Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
You can currently query the following attributes and connections on an Azure Security Assessment
query {
queryazureSecurityAssesment {
id
name
type
subscriptionId
region
resourceGroupId
resourceDetails {
id
source
serverName
databaseName
workspaceId
vmuuid
sourceComputerId
machineName
}
displayName
additionalData{
id
key
value
}
link
status {
code
cause
description
firstEvaluationDate
statusChangeDate
}
partnerName
metadata {
partnerName
displayName
policyDefinitionId
description
remediationDescription
categories
severity
userImpact
implementationEffort
threats
preview
assessmentType
}
}
}
Get data for a single Azure Security Assessment key that you know the ID for:
query {
getazureSecurityAssessment(id: "12345") {
id
}
}
Get data for all of the Security Assessments in a certain Azure subscription:
query {
queryazureSecurityAssessment(filter: { subscriptionId: { eq: "12345" } }) {
id
}
}
Get data for all of the Security Assessments that are NOT in a certain Azure subscription:
query {
queryazureSecurityAssessment(filter: { not: { subscriptionId: { eq: "12345" } } }) {
id
}
}
Get data for all of the Security Assessments that have additionalData:
query {
queryazureSecurityAssessment(filter: { has: additionalData }) {
id
}
}
You can order the results you get back either asc or desc depending on your preference:
query {
queryazureSecurityAssessment(order: { desc: name }) {
id
}
}
Only select and return the first two Security Assessments that are found:
query {
queryazureSecurityAssessment(first: 2, order: { desc: name }) {
id
}
}
Only select and return the first two Security Assessments that are found, but offset by one so keys two & three are returned:
query {
queryazureSecurityAssessment(first: 2, order: { desc: name }, offset: 1) {
id
}
}
Count the number of Security Assessments across all scanned Azure subscriptions:
query {
aggregateazureSecurityAssessment {
count
}
}
Count the number of Security Assessments in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:
query {
aggregateazureSecurityAssessment(filter: { subscriptionId: { eq: "12345" } }) {
count
}
}
Find all of the Security Assessments that are in the eastus region across all your accounts:
query {
queryazureSecurityAssessment(filter: { region: { eq: "eastus" } }) {
id
}
}
Putting it all together; get all data for all Security Assessments across all regions for all scanned Azure subscriptions in a single query. For the purposes of this example, we will only get direct children of the keys but if you want to it's easy to go to other resources as well
query {
queryazureSecurityAssesment {
id
name
type
subscriptionId
region
resourceGroupId
resourceDetails {
id
source
serverName
databaseName
workspaceId
vmuuid
sourceComputerId
machineName
}
displayName
additionalData{
id
key
value
}
link
status {
code
cause
description
firstEvaluationDate
statusChangeDate
}
partnerName
metadata {
partnerName
displayName
policyDefinitionId
description
remediationDescription
categories
severity
userImpact
implementationEffort
threats
preview
assessmentType
}
}
}
