ENISA Reporting — GraphQL

The ENISA SRP module exposes a GraphQL query surface over the same relational store as the REST API. It is read-only and is a query projection — there is no separate graph database.

Endpoint: POST /api/v1/enisa/graphql (requires a FLEET API key with the enisa:read scope — GraphQL is read-only)
Playground: GET /api/v1/enisa/graphql/playground (public)

Queries

Field	Returns
`notifications`	All notification cases, newest first
`notification(id: UUID!)`	A single case (or `null`)
`notification.revisions`	The case’s full revision history (graph traversal)
`obligations`	The obligation matrix for the current schema version
`schemaVersion`	The current matrix / OpenAPI schema version

Examples

Traverse a case and its revisions

{
  notification(id: "00000000-0000-0000-0000-000000000000") {
    notificationType
    reporter
    revisions {
      stage
      title
      cveId
      vulnNature
      submittedAt
    }
  }
}

{
  "data": {
    "notification": {
      "notificationType": "VULNERABILITY",
      "reporter": "ACME CSIRT",
      "revisions": [
        { "stage": "EARLY_WARNING_24H", "title": "RCE in parser", "cveId": "CVE-2026-0001", "vulnNature": null },
        { "stage": "UPDATE_72H", "title": "RCE in parser", "cveId": "CVE-2026-0001", "vulnNature": "memory safety" }
      ]
    }
  }
}

Note the carried-forward title/cveId on the 72h revision.

List cases

{ notifications { id notificationType reporter createdAt } }

Inspect the obligation matrix

{
  schemaVersion
  obligations { notificationType fieldId stage obligation }
}

Enum values

GraphQL enum values are upper snake case:

notificationType: VULNERABILITY, INCIDENT
stage: EARLY_WARNING_24H, UPDATE_72H, FINAL
obligation: OBLIGATORY, COPIED, OPTIONAL, OBLIGATORY_IF_AVAILABLE, AUTOMATED

Authenticating from the playground

The playground page is public, but queries hit the protected endpoint. Add your key in the playground’s HTTP Headers panel:

{ "Authorization": "Bearer fleet_xxxxxxxx…" }