- PolicyConditionGroup
Raw observations/detections on agents. The same finding may have different severity based on context.
Unique identifier for the finding
Brief title describing the finding
Type of the finding
Evidence or reference links supporting the finding
When the finding was detected
Number of active issues linked to this finding
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "title": "Example String", "type": "INSTRUCTIONS_NOT_CLEAR", "evidence": "Example Custom Scalar", "detectedAt": "Example Custom Scalar", "issuesCount": 40 }
Filter for findings (output - mirrors FindingFilter input)
Filter by finding type
Filter by finding ID
{ "type": { "__typename": "FindingTypeFilterOutput" }, "id": { "__typename": "StringFilterOutput" } }
Filter for finding types (output - mirrors FindingTypeFilter input)
Finding types to include in the results
Operator to apply for matching finding types (IN = match if ANY type is present, AND = match if ALL types are present)
{ "in": [ "INSTRUCTIONS_NOT_CLEAR" ], "operator": "IN" }
Represents a policy that evaluates agent events and creates issues
Unique identifier for the policy
Policy name
Detailed description of what the policy does
Current enforcement mode of the policy
Current status of the policy
Event that triggers policy evaluation
Conditions that must be met for the policy to match
Actions to execute when policy conditions match
Automatically resolve issues when conditions are no longer met
Indicates if this policy is a system default or custom/modified by the tenant
Number of issues created by this policy
When the policy was last executed
When the policy was created
When the policy was last updated
User who created the policy
User who last updated the policy
Version number, incremented on each update
When the policy was soft-deleted (null if active)
Effective environment types where this policy applies. Returns specific environments if conditions include environment filters, or all environments (Prod, Sandbox, Dev) if no environment filter is specified.
{ "id": "9cfb1c81-4c79-452f-b1f5-8ee6571276b4", "name": "Example String", "description": "Example String", "mode": "DRAFT", "status": "ACTIVE", "trigger": { "__typename": "PolicyTrigger" }, "conditions": { "__typename": "PolicyConditionGroup" }, "actions": [ { "__typename": "PolicyAction" } ], "autoResolve": true, "isDefault": true, "issuesCount": 40, "lastExecutedAt": "Example Custom Scalar", "createdAt": "Example Custom Scalar", "updatedAt": "Example Custom Scalar", "createdBy": { "__typename": "Owner" }, "updatedBy": { "__typename": "Owner" }, "version": 40, "deletedAt": "Example Custom Scalar", "environmentTypes": [ "Prod" ] }
Event that triggers policy evaluation
Type of trigger event
{ "type": "AGENT_CREATED" }
Group of conditions combined with AND/OR logic. Supports agent properties, findings, and runtime detections.
Filter on agent properties (environment, platform, owner, etc.)
Filter on tool properties (for TOOL_INVOCATION trigger)
Filter on findings present on the agent (type, detectedAt)
Filter on runtime detections on the agent
{ "agentFilter": { "__typename": "AgentFilterOutput" }, "toolFilter": { "__typename": "ToolFilterOutput" }, "findingFilter": { "__typename": "FindingFilterOutput" }, "detectionFilter": { "__typename": "DetectionFilterOutput" } }
Action to execute when policy matches. Policy assigns severity based on context - the same finding can result in different severity issues.
Type of action to execute
Parameters for the action
{ "type": "CREATE_ISSUE", "params": { "__typename": "PolicyCreateIssueActionParams" } }
Parameters for CREATE_ISSUE action
Severity to assign when creating an issue (policy decides severity, not the finding)
{ "issueSeverity": "LOW" }
Integer range output type
Minimum value
Maximum value
{ "min": 40, "max": 40 }
DateTime range output type
{ "min": "Example Custom Scalar", "max": "Example Custom Scalar" }
Filter options for policies page including dynamic ranges
Range of issues count across all policies
Range of last executed dates across all policies
{ "issuesCountRange": { "__typename": "IntRange" }, "lastExecutedAtRange": { "__typename": "DateTimeRange" } }