Mutation

Mutation

Mutation

null

activateGrant ActiveGrant Activate a grant at the given resource. Optionally provide note, validFromTimestamp and validToTimestamp
addRolloutAccounts Rollout Add one or more accounts to a rollout with the given accounts.
attachBenchmarkObjectives PreventionBenchmark Attach objectives to a custom benchmark.
attachBenchmarks PreventionBenchmark Attach child benchmarks to a custom benchmark.
attachGuardrails Guardrail Attach the accounts to the guardrail.
attachPolicyPacks PolicyPack Attach the policy pack ids for the given resource.
attachSmartFolders SmartFolder Attach the smart folder ids for the given resource. This has been deprecated please use attachPolicyPacks.
createBenchmark PreventionBenchmark Create a custom benchmark.
createCloudTrailLakeIntegration CreateCloudTrailLakeIntegrationResult! Create a CloudTrail Lake SIEM integration, creating the resource and setting configuration policies in a single transaction.
createFavorite Favorite Create a favorite for the given resource. Optionally provide resources, level and notificationTypes
createGoogleDirectory Resource! Create a Google directory for searching in Turbot.
createGrant Grant Create a grant for the given type, level, resource and identity. Optionally provide note, validFromTimestamp and validToTimestamp
createGroupProfile Resource! Create a group profile.
createGuardrail Guardrail Create a guardrail for the given parent and with the given data. This has been deprecated please use createPolicyPack.
createLdapDirectory Resource! Create an LDAP directory for searching in Turbot.
createLocalDirectory Resource! Create a local directory for authentication in Turbot.
createLocalDirectoryUserPassword LocalDirectoryUserPassword! Create a password for the local directory user.
createPolicyPack PolicyPack Create a policy pack for the given parent and with the given data.
createPolicySetting PolicySetting Create a policy setting for the given type, resource and precedence. Provide the setting in either standard form (either value (as JSON) or valueSource (as YAML string), or as a calculated setting with inputTemplate (as YAML Nunjucks template) and optional input (as GraphQL query string). Optionally provide note, validFromTimestamp and validToTimestamp
createProfile Resource! Create a profile.
createProfileAccessKey ProfileAccessKey! Create an access key for the authenticated profile.
createProfileAwsAccessKey ProfileAwsAccessKey! Create profile AWS access key.
createProfileSshKey ProfileSshKey! save SSH public key`.
createResource Resource Create a resource for the given parent and type and with the given data. Optionally provide custom metadata, tags and akas
createRollout Rollout Create a rollout with the given data.
createSamlDirectory Resource! Create a SAML directory for authentication in Turbot.
createSmartFolder SmartFolder Create a smart folder for the given parent and with the given data. This has been deprecated please use createPolicyPack.
createSplunkIntegration CreateSplunkIntegrationResult! Create a Splunk SIEM integration, creating the resource and setting configuration policies in a single transaction.
createTurbotDirectory Resource! Create a Turbot directory for authentication in Turbot.
createWatch Watch Create a watch for the given resource. Optionally provide action and favorite
createWatchRule WatchRule Create a watch rule for the given watch. Optionally provide resource, level and notificationTypes
deactivateGrant ActiveGrant Deactivate a grant activation
deleteBenchmark PreventionBenchmark Delete a custom benchmark and its custom children recursively.
deleteFavorite Favorite Delete a favorite by id.
deleteGoogleDirectory Resource! Delete a Google directory.
deleteGrant Grant Delete the grant with the given id
deleteGroupProfile Resource! Delete a group profile.
deleteGuardrail Guardrail Delete a guardrail with the given id.
deleteLdapDirectory Resource! Delete an LDAP directory.
deleteLocalDirectory Resource! Delete a local directory.
deletePolicyPack Resource Delete the policy pack with the given id
deletePolicySetting PolicySetting Delete the policy setting with the given id
deleteProfile Resource! Delete a profile.
deleteProfileAccessKey ProfileAccessKey! Delete an access key by id.
deleteProfileAwsAccessKey ProfileAwsAccessKey! Delete profile AWS access key.
deleteProfileSshKey ProfileSshKey! Delete an SSH key by id.
deleteResource Resource Delete the resource with the given id
deleteRollout Rollout Delete a rollout along with its related events. This mutation permanently removes the rollout.
deleteSamlDirectory Resource! Delete a SAML directory.
deleteSmartFolder Resource Delete the smart folder with the given id. This has been deprecated please use deletePolicyPack.
deleteTurbotDirectory Resource! Delete a Turbot directory.
deleteWatch Watch Delete a watch by id.
deleteWatchRule WatchRule Delete a watch rule by id.
detachBenchmarkObjectives PreventionBenchmark Detach objectives from a custom benchmark.
detachBenchmarks PreventionBenchmark Detach child benchmarks from a custom benchmark.
detachGuardrails Guardrail Detach the guardrails from the resource.
detachPolicyPacks PolicyPack Detach the policy pack ids from the given resource.
detachSmartFolders SmartFolder Detach the smart folder ids from the given resource. This has been deprecated please use detachPolicyPacks.
importAnthropicOrganization ImportAnthropicOrganizationResult! Import an Anthropic organization atomically.
Creates the organization resource and sets credential policies in a single transaction.
Derives the organization id and name from /v1/organizations/me.
importAwsAccount ImportAwsAccountResult! Import an AWS account atomically, creating the resource and setting credential policies in a single transaction.
This replaces the multi-step createResource + createPolicySetting pattern.
importAwsOrganization ImportAwsOrganizationResult! Import an AWS Organization, creating the organization resource and configuring discovery policies.
Supports DISCOVER_ONLY (account resources only) or FULL_IMPORT (complete resource hierarchy) modes.
importAzureActiveDirectory ImportAzureActiveDirectoryResult! Import an Azure Active Directory (Entra ID) atomically, creating the directory resource and setting credential policies in a single transaction.
This replaces the multi-step createAzureActiveDirectorySubscription + setAzureActiveDirectoryPolicies pattern.
importAzureSubscription ImportAzureSubscriptionResult! Import an Azure subscription atomically, creating the resource and setting credential policies in a single transaction.
This replaces the multi-step createResource + createPolicySetting pattern.
importAzureTenant ImportAzureTenantResult! Import an Azure Tenant, creating the tenant resource and configuring discovery policies.
Supports discovery level configuration for subscriptions and management groups.
importGcpOrganization ImportGcpOrganizationResult! Import a GCP Organization, creating the organization resource and configuring discovery policies.
Supports discovery level configuration for projects and folders.
importGcpProject ImportGcpProjectResult! Import a GCP project atomically, creating the resource and setting credential policies in a single transaction.
This replaces the multi-step createResource + createPolicySetting pattern.
importGitHubOrganization ImportGitHubOrganizationResult! Import a GitHub organization atomically.
Creates the organization resource and sets credential policies in a single transaction.
importOciTenancy ImportOciTenancyResult! Import an OCI tenancy atomically.
Creates the tenancy resource and sets all credential policies (tenancyOcid, userOcid, fingerprint, privateKey, region).
importOpenaiOrganization ImportOpenaiOrganizationResult! Import an OpenAI organization atomically.
Creates the organization resource and sets credential policies in a single transaction.
importServiceNowInstance ImportServiceNowInstanceResult! Import a ServiceNow instance atomically.
Creates the instance resource and sets credential policies in a single transaction.
installMod Mod Install the mod for the given org and version, at the given parent
muteControl Control Mute a control on a given resource and controlType or controlId
pauseRolloutAccounts Rollout Pause an account in a rollout with the given account.
processHubData HubDataProcessResult Process an uploaded hub data archive (parse and write to all hives)
putPolicyPackAttachments PolicyPack Put the policy pack ids for the given resource.
putResource Resource Put the resource with the given id. Optionally provide new data, custom metadata, tags or akas
putSmartFolderAttachments SmartFolder Put the smart folder ids for the given resource. This has been deprecated please use putPolicyPackAttachments.
removeRolloutAccounts Rollout Remove one or more accounts from a rollout with the given accounts.
resumeRolloutAccounts Rollout Resume an account in a rollout with the given account.
rotateWorkspaceKey Scalar Rotate workspace encryption key. Please contact Turbot Support to perform this action
runAction Process Run the action with the given actionTypeId and resourceTypeId
runControl Process Run the control with the given id
runPolicy Process Run the policy with the given id
setBenchmarkChildOrder PreventionBenchmark Set the display order of child benchmarks.
terminateProcess Process Terminate the process with the given id
testAiConfiguration TestAiConfigurationResult! Test an AI provider configuration by making a minimal live call through the same SDK path
Guardrails uses at runtime. Validates the provider, model, API key and (when set) that a custom
endpoint is reachable from the Guardrails backend. Leave apiKey blank to reuse the saved secret.
testAnthropicConnectivity TestAnthropicConnectivityResult! Test Anthropic connectivity by verifying the admin API key can authenticate.
Probes GET /v1/organizations/me and returns the organization the key is bound to.
testAwsAccountConnectivity TestAwsAccountConnectivityResult! Test AWS account connectivity by verifying credentials work correctly.
Uses STS GetCallerIdentity to validate the credentials. Supports both direct role ARN
and account ID + role name (for organization member account testing).
testAwsCloudTrailLakeIntegration TestAwsCloudTrailLakeIntegrationResult! Test an AWS CloudTrail Lake integration by resolving credentials and running a simple test query against the Event Data Store.
testAwsOrganizationDiscovery TestAwsOrganizationDiscoveryResult! Test AWS Organization discovery by listing accounts and OUs using management account credentials.
Verifies the credentials can access AWS Organizations API.
testAzureActiveDirectoryConnectivity TestAzureActiveDirectoryConnectivityResult! Test Azure Active Directory (Entra ID) connectivity by verifying app registration credentials can access the directory via Microsoft Graph API.
testAzureOrganizationDiscovery TestAzureOrganizationDiscoveryResult! Test Azure organization discovery by listing subscriptions and management groups in a tenant.
Returns hierarchy information for building tree views.
testAzureSubscriptionConnectivity TestAzureSubscriptionConnectivityResult! Test Azure subscription connectivity by verifying app registration credentials can access the subscription.
testEntraIdConnectivity TestEntraIdConnectivityResult! Test Microsoft Entra ID connectivity by verifying the app registration can authenticate
and access the directory via Microsoft Graph API.
testEntraIdDirectoryDiscovery TestEntraIdDirectoryDiscoveryResult! Test Microsoft Entra ID directory discovery by listing directory information
and resource counts accessible with the app registration.
testGcpOrganizationDiscovery TestGcpOrganizationDiscoveryResult! Test GCP organization discovery by listing projects and folders in an organization.
Returns hierarchy information for building tree views.
testGcpProjectConnectivity TestGcpProjectConnectivityResult! Test GCP project connectivity by verifying service account credentials can access the project.
testGitHubConnectivity TestGitHubConnectivityResult! Test GitHub connectivity by verifying the token can authenticate.
Returns information about the authenticated user or app.
testGitHubOrganizationDiscovery TestGitHubOrganizationDiscoveryResult! Test GitHub organization discovery by listing organizations accessible with the token.
Optionally query a specific organization by login name.
testKubernetesClusterDiscovery TestKubernetesClusterDiscoveryResult! Test Kubernetes cluster discovery by listing namespaces, nodes, and pods
accessible with the bearer token.
testKubernetesConnectivity TestKubernetesConnectivityResult! Test Kubernetes cluster connectivity by verifying the bearer token can authenticate
and access the API server.
testOciConnectivity TestOciConnectivityResult! Test OCI connectivity by verifying API credentials can authenticate
and access the tenancy.
testOpenaiConnectivity TestOpenaiConnectivityResult! Test OpenAI connectivity by verifying the admin API key + organization id can authenticate.
Probes the projects-list endpoint because OpenAI does not expose a /me endpoint.
testServiceNowInstanceDiscovery TestServiceNowInstanceDiscoveryResult! Test ServiceNow instance discovery by listing instance information
and available applications/scopes.
testSplunkConnectivity TestSplunkConnectivityResult! Test Splunk connectivity by connecting to the server info endpoint with the provided credentials.
uninstallMod ModUninstallResult Uninstall an existing mod with the given id
unmuteControl Control Unmute a control on a given resource and controlType or controlId
updateAttachedGuardrailPhase Guardrail Update the phase for an attached guardrail on a given resource.
updateBenchmark PreventionBenchmark Update a custom benchmark.
updateCloudTrailLakeIntegration UpdateCloudTrailLakeIntegrationResult! Update an existing CloudTrail Lake SIEM integration's configuration policies.
updateGoogleDirectory Resource! Update a Google directory.
updateGrant Grant Update a grant with the given id. Optionally provide note, validFromTimestamp and validToTimestamp
updateGroupProfile Resource! Update a group profile.
updateGuardrail Guardrail Update an existing guardrail with the given properties.
updateLdapDirectory Resource! Update an LDAP directory.
updateLocalDirectory Resource! Update a local directory.
updateLocalDirectoryUserPassword LocalDirectoryUserPassword! Update the password for the local directory user.
updatePolicyPack PolicyPack Update a policy pack with the given id.
updatePolicySetting PolicySetting Update the policy setting with the given id. Provide the setting in either standard form (either value (as JSON) or valueSource (as YAML string), or as a calculated setting with inputTemplate (as YAML Nunjucks template) and optional input (as GraphQL query string). Optionally provide precedence, note, validFromTimestamp and validToTimestamp
updatePreventionObjective PreventionObjective Update the priority for a given objective.
updateProfile Resource! Update a profile.
updateProfileAccessKey ProfileAccessKey! Update an access key's status by id.
updateProfileAwsAccessKey ProfileAwsAccessKey! Update profile AWS access key.
updateProfileSshKey ProfileSshKey! Update an SSH key's status by id.
updateResource Resource Update the resource with the given id. Optionally provide a new parent, provide data updates, or update custom metadata, tags and akas
updateRollout Rollout Update a rollout with the given id.
updateSamlDirectory Resource! Update a SAML directory.
updateSmartFolder SmartFolder Update a smart folder with the given id.This has been deprecated please use updatePolicyPack.
updateSplunkIntegration UpdateSplunkIntegrationResult! Update an existing Splunk SIEM integration's resource data and configuration policies.
updateTurbotDirectory Resource! Update a Turbot directory.
updateWatch Watch Update a watch by id. Optionally provide action and favorite
updateWatchRule WatchRule Update a watch rule by id. Optionally provide resource, level and notificationTypes",
uploadHubData HubDataUploadResult Generate a presigned S3 URL for uploading hub data (docs, KB, policy packs)
uploadMod ModUploadResult Upload a local to mod with the given id
upsertResource Resource Upsert a resource for the given parent and type and with the given data. Optionally provide custom metadata, tags and akas. If akas are passed, the first one in the array will be used to look up if the resource already exists. If no akas are passed, the first resource type AKA metadata template will be rendered using the resource data and used to look up if the resource already exists