETTINGS_SETCUSTOMIZATION]) subTypes( first: Int after: ID orderBy: SubTypesOrdering orderMode: OrderingMode type: String includeParents: Boolean search: String ): SubTypeConnection! @auth file(id: String!): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) importFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection @auth(for: [KNOWLEDGE_KNASKIMPORT]) pendingFiles( first: Int after: ID orderBy: FileOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FileConnection @auth(for: [KNOWLEDGE_KNASKIMPORT]) filesMetrics: FilesMetrics @auth(for: [SETTINGS_FILEINDEXING]) ######## INDEXED FILES indexedFiles(first: Int, after: ID, search: String): IndexedFileConnection @auth(for: [KNOWLEDGE]) indexedFilesCount(search: String): Int @auth(for: [KNOWLEDGE]) indexedFilesMetrics: FilesMetrics @auth(for: [SETTINGS_FILEINDEXING]) ###### ENTITIES ######## INTERNAL OBJECT ENTITIES settings: Settings! @public # Some inner information are public group(id: String!): Group @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) groups(first: Int, after: ID, orderBy: GroupsOrdering, orderMode: OrderingMode, search: String, filters: FilterGroup): GroupConnection @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, VIRTUAL_ORGANIZATION_ADMIN]) roles(first: Int, after: ID, orderBy: RolesOrdering, orderMode: OrderingMode, search: String): RoleConnection @auth(for: [SETTINGS_SETACCESSES]) me: MeUser! @auth otpGeneration: OtpElement @auth user(id: String!): User @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) creators(entityTypes: [String!]): CreatorConnection @auth(for: [KNOWLEDGE]) assignees(entityTypes: [String!]): AssigneeConnection @auth(for: [KNOWLEDGE]) participants(entityTypes: [String!]): ParticipantConnection @auth(for: [KNOWLEDGE]) members( first: Int, search: String, filters: FilterGroup, filterMode: FilterMode, entityTypes: [MemberType!] ): MemberConnection @auth(for: [KNOWLEDGE_KNUPDATE, EXPLORE_EXUPDATE, CONNECTORAPI, SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, SETTINGS_SETCUSTOMIZATION, INGESTION_SETINGESTIONS]) systemMembers: MemberConnection @auth(for: [KNOWLEDGE_KNUPDATE, EXPLORE_EXUPDATE, CONNECTORAPI, SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY, SETTINGS_SETCUSTOMIZATION, INGESTION_SETINGESTIONS]) users( first: Int after: ID orderBy: UsersOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): UserConnection @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) sessions: [UserSession] @auth(for: [SETTINGS_SETACCESSES]) role(id: String!): Role @auth(for: [SETTINGS_SETACCESSES]) capabilities(first: Int): CapabilityConnection @auth(for: [SETTINGS_SETACCESSES]) connector(id: String!): Connector @auth(for: [MODULES]) connectors: [Connector!] @auth(for: [MODULES]) connectorsForWorker: [Connector] @auth(for: [MODULES]) connectorsForExport: [Connector] @auth(for: [KNOWLEDGE]) connectorsForImport: [Connector] @auth(for: [KNOWLEDGE]) connectorsForAnalysis: [Connector] @auth(for: [KNOWLEDGE]) connectorsForNotification: [Connector] @auth(for: [SETTINGS_SETACCESSES, SETTINGS_SETCUSTOMIZATION]) work(id: ID!): Work @auth(for: [MODULES]) works( first: Int after: ID orderBy: WorksOrdering orderMode: OrderingMode search: String filters: FilterGroup ): WorkConnection @auth(for: [MODULES]) runtimeAttributes( first: Int search: String orderMode: OrderingMode attributeName: String! ): AttributeConnection @auth(for: [KNOWLEDGE]) schemaAttributeNames(elementType: [String]!) : AttributeConnection @auth(for: [KNOWLEDGE, TAXIIAPI_SETCOLLECTIONS]) retentionRule(id: String!): RetentionRule @auth(for: [SETTINGS_SETCUSTOMIZATION]) retentionRules( first: Int, after: ID, search: String, orderBy: RetentionRuleOrdering orderMode: OrderingMode ): RetentionRuleConnection @auth(for: [SETTINGS_SETCUSTOMIZATION]) taxiiCollection(id: String!): TaxiiCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) taxiiCollections( first: Int after: ID orderBy: TaxiiCollectionOrdering orderMode: OrderingMode search: String filters: FilterGroup ): TaxiiCollectionConnection @public # Code protected streamCollection(id: String!): StreamCollection @auth(for: [TAXIIAPI]) feed(id: String!): Feed @auth(for: [TAXIIAPI]) feeds( first: Int after: ID orderBy: FeedOrdering orderMode: OrderingMode search: String filters: FilterGroup ): FeedConnection @public # Code protected streamCollections( first: Int after: ID orderBy: StreamCollectionOrdering orderMode: OrderingMode search: String filters: FilterGroup ): StreamCollectionConnection! @public # Code protected statusTemplate(id: String!): StatusTemplate @auth statusTemplates( first: Int after: ID orderBy: StatusTemplateOrdering orderMode: OrderingMode search: String ): StatusTemplateConnection @auth status(id: String!): Status @auth statuses( first: Int after: ID orderBy: StatusOrdering orderMode: OrderingMode filters: FilterGroup search: String ): StatusConnection @auth backgroundTask(id: String!): BackgroundTask @auth(for: [KNOWLEDGE]) backgroundTasks( first: Int after: ID orderBy: BackgroundTasksOrdering orderMode: OrderingMode includeAuthorities: Boolean filters: FilterGroup search: String ): BackgroundTaskConnection @auth(for: [KNOWLEDGE, SETTINGS_SETCUSTOMIZATION]) rule(id: String!): Rule @auth(for: [KNOWLEDGE]) rules: [Rule] @auth(for: [KNOWLEDGE, SETTINGS_SETCUSTOMIZATION]) ruleManagerInfo: RuleManager @auth(for: [SETTINGS_SETCUSTOMIZATION]) synchronizer(id: String!): Synchronizer @auth(for: [INGESTION]) synchronizers( first: Int after: ID orderBy: SynchronizersOrdering orderMode: OrderingMode search: String ): SynchronizerConnection @auth(for: [INGESTION]) synchronizerFetch(input: SynchronizerFetchInput): [RemoteStreamCollection] @auth(for: [INGESTION]) ######## STIX OBJECT ENTITIES ######## STIX META OBJECT ENTITIES stixMetaObject(id: String!): StixMetaObject @auth(for: [KNOWLEDGE]) stixMetaObjects( first: Int after: ID types: [String] orderBy: StixMetaObjectsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): StixMetaObjectConnection @auth(for: [KNOWLEDGE]) markingDefinition(id: String!): MarkingDefinition @auth(for: [KNOWLEDGE, SETTINGS_SETMARKINGS]) markingDefinitions( first: Int after: ID orderBy: MarkingDefinitionsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): MarkingDefinitionConnection @auth(for: [KNOWLEDGE, SETTINGS_SETACCESSES, SETTINGS_SETMARKINGS]) label(id: String!): Label @auth(for: [KNOWLEDGE, SETTINGS_SETLABELS]) labels( first: Int after: ID orderBy: LabelsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): LabelConnection @auth(for: [KNOWLEDGE, SETTINGS_SETLABELS]) externalReference(id: String!): ExternalReference @auth(for: [KNOWLEDGE]) externalReferences( first: Int after: ID orderBy: ExternalReferencesOrdering orderMode: OrderingMode filters: FilterGroup search: String ): ExternalReferenceConnection @auth(for: [KNOWLEDGE]) killChainPhase(id: String!): KillChainPhase @auth(for: [KNOWLEDGE, SETTINGS_SETLABELS]) killChainPhases( first: Int after: ID orderBy: KillChainPhasesOrdering orderMode: OrderingMode filters: FilterGroup search: String ): KillChainPhaseConnection @auth(for: [KNOWLEDGE, SETTINGS_SETLABELS]) ######## STIX CORE OBJECT ENTITIES stixCoreObjectRaw(id: String!): String @auth(for: [KNOWLEDGE]) stixCoreObject(id: String!): StixCoreObject @auth(for: [KNOWLEDGE]) stixCoreObjectAnalysis(id: ID!, contentSource: String!, contentType: AnalysisContentType!): Analysis @auth(for: [KNOWLEDGE]) stixCoreObjects( first: Int after: ID types: [String] orderBy: StixCoreObjectsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): StixCoreObjectConnection @auth(for: [KNOWLEDGE]) globalSearch( first: Int after: ID search: String types: [String] orderBy: StixCoreObjectsOrdering orderMode: OrderingMode filters: FilterGroup ): StixCoreObjectConnection @auth(for: [KNOWLEDGE]) stixCoreObjectsExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) stixCoreObjectsTimeSeries( authorId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean types: [String] filters: FilterGroup search: String ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreObjectsMultiTimeSeries( startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean timeSeriesParameters: [StixCoreObjectsTimeSeriesParameters] ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreObjectsNumber( dateAttribute: String types: [String] startDate: DateTime endDate: DateTime onlyInferred: Boolean filters: FilterGroup search: String ): Number @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreObjectsMultiNumber( dateAttribute: String startDate: DateTime endDate: DateTime onlyInferred: Boolean numberParameters: [StixCoreObjectsNumberParameters] ): [Number] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreObjectsDistribution( objectId: [String] relationship_type: [String] toTypes: [String] elementWithTargetTypes: [String] field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreObjectsMultiDistribution( field: String! startDate: DateTime endDate: DateTime dateAttribute: String operation: StatsOperation! limit: Int order: String distributionParameters: StixCoreObjectsDistributionParameters ): [MultiDistribution] @auth(for: [KNOWLEDGE, EXPLORE]) filtersRepresentatives(filters: FilterGroup!): [RepresentativeWithId!]! @auth(for: [KNOWLEDGE, SETTINGS_SECURITYACTIVITY, INGESTION_SETINGESTIONS, SETTINGS_SETACCESSES, SETTINGS_SETCUSTOMIZATION]) ######## STIX DOMAIN OBJECT ENTITIES stixDomainObject(id: String!): StixDomainObject @auth(for: [KNOWLEDGE]) stixDomainObjects( first: Int after: ID types: [String] orderBy: StixDomainObjectsOrdering orderMode: OrderingMode filters: FilterGroup search: String ): StixDomainObjectConnection @auth(for: [KNOWLEDGE]) bookmarks(first: Int, after: ID, types: [String], filters: FilterGroup): StixDomainObjectConnection @auth(for: [KNOWLEDGE]) stixDomainObjectsExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) stixDomainObjectsTimeSeries( authorId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! types: [String] onlyInferred: Boolean filters: FilterGroup search: String ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE, SETTINGS_SETCUSTOMIZATION]) stixDomainObjectsNumber( dateAttribute: String types: [String] endDate: DateTime onlyInferred: Boolean filters: FilterGroup search: String): Number @auth(for: [KNOWLEDGE, EXPLORE, SETTINGS_SETCUSTOMIZATION]) stixDomainObjectsDistribution( objectId: [String] relationship_type: [String] toTypes: [String] elementWithTargetTypes: [String] field: String! dateAttribute: String operation: StatsOperation! limit: Int order: String types: [String] filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) attackPattern(id: String): AttackPattern @auth(for: [KNOWLEDGE]) attackPatterns( first: Int after: ID orderBy: AttackPatternsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): AttackPatternConnection @auth(for: [KNOWLEDGE]) attackPatternsMatrix: AttackPatternsMatrix @auth(for: [KNOWLEDGE]) campaign(id: String): Campaign @auth(for: [KNOWLEDGE]) campaigns( first: Int after: ID orderBy: CampaignsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): CampaignConnection @auth(for: [KNOWLEDGE]) campaignsTimeSeries( objectId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! relationship_type: [String] ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) # Containers container(id: String): Container @auth(for: [KNOWLEDGE]) containers( first: Int after: ID orderBy: ContainersOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): ContainerConnection @auth(for: [KNOWLEDGE]) containersObjectsOfObject( id: String! types: [String] filters: FilterGroup search: String ): StixObjectOrStixRelationshipConnection @auth(for: [KNOWLEDGE]) containersNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) note(id: String): Note @auth(for: [KNOWLEDGE]) notes( first: Int after: ID orderBy: NotesOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): NoteConnection @auth(for: [KNOWLEDGE]) notesNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) notesTimeSeries( objectId: String authorId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) notesDistribution( objectId: String field: String! dateAttribute: String operation: StatsOperation! limit: Int order: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) noteContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean @auth(for: [KNOWLEDGE]) observedData(id: String): ObservedData @auth(for: [KNOWLEDGE]) observedDatas( first: Int after: ID orderBy: ObservedDatasOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): ObservedDataConnection @auth(for: [KNOWLEDGE]) observedDatasTimeSeries( objectId: String authorId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) observedDatasNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) observedDatasDistribution( objectId: String field: String! dateAttribute: String operation: StatsOperation! limit: Int order: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) observedDataContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean @auth(for: [KNOWLEDGE]) opinion(id: String): Opinion @auth(for: [KNOWLEDGE]) opinions( first: Int after: ID orderBy: OpinionsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): OpinionConnection @auth(for: [KNOWLEDGE]) opinionsTimeSeries( objectId: String authorId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) opinionsNumber(objectId: String, endDate: DateTime): Number @auth(for: [KNOWLEDGE, EXPLORE]) opinionsDistribution( objectId: String field: String! dateAttribute: String operation: StatsOperation! limit: Int order: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) opinionContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean @auth(for: [KNOWLEDGE]) myOpinion(id: String!): Opinion @auth(for: [KNOWLEDGE]) report(id: String): Report @auth(for: [KNOWLEDGE]) reports( first: Int after: ID orderBy: ReportsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): ReportConnection @auth(for: [KNOWLEDGE]) reportsTimeSeries( objectId: String authorId: String reportType: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! filters: FilterGroup search: String ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) reportsNumber( reportType: String objectId: String authorId: String endDate: DateTime filters: FilterGroup search: String ): Number @auth(for: [KNOWLEDGE, EXPLORE]) reportsDistribution( objectId: String authorId: String field: String! operation: StatsOperation! limit: Int order: String startDate: DateTime endDate: DateTime dateAttribute: String filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) reportContainsStixObjectOrStixRelationship(id: String!, stixObjectOrStixRelationshipId: String!): Boolean @auth(for: [KNOWLEDGE]) courseOfAction(id: String): CourseOfAction @auth(for: [KNOWLEDGE]) coursesOfAction( first: Int after: ID orderBy: CoursesOfActionOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): CourseOfActionConnection @auth(for: [KNOWLEDGE]) # Identities identity(id: String!): Identity @auth(for: [KNOWLEDGE]) identities( first: Int after: ID types: [String] orderBy: IdentitiesOrdering orderMode: OrderingMode search: String filters: FilterGroup toStix: Boolean ): IdentityConnection @auth(for: [KNOWLEDGE, INGESTION_SETINGESTIONS]) individual(id: String!): Individual @auth(for: [KNOWLEDGE]) individuals( first: Int after: ID orderBy: IndividualsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): IndividualConnection @auth(for: [KNOWLEDGE]) sector(id: String): Sector @auth(for: [KNOWLEDGE]) sectors( first: Int after: ID orderBy: SectorsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): SectorConnection @auth(for: [KNOWLEDGE]) system(id: String): System @auth(for: [KNOWLEDGE]) systems( first: Int after: ID orderBy: SystemsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): SystemConnection @auth(for: [KNOWLEDGE]) infrastructure(id: String!): Infrastructure @auth(for: [KNOWLEDGE]) infrastructures( first: Int after: ID orderBy: InfrastructuresOrdering orderMode: OrderingMode filters: FilterGroup search: String ): InfrastructureConnection @auth(for: [KNOWLEDGE]) intrusionSet(id: String): IntrusionSet @auth(for: [KNOWLEDGE]) intrusionSets( first: Int after: ID orderBy: IntrusionSetsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): IntrusionSetConnection @auth(for: [KNOWLEDGE]) # Locations location(id: String!): Location @auth(for: [KNOWLEDGE]) locations( first: Int after: ID types: [String] orderBy: LocationsOrdering orderMode: OrderingMode search: String filters: FilterGroup toStix: Boolean ): LocationConnection @auth(for: [KNOWLEDGE]) city(id: String): City @auth(for: [KNOWLEDGE]) cities( first: Int after: ID orderBy: CitiesOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): CityConnection @auth(for: [KNOWLEDGE]) country(id: String): Country @auth(for: [KNOWLEDGE]) countries( first: Int after: ID orderBy: CountriesOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): CountryConnection @auth(for: [KNOWLEDGE]) region(id: String!): Region @auth(for: [KNOWLEDGE]) regions( first: Int after: ID orderBy: RegionsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): RegionConnection @auth(for: [KNOWLEDGE]) position(id: String!): Position @auth(for: [KNOWLEDGE]) positions( first: Int after: ID orderBy: PositionsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): PositionConnection @auth(for: [KNOWLEDGE]) malware(id: String): Malware @auth(for: [KNOWLEDGE]) malwares( first: Int after: ID orderBy: MalwaresOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): MalwareConnection @auth(for: [KNOWLEDGE]) threatActor(id: String): ThreatActor @auth(for: [KNOWLEDGE]) threatActors( first: Int after: ID orderBy: ThreatActorsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): ThreatActorConnection @auth(for: [KNOWLEDGE]) threatActorGroup(id: String): ThreatActorGroup @auth(for: [KNOWLEDGE]) threatActorsGroup( first: Int after: ID orderBy: ThreatActorsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): ThreatActorGroupConnection @auth(for: [KNOWLEDGE]) tool(id: String): Tool @auth(for: [KNOWLEDGE]) tools( first: Int after: ID orderBy: ToolsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): ToolConnection @auth(for: [KNOWLEDGE]) vulnerability(id: String): Vulnerability @auth(for: [KNOWLEDGE]) vulnerabilities( first: Int after: ID orderBy: VulnerabilitiesOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): VulnerabilityConnection @auth(for: [KNOWLEDGE]) incident(id: String): Incident @auth(for: [KNOWLEDGE]) incidents( first: Int after: ID orderBy: IncidentsOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): IncidentConnection @auth(for: [KNOWLEDGE]) incidentsTimeSeries( objectId: String field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! relationship_type: [String] ): [TimeSeries] @auth(for: [KNOWLEDGE]) ######## STIX CYBER OBSERVABLE ENTITIES stixCyberObservable(id: String!): StixCyberObservable @auth(for: [KNOWLEDGE]) stixCyberObservables( first: Int after: ID types: [String] orderBy: StixCyberObservablesOrdering orderMode: OrderingMode filters: FilterGroup search: String toStix: Boolean ): StixCyberObservableConnection @auth(for: [KNOWLEDGE]) stixCyberObservablesExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) stixCyberObservablesNumber( dateAttribute: String types: [String] authorId: String endDate: DateTime filters: FilterGroup search: String ): Number @auth(for: [KNOWLEDGE, EXPLORE]) stixCyberObservablesTimeSeries( types: [String] filters: FilterGroup search: String ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixCyberObservablesDistribution( objectId: String field: String! dateAttribute: String operation: String! filters: FilterGroup search: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) ######## STIX RELATIONSHIPS stixRelationship(id: String): StixRelationship @auth(for: [KNOWLEDGE]) stixRelationships( first: Int after: ID orderBy: StixRelationshipsOrdering orderMode: OrderingMode fromOrToId: String elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime startDate: DateTime endDate: DateTime confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup stix: Boolean ): StixRelationshipConnection @auth(for: [KNOWLEDGE]) stixRelationshipsTimeSeries( field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE, SETTINGS_SETCUSTOMIZATION]) stixRelationshipsMultiTimeSeries( operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean timeSeriesParameters: [StixRelationshipsTimeSeriesParameters] ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup aggregateOnConnections: Boolean ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixRelationshipsNumber( dateAttribute: String authorId: String noDirection: Boolean endDate: DateTime onlyInferred: Boolean fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup ): Number @auth(for: [KNOWLEDGE, EXPLORE, SETTINGS_SETCUSTOMIZATION]) schemaRelationsTypesMapping: [StixRelationshipSchema!]! @auth schemaRelationsRefTypesMapping: [StixRelationshipRefSchema!]! @auth filterKeysSchema: [FilterKeysSchema!]! @auth ######## STIX CORE RELATIONSHIPS stixCoreRelationship(id: String): StixCoreRelationship @auth(for: [KNOWLEDGE]) stixCoreRelationships( first: Int after: ID orderBy: StixCoreRelationshipsOrdering orderMode: OrderingMode fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime startDate: DateTime endDate: DateTime confidences: [Int] search: String filters: FilterGroup stix: Boolean ): StixCoreRelationshipConnection @auth(for: [KNOWLEDGE]) stixCoreRelationshipsTimeSeries( field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsMultiTimeSeries( operation: StatsOperation! startDate: DateTime! endDate: DateTime interval: String! onlyInferred: Boolean timeSeriesParameters: [StixCoreRelationshipsTimeSeriesParameters] ): [MultiTimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsDistribution( field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String isTo: Boolean limit: Int order: String fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup aggregateOnConnections: Boolean ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsNumber( dateAttribute: String authorId: String noDirection: Boolean endDate: DateTime onlyInferred: Boolean fromOrToId: [String] elementWithTargetTypes: [String] fromId: [String] fromRole: String fromTypes: [String] toId: [String] toRole: String toTypes: [String] relationship_type: [String] confidences: [Int] search: String filters: FilterGroup dynamicFrom: FilterGroup dynamicTo: FilterGroup ): Number @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreRelationshipsExportFiles(first: Int, exportContext: ExportContext!): FileConnection @auth(for: [KNOWLEDGE_KNGETEXPORT]) ######## STIX SIGHTING RELATIONSHIPS stixSightingRelationship(id: String): StixSightingRelationship @auth(for: [KNOWLEDGE]) stixSightingRelationships( first: Int after: ID orderBy: StixSightingRelationshipsOrdering orderMode: OrderingMode fromOrToId: String fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] firstSeenStart: DateTime firstSeenStop: DateTime lastSeenStart: DateTime lastSeenStop: DateTime search: String filters: FilterGroup toStix: Boolean ): StixSightingRelationshipConnection @auth(for: [KNOWLEDGE]) stixSightingRelationshipsTimeSeries( fromOrToId: String fromId: StixRef toId: StixRef field: String! operation: StatsOperation! startDate: DateTime! endDate: DateTime! interval: String! fromTypes: [String] toTypes: [String] search: String filters: FilterGroup ): [TimeSeries] @auth(for: [KNOWLEDGE, EXPLORE]) stixSightingRelationshipsDistribution( fromOrToId: String fromId: StixRef toId: StixRef field: String! operation: StatsOperation! startDate: DateTime endDate: DateTime dateAttribute: String limit: Int order: String fromTypes: [String] toTypes: [String] search: String filters: FilterGroup ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixSightingRelationshipsNumber( dateAttribute: String fromOrToId: String fromId: StixRef toId: StixRef endDate: DateTime fromTypes: [String] toTypes: [String] search: String filters: FilterGroup): Number @auth(for: [KNOWLEDGE, EXPLORE]) ######## STIX REF RELATIONSHIPS stixRefRelationship(id: String): StixRefRelationship @auth(for: [KNOWLEDGE]) stixRefRelationships( first: Int after: ID orderBy: StixRefRelationshipsOrdering orderMode: OrderingMode fromOrToId: String fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: [String] startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime search: String filters: FilterGroup toStix: Boolean ): StixRefRelationshipConnection @auth(for: [KNOWLEDGE]) stixNestedRefRelationships( first: Int after: ID orderBy: StixRefRelationshipsOrdering orderMode: OrderingMode fromOrToId: String fromId: StixRef toId: StixRef fromTypes: [String] toTypes: [String] relationship_type: [String] startTimeStart: DateTime startTimeStop: DateTime stopTimeStart: DateTime stopTimeStop: DateTime search: String filters: FilterGroup toStix: Boolean ): StixRefRelationshipConnection @auth(for: [KNOWLEDGE]) stixSchemaRefRelationships( id: String toType: String ): DefinitionRefRelationship @auth(for: [KNOWLEDGE]) stixRefRelationshipsDistribution( field: String! operation: StatsOperation! relationship_type: [String] isTo: Boolean toRole: String toTypes: [String] startDate: DateTime endDate: DateTime dateAttribute: String limit: Int order: String ): [Distribution] @auth(for: [KNOWLEDGE, EXPLORE]) stixRefRelationshipsNumber(types: [String!], fromId: StixRef, endDate: DateTime): Number @auth(for: [KNOWLEDGE]) ####### ALL stixObjectOrStixRelationship(id: String!): StixObjectOrStixRelationship @auth(for: [KNOWLEDGE, EXPLORE]) stixObjectOrStixRelationships( first: Int after: ID search: String filters: FilterGroup ): StixObjectOrStixRelationshipConnection @auth(for: [KNOWLEDGE, EXPLORE]) stixCoreObjectOrStixCoreRelationship(id: String!): StixCoreObjectOrStixCoreRelationship @auth(for: [KNOWLEDGE, EXPLORE]) } ### SUBSCRIPTIONS type Subscription { me: MeUser @auth settings(id: ID!): Settings @auth(for: [SETTINGS_SETPARAMETERS]) settingsMessages(id: ID!): Settings @auth group(id: ID!): Group @auth(for: [SETTINGS_SETACCESSES]) user(id: ID!): User @auth(for: [SETTINGS_SETACCESSES]) label(id: ID!): Label @auth(for: [SETTINGS_SETLABELS]) statusTemplate(id: ID!): StatusTemplate @auth(for: [SETTINGS_SETLABELS]) markingDefinition(id: ID!): MarkingDefinition @auth(for: [SETTINGS_SETMARKINGS]) killChainPhase(id: ID!): KillChainPhase @auth(for: [SETTINGS_SETLABELS]) stixCoreObject(id: ID!): StixCoreObject @auth(for: [KNOWLEDGE]) internalObject(id: ID!): InternalObject @auth(for: [SETTINGS]) @deprecated(reason: "[>=6.3 & <6.6]. Not used in the platform.") stixDomainObject(id: ID!): StixDomainObject @auth(for: [KNOWLEDGE]) stixCyberObservable(id: ID!): StixCyberObservable @auth(for: [KNOWLEDGE]) stixCoreRelationship(id: ID!): StixCoreRelationship @auth(for: [KNOWLEDGE]) stixSightingRelationship(id: ID!): StixSightingRelationship @auth(for: [KNOWLEDGE]) stixRefRelationship(id: ID!): StixRefRelationship @auth(for: [KNOWLEDGE]) externalReference(id: ID!): ExternalReference @auth(for: [KNOWLEDGE]) } ### MUTATIONS ###### INTERNAL type WorkEditMutations { delete: ID! ping: ID! reportExpectation(error: WorkErrorInput): ID! addExpectations(expectations: Int): ID! toReceived(message: String): ID! toProcessed(message: String, inError: Boolean): ID! } ######## INTERNAL OBJECT ENTITIES type SettingsEditMutations { fieldPatch(input: [EditInput]!): Settings @auth(for: [SETTINGS_SETPARAMETERS, SETTINGS_SETACCESSES, SETTINGS_SECURITYACTIVITY]) contextPatch(input: EditContext): Settings @auth(for: [SETTINGS_SETPARAMETERS]) contextClean: Settings @auth(for: [SETTINGS_SETPARAMETERS]) editMessage(input: SettingsMessageInput!): Settings @auth(for: [SETTINGS_SETPARAMETERS]) deleteMessage(input: String!): Settings @auth(for: [SETTINGS_SETPARAMETERS]) } type SubTypeEditMutations { statusAdd(input: StatusAddInput!): SubType statusFieldPatch(statusId: String!, input: [EditInput]!): SubType statusDelete(statusId: String!): SubType } type GroupEditMutations { delete: ID fieldPatch(input: [EditInput]!): Group contextPatch(input: EditContext): Group contextClean: Group relationAdd(input: InternalRelationshipAddInput!): InternalRelationship relationDelete(fromId: StixRef, toId: StixRef, relationship_type: String!): Group editDefaultMarking(input: DefaultMarkingInput!): Group } type UserEditMutations { delete: ID fieldPatch(input: [EditInput]!): User contextPatch(input: EditContext): User contextClean: User tokenRenew: User @auth(for: [SETTINGS_SETACCESSES]) relationAdd(input: InternalRelationshipAddInput!): InternalRelationship relationDelete(toId: StixRef!, relationship_type: String!): User organizationAdd(organizationId: ID!): User organizationDelete(organizationId: ID!): User } type RoleEditMutations { delete: ID fieldPatch(input: [EditInput]!): Role contextPatch(input: EditContext): Role contextClean: Role relationAdd(input: InternalRelationshipAddInput!): InternalRelationship relationDelete(toId: StixRef!, relationship_type: String!): Role } type AttributeEditMutations { delete: ID fieldPatch(input: [EditInput]!): Attribute } type TaxiiCollectionEditMutations { delete: ID fieldPatch(input: [EditInput]!): TaxiiCollection } type StreamCollectionEditMutations { delete: ID fieldPatch(input: [EditInput]!): StreamCollection addGroup(id: ID!): StreamCollection deleteGroup(id: ID!): StreamCollection } type SynchronizerEditMutations { delete: ID fieldPatch(input: [EditInput]!): Synchronizer } ######## STIX OBJECT type StixEditMutations { delete: ID merge(stixObjectsIds: [String]!): StixObject } ######## STIX OBJECT ENTITIES ######## STIX META OBJECT ENTITIES type MarkingDefinitionEditMutations { delete: ID fieldPatch(input: [EditInput]!): MarkingDefinition contextPatch(input: EditContext): MarkingDefinition contextClean: MarkingDefinition } type LabelEditMutations { delete: ID fieldPatch(input: [EditInput]!): Label contextPatch(input: EditContext): Label contextClean: Label } type ExternalReferenceEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(fromId: StixRef!, relationship_type: String!): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) askEnrichment(connectorId: ID!): Work @auth(for: [KNOWLEDGE_KNENRICHMENT]) importPush(file: Upload!, fileMarkings: [String], version: DateTime, noTriggerImport: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) } type KillChainPhaseEditMutations { delete: ID fieldPatch(input: [EditInput]!): KillChainPhase contextPatch(input: EditContext): KillChainPhase contextClean: KillChainPhase relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship relationDelete(toId: StixRef!, relationship_type: String!): KillChainPhase } ######## STIX CORE OBJECT ENTITIES enum AnalysisContentType { fields file } union Analysis = MappingAnalysis input MappingAnalysisInput { mappedEntities: [MappedEntityInput] } type MappingAnalysis { analysisType: String! analysisStatus: State analysisDate: DateTime mappedEntities: [MappedEntity!] } input MappedEntityInput { matchedString: String! matchedEntityId: String! } type MappedEntity { matchedString: String! matchedEntity: StixCoreObject! isEntityInContainer: Boolean! } type StixCoreObjectEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationsAdd(input: StixRefRelationshipsAddInput!, commitMessage: String, references: [String]): StixCoreObject @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): StixCoreObject @auth(for: [KNOWLEDGE_KNUPDATE]) restrictionOrganizationAdd(organizationId: ID!): StixCoreObject @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) restrictionOrganizationDelete(organizationId: ID!): StixCoreObject @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) askEnrichment(connectorId: ID!): Work @auth(for: [KNOWLEDGE_KNENRICHMENT]) askAnalysis(contentSource: String!, contentType: AnalysisContentType!, connectorId: ID): Work @auth(for: [KNOWLEDGE_KNUPDATE]) analysisPush(file: Upload!, contentSource: String!, contentType: AnalysisContentType!, analysisType: String!): File @auth(for: [CONNECTORAPI]) analysisClear(contentSource: String!, contentType: AnalysisContentType!): Boolean @auth(for: [KNOWLEDGE_KNUPDATE]) importPush(file: Upload!, fileMarkings: [String], version: DateTime, noTriggerImport: Boolean, fromTemplate: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) exportAsk(input: ExportAskInput!): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) exportPush(file: Upload!): Boolean @auth(for: [CONNECTORAPI]) } ######## STIX DOMAIN OBJECT ENTITIES input StixDomainObjectFileEditInput { id: String! description: String order: Int inCarousel: Boolean } type StixDomainObjectEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) changeType(newType: String!): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationsAdd(input: StixRefRelationshipsAddInput!): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) importPush(file: Upload!, fileMarkings: [String], version: DateTime, noTriggerImport: Boolean, fromTemplate: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) exportAsk(input: ExportAskInput!): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) exportPush(file: Upload!, file_markings: [String]!): Boolean @auth(for: [CONNECTORAPI]) stixDomainObjectFileEdit(input: StixDomainObjectFileEditInput): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) } type AttackPatternEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) } type CampaignEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) } ############### Containers type ContainerEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Container @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Container @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Container @auth(for: [KNOWLEDGE_KNUPDATE]) editAuthorizedMembers(input:[MemberAccessInput!]): Container @auth(for: [KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS]) relationAdd(input: StixRefRelationshipAddInput!, commitMessage: String, references: [String]): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): Container @auth(for: [KNOWLEDGE_KNUPDATE]) investigationAdd: Workspace @auth(for: [KNOWLEDGE_KNUPDATE]) knowledgeAddFromInvestigation(workspaceId: ID!): Container @auth(for: [KNOWLEDGE_KNUPDATE]) } type NoteEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE, KNOWLEDGE_KNPARTICIPATE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) contextPatch(input: EditContext): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) contextClean: Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) relationDelete(toId: StixRef!, relationship_type: String!): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) } type ObservedDataEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) } type OpinionEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE, KNOWLEDGE_KNPARTICIPATE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) contextPatch(input: EditContext): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) contextClean: Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) relationDelete(toId: StixRef!, relationship_type: String!): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) } type ReportEditMutations { delete(purgeElements: Boolean): ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Report @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Report @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Report @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!, commitMessage: String, references: [String]): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): Report @auth(for: [KNOWLEDGE_KNUPDATE]) } type CourseOfActionEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) } ############### Identities type IdentityEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Identity @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) } type IndividualEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Individual @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) } type SectorEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Sector @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) } type SystemEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): System @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): System @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: System @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): System @auth(for: [KNOWLEDGE_KNUPDATE]) } type InfrastructureEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) } type IntrusionSetEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) } ############### Locations type LocationEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Location @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Location @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Location @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Location @auth(for: [KNOWLEDGE_KNUPDATE]) } type CityEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): City @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): City @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: City @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): City @auth(for: [KNOWLEDGE_KNUPDATE]) } type CountryEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Country @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Country @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Country @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Country @auth(for: [KNOWLEDGE_KNUPDATE]) } type RegionEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Region @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Region @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Region @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Region @auth(for: [KNOWLEDGE_KNUPDATE]) } type PositionEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Position @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Position @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Position @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Position @auth(for: [KNOWLEDGE_KNUPDATE]) } type MalwareEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Malware @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) } type ThreatActorGroupEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) } type ToolEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Tool @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) } type VulnerabilityEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) } type IncidentEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: Incident @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) } ######## STIX CYBER OBSERVABLE ENTITIES type StixCyberObservableEditMutations { delete: ID @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) contextPatch(input: EditContext): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) contextClean: StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) relationsAdd(input: StixRefRelationshipsAddInput!): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) relationDelete(toId: StixRef!, relationship_type: String!): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) promoteToIndicator: Indicator @auth(for: [KNOWLEDGE_KNUPDATE]) importPush(file: Upload!, fileMarkings: [String], version: DateTime, noTriggerImport: Boolean): File @auth(for: [KNOWLEDGE_KNUPLOAD]) exportAsk(format: String!, exportType: String!, maxMarkingDefinition: String): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) exportPush(file: Upload!): Boolean @auth(for: [CONNECTORAPI]) } ######## STIX RELATIONSHIPS type StixRelationshipEditMutations { delete: ID } ######## STIX CORE RELATIONSHIPS type StixCoreRelationshipEditMutations { delete: ID fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixCoreRelationship contextPatch(input: EditContext): StixCoreRelationship contextClean: StixCoreRelationship relationAdd(input: StixRefRelationshipAddInput!): StixRefRelationship relationsAdd(input: StixRefRelationshipsAddInput!, commitMessage: String, references: [String]): StixCoreRelationship relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): StixCoreRelationship restrictionOrganizationAdd(organizationId: ID!): StixCoreRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) restrictionOrganizationDelete(organizationId: ID!): StixCoreRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) } ######## STIX SIGHTING RELATIONSHIPS type StixSightingRelationshipEditMutations { delete: ID fieldPatch(input: [EditInput]!, commitMessage: String, references: [String]): StixSightingRelationship contextPatch(input: EditContext): StixSightingRelationship contextClean: StixSightingRelationship relationAdd(input: StixRefRelationshipAddInput!): StixSightingRelationship relationsAdd(input: StixRefRelationshipsAddInput!, commitMessage: String, references: [String]): StixSightingRelationship relationDelete(toId: StixRef!, relationship_type: String!, commitMessage: String, references: [String]): StixSightingRelationship restrictionOrganizationAdd(organizationId: ID!): StixSightingRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) restrictionOrganizationDelete(organizationId: ID!): StixSightingRelationship @auth(for: [KNOWLEDGE_KNUPDATE_KNORGARESTRICT]) } ######## STIX REF RELATIONSHIPS type StixRefRelationshipEditMutations { delete: ID fieldPatch(input: [EditInput]!): StixRefRelationship contextPatch(input: EditContext): StixRefRelationship } ### MUTATIONS DECLARATION type Mutation { ###### INTERNAL deleteImport(fileName: String): ID @auth(for: [KNOWLEDGE_KNASKIMPORT]) uploadImport(file: Upload!, fileMarkings: [String]): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) uploadPending(file: Upload!, entityId: String, labels: [String], errorOnExisting: Boolean, refreshEntity: Boolean): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) askJobImport(fileName: ID!, connectorId: String, configuration: String, bypassEntityId: String, bypassValidation: Boolean): File @auth(for: [KNOWLEDGE_KNASKIMPORT]) resetFileIndexing: Boolean @auth(for: [SETTINGS_FILEINDEXING]) ### SYNC synchronizerAdd(input: SynchronizerAddInput!): Synchronizer @auth(for: [CONNECTORAPI]) synchronizerEdit(id: ID!): SynchronizerEditMutations @auth(for: [CONNECTORAPI]) synchronizerStart(id: ID!): Synchronizer @auth(for: [CONNECTORAPI]) synchronizerStop(id: ID!): Synchronizer @auth(for: [CONNECTORAPI]) synchronizerTest(input: SynchronizerAddInput): String @auth(for: [CONNECTORAPI, INGESTION_SETINGESTIONS]) ### WORK workAdd(connectorId: String!, friendlyName: String): Work! @auth(for: [CONNECTORAPI, MODULES_MODMANAGE, KNOWLEDGE_KNASKIMPORT, KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) workEdit(id: ID!): WorkEditMutations @auth(for: [CONNECTORAPI, MODULES_MODMANAGE]) workDelete(connectorId: String!): Boolean @auth(for: [CONNECTORAPI, MODULES_MODMANAGE]) ### TASK deleteBackgroundTask(id: ID!): ID! @auth listTaskAdd(input: ListTaskAddInput!): BackgroundTask! @auth queryTaskAdd(input: QueryTaskAddInput!): BackgroundTask! @auth ### RETENTION RULE retentionRuleAdd(input: RetentionRuleAddInput!): RetentionRule! @auth(for: [SETTINGS_SETCUSTOMIZATION]) retentionRuleCheck(input: RetentionRuleAddInput): Int! @auth(for: [SETTINGS_SETCUSTOMIZATION]) retentionRuleEdit(id: ID!): RetentionRuleEditMutations @auth(for: [SETTINGS_SETCUSTOMIZATION]) ### RULE ruleSetActivation(id: ID!, enable: Boolean!): Rule! @auth(for: [SETTINGS_SETCUSTOMIZATION]) ruleManagerClean(eventId: ID): RuleManager! @auth(for: [SETTINGS_SETCUSTOMIZATION]) ######## INTERNAL OBJECT ENTITIES frontendErrorLog(message: String!, codeStack: String, componentStack: String): Boolean @auth token(input: UserLoginInput): String @public # Use for login otpActivation(input: UserOTPActivationInput): MeUser @auth otpDeactivation: MeUser @auth otpUserDeactivation(id: ID!): MeUser @auth(for: [SETTINGS_SETACCESSES]) otpLogin(input: UserOTPLoginInput): Boolean @auth @rateLimit(limit: 1, duration: 1) settingsEdit(id: ID!): SettingsEditMutations @auth subTypeEdit(id: ID!): SubTypeEditMutations @auth(for: [SETTINGS_SETCUSTOMIZATION]) statusTemplateAdd(input: StatusTemplateAddInput!): StatusTemplate! @auth(for: [SETTINGS_SETLABELS]) statusTemplateDelete(id: ID!): ID! @auth(for: [SETTINGS_SETLABELS]) statusTemplateFieldPatch(id: ID!, input: [EditInput!]!): StatusTemplate! @auth(for: [SETTINGS_SETLABELS]) statusTemplateContextPatch(id: ID!, input: EditContext!): StatusTemplate! @auth(for: [SETTINGS_SETLABELS]) statusTemplateContextClean(id: ID!): StatusTemplate! @auth(for: [SETTINGS_SETLABELS]) groupAdd(input: GroupAddInput!): Group @auth(for: [SETTINGS_SETACCESSES]) groupEdit(id: ID!): GroupEditMutations @auth(for: [SETTINGS_SETACCESSES]) userAdd(input: UserAddInput!): User @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) userEdit(id: ID!): UserEditMutations @auth(for: [SETTINGS_SETACCESSES, VIRTUAL_ORGANIZATION_ADMIN]) meTokenRenew: MeUser @auth meEdit(input: [EditInput]!, password: String): MeUser @auth bookmarkAdd(id: ID!, type: String!): StixDomainObject @auth(for: [KNOWLEDGE]) bookmarkDelete(id: ID!): ID @auth(for: [KNOWLEDGE]) logout: ID @auth roleAdd(input: RoleAddInput!): Role @auth(for: [SETTINGS_SETACCESSES]) sessionKill(id: ID!): ID @auth(for: [SETTINGS_SETACCESSES]) userSessionsKill(id: ID!): [ID] @auth(for: [SETTINGS_SETACCESSES]) roleEdit(id: ID!): RoleEditMutations @auth(for: [SETTINGS_SETACCESSES]) pingConnector(id: ID!, state: String, connectorInfo: ConnectorInfoInput): Connector @auth(for: [CONNECTORAPI]) registerConnector(input: RegisterConnectorInput): Connector @auth(for: [CONNECTORAPI]) resetStateConnector(id: ID!): Connector @auth(for: [MODULES_MODMANAGE]) deleteConnector(id: ID!): ID! @auth(for: [MODULES_MODMANAGE]) updateConnectorTrigger(id: ID!, input: [EditInput]!): Connector @auth(for: [MODULES_MODMANAGE]) feedAdd(input: FeedAddInput!): Feed @auth(for: [TAXIIAPI_SETCOLLECTIONS]) feedDelete(id: ID!): ID! @auth(for: [TAXIIAPI_SETCOLLECTIONS]) feedEdit(id: ID!, input: FeedAddInput!): Feed! @auth(for: [TAXIIAPI_SETCOLLECTIONS]) taxiiCollectionAdd(input: TaxiiCollectionAddInput!): TaxiiCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) taxiiCollectionEdit(id: ID!): TaxiiCollectionEditMutations @auth(for: [TAXIIAPI_SETCOLLECTIONS]) streamCollectionAdd(input: StreamCollectionAddInput!): StreamCollection @auth(for: [TAXIIAPI_SETCOLLECTIONS]) streamCollectionEdit(id: ID!): StreamCollectionEditMutations @auth(for: [TAXIIAPI_SETCOLLECTIONS]) ######## STIX OBJECT stixEdit(id: ID!): StixEditMutations @auth(for: [SETTINGS]) ######## STIX OBJECT ENTITIES ######## STIX META OBJECT ENTITIES markingDefinitionAdd(input: MarkingDefinitionAddInput!): MarkingDefinition @auth(for: [SETTINGS_SETMARKINGS]) markingDefinitionEdit(id: ID!): MarkingDefinitionEditMutations @auth(for: [SETTINGS_SETMARKINGS]) labelAdd(input: LabelAddInput!): Label @auth(for: [SETTINGS_SETLABELS]) labelEdit(id: ID!): LabelEditMutations @auth(for: [SETTINGS_SETLABELS]) externalReferenceAdd(input: ExternalReferenceAddInput!): ExternalReference @auth(for: [KNOWLEDGE_KNUPDATE]) externalReferenceEdit(id: ID!): ExternalReferenceEditMutations @auth killChainPhaseAdd(input: KillChainPhaseAddInput!): KillChainPhase @auth(for: [SETTINGS_SETLABELS]) killChainPhaseEdit(id: ID!): KillChainPhaseEditMutations @auth(for: [SETTINGS_SETLABELS]) ######## STIX CORE OBJECT ENTITIES stixCoreObjectEdit(id: ID!): StixCoreObjectEditMutations @auth stixCoreObjectsExportAsk(input: StixCoreObjectsExportAskInput!): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) stixCoreObjectsExportPush(entity_id: String, entity_type: String!, file: Upload!, file_markings: [String]!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) ######## STIX DOMAIN OBJECT ENTITIES stixBundlePush(connectorId: String!, bundle: String!): Boolean @auth(for: [CONNECTORAPI]) stixDomainObjectAdd(input: StixDomainObjectAddInput!): StixDomainObject @auth(for: [KNOWLEDGE_KNUPDATE]) stixDomainObjectEdit(id: ID!): StixDomainObjectEditMutations @auth stixDomainObjectsExportAsk( format: String! exportType: String! contentMaxMarkings: [String], fileMarkings: [String] search: String exportContext: ExportContext relationship_type: [String] orderBy: StixDomainObjectsOrdering orderMode: OrderingMode filters: FilterGroup selectedIds: [String] ): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) stixDomainObjectsDelete(id: [ID]!): [ID]! @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE]) stixDomainObjectsExportPush(entity_id: String, entity_type: String!, file: Upload!, file_markings: [String]!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) attackPatternAdd(input: AttackPatternAddInput!): AttackPattern @auth(for: [KNOWLEDGE_KNUPDATE]) attackPatternEdit(id: ID!): AttackPatternEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) campaignAdd(input: CampaignAddInput!): Campaign @auth(for: [KNOWLEDGE_KNUPDATE]) campaignEdit(id: ID!): CampaignEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) ############### Containers containerEdit(id: ID!): ContainerEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) noteAdd(input: NoteAddInput!): Note @auth(for: [KNOWLEDGE_KNUPDATE]) userNoteAdd(input: NoteUserAddInput!): Note @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) noteEdit(id: ID!): NoteEditMutations @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) observedDataAdd(input: ObservedDataAddInput!): ObservedData @auth(for: [KNOWLEDGE_KNUPDATE]) observedDataEdit(id: ID!): ObservedDataEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) opinionAdd(input: OpinionAddInput!): Opinion @auth(for: [KNOWLEDGE_KNUPDATE]) userOpinionAdd(input: OpinionUserAddInput!): Opinion @auth(for: [KNOWLEDGE_KNUPDATE, KNOWLEDGE_KNPARTICIPATE]) opinionEdit(id: ID!): OpinionEditMutations @auth(for: [KNOWLEDGE_KNUPDATE_KNDELETE, KNOWLEDGE_KNPARTICIPATE]) reportAdd(input: ReportAddInput!): Report @auth(for: [KNOWLEDGE_KNUPDATE]) reportEdit(id: ID!): ReportEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) courseOfActionAdd(input: CourseOfActionAddInput!): CourseOfAction @auth(for: [KNOWLEDGE_KNUPDATE]) courseOfActionEdit(id: ID!): CourseOfActionEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) ############### Identities identityAdd(input: IdentityAddInput!): Identity @auth(for: [KNOWLEDGE_KNUPDATE]) identityEdit(id: ID!): IdentityEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) individualAdd(input: IndividualAddInput!): Individual @auth(for: [KNOWLEDGE_KNUPDATE]) individualEdit(id: ID!): IndividualEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) sectorAdd(input: SectorAddInput!): Sector @auth(for: [KNOWLEDGE_KNUPDATE]) sectorEdit(id: ID!): SectorEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) systemAdd(input: SystemAddInput!): System @auth(for: [KNOWLEDGE_KNUPDATE]) systemEdit(id: ID!): SystemEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) infrastructureAdd(input: InfrastructureAddInput!): Infrastructure @auth(for: [KNOWLEDGE_KNUPDATE]) infrastructureEdit(id: ID!): InfrastructureEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) intrusionSetAdd(input: IntrusionSetAddInput!): IntrusionSet @auth(for: [KNOWLEDGE_KNUPDATE]) intrusionSetEdit(id: ID!): IntrusionSetEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) ############### Locations locationAdd(input: LocationAddInput!): Location @auth(for: [KNOWLEDGE_KNUPDATE]) locationEdit(id: ID!): LocationEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) cityAdd(input: CityAddInput!): City @auth(for: [KNOWLEDGE_KNUPDATE]) cityEdit(id: ID!): CityEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) countryAdd(input: CountryAddInput!): Country @auth(for: [KNOWLEDGE_KNUPDATE]) countryEdit(id: ID!): CountryEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) regionAdd(input: RegionAddInput!): Region @auth(for: [KNOWLEDGE_KNUPDATE]) regionEdit(id: ID!): RegionEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) positionAdd(input: PositionAddInput!): Position @auth(for: [KNOWLEDGE_KNUPDATE]) positionEdit(id: ID!): PositionEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) malwareAdd(input: MalwareAddInput!): Malware @auth(for: [KNOWLEDGE_KNUPDATE]) malwareEdit(id: ID!): MalwareEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) threatActorGroupAdd(input: ThreatActorGroupAddInput!): ThreatActorGroup @auth(for: [KNOWLEDGE_KNUPDATE]) threatActorGroupEdit(id: ID!): ThreatActorGroupEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) toolAdd(input: ToolAddInput!): Tool @auth(for: [KNOWLEDGE_KNUPDATE]) toolEdit(id: ID!): ToolEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) vulnerabilityAdd(input: VulnerabilityAddInput!): Vulnerability @auth(for: [KNOWLEDGE_KNUPDATE]) vulnerabilityEdit(id: ID!): VulnerabilityEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) incidentAdd(input: IncidentAddInput!): Incident @auth(for: [KNOWLEDGE_KNUPDATE]) incidentEdit(id: ID!): IncidentEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) ######## STIX CYBER OBSERVABLE ENTITIES stixCyberObservableAdd( type: String! stix_id: StixId x_opencti_score: Int x_opencti_description: String createIndicator: Boolean createdBy: String objectMarking: [String] objectLabel: [String] objectOrganization: [String] externalReferences: [String] clientMutationId: String update: Boolean AutonomousSystem: AutonomousSystemAddInput Directory: DirectoryAddInput DomainName: DomainNameAddInput EmailAddr: EmailAddrAddInput EmailMessage: EmailMessageAddInput EmailMimePartType: EmailMimePartTypeAddInput Artifact: ArtifactAddInput StixFile: StixFileAddInput X509Certificate: X509CertificateAddInput IPv4Addr: IPv4AddrAddInput IPv6Addr: IPv6AddrAddInput MacAddr: MacAddrAddInput Mutex: MutexAddInput NetworkTraffic: NetworkTrafficAddInput Process: ProcessAddInput Software: SoftwareAddInput Url: UrlAddInput UserAccount: UserAccountAddInput WindowsRegistryKey: WindowsRegistryKeyAddInput WindowsRegistryValueType: WindowsRegistryValueTypeAddInput CryptographicKey: CryptographicKeyAddInput CryptocurrencyWallet: CryptocurrencyWalletAddInput Hostname: HostnameAddInput Text: TextAddInput UserAgent: UserAgentAddInput BankAccount: BankAccountAddInput Credential: CredentialAddInput TrackingNumber: TrackingNumberAddInput PhoneNumber: PhoneNumberAddInput PaymentCard: PaymentCardAddInput MediaContent: MediaContentAddInput Persona: PersonaAddInput ): StixCyberObservable @auth(for: [KNOWLEDGE_KNUPDATE]) stixCyberObservableEdit(id: ID!): StixCyberObservableEditMutations @auth stixCyberObservablesExportAsk(input: StixCyberObservablesExportAskInput!): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) stixCyberObservablesExportPush(entity_id: String, entity_type: String!, file: Upload!, file_markings: [String]!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) artifactImport( file: Upload! x_opencti_description: String createdBy: String objectMarking: [String] objectLabel: [String] ): Artifact @auth(for: [KNOWLEDGE_KNUPDATE]) ######## STIX RELATIONSHIPS stixRelationshipEdit(id: ID!): StixRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) ######## STIX CORE RELATIONSHIPS stixCoreRelationshipAdd(input: StixCoreRelationshipAddInput, reversedReturn: Boolean): StixCoreRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) stixCoreRelationshipEdit(id: ID!): StixCoreRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) stixCoreRelationshipsExportAsk(input: StixCoreRelationshipsExportAskInput!): [File!] @auth(for: [KNOWLEDGE_KNGETEXPORT_KNASKEXPORT]) stixCoreRelationshipDelete(fromId: StixRef!, toId: StixRef!, relationship_type: String!): Boolean! @auth(for: [KNOWLEDGE_KNUPDATE]) stixCoreRelationshipsExportPush(entity_id: String, entity_type: String!, file: Upload!, file_markings: [String]!, listFilters: String): Boolean @auth(for: [CONNECTORAPI]) ######## STIX REF RELATIONSHIPS stixRefRelationshipAdd(input: StixRefRelationshipAddInput!): StixRefRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) stixRefRelationshipEdit(id: ID!): StixRefRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) ######## STIX SIGHTING RELATIONSHIPS stixSightingRelationshipAdd(input: StixSightingRelationshipAddInput!): StixSightingRelationship @auth(for: [KNOWLEDGE_KNUPDATE]) stixSightingRelationshipEdit(id: ID!): StixSightingRelationshipEditMutations @auth(for: [KNOWLEDGE_KNUPDATE]) }