• • GraphQL Reference

• Queries

  • Query
  • Mutation

• Objects

  • Analytics
  • AnalyticsCubes
  • AnalyticsCubesDailyOnboardedPerformanceCube
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregate
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateAverage
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateConnection
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateCount
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateCountDistinct
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateEdge
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateMax
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateMin
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateSum
  • AnalyticsCubesDailyOnboardedPerformanceCubeConnection
  • AnalyticsCubesDailyOnboardedPerformanceCubeEdge
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCube
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregate
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateAverage
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateConnection
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateCount
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateCountDistinct
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateEdge
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateMax
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateMin
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateSum
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeConnection
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeEdge
  • AnalyticsCubesDailyUserTypeCountsSnapshot
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregate
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateAverage
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateConnection
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateCount
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateCountDistinct
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateEdge
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateMax
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateMin
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateSum
  • AnalyticsCubesDailyUserTypeCountsSnapshotConnection
  • AnalyticsCubesDailyUserTypeCountsSnapshotEdge
  • AnalyticsPluginFeedbackRulePassed
  • AnalyticsPluginFeedbackRulePassedAggregate
  • AnalyticsPluginFeedbackRulePassedAggregateConnection
  • AnalyticsPluginFeedbackRulePassedAggregateCount
  • AnalyticsPluginFeedbackRulePassedAggregateCountDistinct
  • AnalyticsPluginFeedbackRulePassedAggregateEdge
  • AnalyticsPluginFeedbackRulePassedAggregateMax
  • AnalyticsPluginFeedbackRulePassedAggregateMin
  • AnalyticsPluginFeedbackRulePassedConnection
  • AnalyticsPluginFeedbackRulePassedEdge
  • AnalyticsResponseFeedbackRuleActivated
  • AnalyticsResponseFeedbackRuleActivatedAggregate
  • AnalyticsResponseFeedbackRuleActivatedAggregateConnection
  • AnalyticsResponseFeedbackRuleActivatedAggregateCount
  • AnalyticsResponseFeedbackRuleActivatedAggregateCountDistinct
  • AnalyticsResponseFeedbackRuleActivatedAggregateEdge
  • AnalyticsResponseFeedbackRuleActivatedAggregateMax
  • AnalyticsResponseFeedbackRuleActivatedAggregateMin
  • AnalyticsResponseFeedbackRuleActivatedConnection
  • AnalyticsResponseFeedbackRuleActivatedEdge
  • AnalyticsResponseFeedbackRuleCreated
  • AnalyticsResponseFeedbackRuleCreatedAggregate
  • AnalyticsResponseFeedbackRuleCreatedAggregateConnection
  • AnalyticsResponseFeedbackRuleCreatedAggregateCount
  • AnalyticsResponseFeedbackRuleCreatedAggregateCountDistinct
  • AnalyticsResponseFeedbackRuleCreatedAggregateEdge
  • AnalyticsResponseFeedbackRuleCreatedAggregateMax
  • AnalyticsResponseFeedbackRuleCreatedAggregateMin
  • AnalyticsResponseFeedbackRuleCreatedConnection
  • AnalyticsResponseFeedbackRuleCreatedEdge
  • AnalyticsResponseFeedbackRuleDeactivated
  • AnalyticsResponseFeedbackRuleDeactivatedAggregate
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateConnection
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateCount
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateCountDistinct
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateEdge
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateMax
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateMin
  • AnalyticsResponseFeedbackRuleDeactivatedConnection
  • AnalyticsResponseFeedbackRuleDeactivatedEdge
  • AnalyticsResponseFeedbackRuleDeleted
  • AnalyticsResponseFeedbackRuleDeletedAggregate
  • AnalyticsResponseFeedbackRuleDeletedAggregateConnection
  • AnalyticsResponseFeedbackRuleDeletedAggregateCount
  • AnalyticsResponseFeedbackRuleDeletedAggregateCountDistinct
  • AnalyticsResponseFeedbackRuleDeletedAggregateEdge
  • AnalyticsResponseFeedbackRuleDeletedAggregateMax
  • AnalyticsResponseFeedbackRuleDeletedAggregateMin
  • AnalyticsResponseFeedbackRuleDeletedConnection
  • AnalyticsResponseFeedbackRuleDeletedEdge
  • AnalyticsResponseFeedbackRuleUpdated
  • AnalyticsResponseFeedbackRuleUpdatedAggregate
  • AnalyticsResponseFeedbackRuleUpdatedAggregateConnection
  • AnalyticsResponseFeedbackRuleUpdatedAggregateCount
  • AnalyticsResponseFeedbackRuleUpdatedAggregateCountDistinct
  • AnalyticsResponseFeedbackRuleUpdatedAggregateEdge
  • AnalyticsResponseFeedbackRuleUpdatedAggregateMax
  • AnalyticsResponseFeedbackRuleUpdatedAggregateMin
  • AnalyticsResponseFeedbackRuleUpdatedConnection
  • AnalyticsResponseFeedbackRuleUpdatedEdge
  • EmailAddress
  • EmailAttachment
  • EmailHeader
  • EmailName
  • EscalationEmail
  • FeedbackRule
  • FileResource
  • Game
  • IcuMessage
  • Incident
  • IncidentEmailTemplate
  • IncidentEscalation
  • IncidentMatch
  • IncidentNote
  • IncidentRule
  • IncidentRuleActionChannels
  • IncidentRuleActionEmailChannel
  • IncidentRuleActionEmailChannelOptions
  • IncidentRuleEscalateAction
  • IncidentRuleMatch
  • IncidentRuleResolveAction
  • KeyValue
  • MlopsIocEmailMaliciousFlag
  • OrgUserCustomAttributeDefinitions
  • Organization
  • OrganizationAnalytics
  • OrganizationLegacyContract
  • OrganizationModernContract
  • PageInfo
  • Prediction
  • Quest
  • QuestEmail
  • QuestObjectiveEmail
  • QuestObjectiveGeneric
  • QuestObjectiveMarkers
  • QuestObjectiveQuiz
  • QuestObjectiveStars
  • QuestObjectives
  • QuestResult
  • SearchToken
  • SimulationSenderDomain
  • Threat
  • ThreatEmail
  • ThreatEmailAttachment
  • ThreatEmailHop
  • ThreatEmailLink
  • ThreatEnrichments
  • ThreatMetaData
  • ThreatObservable
  • ThreatResources
  • User
  • UserModifiers
  • UserProfile
  • UserTrainingPackage
  • UserTrainingPackageResult
  • __Directive
  • __EnumValue
  • __Field
  • __InputValue
  • __Schema
  • __Type

• Mutations

  • addIncidentNote
  • removeIncidentThreats
  • sendIncidentSocFeedback
  • setIncidentSensitive
  • setIncidentSocClassification
  • updateIncidentState

• Interfaces

  • IQuestObjective
  • IUserProfileName
  • Node

• Enums

  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateGroupBy
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateOrderBy
  • AnalyticsCubesDailyOnboardedPerformanceCubeOrderBy
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateGroupBy
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateOrderBy
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeOrderBy
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateGroupBy
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateOrderBy
  • AnalyticsCubesDailyUserTypeCountsSnapshotOrderBy
  • AnalyticsPluginFeedbackRulePassedAggregateGroupBy
  • AnalyticsPluginFeedbackRulePassedAggregateOrderBy
  • AnalyticsPluginFeedbackRulePassedOrderBy
  • AnalyticsResponseFeedbackRuleActivatedAggregateGroupBy
  • AnalyticsResponseFeedbackRuleActivatedAggregateOrderBy
  • AnalyticsResponseFeedbackRuleActivatedOrderBy
  • AnalyticsResponseFeedbackRuleCreatedAggregateGroupBy
  • AnalyticsResponseFeedbackRuleCreatedAggregateOrderBy
  • AnalyticsResponseFeedbackRuleCreatedOrderBy
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateGroupBy
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateOrderBy
  • AnalyticsResponseFeedbackRuleDeactivatedOrderBy
  • AnalyticsResponseFeedbackRuleDeletedAggregateGroupBy
  • AnalyticsResponseFeedbackRuleDeletedAggregateOrderBy
  • AnalyticsResponseFeedbackRuleDeletedOrderBy
  • AnalyticsResponseFeedbackRuleUpdatedAggregateGroupBy
  • AnalyticsResponseFeedbackRuleUpdatedAggregateOrderBy
  • AnalyticsResponseFeedbackRuleUpdatedOrderBy
  • FeedbackRuleMessage
  • FeedbackRule_sort
  • IncidentMatch_sort
  • IncidentPolicy
  • IncidentRuleAction
  • IncidentRuleConditionTokenKey
  • IncidentRuleMatch_sort
  • IncidentRuleSettingsEmailTemplateType
  • IncidentRule_sort
  • IncidentState
  • IncidentViewSearchTokenKey
  • Incident_sort
  • LikelyTargetEntity
  • ONBOARDING_STATE
  • OrganizationTier
  • Organization_sort
  • QuestState
  • Quest_sort
  • SocClassification
  • SortOrder
  • ThreatChannel
  • ThreatClassification
  • ThreatIocMaliciousFlag
  • ThreatObservable_sort
  • ThreatSeverity
  • ThreatState
  • Threat_sort
  • USER_GAME_MODE
  • UserAction
  • User_sort
  • __DirectiveLocation
  • __TypeKind

• Unions

  • IncidentRuleActionUnion
  • MainObjective
  • OrganizationContract
  • SecondaryObjective

• Input Objects

  • AggregateIntFilter
  • AggregateStringFilter
  • AggregateTimestampFilter
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateFilter
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateInput
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateInputFilter
  • AnalyticsCubesDailyOnboardedPerformanceCubeAggregateInputOrderBy
  • AnalyticsCubesDailyOnboardedPerformanceCubeFilter
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateFilter
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateInput
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateInputFilter
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeAggregateInputOrderBy
  • AnalyticsCubesDailyOnboardedUserTrainingProgressCubeFilter
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateFilter
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateInput
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateInputFilter
  • AnalyticsCubesDailyUserTypeCountsSnapshotAggregateInputOrderBy
  • AnalyticsCubesDailyUserTypeCountsSnapshotFilter
  • AnalyticsPluginFeedbackRulePassedAggregateFilter
  • AnalyticsPluginFeedbackRulePassedAggregateInput
  • AnalyticsPluginFeedbackRulePassedAggregateInputFilter
  • AnalyticsPluginFeedbackRulePassedAggregateInputOrderBy
  • AnalyticsPluginFeedbackRulePassedFilter
  • AnalyticsResponseFeedbackRuleActivatedAggregateFilter
  • AnalyticsResponseFeedbackRuleActivatedAggregateInput
  • AnalyticsResponseFeedbackRuleActivatedAggregateInputFilter
  • AnalyticsResponseFeedbackRuleActivatedAggregateInputOrderBy
  • AnalyticsResponseFeedbackRuleActivatedFilter
  • AnalyticsResponseFeedbackRuleCreatedAggregateFilter
  • AnalyticsResponseFeedbackRuleCreatedAggregateInput
  • AnalyticsResponseFeedbackRuleCreatedAggregateInputFilter
  • AnalyticsResponseFeedbackRuleCreatedAggregateInputOrderBy
  • AnalyticsResponseFeedbackRuleCreatedFilter
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateFilter
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateInput
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateInputFilter
  • AnalyticsResponseFeedbackRuleDeactivatedAggregateInputOrderBy
  • AnalyticsResponseFeedbackRuleDeactivatedFilter
  • AnalyticsResponseFeedbackRuleDeletedAggregateFilter
  • AnalyticsResponseFeedbackRuleDeletedAggregateInput
  • AnalyticsResponseFeedbackRuleDeletedAggregateInputFilter
  • AnalyticsResponseFeedbackRuleDeletedAggregateInputOrderBy
  • AnalyticsResponseFeedbackRuleDeletedFilter
  • AnalyticsResponseFeedbackRuleUpdatedAggregateFilter
  • AnalyticsResponseFeedbackRuleUpdatedAggregateInput
  • AnalyticsResponseFeedbackRuleUpdatedAggregateInputFilter
  • AnalyticsResponseFeedbackRuleUpdatedAggregateInputOrderBy
  • AnalyticsResponseFeedbackRuleUpdatedFilter
  • FeedbackRule_filter
  • FloatFilter
  • IncidentMatch_filter
  • IncidentNoteInput
  • IncidentRuleMatch_filter
  • IncidentRule_filter
  • Incident_filter
  • IntAggregateOrderBy
  • IntFilter
  • Organization_filter
  • Quest_filter
  • StringAggregateOrderBy
  • StringFilter
  • ThreatObservable_filter
  • Threat_filter
  • TimestampAggregateOrderBy
  • TimestampFilter
  • UserTrainingPackage_filter
  • User_filter

• Scalars

  • Boolean
  • Cursor
  • Date
  • Float
  • ID
  • Int
  • SlackMessageAttachment
  • SlackMessageBlock
  • SlackMessageMetadata
  • String
  • Timestamp
  • WorkflowConfigConfig

• Directives

  • deprecated
  • external
  • include
  • skip

ThreatIocMaliciousFlag

Threat ioc malicious flag

Values

mlops_ioc_email_attachments_ms_removed

mlops_ioc_email_attachments_type_compressed

mlops_ioc_email_attachments_type_doc

mlops_ioc_email_attachments_type_eml

mlops_ioc_email_attachments_type_html

mlops_ioc_email_attachments_type_macro_enabled

mlops_ioc_email_attachments_type_pdf

mlops_ioc_email_body_contains_only_clickable_image

mlops_ioc_email_body_has_detection_obfuscation

mlops_ioc_email_body_mentions_advance_fee_keywords

mlops_ioc_email_body_mentions_bitcoin

mlops_ioc_email_body_mentions_fax_keywords

mlops_ioc_email_body_mentions_free_service_email

mlops_ioc_email_body_mentions_large_sums_of_money

mlops_ioc_email_body_mentions_lottery_scam_keywords

mlops_ioc_email_body_mentions_microsoft_and_payment

mlops_ioc_email_body_mentions_money_lending

mlops_ioc_email_body_mentions_money_transfer_keywords

mlops_ioc_email_body_mentions_password_and_expire

mlops_ioc_email_body_mentions_urgency_keywords

mlops_ioc_email_body_mentions_voicemail

mlops_ioc_email_body_mentions_wetransfer

mlops_ioc_email_commercial_deception

mlops_ioc_email_fake_ms_planner

mlops_ioc_email_fake_subscription_renewal

mlops_ioc_email_headers_x_forefront_antispam_report_cat_dimp

mlops_ioc_email_headers_x_forefront_antispam_report_cat_hphish

mlops_ioc_email_headers_x_forefront_antispam_report_cat_hspm

mlops_ioc_email_headers_x_forefront_antispam_report_cat_phish

mlops_ioc_email_headers_x_forefront_antispam_report_cat_spm

mlops_ioc_email_headers_x_forefront_antispam_report_cat_uimp

mlops_ioc_email_html_contains_ms_logo

mlops_ioc_email_html_has_hidden_text

mlops_ioc_email_is_flagged_by_spam_filter

mlops_ioc_email_is_reconnaissance

mlops_ioc_email_links_contain_equals_receiver_email

mlops_ioc_email_links_contain_hashtag_receiver_email

mlops_ioc_email_links_contain_open_redirects

mlops_ioc_email_links_to_cloud_sharing

mlops_ioc_email_links_to_third_party_services

mlops_ioc_email_links_url_shortener

mlops_ioc_email_mentions_adult_content

mlops_ioc_email_mentions_business_opportunity

mlops_ioc_email_mentions_document_signing

mlops_ioc_email_mentions_financial_institution

mlops_ioc_email_mentions_human_resources

mlops_ioc_email_mentions_it_department

mlops_ioc_email_mentions_law_enforcement

mlops_ioc_email_mentions_postal_service

mlops_ioc_email_mentions_qr_keywords

mlops_ioc_email_mentions_remittance_advice

mlops_ioc_email_receivers_all_in_bcc

mlops_ioc_email_sender_address_free_service

mlops_ioc_email_sender_address_matches_receiver_address

mlops_ioc_email_sender_name_has_authority_impersonation

mlops_ioc_email_sender_name_has_email

mlops_ioc_email_sender_name_has_homoglyphs

mlops_ioc_email_sender_name_has_phone_number

mlops_ioc_email_subject_has_detection_obfuscation

mlops_ioc_email_subject_has_receiver_alias

mlops_ioc_email_subject_has_receiver_domain

mlops_ioc_email_subject_has_receiver_email

mlops_ioc_email_subject_many_upper_case_chars