- Finding
Represents a step required to remediate an issue
Unique identifier for the remediation step
Description of the remediation action
Current status of this remediation step
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "description": "Example String", "status": "TODO" }
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "source": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "target": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4" }
Graph representation showing related entities as evidence
{ "nodes": [ { "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "name": "Example String", "title": "Example String", "type": "INSTRUCTIONS_NOT_CLEAR", "evidence": "Example Custom Scalar", "createdAt": "Example Custom Scalar" } ], "edges": [ { "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "source": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "target": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4" } ] }
Preview of an issue with minimal fields for display in lists and indicators
Unique identifier for the issue
Brief title describing the issue (mapped from Issue.title)
Severity level of the issue
Implements interfaces
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "name": "Example String", "severity": "LOW" }
Represents a security or compliance issue identified in an agent
Unique identifier for the issue
Brief title describing the issue
Severity level of the issue
Detailed explanation of why this is an issue
Current status of the issue
Category classifying the type of risk
User assigned to resolve this issue
When the issue was first identified
When the issue was last modified
Steps required to remediate this issue
The agent where this issue was identified
The policy that generated this issue
Findings that are associated with this issue
Runtime detections that are associated with this issue
Graph showing data flow related to this issue (DataSource → Agent → Tool → Policy)
Timeframe of activities related to this issue. Returns null if not available.
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "title": "Example String", "severity": "LOW", "reasoning": "Example String", "status": "OPEN", "category": "ACCESS", "assignee": { "__typename": "Owner" }, "createdAt": "Example Custom Scalar", "updatedAt": "Example Custom Scalar", "remediationSteps": [ { "__typename": "RemediationStep" } ], "agent": { "__typename": "Agent" }, "policy": { "__typename": "Policy" }, "findings": [ { "__typename": "Finding" } ], "detections": [ { "__typename": "Detection" } ], "graph": { "__typename": "EvidenceGraph" }, "timeframe": { "__typename": "TimeRange" } }
Raw observations/detections on agents. The same finding may have different severity based on context.
Unique identifier for the finding
Brief title describing the finding
Type of the finding
Evidence or reference links supporting the finding
When the finding was detected
Number of active issues linked to this finding
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "title": "Example String", "type": "INSTRUCTIONS_NOT_CLEAR", "evidence": "Example Custom Scalar", "detectedAt": "Example Custom Scalar", "issuesCount": 40 }
Filter for findings (output - mirrors FindingFilter input)
Filter by finding type
Filter by finding ID
{ "type": { "__typename": "FindingTypeFilterOutput" }, "id": { "__typename": "StringFilterOutput" } }
Filter for finding types (output - mirrors FindingTypeFilter input)
Finding types to include in the results
Operator to apply for matching finding types (IN = match if ANY type is present, AND = match if ALL types are present)
{ "in": [ "INSTRUCTIONS_NOT_CLEAR" ], "operator": "IN" }
Represents a policy that evaluates agent events and creates issues
Unique identifier for the policy
Policy name
Detailed description of what the policy does
Current enforcement mode of the policy
Current status of the policy
Event that triggers policy evaluation
Conditions that must be met for the policy to match
Actions to execute when policy conditions match
Automatically resolve issues when conditions are no longer met
Indicates if this policy is a system default or custom/modified by the tenant
Number of issues created by this policy
When the policy was last executed
When the policy was created
When the policy was last updated
User who created the policy
User who last updated the policy
Version number, incremented on each update
When the policy was soft-deleted (null if active)
Effective environment types where this policy applies. Returns specific environments if conditions include environment filters, or all environments (Prod, Sandbox, Dev) if no environment filter is specified.
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "name": "Example String", "description": "Example String", "mode": "DRAFT", "status": "ACTIVE", "trigger": { "__typename": "PolicyTrigger" }, "conditions": { "__typename": "PolicyConditionGroup" }, "actions": [ { "__typename": "PolicyAction" } ], "autoResolve": true, "isDefault": true, "issuesCount": 40, "lastExecutedAt": "Example Custom Scalar", "createdAt": "Example Custom Scalar", "updatedAt": "Example Custom Scalar", "createdBy": { "__typename": "Owner" }, "updatedBy": { "__typename": "Owner" }, "version": 40, "deletedAt": "Example Custom Scalar", "environmentTypes": [ "Prod" ] }
Event that triggers policy evaluation
Type of trigger event
{ "type": "AGENT_CREATED" }
Group of conditions combined with AND/OR logic. Supports agent properties, findings, and runtime detections.
Filter on agent properties (environment, platform, owner, etc.)
Filter on tool properties (for TOOL_INVOCATION trigger)
Filter on findings present on the agent (type, detectedAt)
Filter on runtime detections on the agent
{ "agentFilter": { "__typename": "AgentFilterOutput" }, "toolFilter": { "__typename": "ToolFilterOutput" }, "findingFilter": { "__typename": "FindingFilterOutput" }, "detectionFilter": { "__typename": "DetectionFilterOutput" } }