Skip to main content

Questions operations

Create a Question

mutation CreateQuestion($question: CreateQuestionInput!) {
  createQuestion(question: $question) {
    id
    title
    description
    queries {
      name
      query
      version
      resultsAre
    }
    variables {
      name
      required
      default
    }
    compliance {
      standard
      requirements
    }
    accountId
    integrationDefinitionId
  }
}

Variables:

{
  "question": {
    "title": "What are my production data stores and their encryption status?",
    "tags": ["SecOps"],
    "description": "Returns a list of all production entities.",
    "queries": [
      {
        "name": "prod-datastores-encrypted",
        "query": "Find * with tag.Production=true and encrypted=true",
        "resultsAre": "GOOD"
      },
      {
        "name": "prod-datastores-unencrypted",
        "query": "Find * with tag.Production=true and encrypted!=true",
        "resultsAre": "BAD"
      }
    ],
    "compliance": [
      {
        "standard": "NIST CSF",
        "requirements": ["ID.AM-1"]
      }
    ]
  }
}
note

The name field is optional; name is recommended to be a single word without special characters, and resultsAre with values GOOD, BAD, and UNKNOWN are used to determine gaps/issues and to perform continuous compliance assessment. INFORMATIVE is the default value.

Update a question

mutation UpdateQuestion($id: ID!, $update: QuestionUpdate!) {
  updateQuestion(id: $id, update: $update) {
    id
    title
    description
    queries {
      name
      query
      version
      resultsAre
    }
    variables {
      name
      required
      default
    }
    compliance {
      standard
      requirements
    }
    accountId
    integrationDefinitionId
  }
}

Variables:

{
  "id": "sj3j9f0j2ndlsj300swdjfjs",
  "update": {
    "title": "What are my production data stores and their encryption status?",
    "tags": ["SecOps"],
    "description": "Returns a list of all production entities.",
    "queries": [
      {
        "name": "prod-datastores-encrypted",
        "query": "Find * with tag.Production=true and encrypted=true",
        "resultsAre": "GOOD"
      },
      {
        "name": "prod-datastores-unencrypted",
        "query": "Find * with tag.Production=true and encrypted!=true",
        "resultsAre": "BAD"
      }
    ],
    "compliance": [
      {
        "standard": "NIST CSF",
        "requirements": ["ID.AM-1"]
      }
    ]
  }
}
note

That the only difference here for update is the "id" property associated with the question.

Delete a question

  mutation DeleteQuestion($id: ID!) {
    deleteQuestion(id: $id) {
      id
      title
      description
      queries {
        query
        name
        version
      }
      variables {
        name
        required
        default
      }
      tags
      accountId
      integrationDefinitionId
    }
  }
}

Variables:

{
  "id": "slj3098s03j-i2ojd0j2-sjkkdjf"
}

Search for questions

query GetQuestions($searchQuery: String) {
    questions (searchQuery: $searchQuery) {
        questions {
            id
            name
            description
        }
    }
}

Variables:

{
  "searchQuery": "encrypted"
}

Evaluate a question:

query EvaluateQuestion($id: ID!) {
    evaluateQuestion (id: $id) {
        answerText
        outputs {name, value}
    }
}

Variables:

{
  "id": <some string>
}

Contents