Skip to content

strobes-co/strobes-gql-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
examples
examples
 
 
strobes_gql_client
strobes_gql_client
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

StrobesGQLClient

StrobesGQL client is a python wrapper around Strobes graphql

Schema Types

Table of Contents

Query

€
Field Argument Type Description
allGroups GroupPaginatedType
organizationId UUID
page Int
pageSize Int
getCurrentTenant TenantOrganizationType
allEngagements EngagementPaginatedType
organizationId UUID
searchQuery String
orderBy [String]
assetId Int
page Int
pageSize Int
allAssets AssetCursorPaginatedType
organizationId UUID
searchQuery String
orderBy [String]
groupId Int
page Int
pageSize Int
exportReportType String
allBugs BugCursorPaginatedType
organizationId UUID
searchQuery String
orderBy [String]
page Int
pageSize Int
exportReportType String
allEngagementActivities EngagementCommentPaginatedType
organizationId UUID
engagementId UUID
searchQuery String
orderBy [String]
page Int
pageSize Int
allAssessments AssessmentPaginatedType
organizationId UUID
engagementId UUID
searchQuery String
orderBy [String]
assetId [Int]
page Int
pageSize Int

Mutation

Field Argument Type Description
addGroup AddGroupMutation
assetIds [Int]
name String
organizationId UUID
updateGroup UpdateGroupMutation
assetIds [Int]
groupId Int
name String
organizationId UUID
groupBulkDelete BulkDeleteGroupMutation
ids [Int]
organizationId UUID
orgMemberRoleBulkUpdate BulkUpdateOrgMemberRoleMutation
organizationId UUID
role Int
userIds [Int]
teamMemberRoleBulkUpdate BulkUpdateTeamMemberRoleMutation
organizationId UUID
role Int
teamId Int
userIds [Int]
orgMemberRoleBulkDelete BulkDeleteOrgMemberRoleMutation
organizationId UUID
userIds [Int]
teamMemberRoleBulkDelete BulkDeleteTeamMemberRoleMutation
organizationId UUID
teamId Int
userIds [Int]
bugBulkUpdate BulkUpdateBugMutation
cvss Float
ids [Int]
organizationId UUID
severity Int
state Int
bugBulkAssignment BulkBugAssignmentMutation
ids [Int]
organizationId UUID
userIds [Int]
bugBulkUnassignment BulkBugUnAssignmentMutation
ids [Int]
organizationId UUID
userIds [Int]
bugBulkUpdateTags BulkUpdateBugTagMutation
ids [Int]
organizationId UUID
tags [String]
bugBulkUpdateCve BulkUpdateBugCVEMutation
cves [String]
ids [Int]
organizationId UUID
bugBulkDelete BulkDeleteBugMutation
ids [Int]
organizationId UUID
addBulkComment AddBulkCommentsMutation
comment String
ids [Int]
internal Boolean
organizationId UUID
assetsBulkUpdate BulkUpdateAssetsMutation
exposed Int
ids [Int]
organizationId UUID
sensitivity Int
assetsBulkMerge BulkMergeAssetsMutation
ids [Int]
organizationId UUID
sourceAsset Int
assetsBulkLink BulkLinkAssetsMutation
ids [Int]
organizationId UUID
sourceAsset Int
assetsBulkDelete BulkDeleteAssetsMutation
ids [Int]
organizationId UUID
updateEngagement UpdateEngagementMutation
addAssetIds [Int]
addDocumentIds [Int]
comment String
commentAttachments [Int]
deliveryDate Date
scheduledDate Date
engagementId UUID
instructions String
name String
organizationId UUID
service String
package String
removeAssetIds [Int]
removeDocumentIds [Int]
subscribedServices [Int]
testAccounts String
vpnAccounts String
updateAssessments UpdateAssessmentMutation
assessmentId Int
assignedTo [Int]
engagementId UUID
instructions String
organizationId UUID
state Int
testAccounts String
vpnAccounts String
bulkUpdateAssessment BulkAssessmentMutation
engagementId UUID
organizationId UUID
state Int
searchQuery String

Objects

AddBulkCommentsMutation

Field Argument Type Description
bugs [BugType]

AddGroupMutation

Field Argument Type Description
groups [GroupsType]

AssetCursorPaginatedType

Field Argument Type Description
beforeCursor String
lastCursor String
hasNext Boolean
hasPrevious Boolean
objects [AssetType]

AssetType

Field Argument Type Description
id ID!
name String!
target String
exposed Int!
type Int!
cloudType Int!
organization TenantOrganizationType
disabled Boolean!
sensitivity Int!
keys String!
data JSONString
createdBy UserType
linkedAssets [AssetType!]!
additionalInfo JSONString
scan ScanLog
tempId UUID
created DateTime!
updated DateTime!
tags [TagType!]!
location String
linedAssets [AssetType!]!
groupAssets [GroupsType!]!
engagementAssets [EngagementType!]!
configurationAsset [ConfigurationType!]!
bugSet [BugType!]!
ipaddress String
hostname String
macAddress String
os String

BugCursorPaginatedType

Field Argument Type Description
beforeCursor String
lastCursor String
hasNext Boolean
hasPrevious Boolean
objects [BugType]

BugType

Field Argument Type Description
state Int!
severity Int!
bugLevel Int!
id ID!
title String!
description String!
mitigation String!
stepsToReproduce String!
objectId Int
hash String
duplicate BugType
cwe [CWEType!]!
cve [CVEType!]!
cvss Float!
attackVector String
bugTags [TagType!]!
assignedTo [UserType!]!
organization TenantOrganizationType
asset AssetType
team TeamType
reportedBy UserType
dueDate DateTime
slaViolated Boolean!
hasUserDefinedDueDate Boolean!
exploitAvailable Boolean!
exploitInfo JSONString
patchAvailable Boolean!
patchInfo JSONString
prioritizationScore Float!
prioritizationScoreCalculated Boolean!
drillDownScore JSONString
connector ConnectorType
configurationName String
connectorConfig ConfigurationType
scan ScanLog
scannerRawResponse JSONString
vulnerableSince DateTime
engagement EngagementType
created DateTime!
updated DateTime!
originalBug [BugType!]!
ipaddress String
hostname String
macAddress String
os String

BulkBugAssignmentMutation

Field Argument Type Description
bugs [BugType]

BulkBugUnAssignmentMutation

Field Argument Type Description
bugs [BugType]

BulkDeleteAssetsMutation

Field Argument Type Description
assets [AssetType]

BulkDeleteBugMutation

Field Argument Type Description
bugs [BugType]

BulkDeleteGroupMutation

Field Argument Type Description
groups [GroupsType]

BulkDeleteOrgMemberRoleMutation

Field Argument Type Description
members [MemberType]

BulkDeleteTeamMemberRoleMutation

Field Argument Type Description
members [MemberType]

BulkLinkAssetsMutation

Field Argument Type Description
assets [AssetType]

BulkMergeAssetsMutation

Field Argument Type Description
assets [AssetType]

BulkUpdateAssetsMutation

Field Argument Type Description
assets [AssetType]

BulkUpdateBugCVEMutation

Field Argument Type Description
bugs [BugType]

BulkUpdateBugMutation

Field Argument Type Description
bugs [BugType]

BulkUpdateBugTagMutation

Field Argument Type Description
bugs [BugType]

BulkUpdateOrgMemberRoleMutation

Field Argument Type Description
users [MemberType]

BulkUpdateTeamMemberRoleMutation

Field Argument Type Description
users [MemberType]

UpdateEngagementMutation

Field Argument Type Description
engagement [EngagementType]

UpdateAssessmentMutation

Field Argument Type Description
assessment [AssessmentType]

BulkAssessmentMutation

Field Argument Type Description
assessment [AssessmentType]

CVEType

Field Argument Type Description
id ID!
title String!
description String!
cvssV2Data JSONString!
cvssV3Data JSONString!
cvss Float!
cveId String
cveTags [TagType!]!
relatedCwe [CWEType!]!
exploitAvailable Boolean!
exploitInfo JSONString!
patchAvailable Boolean!
patchInfo JSONString!
zeroDayAvailable Boolean!
isWormable Boolean!
tiRawResponse JSONString!
summary String!
published DateTime
lastModified DateTime
created DateTime!
updated DateTime!
bugCve [BugType!]!

CWEType

Field Argument Type Description
id ID!
cweId String
type String!
cweTags [CVEType!]!
bugCwe [BugType!]!

ConfigurationType

Field Argument Type Description
id ID!
name String!
connector ConnectorType
organization TenantOrganizationType
asset AssetType
team TeamType
objectId Int
key String
remoteAccessId UUID
remoteAccessUrl String
createdBy UserType
isDefault Boolean!
created DateTime!
updated DateTime!
extra JSONString
scanlogSet [ScanLog!]!
bugSet [BugType!]!

ConnectorType

Field Argument Type Description
id ID!
slug String!
name String!
description String
shortDescription String
usage String
image String!
link String!
type ParentConnectorsType!
isInternal Boolean!
isActive Boolean!
created DateTime!
updated DateTime!
configurationsSet [ConfigurationType!]!
parentConnector [BugType!]!

EngagementPaginatedType

Field Argument Type Description
page Int
totalPages Int
pageSize Int
totalCount Int
hasNext Boolean
hasPrev Boolean
objects [EngagementType]

EngagementType

Field Argument Type Description
id ID!
engagementCustomId Int
name String
securityPosture Int!
subscribedServices JSONString
checkedTermsAndConditions Boolean!
assessmentsCount Int
engagementCompletion Int
assessmentsPerService JSONString
engagementAssessment [AssessmentType!]!
createdBy ApprovalUserType
organization TenantOrganizationType
scheduledDate Date
deliveryDate Date
documents [AttachmentType!]!
created DateTime!
updated DateTime!
bugEngagement [BugType!]!
activityEngagement [EngagementActivityType!]!
commentsEngagement [EngagementCommentType!]!

EngagementActivityType

Field Argument Type Description
id ID!
data JSONString
action Int
user ApprovalUserType
team TeamType
bug BugType
asset AssetType
connectorConfig ConfigurationType
engagement EngagementType
connector ConnectorType
task ScanLog
approval ApprovalType
created DateTime!
updated DateTime!
commentSet [EngagementCommentType!]!

EngagementCommentPaginatedType

Field Argument Type Description
page Int
totalPages Int
pageSize Int
totalCount Int
hasNext Boolean
hasPrev Boolean
objects [EngagementCommentType]

EngagementCommentType

Field Argument Type Description
id ID!
comment String!
bug BugType
attachments [AttachmentType!]!
internal Boolean!
activity EngagementActivityType
commentedBy ApprovalUserType
connectorConfig ConfigurationType
connector ConnectorType
team TeamType
approval ApprovalType
engagement EngagementType
created DateTime!
updated DateTime!

AssessmentPaginatedType

Field Argument Type Description
page Int
totalPages Int
pageSize Int
totalCount Int
hasNext Boolean
hasPrev Boolean
objects [AssessmentType]

AssessmentType

Field Argument Type Description
id ID!
service String
package String
engagement EngagementType!
asset AssetType!
state Int!
scope String!
instructions String!
testAccounts String!
vpnAccounts String!
assignedTo [ApprovalUserType!]!
created DateTime!
updated DateTime!

ApprovalUserType

Field Argument Type Description
id ID!
email String!
firstName String!
lastName String!
isActive Boolean!
created DateTime!

ApprovalType

Field Argument Type Description
id ID!
vulnerability BugType
approvedBy MemberType
approvalState Int!
raisedBy MemberType
fromState String!
toState String!
isExpired Boolean!
created DateTime!
updated DateTime!
activityApproval [EngagementActivityType!]!
commentsApproval [EngagementCommentType!]!

AttachmentType

Field Argument Type Description
id ID!
attachment String
attachmentName String
attachmentSize Int
url String
bug BugType
attachedBy ApprovalUserType
created DateTime!
updated DateTime!
documentVault [EngagementType!]!
bugAttachments [BugType!]!
commentSet [EngagementCommentType!]!

GroupPaginatedType

Field Argument Type Description
page Int
totalPages Int
pageSize Int
totalCount Int
hasNext Boolean
hasPrev Boolean
objects [GroupsType]

GroupsType

Field Argument Type Description
id ID!
name String
organization TenantOrganizationType
assets [AssetType!]!
createdBy UserType
created DateTime!

MemberType

Field Argument Type Description
id ID!
user UserType
organization TenantOrganizationType!
role String

ScanLog

Field Argument Type Description
id ID!
config String
finished DateTime
connectorName String

TagType

Field Argument Type Description
id ID!
slug String
name String!
organization TenantOrganizationType
created DateTime!
updated DateTime!
assetTags [AssetType!]!
cveTags [CVEType!]!
bugTags [BugType!]!

TeamType

Field Argument Type Description
id ID!
name String!
organization TenantOrganizationType
created DateTime!
updated DateTime!
configurationTeam [ConfigurationType!]!
team [BugType!]!

TenantOrganizationType

Field Argument Type Description
schemaName String!
id ID!
name String!
isPrimary Boolean!
industry String!
members [UserType!]!
image String
employeeSize Int
purposeOfUse Int!
created DateTime!
updated DateTime!
organizationmemberSet [MemberType!]!
assetSet [AssetType!]!
groupSet [GroupsType!]!
teamSet [TeamType!]!
tagsSet [TagType!]!
engagementsSet [EngagementType!]!
configurationOrganization [ConfigurationType!]!
bugSet [BugType!]!
domain String
isVerified Boolean

UpdateGroupMutation

Field Argument Type Description
groups [GroupsType]

UserType

Field Argument Type Description
password String!
lastLogin DateTime
isSuperuser Boolean!

Designates that this user has all permissions without explicitly assigning them.
id ID!
email String!
firstName String!
lastName String!
created DateTime!
updated DateTime!
isSuperadmin Boolean!
isStaff Boolean!
isActive Boolean!

Designates whether this user should be treated as active. Un-select this instead of deleting accounts.
activationId UUID!
orgMembers [TenantOrganizationType!]!
organizationmemberSet [MemberType!]!
assetSet [AssetType!]!
groupSet [GroupsType!]!
engagementsSet [EngagementType!]!
configurationsSet [ConfigurationType!]!
assignedTo [BugType!]!
reportedBy [BugType!]!

Enums

ParentConnectorsType

An enumeration.

Value Description
A_0

Misc
A_1

SAST scanner
A_2

DAST scanner
A_3

Tracking
A_4

Notification
A_5

Import Report
A_6

Network scanner
A_7

Custom Connector
A_8

Asset Inventory
A_9

Cloud Integrations
A_10

Container Integrations
A_11

Import CSV
A_12

Export Report

Scalars

Boolean

The Boolean scalar type represents true or false.

DateTime

The DateTime scalar type represents a DateTime value as specified by iso8601.

Date

The Date scalar type represents a Date value as specified by iso8601.

Float

The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.

ID

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Int

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31 - 1) and 2^31 - 1 since represented in JSON as double-precision floating point numbers specifiedby IEEE 754.

JSONString

Allows use of a JSON String for input / output from the GraphQL schema.

Use of this type is not recommended as you lose the benefits of having a defined, static schema (one of the key benefits of GraphQL).

String

The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.

UUID

Leverages the internal Python implmeentation of UUID (uuid.UUID) to provide native UUID objects in fields, resolvers and input.

Mutations

Bug Creation

To create a new vulnerability in Strobes, use the bugCreate mutation. The fields you provide depend on the bug level:

Bug Types

  • Web: Vulnerabilities in web applications (e.g., XSS, SQL injection).

    • Can be part of asset type: Web Asset, Mobile Asset
    • Additional fields: web (affected_endpoints, request, response)

  • Code: Vulnerabilities in source code (e.g., buffer overflow, command injection).

    • Can be part of asset type: Web Asset, Mobile Asset
    • Additional fields: code (vulnerable_code, start_line_number, etc.)

  • Package: Vulnerabilities in third-party packages/dependencies.

    • Can be part of asset type: Web Asset, Mobile Asset
    • Additional fields: package (package_name, installed_version, etc.)

  • Cloud: Misconfigurations or vulnerabilities in cloud resources.

    • Can be part of asset type: Cloud Asset
    • Additional fields: cloud (cloud_type, region, other fields change based on cloud_type.)

  • Network: Vulnerabilities in network devices or protocols.

    • Can be part of asset type: Network Asset
    • Additional fields: network (port, cpe)

All bug types share these fields:

  • title (string): Concise title summarizing the vulnerability.
  • description (string): Detailed description of the vulnerability, impact, and exploitation.
  • organization_id (string): Your organization's unique ID.
  • bug_level (int): Type of bug (use Bug level choices: code, web, mobile, network, cloud, package).
  • mitigation (string): Recommended steps to fix the vulnerability.
  • steps_to_reproduce (string): Instructions to replicate the issue.
  • cwe_list (list of strings): List of relevant CWE IDs.
  • cve_list (list of strings): List of associated CVE IDs.
  • cvss (float): CVSS score indicating severity.
  • severity (int): Severity level (use Severity choices: info, low, medium, high, critical).
  • tags (list of strings): Tags for categorization.
  • selected_assets (list of integers): Asset IDs affected by the bug.
  • custom_fields (string): JSON string for additional custom fields.

Bug level choices

  • code = 1
  • web = 2
  • mobile = 3
  • network = 4
  • cloud = 5
  • package = 6

Severity choices

  • info = 1
  • low = 2
  • medium = 3
  • high = 4
  • critical = 5

Asset Creation

To create a new asset in Strobes, use the createAssest mutation.

Asset Types

  • Web Asset (type = 1):

    • Represents web applications or websites.
    • Required fields:
      • url: The URL of the web asset.

  • Mobile Asset (type = 2):

    • Represents mobile applications.
    • Required fields:
      • package: The package name or bundle ID of the mobile app.

  • Network Asset (type = 3):

    • Represents network devices or hosts.
    • Required fields:
      • Either ipaddress (for a single IP) or ipaddress_list (for multiple IPs).
    • Optional fields:
      • mac_address
      • hostname
      • os
      • cpe (Common Platform Enumeration)

  • Cloud Asset (type = 4):

    • Represents cloud resources.
    • Required fields:
      • cloud_type: The type of cloud provider (use StrobesGQLClient constants):
        • AWS = 2
        • Azure = 3
        • GCP = 4
        • others = 1 (for other cloud providers)

All asset types share these fields:

  • name (string): A descriptive name or identifier for the asset.
  • organization_id (string): The unique ID of your organization within Strobes.
  • sensitivity (int): An integer from 1 to 5 indicating the asset's sensitivity (5 being the most sensitive). This is a subjective assessment based on the potential impact of a security breach.
  • exposed (int): A binary value (0 or 1) indicating whether the asset is exposed to the internet (1) or internal only (0).
  • type (int): The type of asset:
    • 1: Web
    • 2: Mobile
    • 3: Network
    • 4: Cloud
  • tags (list of strings): A list of descriptive tags to help you categorize and search for assets.

Sensitivity choices

  • low = 1
  • medium = 2
  • high = 3
  • critical = 4

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Initial release Latest
Aug 25, 2024

Packages

No packages published

Contributors 2

  •  
  •  

Languages