"""
The @beta directive is used within the type system definition language to indicate beta portions of a
GraphQL service's schema, such as beta fields, enum values, arguments or input fields.
"""
directive @beta on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE | OBJECT
"""
The @ga directive is used within the type system definition language to indicate GA portions of a
GraphQL service's schema, such as GA fields, enum values, arguments or input fields.
"""
directive @ga on FIELD_DEFINITION
"""
The @ea directive is used within the type system definition language to indicate EA portions of a
GraphQL service's schema.
"""
directive @ea on FIELD_DEFINITION
"""
The @rollout directive is used within the type system definition language to indicate portions of a
GraphQL service's schema that is gradually rolling out. This APIs will be available to all accounts after a few weeks.
"""
directive @rollout on FIELD_DEFINITION
type Query {
accountBySubdomain(
accountID: ID!
"""a list of required subdomains"""
subdomains: [String!]!
): [AccountDataPayload!] @ga
accountManagement(accountId: ID!): AccountManagementQueries
"""
The accountMetrics query helps you analyze the state and quality of the connections
of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS
tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics,
statics, and analytics for the account.
"""
accountMetrics(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
"""
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory.
"""
timeFrame: TimeFrame!
"""
When the boolean argument groupInterfaces is set to __true__, then the data for all the
interfaces are aggregated to a single interface.
"""
groupInterfaces: Boolean
"""
When the boolean argument groupDevices is set to __true__, then the analytics for all the
Sockets (usually two in high availability) are aggregated as one result.
For the best results for aggregated Sockets, we recommend that there is consistent
names and functionality (for example Destination) for the links on both Sockets.
"""
groupDevices: Boolean
): AccountMetrics @ga
accountRoles(accountID: ID!, accountType: AccountType): AccountRolesResult! @ga
"""
Current snapshot-based metrics that show near real‑time data for the account.
Provides analytics that are similar to the Topology page for the account.
"""
accountSnapshot(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
): AccountSnapshot @ga
admin(accountId: ID!, adminID: ID!): GetAdminPayload @ga
admins(accountID: ID!, limit: Int = 50, from: Int = 0, search: String = "", sort: [SortInput], adminIDs: [ID!]): AdminsResult @ga
"BETA"
appStats(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
postAggFilters: [AppStatsPostAggFilter!]
sort: [AppStatsSort!]
): AppStats @ga
"BETA"
appStatsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
): AppStatsTimeSeries @ga
"""Audit Feed for account changes"""
auditFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
ids: [ID!] @deprecated(reason: "by accountIDs")
timeFrame: TimeFrame!
filters: [AuditFieldFilterInput!]
"Marker to use to get results from"
marker: String
): AuditFeed @ga
catalogs(accountId: ID!): CatalogQueries
container(accountId: ID!): ContainerQueries
customAppData(accountId: ID!): CustomAppDataQueries!
devices(accountId: ID!): DevicesQueries! @beta
enterpriseDirectory(accountId: ID!): EnterpriseDirectoryQueries
"""Lookup entities with a specific type, potentially filtered and paged"""
entityLookup(
"""The account ID (or 0 for non-authenticated requests)"""
accountID: ID!
"""Type of entity to lookup for"""
type: EntityType!
"""Sets the maximum number of items to retrieve"""
limit: Int = 50
"""Sets the offset number of items (for paging)"""
from: Int = 0
"""
Return items under a parent entity (can be site, vpn user, etc),
used to filter for networks that belong to a specific site for example
"""
parent: EntityInput
"""
Adds additional search parameters for the lookup. Available options:
country lookup: "removeExcluded" to return only allowed countries
countryState lookup: country code ("US", "CN", etc) to get country's states
"""
search: String = ""
"""
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not
universally available, and may not be applicable specific Entity types. If used on non applicable entity
type, an error will be generated.
"""
entityIDs: [ID!]
"""
Adds additional sort criteria(s) for the lookup.
This option is not universally available, and may not be applicable specific Entity types.
"""
sort: [SortInput]
"""Custom filters for entityLookup"""
filters: [LookupFilterInput]
"""Additional helper fields"""
helperFields: [String!]
): EntityLookupResult! @ga
events(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
postAggFilters: [EventsPostAggFilter!]
sort: [EventsSort!]
): Events @ga
"""Event Feed for events paged by a topic partitions offsets marker"""
eventsFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
filters: [EventFeedFieldFilterInput!]
"Marker to use to get results from"
marker: String
): EventsFeedData @ga
eventsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
): EventsTimeSeries @ga
externalAccess(accountId: ID!): ExternalAccessQueries!
"""Fetch group configuration for your account"""
groups(accountId: ID!): GroupsQueries
hardware(accountId: ID!): HardwareQueries
"""Retrieve the account hardware inventory"""
hardwareManagement(accountId: ID!): HardwareManagementQueries
"""Retrieve the account(s) license inventory and license consumption"""
licensing(accountId: ID!): LicensingQueries
notification(accountId: ID!): NotificationSubscriptionQueries @ga
policy(accountId: ID!): PolicyQueries
popLocations(accountId: ID!): PopLocationQueries
sandbox(accountId: ID!): SandboxQueries @rollout
servicePrincipalAdmin(accountId: ID!, adminID: ID!): GetServicePrincipalAdminPayload @ga
site(accountId: ID!): SiteQueries!
"""
Provides historical metrics for physical and logical interfaces on Cato Sockets.
This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
"""
socketPortMetrics(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [SocketPortMetricsMeasure]
dimensions: [SocketPortMetricsDimension]
filters: [SocketPortMetricsFilter!]
postAggFilters: [SocketPortMetricsPostAggFilter!]
sort: [SocketPortMetricsSort!]
): SocketPortMetrics @ga
"""
Provides historical time series metrics for physical and logical interfaces on Cato Sockets.
This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
"""
socketPortMetricsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [SocketPortMetricsMeasure]
dimensions: [SocketPortMetricsDimension]
filters: [SocketPortMetricsFilter!]
): SocketPortMetricsTimeSeries @ga
"""
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
1. Regular account - Return only 1 subdomain relating to the regular account
2. Reseller account - Return all subdomains including the reseller account subdomain
3. Reseller account - Return only the reseller account subdomain
"""
subDomains(
"""Unique Identifier of Account"""
accountID: ID!
"""
When the boolean argument managedAccount is set to true (default), then the query returns all subdomains related to the account
"""
managedAccount: Boolean
): [SubDomain!]! @ga
xdr(accountID: ID!): XDR!
}
type Mutation {
accountManagement(accountId: ID!): AccountManagementMutations
admin(accountId: ID!): AdminMutations!
container(accountId: ID!): ContainerMutations
customAppData(accountId: ID!): CustomAppDataMutations!
enterpriseDirectory(accountId: ID!): EnterpriseDirectoryMutations
externalAccess(accountId: ID!): ExternalAccessMutations!
"""Mutations for creating, updating, or deleting groups"""
groups(accountId: ID!): GroupsMutations
hardware(accountId: ID!): HardwareMutations
licensing(accountId: ID!): LicensingMutations
notification(accountId: ID!): NotificationSubscriptionMutations @ga
policy(accountId: ID!): PolicyMutations
popLocationMutations(accountId: ID!): PopLocationMutations
sandbox(accountId: ID!): SandboxMutations @rollout
site(accountId: ID!): SiteMutations!
sites(accountId: ID!): SiteMutations! @deprecated(reason: "in favor of site")
xdr(accountId: ID!): XdrMutations!
}
"""
The `MicrosoftEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.
"""
type MicrosoftEndpoint implements Endpoint & MergedIncident {
alerts: [MicrosoftDefenderEndpointAlert!]!
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
device: MicrosoftDeviceDetails
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
firstSignal: DateTime!
id: ID!
indication: String!
lastSignal: DateTime!
muted: Boolean!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerName: String!
producerType: StoryProducerEnum!
queryName: String
research: Boolean
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
ticket: String
url: String
user: UserRef
vendor: VendorEnum
vendorStatus: DefenderIncidentStatus
}
"""
The `MicrosoftDeviceDetails` object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.
"""
type MicrosoftDeviceDetails implements DeviceDetails {
avStatus: DeviceAvStatusEnum
azureAdDeviceId: String
deviceName: String
externalIp: String
firstSeenDateTime: DateTime
healthStatus: DeviceHealthStatusEnum
id: ID!
ipInterfaces: [String!]!
localIp: String
loggedOnUsers: [EndpointUser!]!
onboardingStatus: OnboardingStatusEnum
osDetails: OsDetails
rbacGroup: RbacGroup
}
enum OnboardingStatusEnum {
CAN_BE_ONBOARDED
INSUFFICIENT_INFO
ONBOARDED
}
"""
The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.
"""
type MicrosoftEndpointUser implements EndpointUser {
accountName: String
domainName: String
id: ID!
name: String!
principalName: String
userSid: String
}
"""
The `MicrosoftDefenderEndpointAlert` object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.
"""
type MicrosoftDefenderEndpointAlert implements EndpointAlert {
activities: [MicrosoftActivity!]!
alertWebUrl: String
category: String
classification: AlertClassificationEnum
comments: [String!]!
createdDateTime: DateTime
criticality: Int
description: String
destinationIp: String
destinationUrl: String
detectionSource: DetectionSourceEnum
determination: AlertDeterminationEnum
externalIp: String
firstActivityDateTime: DateTime
id: ID!
lastActivityDateTime: DateTime
lastUpdateDateTime: DateTime
localIp: String
mitreSubTechnique: [Mitre!]!
mitreTechnique: [Mitre!]!
ownerName: String
providerAlertId: String
recommendedActions: String
resolvedDateTime: DateTime
resources: [MicrosoftEndpointResource!]!
status: MsAlertStatus
threatFamilyName: String
threatName: String
threatType: String
title: String
}
interface MicrosoftEndpointResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
tags: [String!]!
roles: [ResourceRoleEnum!]!
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.
"""
type MicrosoftProcessResource implements ProcessResource & MicrosoftEndpointResource & EndpointResource {
action: String
createdDateTime: DateTime
id: ID!
imageFile: FileDetails
processCommandLine: String
processId: Int!
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
userAccount: EndpointUser
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftFileResource` object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.
"""
type MicrosoftFileResource implements FileResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
detectionStatus: DetectionStatusEnum
fileDetails: FileDetails
id: ID!
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
"""
type MicrosoftRegistryResource implements RegistryResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
hive: String
id: ID!
key: String
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
value: String
valueName: String
valueType: String
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftNetworkResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
"""
type MicrosoftNetworkResource implements MicrosoftEndpointResource & NetworkResource & EndpointResource {
action: String
createdDateTime: DateTime
destinationIp: String
destinationPort: Int
dnsRequest: String
dnsResponse: String
id: ID!
method: String
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
sourcePort: Int
tags: [String!]!
url: String
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftActivity` object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.
"""
type MicrosoftActivity implements Activity {
action: String
firstActivityDateTime: DateTime
id: ID!
lastActivityDateTime: DateTime
parentResourceId: ID!
resourceId: ID!
}
type RbacGroup {
id: ID!
name: String
}
enum MsAlertStatus {
IN_PROGRESS
NEW
RESOLVED
}
enum DetectionSourceEnum {
ANTIVIRUS
APP_GOVERNANCE_DETECTION
APP_GOVERNANCE_POLICY
AUTOMATED_INVESTIGATION
AZURE_AD_IDENTITY_PROTECTION
CLOUD_APP_SECURITY
CUSTOM_DETECTION
CUSTOM_TI
MANUAL
MICROSOFT_DATA_LOSS_PREVENTION
MICROSOFT_DEFENDER_FOR_ENDPOINT
MICROSOFT_DEFENDER_FOR_IDENTITY
MICROSOFT_DEFENDER_FOR_OFFICE365
MICROSOFT_THREAT_EXPERTS
MICROSOFT365_DEFENDER
SMART_SCREEN
}
enum AlertClassificationEnum {
FALSE_POSITIVE
INFORMATIONAL_EXPECTED_ACTIVITY
TRUE_POSITIVE
}
enum AlertDeterminationEnum {
APT
COMPROMISED_ACCOUNT
CONFIRMED_ACTIVITY
LINE_OF_BUSINESS_APPLICATION
MALICIOUS_USER_ACTIVITY
MALWARE
MULTI_STAGED_ATTACK
NOT_ENOUGH_DATA_TO_VALIDATE
NOT_MALICIOUS
OTHER
PHISHING
SECURITY_PERSONNEL
SECURITY_TESTING
UNWANTED_SOFTWARE
}
enum MsResourceVerdictEnum {
Benign
Informational
Malicious
Suspicious
}
type XDR {
"""
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
"""
stories(input: StoryInput!): StoriesData @beta
"""
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
"""
story(storyId: ID, producer: StoryProducerEnum, incidentId: ID): Story @beta
}
type XdrMutations {
"""Post comments that help track the story investigation"""
addStoryComment(input: AddStoryCommentInput!): AddStoryCommentPayload @beta
"""
Manage Story Actions, such as the story Verdict, Type, and Classification. You can also enter Additional Info that is relevant to the story.
"""
analystFeedback(input: AnalystFeedbackInput!): AnalystFeedbackPayload @beta
"""Delete a previously posted comment using the comment ID."""
deleteStoryComment(input: DeleteStoryCommentInput!): DeleteStoryCommentPayload @beta
updateInvestigationDetails(input: UpdateInvestigationDetailsInput!): UpdateInvestigationDetailsPayload @beta
}
type InvestigationDetails {
investigationStatus: String
lastManagedComment: StoryComment
lastUserComment: StoryComment
managedServiceTicketLink: String
}
input UpdateInvestigationDetailsInput {
investigationStatus: String
managedServiceTicketLink: String
storyId: ID!
}
type UpdateInvestigationDetailsPayload {
investigationDetails: InvestigationDetails
}
type AnalystFeedbackPayload {
"""
Data related to the actions and information that an analyst adds to the XDR story
"""
story: Story
}
type AddStoryCommentPayload {
"""Add a new comment to the XDR story"""
comment: StoryComment!
}
type DeleteStoryCommentPayload {
"""Delete an existing comment from an XDR story"""
comment: StoryComment!
}
input AddStoryCommentInput {
"""The author of the comment"""
author: String
"""The relevant Story"""
storyId: ID!
"""Enter the text for the XDR story comment"""
text: String!
"""The comment type"""
type: CommentType = USER
}
input DeleteStoryCommentInput {
"""The comment ID"""
commentId: ID!
"""The relevant Story"""
storyId: ID!
}
type ThreatClassificationRef implements ObjectRef {
id: ID!
name: String!
}
type ThreatTypeRef implements ObjectRef {
id: ID!
name: String!
}
type AllowlistRuleRef implements ObjectRef {
id: ID!
name: String!
}
type ResponsePolicyRuleRef implements ObjectRef {
id: ID!
name: String!
}
input AnalystFeedbackInput {
"""
Free text for the analyst to enter additional information about the XDR story
"""
additionalInfo: String
"""Enum for analyst to assign the severity of a Malicious XDR story"""
severity: SeverityEnum
"""Enum for the current status of the XDR story."""
status: StoryStatusEnum
"""The relevant Story"""
storyId: ID!
"""
More detailed description of the type of threat. For example, the Anonymizer threatType can be assigned the Bitorrent Client threatClassification.
"""
threatClassification: String
"""Type of threat for the XDR story that is assigned by the analyst"""
threatType: StoryThreatType
"""Enum for analyst to assign the verdict of the XDR story"""
verdict: StoryVerdictEnum
}
input StoryThreatType {
details: String
name: String!
recommendedAction: String
}
enum StoryVerdictEnum {
Benign
Informational
Malicious
Suspicious
}
enum TargetType {
domain
fqdn
ip
url
}
input StoryInput {
filter: [StoryFilterInput!]!
paging: PagingInput!
sort: [StorySortInput!]
}
input StorySortInput {
fieldName: StorySortFieldName!
order: SortDirectionEnum
}
enum StorySortFieldName {
accountName
createdAt
criticality
engineType
firstSignal
producer
producerType
queryName
riskScore
severity
source
sourceIp
status
updatedAt
}
input StoryFilterInput {
accountId: AccountIdPredicate
criticality: IntPredicate
engineType: EngineTypePredicate
incidentId: StringPredicate
ioa: StringPredicate
muted: BooleanPredicate
producer: StoryProducerPredicate
producerType: StoryProducerPredicate
queryName: StringPredicate
severity: StorySeverityPredicate
source: StringPredicate
sourceIp: StringPredicate
status: StoryStatusPredicate
storyId: StoryIdPredicate
timeFrame: TimeFramePredicate!
vendor: VendorPredicate
verdict: StoryVerdictPredicate
}
input StoryVerdictPredicate {
in: [StoryVerdictEnum!]
not_in: [StoryVerdictEnum!]
}
input TimeFramePredicate {
time: TimeFrame!
timeFrameModifier: TimeFrameModifier
}
enum TimeFrameModifier {
AnalystUpdate
StoryCreate
StoryUpdate
}
input AccountIdPredicate {
in: [ID!]
not_in: [ID!]
}
input StoryIdPredicate {
in: [ID!]
not_in: [ID!]
}
input StorySeverityPredicate {
in: [SeverityEnum!]
not_in: [SeverityEnum!]
}
enum SeverityEnum {
High
Low
Medium
}
input StoryProducerPredicate {
in: [StoryProducerEnum!]
not_in: [StoryProducerEnum!]
}
input StoryStatusPredicate {
in: [StoryStatusEnum!]
not_in: [StoryStatusEnum!]
}
input IntPredicate {
eq: Int
gt: Int
gte: Int
in: [Int!]
lt: Int
lte: Int
not_in: [Int!]
}
input StringPredicate {
contains: String
in: [String]
not_in: [String]
}
input BooleanPredicate {
is: String!
}
input EngineTypePredicate {
in: [StoryEngineTypeEnum!]
not_in: [StoryEngineTypeEnum!]
}
input VendorPredicate {
in: [VendorEnum!]
not_in: [VendorEnum!]
}
enum SortDirectionEnum {
asc
desc
}
enum DefenderIncidentStatus {
ACTIVE
AWAITING_ACTION
IN_PROGRESS
REDIRECTED
RESOLVED
UNKNOWN
}
type StoriesData {
"""Fields returned from the Story query"""
items: [Story!]!
"""
Define the stories that are returned, similar to a page of stories in the Cato Management Application
"""
paging: Paging!
}
type Paging {
"""
Based on the filter and sort parameters, the first story that is returned
"""
from: Int!
"""
Based on the filter and sort parameters, the number of stories returned after the from. For example, the argument {from: 10, limit: 10} returns stories 10-20.
"""
limit: Int!
"""Total number of stories returned"""
total: Int!
}
type Story {
"""ID for your Cato account"""
accountId: Int!
"""Name of the account in the Cato Management Application"""
accountName: String
"""Email address of the analyst working on the story"""
analystEmail: String
"""Name of analyst working on the story"""
analystName: String
"""Timestamp when the story was created"""
createdAt: DateTime!
"""Unique Cato ID for each story"""
id: ID!
"""
Data related to the fields and incidents that were merged to create or update the story
"""
incident: MergedIncident!
investigationDetails: InvestigationDetails
"""
URL for the playbook in the Knowledge Base to help troubleshoot the story
"""
playbook: String
"""Summary of the story"""
summary: String
"""Data for the story timeline"""
timeline: [TimelineItem!]!
"""Timestamp when the story was most recently updated"""
updatedAt: DateTime!
}
enum StoryStatusEnum {
Closed
Monitoring
Open
PendingAnalysis
PendingMoreInfo
Reopened
}
"""For XDR stories, items that happened during the lifetime of the story"""
type TimelineItem {
"""Additional information about this timeline item"""
additionalInfo: String
"""Data about the analyst for this timeline item (ie. name, email)"""
analystInfo: AnalystInfo
"""Icon for the timeline item"""
category: TimelineItemCategoryEnum
"""
Brief summary of action related to the timeline item (ie. Story created, Status update to)
"""
context: String!
"""Timestamp the timeline item was created"""
createdAt: DateTime!
"""Description of the timeline item"""
description: String! @deprecated(reason: "use 'descriptions' instead")
"""Description of the timeline item"""
descriptions: [String!]!
"""Type of threat assigned by the analyst"""
type: TimelineTypeEnum!
}
type AnalystInfo {
"""Security analyst email address"""
email: String
"""Security analyst name"""
name: String
}
enum TimelineTypeEnum {
Action
Comment
Diff
}
enum TimelineItemCategoryEnum {
Error
Information
Warning
}
type StoryComment {
actor: ActorRef!
author: String
createdAt: Time!
id: ID!
text: String!
type: CommentType
}
enum CommentType {
MANAGED_SERVICE
USER
}
interface MergedIncident {
"""Unique Cato ID for each story"""
id: ID!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerType: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Connection for the incident"""
connectionType: ConnectionTypeEnum
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact)
For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""
For Network stories - The site where the network issue is occurring
For Security stories - IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""The ticket an analyst created for this story"""
ticket: String
"""Status for the story"""
status: StoryStatusEnum
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""For Security stories, description of the threat"""
description: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
"""Cato ID and name for the site"""
site: SiteRef
"""Cato ID and name for the user"""
user: UserRef
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
categories: [IncidentCategory!]!
entities: [IncidentEntity!]!
muted: Boolean!
}
type AnalystFeedbackThreatType {
details: String
name: String
recommendedAction: String
}
type AnalystFeedback {
additionalInfo: String
severity: SeverityEnum
threatClassification: String
threatType: AnalystFeedbackThreatType
verdict: StoryVerdictEnum
}
interface Anomalies implements MergedIncident {
id: ID!
firstSignal: DateTime!
lastSignal: DateTime!
engineType: StoryEngineTypeEnum
vendor: VendorEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerType: StoryProducerEnum!
producerName: String!
connectionType: ConnectionTypeEnum
indication: String!
queryName: String
source: String
criticality: Int
ticket: String
status: StoryStatusEnum
research: Boolean
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
storyDuration: Int
description: String
analystFeedback: AnalystFeedback
site: SiteRef
user: UserRef
sourceIp: String
similarStoriesData: [SimilarStoryData!]!
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
categories: [IncidentCategory!]!
entities: [IncidentEntity!]!
muted: Boolean!
direction: String
}
"""
The `AnomalyStats` object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.
"""
type AnomalyStats implements Anomalies & MergedIncident {
analystFeedback: AnalystFeedback
breakdownField: String
categories: [IncidentCategory!]!
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
drillDownFilter: [StoryDrillDownFilter!]
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
extra: [Extra!]
firstSignal: DateTime!
gaussian: Gaussian
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
metric: Metric
metricDetails: MetricDetails
mitres: [Mitre!]
muted: Boolean!
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerName: String!
producerType: StoryProducerEnum!
queryName: String
research: Boolean
rules: [String!]
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
subjectType: String
targets: [IncidentTargetRep!]!
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
"""
The `AnomalyEvents` object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.
"""
type AnomalyEvents implements Anomalies & MergedIncident {
analystFeedback: AnalystFeedback
breakdownField: String
categories: [IncidentCategory!]!
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
drillDownFilter: [StoryDrillDownFilter!]
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
extra: [Extra!]
firstSignal: DateTime!
gaussian: Gaussian
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
metric: Metric
metricDetails: MetricDetails
mitres: [Mitre!]
muted: Boolean!
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerName: String!
producerType: StoryProducerEnum!
queryName: String
research: Boolean
rules: [String!]
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
subjectType: String
targets: [IncidentTargetRep!]!
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
type Metric {
name: String!
value: Float!
}
type Gaussian {
avg: Float
n: Float
ss: Float
std: Float
z_score: Float
}
type Extra {
name: String!
type: String!
value: String!
}
type MetricDetails {
name: String!
units: String!
}
"""
The "Threat" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.
"""
type Threat implements MergedIncident {
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
"""Client Class for the traffic flow"""
clientClass: [String!]!
"""Connection for this incident"""
connectionType: ConnectionTypeEnum
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""Name of the device"""
deviceName: String
"""Traffic direction for the threat"""
direction: String
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
"""Data for the Cato event for this story"""
events: [Event!]
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""Data about the traffic flow for the threat"""
flows: [IncidentFlow!]
"""Cardinality of traffic flows for the threat"""
flowsCardinality: Int
"""Unique Cato ID for this threat"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Timestamp for the first incident signal related to this story"""
lastSignal: DateTime!
"""Username for the device"""
logonName: String
"""MAC address of the device"""
macAddress: String
"""Mitre data for the story (ie. ID, name)"""
mitres: [Mitre!]
muted: Boolean!
"""OS for device or host that is the threat target"""
os: String
"""Predicted threat type for the story based on Cato algorithm"""
predictedThreatType: String
"""Predicted verdict of the story based on Cato algorithm"""
predictedVerdict: StoryVerdictEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
producerType: StoryProducerEnum!
"""Category for the indication ID related to the story"""
queryName: String
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
"""The estimated risk level of the threat (ie. Malicious, High, Low)"""
riskLevel: RiskLevelEnum
"""Data for stories that are similar"""
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Cato ID for the site that is the source of the threat"""
srcSiteId: String
"""Status of this story"""
status: StoryStatusEnum
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""Data about the target of the threat"""
targets: [IncidentTargetRep!]!
"""The ticket an analyst created for this story"""
ticket: String
"""Timeseries data for the incident"""
timeSeries: [IncidentTimeseries!]
"""Cato ID and name for the user"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
}
"""
The `ThreatPrevention` object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.
"""
type ThreatPrevention implements MergedIncident {
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
events: [Event!]
firstSignal: DateTime!
flowsCardinality: Int
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
mitres: [Mitre!]
muted: Boolean!
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerName: String!
producerType: StoryProducerEnum!
queryName: String
research: Boolean
riskLevel: RiskLevelEnum
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
targets: [IncidentTargetRep!]!
threatPreventionsEvents: [ThreatPreventionEvents!]
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
type SimilarStoryData {
indication: String
similarityPercentage: Float
storyId: String
threatClassification: String
threatTypeName: String
verdict: String
}
type ThreatPreventionEvents {
appName: String
clientClass: String
createdAt: DateTime
destinationCountry: String
destinationGeolocation: String
destinationIp: String
destinationPort: Int
direction: String
dnsResponseIP: String
domain: String
fileHash: String
httpResponseCode: Int
ja3: String
method: String
referrer: String
smbFileName: String
sourceGeolocation: String
sourceIp: String
sourcePort: Int
target: String
tunnelGeolocation: String
url: String
user: String
userAgent: String
}
enum NetworkXDREventTypeEnum {
DEGRADED
INSIGHT
RESOLVED
}
enum LinkConfigPrecedenceEnum {
ACTIVE
LAST_RESORT
PASSIVE
}
enum LinkStatusEnum {
ACTIVE
PASSIVE
}
enum DeviceConfigHaRoleEnum {
PRIMARY
SECONDARY
}
enum DeviceHaRoleStateEnum {
BACKUP
MASTER
}
enum NetworkEventSourceEnum {
BGP_SESSION
DEVICE
HOST
ISP
LINK
POP
SITE
}
enum LinkQualityIssueTypeEnum {
CONGESTION
DISTANCE
JITTER
PACKET_LOSS
}
enum TrafficDirectionEnum {
DOWNSTREAM
UPSTREAM
}
type BGPConnection {
catoAsn: Asn16
catoIp: String
connectionName: String
peerAsn: Asn32
peerIp: String
}
type LinkQualityIssue {
current: Int
direction: TrafficDirectionEnum
issueType: LinkQualityIssueTypeEnum
threshold: Int
}
type NetworkTimelineEvent {
acknowledged: Boolean
bgpConnection: BGPConnection
created: DateTime!
description: String
deviceConfigHaRole: DeviceConfigHaRoleEnum
deviceHaRoleState: DeviceHaRoleStateEnum
eventIds: [String!]!
eventType: NetworkXDREventTypeEnum
hostIp: String
incidentId: String
isp: String
linkConfigBandwidth: String
linkConfigPrecedence: LinkConfigPrecedenceEnum
linkId: String
linkName: String
linkQualityIssue: LinkQualityIssue
linkStatus: LinkStatusEnum
muted: Boolean
networkEventSource: NetworkEventSourceEnum
pop: String
ruleName: String
socketSerialId: String
tunnelResetCount: Int
validated: DateTime!
}
enum IlmmOnboardingStatus {
COMPLETE
FAILED
MISSING
PENDING
}
type IspLoaFile {
fileHash: String
fileName: String
uploadedAt: Time
}
type IlmmContact {
email: String
name: String
phone: String
}
type IlmmLinkDetails {
activeLicense: Boolean
comments: String
description: String
ispLinkId: String
linkId: String
onboardingStatus: IlmmOnboardingStatus
}
type IlmmIspDetails {
countryCode: String
description: String
ispAccountId: String
loaFile: IspLoaFile
name: String
supportEmail: String
supportPhone: String
}
type IlmmDetails {
contacts: [IlmmContact!]
ispDetails: IlmmIspDetails
linkDetails: IlmmLinkDetails
}
"""
The `NetworkXDRIncident` object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.
"""
type NetworkXDRIncident implements MergedIncident {
acknowledged: Boolean
analystFeedback: AnalystFeedback
bgpConnection: BGPConnection
categories: [IncidentCategory!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceConfigHaRole: DeviceConfigHaRoleEnum
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
firstSignal: DateTime!
hostIp: String
id: ID!
ilmmDetails: IlmmDetails
indication: String!
isp: String
lastSignal: DateTime!
licenseBandwidth: String
licenseRegion: String
linkConfigPrecedence: LinkConfigPrecedenceEnum
linkId: String
linkName: String
muted: Boolean!
networkIncidentTimeline: [NetworkTimelineEvent!]!
occurrences: Int
pop: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerName: String!
producerType: StoryProducerEnum!
queryName: String
research: Boolean
ruleName: String
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteConfigLocation: String
siteConnectionType: String
siteName: String!
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
storyType: String!
ticket: String
user: UserRef
vendor: VendorEnum
}
type AiOperationsIncident implements MergedIncident {
accountOperationIncident: AccountOperationsIncident
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
eventsGraphQuery: EventsGraphQuery
firstSignal: DateTime!
flowLastTime: DateTime! @deprecated(reason: "use 'lastSignal' instead")
flowStartTime: DateTime! @deprecated(reason: "use 'firstSignal' instead")
id: ID!
indication: String!
ioa: String! @deprecated(reason: "'ioa' is deprecated, use 'indication' instead")
lastSignal: DateTime!
muted: Boolean!
occurrences: Int
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerName: String!
producerType: StoryProducerEnum!
queryName: String
research: Boolean
riskScore: Int! @deprecated(reason: "'riskScore' is deprecated, use 'criticality' instead")
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
ticket: String
type: AiOperationsIncidentTypeEnum
user: UserRef
vendor: VendorEnum
}
type EventsGraphQuery {
timeSeriesEvents: TimeSeriesEvents
type: GraphType!
}
enum GraphType {
ANALYTICS
}
type TimeSeriesEvents {
accountID: String!
buckets: Int!
dimensions: [GraphEventsDimension!]!
filters: [GraphEventsFilter!]!
measures: [GraphEventsMeasure!]!
timeFrame: TimeFrame!
}
type GraphEventsMeasure {
aggType: String!
fieldName: String!
trend: Boolean
}
type GraphEventsDimension {
fieldName: String!
}
type GraphEventsFilter {
fieldName: String!
operator: String!
values: [String!]!
}
type AccountOperationsIncident {
incidentTimeline: [AccountOperationsTimelineBase!]!
metadata: [AccountOperationsMetadata!]!
playbooks: [AiOperationsPlaybook!]!
}
interface AccountOperationsTimelineBase {
id: ID!
created: Time!
validated: Time!
description: String!
type: AccountOperationsTimelineType!
}
type AiOperationsPlaybook {
description: String!
link: String
title: String!
}
type AccountOperationsTimelineEvent implements AccountOperationsTimelineBase {
created: Time!
description: String!
eventIds: [String!]!
id: ID!
muted: Boolean!
type: AccountOperationsTimelineType!
validated: Time!
}
enum AccountOperationsTimelineType {
Action
Event
}
enum AiOperationsIncidentTypeEnum {
Account
}
type AccountOperationsMetadata {
key: String!
type: MetadataType!
value: String!
}
enum MetadataType {
TXT
}
enum ScanResult {
BYPASS_BY_CONTENT_RULE
BYPASS_BY_OTHER
BYPASS_BY_TYPE
CANCELLED
CLEAN
ENCRYPTED
VIRUS_FOUND
}
type Event {
action: String
appId: String
appName: String
dnsProtectionCategory: String
eventType: String
ruleId: String
scanResult: ScanResult
severity: String
signatureId: String
threatName: String
threatType: String
virusName: String
}
type Mitre {
id: String
name: String
}
type IncidentTargetRep {
analysisScore: Float
categories: String
catoPopularity: Int
countryOfRegistration: String
creationTime: DateTime
engines: Int
eventData: [Event!]!
infectionSource: Boolean
name: String
searchHits: String
threatFeeds: Int
threatReference: String
type: TargetType
}
type IncidentFlow {
appName: String
clientClass: String
createdAt: DateTime
destinationCountry: String
destinationGeolocation: String
destinationIp: String
destinationPort: Int
direction: String
dnsResponseIP: String
domain: String
fileHash: String
httpResponseCode: Int
ja3: String
method: String
referer: String
smbFileName: String
sourceGeolocation: String
sourceIp: String
sourcePort: Int
target: String
tunnelGeolocation: String
url: String
user: String
userAgent: String
}
type StoryDrillDownFilter {
name: String!
value: String! @deprecated(reason: "No longer supported")
values: [String!]!
}
enum RiskLevelEnum {
Benign
High
Inconclusive
Low
Malicious
Medium
nan
}
enum StoryProducerEnum {
AnomalyEvents
AnomalyExperience
AnomalyStats
CatoEndpointAlert
EntraIdAlert
MicrosoftEndpointDefender
NetworkMonitor @deprecated(reason: "No longer supported")
"""The producer of the Site Operations stories"""
NetworkXDR
ThreatHunt
ThreatPrevention
}
enum StoryEngineTypeEnum {
ANOMALY
ENDPOINT
IDENTITY
NETWORK
THREAT
}
enum VendorEnum {
CATO
MICROSOFT
}
enum ConnectionTypeEnum {
Host
Site
User
}
type IncidentTimeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"whether to normalize the data into per second (i.e. divide by granularity)"
perSecond: Boolean = true
): [[Float!]]
"""The parameter by which the timeseries data is grouped"""
groupBy: String
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
key: TimeseriesKey
"Indicates the type of the timeseries"
label: String!
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
}
enum IncidentCategory {
OPERATIONAL
OTHER
SECURITY
}
type IncidentEntity {
data: [IncidentEntityData!]!
kind: String
ref: ObjectRef!
role: String
type: String
}
type IncidentEntityData {
fieldName: String!
values: [String!]!
}
type DataQuery {
buckets: Int
dataSource: DataSourceEnum
fields: [String!]!
filters: [QueryParameter!]!
measures: [MeasuresParameters!]!
}
enum DataSourceEnum {
AppStats
AppStatsTimeSeries
ConnectivityStats
ConnectivityStatsTimeSeries
DeviceHardwareMetrics
Events
EventsList
EventsTimeSeries
HardwareMetricsTimeSeries
LmmTimeSeries
}
type MeasuresParameters {
aggType: String
fieldName: String
unitType: MeasuresUnitType
}
enum MeasuresUnitType {
BITS_PER_SECOND
COUNT
MILLISECONDS
PERCENTAGE
}
type QueryParameter {
name: String
operator: String
value: String
values: [String!]!
}
type UnknownEntityRef implements ObjectRef {
id: ID!
name: String!
}
type GenericIncident implements MergedIncident {
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
"""Connection for the incident"""
connectionType: ConnectionTypeEnum
"""
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact)
For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""For Security stories, description of the threat"""
description: String
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
evidences: [GenericIncidentEvidence!]!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""Unique Cato ID for each story"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
mitres: [Mitre!]
muted: Boolean!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
producerType: StoryProducerEnum!
queries: [DataQuery!]!
"""Category for the indication ID related to the story"""
queryName: String
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
For Network stories - The site where the network issue is occurring
For Security stories - IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Status for the story"""
status: StoryStatusEnum
statusInfo: GenericIncidentStatusInfo
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""The ticket an analyst created for this story"""
ticket: String
"""Cato ID and name for the user"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
vendorInfo: GenericIncidentVendorInfo
}
type GenericIncidentVendorInfo {
engineType: String
incidentUrl: String
name: String
product: String
status: String
}
type GenericIncidentStatusInfo {
classification: String
incidentStatus: String
verdict: StoryVerdictEnum
}
type GenericIncidentEvidence {
data: [GenericIncidentEvidenceData!]!
type: GenericIncidentEvidenceType!
value: String
}
type GenericIncidentEvidenceData {
fieldName: String!
values: [String!]!
}
enum GenericIncidentEvidenceType {
CONFIG
DOMAIN
EMAIL
FILE
HASH
IP
MAILBOX
METRIC
OTHER
URL
}
interface Endpoint implements MergedIncident {
"""Unique Cato ID for the story"""
id: ID!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
"""
Enum for the Producer (specific XDR engine and service) involved with the incident
"""
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
producerType: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Enum for the connection for this incident (ie. site, host, user)"""
connectionType: ConnectionTypeEnum
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
criticality: Int
ticket: String
status: StoryStatusEnum
research: Boolean
siteName: String
storyDuration: Int
description: String
sourceIp: String
analystFeedback: AnalystFeedback
site: SiteRef
user: UserRef
similarStoriesData: [SimilarStoryData!]!
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
categories: [IncidentCategory!]!
entities: [IncidentEntity!]!
muted: Boolean!
device: DeviceDetails
alerts: [EndpointAlert!]!
}
interface EndpointAlert {
id: ID!
title: String
description: String
threatName: String
mitreTechnique: [Mitre!]!
mitreSubTechnique: [Mitre!]!
createdDateTime: DateTime
resources: [EndpointResource!]!
activities: [Activity!]!
criticality: Int
externalIp: String
localIp: String
}
interface Activity {
id: ID!
resourceId: ID!
parentResourceId: ID!
}
interface DeviceDetails {
id: ID!
deviceName: String
osDetails: OsDetails
loggedOnUsers: [EndpointUser!]!
externalIp: String
localIp: String
}
type OsDetails {
osBuild: Int
osType: String!
osVersion: String
}
interface EndpointUser {
id: ID!
name: String!
}
enum ResourceRoleEnum {
ADDED
ATTACKED
ATTACKER
COMMAND_AND_CONTROL
COMPROMISED
CONTEXTUAL
CREATED
DESTINATION
EDITED
LOADED
POLICY_VIOLATOR
SCANNED
SOURCE
SUSPICIOUS
}
enum RemediationStatusEnum {
BLOCKED
CLEAN
DELETED
DELETED_REBOOT
DISABLED
DISINFECT_FAILED
DISINFECTED
INFECTED
MOVED
MOVED_REBOOT
NOT_FOUND
NOT_STARTED
PASSWORD_PROTECTED
PREVENTED
REBOOT_REQUIRED
REMEDIATED
SCAN_FAILED
SUCCESS
SUSPICIOUS
UNKNOWN
}
enum DeviceHealthStatusEnum {
ACTIVE
IMPAIRED_COMMUNICATION
INACTIVE
NO_SENSOR_DATA
NO_SENSOR_DATA_IMPAIRED_COMMUNICATION
}
enum DeviceAvStatusEnum {
DISABLED
NOT_REPORTING
NOT_UPDATED
UPDATED
}
interface EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
}
interface ProcessResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
processId: Int!
processCommandLine: String
imageFile: FileDetails
userAccount: EndpointUser
}
interface FileResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
fileDetails: FileDetails
detectionStatus: DetectionStatusEnum
}
interface RegistryResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
hive: String
key: String
value: String
valueName: String
valueType: String
}
type FileDetails {
issuer: String
md5: String
name: String
path: String
publisher: String
sha1: String
sha256: String
signer: String
size: Int
}
enum DetectionStatusEnum {
BLOCKED
DETECTED
PREVENTED
}
interface NetworkResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
dnsRequest: String
dnsResponse: String
destinationIp: String
destinationPort: Int
sourcePort: Int
url: String
method: String
}
"""
The `CatoEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.
"""
type CatoEndpoint implements Endpoint & MergedIncident {
"""Details for the threat detected by the EPP"""
alerts: [CatoEndpointAlert!]!
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
"""enum for the connection for this incident (ie. host, user)"""
connectionType: ConnectionTypeEnum
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""Details for the EPP device (ie. device name, OS, MAC address)"""
device: CatoEndpointDeviceDetails
"""enum that shows XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""ID for the Endpoint Protection story"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
muted: Boolean!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
"""
enum for the Producer (specific XDR engine or service) involved with the incident
"""
producer: StoryProducerEnum! @deprecated(reason: "use 'producerType' instead")
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
producerType: StoryProducerEnum!
""""""
queryName: String
"""
TRUE indicates that the story is currently being researched by Security Analysts
"""
research: Boolean
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
Source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Enum for the status of this story (ie. Open, Closed, Monitoring)"""
status: StoryStatusEnum
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""The ticket for this story"""
ticket: String
"""Cato ID and name for the site"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
}
enum CatoEndpointEngineType {
AntiMalware
Behavioral
}
"""
The `CatoEndpointDeviceDetails` object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.
"""
type CatoEndpointDeviceDetails implements DeviceDetails {
"""Name of the device"""
deviceName: String
externalIp: String
"""Unique Cato ID for this story"""
id: ID!
localIp: String
"""Data for one or more users logged in to the device"""
loggedOnUsers: [EndpointUser!]!
"""MAC address of the device"""
macAddress: String
"""OS data (ie. type, build, version)"""
osDetails: OsDetails
}
"""
The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.
"""
type CatoEndpointUser implements EndpointUser {
"""ID for the user"""
id: ID!
"""Username for the user whose activity generated the indication"""
name: String!
}
"""
The `CatoEndpointAlert` object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.
"""
type CatoEndpointAlert implements EndpointAlert {
"""Unique Cato IDs for the activities related to the alert"""
activities: [CatoActivity!]!
"""Timestamp that the threat was detected and the alert generated"""
createdDateTime: DateTime
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""EPP profile that is assigned to this device"""
endpointProtectionProfile: String
"""Enum for the EPP engine related to this story"""
engineType: CatoEndpointEngineType
externalIp: String
"""Unique Cato ID for the Endpoint Protection story"""
id: ID!
localIp: String
"""MITRE ATT&CK® sub-technique for the threat"""
mitreSubTechnique: [Mitre!]!
"""MITRE ATT&CK® technique for the threat"""
mitreTechnique: [Mitre!]!
"""Data for the remediation status of the alert"""
resources: [CatoResource!]!
"""Enum for the remediation status of the EPP alert"""
status: RemediationStatusEnum
"""Name of threat detected on the device"""
threatName: String
"""Title of the endpoint alert"""
title: String
}
interface CatoResource implements EndpointResource {
"""Unique Cato ID for this EPP resource"""
id: ID!
"""Timestamp that the this resource was used"""
createdDateTime: DateTime
"""Enum for the remediation status associated with this resource"""
remediationStatus: RemediationStatusEnum
}
"""
The `CatoProcessResource` is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.
"""
type CatoProcessResource implements ProcessResource & CatoResource & EndpointResource {
"""Timestamp that the this resource was used"""
createdDateTime: DateTime
"""Unique Cato ID for this resource"""
id: ID!
"""Details of the file related to this process"""
imageFile: FileDetails
"""CLI command related to this process"""
processCommandLine: String
"""ID for the process"""
processId: Int!
"""Enum for the remediation status associated with this resource"""
remediationStatus: RemediationStatusEnum
"""User account related to this process"""
userAccount: EndpointUser
}
"""
The `CatoFileResource` is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.
"""
type CatoFileResource implements FileResource & CatoResource & EndpointResource {
"""Timestamp that the this file resource was used"""
createdDateTime: DateTime
"""Enum for the detection status of this file resource"""
detectionStatus: DetectionStatusEnum
"""Details of the file related to this resource"""
fileDetails: FileDetails
"""Unique Cato ID for this file resource"""
id: ID!
"""Enum for the remediation status associated with this file resource"""
remediationStatus: RemediationStatusEnum
}
"""
CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.
"""
type CatoActivity implements Activity {
"""Unique Cato ID for this activity"""
id: ID!
"""
Unique Cato ID for the preceding resource (process or file) in the alert
"""
parentResourceId: ID!
"""
Unique Cato ID for the resource (process or file) involved in the alert
"""
resourceId: ID!
}
type SiteMutations {
"""Adds a new BGP peer to the specified site."""
addBgpPeer(input: AddBgpPeerInput!): AddBgpPeerPayload @beta
"""
Add a new physical connection to a cloud interconnect site.Either connect to a partner, or a non-supported public provider
"""
addCloudInterconnectPhysicalConnection(input: AddCloudInterconnectPhysicalConnectionInput!): AddCloudInterconnectPhysicalConnectionPayload @beta
"""Add a new cloud interconnect site."""
addCloudInterconnectSite(input: AddCloudInterconnectSiteInput!): AddCloudInterconnectSitePayload @beta
addIpsecIkeV2Site(input: AddIpsecIkeV2SiteInput!): AddIpsecIkeV2SitePayload @beta
addIpsecIkeV2SiteTunnels(siteId: ID!, input: AddIpsecIkeV2SiteTunnelsInput!): AddIpsecIkeV2SiteTunnelsPayload @beta
addNetworkRange(lanSocketInterfaceId: ID!, input: AddNetworkRangeInput!): AddNetworkRangePayload @ga
"""Add a secondary AWS vSocket to an existing site"""
addSecondaryAwsVSocket(input: AddSecondaryAwsVSocketInput!): AddSecondaryAwsVSocketPayload @beta
"""Add a secondary Azure vSocket to an existing site"""
addSecondaryAzureVSocket(input: AddSecondaryAzureVSocketInput!): AddSecondaryAzureVSocketPayload @beta
addSecondaryGcpVSocket(input: AddSecondaryGcpVSocketInput!): AddSecondaryGcpVSocketPayload @rollout @beta
addSocketAddOnCard(input: AddSocketAddOnCardInput!): AddSocketAddOnCardPayload @rollout @beta
addSocketSite(input: AddSocketSiteInput!): AddSocketSitePayload @ga
addStaticHost(siteId: ID!, input: AddStaticHostInput!): AddStaticHostPayload @ga
"""
Assign a license to an existing site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
assignSiteBwLicense(input: AssignSiteBwLicenseInput!): AssignSiteBwLicensePayload @beta
"""
Exchanges two socket ports on a site by swapping their interface assignments.
"""
exchangeSocketPorts(input: ExchangeSocketPortsInput!): ExchangeSocketPortsPayload @beta
"""Removes an existing BGP peer configuration from a site."""
removeBgpPeer(input: RemoveBgpPeerInput!): RemoveBgpPeerPayload @beta
"""Remove a physical connection from a cloud interconnect site."""
removeCloudInterconnectPhysicalConnection(input: RemoveCloudInterconnectPhysicalConnectionInput!): RemoveCloudInterconnectPhysicalConnectionPayload @beta
removeIpsecIkeV2SiteTunnels(siteId: ID!, input: RemoveIpsecIkeV2SiteTunnelsInput!): RemoveIpsecIkeV2SiteTunnelsPayload @beta
removeNetworkRange(networkRangeId: ID!): RemoveNetworkRangePayload @ga
"""Remove the secondary AWS vSocket from an existing site"""
removeSecondaryAwsVSocket(socketId: ID!): RemoveSecondaryAwsVSocketPayload @beta
"""Remove the secondary Azure vSocket from an existing site"""
removeSecondaryAzureVSocket(socketId: ID!): RemoveSecondaryAzureVSocketPayload @beta
removeSecondaryGcpVSocket(input: RemoveSecondaryGcpVSocketInput!): RemoveSecondaryGcpVSocketPayload @rollout @beta
removeSite(siteId: ID!): RemoveSitePayload @ga
"""
Remove a license from a site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
removeSiteBwLicense(input: RemoveSiteBwLicenseInput!): RemoveSiteBwLicensePayload @beta
removeSocketAddOnCard(input: RemoveSocketAddOnCardInput!): RemoveSocketAddOnCardPayload @beta
removeStaticHost(hostId: ID!): RemoveStaticHostPayload @ga
"""
Replace an existing license of a site. This API is used to make sure the site
will always have a license to avoid traffic drop for sites without licenses. // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
replaceSiteBwLicense(input: ReplaceSiteBwLicenseInput!): ReplaceSiteBwLicensePayload @beta
"""
Requests an upgrade for multiple sites to specific versions.
Returns the result of the request.
"""
startSiteUpgrade(input: StartSiteUpgradeInput!): StartSiteUpgradePayload @rollout @beta
"""Updates an existing BGP peer configuration."""
updateBgpPeer(input: UpdateBgpPeerInput!): UpdateBgpPeerPayload @beta
"""Update an existing physical connection at a cloud interconnect site."""
updateCloudInterconnectPhysicalConnection(input: UpdateCloudInterconnectPhysicalConnectionInput!): UpdateCloudInterconnectPhysicalConnectionPayload @beta
updateHa(siteId: ID!, input: UpdateHaInput!): UpdateHaPayload @ga
updateIpsecIkeV2SiteGeneralDetails(siteId: ID!, input: UpdateIpsecIkeV2SiteGeneralDetailsInput!): UpdateIpsecIkeV2SiteGeneralDetailsPayload @beta
updateIpsecIkeV2SiteTunnels(siteId: ID!, input: UpdateIpsecIkeV2SiteTunnelsInput!): UpdateIpsecIkeV2SiteTunnelsPayload @beta
updateNetworkRange(networkRangeId: ID!, input: UpdateNetworkRangeInput!): UpdateNetworkRangePayload @ga
"""Update the secondary AWS vSocket from in an existing site"""
updateSecondaryAwsVSocket(input: UpdateSecondaryAwsVSocketInput!): UpdateSecondaryAwsVSocketPayload @beta
"""Update the secondary Azure vSocket in an existing site"""
updateSecondaryAzureVSocket(input: UpdateSecondaryAzureVSocketInput!): UpdateSecondaryAzureVSocketPayload @beta
updateSecondaryGcpVSocket(input: UpdateSecondaryGcpVSocketInput!): UpdateSecondaryGcpVSocketPayload @rollout @beta
"""Update backhauling configuration for a site."""
updateSiteBackhauling(input: UpdateSiteBackhaulingInput!): UpdateSiteBackhaulingPayload @beta
"""
Update the bandwidth allocation of an assigned pool license of an existing site (does not apply for site license allocation) // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
updateSiteBwLicense(input: UpdateSiteBwLicenseInput!): UpdateSiteBwLicensePayload @beta
updateSiteGeneralDetails(siteId: ID!, input: UpdateSiteGeneralDetailsInput!): UpdateSiteGeneralDetailsPayload @ga
updateSiteSocketConfiguration(input: UpdateSiteSocketConfigurationInput!): UpdateSiteSocketConfigurationPayload @beta
updateSocketInterface(siteId: ID!, socketInterfaceId: SocketInterfaceIDEnum!, input: UpdateSocketInterfaceInput!): UpdateSocketInterfacePayload @ga
updateStaticHost(hostId: ID!, input: UpdateStaticHostInput!): UpdateStaticHostPayload @ga
}
type SiteQueries {
"""Retrieves available socket versions for the specified platforms."""
availableVersionList(input: AvailableVersionListInput!): AvailableVersionListPayload @rollout @beta
"""Retrieves details of a specific BGP peer by reference."""
bgpPeer(input: BgpPeerRefInput!): BgpPeer @beta
"""Retrieves a list of all BGP peers associated with the specified site."""
bgpPeerList(input: BgpPeerListInput!): BgpPeerListPayload @beta
"""
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
"""
cloudInterconnectConnectionConnectivity(input: CloudInterconnectConnectionConnectivityInput!): CloudInterconnectConnectionConnectivity @beta
"""Get details of a physical connection at a cloud interconnect site."""
cloudInterconnectPhysicalConnection(input: CloudInterconnectPhysicalConnectionInput!): CloudInterconnectPhysicalConnection @beta
"""Get the ID of a physical connection at a cloud interconnect site."""
cloudInterconnectPhysicalConnectionId(input: CloudInterconnectPhysicalConnectionIdInput!): CloudInterconnectPhysicalConnectionId @beta
"""
Retrieve the VLAN IDs that are already in use at a specific POP. This API is only applicable for reseller accounts with private POPs.
"""
retrieveUsedVlanIDs(input: RetrieveUsedVlanIDsInput!): RetrieveUsedVlanIDsPayload @beta
"""Retrieves details of a specific secondary AWS vSocket."""
secondaryAwsVSocket(socketId: ID!): SecondaryAwsVSocket @beta
"""Retrieves details of a specific secondary Azure vSocket."""
secondaryAzureVSocket(socketId: ID!): SecondaryAzureVSocket @beta
secondaryGcpVSocket(input: SecondaryGcpVSocketInput!): SecondaryGcpVSocketPayload @rollout @beta
"""Fetch backhauling configuration for a site."""
siteBackhauling(site: SiteRefInput!): SiteBackhaulingPayload @beta
"""
Provides the BGP status of the specified site, including session and route details.
"""
siteBgpStatus(input: SiteBgpStatusInput!): SiteBgpStatus @beta
siteGeneralDetails(site: SiteRefInput!): SiteGeneralDetailsPayload @beta
siteSocketConfiguration(input: SiteSocketConfigurationInput!): SiteSocketConfiguration @beta
}
input AddSecondaryAwsVSocketInput {
"""The IP address of LAN interface"""
eniIpAddress: IPAddress!
"""The subnet of the LAN interface"""
eniIpSubnet: NetworkSubnet!
"""The ID of the LAN route table"""
routeTableId: String!
"""
Information about the site where the secondary AWS VSocket is being added.
"""
site: SiteRefInput!
}
input AddSecondaryAzureVSocketInput {
"""The floating IP address"""
floatingIp: IPAddress!
"""The IP address of the interface"""
interfaceIp: IPAddress!
"""
Information about the site where the secondary Azure VSocket is being added.
"""
site: SiteRefInput!
}
type AddSecondaryAwsVSocketPayload {
"""The secondary socket id"""
id: ID!
}
type AddSecondaryAzureVSocketPayload {
"""The secondary socket id"""
id: ID!
}
type RemoveSecondaryAwsVSocketPayload {
secondaryAwsVSocket: SecondaryAwsVSocket!
}
type RemoveSecondaryAzureVSocketPayload {
secondaryAzureVSocket: SecondaryAzureVSocket!
}
type SecondaryAzureVSocket {
"""The floating IP address"""
floatingIp: IPAddress!
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the interface"""
interfaceIp: IPAddress!
"""
Information about the site where the secondary Azure vSocket is being added.
"""
site: SiteRef!
}
type SecondaryAwsVSocket {
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the secondary vSocket"""
ipAddress: IPAddress!
"""The ID of the secondary vSocket route table"""
routeTableId: String!
"""Site associated with this secondary vSocket."""
site: SiteRef!
"""The subnet of the secondary vSocket"""
subnet: NetworkSubnet!
}
input UpdateSecondaryAzureVSocketInput {
"""The floating IP address"""
floatingIp: IPAddress
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the interface"""
interfaceIp: IPAddress
}
type UpdateSecondaryAzureVSocketPayload {
"""The updated secondary Azure vSocket object."""
secondaryAzureVSocket: SecondaryAzureVSocket!
}
input UpdateSecondaryAwsVSocketInput {
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the secondary vSocket"""
ipAddress: IPAddress
"""The ID of the secondary vSocket route table"""
routeTableId: String
"""The subnet of the secondary vSocket"""
subnet: NetworkSubnet
}
type UpdateSecondaryAwsVSocketPayload {
"""The updated secondary AWS vSocket object."""
secondaryAwsVSocket: SecondaryAwsVSocket!
}
input ExchangeSocketPortsInput {
"""The first socket interface to swap."""
firstInterface: SocketInterfaceRefInput!
"""The second socket interface to swap."""
secondInterface: SocketInterfaceRefInput!
"""The site where the ports are exchanged."""
site: SiteRefInput!
}
"""Reference to a socket interface within a site."""
input SocketInterfaceRefInput {
"""Interface identifier (e.g., WAN1, LAN1, USB1)."""
interfaceId: SocketInterfaceIDEnum!
}
type ExchangeSocketPortsPayload {
"""The updated socket interfaces after the exchange."""
interfaces: [ExchangedSocketInterface!]!
}
"""Minimal socket interface data returned after an exchange."""
type ExchangedSocketInterface {
interfaceId: SocketInterfaceIDEnum!
name: String!
}
enum SocketPortMetricsFieldName {
"Unique identifier of the account that owns the site."
account_id
"Total bytes received downstream (from the network to the device)."
bytes_downstream
"Combined total of upstream and downstream bytes."
bytes_total
"Total bytes sent upstream (from the device to the network)."
bytes_upstream
"Reference Signal Received Power – measures LTE/5G signal strength (dBm)."
cellular_rsrp
"Reference Signal Received Quality – a key LTE/5G metric for link quality (dB)."
cellular_rsrq
"Received Signal Strength Indicator – legacy strength metric (dBm)."
cellular_rssi
"Generic signal strength indicator (often maps to bars or percentage)."
cellular_signal_strength
"Signal to Interference + Noise Ratio – LTE/5G metric for signal clarity (dB)."
cellular_sinr
"Unique identifier of the Socket (Cato edge device)."
device_id
"Indicates the high-availability (HA) role of the device (e.g., active, standby)."
ha_role
"Type of physical interface (e.g., ethernet, cellular)."
physical_interface_type
"SIM card number (for cellular interfaces)."
sim_num
"Unique identifier of the site where the socket is deployed."
site_id
"Human-readable name of the site."
site_name
"The name or ID of the physical or logical interface on the Socket device (e.g., eth0, cell1)."
socket_interface
"Describes the interface role such as primary, backup, cellular, or none."
socket_interface_role
"Current download throughput in Mbps."
throughput_downstream
"Current upload throughput in Mbps."
throughput_upstream
"Type of transport used by the interface (e.g., wired, lte, 5g, wifi)."
transport_type
}
type SocketPortMetrics {
from: DateTime
id: ID
records(limit: Int, from: Int): [SocketPortMetricsRecord!]
to: DateTime
total: Int
totals: Map
}
type SocketPortMetricsRecord {
fields: [SocketPortMetricsField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
prevTimeFrame: Map
trends: Map
}
type SocketPortMetricsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
type SocketPortMetricsField {
name: SocketPortMetricsFieldName!
value: Value!
}
input SocketPortMetricsMeasure {
aggType: AggregationType!
fieldName: SocketPortMetricsFieldName!
trend: Boolean
}
input SocketPortMetricsDimension {
fieldName: SocketPortMetricsFieldName!
}
input SocketPortMetricsFilter {
fieldName: SocketPortMetricsFieldName!
operator: FilterOperator!
values: [String!]!
}
input SocketPortMetricsPostAggFilter {
aggType: AggregationType!
filter: SocketPortMetricsFilter!
}
input SocketPortMetricsSort {
fieldName: SocketPortMetricsFieldName!
order: DirectionEnum!
}
input UpdateSiteSocketConfigurationInput {
"""Configuration for the primary Socket of the site."""
primarySocketConfiguration: SocketConfigurationInput
"""Configuration for the secondary Socket of the site."""
secondarySocketConfiguration: SocketConfigurationInput
"""Identifies the site."""
site: SiteRefInput!
}
input SocketConfigurationInput {
"""A description for the Socket."""
description: String
}
input SiteSocketConfigurationInput {
"""Identifies the site."""
site: SiteRefInput!
}
type SocketConfiguration {
"""A description for the Socket."""
description: String
}
type UpdateSiteSocketConfigurationPayload {
"""The updated Socket configuration for the site."""
siteSocketConfiguration: SiteSocketConfiguration!
}
type SiteSocketConfiguration {
"""Configuration for the primary Socket of the site."""
primarySocketConfiguration: SocketConfiguration!
"""Configuration for the secondary Socket of the site."""
secondarySocketConfiguration: SocketConfiguration
}
input AddSocketSiteInput {
""""""
connectionType: SiteConnectionTypeEnum! = SOCKET_X1500
description: String
"""The name of the site"""
name: String!
"""The native range of the site"""
nativeNetworkRange: IPSubnet!
"""The location of the site"""
siteLocation: AddSiteLocationInput!
"""Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER."""
siteType: SiteType! = BRANCH
translatedSubnet: IPSubnet
"""VLAN ID for native range"""
vlan: Vlan
}
input AddSiteLocationInput {
"""optional address"""
address: String
"""city name, must belong to the country or country and state"""
city: String
"""country code"""
countryCode: String!
"""optional state code"""
stateCode: String
"""time zone"""
timezone: String!
}
input UpdateSocketInterfaceInput {
"""Only relevant for ALTERNATIVE, LAYER_2_WAN"""
altWan: SocketInterfaceAltWanInput
"""Only relevant for CATO, ALTERNATIVE, LAYER_2_WAN"""
bandwidth: SocketInterfaceBandwidthInput
destType: SocketInterfaceDestType!
"""Only relevant for LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP"""
lag: SocketInterfaceLagInput
"""
Only relevant for LAN, VRRP_AND_LAN, LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP
"""
lan: SocketInterfaceLanInput
name: String
"""Only relevant for CATO"""
offCloud: SocketInterfaceOffCloudInput
"""Only relevant for VRRP"""
vrrp: SocketInterfaceVrrpInput
"""Only relevant for CATO"""
wan: SocketInterfaceWanInput
}
type UpdateSocketInterfacePayload {
siteId: ID!
socketInterfaceId: SocketInterfaceIDEnum!
}
input SocketInterfaceBandwidthInput {
downstreamBandwidth: Int
downstreamBandwidthMbpsPrecision: Float @beta
upstreamBandwidth: Int
upstreamBandwidthMbpsPrecision: Float @beta
}
input SocketInterfaceWanInput {
precedence: SocketInterfacePrecedenceEnum!
role: SocketInterfaceRole!
}
input SocketInterfaceLanInput {
localIp: IPAddress!
subnet: IPSubnet!
translatedSubnet: IPSubnet
}
input SocketInterfaceOffCloudInput {
enabled: Boolean!
publicIp: IPAddress
publicStaticPort: Int
}
input SocketInterfaceAltWanInput {
privateGatewayIp: IPAddress!
privateInterfaceIp: IPAddress!
privateNetwork: IPSubnet!
privateVlanTag: Int
publicGatewayIp: IPAddress
publicInterfaceIp: IPAddress
publicNetwork: IPSubnet
publicVlanTag: Int
}
input SocketInterfaceLagInput {
minLinks: Int!
}
input SocketInterfaceVrrpInput {
vrrpType: VrrpType
}
input AddNetworkRangeInput {
"""Only relevant for AZURE HA sites"""
azureFloatingIp: IPAddress
"""Only relevant for NATIVE, VLAN rangeType"""
dhcpSettings: NetworkDhcpSettingsInput
"""Only relevant for ROUTED_ROUTE rangeType"""
gateway: IPAddress
internetOnly: Boolean
"""
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
"""
localIp: IPAddress
"""BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType"""
mdnsReflector: Boolean
name: String!
rangeType: SubnetType!
subnet: IPSubnet!
translatedSubnet: IPSubnet
"""Only relevant for VLAN network rangeType"""
vlan: Int
}
input UpdateNetworkRangeInput {
"""Only relevant for AZURE HA sites"""
azureFloatingIp: IPAddress
"""Only relevant for NATIVE, VLAN rangeType"""
dhcpSettings: NetworkDhcpSettingsInput
"""Only relevant for ROUTED_ROUTE rangeType"""
gateway: IPAddress
internetOnly: Boolean
"""
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
"""
localIp: IPAddress
"""BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType"""
mdnsReflector: Boolean
name: String
rangeType: SubnetType
subnet: IPSubnet
translatedSubnet: IPSubnet
"""Only relevant for NATIVE and VLAN network rangeType"""
vlan: Int
}
input NetworkDhcpSettingsInput {
"""Only relevant for DHCP range"""
dhcpMicrosegmentation: Boolean
dhcpType: DhcpType!
ipRange: IPRange
relayGroupId: ID
}
input UpdateHaInput {
primaryManagementIp: IPAddress
secondaryManagementIp: IPAddress
vrid: Int
}
input AddStaticHostInput {
ip: IPAddress!
macAddress: String
name: String!
}
input UpdateStaticHostInput {
ip: IPAddress
macAddress: String
name: String
}
type RemoveSitePayload {
siteId: ID!
}
type AddSocketSitePayload {
siteId: ID!
}
type AddNetworkRangePayload {
networkRangeId: ID!
}
type UpdateNetworkRangePayload {
networkRangeId: ID!
}
type RemoveNetworkRangePayload {
networkRangeId: ID!
}
type UpdateHaPayload {
siteId: ID!
}
type AddStaticHostPayload {
hostId: ID!
}
type UpdateStaticHostPayload {
hostId: ID!
}
type RemoveStaticHostPayload {
hostId: ID!
}
enum SocketInterfacePrecedenceEnum {
ACTIVE
LAST_RESORT
PASSIVE
}
enum SiteConnectionTypeEnum {
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
SOCKET_GCP1500
SOCKET_X1500
SOCKET_X1600
SOCKET_X1600_LTE
SOCKET_X1700
}
enum HaRole {
PRIMARY
SECONDARY
}
"""A from-to range (used for DHCP range, for example)"""
scalar IPRange
"""
Enter the time frame for the data that the query returns.
The argument is in the format \.\ This argument is mandatory.
These are the supported options to define the time frame:
last.\ - The value for the last type is according to ISO-8601 and returns data
for the previous specific times. For example:
timeFrame = last.PT5M shows the previous 5 minutes
timeFrame = last.PT2H shows the previous 2 hours
timeFrame = last.P1D shows the previous 1 day
timeFrame = last.P3M shows the previous 3 months
timeFrame = last.P1Y shows the previous 1 year
utc.\ - The time frame combines a start and end date in the format YY-MM-DD/hh:mm:ss
according to the specified time zone. You must enter all the date and time values for the argument. For example:
timeFrame = utc.2020-02-{11/04:50:00--21/04:50:00} shows 10 days of analytics data from February 11, 2020 4:50:00 am to February 21, 2020 4:50:00 am
timeFrame = utc.2020-02-11/{04:50:15--16:50:15} shows 12 hours of analytics data on February 11, 2020, from 4:50:15 am to 16:50:15 pm
timeFrame = utc.2020-{02-11/04:50:00--04-11/04:50:00} shows 2 months of analytics data from February 11, 2020 4:50:00 am to April 11 4:50:00 am
timeFrame = utc.{2019-10-01/04:50:00--2020/02-01/04:50:00} shows 4 months of analytics data from October 1, 2019 4:50:00 am to February 11 4:50:00 am
This format lets you configure a time frame the includes more than one calendar year
"""
scalar TimeFrame
"""File upload - https://gqlgen.com/reference/file-upload/"""
scalar Upload
enum UnitType {
bits
"""Bits per second"""
bps
bytes
"""Bytes per second"""
bytesPerSec
"""The number of occurrences for this unit"""
count
ms
none
packets
percent
"""health analytics for the site"""
score
"""
For metrics that are measured in seconds, such as tunnelAge, the number of seconds
"""
seconds
}
enum AggregationType {
any
avg
changes
count
count_distinct
distinct
max
min
sum
uniq_set
}
enum DirectionEnum {
asc
desc
}
enum FilterOperator {
between
exists
gt
gte
in
is
is_not
lt
lte
not_between
not_exists
not_in
}
type RBACRole {
description: String
id: ID!
isPredefined: Boolean!
name: String!
}
type AdminRole {
allowedAccounts: [ID!]
allowedEntities: [Entity!]
role: RBACRole!
}
type PolicyMutations {
antiMalwareFileHash(input: AntiMalwareFileHashPolicyMutationInput): AntiMalwareFileHashPolicyMutations
applicationControl(input: ApplicationControlPolicyMutationInput): ApplicationControlPolicyMutations
appTenantRestriction(input: AppTenantRestrictionPolicyMutationInput): AppTenantRestrictionPolicyMutations
clientConnectivity(input: ClientConnectivityPolicyMutationInput): ClientConnectivityPolicyMutations
dynamicIpAllocation(input: DynamicIpAllocationPolicyMutationInput): DynamicIpAllocationPolicyMutations
internetFirewall(input: InternetFirewallPolicyMutationInput): InternetFirewallPolicyMutations
remotePortFwd(input: RemotePortFwdPolicyMutationInput): RemotePortFwdPolicyMutations
socketBypass(input: SocketBypassPolicyMutationInput): SocketBypassPolicyMutations
socketLan(input: SocketLanPolicyMutationInput): SocketLanPolicyMutations
splitTunnel(input: SplitTunnelPolicyMutationInput): SplitTunnelPolicyMutations
terminalServer(input: TerminalServerPolicyMutationInput): TerminalServerPolicyMutations
tlsInspect(input: TlsInspectPolicyMutationInput): TlsInspectPolicyMutations
wanFirewall(input: WanFirewallPolicyMutationInput): WanFirewallPolicyMutations
wanNetwork(input: WanNetworkPolicyMutationInput): WanNetworkPolicyMutations
ztnaAlwaysOn(input: ZtnaAlwaysOnPolicyMutationInput): ZtnaAlwaysOnPolicyMutations
}
type AccountMetrics {
"""Starting time"""
from: DateTime
"""The size of a single time bucket in seconds"""
granularity: Int
"""Unique Identifier of Account."""
id: ID
"""Site connectivity metrics for the requested sites."""
sites(
"""
A list of unique IDs for each site. If specified, only sites in this list are returned. Otherwise, all sites are returned.
"""
siteIDs: [ID!]
ids: [String!] @deprecated(reason: "by siteIDs")
): [SiteMetrics!]
timeseries(
labels: [TimeseriesMetricType!]
"number of buckets, defaults to 10, max 1000"
buckets: Int
): [Timeseries!]
"""Ending time"""
to: DateTime
"""
Connectivity metrics for the requested users connecting remotely with the Client.
Doesn’t include user traffic behind a site.
"""
users(
"""
A list of unique IDs for each user. If specified, only users in this list are returned. Otherwise, no user metrics are returned.
"""
userIDs: [ID!]
): [SiteMetrics!]
}
type InterfaceMetrics {
"""Time stamp annotation that shows a time increment for a GUI"""
annotations(types: [String!]): [TimeAnnotation!]
"""
Basic configuration information about the Socket interface . Applicable only for site
"""
interfaceInfo: InterfaceInfo
"""
Data related to IPsec sites, such as IKE version . Applicable only for site
"""
ipsecInfo: IPSecInfo
"""Traffic data for the link"""
metrics(
"Normalize collected metrics as per-second values"
toRate: Boolean = false
): Metrics
"""Link name in the Cato Management Application"""
name: String
"""object that is a specific time duration"""
periods: [TimePeriod!]
"""IP address the ISP allocates to the WAN link"""
remoteIP: String
"""Data related to the link IP address, such as country code"""
remoteIPInfo: IPInfo
"""
Data related to Socket and vSocket sites, such as serial number and Socket version. Applicable only for site
"""
socketInfo: SocketInfo
"""
For site metrics, timeseries info field will include: siteID, interfaceName, for last mile metrics it will also
include the destination last mile check
"""
timeseries(buckets: Int, labels: [TimeseriesMetricType!]): [Timeseries!]
}
type SiteMetrics {
"""
Timeseries with the number of flows (connections) in the site. Applicable only for site
"""
flowCount: Timeseries
"""
Timeseries with the number of hosts in the site. Applicable only for site
"""
hostCount: Timeseries
"""
Timeseries with the configurable limit of the number of hosts in the site. Applicable only for site
"""
hostLimit: Timeseries
"""Site ID"""
id: ID
"""
Shows general information about the site (array with nested fields). Applicable only for site
"""
info: SiteInfo
"""Analytics that are returned for the links for a site"""
interfaces: [InterfaceMetrics!]
"""Traffic metrics and data for sites"""
metrics(
"Normalize collected metrics as per-second values"
toRate: Boolean = false
): Metrics
"""Site names"""
name: String
samples: Int @deprecated(reason: "internal use")
}
type Timeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"whether to normalize the data into per second (i.e. divide by granularity)"
perSecond: Boolean = true
"If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1"
withMissingData: Boolean = false
"In case we want to have the default size bucket (from properties)"
useDefaultSizeBucket: Boolean = false
): [[Float!]]
"List of dimension values for this timeseries"
dimensions: [DimensionData!]
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
"Timeseries key: measure and dimension values"
key: TimeseriesKey
"Indicates the type of the timeseries"
label: String!
"""Summary of the metrics over the given time frame"""
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
}
"""An object for marking specific events in time."""
type TimeAnnotation {
"""Description of the event"""
label: String!
"""Brief description of the event"""
shortLabel: String!
"""Timestamp of the event"""
time: Float!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: AnnotationType!
}
"""An object for marking durations!"""
type TimePeriod {
"""
An tuple of two numbers representing start time, end time in ms since epoch, start bucket index, end bucket index
"""
duration: [Float!]!
"""Label that describes the metrics"""
title: String!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: PeriodType!
}
enum TimeseriesMetricType {
"""Total avg downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream
"""Total max downstream traffic (from the site to the Cato Cloud)"""
bytesDownstreamMax
"""Total number of bytes of upstream and downstream traffic"""
bytesTotal
"""Total avg upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream
"""Total max upstream traffic (from the site to the Cato Cloud)"""
bytesUpstreamMax
"""Health analytics for the site"""
health @deprecated(reason: "No longer supported")
"""
Jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream
"""
Jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream
"""
Latency from socket directly to a well known global service, not through Cato. This is used to measure last
mile provider's performance, independent of the service.
"""
lastMileLatency
"""
Packet loss from socket directly to a well known global services, not through Cato This is used to measure last
mile provider's performance, independent of the service.
"""
lastMilePacketLoss
"""Number of packets lost for downstream traffic"""
lostDownstream
"""Percent of packet loss for downstream traffic"""
lostDownstreamPcnt
"""Number of packets lost for upstream traffic"""
lostUpstream
"""Percent of packet loss for upstream traffic"""
lostUpstreamPcnt
"""Total packets discarded for downstream traffic"""
packetsDiscardedDownstream
"""Percent packets discarded for downstream traffic"""
packetsDiscardedDownstreamPcnt
"""Total packets discarded for upstream traffic"""
packetsDiscardedUpstream
"""Percent packets discarded for upstream traffic"""
packetsDiscardedUpstreamPcnt
"""Total downstream packets"""
packetsDownstream
"""Total upstream packets"""
packetsUpstream
"""Round-trip time from the Socket to the Cato Cloud"""
rtt
"The age of the physical tunnel in milliseconds (It is zeroed even on transparent reconnect)"
tunnelAge
}
enum PeriodType {
"traffic was seen"
active
"some packets were discarded after queue timeout"
congested
"unspecified period type"
generic
"multiple last mile destinations measured large latency (greater than 500ms)"
lastmileLatency
"multiple last mile destinations measured packet loss"
lastmilePacketLoss
"missing data"
missingData
"some packets were queued"
overlowed
"packet loss connectivity issue"
packetLoss
"interface in standby mode"
passiveLink
"period connected to specific pop instance"
pop
}
enum AnnotationType {
"""Other events that are included in annotations"""
generic
"""The site connects to a different PoP"""
popChange
"""The ISP IP address (remote IP) changed"""
remoteIPChange
"""Change for HA status role"""
roleChange
}
type DimensionData {
"Type of the dimension"
label: String!
"String value of the dimension"
value: String
}
type TimeseriesKey {
"List of dimension key-value pair for this timeseries key"
dimensions: [DimensionKey!]
"Measure field"
measureFieldName: String!
}
type DimensionKey {
"Dimension field"
fieldName: String!
"String value of the dimension"
value: String
}
type EventRecord {
"fields in map format (see Map scalar)"
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
time: DateTime
}
type EventsFeedAccountRecords {
errorString: String
id: ID
records(fieldNames: [EventFieldName!]): [EventRecord!]
}
type EventsFeedData {
accounts: [EventsFeedAccountRecords]
fetchedCount: Int!
marker: String
}
input EventFeedFieldFilterInput {
fieldName: EventFeedFilterFieldName!
"Use event_type and event_sub_type for events"
operator: EventFeedFilterOperator!
values: [String!]
}
"""Search operators on Event Feed"""
enum EventFeedFilterOperator {
in
is
is_not
not_in
}
enum EventFeedFilterFieldName {
"Sub-type for Routing, Security, Connectivity, System or Sockets Management event"
event_sub_type
"Routing, Security, Connectivity, System or Sockets Management event"
event_type
}
input AddIpsecIkeV2SiteInput {
description: String
"""The name of the site"""
name: String!
"""The native range of the site"""
nativeNetworkRange: IPSubnet!
"""The location of the site"""
siteLocation: AddSiteLocationInput!
"""Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER."""
siteType: SiteType! = BRANCH
"""VLAN ID for native range"""
vlan: Vlan
}
input UpdateIpsecIkeV2SiteGeneralDetailsInput {
"""The auth message parameters."""
authMessage: IpsecIkeV2MessageInput
"""
Determines the protocol for establishing the Security Association (SA) Tunnel. Valid values are:
Responder-Only Mode: Cato Cloud only responds to incoming requests by the initiator (e.g. a Firewall device) to establish a security association.
Bidirectional Mode: Both Cato Cloud and the peer device on customer site can initiate the IPSec SA establishment.
"""
connectionMode: ConnectionMode
"""
The authentication identification type used for SA authentication. When using “BIDIRECTIONAL”, it is set to “IPv4” by default. Other methods are available in Responder mode only.
"""
identificationType: IdentificationType
"""The init message parameters"""
initMessage: IpsecIkeV2MessageInput
"""The local IP ranges for the SAs"""
networkRanges: [IPSubnet]
}
input IpsecIkeV2MessageInput {
"""
The SA tunnel encryption method. Note: For situations where GCM isn’t supported for the INIT phase, we recommend that you use the CBC algorithm for the INIT phase, and GCM for AUTH
"""
cipher: IpSecCipher
"""
The Diffie-Hellman Group. The first number is the DH-group number, and the second number is the corresponding prime modulus size in bits
"""
dhGroup: IpSecDHGroup
"""
The algorithm used to verify the integrity and authenticity of IPsec packets
"""
integrity: IpSecHash
"""
The Pseudo-random function (PRF) used to derive the cryptographic keys used in the SA establishment process
"""
prf: IpSecHash
}
input LastMileBwInput {
"""
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth.
"""
downstream: Int
"""
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps with single decimal precision. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth.
"""
downstreamMbpsPrecision: Float
"""
The maximum upstream bandwidth, in Mbps. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud.
"""
upstream: Int
"""
The maximum upstream bandwidth, in Mbps with single decimal precision. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud.
"""
upstreamMbpsPrecision: Float
}
input AddIpsecIkeV2TunnelInput {
"""
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
"""
lastMileBw: LastMileBwInput
"""Tunnel name"""
name: String
"""
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateCatoIp: IPAddress
"""
Site private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateSiteIp: IPAddress
"""Pre-shared key. This field is write-only."""
psk: String!
"""The public IP address where the IPsec tunnel is initiated"""
publicSiteIp: IPAddress
"""Tunnel role"""
role: IPSecV2TunnelRole
}
input UpdateIpsecIkeV2TunnelInput {
"""
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
"""
lastMileBw: LastMileBwInput
"""Tunnel name"""
name: String
"""
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateCatoIp: IPAddress
"""
Site private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateSiteIp: IPAddress
"""Pre-shared key. This field is write-only."""
psk: String
"""The public IP address where the IPsec tunnel is initiated"""
publicSiteIp: IPAddress
"""Tunnel role"""
role: IPSecV2TunnelRole
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId!
}
input UpdateIpsecIkeV2TunnelsInput {
"""The destination type of the IPsec tunnel"""
destinationType: DestinationType
"""The PoP location ID"""
popLocationId: ID
"""
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
"""
publicCatoIpId: ID
tunnels: [UpdateIpsecIkeV2TunnelInput!]!
}
input AddIpsecIkeV2TunnelsInput {
"""The destination type of the IPsec tunnel"""
destinationType: DestinationType
"""The PoP location ID"""
popLocationId: ID
"""
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
"""
publicCatoIpId: ID
tunnels: [AddIpsecIkeV2TunnelInput!]!
}
input UpdateIpsecIkeV2SiteTunnelsInput {
"""The configuration of the site’s primary tunnel"""
primary: UpdateIpsecIkeV2TunnelsInput
"""The configuration of the site’s secondary tunnel"""
secondary: UpdateIpsecIkeV2TunnelsInput
}
input AddIpsecIkeV2SiteTunnelsInput {
"""The configuration of the site’s primary tunnel"""
primary: AddIpsecIkeV2TunnelsInput
"""The configuration of the site’s secondary tunnel"""
secondary: AddIpsecIkeV2TunnelsInput
}
input RemoveIpsecIkeV2SiteTunnelsInput {
"""The IDs of the tunnels"""
tunnelId: [IPSecV2InterfaceId!]!
}
type AddIpsecIkeV2SitePayload {
"""The ID of the site"""
siteId: ID!
}
type UpdateIpsecIkeV2SiteGeneralDetailsPayload {
"""The local ID for the site"""
localId: String
"""The ID of the site"""
siteId: ID!
}
type UpdateIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type UpdateIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [UpdateIpsecIkeV2SiteTunnelPayload!]!
}
type AddIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type RemoveIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type AddIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [AddIpsecIkeV2SiteTunnelPayload!]!
}
type RemoveIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [RemoveIpsecIkeV2SiteTunnelPayload!]!
}
type UpdateIpsecIkeV2SiteTunnelsPayload {
"""The primary multi-tunnel"""
primary: UpdateIpsecIkeV2SiteMultiTunnelPayload
"""The secondary multi-tunnel"""
secondary: UpdateIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type AddIpsecIkeV2SiteTunnelsPayload {
"""Cato’s FQDN for the primary tunnel"""
primary: AddIpsecIkeV2SiteMultiTunnelPayload
"""Cato’s FQDN for the secondary tunnel"""
secondary: AddIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type RemoveIpsecIkeV2SiteTunnelsPayload {
"""Cato’s FQDN for the primary tunnel"""
primary: RemoveIpsecIkeV2SiteMultiTunnelPayload
"""Cato’s FQDN for the secondary tunnel"""
secondary: RemoveIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type HardwareManagementQueries {
"""Retrieve the account socket inventory"""
socketInventory(input: SocketInventoryInput): SocketInventoryPayload! @beta
}
input SocketInventoryInput {
filter: SocketInventoryFilterInput
paging: PagingInput
sort: SocketInventoryOrderInput
}
input SocketInventoryFilterInput {
"""
Will run contains operation for the provided text on the following fields serialNumber,socketMac,socketVersion,installedSite,
shippingCompany,trackingNumber,deliverySiteName,description,hardwareVersion with OR between them
"""
freeText: FreeTextFilterInput
}
input SocketInventoryOrderInput {
accountName: SortOrderInput
deliverySiteName: SortOrderInput
description: SortOrderInput
hardwareVersion: SortOrderInput
installedSite: SortOrderInput
serialNumber: SortOrderInput
shippingCompany: SortOrderInput
shippingDate: SortOrderInput
socketType: SortOrderInput
"""Default sort field"""
status: SortOrderInput
}
type SocketInventoryPayload {
items: [SocketInventoryItem!]!
pageInfo: PageInfo!
}
type SocketInventoryItem {
"""Socket account"""
account: AccountRef!
"""Available upgrade versions"""
availableUpgradeVersions: [String!]!
"""Name of the delivery site"""
deliverySiteName: String
"""Description"""
description: String
"""Hardware Version"""
hardwareVersion: String
"""ID"""
id: ID!
"""Is primary socket"""
isPrimary: Boolean!
"""Registration status"""
registrationStatus: SocketRegistrationStatus
"""Serial number (unique)"""
serialNumber: String
"""Shipping company"""
shippingCompany: String
"""Shipping date"""
shippingDate: DateTime
"""Socket's site"""
site: SiteRef
"""Mac address"""
socketMac: MacAddress
"""Socket Type"""
socketType: SocketPlatform
"""Socket version"""
socketVersion: String
"""Socket status (see SocketInventoryItemStatus)"""
status: SocketInventoryItemStatus
"""tracking number from the shipping company"""
trackingNumber: String
"""tracking url from the shipping company"""
trackingUrl: Url
"""Are automatic upgrade paused"""
upgradesPaused: Boolean!
"""Upgrade status"""
upgradeStatus: SocketUpgradeStatus
}
enum SocketInventoryItemStatus {
CONNECTED
DELIVERED
INSTALLED
ORDERED
SHIPPED
}
type Events {
from: DateTime
id: ID
records(limit: Int, from: Int): [EventsRecord!]
to: DateTime
total: Int
totals: Map
}
type EventsRecord {
fields: [EventField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
prevTimeFrame: Map
trends: Map
}
type EventsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
input EventsMeasure {
aggType: AggregationType!
fieldName: EventFieldName!
trend: Boolean
}
input EventsDimension {
fieldName: EventFieldName!
}
input EventsFilter {
fieldName: EventFieldName!
operator: FilterOperator!
values: [String!]!
}
input EventsPostAggFilter {
aggType: AggregationType!
filter: EventsFilter!
}
input EventsSort {
fieldName: EventFieldName!
order: DirectionEnum!
}
type EventField {
name: EventFieldName!
value: Value!
}
type AuditFeedAccountRecords {
id: ID
records(fieldNames: [AuditFieldName!]): [AuditRecord!]
}
type AuditFeed {
accounts: [AuditFeedAccountRecords]
fetchedCount: Int!
from: DateTime
hasMore: Boolean
marker: String
to: DateTime
}
"""
Search operators on ElasticSearch. Between operators are applicable only to numeric fields
Note that not operators are slower
"""
enum ElasticOperator {
between
exists
in
is
is_not
not_between
not_exists
not_in
}
"""
FieldName for the different types of FieldName inputs
Use the EventFieldName for events, and AuditFieldName for audit
"""
input FieldNameInput {
AuditFieldName: AuditFieldName
}
input AuditFieldFilterInput {
fieldName: FieldNameInput!
"Use AuditFieldName for audits"
operator: ElasticOperator!
values: [String!]
}
"""Represents a single event in the audit database"""
type AuditRecord {
account: EntityInfo
admin: Entity
apiKey: Entity
"All fields in the audit record (including the admin and object)"
fields: [AuditField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
object: Entity
time: DateTime
}
type StringValue {
string: String
}
type DateValue {
date: DateTime
}
union Value = StringValue | DateValue | Entity
type AuditField {
name: String!
value: Value!
}
enum AuditFieldName {
"The name of the account on which the record was created"
account
"The id of the account on which the record was created"
account_id
"The admin whose action generated the record"
admin
"The ID of the admin whose action generated the record"
admin_id
"The api key whose action generated the record"
apiKey
audit_creation_type
"the nature of the change: `CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED`"
change_type
"Time the record was created"
creation_date
"Time the record was committed to storage"
insertion_date
"The name of the object that was affected, e.g. 'My Site'"
model_name
"The type of object that was affected. e.g. Site, Socket, SocketInterface"
model_type
"Less granular than model_name, a general marker of the modified area: administration, configuration, security"
module
}
enum EntityType {
"""A reference to a configured Account under reseller"""
account
"""An account administrator (user in Cato Console)"""
admin
"""An external IP address in a specific PoP reserved for the account"""
allocatedIP
"""Any entity (matches everything)"""
any
"Pooled licenses available for use"
availablePooledUsage
"Site licenses available for use"
availableSiteUsage
"""A settlement with over 1K population"""
city
"""Geographical and political entity recognized internationally"""
country
"""
Represents a state or territory within a country. It is a sub-division of the country
"""
countryState
"A reference to DHCP Relay Group within account"
dhcpRelayGroup
groupSubscription
"""A reference to the configured Host within Site"""
host
"A reference to LAN Firewall Rule within Site"
lanFirewall
"A reference to Local Routing Rule within Site"
localRouting
location
mailingListSubscription
"""A reference to the configured Network Interface within Site"""
networkInterface
"Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number"
portProtocol
"l4 services for LAN firewall rules"
simpleService
"""A reference to a configured Site within Account"""
site
"union of the globalRange and a Subnet"
siteRange
"""
Time zone, which is a geographical region where clocks are set to the same time
"""
timezone
"""A reference to the configured VPN User within Account"""
vpnUser
webhookSubscription
}
input RetrieveUsedVlanIDsInput {
"""Method of encapsulation (.1Q/QinQ)"""
encapsulationMethod: TaggingMethod!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput!
"""
Name of the service provider. Usually a partner, or a fabric service provider.
"""
serviceProviderName: String!
}
"""Input for adding a new cloud interconnect site."""
input AddCloudInterconnectSiteInput {
"""Description of the site."""
description: String
"""Name of the site."""
name: String!
"""Location details of the site."""
siteLocation: AddSiteLocationInput!
"""Type of the site."""
siteType: SiteType! = BRANCH
}
"""Payload for adding a new cloud interconnect site."""
type AddCloudInterconnectSitePayload {
"""ID of the newly added site."""
siteId: ID!
}
"""
Input for adding a new physical connection to a cloud interconnect site.
"""
input AddCloudInterconnectPhysicalConnectionInput {
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth!
"""Method of encapsulation.Wither .1Q/QinQ"""
encapsulationMethod: TaggingMethod!
"""High availability role of the connection."""
haRole: HaRole!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput!
"""Private IP address of Cato."""
privateCatoIp: IPAddress!
"""Private IP address of the site."""
privateSiteIp: IPAddress!
"""
QinQ VLAN configuration for QinQ encapsulated connections. Applicable only to reseller accounts with private POPs.
"""
QinQVlanConfiguration: QinQVlanConfiguration
"""
Name of the service provider. Usually a partner, or a fabric service provider.
"""
serviceProviderName: String!
"""Identifying data for the site."""
site: SiteRefInput!
"""Subnet for the connection, the BGP peering range. /30 CIDR."""
subnet: NetworkSubnet!
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth!
"""
VLAN configuration for Dot1Q encapsulated connections. Applicable only to reseller accounts with private POPs.
"""
vlan: Vlan
}
input QinQVlanConfiguration {
cVlan: Vlan!
sVlan: Vlan!
}
type QinQVlan {
cVlan: Vlan!
sVlan: Vlan!
}
"""
Payload for adding a new physical connection to a cloud interconnect site.
"""
type AddCloudInterconnectPhysicalConnectionPayload {
"""ID of the newly added connection."""
id: ID!
}
"""
Payload for updating an existing physical connection at a cloud interconnect site.
"""
type UpdateCloudInterconnectPhysicalConnectionPayload {
"""ID of the updated connection."""
id: ID!
}
"""
Input for updating an existing physical connection at a cloud interconnect site.
"""
input UpdateCloudInterconnectPhysicalConnectionInput {
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth
"""Method of encapsulation."""
encapsulationMethod: TaggingMethod
"""ID of the connection to be updated."""
id: ID!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput
"""Private IP address of Cato."""
privateCatoIp: IPAddress
"""Private IP address of the site."""
privateSiteIp: IPAddress
"""
QinQ VLAN configuration for QinQ encapsulated connections. Applicable only to accounts with private POPs.
"""
QinQVlanConfiguration: QinQVlanConfiguration
"""Name of the service provider."""
serviceProviderName: String
"""Subnet for the connection."""
subnet: NetworkSubnet
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth
"""
VLAN configuration for Dot1Q encapsulated connections. Applicable only to accounts with private POPs.
"""
vlan: Vlan
}
"""
Input for removing a physical connection from a cloud interconnect site.
"""
input RemoveCloudInterconnectPhysicalConnectionInput {
"""ID of the connection to be removed."""
id: ID!
}
"""
Payload for removing a physical connection from a cloud interconnect site.
"""
type RemoveCloudInterconnectPhysicalConnectionPayload {
"""ID of the removed connection."""
id: ID!
}
"""
Input for getting details of a physical connection at a cloud interconnect site.
"""
input CloudInterconnectPhysicalConnectionInput {
"""ID of the connection."""
id: ID!
}
"""Details of a physical connection at a cloud interconnect site."""
type CloudInterconnectPhysicalConnection {
"""C-VLAN applicable only for QINQ connections."""
cVlan: Vlan
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth!
"""Method of encapsulation."""
encapsulationMethod: TaggingMethod!
"""High availability role of the connection. Either Primary or Secondary."""
haRole: HaRole!
"""ID of the connection."""
id: ID!
"""Identifying data for the POP location."""
popLocation: PopLocationRef!
"""Private IP address of Cato, used for BGP routing."""
privateCatoIp: IPAddress!
"""Private IP address of the site, used for BGP routing."""
privateSiteIp: IPAddress!
"""Name of the service provider."""
serviceProviderName: String!
"""Identifying data for the site."""
site: SiteRef!
"""Subnet for the connection."""
subnet: NetworkSubnet!
"""S-VLAN applicable only for QINQ connections."""
sVlan: Vlan
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth!
"""VLAN applicable only for DOT1Q connections."""
vlan: Vlan
}
"""
Input for getting the ID of a physical connection at a cloud interconnect site.
"""
input CloudInterconnectPhysicalConnectionIdInput {
"""High availability role of the connection."""
haRole: HaRole!
"""Identifying data for the site."""
site: SiteRefInput!
}
"""ID of a physical connection at a cloud interconnect site."""
type CloudInterconnectPhysicalConnectionId {
"""ID of the connection."""
id: ID!
}
"""
Input for checking the connectivity status of a cloud interconnect connection.
"""
input CloudInterconnectConnectionConnectivityInput {
"""ID of the connection."""
id: ID!
}
"""Connectivity status of a cloud interconnect connection."""
type CloudInterconnectConnectionConnectivity {
"""Indicates if the connection is successful."""
success: Boolean!
}
type RetrieveUsedVlanIDsPayload {
"""All VLAN ranges supported by the POP location."""
ranges: [VlanRange!]!
"""List of reserved Dot1Q VLANs currently in use at the POP location."""
reservedDot1QVlans: [ReservedDot1QVlans!]!
"""List of reserved QinQ VLANs currently in use at the POP location."""
reservedQinQVlans: [ReservedQinQVlans!]!
}
type ReservedDot1QVlans {
accountId: ID
siteId: ID
vlan: Vlan
}
type ReservedQinQVlans {
accountId: ID
qinqVlan: QinQVlan
siteId: ID
}
enum SocketInterfaceDestType {
ALTERNATIVE
CATO
INTERFACE_DISABLED
LAN
LAN_AND_HA
LAN_LAG_MASTER
LAN_LAG_MASTER_AND_VRRP
LAN_LAG_MEMBER
LAYER_2_WAN
VRRP
VRRP_AND_LAN
}
enum VrrpType {
DIRECT_LINK
VIA_SWITCH
}
"SocketInterface available ids, INT_# stands for 1,2,3...12 supported ids"
enum SocketInterfaceIDEnum {
INT_1
INT_10
INT_11
INT_12
INT_2
INT_3
INT_4
INT_5
INT_6
INT_7
INT_8
INT_9
LAN1
LAN2
LTE
USB1
USB2
WAN1
WAN2
WLAN
}
enum SocketInterfaceRole {
wan_1
wan_2
wan_3
wan_4
}
enum IPSecV2InterfaceId {
PRIMARY1
PRIMARY2
PRIMARY3
SECONDARY1
SECONDARY2
SECONDARY3
}
enum IPSecV2TunnelRole {
WAN1
WAN2
WAN3
}
type SubDomain {
accountId: ID!
accountName: String!
accountType: String!
subDomain: String!
}
input UpdateAccountRoleInput {
id: ID!
name: String
}
input UpdateAdminRoleInput {
allowedAccounts: [ID!]
allowedEntities: [EntityInput!]
role: UpdateAccountRoleInput!
}
enum SiteType {
BRANCH
CLOUD_DC
DATACENTER
HEADQUARTERS
}
type AdminsResult {
items: [Admin!]!
total: Int!
}
type EntityLookupResult {
items: [EntityInfo!]!
total: Int
}
enum AdminType {
LOGIN
SERVICE_PRINCIPLE
}
"""A CC2 administrator"""
type Admin {
adminType: AdminType
allowedItems: [Entity!]
creationDate: DateTime
email: String
firstName: String
id: ID!
lastName: String
managedRoles: [AdminRole!]
mfaEnabled: Boolean
modifyDate: DateTime
nativeAccountID: ID
passwordNeverExpires: Boolean
presentUsageAndEvents: Boolean
resellerRoles: [AdminRole!]
role: UserRole
status: OperationalStatus
version: String!
}
enum UserRole {
EDITOR
OWNER
PUBLIC_EDITOR
PUBLIC_VIEWER
SITES_VIEWER
SUPER_USER
VIEWER
}
enum AccountType {
ALL
REGULAR
RESELLER
SYSTEM
}
enum IpSecCipher {
AES_CBC_128
AES_CBC_256
AES_GCM_128
AES_GCM_256
AUTOMATIC
DES3_CBC
NONE
}
enum IpSecHash {
AUTOMATIC
MD5
NONE
SHA1
SHA256
SHA384
SHA512
}
enum IpSecDHGroup {
AUTOMATIC
DH_14_MODP2048
DH_15_MODP3072
DH_16_MODP4096
DH_19_ECP256
DH_2_MODP1024
DH_20_ECP384
DH_21_ECP521
DH_5_MODP1536
NONE
}
enum ConnectionMode {
BIDIRECTIONAL
RESPONDER_ONLY
}
enum IdentificationType {
EMAIL
FQDN
IPV4
KEY_ID
}
enum DestinationType {
FQDN
IPv4
}
enum ProtoType {
CROSS_CONNECT
IPSEC_CLIENT
IPSEC_HOST
IPSEC_V2
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
SOCKET_GCP1500
SOCKET_X1500
SOCKET_X1600
SOCKET_X1600_LTE
SOCKET_X1700
VSOCKET_VGX
VSOCKET_VGX_AWS
VSOCKET_VGX_AZURE
VSOCKET_VGX_ESX
}
enum SocketRegistrationStatus {
ASSIGNED_SITE
ASSIGNED_SITE_PENDING_REGISTER
NEW
PENDING
REGISTERED
REJECTED
UNASSIGNING
}
enum SocketUpgradeStatus {
CANCEL
FAIL
FATAL
PENDING
PENDING_REBOOT
RETRY
SKIP
STARTED
STARTING
SUCCESS
}
enum SocketPlatform {
AWS1500
AZ1500
ESX1500
GCP1500
X1500
X1500_BR2
X1500B_BR2
X1600
X1600_5G
X1600_LTE
X1700
X1700B
}
enum SubnetType {
Direct
Native
Routed
SecondaryNative
VLAN
}
enum DhcpType {
ACCOUNT_DEFAULT
DHCP_DISABLED
DHCP_RANGE
DHCP_RELAY
}
input LookupFilterInput {
filter: LookupFilterType
value: String
}
enum LookupFilterType {
"""Custom filter for country, used by city and state entityLookup"""
country
"""
Custom filter to be used with Site entityLookup, to get only sites with Alt WAN, possible values:
"true",
"false",
"""
filterByAltWan
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as backhauling gateways, possible values:
"true",
"false",
"""
filterByBackhaulingGW
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values (there are more values that can supported):
"SOCKET_X1500",
"SOCKET_X1600",
"SOCKET_X1700",
"VSOCKET_VGX_ESX",
"VSOCKET_VGX_AWS"
"VSOCKET_VGX_AZURE"
"SOCKET_X1600_LTE",
"""
filterByConnectionType
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values:
"SOCKET",
"IPSEC",
"vSOCKET",
"PHYSICAL_SOCKET"
"""
filterByConnectionTypeFamily
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as OffCloudTransportEnabled, possible values:
"true",
"false",
"""
filterByOffCloudTransportEnabled
"""Custom filter for state used by city entityLookup"""
state
}
type AccountRolesResult {
items: [RBACRole!]!
total: Int!
}
type AccountDataPayload {
id: ID!
name: String!
subdomain: String!
}
type Entity {
id: ID!
name: String
type: EntityType!
}
input EntityInput {
id: ID!
name: String
type: EntityType!
}
type EntityInfo {
description: String!
entity: Entity!
helperFields: Map!
}
input BgpPeerListInput {
"""Identifies the site whose BGP peers are listed."""
site: SiteRefInput!
}
type BgpPeerListPayload {
"""BGP peers associated with the site."""
bgpPeer: [BgpPeer!]!
"""Total number of BGP peers found."""
total: Int!
}
input AddBgpPeerInput {
"""Advertise all routes if true."""
advertiseAllRoutes: Boolean! = false
"""Advertise the default route (0.0.0.0/0) if true."""
advertiseDefaultRoute: Boolean! = true
"""Advertise summarized routes if true."""
advertiseSummaryRoutes: Boolean! = false
"""Enable BFD for session failure detection if true."""
bfdEnabled: Boolean! = false
"""Required BFD configuration if BFD is enabled."""
bfdSettings: BfdSettingsInput
"""The AS number of Cato's BGP endpoint."""
catoAsn: Asn16!
"""Default action for routes not matching filters (ACCEPT or DROP)."""
defaultAction: BgpDefaultAction!
"""Excluded rules from the default action."""
defaultActionExclusion: [BgpFilterRuleInput!]! = []
"""Community values to associate with the default route."""
defaultRouteCommunities: [BgpCommunityInput!]! = []
"""Time (in seconds) before declaring the peer unreachable."""
holdTime: Int! = 60
"""Time (in seconds) between keepalive messages."""
keepaliveInterval: Int! = 20
"""MD5 authentication key for secure sessions."""
md5AuthKey: String
"""Route preference metric; lower values are given precedence."""
metric: Int! = 100
"""Name of the BGP configuration entity."""
name: String!
"""The AS number of the peer BGP endpoint."""
peerAsn: Asn32!
"""IP address of the peer BGP endpoint."""
peerIp: IPAddress!
"""Perform NAT if true."""
performNat: Boolean! = false
"""Information about the site where the BGP peer is being added."""
site: SiteRefInput!
"""Summarized routes to advertise."""
summaryRoute: [BgpSummaryRouteInput!]! = []
"""Configuration for tracking the health and status of the BGP peer."""
tracking: BgpTrackingInput
}
input BgpPeerRefInput {
"""Specifies the method of identification (default is by ID)."""
by: ObjectRefBy! = ID
"""Value used to identify the BGP peer (e.g., ID or name)."""
input: String!
}
type BgpPeer {
"""Indicates if all routes are advertised."""
advertiseAllRoutes: Boolean!
"""Indicates if the default route is advertised."""
advertiseDefaultRoute: Boolean!
"""Indicates if summarized routes are advertised."""
advertiseSummaryRoutes: Boolean!
"""Indicates if BFD is enabled for failure detection."""
bfdEnabled: Boolean!
"""BFD configuration."""
bfdSettings: BfdSettings
"""AS number of Cato's BGP endpoint."""
catoAsn: Asn16!
"""IP address of Cato's BGP endpoint."""
catoIp: IPAddress!
"""Default action for routes not matching filters (ACCEPT or DROP)."""
defaultAction: BgpDefaultAction!
"""Rules excluded from the default action."""
defaultActionExclusion: [BgpFilterRule!]!
"""Community values associated with the default route."""
defaultRouteCommunities: [BgpCommunity!]!
"""Time before declaring the peer unreachable."""
holdTime: Int!
"""Unique identifier for the BGP peer."""
id: ID!
"""Interval between keepalive messages."""
keepaliveInterval: Int!
"""MD5 authentication key for secure sessions."""
md5AuthKey: String
"""Metric for route preferences."""
metric: Int!
"""Name of the BGP configuration entity."""
name: String!
"""AS number of the peer BGP endpoint."""
peerAsn: Asn32!
"""IP address of the peer BGP endpoint."""
peerIp: IPAddress!
"""Indicates if NAT is performed on routes."""
performNat: Boolean!
"""Site associated with this BGP peer."""
site: SiteRef!
"""Summarized routes advertised to the peer."""
summaryRoute: [BgpSummaryRoute!]!
"""Tracking configuration for health and availability."""
tracking: BgpTracking
}
input BgpTrackingInput {
"""Frequency of health alerts."""
alertFrequency: PolicyRuleTrackingFrequencyEnum! = HOURLY
"""Indicates if tracking is enabled."""
enabled: Boolean! = false
"""Subscription ID associated with this tracking rule."""
subscriptionId: ID!
}
type BgpTracking {
"""Frequency of health alerts."""
alertFrequency: PolicyRuleTrackingFrequencyEnum!
"""Indicates if tracking is enabled."""
enabled: Boolean!
"""Unique identifier for the tracking rule."""
id: ID!
"""Subscription ID associated with the rule."""
subscriptionId: ID
}
type AddBgpPeerPayload {
"""The BGP peer that was successfully added."""
bgpPeer: BgpPeer!
}
input UpdateBgpPeerInput {
"""Update for all route advertisements."""
advertiseAllRoutes: Boolean
"""Update for default route advertisement."""
advertiseDefaultRoute: Boolean
"""Update for summary route advertisement."""
advertiseSummaryRoutes: Boolean
"""Update to enable or disable BFD."""
bfdEnabled: Boolean
"""Updated BFD settings."""
bfdSettings: BfdSettingsInput
"""Updated AS number of Cato's BGP endpoint."""
catoAsn: Asn16
"""Update for the default action on unmatched routes."""
defaultAction: BgpDefaultAction
"""Updated rules excluded from the default action."""
defaultActionExclusion: [BgpFilterRuleInput!]
"""Community values to associate with the default route."""
defaultRouteCommunities: [BgpCommunityInput!]
"""Updated hold time for the BGP session."""
holdTime: Int
"""Unique identifier of the BGP peer to be updated."""
id: ID!
"""Updated keepalive interval for the BGP session."""
keepaliveInterval: Int
"""Updated MD5 authentication key."""
md5AuthKey: String
"""Updated metric value for route preferences."""
metric: Int
"""Updated name of the BGP configuration entity."""
name: String
"""Updated AS number of the peer BGP endpoint."""
peerAsn: Asn32
"""Updated IP address of the peer BGP endpoint."""
peerIp: IPAddress
"""Update for NAT configuration."""
performNat: Boolean
"""Updated summarized routes to advertise."""
summaryRoute: [BgpSummaryRouteInput!]
"""Updated tracking configuration for the BGP peer."""
tracking: BgpTrackingInput
}
input BfdSettingsInput {
"""Number of missed BFD packets before considering the session down."""
multiplier: Int! = 5
"""
Time interval (in milliseconds) in which this peer expects to receive BFD packets.
"""
receiveInterval: Int! = 1000
"""Time interval (in milliseconds) between BFD packets sent by this peer."""
transmitInterval: Int! = 1000
}
type BfdSettings {
"""Number of missed BFD packets before considering the session down."""
multiplier: Int!
"""
Time interval (in milliseconds) in which this peer expects to receive BFD packets.
"""
receiveInterval: Int!
"""Time interval (in milliseconds) between BFD packets sent by this peer."""
transmitInterval: Int!
}
type UpdateBgpPeerPayload {
"""The updated BGP peer object."""
bgpPeer: BgpPeer!
}
input RemoveBgpPeerInput {
"""Unique identifier of the BGP peer to be removed."""
id: ID!
}
type RemoveBgpPeerPayload {
"""The BGP peer that was successfully removed."""
bgpPeer: BgpPeer!
}
enum BgpDefaultAction {
"""Default action to accept all unmatched routes."""
ACCEPT
"""Default action to drop all unmatched routes."""
DROP
}
input SiteBgpStatusInput {
"""Identifying data for the site whose BGP status is being queried."""
site: SiteRefInput!
}
type SiteBgpStatus {
"""Raw BGP status information."""
rawStatus: [String!]!
"""Detailed BGP status, including session and route details."""
status: [BgpDetailedStatus!]!
}
type BgpDetailedStatus {
"""Status of the BFD session (if applicable)."""
bfdSession: String
"""Status of the BGP session (e.g., established, down)."""
bgpSession: String!
"""Routes rejected from the peer."""
rejectedRoutesFromPeer: [BgpRejectedRoutesFromPeer!]!
"""IP address of the remote BGP peer."""
remoteIp: IPAddress!
"""Routes received from the peer."""
routesFromPeer: [String!]!
"""Routes sent to the peer."""
routesToPeer: [String!]!
}
type BgpSummaryRoute {
"""Community values associated with the route."""
community: [BgpCommunity!]!
"""Unique identifier of the summarized route."""
id: ID!
"""Subnet of the summarized route."""
route: NetworkSubnet!
}
input BgpSummaryRouteInput {
"""Community values to associate with the summarized route."""
community: [BgpCommunityInput!]! = []
"""Subnet of the summarized route to be advertised."""
route: NetworkSubnet!
}
type BgpRouteExactAndInclusiveFilterRule {
"""Minimum prefix length for the filter rule."""
ge: Int
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRef!]!
"""Global IP ranges to exclude."""
globalIpRangeException: [GlobalIpRangeRef!]!
"""Unique identifier of the filter rule."""
id: ID!
"""Maximum prefix length for the filter rule."""
le: Int
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]!
"""Network subnets to exclude."""
networkSubnetException: [NetworkSubnet!]!
}
type BgpRouteExactFilterRule {
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRef!]!
"""Unique identifier of the exact filter rule."""
id: ID!
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]!
}
type BgpCommunityFilterRule {
"""Community values to match."""
community: [BgpCommunity!]!
"""Unique identifier of the community filter rule."""
id: ID!
"""Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL)."""
predicate: BgpCommunityFilterPredicate!
}
type BgpFilterRule {
"""
Exact and inclusive filter rule. Please choose only one filter rule type.
"""
bgpRouteExactAndInclusiveFilterRule: BgpRouteExactAndInclusiveFilterRule
"""Exact route filter rule. Please choose only one filter rule type."""
bgpRouteExactFilterRule: BgpRouteExactFilterRule
"""Community filter rule. Please choose only one filter rule type."""
communityFilterRule: BgpCommunityFilterRule
}
input BgpFilterRuleInput {
"""Input for exact and inclusive filter rule."""
bgpRouteExactAndInclusiveFilterRule: BgpRouteExactAndInclusiveFilterRuleInput
"""Input for exact route filter rule."""
bgpRouteExactFilterRule: BgpRouteExactFilterRuleInput
"""Input for community filter rule."""
communityFilterRule: BgpCommunityFilterRuleInput
}
input BgpRouteExactFilterRuleInput {
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRefInput!]! = []
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]! = []
}
input BgpRouteExactAndInclusiveFilterRuleInput {
"""Minimum prefix length for the filter rule."""
ge: Int
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRefInput!]! = []
"""Global IP ranges to exclude."""
globalIpRangeException: [GlobalIpRangeRefInput!]! = []
"""Maximum prefix length for the filter rule."""
le: Int
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]! = []
"""Network subnets to exclude."""
networkSubnetException: [NetworkSubnet!]! = []
}
input BgpCommunityFilterRuleInput {
"""Community values to match."""
community: [BgpCommunityInput!]! = []
"""Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL)."""
predicate: BgpCommunityFilterPredicate
}
enum BgpCommunityFilterPredicate {
"""Matches exactly the specified community value."""
EQUAL
"""Matches any community value except the specified one."""
NOT_EQUAL
}
type BgpRejectedRoutesFromPeer {
"""Community values associated with the rejected route."""
community: [BgpCommunity!]!
"""Timestamp of the last attempt to publish the rejected route."""
lastPublishAttempt: DateTime
"""Filter rule that caused the rejection."""
rule: String
"""Subnet of the rejected route."""
subnet: NetworkSubnet
"""Reason for rejecting the route."""
type: String
}
type VlanRange {
from: Vlan!
to: Vlan!
}
interface ObjectRef {
"Object's unique identifier"
id: ID!
"Object's unique name"
name: String!
}
enum ObjectRefBy {
ID
NAME
}
"Time zone identifier E.g.: America/New_York"
scalar TimeZone
"Wall time. E.g.: 12:34:56 or 12:34"
scalar Time
"2006-01-02T15:04:05Z07:00 (RFC3339)"
scalar DateTime
"2006-01-02"
scalar Date
scalar Secret
"""
A generic key-value map.
Represents an arbitrary JSON object, e.g.:
{ "key1": "value1", "key2": "value2" }
Keys must be strings, and values can be of any valid JSON type (string, number, boolean, array, or object).
"""
scalar Map
"An IPv4 IP address"
scalar IPAddress
scalar IPSubnet
"""
Top level domain is actually second level domain (e.g. example.com)
It is recommended to use as a broad way of distinguishing domains, because they **frequently use multiple hosts**.
"""
scalar Domain
"""Fully Qualified Domain Name: An exact host name (e.g. www.example.com)"""
scalar Fqdn
"VLAN Identifier. A number in the range 1-4094 used to uniquely identify a Virtual Local Area Network (VLAN) in networking environments"
scalar Vlan
"Application Risk"
scalar ApplicationRisk
"A 64-character hex string representing a SHA-256 hash. Typically used for secure validation and cryptographic integrity checks"
scalar SHA_256
enum OperatingSystem {
ANDROID
EMBEDDED
IOS
LINUX
MACOS
WINDOWS
}
"Email address. E.g.: user@company.org"
scalar Email
"Phone number. E.g.: +1 505 333 4070"
scalar Phone
"Network port number. Must be in range [0-65535] E.g.: 433, 8080, 80, etc.."
scalar Port
"16 bit autonomous system number [0-65535]"
scalar Asn16
"32 bit autonomous system number [0-4294967295]"
scalar Asn32
scalar NetworkBandwidth
"A Uniform Resource Locator, colloquially known as an address on the Web. E.g.: http://www.example.com/page/"
scalar Url
enum DayOfWeek {
FRIDAY
MONDAY
SATURDAY
SUNDAY
THURSDAY
TUESDAY
WEDNESDAY
}
"FF:FF:FF:FF OR FF-FF-FF-FF"
scalar MacAddress
"Http header name"
scalar HttpHeaderName
"Http header value"
scalar HttpHeaderValue
type HttpHeaderNameValue {
name: HttpHeaderName!
value: HttpHeaderValue!
}
input HttpHeaderNameValueInput {
name: HttpHeaderName!
value: HttpHeaderValue!
}
"Subnet in CIDR notation E.g.: 10.0.0.0/24"
scalar NetworkSubnet
"Inclusive range of IPs"
type IpAddressRange {
from: IPAddress!
to: IPAddress!
}
"Inclusive range of IPs"
input IpAddressRangeInput {
from: IPAddress!
to: IPAddress!
}
"Inclusive network port range"
type PortRange {
from: Port!
to: Port!
}
"Inclusive network port range"
input PortRangeInput {
from: Port!
to: Port!
}
input IPAddressFilterInput {
between: [IPAddress!]
eq: IPAddress
in: [IPAddress!]
neq: IPAddress
nin: [IPAddress!]
nwithin: NetworkSubnet
within: NetworkSubnet
}
enum IpProtocol {
ANY
ICMP
TCP
"TCP or UDP"
TCP_UDP
UDP
}
enum SimpleServiceType {
DNS_TCP
DNS_UDP
FTP
HTTP
HTTPS
MYSQL
RDP
SMTP
SSH
}
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol"
type CustomService {
port: [Port!]
portRange: PortRange
protocol: IpProtocol!
}
"Add a Custom Service defined by a combination of L4 ports and an IP Protocol"
input CustomServiceInput {
port: [Port!]
portRange: PortRangeInput
protocol: IpProtocol!
}
type CustomServiceIp {
ip: IPAddress
ipRange: IpAddressRange
name: String!
}
input CustomServiceIpInput {
ip: IPAddress
ipRange: IpAddressRangeInput
name: String!
}
type SimpleService {
name: SimpleServiceType!
}
input SimpleServiceInput {
name: SimpleServiceType!
}
input AccountFilter {
accountInclusion: AccountInclusion
in: [ID!]
}
"""
A reference identifying the User object. ID: Unique User Identifier, Name: The User Name
"""
type UserRef implements ObjectRef {
id: ID!
name: String!
}
input UserRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the UsersGroup object. ID: Unique UsersGroup Identifier, Name: The UsersGroup Name
"""
type UsersGroupRef implements ObjectRef {
id: ID!
name: String!
}
input UsersGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the DeviceProfile object. ID: Unique DeviceProfile Identifier, Name: The DeviceProfile Name
"""
type DeviceProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DeviceProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying of the PrivateApplication object. ID: Unique PrivateApplication Identifier, Name: The PrivateApplication Name
"""
type PrivateApplicationRef implements ObjectRef {
id: ID!
name: String!
}
interface ActorRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Admin object. ID: Unique Admin Identifier, Name: The Admin Name
"""
type AdminRef implements ActorRef & ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the ApiKey object. ID: Unique ApiKey Identifier, Name: The ApiKey Name
"""
type ApiKeyRef implements ActorRef & ObjectRef {
id: ID!
name: String!
}
input ActorRefInput {
by: ObjectRefBy! = ID
input: String!
}
input AdminRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the CustomCategory object. ID: Unique CustomCategory Identifier, Name: The CustomCategory Name
"""
type CustomCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input CustomCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Group object. ID: Unique Group Identifier, Name: The Group Name
"""
type GroupRef implements ObjectRef {
id: ID!
name: String!
}
input GroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
type RbacRoleRef implements ObjectRef {
id: ID!
name: String!
}
type AccessTokenRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the AllocatedIp object. ID: Unique AllocatedIp Identifier, Name: The AllocatedIp Name
"""
type AllocatedIpRef implements ObjectRef {
id: ID!
name: String!
}
input AllocatedIpRefInput {
by: ObjectRefBy! = ID
input: String!
}
type DhcpRelayGroupRef implements ObjectRef {
id: ID!
name: String!
}
"""
Returns data for the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched
to the route advertised by BGP. They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
type FloatingSubnetRef implements ObjectRef {
"Unique Floating Subnet ID"
id: ID!
"Name for the Floating Subnet"
name: String!
}
"""
Defines the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched
to the route advertised by BGP. They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
input FloatingSubnetRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
type GlobalRangeRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Host object. ID: Unique Host Identifier, Name: The Host Name
"""
type HostRef implements ObjectRef {
id: ID!
name: String!
}
input HostRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the NetworkInterface object. ID: Unique NetworkInterface Identifier, Name: The NetworkInterface Name
"""
type NetworkInterfaceRef implements ObjectRef {
id: ID!
name: String!
}
input NetworkInterfaceRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name
"""
type SiteRef implements ObjectRef {
id: ID!
name: String!
}
input SiteRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Account object. ID: Unique Account Identifier, Name: The Account Name
"""
type AccountRef implements ObjectRef {
id: ID!
name: String!
}
input AccountRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SiteNetworkSubnet object. ID: Unique SiteNetworkSubnet Identifier, Name: The SiteNetworkSubnet Name
"""
type SiteNetworkSubnetRef implements ObjectRef {
id: ID!
name: String!
}
input SiteNetworkSubnetRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Application object. ID: Unique Application Identifier, Name: The Application Name
"""
type ApplicationRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the ApplicationCategory object. ID: Unique ApplicationCategory Identifier, Name: The ApplicationCategory Name
"""
type ApplicationCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SanctionedAppsCategory object. ID: Unique SanctionedAppsCategory Identifier, Name: The SanctionedAppsCategory Name
"""
type SanctionedAppsCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input SanctionedAppsCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
type CloudApplicationRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the CustomApplication object. ID: Unique CustomApplication Identifier, Name: The CustomApplication Name
"""
type CustomApplicationRef implements ObjectRef {
id: ID!
name: String!
}
input CustomApplicationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Service object. ID: Unique Service Identifier, Name: The Service Name
"""
type ServiceRef implements ObjectRef {
id: ID!
name: String!
}
input ServiceRefInput {
by: ObjectRefBy! = ID
input: String!
}
type SimpleServiceRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Country object. ID: Unique Country Identifier, Name: The Country Name
"""
type CountryRef implements ObjectRef {
id: ID!
name: String!
}
input CountryRefInput {
by: ObjectRefBy! = ID
input: String!
}
type InterfaceSubnetRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the SubscriptionGroup object. ID: Unique SubscriptionGroup Identifier, Name: The SubscriptionGroup Name
"""
type SubscriptionGroupRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionWebhook object. ID: Unique SubscriptionWebhook Identifier, Name: The SubscriptionWebhook Name
"""
type SubscriptionWebhookRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionWebhookRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionMailingList object. ID: Unique SubscriptionMailingList Identifier, Name: The SubscriptionMailingList Name
"""
type SubscriptionMailingListRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionMailingListRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SystemGroup object. ID: Unique SystemGroup Identifier, Name: The SystemGroup Name
"""
type SystemGroupRef implements ObjectRef {
id: ID!
name: String!
}
input SystemGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the GlobalIpRange object. ID: Unique GlobalIpRange Identifier, Name: The GlobalIpRange Name
"""
type GlobalIpRangeRef implements ObjectRef {
id: ID!
name: String!
}
input GlobalIpRangeRefInput {
by: ObjectRefBy! = ID
input: String!
}
type StringValueSetRef implements ObjectRef {
id: ID!
name: String!
}
input StringValueSetRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlActivityRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlActivityRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlActivityFieldRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlActivityFieldRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlCriterionRef implements ObjectRef {
id: ID!
name: String!
}
type ApplicationControlContentTypeRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlContentTypeRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlContentTypeGroupRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlContentTypeGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
type DlpContentProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DlpContentProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
type DlpEdmProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DlpEdmProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Rbi Profile. ID: Unique RbiProfile Identifier, Name: The RbiProfile Name
"""
type RbiProfileRef implements ObjectRef {
id: ID!
name: String!
}
input RbiProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
type BandwidthManagementRef implements ObjectRef {
id: ID!
name: String!
}
input BandwidthManagementRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the PopLocation object. ID: Unique PopLocation Identifier, Name: The PopLocation Name
"""
type PopLocationRef implements ObjectRef {
id: ID!
name: String!
}
input PopLocationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"A group with members of FQDN type"
type FqdnContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"A group with members of IPAddressRange type"
type IpAddressRangeContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Add a container by ID or name"
input ContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
input FqdnContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
input IpAddressRangeContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
"A group with members of a single type of entity (for example: IP, FQDN)"
type ContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"""Referring a location object"""
type LocationRef implements ObjectRef {
id: ID!
name: String!
}
"""Referring an invoice object"""
type InvoiceRef implements ObjectRef {
id: ID!
name: String!
}
"A reference identifying the UserNotificationTemplate object. ID: Unique UserNotificationTemplate Identifier, Name: The UserNotificationTemplate Name"
type UserNotificationTemplateRef implements ObjectRef {
id: ID!
name: String!
}
input UserNotificationTemplateRefInput {
by: ObjectRefBy! = ID
input: String!
}
"A reference identifying the UserNotificationAiSecurityTemplate object. ID: Unique UserNotificationAiSecurityTemplate Identifier, Name: The UserNotificationAiSecurityTemplate Name"
type UserNotificationAiSecurityTemplateRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Application Connector object. ID: Unique Application Connector Identifier, Name: The Application Connector Name
"""
type ApplicationConnectorCatalogEntityRef implements ObjectRef {
id: ID!
name: String!
}
enum AccountInclusion {
ALL_ACCOUNTS
MANAGED_ACCOUNTS_ONLY
}
"""enum that shows account license status"""
enum AccountStatus {
ACTIVE
DISABLED
LOCKED
}
input SortOrderInput {
direction: SortOrder! = ASC
priority: Int! = 1
}
enum SortOrder {
ASC
DESC
}
type PageInfo {
total: Int!
}
input CreateBearerTokenAuthInput {
bearerToken: Secret!
}
input CreateBasicAuthInput {
password: Secret!
username: String!
}
input CreateCustomHeaderAuthInput {
name: String!
value: Secret!
}
input UpdateBearerTokenAuthInput {
bearerToken: Secret
}
input UpdateBasicAuthInput {
password: Secret
username: String
}
input UpdateCustomHeaderAuthInput {
name: String
value: Secret
}
enum AuthType {
BASIC_AUTH
BEARER_TOKEN
CUSTOM_HEADER
NO_AUTH
}
interface AuthInterface {
authType: AuthType!
}
type BearerTokenAuth implements AuthInterface {
authType: AuthType!
}
type BasicAuth implements AuthInterface {
authType: AuthType!
username: String!
}
type CustomHeaderAuth implements AuthInterface {
authType: AuthType!
name: String!
}
type NoAuth implements AuthInterface {
authType: AuthType!
}
input IdFilterInput {
eq: ID
in: [ID!]
neq: ID
nin: [ID!]
}
input SiteRefFilterInput {
eq: SiteRefInput
in: [SiteRefInput!]
neq: SiteRefInput
nin: [SiteRefInput!]
}
input UserRefFilterInput {
eq: UserRefInput
in: [UserRefInput!]
neq: UserRefInput
nin: [UserRefInput!]
}
input StringFilterInput {
eq: String
in: [String!]
neq: String
nin: [String!]
}
input AdvancedStringFilterInput {
eq: String
in: [String!]
neq: String
nin: [String!]
regex: String
}
input IntFilterInput {
between: [Int!]
eq: Int
gt: Int
gte: Int
in: [Int!]
lt: Int
lte: Int
neq: Int
nin: [Int!]
}
input DateTimeFilterInput {
between: [DateTime!]
eq: DateTime
gt: DateTime
gte: DateTime
in: [DateTime!]
lt: DateTime
lte: DateTime
neq: DateTime
nin: [DateTime!]
}
input FreeTextFilterInput {
search: String!
}
input BooleanFilterInput {
eq: Boolean
neq: Boolean
}
type AuditingMetadata {
updatedBy: ActorRef!
updatedTime: DateTime!
}
input AuditingMetadataFilterInput {
updatedBy: ActorRefInput
updatedTime: DateTimeFilterInput
}
input AuditingMetadataSortInput {
updatedBy: SortOrderInput
updatedTime: SortOrderInput
}
enum AddressValidationStatus {
INVALID
NA
VALID
}
type PostalAddress {
"Primary address"
address1: String
"Secondary address (unit number)"
address2: String
"Address validation status"
addressValidated: AddressValidationStatus!
"City"
cityName: String
"Country"
country: CountryRef!
"State (only for USA)"
stateName: String
"Street name and number"
street: String @deprecated(reason: "replaced by address1 and address2")
"Zip Code"
zipCode: String
}
type ContactDetails {
"Contact email address"
email: Email
"Contact name"
name: String
"Contact phone number"
phone: Phone
}
input PostalAddressInput {
"Primary address"
address1: String
"Secondary address (unit number)"
address2: String
"City"
cityName: String
"Country"
country: CountryRefInput!
"State (only for USA)"
stateName: String
"Street name and number"
street: String @deprecated(reason: "replaced by address1 and address2")
"Zip Code"
zipCode: String
}
input ContactDetailsInput {
"Contact email address"
email: Email
"Contact name"
name: String
"Contact phone number"
phone: Phone
}
enum RBACAction {
EDIT
NONE
VIEW
}
"System categories for TLS inspection policy"
enum TlsInspectSystemCategory {
"High-popularity cloud apps that were analyzed by Cato's security team and confirmed to be safe for inspection."
POPULAR_CLOUD_APPS
"Top domains found to be broadly TLS-inspected across the Cato cloud. TLS-inspecting these domains is likely to be safe."
SAFE_TO_INSPECT_DOMAINS
}
input PagingInput {
from: Int! = 0
limit: Int! = 100
}
input SortInput {
field: String
order: DirectionInput
}
enum DirectionInput {
asc
desc
}
enum TaggingMethod {
DOT1Q
QINQ
}
input TaggingMethodFilterInput {
eq: TaggingMethod
in: [TaggingMethod!]
neq: TaggingMethod
nin: [TaggingMethod!]
}
type BgpCommunity {
"""Start of the community range."""
from: Asn16!
"""End of the community range."""
to: Asn16!
}
input BgpCommunityInput {
"""Start of the community range."""
from: Asn16!
"""End of the community range."""
to: Asn16!
}
type EntityAccess {
action: RBACAction!
}
type ZtnaAppConnectorRef implements ObjectRef {
"Unique ZTNA app connector ID"
id: ID!
"Name for the ZTNA app connector"
name: String!
}
type AppStats {
from: DateTime
id: ID
records(limit: Int, from: Int): [AppStatsRecord!]
to: DateTime
total: Int
totals: Map
}
type AppStatsRecord {
fields: [AppStatsField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
prevTimeFrame: Map
trends: Map
}
type AppStatsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
type AppStatsField {
name: AppStatsFieldName!
value: Value!
}
input Measure {
aggType: AggregationType!
fieldName: AppStatsFieldName!
trend: Boolean
}
input Dimension {
fieldName: AppStatsFieldName!
}
input AppStatsFilter {
fieldName: AppStatsFieldName!
operator: FilterOperator!
values: [String!]!
}
input AppStatsPostAggFilter {
aggType: AggregationType!
filter: AppStatsFilter!
}
input AppStatsSort {
fieldName: AppStatsFieldName!
order: DirectionEnum!
}
type AdminMutations {
addAdmin(input: AddAdminInput!): AddAdminPayload @ga
addServicePrincipalAdmin(input: AddServicePrincipalAdminInput!): AddServicePrincipalAdminPayload @ga
removeAdmin(adminID: ID!): RemoveAdminPayload @ga
removeServicePrincipalAdmin(adminID: ID!): RemoveServicePrincipalAdminPayload @ga
updateAdmin(adminID: ID!, input: UpdateAdminInput!): UpdateAdminPayload @ga
updateServicePrincipalAdmin(adminID: ID!, input: UpdateServicePrincipalAdminInput!): UpdateServicePrincipalAdminPayload @ga
}
type GetAdminPayload {
adminType: AdminType!
creationDate: String!
email: String!
firstName: String!
id: ID!
lastName: String!
managedRoles: [AdminRole!]
mfaEnabled: Boolean!
passwordNeverExpires: Boolean!
resellerRoles: [AdminRole!]
}
type GetServicePrincipalAdminPayload {
adminType: AdminType!
creationDate: String!
email: String
id: ID!
managedRoles: [AdminRole!]
name: String!
resellerRoles: [AdminRole!]
}
input AddAdminInput {
adminType: AdminType
email: String
firstName: String!
lastName: String!
managedRoles: [UpdateAdminRoleInput!]
mfaEnabled: Boolean @deprecated(reason: "It is recommended to always require MFA when using User Credential authentication.")
passwordNeverExpires: Boolean!
resellerRoles: [UpdateAdminRoleInput!]
}
input AddServicePrincipalAdminInput {
email: String
managedRoles: [UpdateAdminRoleInput!]
name: String!
resellerRoles: [UpdateAdminRoleInput!]
}
input UpdateAdminInput {
firstName: String
lastName: String
managedRoles: [UpdateAdminRoleInput!]
mfaEnabled: Boolean @deprecated(reason: "It is recommended to always require MFA when using User Credential authentication.")
passwordNeverExpires: Boolean
resellerRoles: [UpdateAdminRoleInput!]
}
input UpdateServicePrincipalAdminInput {
managedRoles: [UpdateAdminRoleInput!]
name: String
resellerRoles: [UpdateAdminRoleInput!]
}
type AddAdminPayload {
adminID: ID!
}
type AddServicePrincipalAdminPayload {
adminID: ID!
}
type RemoveAdminPayload {
adminID: ID!
}
type UpdateAdminPayload {
adminID: ID!
}
type RemoveServicePrincipalAdminPayload {
adminID: ID!
}
type UpdateServicePrincipalAdminPayload {
adminID: ID!
}
type AccountManagementQueries {
"""Read the account information"""
account: AccountInfo @ga
}
type AccountManagementMutations {
"""Add a new account"""
addAccount(input: AddAccountInput!): AccountInfo @ga
"""
Sets the account status to "Disabled" for accounts with plan = "Trial" and status = "Active" or "Locked".
"""
disableAccount(accountId: ID!): DisableAccountPayload @beta
"""
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
"""
removeAccount(accountId: ID!): RemoveAccountPayload @ga
"""Update existing account attributes"""
updateAccount(input: UpdateAccountInput!): AccountInfo @ga
}
input AddAccountInput {
"""User-defined information as defined by an account admin"""
description: String
"""The name of the account"""
name: String!
"""The account tenancy (single-tenant / multi-tenant)"""
tenancy: AccountTenancy!
"""The time zone of the account. Default: UTC (GMT + 0)."""
timezone: TimeZone!
"""The account type (Partner / customer)"""
type: AccountProfileType!
}
input UpdateAccountInput {
"""Account description"""
description: String
}
type AccountInfo {
"""Audit data for the account"""
audit: AccountAuditData!
"""User-defined information as defined by an account admin"""
description: String
"""The ID of the account"""
id: ID!
"""The name of the account"""
name: String!
"""The account plan"""
plan: AccountPlan
"""The account status"""
status: AccountStatus!
"""The account tenancy e.g. single-tenant / multi-tenant"""
tenancy: AccountTenancy!
"""The time zone of the account. Default: UTC (GMT + 0)."""
timeZone: TimeZone!
"""The account type e.g. Partner or Customer"""
type: AccountProfileType!
}
type AccountAuditData {
"""The Admin / API key name used for creating the account"""
createdBy: String!
"""The date when the account created"""
createdTime: DateTime!
}
type RemoveAccountPayload {
"""General info of the removed account"""
accountInfo: AccountInfo!
}
type DisableAccountPayload {
"""General info of the disabled account"""
accountInfo: AccountInfo!
}
"""enum for account type"""
enum AccountProfileType {
"""A customer account"""
CUSTOMER
"""A partner account"""
PARTNER
}
"""enum for account tenancy"""
enum AccountTenancy {
"""Multi tenant account - default for partner accounts"""
MULTI_TENANT
"""Single tenant account - default for customer accounts"""
SINGLE_TENANT
}
enum LicenseSku {
"""Cato App & Data Security Package BW SKU"""
CATO_ADSP_B
"""Cato App & Data Security Package Users SKU"""
CATO_ADSP_U
"""Cato AI Security Applications SKU"""
CATO_AI_SEC_APP_U
"""Cato AI Security Users SKU"""
CATO_AI_SEC_U
"""Cato Anti Malware (legacy) service SKU"""
CATO_ANTI_MALWARE
"""Cato Anti Malware Next Generation (legacy) service SKU"""
CATO_ANTI_MALWARE_NG
"""Cato App Connector Bandwidth SKU"""
CATO_APP_CON_B
"""Cato App Connector User SKU"""
CATO_APP_CON_U
"""Cato Assets Group SKU"""
CATO_ASTS_SEC
"""Cato Assets Security 1.5K Devices SKU"""
CATO_ASTS_SEC_1_5K
"""Cato Assets Security 2.5K - 10K Devices SKU"""
CATO_ASTS_SEC_10K
"""Cato Assets Security 10K - 15K Devices SKU"""
CATO_ASTS_SEC_15K
"""Cato Assets Security 1.5K - 2.5K Devices SKU"""
CATO_ASTS_SEC_2_5K
"""Cato Assets Security 15K - 25K Devices SKU"""
CATO_ASTS_SEC_25K
"""Cato Assets Security 25K - 50K Devices SKU"""
CATO_ASTS_SEC_50K
"""Cato Assets Security Above 50K Devices SKU"""
CATO_ASTS_SEC_ABV_50K
"""Cato Advanced Protection BW SKU"""
CATO_ATP_B
"""Cato Advanced Protection Users SKU"""
CATO_ATP_U
"""Cato ATP for MSP users SKU"""
CATO_ATP_USER_SA
"""Cato CASB service SKU"""
CATO_CASB
"""Cato Cloud Access Security Broker BW SKU"""
CATO_CASB_B
"""Cato CASB for MSP bandwidth SKU"""
CATO_CASB_PB_SA
"""Cato Cloud Access Security Broker Users SKU"""
CATO_CASB_U
"""Cato CASB for MSP users SKU"""
CATO_CASB_USER_SA
"""Cato datalake Group SKU"""
CATO_DATALAKE
"""Cato Data Lake Storage 2.5M/h, 12 Month Retention SKU"""
CATO_DATALAKE_12M
"""Cato Data Lake Storage 2.5M/h, 3 Month Retention SKU"""
CATO_DATALAKE_3M
"""Cato Data Lake Storage 2.5M/h, 6 Month Retention SKU"""
CATO_DATALAKE_6M
"""Cato DEM service SKU"""
CATO_DEM
"""Cato Digital Experience Monitoring SKU"""
CATO_DEM_U
"""Cato DLP service SKU"""
CATO_DLP
"""Cato Data Loss Prevention BW SKU"""
CATO_DLP_B
"""Cato DLP for MSP bandwidth SKU"""
CATO_DLP_PB_SA
"""Cato Data Loss Prevention Users SKU"""
CATO_DLP_U
"""Cato DLP for MSP users SKU"""
CATO_DLP_USER_SA
"""Cato EPP service SKU"""
CATO_EPP
"""Cato Endpoint Protection SKU"""
CATO_EPP_U
"""Cato Hands Free Management SKU"""
CATO_HFM_S
"""Cato ILMM service SKU"""
CATO_ILMM
"""Cato Intelligent Last Mile Management SKU"""
CATO_ILMM_S
"""Cato IoT/OT Security service SKU"""
CATO_IOT_OT
"""Public IPs SKU"""
CATO_IP_ADD
"""Cato IPS (legacy) service SKU"""
CATO_IPS
"""Cato Managed XDR service SKU"""
CATO_MANAGED_XDR
"""Cato MDR service SKU"""
CATO_MDR
"""Cato Managed Detection and Response SKU"""
CATO_MDR_U
"""Cato NOCaaS service SKU"""
CATO_NOCAAS_HF
"""Cato NOCaaS SKU"""
CATO_NOCAAS_HF_S
"""Site pooled bandwidth SASE SKU"""
CATO_PB
"""Site pooled bandwidth SSE SKU"""
CATO_PB_SSE
"""Cato Remote Browser Isolation (RBI) service SKU"""
CATO_RBI
"""Cato Remote Browser Isolation BW SKU"""
CATO_RBI_B
"""Cato Remote Browser Isolation Users SKU"""
CATO_RBI_U
"""Cato Remote User SKU"""
CATO_REMOTE_U
"""Cato SAAS Group SKU"""
CATO_SAAS
CATO_SAAS_SECURITY_API
"""
Cato SAAS Security API with more than two Applications integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_ALL_APPS
"""
Cato SAAS Security API with one application integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_ONE_APP
"""
Cato SAAS Security API with two applications integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_TWO_APPS
"""Cato Secured Internet Access Bandwidth SKU"""
CATO_SIA_B
"""Cato Secured Internet Access User SKU"""
CATO_SIA_U
"""Site bandwidth SASE SKU"""
CATO_SITE
"""Cato Sandbox BW SKU"""
CATO_SNDBX_B
"""Cato Sandbox Users SKU"""
CATO_SNDBX_U
"""Cato Socket X1500 SKU"""
CATO_SOCKET_X1500_R
"""Cato Socket X1600 5G SKU"""
CATO_SOCKET_X1600_5G_R
"""Cato Socket X1600 LTE SKU"""
CATO_SOCKET_X1600_LTE_R
"""Cato Socket X1600 SKU"""
CATO_SOCKET_X1600_R
"""Cato Socket X1600 Wifi + 5G SKU"""
CATO_SOCKET_X1600_WIFI_5G_R
"""Cato Socket X1600 Wifi SKU"""
CATO_SOCKET_X1600_WIFI_R
"""Cato Socket X1700 SKU"""
CATO_SOCKET_X1700_R
"""Site bandwidth SSE SKU"""
CATO_SSE_SITE
"""Cato Threat Prevention (legacy) service SKU"""
CATO_THREAT_PREVENTION
"""Cato Advanced Threat Prevention service SKU"""
CATO_THREAT_PREVENTION_ADV
"""Cato ATP for MSP bandwidth SKU"""
CATO_THREAT_PREVENTION_ADV_PB_SA
"""Cato TP for MSP bandwidth SKU"""
CATO_THREAT_PREVENTION_PB_SA
"""Cato TP for MSP users SKU"""
CATO_THREAT_PREVENTION_USER_SA
"""Cato WAN Bandwidth SKU"""
CATO_WAN
"""Cato WAN Threat Prevention BW SKU"""
CATO_WAN_TP_B
"""Cato XDR service SKU"""
CATO_XDR_PRO
"""Cato XOps service SKU"""
CATO_XOPS
"""Cato XOPs SKU"""
CATO_XOPS_U
"""ZTNA remote users SKU"""
CATO_ZTNA_USERS
"""ZTNA remote users SKU"""
MOBILE_USERS @deprecated(reason: "replaced with CATO_ZTNA_USERS")
}
"""Input parameters for querying available versions."""
input AvailableVersionListInput {
"""List of platforms to retrieve available versions for."""
platforms: [String!]!
}
"""Input for bulk site upgrade requests."""
input StartSiteUpgradeInput {
upgrades: [SiteUpgradeRequest!]!
}
"""Represents a single site upgrade request."""
input SiteUpgradeRequest {
site: SiteRefInput!
"""Target version to upgrade the site's sockets to."""
targetVersion: String!
}
"""Response payload for available versions query."""
type AvailableVersionListPayload {
"""List of available versions for each requested platform."""
items: [PlatformVersions!]!
}
"""Represents available versions for a specific platform."""
type PlatformVersions {
"""The platform for which versions are retrieved."""
platform: String!
"""List of available socket versions with additional metadata."""
versionDetails: [SocketVersionInfo!]!
"""List of available socket versions for this platform."""
versions: [String!]!
}
"""Detailed information about an available socket version."""
type SocketVersionInfo {
"""Optional label for this version (e.g. RECOMMENDED, ROLLING_OUT, EOL)."""
label: String
"""The socket version string."""
version: String!
}
"""Wrapper for site upgrade response."""
type StartSiteUpgradePayload {
"""List of individual site upgrade results."""
results: [SiteUpgradeInfo!]!
}
"""Information about a site upgrade."""
type SiteUpgradeInfo {
"""The scheduled UTC time for the upgrade."""
scheduledAt: String!
site: SiteRef!
"""The requested version for this site."""
targetVersion: String!
}
enum AntiMalwareFileHashAction {
"Block file download by filehash action"
BLOCK
"Bypass file download by filehash action"
BYPASS
}
input AntiMalwareFileHashAddRuleDataInput {
"The action when the file hash is matched: [BLOCK | BYPASS]"
action: AntiMalwareFileHashAction! = BLOCK
description: String! = ""
enabled: Boolean!
"The date when the block or bypass action expires"
expirationDate: DateTime!
"The name of the file"
fileName: String!
name: String!
"The file's unique SHA-256 hash identifier"
sha256: SHA_256!
}
input AntiMalwareFileHashAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: AntiMalwareFileHashAddRuleDataInput!
}
type AntiMalwareFileHashPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [AntiMalwareFileHashRulePayload!]!
sections: [PolicySectionPayload!]!
}
input AntiMalwareFileHashPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input AntiMalwareFileHashPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type AntiMalwareFileHashPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: AntiMalwareFileHashPolicy
status: PolicyMutationStatus!
}
type AntiMalwareFileHashPolicyMutations {
addRule(input: AntiMalwareFileHashAddRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): AntiMalwareFileHashPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): AntiMalwareFileHashPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): AntiMalwareFileHashPolicyMutationPayload! @beta
removeRule(input: AntiMalwareFileHashRemoveRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: AntiMalwareFileHashPolicyUpdateInput!): AntiMalwareFileHashPolicyMutationPayload! @beta
updateRule(input: AntiMalwareFileHashUpdateRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type AntiMalwareFileHashPolicyQueries {
policy(input: AntiMalwareFileHashPolicyInput): AntiMalwareFileHashPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input AntiMalwareFileHashPolicyUpdateInput {
state: PolicyToggleState
}
input AntiMalwareFileHashRemoveRuleInput {
id: ID!
}
type AntiMalwareFileHashRule implements IPolicyRule {
"The action when the file hash is matched: [BLOCK | BYPASS]"
action: AntiMalwareFileHashAction!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"The date when the block or bypass action expires"
expirationDate: DateTime!
"The name of the file"
fileName: String!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
"The file's unique SHA-256 hash identifier"
sha256: SHA_256!
}
type AntiMalwareFileHashRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: AntiMalwareFileHashRulePayload
status: PolicyMutationStatus!
}
type AntiMalwareFileHashRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: AntiMalwareFileHashRule!
}
input AntiMalwareFileHashUpdateRuleDataInput {
"The action when the file hash is matched: [BLOCK | BYPASS]"
action: AntiMalwareFileHashAction
description: String
enabled: Boolean
"The date when the block or bypass action expires"
expirationDate: DateTime
"The name of the file"
fileName: String
name: String
"The file's unique SHA-256 hash identifier"
sha256: SHA_256
}
input AntiMalwareFileHashUpdateRuleInput {
id: ID!
rule: AntiMalwareFileHashUpdateRuleDataInput!
}
"policies which configuration can be read with query APIs."
type PolicyQueries {
antiMalwareFileHash: AntiMalwareFileHashPolicyQueries
applicationControl: ApplicationControlPolicyQueries
appTenantRestriction: AppTenantRestrictionPolicyQueries
clientConnectivity: ClientConnectivityPolicyQueries
dynamicIpAllocation: DynamicIpAllocationPolicyQueries
internetFirewall: InternetFirewallPolicyQueries
remotePortFwd: RemotePortFwdPolicyQueries
socketBypass: SocketBypassPolicyQueries
socketLan: SocketLanPolicyQueries
splitTunnel: SplitTunnelPolicyQueries
terminalServer: TerminalServerPolicyQueries
tlsInspect: TlsInspectPolicyQueries
wanFirewall: WanFirewallPolicyQueries
wanNetwork: WanNetworkPolicyQueries
ztnaAlwaysOn: ZtnaAlwaysOnPolicyQueries
}
input GcpConfigInput {
interfaceIp: IPAddress!
loadBalancerIp: IPAddress!
}
input AddSecondaryGcpVSocketInput {
gcpConfig: GcpConfigInput!
site: SiteRefInput!
}
input UpdateSecondaryGcpVSocketInput {
gcpConfig: GcpConfigInput!
id: ID!
}
input SecondaryGcpVSocketInput {
id: ID!
}
input RemoveSecondaryGcpVSocketInput {
id: ID!
}
type GcpVSocketInfo {
id: ID!
interfaceIp: IPAddress!
loadBalancerIp: IPAddress!
site: SiteRef!
}
type UpdateSecondaryGcpVSocketPayload {
socketInfo: GcpVSocketInfo!
}
type SecondaryGcpVSocketPayload {
socketInfo: GcpVSocketInfo!
}
type RemoveSecondaryGcpVSocketPayload {
socketInfo: GcpVSocketInfo!
}
type AddSecondaryGcpVSocketPayload {
socketInfo: GcpVSocketInfo!
}
type SandboxQueries {
" Get a list of sandbox reports "
reports(input: SandboxReportsInput!): SandboxReportsPayload! @beta
}
type SandboxMutations {
" Delete a sandbox report "
deleteReport(input: DeleteReportInput!): DeleteReportPayload! @beta
" Upload a file for sandbox analysis "
uploadFile(input: UploadFileInput!): UploadFilePayload! @beta
}
" Output of sandbox reports query "
type SandboxReportsPayload {
" Pagination information "
pageInfo: PageInfo!
" List of sandbox reports "
report: [SandboxReport!]!
}
" Sandbox report meta-data "
type SandboxReport {
" Report creation date "
creationDate: DateTime!
" Report download URL (if ready) "
downloadUrl: Url
" Report expiration date "
expirationDate: DateTime
" Sandbox analysis failure reason (if any) "
failureReason: SandboxFailureReason
" File hash (SHA-256) "
fileHash: String!
" File name "
fileName: String
" Sandbox analysis status "
status: SandboxStatus!
" Sandbox verdict "
verdict: SandboxVerdict
}
" Upload file response "
type UploadFilePayload {
" Upload URL (HTTP PUT) "
uploadUrl: Url
}
" Delete report response "
type DeleteReportPayload {
" File hash (SHA-256) "
fileHash: String!
}
" Sandbox analysis verdict "
enum SandboxVerdict {
" File is clean "
BENIGN
" File is malicious "
MALICIOUS
" File is suspicious "
SUSPICIOUS
}
" Sandbox analysis status "
enum SandboxStatus {
" Report has expired "
EXPIRED
" Analysis has failed "
FAILED
" File is being analyzed "
IN_PROGRESS
" File is pending analysis "
PENDING
" File is queued for retry after throttling "
QUEUED
" Analysis is complete - report is ready "
READY
}
" Sandbox analysis failure reason "
enum SandboxFailureReason {
" Failed to fetch report from sandbox service after 10 minutes "
ANALYSIS_TIMEOUT
" Reached configured queued limit for account "
EXCEED_RATE_LIMIT
" Internal server error "
INTERNAL_ERROR
" Invalid file size (0 or too large) "
INVALID_FILE_SIZE
" Failed to submit file for sandbox analysis "
SUBMISSION_ERROR
" Unsupported file type "
UNSUPPORTED_FILE_TYPE
}
" Sandbox reports query input "
input SandboxReportsInput {
" Query filter criteria "
filter: SandboxReportsFilterInput
" Query pagination criteria "
paging: PagingInput! = {limit: 25, from: 0}
" Query sorting criteria "
sort: SandboxReportsSortInput! = {reportCreateDate: {direction: DESC, priority: 1}}
}
" Sandbox reports query filter "
input SandboxReportsFilterInput {
" File hash filter "
fileHash: [StringFilterInput!]
" File name filter "
fileName: [StringFilterInput!]
" Report creation date filter "
reportCreateDate: [DateTimeFilterInput!]
}
" Sandbox reports query sorting "
input SandboxReportsSortInput {
" Sort by file name "
fileName: SortOrderInput
" Sort by report creation date "
reportCreateDate: SortOrderInput
}
" Upload file input "
input UploadFileInput {
" Uploaded file name "
fileName: String!
}
" Delete report input "
input DeleteReportInput {
" File hash (SHA-256) to be deleted "
fileHash: String!
}
type PopLocationMachineRef implements ObjectRef {
id: ID!
name: String!
}
type PopLocationServiceUnitRef implements ObjectRef {
id: ID!
name: String!
}
type PopLocationQueries {
"""
Returns a paginated list of allocated IP addresses for PoP locations, with optional filters.
"""
allocatedIpList(input: PopLocationAllocatedIpInput): PopLocationAllocatedIpPayload @beta
popLocationList(input: PopLocationFilterInput): PopLocationPayload @beta
}
type PopLocationMutations {
"""Allocates an IP address for a PoP location."""
allocateIp(input: PopLocationAllocateIpInput!): PopLocationAllocateIpPayload @beta
"""Releases an allocated IP address for a PoP location."""
releaseIp(input: PopLocationReleaseIpInput!): PopLocationReleaseIpPayload @beta
"""
Updates the description for an allocated IP address for a PoP location.
"""
updateAllocatedIpDescription(input: PopLocationUpdateAllocatedIpDescriptionInput!): PopLocationUpdateAllocatedIpDescriptionPayload @beta
}
type PopLocationPayload {
"""
The actual list of PoP locations matching the given filter criteria. Each entry is a non-null PopLocation object.
"""
items: [PopLocation!]!
}
type PopLocation {
"""
Lists the available cloud interconnect options (e.g., AWS Direct Connect, Azure ExpressRoute) at this PoP.
Each entry in the list is a PopLocationCloudInterconnect object describing interconnect capabilities.
"""
cloudInterconnect: [PopLocationCloudInterconnect!]!
"""
Reference to the country where the PoP resides. Links to a CountryRef object that may contain name, ISO code, or additional geopolitical metadata
"""
country: CountryRef!
"""
User-facing name of the PoP (e.g., for dashboards or UI displays). Often formatted for readability
"""
displayName: String!
"""
Unique identifier for the PoP location. Globally unique across the Cato platform
"""
id: ID!
"""
indicates whether the PoP is a private location (customer-owned or dedicated) as opposed to part of the public/shared Cato cloud
"""
isPrivate: Boolean!
"""
Internal name of the PoP location, used for system-level identification. Usually the city of the PoP
"""
name: String!
}
input PopLocationFilterInput {
"""
Filters PoPs based on their geographical country. Useful for regional filtering or compliance.
"""
country: CountryRefFilterInput
"""PoP location's unique identifier (ID)."""
id: IdFilterInput
"""Filter by setting - cloud interconnect tags (e.g.,1Q or QinQ)."""
interconnectTagging: PopLocationCloudInterconnectFilterInput
"""
Filters based on whether a PoP is private or public and a part of the Cato Cloud (public or reserved for a specific partner/customer).
"""
isPrivate: BooleanFilterInput
"""Filter by name of the PoP Location, usually represented by the city."""
name: StringFilterInput
"""
Filters for PoPs marked as “primary,” likely signifying main or preferred locations in a geographic area.
"""
primary: BooleanFilterInput
"""
Filters PoPs based on regional licensing rules or designations, possibly aligning with regional compliance or pricing.
"""
siteLicenseRegion: StringFilterInput
}
type PopLocationCloudInterconnect {
providerName: String!
taggingMethod: TaggingMethod!
}
input PopLocationCloudInterconnectFilterInput {
taggingMethod: TaggingMethodFilterInput
}
input CountryRefFilterInput {
eq: CountryRefInput
in: [CountryRefInput!]
neq: CountryRefInput
nin: [CountryRefInput!]
}
enum PopLocationByoipSubnetState {
ADVERTISED
DEPROVISIONED
FAILED_ADVERTAISED
FAILED_DEPROVISIONING
FAILED_PROVISIONING
FAILED_WITHDRAW
PENDING_ADVERTAISED
PENDING_DEPROVISIONING
PENDING_PROVISIONING
PENDING_WITHDRAW
PROVISIONED
WITHDRAW
}
enum PopLocationAllocatedIpType {
BYOIP
SYSTEM
}
input PopLocationAllocatedIpTypeFilterInput {
eq: PopLocationAllocatedIpType
in: [PopLocationAllocatedIpType!]
neq: PopLocationAllocatedIpType
nin: [PopLocationAllocatedIpType!]
}
input PopLocationRefFilterInput {
eq: PopLocationRefInput
in: [PopLocationRefInput!]
neq: PopLocationRefInput
nin: [PopLocationRefInput!]
}
"""Filter options for querying allocated IP addresses for PoP locations."""
input PopLocationAllocatedIpFilterInput {
"""Filter by account identifier."""
account: StringFilterInput
"""Filter by allocated IP address."""
allocatedIp: StringFilterInput
"""Filter by allocation type."""
allocationType: PopLocationAllocatedIpTypeFilterInput
"""Filter by description of the allocated IP."""
description: StringFilterInput
"""Free-text search across allocated IP attributes."""
global: FreeTextFilterInput
"""Filter by allocated IP identifier."""
id: StringFilterInput
"""Filter by PoP location."""
popLocation: PopLocationRefFilterInput
"""
Filter by subnet associated with the allocated IP address, when applicable.
"""
subnet: StringFilterInput
}
type PopLocationAllocatedIp {
account: AccountRef!
allocationType: PopLocationAllocatedIpType!
description: String
id: ID!
ip: IPAddress!
popLocation: PopLocationRef!
state: PopLocationByoipSubnetState
subnet: String
}
"""Input wrapper for filtering allocated IP addresses for PoP locations."""
input PopLocationAllocatedIpInput {
filter: PopLocationAllocatedIpFilterInput
}
"""Response payload for the allocated IP list query."""
type PopLocationAllocatedIpPayload {
"""List of allocated IP addresses that match the filter."""
allocatedIp: [PopLocationAllocatedIp!]!
"""Paging information for the allocated IP list."""
paging: PageInfo!
}
"""Input for allocating an IP address for a PoP location."""
input PopLocationAllocateIpInput {
"""Optional description for the allocated IP address."""
description: String
"""
Target PoP location for the allocation, when required by the allocation workflow.
"""
popLocation: PopLocationRefInput
"""Allocation type."""
type: PopLocationAllocatedIpType! = BYOIP
}
"""Response payload for the allocate IP mutation."""
type PopLocationAllocateIpPayload {
"""The allocated IP record."""
allocatedIp: PopLocationAllocatedIp!
}
"""Input for releasing an allocated IP address."""
input PopLocationReleaseIpInput {
"""Allocated IP address to release."""
ip: IPAddress!
"""Allocation type."""
type: PopLocationAllocatedIpType! = BYOIP
}
"""Input for updating the description of an allocated IP address."""
input PopLocationUpdateAllocatedIpDescriptionInput {
"""New description for the allocated IP address."""
description: String!
"""Allocated IP address to update."""
ip: IPAddress!
}
type PopLocationReleaseIpPayload {
allocatedIp: PopLocationAllocatedIp!
}
type PopLocationUpdateAllocatedIpDescriptionPayload {
allocatedIp: PopLocationAllocatedIp!
}
enum ConnectionOriginEnum {
ANY
REMOTE
SITE
}
type DeviceAttributes {
"The category of the firewall device."
category: [String!]!
"The manufacturer of the firewall device."
manufacturer: [String!]!
"The model of the firewall device."
model: [String!]!
"The operating system of the firewall device."
os: [String!]!
"The version of the operating system of the firewall device."
osVersion: [String!]!
"The type of the firewall device."
type: [String!]!
}
input DeviceAttributesInput {
"The category of the firewall device."
category: [String!]! = []
"The manufacturer of the firewall device."
manufacturer: [String!]! = []
"The model of the firewall device."
model: [String!]! = []
"The operating system of the firewall device."
os: [String!]! = []
"The version of the operating system of the firewall device."
osVersion: [String!]! = []
"The type of the firewall device."
type: [String!]! = []
}
input DeviceAttributesUpdateInput {
"The category of the firewall device."
category: [String!]
"The manufacturer of the firewall device."
manufacturer: [String!]
"The model of the firewall device."
model: [String!]
"The operating system of the firewall device."
os: [String!]
"The version of the operating system of the firewall device."
osVersion: [String!]
"The type of the firewall device."
type: [String!]
}
"Shared interface for any policy"
interface IPolicy {
"TRUE = Policy is enabled, FALSE = Policy is disabled"
enabled: Boolean!
"Return list of rules in the policy"
rules: [IPolicyRulePayload!]!
"Return sections in the policy"
sections: [PolicySectionPayload!]!
"Audit data for the policy"
audit: PolicyAudit
"Return data for the Policy revision"
revision: PolicyRevision
}
"Results of policy change"
interface IPolicyMutationPayload {
"Data for the policy"
policy: IPolicy
"Enum for the status of the policy change"
status: PolicyMutationStatus!
"List of errors related to the policy change"
errors: [PolicyMutationError!]!
}
interface IPolicyRule {
"Rule ID"
id: ID!
"Name of the rule"
name: String!
"Description for the rule"
description: String
"Position / priority of rule"
index: Int!
"TRUE = Rule is enabled, FALSE = Rule is disabled"
enabled: Boolean!
"Policy section where the rule is located"
section: PolicySectionInfo
}
"Results of rule change"
interface IPolicyRuleMutationPayload {
"Returns settings for the rule"
rule: IPolicyRulePayload
"Enum for the status of the policy change"
status: PolicyMutationStatus!
"List of errors related to the policy change"
errors: [PolicyMutationError!]!
}
"Results of changes to the rule"
interface IPolicyRulePayload {
audit: PolicyElementAudit!
"Rule that was changed"
rule: IPolicyRule!
"Summary of rule change, (ie. ADDED, UPDATED)"
properties: [PolicyElementPropertiesEnum!]!
}
"Enum for the type of time range a rule is active"
enum PolicyActiveOnEnum {
ALWAYS
CUSTOM_RECURRING
CUSTOM_TIMEFRAME
WORKING_HOURS
}
"Input for adding section info to a policy"
input PolicyAddSectionInfoInput {
name: String!
}
"Input for adding a section to a policy"
input PolicyAddSectionInput {
at: PolicySectionPositionInput!
section: PolicyAddSectionInfoInput!
}
type PolicyAudit {
publishedBy: String!
publishedTime: DateTime!
}
input PolicyCreateRevisionInput {
description: String! = ""
name: String!
}
"Returns data for a custom recurring time range that a rule is active"
type PolicyCustomRecurring {
days: [DayOfWeek!]!
from: Time!
to: Time!
}
"Input of data for a custom recurring time range that a rule is active"
input PolicyCustomRecurringInput {
days: [DayOfWeek!]! = []
from: Time!
to: Time!
}
"Input of data for a custom recurring time range that a rule is active"
input PolicyCustomRecurringUpdateInput {
days: [DayOfWeek!]
from: Time
to: Time
}
"Returns data for a custom one-time time range that a rule is active"
type PolicyCustomTimeframe {
from: DateTime!
to: DateTime!
}
"Input of data for a custom one-time time range that a rule is active"
input PolicyCustomTimeframeInput {
from: DateTime!
to: DateTime!
}
"Input of data for a custom one-time time range that a rule is active"
input PolicyCustomTimeframeUpdateInput {
from: DateTime
to: DateTime
}
"Discards unpublished revision for the policy and reverts to the settings for the published policy."
input PolicyDiscardRevisionInput {
id: ID
}
type PolicyElementAudit {
"The admin, or the API-key, that performed the last update"
updatedBy: String!
"The last date and time the rule was updated"
updatedTime: DateTime!
}
"Attributes describing the rule state or type"
enum PolicyElementPropertiesEnum {
"New (added) rule"
ADDED
"""
An object can not be moved, or referenced when moving other objects.
However its properties and content can be modified.
"""
ANCHORED
"A rule locked for changes by other admins"
LOCKED
"A rule moved to a different position"
MOVED
"Removed (deleted) rule"
REMOVED
"A pre-defined (system) rule that cannot be modified or removed"
SYSTEM
"Updated (modified) existing rule"
UPDATED
}
interface PolicyInfo {
id: ID!
name: String!
description: String!
enabled: Boolean!
policyLevel: PolicyLevelEnum!
audit: PolicyAudit!
}
enum PolicyLevelEnum {
MAIN
SUB_POLICY
}
input PolicyLevelEnumFilterInput {
eq: PolicyLevelEnum
in: [PolicyLevelEnum!]
neq: PolicyLevelEnum
nin: [PolicyLevelEnum!]
}
interface PolicyListPayload {
items: [PolicyInfo!]!
paging: PageInfo!
}
"Move the rule to a different position in the policy"
input PolicyMoveRuleInput {
id: ID!
to: PolicyRulePositionInput
}
"Input for moving a section within a policy"
input PolicyMoveSectionInput {
id: ID!
to: PolicySectionPositionInput
}
"Move the sub rule to a different position in the policy"
input PolicyMoveSubRuleInput {
id: ID!
to: PolicySubRulePositionInput!
}
"""
The `PolicyMutationError` enum defines various error messages related to policy publishing in the policy platform service.
## Policy Errors
### `ConcurrentPolicyPublish`
- **Error Message:** "Another policy is currently publishing"
### `PolicyRevisionMismatch`
- **Error Message:** "Revision is not owned by the admin"
### `PolicyRevisionNotFound`
- **Error Message:** "Revision was not found"
### `PolicyInvalidEntity`
- **Error Message:** "Invalid entity"
### `DuplicateRuleName`
- **Error Message:** "Rule with the same name already exists"
### `DuplicateSectionName`
- **Error Message:** "Section with the same name already exists"
### `PolicyFailure`
- **Error Message:** "Can’t publish policy due to an internal error. Please try again in a few minutes"
## Rule Errors
### `ruleIsLocked`
- **Error Message:** "Rule is locked by another revision"
### `ruleWasRemoved`
- **Error Message:** "Rule was already removed"
### `ruleNotExist`
- **Error Message:** "Rule does not exist"
### `ruleSectionNotExist`
- **Error Message:** "Section does not exist"
### `ruleSectionIsLocked`
- **Error Message:** "Section is locked by another revision"
### `rulePositionInvalid`
- **Error Message:** "Rule position is invalid"
### `ruleNameIsEmpty`
- **Error Message:** "Rule name can't be empty"
### `ruleNameAlreadyExists`
- **Error Message:** "Rule with the same name already exists"
### `ruleSystemModification`
- **Error Message:** "Can't modify a system rule"
### `ruleSystemMove`
- **Error Message:** "Can't add a rule above the system rules"
### `ruleHasInvalidEntity`
- **Error Message:** "Rule has an invalid entity"
### `failedValidatingRule`
- **Error Message:** "Something went wrong, couldn't validate rule"
## Section Errors
### `sectionIsLocked`
- **Error Message:** "Section is locked by another revision"
### `sectionSystemMove`
- **Error Message:** "Section with system rules cannot be moved or removed"
### `sectionNotExist`
- **Error Message:** "Section does not exist"
### `sectionPositionInvalid`
- **Error Message:** "Section position is invalid"
"""
type PolicyMutationError {
errorCode: String
errorMessage: String
}
input PolicyMutationRevisionInput {
id: ID
}
"Enum for the status of a policy mutation"
enum PolicyMutationStatus {
FAILURE
SUCCESS
}
"""
Published revision is the active policy
applied on the traffic.
In addition, when a policy is published, revision changes become visible
to other admins, and rules locked by the revision become unlocked
"""
input PolicyPublishRevisionInput {
description: String
name: String
}
interface PolicyRef implements ObjectRef {
"Policy's unique identifier"
id: ID!
"Policy's unique name"
name: String!
}
"Input for removing a section from a policy"
input PolicyRemoveSectionInput {
id: ID!
}
"Returns data about the policy revision, such as when the change was made, how many rules were changed, etc."
type PolicyRevision {
changes: Int!
createdTime: DateTime!
description: String!
id: ID!
name: String!
updatedTime: DateTime!
}
"Input for specifying a policy revision"
input PolicyRevisionInput {
id: ID
type: PolicyRevisionType = PRIVATE
}
"Enum for the type of a policy revision"
enum PolicyRevisionType {
PRIVATE
PUBLIC
}
"Returns data for publishing the policy"
type PolicyRevisionsPayload {
revision: [PolicyRevision!]!
}
"Returns the time period during which the rule is active, outside this period, the rule is inactive"
type PolicyRuleActivePeriod {
"The time the rule becomes active, if not used, default null"
effectiveFrom: DateTime
"The time the rule expires, if not used, default null"
expiresAt: DateTime
useEffectiveFrom: Boolean!
useExpiresAt: Boolean!
}
input PolicyRuleActivePeriodInput {
"The time the rule becomes active, if not used, default null"
effectiveFrom: DateTime
"The time the rule expires, if not used, default null"
expiresAt: DateTime
useEffectiveFrom: Boolean! = false
useExpiresAt: Boolean! = false
}
input PolicyRuleActivePeriodUpdateInput {
"The time the rule becomes active, if not used, default null"
effectiveFrom: DateTime
"The time the rule expires, if not used, default null"
expiresAt: DateTime
useEffectiveFrom: Boolean
useExpiresAt: Boolean
}
"Enum for the position of a rule within a policy"
enum PolicyRulePositionEnum {
"The rule position is after the pre-existing specified rule"
AFTER_RULE
"The rule position is before the pre-existing specified rule"
BEFORE_RULE
"The rule position is immediately after the system rules (first non-system rule)"
FIRST_IN_POLICY
"The rule position is first in the specified section"
FIRST_IN_SECTION
"The rule position is last in the policy"
LAST_IN_POLICY
"The rule position is last in the specified section"
LAST_IN_SECTION
}
"Parameters required to define the rule position"
input PolicyRulePositionInput {
"Position relative to a policy, a section or another rule"
position: PolicyRulePositionEnum
"The identifier of the object (e.g. a rule, a section) relative to which the position of the added rule is defined"
ref: ID
}
"Returns data for the alert settings for the rule"
type PolicyRuleTrackingAlert {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean!
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum!
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRef!]!
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRef!]!
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRef!]!
}
"Input of data for the alert settings for the rule"
input PolicyRuleTrackingAlertInput {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean! = false
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum! = HOURLY
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRefInput!]! = []
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRefInput!]! = []
}
"Input of data for the alert settings for the rule"
input PolicyRuleTrackingAlertUpdateInput {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRefInput!]
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRefInput!]
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRefInput!]
}
"Returns data if an alert is sent for a rule"
type PolicyRuleTrackingEvent {
enabled: Boolean!
}
"Input of data if an alert is sent for a rule"
input PolicyRuleTrackingEventInput {
enabled: Boolean! = false
}
"Input of data if an alert is sent for a rule"
input PolicyRuleTrackingEventUpdateInput {
enabled: Boolean
}
"Enum for the frequency of an alert event for a rule"
enum PolicyRuleTrackingFrequencyEnum {
DAILY
HOURLY
IMMEDIATE
WEEKLY
}
enum PolicyRuleTypeEnum {
"Indicate rule is a regular policy rule"
POLICY_RULE
"Indicate the rule is a scoping context for sub policy"
SUB_POLICY_SCOPE
}
type PolicySchedule {
activeOn: PolicyActiveOnEnum!
customRecurring: PolicyCustomRecurring
customTimeframe: PolicyCustomTimeframe
}
input PolicyScheduleInput {
activeOn: PolicyActiveOnEnum! = ALWAYS
customRecurring: PolicyCustomRecurringInput
customTimeframe: PolicyCustomTimeframeInput
}
input PolicyScheduleUpdateInput {
activeOn: PolicyActiveOnEnum
customRecurring: PolicyCustomRecurringUpdateInput
customTimeframe: PolicyCustomTimeframeUpdateInput
}
"Define settings for a policy section"
type PolicySectionInfo {
id: ID!
name: String!
subPolicyId: ID
}
type PolicySectionMutationPayload {
errors: [PolicyMutationError!]!
section: PolicySectionPayload
status: PolicyMutationStatus!
}
type PolicySectionPayload {
access: EntityAccess
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
section: PolicySectionInfo!
}
enum PolicySectionPositionEnum {
AFTER_SECTION
BEFORE_SECTION
LAST_IN_POLICY
}
input PolicySectionPositionInput {
position: PolicySectionPositionEnum!
ref: ID
}
"Enum for the position of a rule within a policy"
enum PolicySubRulePositionEnum {
"The rule position is after the pre-existing specified rule"
AFTER_SUB_RULE
"The rule position is before the pre-existing specified rule"
BEFORE_SUB_RULE
"The rule position is first in the specified rule"
FIRST_IN_RULE
"The rule position is last in the specified rule"
LAST_IN_RULE
}
"Parameters required to define the rule position"
input PolicySubRulePositionInput {
"Position relative to a policy, a section or another rule"
position: PolicySubRulePositionEnum!
"The identifier of the sub-rule relative to which the position of the added rule is defined"
ref: ID!
}
"Enum for the state of a policy"
enum PolicyToggleState {
DISABLED
ENABLED
}
type PolicyTracking {
alert: PolicyRuleTrackingAlert!
event: PolicyRuleTrackingEvent!
}
input PolicyTrackingInput {
alert: PolicyRuleTrackingAlertInput! = {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}
event: PolicyRuleTrackingEventInput! = {enabled: false}
}
input PolicyTrackingUpdateInput {
alert: PolicyRuleTrackingAlertUpdateInput
event: PolicyRuleTrackingEventUpdateInput
}
input PolicyUpdateSectionInfoInput {
name: String
}
input PolicyUpdateSectionInput {
id: ID!
section: PolicyUpdateSectionInfoInput!
}
input PortRangeUpdateInput {
from: Port
to: Port
}
interface SubPolicyPayload {
policy: PolicyInfo!
properties: [SubPolicyProperty!]!
}
enum SubPolicyProperty {
READ_ONLY
}
type NotificationSubscriptionQueries {
integration: IntegrationQueries!
"""Retrieves details of a specific Mailing List"""
mailingList(input: MailingListRefInput!): MailingList
"""Retrieves all Mailing Lists available in the account."""
mailingListList: MailingListListPayload!
"""
Retrieves details of a specific Subscription Group for the account.
Subscription Groups combine Mailing Lists and integrations
(including webhooks) for sending notifications.
"""
subscriptionGroup(input: SubscriptionGroupRefInput!): SubscriptionGroup
"""
Retrieves list of Subscription Groups for the account.
Subscription Groups combine Mailing Lists and integrations
(including webhooks) for sending notifications
"""
subscriptionGroupList: SubscriptionGroupListPayload!
}
type NotificationSubscriptionMutations {
"""
Creates a new Mailing List.
Any valid email can be added, including those not associated with account users.
Usage limits:
- Maximum number of Mailing Lists per account: 1,000.
- Maximum number of members in each Mailing List: 1,000.
"""
createMailingList(input: CreateMailingListInput!): CreateMailingListPayload!
"""
Creates a Subscription Group.
Subscription Groups combine Mailing Lists and integrations
(including webhooks) for sending notifications.
Usage limits:
- Maximum number of Subscription Groups per account: 1,000.
- Maximum number of members in each Subscription Group: 100.
"""
createSubscriptionGroup(input: CreateSubscriptionGroupInput!): CreateSubscriptionGroupPayload
"""Deletes a Mailing List. This action cannot be undone."""
deleteMailingList(input: MailingListRefInput!): DeleteMailingListPayload
"""Deletes a Subscription Group. This action cannot be undone."""
deleteSubscriptionGroup(input: SubscriptionGroupRefInput!): DeleteSubscriptionGroupPayload
"""
Mutations for notification integrations,
to enable integration with third-party services e.g. via APIs or webhooks.
"""
integration: IntegrationMutations!
"""
Updates an existing Mailing List.
Only specified attributes in the input will be updated,
no changes to other attributes.
Usage limits:
- Maximum number of members in each Mailing List: 1,000.
"""
updateMailingList(input: UpdateMailingListInput!): UpdateMailingListPayload!
"""
Updates an existing Subscription Group.
Subscription Groups combine Mailing Lists and integrations
(including webhooks) for sending notifications.
Usage limits:
- Maximum number of members in each Subscription Group: 100.
"""
updateSubscriptionGroup(input: UpdateSubscriptionGroupInput!): UpdateSubscriptionGroupPayload
}
type IntegrationQueries {
"""Retrieves specific webhook reference body template."""
referenceBodyTemplate(input: WebhookTemplateRefInput!): WebhookReferenceBodyTemplate
"""Retrieves all available webhook reference body templates."""
referenceBodyTemplateList: WebhookReferenceBodyTemplateListPayload!
"""Retrieves details of the specified webhook."""
webhook(input: WebhookIntegrationRefInput!): Webhook
"""Retrieves all available webhook integration available custom fields"""
webhookFields: WebhookFieldsPayload
"""Retrieves all webhooks configured on the account."""
webhookList: WebhookListPayload!
}
type IntegrationMutations {
"""
Create a webhook integration to send notifications to third-party
integrations and vendors via HTTP/HTTPS.
Usage limits:
- Maximum number of webhooks per account: 1,000.
"""
createWebhook(input: CreateWebhookInput!): CreateWebhookPayload
"""Delete a webhook integration. This action cannot be undone."""
deleteWebhook(input: WebhookIntegrationRefInput!): DeleteWebhookPayload
"""
Tests an existing webhook integration by sending a request with the specified field structure,
auto-populated with sample (placeholder) values.
"""
testWebhook(input: WebhookIntegrationRefInput!): TestWebhookPayload!
"""Update existing webhook integration."""
updateWebhook(input: UpdateWebhookInput!): UpdateWebhookPayload
}
input IntegrationRefInput {
"""
Choose to specify the integration by name or by ID.
IDs are automatically unique, if you use a non-unique name,
it will result in an error.
"""
by: ObjectRefBy! = ID
"""The corresponding name or ID."""
input: String!
}
input WebhookIntegrationRefInput {
"""
Specify the webhook integration by name or by ID.
IDs are automatically unique, if you use a non-unique name,
it will result in an error.
"""
by: ObjectRefBy! = ID
"""The corresponding name or ID."""
input: String!
}
input WebhookTemplateRefInput {
"""
Specify the webhook integration template reference by name or by ID.
IDs are automatically unique, if you use a non-unique name,
it will result in an error.
"""
by: ObjectRefBy! = NAME
input: String!
}
input MailingListRefInput {
"""
Specify the Mailing List by name or by ID.
IDs are automatically unique, if you use a non-unique name,
it will result in an error.
"""
by: ObjectRefBy! = ID
"""The corresponding name or ID."""
input: String!
}
input CreateMailingListInput {
"""A list of email addresses."""
address: [Email!]
"""A list of existing CMA admins for your account."""
admin: [AdminRefInput!]
"""The name of the Mailing List."""
name: String!
}
"""
Update an existing Mailing List. Specified fields are updated,
and no change to other fields. An empty Mailing List will remove all members.
"""
input UpdateMailingListInput {
"""Update the existing emails in the Mailing List."""
address: [Email!]
"""Add specific emails to the current Mailing List."""
addressToAdd: [Email!]
"""Remove specific emails from the current Mailing List."""
addressToRemove: [Email!]
"""Update the existing CMA admins in the Mailing List."""
admin: [AdminRefInput!]
"""Add CMA admins to the current Mailing List."""
adminToAdd: [AdminRefInput!]
"""Remove CMA admins from the current Mailing List."""
adminToRemove: [AdminRefInput!]
"""The Mailing List to be updated."""
mailingList: MailingListRefInput!
"""Update the Mailing List name"""
name: String
}
"""
Authentication configuration for creating a webhook integration.
Only one authentication method should be provided.
If null, no authentication will be used.
"""
input CreateWebhookAuthInput {
"""Basic authentication (username/password)."""
basic: CreateBasicAuthInput
"""Bearer token authentication."""
bearer: CreateBearerTokenAuthInput
"""Custom header authentication."""
custom: CreateCustomHeaderAuthInput
}
"""
Authentication configuration for updating a webhook integration.
Only one authentication method should be provided.
If null, no authentication will be used.
"""
input UpdateWebhookAuthInput {
"""Basic authentication (username/password)."""
basic: UpdateBasicAuthInput
"""Bearer token authentication."""
bearer: UpdateBearerTokenAuthInput
"""Custom header authentication."""
custom: UpdateCustomHeaderAuthInput
}
"""Defines parameters for a new webhook integration."""
input CreateWebhookInput {
"""Authentication configuration for the target service."""
auth: CreateWebhookAuthInput!
"""
JSON body template.
Use available fields with '$' prefix to define the webhook payload.
See 'Understanding the JSON Fields for Alert Integrations' Knowledge Base
article for details.
"""
body: String!
"""Enable or disable the webhook."""
enabled: Boolean = true
"""Optional HTTP headers."""
header: [HttpHeaderNameValueInput]
"""The webhook name"""
name: String!
"""Related webhook that provides the Correlation ID used for updates"""
relatedWebhookRef: WebhookIntegrationRefInput
"""HTTP method used when sending the webhook request (e.g., POST, PUT)."""
requestMethod: WebhookRequestMethod = POST
"""
Defines JSON path mappings used to extract values from the webhook response payload.
At present, only a single mapping is supported, with the key "correlationId".
The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id).
"""
responseMapping: [WebhookResponseMapEntryInput!]
"""The URL of the target service"""
url: Url!
}
"""
# Modified parameters for an existing webhook integration.
Specified fields will be updated, and no changes to other fields.
To remove all members, provide an empty list as the parameter.
"""
input UpdateWebhookInput {
"""Update the authentication configuration for the target service."""
auth: UpdateWebhookAuthInput
"""
Update the JSON body template.
Use available fields with '$' prefix to define the webhook payload.
See 'Understanding the JSON Fields for Alert Integrations' Knowledge Base
article for details.
"""
body: String
"""Enable or disable the Webhook."""
enabled: Boolean
"""Update the optional HTTP headers."""
header: [HttpHeaderNameValueInput!]
"""Add headers to the webhook headers list."""
headerToAdd: [HttpHeaderNameValueInput!]
"""Remove headers from the webhook headers list."""
headerToRemove: [HttpHeaderNameValueInput!]
"""Update the Webhook name"""
name: String
"""Related webhook that provides the Correlation ID used for updates"""
relatedWebhookRef: WebhookIntegrationRefInput
"""
Update the HTTP method used when sending the webhook request (e.g., POST, PUT).
"""
requestMethod: WebhookRequestMethod
"""
Defines JSON path mappings used to extract values from the webhook response payload.
At present, only a single mapping is supported, with the key "correlationId".
The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id).
"""
responseMapping: [WebhookResponseMapEntryInput!]
"""Add response mappings to the webhook response mapping list."""
responseMappingToAdd: [WebhookResponseMapEntryInput!]
"""Remove response mappings from the webhook response mapping list."""
responseMappingToRemove: [WebhookResponseMapEntryInput!]
"""Update the URL of the target service"""
url: Url
"""The Webhook to be updated."""
webhook: WebhookIntegrationRefInput!
}
input CreateSubscriptionGroupInput {
"""Integrations (e.g. webhooks) included in the Subscription Group"""
integration: [IntegrationRefInput!]
"""Mailing Lists included in the Subscription Group"""
mailingList: [MailingListRefInput!]
"""The Subscription Group name"""
name: String!
}
"""
Update parameters for an existing Subscription Group.
Specified fields will be updated, and there is no change for other fields.
An empty list will remove all members.
"""
input UpdateSubscriptionGroupInput {
"""Update the Integrations in the Subscription Group."""
integration: [IntegrationRefInput!]
"""
Add specific Integrations to the current Integrations in the Subscription Group
"""
integrationToAdd: [IntegrationRefInput!]
"""
Remove specific Integrations to the current Integrations in the Subscription Group
"""
integrationToRemove: [IntegrationRefInput!]
"""Update the existing emails in the Subscription Group Mailing List."""
mailingList: [MailingListRefInput!]
"""
Add specific emails to the current Mailing List in the Subscription Group
"""
mailingListToAdd: [MailingListRefInput!]
"""
Remove specific emails to the current Mailing List in the Subscription Group
"""
mailingListToRemove: [MailingListRefInput!]
"""Update the Subscription Group name"""
name: String
"""The Subscription Group to be updated."""
subscriptionGroup: SubscriptionGroupRefInput!
}
input WebhookResponseMapEntryInput {
key: String!
value: String!
}
"""
Response payload for retrieving a list of Mailing Lists associated with an account
"""
type MailingListListPayload {
"""List of Mailing List configured for the account."""
items: [MailingList!]!
"""Pagination metadata for the list of Mailing List."""
paging: PageInfo!
}
"""
Returns the details of a newly created Mailing List after a successful creation request.
"""
type CreateMailingListPayload {
"""The newly created Mailing List."""
mailingList: MailingList!
}
"""
Returns the details of an updated Mailing List after a successful request.
"""
type UpdateMailingListPayload {
"""The updated Mailing List."""
mailingList: MailingList!
}
"""
Returns the details of a deleted Mailing List after a successful request.
"""
type DeleteMailingListPayload {
"""The deleted Mailing List."""
mailingList: MailingList!
}
"""
Represents a Mailing List entity, including its
unique ID, name, type, associated email addresses, administrators,
and audit metadata.
"""
type MailingList {
"""List of email addresses included in the Mailing List."""
address: [Email!]!
"""List of account administrators assigned to manage the Mailing List."""
admin: [AdminRef!]!
"""Audit metadata containing creation and modification details."""
audit: AuditingMetadata!
"""Unique identifier of the Mailing List."""
id: ID!
"""Name of the Mailing List"""
name: String!
"""
Specifies how the Mailing List addresses are defined (e.g., all admins, specific_emails, system).
"""
type: MailingListAddressesType!
}
"""Represents the response payload for a list of webhook integrations."""
type WebhookListPayload {
"""List of webhook integrations configured for the account."""
items: [Webhook!]!
"""Pagination metadata for the webhook list."""
paging: PageInfo!
}
"""
Defines the structure of a webhook integration used to
send notifications to third-party services.
"""
type Webhook {
"""Authentication configuration for the webhook."""
auth: AuthInterface!
"""JSON template used to structure the webhook request body."""
body: String!
"""Indicates whether the webhook is currently enabled."""
enabled: Boolean!
"""Optional custom headers sent with the webhook request."""
header: [HttpHeaderNameValue!]!
"""Unique identifier of the webhook integration."""
id: ID!
"""Display name of the webhook integration."""
name: String!
"""Related webhook that provides the Correlation ID used for updates"""
relatedWebhookId: ID
"""HTTP method used when sending the webhook request (e.g., POST, PUT)."""
requestMethod: WebhookRequestMethod!
"""
Defines JSON path mappings used to extract values from the webhook response payload.
At present, only a single mapping is supported, with the key "correlationId".
The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id).
"""
responseMapping: [WebhookResponseMapEntry!]!
"""Target URL where the webhook sends requests."""
url: Url!
}
"""Response payload for a webhook creation operation."""
type CreateWebhookPayload {
"""The newly created webhook integration."""
webhook: Webhook!
}
"""Response payload for a webhook update operation."""
type UpdateWebhookPayload {
"""The updated webhook integration."""
webhook: Webhook!
}
"""Response payload for a webhook deletion operation."""
type DeleteWebhookPayload {
"""The deleted webhook integration."""
webhook: Webhook!
}
"""Response payload for a webhook test operation."""
type TestWebhookPayload {
"""Error message returned if the webhook test failed."""
errorMessage: String
"""Indicates whether the webhook test was successful."""
success: Boolean!
}
"""Represents the response payload for a list of Subscription Groups."""
type SubscriptionGroupListPayload {
"""List of Subscription Groups configured in the account."""
items: [SubscriptionGroup!]!
"""Pagination metadata for the Subscription Group list."""
paging: PageInfo!
}
"""Response payload for creating a Subscription Group."""
type CreateSubscriptionGroupPayload {
"""The newly created Subscription Group."""
subscriptionGroup: SubscriptionGroup!
}
"""Response payload for updating a Subscription Group."""
type UpdateSubscriptionGroupPayload {
"""The updated Subscription Group."""
subscriptionGroup: SubscriptionGroup!
}
"""Response payload for deleting a Subscription Group"""
type DeleteSubscriptionGroupPayload {
"""The deleted Subscription Group."""
subscriptionGroup: SubscriptionGroup!
}
"""
Represents a Subscription Group that combines Mailing Lists and webhook integrations.
"""
type SubscriptionGroup {
"""Unique identifier of the Subscription Group."""
id: ID!
"""Webhook integrations included in the Subscription Group."""
integration: IntegrationList!
"""Mailing Lists included in the Subscription Group."""
mailingList: [MailingList!]!
"""Display name of the Subscription Group."""
name: String!
}
"""
Container for listing webhook integrations associated with a Subscription Group.
"""
type IntegrationList {
"""List of webhook integrations included in the Subscription Group."""
webhookList: [Webhook!]!
}
"""
Represents the response payload for listing predefined webhook body templates.
"""
type WebhookReferenceBodyTemplateListPayload {
"""List of predefined webhook reference body templates."""
items: [WebhookReferenceBodyTemplate!]!
}
"""
Represents a reusable webhook body template for standardizing payload formats.
"""
type WebhookReferenceBodyTemplate {
"""Authentication configuration for the webhook."""
auth: AuthInterface
"""JSON body template used as a reference for webhook payloads."""
bodyTemplate: String!
"""Optional custom headers sent with the webhook request."""
header: [HttpHeaderNameValue!]!
"""Unique identifier of the Webhook Reference Body Template."""
id: ID!
"""Name of the webhook reference body template"""
name: String!
"""HTTP method used when sending the webhook request (e.g., POST, PUT)."""
requestMethod: WebhookRequestMethod
"""
Defines JSON path mappings used to extract values from the webhook response payload.
At present, only a single mapping is supported, with the key "correlationId".
The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id).
"""
responseMapping: [WebhookResponseMapEntry!]!
"""Target URL where the webhook sends requests."""
url: String!
"""
Indicates whether this template is for CREATE operations, UPDATE operations, or NONE (null if not applicable)
"""
webhookRelationType: WebhookRelationType
}
enum WebhookRelationType {
CREATE
UPDATE
}
"""Lists all supported fields available for customizing webhook requests."""
type WebhookFieldsPayload {
"""List of supported fields for the webhook request body."""
bodyFields: [String!]!
"""List of supported fields for the webhook headers."""
headerFields: [String!]!
"""List of supported fields for the webhook URL."""
urlFields: [String!]!
}
type WebhookResponseMapEntry {
key: String!
value: String!
}
enum MailingListAddressesType {
SPECIFIC_EMAILS
}
enum WebhookRequestMethod {
POST
PUT
}
enum BypassSocketPortType {
"Automatic socket port type."
AUTOMATIC
"WAN1 socket port type."
WAN1
"WAN2 socket port type."
WAN2
"WAN3 socket port type."
WAN3
"WAN4 socket port type."
WAN4
}
type SocketBypassAction {
event: PolicyRuleTrackingEvent!
"Preferred Socket Port"
port: BypassSocketPortType!
}
input SocketBypassActionInput {
event: PolicyRuleTrackingEventInput! = {enabled: false}
"Preferred Socket Port"
port: BypassSocketPortType! = AUTOMATIC
}
input SocketBypassActionUpdateInput {
event: PolicyRuleTrackingEventUpdateInput
"Preferred Socket Port"
port: BypassSocketPortType
}
input SocketBypassAddRuleDataInput {
action: SocketBypassActionInput! = {port: AUTOMATIC, event: {enabled: false}}
description: String! = ""
"The destination of the traffic for the rule."
destination: SocketBypassDestinationInput! = {application: [], customApp: [], domain: [], fqdn: [], ipRange: [], subnet: [], ip: [], globalIpRange: []}
enabled: Boolean!
"Exceptions to the rule."
exception: [SocketBypassExceptionInput!]! = []
name: String!
service: SocketBypassServiceInput! = {simple: [], custom: []}
site: SocketBypassSiteInput! = {site: [], group: []}
"The source of the traffic for the rule."
source: SocketBypassSourceInput! = {ipRange: [], group: [], subnet: [], ip: [], floatingSubnet: [], globalIpRange: [], vlan: [], networkInterface: [], host: [], siteNetworkSubnet: []}
}
input SocketBypassAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: SocketBypassAddRuleDataInput!
}
"Defines destinations (Application/Category) for the Bypass policy."
type SocketBypassDestination {
"Applications matching criteria for this rule."
application: [ApplicationRef!]!
"Custom applications that can be matched by"
customApp: [CustomApplicationRef!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]!
}
"Defines destinations (Application/Category) for the Bypass policy."
input SocketBypassDestinationInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]! = []
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]! = []
}
"Defines destinations (Application/Category) for the Bypass policy."
input SocketBypassDestinationUpdateInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]
domain: [Domain!]
fqdn: [Fqdn!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]
}
type SocketBypassException {
"The destination of the traffic for the rule."
destination: SocketBypassDestination!
"The name of the Bypass rule."
name: String!
service: SocketBypassService!
site: SocketBypassSite!
"The source of the traffic for the rule."
source: SocketBypassSource!
}
input SocketBypassExceptionInput {
"The destination of the traffic for the rule."
destination: SocketBypassDestinationInput! = {application: [], customApp: [], domain: [], fqdn: [], ipRange: [], subnet: [], ip: [], globalIpRange: []}
"The name of the Bypass rule."
name: String!
service: SocketBypassServiceInput! = {simple: [], custom: []}
site: SocketBypassSiteInput! = {site: [], group: []}
"The source of the traffic for the rule."
source: SocketBypassSourceInput! = {ipRange: [], group: [], subnet: [], ip: [], floatingSubnet: [], globalIpRange: [], vlan: [], networkInterface: [], host: [], siteNetworkSubnet: []}
}
type SocketBypassPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [SocketBypassRulePayload!]!
sections: [PolicySectionPayload!]!
}
input SocketBypassPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input SocketBypassPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type SocketBypassPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: SocketBypassPolicy
status: PolicyMutationStatus!
}
type SocketBypassPolicyMutations {
addRule(input: SocketBypassAddRuleInput!): SocketBypassRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): SocketBypassPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): SocketBypassPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): SocketBypassRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): SocketBypassPolicyMutationPayload! @beta
removeRule(input: SocketBypassRemoveRuleInput!): SocketBypassRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: SocketBypassPolicyUpdateInput!): SocketBypassPolicyMutationPayload! @beta
updateRule(input: SocketBypassUpdateRuleInput!): SocketBypassRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type SocketBypassPolicyQueries {
policy(input: SocketBypassPolicyInput): SocketBypassPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input SocketBypassPolicyUpdateInput {
state: PolicyToggleState
}
input SocketBypassRemoveRuleInput {
id: ID!
}
type SocketBypassRule implements IPolicyRule {
action: SocketBypassAction!
"Description for the rule"
description: String!
"The destination of the traffic for the rule."
destination: SocketBypassDestination!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Exceptions to the rule."
exception: [SocketBypassException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
service: SocketBypassService!
site: SocketBypassSite!
"The source of the traffic for the rule."
source: SocketBypassSource!
}
type SocketBypassRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketBypassRulePayload
status: PolicyMutationStatus!
}
type SocketBypassRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketBypassRule!
}
"Defines services used in the Bypass policy."
type SocketBypassService {
"Custom services defined for this rule."
custom: [CustomService!]!
"Simple services allowed by the firewall rule."
simple: [SimpleService!]!
}
"Defines services used in the Bypass policy."
input SocketBypassServiceInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]! = []
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]! = []
}
"Defines services used in the Bypass policy."
input SocketBypassServiceUpdateInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]
}
"Represents the site configurations in the Bypass policy, empty site and group means 'ANY'"
type SocketBypassSite {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v25 onwards.
"""
group: [GroupRef!]!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v25 onwards.
"""
site: [SiteRef!]!
}
"Represents the site configurations in the Bypass policy, empty site and group means 'ANY'"
input SocketBypassSiteInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v25 onwards.
"""
group: [GroupRefInput!]! = []
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v25 onwards.
"""
site: [SiteRefInput!]! = []
}
"Represents the site configurations in the Bypass policy, empty site and group means 'ANY'"
input SocketBypassSiteUpdateInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v25 onwards.
"""
group: [GroupRefInput!]
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v25 onwards.
"""
site: [SiteRefInput!]
}
"Defines sources for the Bypass policy."
type SocketBypassSource {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the Bypass policy."
input SocketBypassSourceInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the Bypass policy."
input SocketBypassSourceUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
input SocketBypassUpdateRuleDataInput {
action: SocketBypassActionUpdateInput
description: String
"The destination of the traffic for the rule."
destination: SocketBypassDestinationUpdateInput
enabled: Boolean
"Exceptions to the rule."
exception: [SocketBypassExceptionInput!]
name: String
service: SocketBypassServiceUpdateInput
site: SocketBypassSiteUpdateInput
"The source of the traffic for the rule."
source: SocketBypassSourceUpdateInput
}
input SocketBypassUpdateRuleInput {
id: ID!
rule: SocketBypassUpdateRuleDataInput!
}
input SocketLanAddRuleDataInput {
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestinationInput! = {vlan: [], ipRange: [], subnet: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], group: [], floatingSubnet: [], siteNetworkSubnet: []}
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection! = TO
enabled: Boolean!
name: String!
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettingsInput! = {enabled: false, natType: DYNAMIC_PAT}
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanServiceInput! = {simple: [], custom: []}
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSiteInput! = {site: [], group: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSourceInput! = {vlan: [], ipRange: [], group: [], subnet: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], floatingSubnet: [], siteNetworkSubnet: []}
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType! = WAN
}
input SocketLanAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: SocketLanAddRuleDataInput!
}
"Returns the settings for Destination of a Wan Firewall rule."
type SocketLanDestination {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
vlan: [Vlan!]!
}
"Input of the settings for Destination of a Wan Firewall rule."
input SocketLanDestinationInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
vlan: [Vlan!]! = []
}
"Input of the settings for Destination of a Wan Firewall rule."
input SocketLanDestinationUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
vlan: [Vlan!]
}
enum SocketLanDirection {
"Specifies two-way direction."
BOTH
"Specifies one-way direction."
TO
}
enum SocketLanFirewallAction {
ALLOW
BLOCK
}
input SocketLanFirewallAddRuleDataInput {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction! = ALLOW
"Application traffic matching criteria."
application: SocketLanFirewallApplicationInput! = {application: [], customApp: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
description: String! = ""
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestinationInput! = {vlan: [], ipRange: [], subnet: [], site: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], group: [], floatingSubnet: [], siteNetworkSubnet: []}
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection! = TO
enabled: Boolean!
name: String!
"Service traffic matching criteria."
service: SocketLanFirewallServiceTypeInput! = {simple: [], standard: [], custom: []}
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSourceInput! = {vlan: [], mac: [], ipRange: [], group: [], subnet: [], site: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], floatingSubnet: [], siteNetworkSubnet: []}
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
input SocketLanFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicySubRulePositionInput
"Parameters for the rule you are adding"
rule: SocketLanFirewallAddRuleDataInput!
}
"Defines applications for the socket LAN firewall."
type SocketLanFirewallApplication {
"Applications matching criteria for this rule."
application: [ApplicationRef!]!
"Custom applications that can be matched by"
customApp: [CustomApplicationRef!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
globalIpRange: [GlobalIpRangeRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
"Defines applications for the socket LAN firewall."
input SocketLanFirewallApplicationInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]! = []
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
subnet: [NetworkSubnet!]! = []
}
"Defines applications for the socket LAN firewall."
input SocketLanFirewallApplicationUpdateInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]
domain: [Domain!]
fqdn: [Fqdn!]
globalIpRange: [GlobalIpRangeRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
"Defines destinations for the socket LAN firewall."
type SocketLanFirewallDestination {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Sites defined for your account."
site: [SiteRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]!
"Predefined system groups in your account."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines destinations for the socket LAN firewall."
input SocketLanFirewallDestinationInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Sites defined for your account."
site: [SiteRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]! = []
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines destinations for the socket LAN firewall."
input SocketLanFirewallDestinationUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Sites defined for your account."
site: [SiteRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
enum SocketLanFirewallDirection {
"Specifies two-way direction."
BOTH
"Specifies one-way direction."
TO
}
type SocketLanFirewallPolicyMutations {
addRule(input: SocketLanFirewallAddRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
moveRule(input: PolicyMoveSubRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
removeRule(input: SocketLanFirewallRemoveRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
updateRule(input: SocketLanFirewallUpdateRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
}
input SocketLanFirewallRemoveRuleInput {
id: ID!
}
type SocketLanFirewallRule implements IPolicyRule {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction!
"Application traffic matching criteria."
application: SocketLanFirewallApplication!
"Description for the rule"
description: String!
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestination!
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Service traffic matching criteria."
service: SocketLanFirewallServiceType!
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSource!
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTracking!
}
type SocketLanFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketLanFirewallRulePayload
status: PolicyMutationStatus!
}
type SocketLanFirewallRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketLanFirewallRule!
}
"Defines services used in the socket LAN firewall."
type SocketLanFirewallServiceType {
"Custom services defined for this rule."
custom: [CustomService!]!
"Simple services allowed by the firewall rule."
simple: [SimpleService!]!
"Standard services allowed by the firewall rule."
standard: [ServiceRef!]!
}
"Defines services used in the socket LAN firewall."
input SocketLanFirewallServiceTypeInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]! = []
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]! = []
"Standard services allowed by the firewall rule."
standard: [ServiceRefInput!]! = []
}
"Defines services used in the socket LAN firewall."
input SocketLanFirewallServiceTypeUpdateInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]
"Standard services allowed by the firewall rule."
standard: [ServiceRefInput!]
}
"Defines sources for the socket LAN firewall."
type SocketLanFirewallSource {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"MAC addresses of devices matching criteria."
mac: [MacAddress!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Sites defined for your account."
site: [SiteRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]!
"Predefined system groups in your account."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the socket LAN firewall."
input SocketLanFirewallSourceInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"MAC addresses of devices matching criteria."
mac: [MacAddress!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Sites defined for your account."
site: [SiteRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]! = []
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the socket LAN firewall."
input SocketLanFirewallSourceUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"MAC addresses of devices matching criteria."
mac: [MacAddress!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Sites defined for your account."
site: [SiteRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
input SocketLanFirewallUpdateRuleDataInput {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction
"Application traffic matching criteria."
application: SocketLanFirewallApplicationUpdateInput
description: String
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestinationUpdateInput
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection
enabled: Boolean
name: String
"Service traffic matching criteria."
service: SocketLanFirewallServiceTypeUpdateInput
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTrackingUpdateInput
}
input SocketLanFirewallUpdateRuleInput {
id: ID!
rule: SocketLanFirewallUpdateRuleDataInput!
}
"Defines NAT settings for the socket LAN policy."
type SocketLanNatSettings {
"Indicates if NAT is enabled."
enabled: Boolean!
natType: SocketLanNatType!
}
"Defines NAT settings for the socket LAN policy."
input SocketLanNatSettingsInput {
"Indicates if NAT is enabled."
enabled: Boolean! = false
natType: SocketLanNatType! = DYNAMIC_PAT
}
"Defines NAT settings for the socket LAN policy."
input SocketLanNatSettingsUpdateInput {
"Indicates if NAT is enabled."
enabled: Boolean
natType: SocketLanNatType
}
enum SocketLanNatType {
DYNAMIC_PAT
}
type SocketLanPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [SocketLanRulePayload!]!
sections: [PolicySectionPayload!]!
}
input SocketLanPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input SocketLanPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type SocketLanPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: SocketLanPolicy
status: PolicyMutationStatus!
}
type SocketLanPolicyMutations {
addRule(input: SocketLanAddRuleInput!): SocketLanRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): SocketLanPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): SocketLanPolicyMutationPayload! @beta
firewall: SocketLanFirewallPolicyMutations!
moveRule(input: PolicyMoveRuleInput!): SocketLanRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): SocketLanPolicyMutationPayload! @beta
removeRule(input: SocketLanRemoveRuleInput!): SocketLanRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: SocketLanPolicyUpdateInput!): SocketLanPolicyMutationPayload! @beta
updateRule(input: SocketLanUpdateRuleInput!): SocketLanRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type SocketLanPolicyQueries {
policy(input: SocketLanPolicyInput): SocketLanPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input SocketLanPolicyUpdateInput {
state: PolicyToggleState
}
input SocketLanRemoveRuleInput {
id: ID!
}
type SocketLanRule implements IPolicyRule {
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestination!
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
firewall: [SocketLanFirewallRulePayload!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettings!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanService!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSite!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSource!
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType!
}
type SocketLanRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketLanRulePayload
status: PolicyMutationStatus!
}
type SocketLanRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketLanRule!
}
"Defines services used in the socket LAN policy."
type SocketLanService {
"Custom Port/Protocol service."
custom: [CustomService!]!
"List of L4 based services."
simple: [SimpleService!]!
}
"Defines services used in the socket LAN policy."
input SocketLanServiceInput {
"Custom Port/Protocol service."
custom: [CustomServiceInput!]! = []
"List of L4 based services."
simple: [SimpleServiceInput!]! = []
}
"Defines services used in the socket LAN policy."
input SocketLanServiceUpdateInput {
"Custom Port/Protocol service."
custom: [CustomServiceInput!]
"List of L4 based services."
simple: [SimpleServiceInput!]
}
"Represents the site configurations in the socket LAN policy."
type SocketLanSite {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRef!]!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRef!]!
}
"Represents the site configurations in the socket LAN policy."
input SocketLanSiteInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRefInput!]! = []
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRefInput!]! = []
}
"Represents the site configurations in the socket LAN policy."
input SocketLanSiteUpdateInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRefInput!]
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRefInput!]
}
"Defines sources for the socket LAN policy."
type SocketLanSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRef!]!
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRef!]!
"Hosts and servers defined for your under Socket sites."
host: [HostRef!]!
"IP address."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network range defined for a site."
networkInterface: [NetworkInterfaceRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]!
"Predefined Cato groups."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the socket LAN policy."
input SocketLanSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your under Socket sites."
host: [HostRefInput!]! = []
"IP address."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the socket LAN policy."
input SocketLanSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRefInput!]
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRefInput!]
"Hosts and servers defined for your under Socket sites."
host: [HostRefInput!]
"IP address."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network range defined for a site."
networkInterface: [NetworkInterfaceRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]
"Predefined Cato groups."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
enum SocketLanTransportType {
"Specifies LAN transport type, routed locally for inspection of LAN Firewall."
LAN
"Specifies WAN transport type, send to the PoP for inspection of WAN Firewall."
WAN
}
input SocketLanUpdateRuleDataInput {
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestinationUpdateInput
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection
enabled: Boolean
name: String
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettingsUpdateInput
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanServiceUpdateInput
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSiteUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSourceUpdateInput
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType
}
input SocketLanUpdateRuleInput {
id: ID!
rule: SocketLanUpdateRuleDataInput!
}
input WanNetworkAddRuleDataInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], customServiceIp: [], customService: [], domain: [], fqdn: [], service: []}
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRefInput!
"The configuration of the rule."
configuration: WanNetworkRuleConfigurationInput! = {activeTcpAcceleration: false, packetLossMitigation: false, preserveSourcePort: false, primaryTransport: {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}, secondaryTransport: {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}, allocationIp: [], popLocation: [], backhaulingSite: []}
description: String! = ""
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
enabled: Boolean!
"Exceptions to the rule."
exceptions: [WanNetworkRuleExceptionInput!]! = []
name: String!
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType! = NONE
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType! = WAN
"The source of the traffic for the rule."
source: WanNetworkRuleSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
}
input WanNetworkAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: WanNetworkAddRuleDataInput!
}
type WanNetworkPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [WanNetworkRulePayload!]!
sections: [PolicySectionPayload!]!
}
input WanNetworkPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input WanNetworkPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type WanNetworkPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanNetworkPolicy
status: PolicyMutationStatus!
}
type WanNetworkPolicyMutations {
addRule(input: WanNetworkAddRuleInput!): WanNetworkRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): WanNetworkPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): WanNetworkPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): WanNetworkRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): WanNetworkPolicyMutationPayload! @beta
removeRule(input: WanNetworkRemoveRuleInput!): WanNetworkRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: WanNetworkPolicyUpdateInput!): WanNetworkPolicyMutationPayload! @beta
updateRule(input: WanNetworkUpdateRuleInput!): WanNetworkRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type WanNetworkPolicyQueries {
policy(input: WanNetworkPolicyInput): WanNetworkPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input WanNetworkPolicyUpdateInput {
state: PolicyToggleState
}
input WanNetworkRemoveRuleInput {
id: ID!
}
type WanNetworkRule implements IPolicyRule {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplication!
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRef!
"The configuration of the rule."
configuration: WanNetworkRuleConfiguration!
"Description for the rule"
description: String!
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestination!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Exceptions to the rule."
exceptions: [WanNetworkRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType!
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType!
"Policy section where the rule is located"
section: PolicySectionInfo!
"The source of the traffic for the rule."
source: WanNetworkRuleSource!
}
type WanNetworkRuleApplication {
appCategory: [ApplicationCategoryRef!]!
application: [ApplicationRef!]!
customApp: [CustomApplicationRef!]!
customCategory: [CustomCategoryRef!]!
customService: [CustomService!]!
customServiceIp: [CustomServiceIp!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
service: [ServiceRef!]!
}
input WanNetworkRuleApplicationInput {
appCategory: [ApplicationCategoryRefInput!]! = []
application: [ApplicationRefInput!]! = []
customApp: [CustomApplicationRefInput!]! = []
customCategory: [CustomCategoryRefInput!]! = []
customService: [CustomServiceInput!]! = []
customServiceIp: [CustomServiceIpInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
service: [ServiceRefInput!]! = []
}
input WanNetworkRuleApplicationUpdateInput {
appCategory: [ApplicationCategoryRefInput!]
application: [ApplicationRefInput!]
customApp: [CustomApplicationRefInput!]
customCategory: [CustomCategoryRefInput!]
customService: [CustomServiceInput!]
customServiceIp: [CustomServiceIpInput!]
domain: [Domain!]
fqdn: [Fqdn!]
service: [ServiceRefInput!]
}
type WanNetworkRuleConfiguration {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean!
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRef!]!
"The site for backhaul routing option."
backhaulingSite: [SiteRef!]!
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean!
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRef!]!
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean!
"The primary transport method."
primaryTransport: WanNetworkRuleTransport!
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransport!
}
input WanNetworkRuleConfigurationInput {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean! = false
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRefInput!]! = []
"The site for backhaul routing option."
backhaulingSite: [SiteRefInput!]! = []
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean! = false
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRefInput!]! = []
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean! = false
"The primary transport method."
primaryTransport: WanNetworkRuleTransportInput! = {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransportInput! = {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}
}
input WanNetworkRuleConfigurationUpdateInput {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRefInput!]
"The site for backhaul routing option."
backhaulingSite: [SiteRefInput!]
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRefInput!]
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean
"The primary transport method."
primaryTransport: WanNetworkRuleTransportUpdateInput
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransportUpdateInput
}
type WanNetworkRuleDestination {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
site: [SiteRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input WanNetworkRuleDestinationInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
site: [SiteRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input WanNetworkRuleDestinationUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
site: [SiteRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
type WanNetworkRuleException {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplication!
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestination!
"The name of the network rule."
name: String!
"The source of the traffic for the rule."
source: WanNetworkRuleSource!
}
input WanNetworkRuleExceptionInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], customServiceIp: [], customService: [], domain: [], fqdn: [], service: []}
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
"The name of the network rule."
name: String!
"The source of the traffic for the rule."
source: WanNetworkRuleSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
}
enum WanNetworkRuleInterfaceRole {
"Automatic interface role."
AUTOMATIC
"No interface role."
NONE
"WAN1 interface role."
WAN1
"WAN2 interface role."
WAN2
"WAN3 interface role."
WAN3
"WAN4 interface role."
WAN4
"WAN5 interface role."
WAN5
"WAN6 interface role."
WAN6
}
type WanNetworkRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: WanNetworkRulePayload
status: PolicyMutationStatus!
}
type WanNetworkRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: WanNetworkRule!
}
enum WanNetworkRuleRouteType {
"Backhaul routing."
BACKHAUL
"Backhaul hairpinning routing."
BACKHAUL_HAIRPINNING
"NAT routing."
NAT
"No routing."
NONE
"Optimized routing. Smart Egress using closest destination"
OPTIMIZED
"Route via a specific path."
VIA
}
type WanNetworkRuleSource {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
site: [SiteRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input WanNetworkRuleSourceInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
site: [SiteRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input WanNetworkRuleSourceUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
site: [SiteRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
type WanNetworkRuleTransport {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole!
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole!
transportType: WanNetworkRuleTransportType!
}
input WanNetworkRuleTransportInput {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole! = AUTOMATIC
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole! = AUTOMATIC
transportType: WanNetworkRuleTransportType! = AUTOMATIC
}
enum WanNetworkRuleTransportType {
"Alternative WAN transport type."
ALTERNATIVE_WAN
"Automatic transport type."
AUTOMATIC
"No transport type."
NONE
"Off-cloud transport type."
OFF_CLOUD
"WAN transport type."
WAN
}
input WanNetworkRuleTransportUpdateInput {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole
transportType: WanNetworkRuleTransportType
}
enum WanNetworkRuleType {
"Inbound Internet transport type."
INBOUND_INTERNET
"Internet transport type."
INTERNET
"WAN transport type."
WAN
}
input WanNetworkUpdateRuleDataInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationUpdateInput
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRefInput
"The configuration of the rule."
configuration: WanNetworkRuleConfigurationUpdateInput
description: String
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationUpdateInput
enabled: Boolean
"Exceptions to the rule."
exceptions: [WanNetworkRuleExceptionInput!]
name: String
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType
"The source of the traffic for the rule."
source: WanNetworkRuleSourceUpdateInput
}
input WanNetworkUpdateRuleInput {
id: ID!
rule: WanNetworkUpdateRuleDataInput!
}
type LicensingQueries {
"""BETA"""
licensingInfo: LicensingInfo @beta
}
type LicensingMutations {
"""BETA"""
updateCommercialLicense(input: UpdateCommercialLicenseInput!): UpdateCommercialLicensePayload @beta
}
input UpdateCommercialLicenseInput {
"""The unique identifier of the license to update"""
licenseId: ID!
"""The desired start date for the license activation"""
startDate: DateTime
}
type UpdateCommercialLicensePayload {
"""The license that was modified"""
license: License!
}
"""Public license API"""
type LicensingInfo {
aiSecurityApplications: [AISecurityApplicationsLicense!]!
aiSecurityUsers: [AISecurityUsersLicense!]!
atp: [AtpLicense!]!
casb: [CasbLicense!]!
dataLake: [DataLakeLicense!]!
dem: [DemLicense!]!
dlp: [DlpLicense!]!
endpointProtection: [EndpointProtectionLicense!]!
"""License usage and allocation across the managed accounts"""
globalLicenseAllocations: GlobalLicenseAllocations!
ilmm: [IlmmLicense!]!
iotOt: [IotOtLicense!]!
ips: [IpsLicense!]!
"""License inventory"""
licenses: [License!]! @deprecated(reason: "please use individual license type fields")
malwareProtection: [MalwareProtectionLicense!]!
managedXdr: [ManagedXdrLicense!]!
mdr: [MdrLicense!]!
nextGenMalwareProtection: [NextGenMalwareProtectionLicense!]!
nocaas: [NOCaaSLicense!]!
pooledBandwidth: [PooledBandwidthLicense!]!
publicIps: [PublicIpsLicense!]!
rbi: [RbiLicense!]!
saasSecurityApi: [SaasSecurityApiLicense!]!
site: [SiteLicense!]!
threatPrevention: [ThreatPreventionLicense!]!
xdrPro: [XdrProLicense!]!
xOps: [XOpsLicense!]!
ztnaUsers: [ZtnaUsersLicense!]!
}
"""License usage and allocation across all accounts"""
type GlobalLicenseAllocations {
"""Public IP addresses usage across the accounts"""
publicIps: PublicIpsLicenseAllocations
"""ZTNA license allocation across the accounts"""
ztnaUsers: ZtnaUsersLicenseAllocations
}
"""IP addresses license usage and allocation across all accounts"""
type PublicIpsLicenseAllocations {
allocated: Int!
available: Int!
total: Int!
}
"""Global ZTNA license usage and allocation across all accounts"""
type ZtnaUsersLicenseAllocations {
"""Total users allocated a ZTNA license"""
allocated: Int!
"""Available users not yet allocated a license"""
available: Int!
"""Total ZTNA licenses for users"""
total: Int!
}
"""enum for license plan type (site license, service license, etc...)"""
enum LicensePlan {
COMMERCIAL
TRIAL
}
"""enum that shows account license status"""
enum AccountPlan {
COMMERCIAL
TRIAL
}
"""
enum for account plan status – the current license status within the license lifecycle
"""
enum LicenseStatus {
"""A license that is currently active"""
ACTIVE
"""An expired license is no longer active"""
DISABLED
"""A license in a grace period"""
LOCKED
"""The license is pending customer activation by setting a start date"""
PENDING
"""
An existing license with a future start date that is not currently active
"""
SCHEDULED
"""
A license that is active before its start date, for partners and customers to verify the relevant configurations
"""
STAGING
}
"""
An interface containing properties that are common to all license types
"""
interface License {
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
description: String
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License activation status"""
status: LicenseStatus!
"""License start date"""
startDate: DateTime
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
}
interface QuantifiableLicense implements License {
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
description: String
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License activation status"""
status: LicenseStatus!
"""License initiation date"""
startDate: DateTime
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""license quantity"""
total: Int!
}
type DataLakeLicense implements License & QuantifiableLicense {
description: String
"""
The version of the Data Processing Agreement (DPA) that your company signed with Cato.
"""
dpaVersion: DpaVersion!
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""
Data retention period, in months, during which the account data may remain on the Cato Cloud. After this period the data will be permanently deleted.
"""
retentionPeriod: Int
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""
Total number of the Data Storage Units under this license. Each Data Storage Unit increases the allowed ingestion rate (events per hour and total events storage)
"""
total: Int!
}
"""The DPA agreement, based on your contract with Cato"""
enum DpaVersion {
DPA_2019_01
DPA_2021_01
DPA_2023_01
}
"""Public IP address license"""
type PublicIpsLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The number of public IPs available in the licenses"""
total: Int!
}
"""Site bandwidth license"""
type SiteLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""
For the relevant license groups, indicates whether this is a global or regional license. For other regions, the value is set to ‘NA’ (not applicable).
"""
regionality: Regionality
"""Identifying data for the site the license is assigned to"""
site: SiteRef
"""The license group."""
siteLicenseGroup: SiteLicenseGroup!
"""The selected service type, e.g SASE or SSE."""
siteLicenseType: SiteLicenseType!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""Maximum available bandwidth for the site, in Mbps"""
total: Int!
}
type PooledBandwidthLicense implements License & QuantifiableLicense {
"""
Accounts that this license is assigned to (and the license usage within each account)
"""
accounts: [PartnerPooledBandwidthLicenseAccount!]!
"""
allocated bandwidth, in Mbps, for all the sites assigned to this license.
"""
allocatedBandwidth: Int!
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""Regional license group"""
siteLicenseGroup: SiteLicenseGroup!
"""The selected service type, e.g SASE or SSE."""
siteLicenseType: SiteLicenseType!
"""
Sites that this license is assigned to (and the license usage within each site)
"""
sites: [PooledBandwidthLicenseSite!]!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""
Maximum available bandwidth, in Mbps, for all the sites under this license. This constitutes the bandwidth pool that is allocated to different sites.
"""
total: Int!
}
type PooledBandwidthLicenseSite {
"""Allocated bandwidth for this site"""
allocatedBandwidth: Int!
"""Identifying data for the site"""
site: SiteRef!
}
type PartnerPooledBandwidthLicenseAccount {
"""Identifying data for the account"""
account: AccountRef!
"""Allocated bandwidth for this account"""
allocatedBandwidth: Int!
}
enum SiteLicenseGroup {
"""legacy license group"""
AFRICA
"""legacy license group"""
ANZ
"""legacy license group"""
APJ
"""Country with stand-alone licenses (not part of a group)"""
CHINA
"""legacy license group"""
DUBAI
"""legacy license group"""
EUROPE
GROUP_1
GROUP_2
"""legacy license group"""
LATAM
"""legacy license group"""
MIDDLE_EAST
"""Country with stand-alone licenses (not part of a group)"""
MOROCCO
"""legacy license group"""
NAM
"""Country with stand-alone licenses (not part of a group)"""
VIETNAM
}
enum SiteLicenseType {
SASE
SSE
}
"""ZTNA remote users license"""
type ZtnaUsersLicense implements License & QuantifiableLicense {
"""
Accounts that this license is assigned to (and the license usage within each account)
"""
accounts: [PartnerZtnaUsersLicenseAccount!]!
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The maximum amount of ZTNA users for the region."""
total: Int!
"""Specify a license group that you are limiting the number of ZTNA users"""
ztnaUsersLicenseGroup: ZtnaUsersLicenseGroup!
}
type PartnerZtnaUsersLicenseAccount {
"""Identifying data for the account"""
account: AccountRef!
"""Allocated users for this account"""
allocatedUsers: Int!
}
"""Geographical regions that can be associated with a remote user license"""
enum ZtnaUsersLicenseGroup {
"""Country with stand-alone licenses (not part of a group)"""
CHINA
"""Legacy group"""
DUBAI
GENERAL
"""Legacy group"""
LATAM
"""Country with stand-alone licenses (not part of a group)"""
MOROCCO
"""Country with stand-alone licenses (not part of a group)"""
VIETNAM
}
"""
REGIONAL and GLOBAL licenses for MOROCCO, CHINA, and VIETNAM group values
"""
enum Regionality {
"""Global traffic going outside of the region"""
GLOBAL
"""Site traffic within the region"""
REGIONAL
}
"""End Point Protection (EPP) license details"""
type EndpointProtectionLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The maximum number of users that can use this service"""
total: Int!
}
"""Intelligent Last Mile Monitoring (ILMM) License details"""
type IlmmLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The total amount of ILMM licenses."""
total: Int!
}
"""
Intrusion Prevention System (IPS) service license (Legacy license, replaced by TP)
"""
type IpsLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Anti-Malware service license details (Legacy license, replaced by TP)"""
type MalwareProtectionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""
NG Anti-Malware service license details (Legacy license, replaced by TP)
"""
type NextGenMalwareProtectionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Threat Prevention (TP) license details"""
type ThreatPreventionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""NOC as a Service (NOCaaS) service license details"""
type NOCaaSLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Cloud Access Security Broker (CASB) service license details"""
type CasbLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Data Loss Prevention (DLP) Service license details"""
type DlpLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""MDR service license details"""
type MdrLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Managed XDR service license details"""
type ManagedXdrLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Remote Browser Isolation (RBI) service license details"""
type RbiLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""SaaS Security API service license details"""
type SaasSecurityApiLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""license quantity"""
total: Int!
}
"""XDR Pro (extended detection and response) service license details"""
type XdrProLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The number of knowledge users that the XDR Pro service refers to"""
total: Int!
}
"""DEM service license details"""
type DemLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""IoT/OT Security service license details"""
type IotOtLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Advanced Threat Prevention (ATP) service license details"""
type AtpLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""XOps service license details"""
type XOpsLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""AI Security Users service license details"""
type AISecurityUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""AI Security Applications service license details"""
type AISecurityApplicationsLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Cloud Access Security Broker - Users service license details"""
type MspCasbUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Cloud Access Security Broker - Bandwidth service license details"""
type MspCasbBandwidthLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Data Loss Prevention - Users service license details"""
type MspDlpUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Data Loss Prevention - Bandwidth service license details"""
type MspDlpBandwidthLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Threat Prevention - Users service license details"""
type MspTpUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Threat Prevention - Bandwidth service license details"""
type MspTpBandwidthLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Advanced Threat Prevention - Users service license details"""
type MspAtpUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""Cato Advanced Threat Prevention - Bandwidth service license details"""
type MspAtpBandwidthLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
input AssignSiteBwLicenseInput {
"""
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license.
This field should not be used if a site license is used.
"""
bw: Int
"""The license that is being assigned"""
licenseId: ID!
"""The site the license is assigned to"""
site: SiteRefInput!
}
type AssignSiteBwLicensePayload {
license: License!
}
input UpdateSiteBwLicenseInput {
"""
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license.
"""
bw: Int!
"""The license that is being assigned"""
licenseId: ID!
"""The site the license is being assigned to"""
site: SiteRefInput!
}
type UpdateSiteBwLicensePayload {
license: License!
}
input ReplaceSiteBwLicenseInput {
"""
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license.
This field should not be used if a site license is used.
"""
bw: Int
"""The license that is being assigned"""
licenseIdToAdd: ID!
"""The license that is being removed"""
licenseIdToRemove: ID!
"""The site to replace the licenses for"""
site: SiteRefInput!
}
type ReplaceSiteBwLicensePayload {
license: License!
}
input RemoveSiteBwLicenseInput {
"""The license that is being removed"""
licenseId: ID!
"""The site to remove the licenses from"""
site: SiteRefInput!
}
type RemoveSiteBwLicensePayload {
license: License!
}
type HardwareQueries {
"""Count of hardware items by shipping status"""
countHardwareByStatus: StatusCount @beta
"""Retrieve the account hardware items"""
hardware(input: HardwareSearchInput): HardwarePayload @beta
}
type HardwareMutations {
"""Set Shipping details for a list of hardware"""
updateHwShipping(input: UpdateHwShippingInput!): HardwarePayload @beta
}
enum ShippingStatus {
CONFIRM_SHIPPING
DELIVERED
IN_TRANSIT
PENDING_INFO
}
input HardwareSearchInput {
filter: HardwareFilterInput
paging: PagingInput = {limit: 100, from: 0}
sort: HardwareSortInput
}
input HwShippingDetailsInput {
"""The shipping details"""
details: ShippingDetailsInputByLocationId!
"""Power cable type (for sockets only)"""
powerCable: String
}
input ShippingDetailsInputByLocationId {
"""Address for delivery"""
address: ID
"""Comment"""
comment: String
"""Shipping method"""
incoterms: String
"""Delivery instruction (required for EXW incoterms)"""
instruction: String
}
input HardwareFilterInput {
account: [AccountFilter!]
countryCode: StringFilterInput
countryName: [StringFilterInput!]
"""
Will run contains operation for the provided text on the following fields productType,
sfId, siteName, quoteId, model, zipCode, country, city, state, street, companyName, contactName,
trackingUrl, trackingNumber, serialNumber and comment with OR between them
"""
freeText: FreeTextFilterInput
id: [IdFilterInput!]
licenseStartDate: [DateTimeFilterInput!]
product: [StringFilterInput!]
serialNumber: [StringFilterInput!]
shippingStatus: [ShippingStatusFilterInput!]
validAddress: BooleanFilterInput
}
input ShippingStatusFilterInput {
eq: ShippingStatus
in: [ShippingStatus!]
neq: ShippingStatus
nin: [ShippingStatus!]
}
input HardwareSortInput {
country: SortOrderInput
incoterms: SortOrderInput
licenseId: SortOrderInput
"""Default sort field"""
licenseStartDate: SortOrderInput
productType: SortOrderInput
quoteId: SortOrderInput
serialNumber: SortOrderInput
shippingDate: SortOrderInput
shippingStatus: SortOrderInput
siteName: SortOrderInput
}
input UpdateHwShippingInput {
""" The shipping details to update"""
details: HwShippingDetailsInput!
""" The ids of items to update"""
ids: [ID!]!
}
type ShippingDetails {
"""City"""
cityName: String
"""Comment"""
comment: String
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetails
"""Country"""
countryName: String
"""Shipping method"""
incoterms: String
"""Delivery instruction (required for EXW incoterms)"""
instruction: String
"""Power cable type (for sockets only)"""
powerCable: String
"""State (required only for USA)"""
stateName: String
"""Street name and number"""
street: String
"""Vat id (required for Brazil)"""
vatId: String
"""Zip Code"""
zipCode: String
}
type ShippingTracking {
"""Carrier (shipping company)"""
carrier: String
"""Shipping date"""
shippingDate: Date
"""Shipping status"""
shippingStatus: ShippingStatus
"""Tracking number"""
trackingNumber: String
"""Tracking url"""
trackingUrl: String
}
type HardwarePayload {
"""The results"""
items: [Hardware!]!
"""Pagination details"""
pageInfo: PageInfo
}
type Hardware {
"""Cma account"""
account: AccountRef
"""Id"""
id: ID!
"""Last modified"""
lastModified: DateTime
"""Crm License Id"""
licenseId: ID
"""License start date"""
licenseStartDate: Date
"""Reference to the Enterprise Directory address"""
locationId: ID
"""Product Mac address"""
macAddress: String
"""Product model"""
model: String
"""Product order number"""
poNumber: String
"""Product type"""
productType: String
"""Quote ID where the product was purchased"""
quoteId: String
"""Serial number"""
serialNumber: String
"""Shipping details"""
shippingDetail: ShippingDetails
"""Shipping tracking data"""
shippingTracking: ShippingTracking
"""The site’s country"""
siteCountryName: String
"""Validation details"""
validation: HardwareValidation
}
type HardwareValidation {
"""Address validation details"""
addressValidationStatus: AddressValidationStatus
"""Complete item"""
completed: Boolean!
"""Incomplete reason"""
incompleteReason: String
}
type StatusCount {
CONFIRM_SHIPPING: Int
DELIVERED: Int
IN_TRANSIT: Int
PENDING_INFO: Int
}
"""Queries for reading groups-related information"""
type GroupsQueries {
"""
Get a specific group configuration. The group can be identified by ID or name.
"""
group(input: GroupRefInput!): Group @beta
"""
Get a list of groups, with optional filters and sorting.
This query only returns basic information for each group (e.g. name, ID).
To view full configuration details, including members, use the `group` query for each result.
"""
groupList(input: GroupListInput = {paging: {limit: 100, from: 0}, sort: {name: {direction: ASC, priority: 1}}}): GroupListPayload @beta
"""Check which policies use the group."""
whereUsed(input: GroupRefInput!): GroupWhereUsedPayload @beta
}
"""
A group is a collection of typed members (e.g., sites, hosts).
Groups can include members of different types.
When you update a group or use it in a policy, the system verifies that all members are allowed in the policy's scope.
If a group is used in a policy that doesn’t support certain member types, you can't add those types to the group.
If a group already includes unsupported types, you can only assign it to a policy that supports those types.
A member type is valid if it's supported in the group and allowed in the policy scope.
"""
type Group {
"""Contains creation and modification metadata for the group"""
audit: AuditingMetadata!
"""Optional free-text description for documentation or context"""
description: String
"""Unique ID for the group."""
id: ID!
"""
Lists the members in this group. Supports paging, filtering, and sorting by type and name
"""
members(input: GroupMembersListInput! = {paging: {limit: 100, from: 0}, sort: {name: {direction: ASC, priority: 2}, type: {direction: ASC, priority: 1}}}): GroupMembersListPayload!
"""
Total number of group members. When paging and filtering is used, this number may be higher than the number of members returned by the query
"""
membersCount: Int!
"""
Breakdown of member count by type (e.g., number of sites, hosts, etc.).
"""
membersCountPerType: [GroupMemberTypeCount!]!
"""Name of the group (not guaranteed to be globally unique)."""
name: String!
}
"""
Describes where the group is used across policies and scopes.
Includes a list of policy scopes where the group is applied,
and identifies any member types that are not supported in those policy scopes.
"""
type GroupWhereUsedPayload {
"""
Member types in the group that are not valid in one or more scopes where the group is used.
"""
invalidMemberTypes: [InvalidGroupMemberTypeInScope!]!
"""
List of scopes where the group is used. Each scope indicates the policy type and field.
"""
usage: [GroupScope!]!
"""Value is True if the group is used in at least one policy or scope."""
used: Boolean!
}
"""
Represents a member type in the group that is not supported in one or more scopes.
Each scope indicates where the member type is not allowed.
"""
type InvalidGroupMemberTypeInScope {
"""
List of scopes (policy type and field) where this member type is not supported.
"""
scope: [GroupScope!]!
"""The unsupported member type (e.g., site, host, etc.)"""
type: GroupMemberRefType!
}
"""
The scope (context) in which a group is used or supported.
Includes the policy type and the specific field name(s) where the group is used.
"""
type GroupScope {
"""
The specific fields within the policy where the group is used (e.g., 'source', 'destination').
"""
field: [String!]!
"""The type of policy (e.g.,WAN Firewall)."""
type: String!
}
"""
A list of group members, pagination details, applied filters, and sorting information.
"""
type GroupMembersListPayload {
"""
List of members that matched the query (including filtering, sorting, and paging).
"""
items: [GroupMemberRefTyped!]!
"""Pagination information for the result set (e.g., offset, total count)."""
paging: PageInfo!
}
"""
Filter, sort, and pagination applied when fetching the the list of group members.
"""
input GroupMembersListInput {
filter: [GroupMembersListFilterInput!]
paging: PagingInput! = {limit: 100, from: 0}
sort: GroupMembersListSortInput! = {name: {direction: ASC, priority: 2}, type: {direction: ASC, priority: 1}}
}
"""Filters to narrow down group members that are fetched."""
input GroupMembersListFilterInput {
"""Filter group members by name"""
name: [AdvancedStringFilterInput!]
"""Filter group members by type"""
type: [GroupMemberRefTypeFilterInput!]
}
"""
Sort group members by one or more fields.
If multiple fields are specified, the system uses their priority to determine order. For example, type with priority 1 will be used first, then name with priority 2.
"""
input GroupMembersListSortInput {
"""Sort by member name"""
name: SortOrderInput
"""Sort by member type"""
type: SortOrderInput
}
"""
Reference to a group member, including its ID, name, and type.
Used when listing or identifying members within a group.
"""
type GroupMemberRefTyped implements ObjectRef {
"Object's unique identifier"
id: ID!
"Object's unique name"
name: String!
type: GroupMemberRefType!
}
"""A reference to a group member, used when adding or filtering members."""
input GroupMemberRefTypedInput {
"""Whether to resolve the reference by ID or name. Defaults to ID."""
by: ObjectRefBy! = ID
"""The value of the member identifier (ID or name)"""
input: String!
"""The member type."""
type: GroupMemberRefType!
}
"""Counts how many members of each type the group contains."""
type GroupMemberTypeCount {
"""Number of members of this type that belong to the group"""
membersCount: Int!
"""The member type (e.g., SITE, HOST)"""
type: GroupMemberRefType!
}
"""List groups with optional filters, sorting, and pagination."""
input GroupListInput {
"""Filter groups by ID, name, member, audit data, or free-text"""
filter: [GroupListFilterInput!]
"""Pagination settings"""
paging: PagingInput! = {limit: 100, from: 0}
"""Sorting options, default behavior is ascending by name"""
sort: GroupListSortInput! = {name: {direction: ASC, priority: 1}}
}
"""Apply filters when fetching the list of groups."""
input GroupListFilterInput {
"""Filter by audit metadata (e.g., created by)"""
audit: [AuditingMetadataFilterInput!]
"""Free-text search across textual fields like name"""
freeText: FreeTextFilterInput
"""Filter by group ID"""
id: [IdFilterInput!]
"""Filter groups that include specific members"""
member: [GroupMemberFilterInput!]
"""Filter by group name"""
name: [AdvancedStringFilterInput!]
}
"""Filter groups by member reference."""
input GroupMemberFilterInput {
"""Member reference used to identify the groups it belongs to"""
ref: GroupMemberRefTypedInput!
}
"""Member types that can be referenced in a group."""
enum GroupMemberRefType {
FLOATING_SUBNET
GLOBAL_IP_RANGE
HOST
NETWORK_INTERFACE
SITE
SITE_NETWORK_SUBNET
}
"""Filter member types using the supported operators"""
input GroupMemberRefTypeFilterInput {
"""Match if member type equals this value"""
eq: GroupMemberRefType
"""Match if member type is in this list"""
in: [GroupMemberRefType!]
"""Match if member type does not equal this value"""
neq: GroupMemberRefType
"""Match if member type is not in this list"""
nin: [GroupMemberRefType!]
}
"""Sort groups by name or audit metadata"""
input GroupListSortInput {
"""Sort groups by audit metadata (e.g., creation time)"""
audit: AuditingMetadataSortInput
"""ort groups by name"""
name: SortOrderInput
}
"""
A list of groups returned by the groupList query, with pagination info.
"""
type GroupListPayload {
"""The list of fetched groups"""
items: [Group!]!
"""Pagination that was applied during the fetch"""
paging: PageInfo!
}
"""Operations for managing groups"""
type GroupsMutations {
"""Create a new group"""
createGroup(input: CreateGroupInput!): CreateGroupPayload @beta
"""Delete a group"""
deleteGroup(input: GroupRefInput!): DeleteGroupPayload @beta
"""
Update an existing group, including attributes such as name, description, and member items
"""
updateGroup(input: UpdateGroupInput!): UpdateGroupPayload @beta
}
"""Create a new group"""
input CreateGroupInput {
"""Optional description for the group"""
description: String
"""
Initial list of members for the new group. There is a maximum of 500 members per createGroup mutation
"""
members: [GroupMemberRefTypedInput!]
"""The name of the new group"""
name: String!
}
"""The created group object."""
type CreateGroupPayload {
group: Group!
}
"""
Update attributes for a group. Only the provided fields are updated - the other fields are not changed
Note: You can only update a total of 500 group members at one time, this means 'membersToAdd + membersToRemove' or 'members' must be less than 500
"""
input UpdateGroupInput {
"""New description for the group, if changing"""
description: String
"""Specify the group you’re updating"""
group: GroupRefInput!
"""Replaces all members in the group with this list of members"""
members: [GroupMemberRefTypedInput!]
"""
Adds members to the existing set of members. Can't be used together with the 'members' field
"""
membersToAdd: [GroupMemberRefTypedInput!]
"""
Removes members from the group. Can't be used together with the 'members' field
"""
membersToRemove: [GroupMemberRefTypedInput!]
"""New name for the group, if changing"""
name: String
}
"""The updated group object"""
type UpdateGroupPayload {
"""Updated group"""
group: Group!
}
"""The deleted group object"""
type DeleteGroupPayload {
"""The group that was deleted"""
group: Group!
}
type SiteGeneralDetailsPayload {
description: String
"""Only relevant for socket sites"""
preferredPopLocation: SitePreferredPopLocation
site: SiteRef!
siteLocation: SiteLocation!
siteType: SiteType!
}
type SiteLocation {
address: String
cityName: String
countryCode: String!
stateCode: String
timezone: String!
}
type SitePreferredPopLocation {
"""
Forces the socket to connect exclusively to the configured PoP locations
"""
preferredOnly: Boolean!
primary: PopLocationRef
secondary: PopLocationRef
}
input UpdateSiteGeneralDetailsInput {
description: String
name: String
"""Only relevant for socket sites"""
preferredPopLocation: UpdateSitePreferredPopLocationInput
siteLocation: UpdateSiteLocationInput
siteType: SiteType
}
input UpdateSiteLocationInput {
address: String
cityName: String
countryCode: String
stateCode: String
timezone: String
}
input UpdateSitePreferredPopLocationInput {
"""
Forces the socket to connect exclusively to the configured PoP locations
"""
preferredOnly: Boolean!
"""
Set the location reference to -1, `Automatic`, or null to enable automatic selection.
Set the location reference to -2 or `None` to disable the preferred PoP location (only allowed for secondary).
"""
primary: PopLocationRefInput
secondary: PopLocationRefInput
}
type UpdateSiteGeneralDetailsPayload {
siteId: ID!
}
"Configuration for Internet Firewall action"
type InternetFirewallActionConfig {
"Defines the Remote Browser Isolation (RBI) profile to apply when the rule action is set to RBI. Only a single element is allowed."
rbiProfile: [RbiProfileRef!]!
"Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRef!]!
}
"Configuration for Internet Firewall action"
input InternetFirewallActionConfigInput {
"Defines the Remote Browser Isolation (RBI) profile to apply when the rule action is set to RBI. Only a single element is allowed."
rbiProfile: [RbiProfileRefInput!]! = []
"Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRefInput!]! = []
}
"Configuration for Internet Firewall action"
input InternetFirewallActionConfigUpdateInput {
"Defines the Remote Browser Isolation (RBI) profile to apply when the rule action is set to RBI. Only a single element is allowed."
rbiProfile: [RbiProfileRefInput!]
"Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRefInput!]
}
"The action applied by the Internet Firewall if the rule is matched"
enum InternetFirewallActionEnum {
"Allow the network traffic to pass through the firewall."
ALLOW
"Deny the network traffic from passing through the firewall."
BLOCK
"Requests user confirmation to allow or block network traffic."
PROMPT
"Apply Remote Browser Isolation (RBI) to the network traffic"
RBI
}
input InternetFirewallAddRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum! = BLOCK
"Configuration for Internet Firewall action"
actionConfig: InternetFirewallActionConfigInput! = {userNotification: [], rbiProfile: []}
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodInput! = {useEffectiveFrom: false, useExpiresAt: false}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestinationInput! = {application: [], customApp: [], appCategory: [], customCategory: [], sanctionedAppsCategory: [], country: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: [], remoteAsn: [], containers: {fqdnContainer: [], ipAddressRangeContainer: []}}
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]! = []
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleExceptionInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceTypeInput! = {standard: [], custom: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Rule parameters and relevant position"
input InternetFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: InternetFirewallAddRuleDataInput!
}
input InternetFirewallAddSubPolicyDataInput {
description: String!
name: String!
}
input InternetFirewallAddSubPolicyInput {
at: PolicyRulePositionInput!
policy: InternetFirewallAddSubPolicyDataInput
scope: InternetFirewallAddRuleDataInput!
}
type InternetFirewallAddSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
type InternetFirewallContainer {
fqdnContainer: [FqdnContainerRef!]!
ipAddressRangeContainer: [IpAddressRangeContainerRef!]!
}
input InternetFirewallContainerInput {
fqdnContainer: [FqdnContainerRefInput!]! = []
ipAddressRangeContainer: [IpAddressRangeContainerRefInput!]! = []
}
input InternetFirewallContainerUpdateInput {
fqdnContainer: [FqdnContainerRefInput!]
ipAddressRangeContainer: [IpAddressRangeContainerRefInput!]
}
"Returns the settings for Destination of an Internet Firewall rule"
type InternetFirewallDestination {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
containers: InternetFirewallContainer!
"Countries"
country: [CountryRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]!
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRef!]!
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]!
}
"Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)"
input InternetFirewallDestinationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
containers: InternetFirewallContainerInput! = {fqdnContainer: [], ipAddressRangeContainer: []}
"Countries"
country: [CountryRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]! = []
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]! = []
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]! = []
}
"Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)"
input InternetFirewallDestinationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
containers: InternetFirewallContainerUpdateInput
"Countries"
country: [CountryRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]
}
type InternetFirewallPolicy implements IPolicy {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyAudit
"Description for the policy"
description: String!
enabled: Boolean!
"Policy ID"
id: ID!
"Name of the policy, the default name for the policy containing all sub-policies is 'Main'"
name: String!
revision: PolicyRevision
rules: [InternetFirewallRulePayload!]!
sections: [PolicySectionPayload!]!
"Holds a list of all allowed sub-policies according to admin access capabilities"
subPolicies: [InternetFirewallSubPolicyPayload!]!
}
type InternetFirewallPolicyInfo implements PolicyInfo {
audit: PolicyAudit!
description: String!
enabled: Boolean!
id: ID!
name: String!
policyLevel: PolicyLevelEnum!
}
input InternetFirewallPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input InternetFirewallPolicyListFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
policyLevel: [PolicyLevelEnumFilterInput!]
}
input InternetFirewallPolicyListInput {
filter: InternetFirewallPolicyListFilterInput
paging: PagingInput! = {limit: 100, from: 0}
sort: InternetFirewallPolicyListSortInput! = {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}
}
type InternetFirewallPolicyListPayload implements PolicyListPayload {
items: [InternetFirewallPolicyInfo!]!
paging: PageInfo!
}
input InternetFirewallPolicyListSortInput {
name: SortOrderInput
policyLevel: SortOrderInput
}
input InternetFirewallPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Internet Firewall policy information provided in the API response"
type InternetFirewallPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
"The Internet firewall Policy information returned to the caller in the API response."
type InternetFirewallPolicyMutations {
"Add a new rule to the Internet Firewall policy."
addRule(input: InternetFirewallAddRuleInput!): InternetFirewallRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Add a new sub-policy to the Internet Firewall policy."
addSubPolicy(input: InternetFirewallAddSubPolicyInput!): InternetFirewallAddSubPolicyMutationPayload! @beta
"Create the policy revision. Create a new empty policy revision."
createPolicyRevision(input: PolicyCreateRevisionInput!): InternetFirewallPolicyMutationPayload! @beta
"Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted."
discardPolicyRevision(input: PolicyDiscardRevisionInput): InternetFirewallPolicyMutationPayload! @beta
"Change the relative location of an existing rule within the Internet Firewall policy."
moveRule(input: PolicyMoveRuleInput!): InternetFirewallRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
"Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins."
publishPolicyRevision(input: PolicyPublishRevisionInput): InternetFirewallPolicyMutationPayload! @beta
"Remove an existing rule from the Internet Firewall policy."
removeRule(input: InternetFirewallRemoveRuleInput!): InternetFirewallRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Remove an existing sub-policy from the Internet Firewall policy."
removeSubPolicy(input: InternetFirewallRemoveSubPolicyInput!): InternetFirewallRemoveSubPolicyMutationPayload! @beta
"""
Change the state of the policy, e.g. enable or disable the policy.
Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
"""
updatePolicy(input: InternetFirewallPolicyUpdateInput!): InternetFirewallPolicyMutationPayload! @beta
"Update an existing rule of the Internet Firewall policy."
updateRule(input: InternetFirewallUpdateRuleInput!): InternetFirewallRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type InternetFirewallPolicyQueries {
policy(input: InternetFirewallPolicyInput): InternetFirewallPolicy! @beta
"Provides a list of all policies of Internet Firewall with filtering, pagination and sorting capabilities"
policyList(input: InternetFirewallPolicyListInput! = {sort: {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}, paging: {limit: 100, from: 0}}): InternetFirewallPolicyListPayload! @beta
revisions: PolicyRevisionsPayload @beta
}
type InternetFirewallPolicyRef implements PolicyRef & ObjectRef {
id: ID!
name: String!
}
input InternetFirewallPolicyRefInput {
by: ObjectRefBy!
input: String!
}
input InternetFirewallPolicyUpdateInput {
state: PolicyToggleState
}
input InternetFirewallRemoveRuleInput {
id: ID!
}
input InternetFirewallRemoveSubPolicyInput {
ref: InternetFirewallPolicyRefInput!
}
type InternetFirewallRemoveSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
type InternetFirewallRule implements IPolicyRule {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum!
"Configuration for Internet Firewall action"
actionConfig: InternetFirewallActionConfig!
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriod!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestination!
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributes!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceType!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSource!
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTracking!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
type InternetFirewallRuleException {
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum!
"Source country matching criteria for the exception."
country: [CountryRef!]!
"Destination matching criteria for the exception."
destination: InternetFirewallDestination!
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRef!]!
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributes!
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]!
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: InternetFirewallServiceType!
"Source traffic matching criteria for the exception."
source: InternetFirewallSource!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
input InternetFirewallRuleExceptionInput {
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum! = ANY
"Source country matching criteria for the exception."
country: [CountryRefInput!]! = []
"Destination matching criteria for the exception."
destination: InternetFirewallDestinationInput! = {application: [], customApp: [], appCategory: [], customCategory: [], sanctionedAppsCategory: [], country: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: [], remoteAsn: [], containers: {fqdnContainer: [], ipAddressRangeContainer: []}}
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRefInput!]! = []
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]! = []
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: InternetFirewallServiceTypeInput! = {standard: [], custom: []}
"Source traffic matching criteria for the exception."
source: InternetFirewallSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
}
type InternetFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: InternetFirewallRulePayload
status: PolicyMutationStatus!
}
"Internet Firewall policy information for a specific revision"
type InternetFirewallRulePayload implements IPolicyRulePayload {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: InternetFirewallRule!
"""
POLICY_RULE = Rule is a regular policy rule
SUB_POLICY_SCOPE = Rule is a scoping rule wrapping a sub-policy and predicate apply to all sub-policy rules
"""
ruleType: PolicyRuleTypeEnum!
"A reference to the sub-policy the entity is referring to"
subPolicy: InternetFirewallPolicyRef
}
"Returns the Service Type to which this Internet Firewall rule applies"
type InternetFirewallServiceType {
custom: [CustomService!]!
standard: [ServiceRef!]!
}
"Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input InternetFirewallServiceTypeInput {
custom: [CustomServiceInput!]! = []
standard: [ServiceRefInput!]! = []
}
"Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input InternetFirewallServiceTypeUpdateInput {
custom: [CustomServiceInput!]
standard: [ServiceRefInput!]
}
"Returns the settings for Source of an Internet Firewall rule"
type InternetFirewallSource {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input InternetFirewallSourceInput {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input InternetFirewallSourceUpdateInput {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
type InternetFirewallSubPolicyPayload implements SubPolicyPayload {
access: EntityAccess!
policy: InternetFirewallPolicyInfo!
properties: [SubPolicyProperty!]!
}
input InternetFirewallUpdateRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum
"Configuration for Internet Firewall action"
actionConfig: InternetFirewallActionConfigUpdateInput
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestinationUpdateInput
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesUpdateInput
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]
enabled: Boolean
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleExceptionInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceTypeUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingUpdateInput
}
input InternetFirewallUpdateRuleInput {
id: ID!
rule: InternetFirewallUpdateRuleDataInput!
}
input RemotePortFwdAddRuleDataInput {
description: String! = ""
enabled: Boolean!
externalIp: AllocatedIpRefInput!
externalPortRange: PortRangeInput!
forwardIcmp: Boolean! = false
internalIp: IPAddress!
internalPortRange: PortRangeInput!
name: String!
remoteIPs: RemotePortFwdRemoteIpsInput! = {ip: [], ipRange: [], subnet: [], globalIpRange: []}
restrictionType: RemotePortFwdRestrictionType! = ALLOW_LIST
tracking: PolicyRuleTrackingAlertInput! = {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}
}
"Rule parameters and relevant position"
input RemotePortFwdAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: RemotePortFwdAddRuleDataInput!
}
type RemotePortFwdPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [RemotePortFwdRulePayload!]!
sections: [PolicySectionPayload!]!
}
input RemotePortFwdPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input RemotePortFwdPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Remote port forwarding policy information provided in the API response"
type RemotePortFwdPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: RemotePortFwdPolicy
status: PolicyMutationStatus!
}
"The Remote Port Forwarding Policy information returned to the caller in the API response."
type RemotePortFwdPolicyMutations {
"Add a new port forwarding rule to enable remote access to internal services."
addRule(input: RemotePortFwdAddRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Create a new empty policy revision for port forwarding rules."
createPolicyRevision(input: PolicyCreateRevisionInput!): RemotePortFwdPolicyMutationPayload! @beta
"Discard the policy revision. All changes in this revision are discarded and the revision is deleted."
discardPolicyRevision(input: PolicyDiscardRevisionInput): RemotePortFwdPolicyMutationPayload! @beta
"Change the priority/position of an existing port forwarding rule."
moveRule(input: PolicyMoveRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
"Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins."
publishPolicyRevision(input: PolicyPublishRevisionInput): RemotePortFwdPolicyMutationPayload! @beta
"Remove an existing port forwarding rule from the policy."
removeRule(input: RemotePortFwdRemoveRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing."
updatePolicy(input: RemotePortFwdPolicyUpdateInput!): RemotePortFwdPolicyMutationPayload! @beta
"Update an existing port forwarding rule configuration."
updateRule(input: RemotePortFwdUpdateRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type RemotePortFwdPolicyQueries {
policy(input: RemotePortFwdPolicyInput): RemotePortFwdPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input RemotePortFwdPolicyUpdateInput {
state: PolicyToggleState
}
type RemotePortFwdRemoteIps {
globalIpRange: [GlobalIpRangeRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
input RemotePortFwdRemoteIpsInput {
globalIpRange: [GlobalIpRangeRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
subnet: [NetworkSubnet!]! = []
}
input RemotePortFwdRemoteIpsUpdateInput {
globalIpRange: [GlobalIpRangeRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
input RemotePortFwdRemoveRuleInput {
id: ID!
}
enum RemotePortFwdRestrictionType {
ALLOW_LIST
BLOCK_LIST
}
type RemotePortFwdRule implements IPolicyRule {
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
externalIp: AllocatedIpRef!
externalPortRange: PortRange!
forwardIcmp: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
internalIp: IPAddress!
internalPortRange: PortRange!
"Name of the rule"
name: String!
remoteIPs: RemotePortFwdRemoteIps!
restrictionType: RemotePortFwdRestrictionType!
"Policy section where the rule is located"
section: PolicySectionInfo!
tracking: PolicyRuleTrackingAlert!
}
type RemotePortFwdRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: RemotePortFwdRulePayload
status: PolicyMutationStatus!
}
type RemotePortFwdRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: RemotePortFwdRule!
}
input RemotePortFwdUpdateRuleDataInput {
description: String
enabled: Boolean
externalIp: AllocatedIpRefInput
externalPortRange: PortRangeUpdateInput
forwardIcmp: Boolean
internalIp: IPAddress
internalPortRange: PortRangeUpdateInput
name: String
remoteIPs: RemotePortFwdRemoteIpsUpdateInput
restrictionType: RemotePortFwdRestrictionType
tracking: PolicyRuleTrackingAlertUpdateInput
}
input RemotePortFwdUpdateRuleInput {
id: ID!
rule: RemotePortFwdUpdateRuleDataInput!
}
"Configuration for Wan Firewall action"
type WanFirewallActionConfig {
"Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRef!]!
}
"Configuration for Wan Firewall action"
input WanFirewallActionConfigInput {
"Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRefInput!]! = []
}
"Configuration for Wan Firewall action"
input WanFirewallActionConfigUpdateInput {
"Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRefInput!]
}
enum WanFirewallActionEnum {
"Allow the network traffic to pass through the firewall."
ALLOW
"Deny the network traffic from passing through the firewall."
BLOCK
"Requests user confirmation to allow or block network traffic."
PROMPT
}
input WanFirewallAddRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum! = BLOCK
"Configuration for Wan Firewall action"
actionConfig: WanFirewallActionConfigInput! = {userNotification: []}
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodInput! = {useEffectiveFrom: false, useExpiresAt: false}
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], sanctionedAppsCategory: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestinationInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]! = []
direction: WanFirewallDirectionEnum! = TO
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleExceptionInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceTypeInput! = {standard: [], custom: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSourceInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Rule parameters and relevant position"
input WanFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: WanFirewallAddRuleDataInput!
}
input WanFirewallAddSubPolicyDataInput {
description: String!
name: String!
}
input WanFirewallAddSubPolicyInput {
at: PolicyRulePositionInput!
policy: WanFirewallAddSubPolicyDataInput
scope: WanFirewallAddRuleDataInput!
}
type WanFirewallAddSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
"Application match criteria set"
type WanFirewallApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
}
"Application match criteria set"
input WanFirewallApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
}
"Application match criteria set"
input WanFirewallApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
}
"Returns the settings for Destination of a Wan Firewall rule"
type WanFirewallDestination {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallDestinationInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallDestinationUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
enum WanFirewallDirectionEnum {
BOTH
TO
}
type WanFirewallPolicy implements IPolicy {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyAudit
"Description for the policy"
description: String!
enabled: Boolean!
"Policy ID"
id: ID!
"Name of the policy, the default name for the policy containing all sub-policies is 'Main'"
name: String!
revision: PolicyRevision
rules: [WanFirewallRulePayload!]!
sections: [PolicySectionPayload!]!
"Holds a list of all allowed sub-policies according to admin access capabilities"
subPolicies: [WanFirewallSubPolicyPayload!]!
}
type WanFirewallPolicyInfo implements PolicyInfo {
audit: PolicyAudit!
description: String!
enabled: Boolean!
id: ID!
name: String!
policyLevel: PolicyLevelEnum!
}
input WanFirewallPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input WanFirewallPolicyListFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
policyLevel: [PolicyLevelEnumFilterInput!]
}
input WanFirewallPolicyListInput {
filter: WanFirewallPolicyListFilterInput
paging: PagingInput! = {limit: 100, from: 0}
sort: WanFirewallPolicyListSortInput! = {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}
}
type WanFirewallPolicyListPayload implements PolicyListPayload {
items: [WanFirewallPolicyInfo!]!
paging: PageInfo!
}
input WanFirewallPolicyListSortInput {
name: SortOrderInput
policyLevel: SortOrderInput
}
input WanFirewallPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Wan Firewall policy information provided in the API response"
type WanFirewallPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
"The Wan Firewall Policy information returned to the caller in the API response."
type WanFirewallPolicyMutations {
"Add a new rule to the Wan Firewall policy."
addRule(input: WanFirewallAddRuleInput!): WanFirewallRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Add a new sub-policy to the Wan Firewall policy."
addSubPolicy(input: WanFirewallAddSubPolicyInput!): WanFirewallAddSubPolicyMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): WanFirewallPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): WanFirewallPolicyMutationPayload! @beta
"Change the relative location of an existing rule within the Wan Firewall policy."
moveRule(input: PolicyMoveRuleInput!): WanFirewallRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): WanFirewallPolicyMutationPayload! @beta
"Remove an existing rule from the Wan Firewall policy."
removeRule(input: WanFirewallRemoveRuleInput!): WanFirewallRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Remove an existing sub-policy from the Wan Firewall policy."
removeSubPolicy(input: WanFirewallRemoveSubPolicyInput!): WanFirewallRemoveSubPolicyMutationPayload! @beta
"""
Change the state of the policy, e.g. enable or disable the policy.
Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
"""
updatePolicy(input: WanFirewallPolicyUpdateInput!): WanFirewallPolicyMutationPayload! @beta
"Update an existing rule of the Wan Firewall policy."
updateRule(input: WanFirewallUpdateRuleInput!): WanFirewallRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type WanFirewallPolicyQueries {
policy(input: WanFirewallPolicyInput): WanFirewallPolicy! @beta
"Provides a list of all policies of Wan Firewall with filtering, pagination and sorting capabilities"
policyList(input: WanFirewallPolicyListInput! = {sort: {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}, paging: {limit: 100, from: 0}}): WanFirewallPolicyListPayload! @beta
revisions: PolicyRevisionsPayload @beta
}
type WanFirewallPolicyRef implements PolicyRef & ObjectRef {
id: ID!
name: String!
}
input WanFirewallPolicyRefInput {
by: ObjectRefBy!
input: String!
}
input WanFirewallPolicyUpdateInput {
state: PolicyToggleState
}
input WanFirewallRemoveRuleInput {
id: ID!
}
input WanFirewallRemoveSubPolicyInput {
ref: WanFirewallPolicyRefInput!
}
type WanFirewallRemoveSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
type WanFirewallRule implements IPolicyRule {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum!
"Configuration for Wan Firewall action"
actionConfig: WanFirewallActionConfig!
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriod!
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplication!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestination!
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributes!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]!
direction: WanFirewallDirectionEnum!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceType!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSource!
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTracking!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
type WanFirewallRuleException {
"Application matching criteria for the exception."
application: WanFirewallApplication!
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum!
"Source country matching criteria for the exception."
country: [CountryRef!]!
"Destination matching criteria for the exception."
destination: WanFirewallDestination!
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRef!]!
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributes!
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]!
"Direction origin matching criteria for the exception"
direction: WanFirewallDirectionEnum!
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: WanFirewallServiceType!
"Source matching criteria for the exception."
source: WanFirewallSource!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
input WanFirewallRuleExceptionInput {
"Application matching criteria for the exception."
application: WanFirewallApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], sanctionedAppsCategory: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum! = ANY
"Source country matching criteria for the exception."
country: [CountryRefInput!]! = []
"Destination matching criteria for the exception."
destination: WanFirewallDestinationInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRefInput!]! = []
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]! = []
"Direction origin matching criteria for the exception"
direction: WanFirewallDirectionEnum! = TO
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: WanFirewallServiceTypeInput! = {standard: [], custom: []}
"Source matching criteria for the exception."
source: WanFirewallSourceInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
}
type WanFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: WanFirewallRulePayload
status: PolicyMutationStatus!
}
"Wan Firewall policy information for a specific revision"
type WanFirewallRulePayload implements IPolicyRulePayload {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: WanFirewallRule!
"""
POLICY_RULE = Rule is a regular policy rule
SUB_POLICY_SCOPE = Rule is a scoping rule wrapping a sub-policy and predicate apply to all sub-policy rules
"""
ruleType: PolicyRuleTypeEnum!
"A reference to the sub-policy the entity is referring to"
subPolicy: WanFirewallPolicyRef
}
"Returns the Service Type to which this Wan Firewall rule applies"
type WanFirewallServiceType {
custom: [CustomService!]!
standard: [ServiceRef!]!
}
"Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input WanFirewallServiceTypeInput {
custom: [CustomServiceInput!]! = []
standard: [ServiceRefInput!]! = []
}
"Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input WanFirewallServiceTypeUpdateInput {
custom: [CustomServiceInput!]
standard: [ServiceRefInput!]
}
"Returns the settings for Source of an Wan Firewall rule"
type WanFirewallSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
type WanFirewallSubPolicyPayload implements SubPolicyPayload {
access: EntityAccess!
policy: WanFirewallPolicyInfo!
properties: [SubPolicyProperty!]!
}
input WanFirewallUpdateRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum
"Configuration for Wan Firewall action"
actionConfig: WanFirewallActionConfigUpdateInput
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodUpdateInput
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplicationUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestinationUpdateInput
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesUpdateInput
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]
direction: WanFirewallDirectionEnum
enabled: Boolean
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleExceptionInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceTypeUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingUpdateInput
}
input WanFirewallUpdateRuleInput {
id: ID!
rule: WanFirewallUpdateRuleDataInput!
}
type ExternalAccessQueries {
"""List account access requests for managed accounts."""
incomingAccessRequestList(input: IncomingAccessRequestListInput): IncomingAccessRequestListPayload @beta
"""List account access requests for partners."""
partnerAccessRequestList(input: PartnerAccessRequestListInput): PartnerAccessRequestListPayload @beta
}
type ExternalAccessMutations {
"""
Add partner access request. This mutation is used to request access to managed accounts.
"""
addPartnerAccessRequest(input: AddPartnerAccessRequestInput!): AddPartnerAccessRequestPayload! @beta
"""
This mutation is used to cancel previously requested partner access to the managed account.
"""
cancelPartnerAccess(input: CancelPartnerAccessInput!): CancelPartnerAccessPayload! @beta
"""Approve or reject a managed account access request."""
resolveIncomingAccessRequest(input: ResolveIncomingAccessRequestInput!): ResolveIncomingAccessRequestPayload! @beta
"""
This mutation is used to revoke previously granted access to the account.
"""
revokePartnerAccess(input: RevokePartnerAccessInput!): RevokePartnerAccessPayload! @beta
}
"""Filter criteria for listing partner access requests."""
input PartnerAccessRequestFilterInput {
"Filter by expiration date."
expirationDate: DateTimeFilterInput
"Filter by requested date."
requestedDate: DateTimeFilterInput
"Filter by search string."
search: StringFilterInput
"Filter by status."
status: AccessRequestStatusFilterInput
"Filter by request type."
type: AccessRequestTypeFilterInput
}
"""Input for listing partner access requests."""
input PartnerAccessRequestListInput {
"Filter criteria."
filter: PartnerAccessRequestFilterInput
"Pagination settings."
paging: PagingInput! = {limit: 100, from: 0}
"Sort settings."
sort: PartnerAccessRequestSortInput! = {requestedDate: {direction: ASC, priority: 1}}
}
"""Input for listing managed account access requests."""
input IncomingAccessRequestListInput {
"Filter criteria."
filter: IncomingAccessRequestFilterInput
"Pagination settings."
paging: PagingInput! = {limit: 100, from: 0}
"Sort settings."
sort: AccessRequestSortInput! = {requestedDate: {direction: ASC, priority: 1}}
}
"""Filter criteria for listing managed account access requests."""
input IncomingAccessRequestFilterInput {
"Filter by expiration date."
expirationDate: DateTimeFilterInput
"Filter by requested date."
requestedDate: DateTimeFilterInput
"Filter by search string."
search: StringFilterInput
"Filter by status."
status: AccessRequestStatusFilterInput
}
"""Output for listing partner access requests."""
type PartnerAccessRequestListPayload {
"Partner access requests."
items: [ExternalAccessRequest!]!
"Pagination information."
paging: PageInfo!
}
"""Output for listing managed account access requests."""
type IncomingAccessRequestListPayload {
"Incoming access requests."
items: [IncomingExternalAccessRequest!]!
"Pagination information."
paging: PageInfo!
}
"""Input for approving or rejecting a managed account access request."""
input ResolveIncomingAccessRequestInput {
"Approval decision."
approval: PartnerAccessApprovalResponse!
"Optional note."
note: String
"Access request ID."
requestId: ID!
}
"""Output for a managed account access request."""
type ResolveIncomingAccessRequestPayload {
"Updated access request."
request: IncomingExternalAccessRequest!
}
"""Permissions requested for an account access request."""
type IncomingAccessRequestPermissions {
"Requested permissions."
permissions: [IncomingAccessRequestPermission!]!
}
"""Permission requested for an account access request."""
type IncomingAccessRequestPermission {
"Requested permission action."
action: String!
"Requested permission resource."
resource: String!
}
"""External access request type."""
enum ExternalAccessRequestType {
"""Automate access request."""
AUTOMATE
"""Default access request."""
DEFAULT
"""Emergency access request."""
EMERGENCY
"""Exceptional access request."""
EXCEPTIONAL
"""Standard access request."""
STANDARD
"""Support access request."""
SUPPORT
"""Support access request requiring customer approval."""
SUPPORT_WITH_APPROVAL
}
"""Sort settings for partner account access requests."""
input PartnerAccessRequestSortInput {
"""Sort by account name."""
accountName: SortOrderInput
"""Sort by activation date."""
activeDate: SortOrderInput
"""Sort by expiration date."""
expirationDate: SortOrderInput
"""Sort by request ID."""
id: SortOrderInput
"""Sort by requested date."""
requestedDate: SortOrderInput
"""Sort by status."""
status: SortOrderInput
"""Sort by request type."""
type: SortOrderInput
}
"""Sort settings for managed account access requests."""
input AccessRequestSortInput {
"""Sort by activation date."""
activeDate: SortOrderInput
"""Sort by expiration date."""
expirationDate: SortOrderInput
"""Sort by request ID."""
id: SortOrderInput
"""Sort by requested date."""
requestedDate: SortOrderInput
"""Sort by status."""
status: SortOrderInput
}
"""Partner account access request details."""
type ExternalAccessRequest {
"""Target account."""
account: AccountRef!
"""Date the request becomes active."""
activeDate: DateTime!
"""Admins included in the request."""
admins: [AdminRef!]!
"""Date the request expires."""
expirationDate: DateTime!
"""User groups included in the request."""
groups: [UsersGroupRef!]!
"""Access request ID."""
id: ID!
"""Applies to all fully managed accounts."""
isAppliedOnAllFullyManagedAccounts: Boolean!
"""Partner account."""
partner: AccountRef!
"""Note from the partner."""
partnerNote: String
"""Reason for the request."""
reason: String
"""Date the request is submitted."""
requestedDate: DateTime!
"""Roles included in the request."""
roles: [RBACRole!]!
"""Request status."""
status: AccessRequestStatus!
}
"""Managed account access request details."""
type IncomingExternalAccessRequest {
"""Date the request becomes active."""
activeDate: DateTime!
"""Date the request expires."""
expirationDate: DateTime!
"""Access request ID."""
id: ID!
"""Applies to all fully managed accounts."""
isAppliedOnAllFullyManagedAccounts: Boolean!
"""Note from the managed account admin."""
note: String
"""Partner account."""
partner: AccountRef!
"""Requested permissions."""
permissions: IncomingAccessRequestPermissions!
"""Reason for the request."""
reason: String
"""Date the request is submitted."""
requestedDate: DateTime!
"""Request status."""
status: AccessRequestStatus!
}
"""Reference input for an RBAC role."""
input RBACRoleRefInput {
"""Reference lookup method."""
by: ObjectRefBy! = ID
"""Role reference value."""
input: String!
}
enum AccessRequestStatus {
ACTIVE
EXPIRED
PENDING
REJECTED
REVOKED
}
"""Filter criteria for access request status."""
input AccessRequestStatusFilterInput {
"""Equals."""
eq: AccessRequestStatus
"""In list."""
in: [AccessRequestStatus!]
"""Not equals."""
neq: AccessRequestStatus
"""Not in list."""
nin: [AccessRequestStatus!]
}
"""Filter criteria for access request type."""
input AccessRequestTypeFilterInput {
"""Equals."""
eq: ExternalAccessRequestType
"""In list."""
in: [ExternalAccessRequestType!]
"""Not equals."""
neq: ExternalAccessRequestType
"""Not in list."""
nin: [ExternalAccessRequestType!]
}
"""Input for creating a partner account access request."""
input AddPartnerAccessRequestInput {
"""Target accounts."""
accounts: [AccountRefInput!]
"""Admins included in the request."""
admins: [AdminRefInput!]
"""Expiration date."""
expirationDate: DateTime!
"""User groups included in the request."""
groups: [UsersGroupRefInput]! = []
"""Apply to all fully managed accounts."""
isAppliedOnAllFullyManagedAccounts: Boolean
"""Partner account."""
partner: AccountRefInput!
"""Note from the partner."""
partnerNote: String
"""Reason for the request."""
reason: String
"""Roles included in the request."""
roles: [RBACRoleRefInput!]!
"""Support link."""
supportLink: String
}
"""Output for creating a partner account access request."""
type AddPartnerAccessRequestPayload {
"""Created access requests."""
invitation: [ExternalAccessRequest!]!
}
enum PartnerAccessApprovalResponse {
APPROVE
REJECT
}
"""Input for revoking partner access."""
input RevokePartnerAccessInput {
"""Access request ID."""
invitationId: ID!
"""Reason for revoking access."""
reason: String
}
"""Input for canceling a partner access request."""
input CancelPartnerAccessInput {
"""Access request ID."""
invitationId: ID!
"""Reason for canceling the request."""
reason: String
}
"""Output for revoking partner access."""
type RevokePartnerAccessPayload {
"""Updated access request."""
invitation: IncomingExternalAccessRequest!
}
"""Output for canceling a partner access request."""
type CancelPartnerAccessPayload {
"""Updated access request."""
invitation: ExternalAccessRequest!
}
enum EventFieldName {
"Identifies system access software or device. CMA Name: Access Method"
access_method
"Identifier of the Wi‑Fi access point (AP) that this event was recorded on. CMA Name: Access Point ID"
access_point_id
"Access Point Name. CMA Name: Access Point Name"
access_point_name
"Account ID. CMA Name: Account ID"
account_id
"Firewall, QoS or LAG action. CMA Name: Action"
action
"A list of actions taken, if more than one action was taken as defined by a policy. CMA Name: Actions Taken"
actions_taken
"The activity resource ID being referenced with resource type. CMA Name: Activity Resource ID"
activity_resource_id
"Defines the type of entity performing the action, helping to distinguish between different categories of users. CMA Name: Actor Type"
actor_type
"Active Directory name. CMA Name: Active Directory Name"
ad_name
"The estimated risk level of the AI threat. CMA Name: Ai App Risk Level"
ai_app_risk_level
"AI Proxy rule name. CMA Name: AI Proxy Rule Name"
ai_proxy_rule_name
"A unique identifier of the alert notification. CMA Name: Alert id"
alert_id
"Always-on Configuration. CMA Name: Always-On"
always_on_configuration
"Analyst Verdict. CMA Name: Analyst Verdict"
analyst_verdict
"Anti Tamper Bypass Duration In Seconds. CMA Name: Anti Tamper Bypass Duration (Seconds)"
anti_tamper_bypass_duration_sec
"Anti Tamper Bypass Method. CMA Name: Anti Tamper Bypass Method"
anti_tamper_bypass_method
"Anti Tamper Bypass Result. CMA Name: Anti Tamper Bypass Result"
anti_tamper_bypass_result
"The name of the API, e.g. eventsFeed. CMA Name: Api Name"
api_name
"Specifies whether the API is a query (read) or a mutation (create/update/delete). CMA Name: Api Type"
api_type
"Name of application activity. CMA Name: Application Activity"
app_activity
"SaaS user activities into categories. CMA Name: App Activity Category"
app_activity_category
"Activity type. CMA Name: App Activity Type"
app_activity_type
"Related Apps. CMA Name: Related Apps"
app_stack
"Application ID of the flow. CMA Name: Application ID"
application_id
"The name of the application associated with the flow. CMA Name: Application"
application_name
"Application risk score. CMA Name: Application Risk"
application_risk
"Application type (Custom, Private or System). CMA Name: Application Type"
application_type
"Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN. CMA Name: Authentication Method"
auth_method
"Examples: MFA or password. CMA Name: Authentication Type"
authentication_type
"BGP ASN for Cato peer. CMA Name: BGP Cato ASN"
bgp_cato_asn
"BGP IP for Cato peer. CMA Name: BGP Cato IP"
bgp_cato_ip
"BGP disconnect error code. CMA Name: BGP Disconnect Error Code"
bgp_error_code
"BGP ASN for remote peer. CMA Name: BGP Peer ASN"
bgp_peer_asn
"BGP IP for remote peer. CMA Name: BGP Peer IP"
bgp_peer_ip
"CIDR for BGP route. CMA Name: BGP Router CIDR"
bgp_route_cidr
"BGP disconnect error message. CMA Name: BGP Disconnect Sub-error Code"
bgp_suberror_code
"The browser on which the extension is installed. CMA Name: Browser Type"
browser_type
"The current version of the browser. CMA Name: Browser Version"
browser_version
"Always-On Bypass Duration In Seconds. CMA Name: Bypass Duration (Seconds)"
bypass_duration_sec
"Always-On Bypass Method. CMA Name: Bypass Method"
bypass_method
"Always-On Bypass Reason. CMA Name: Bypass Reason"
bypass_reason
"Cato system category. CMA Name: Category"
categories
"Cato application name. CMA Name: Cato App"
cato_app
"Activity classification, e.g. FALSE_POSITIVE. CMA Name: Classification"
classification
"Expiration date for Client certificate. CMA Name: Certificate Expiration Date"
client_cert_expires
"Name of Client certificate. CMA Name: Client Certificate Name"
client_cert_name
"Type of process generating this traffic. CMA Name: Client Class"
client_class
"""
Admins can configure the Client connection mode to control which types of traffic are routed and protected by Cato. The available options are:
All Ports and Protocols – Secures all application traffic across any port or protocol.
Web-only (HTTPS) – Secures only browser-based traffic over HTTPS.
CMA Name: Client Connection Mode
"""
client_connection_mode
"Client IP address. CMA Name: Client IP"
client_ip
"The TLS key exchange algorithm negotiated between the Cato PoP and the origin server during TLS inspection. This is the algorithm used to establish the shared secret for encrypting traffic on the client-facing (outbound) side of the proxy. CMA Name: Client Key Exchange Algorithm"
client_key_exchange_algorithm
"Socket or SDP Client version. CMA Name: Client Version"
client_version
"Shows the display name of the target user involved in an activity. CMA Name: Collaborator Name"
collaborator_name
"Identifies the origin of the target user involved in an activity. CMA Name: Collaborator Origin"
collaborator_origin
"Shows the tenant of the target user involved in an activity. CMA Name: Collaborator Tenant"
collaborator_tenant
"For SaaS Security API, email addresses of the users that received the file. CMA Name: Collaborators"
collaborators
"Confidence Level. CMA Name: Confidence Level"
confidence_level
"For hosts configured with a static IP in the Cato Management Application, the host name. CMA Name: Configured Host Name"
configured_host_name
"The algorithm that is used (CUBIC /NewReno / BBR). CMA Name: Congestion Algorithm"
congestion_algorithm
"Connect on boot Enabled/Disabled. CMA Name: Connect on Boot"
connect_on_boot
"Connection Origin. CMA Name: Connection Origin"
connection_origin
"For SaaS Security API, unique identifier of the connector. CMA Name: Connector ID"
connector_id
"For SaaS Security API, name of the connector. CMA Name: Connector Name"
connector_name
"For SaaS Security API, status of the connector. CMA Name: Connector Status"
connector_status
"For SaaS Security API, SaaS app for the connector. CMA Name: Connector Type"
connector_type
"IoC Container Name. CMA Name: Container Name"
container_name
"An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories. CMA Name: Correlation ID"
correlation_id
"CPU Core ID. CMA Name: Cpu Core ID"
cpu_core_id
"Criticality. CMA Name: Criticality"
criticality
"Custom category ID. CMA Name: Custom Category ID"
custom_category_id
"Custom category name. CMA Name: Custom Category Name"
custom_category_name
"For Internet traffic, country where the destination host is located. CMA Name: Destination Country"
dest_country
"For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2). CMA Name: Destination Country Code"
dest_country_code
"Destination endpoint type (Site, SDP User, or App Connector). CMA Name: Destination Endpoint Type"
dest_endpoint_type
"The unique identifier by the SaaS vendor for the target group in an activity. CMA Name: Dest Group ID"
dest_group_id
"Identifies the target group involved in an activity. CMA Name: Dest Group Name"
dest_group_name
"Destination IP address. CMA Name: Destination IP"
dest_ip
"For WAN traffic, destination is site or SDP user. CMA Name: Destination is Site or SDP User"
dest_is_site_or_vpn
"The destination process ID. CMA Name: Destination Process PID"
dest_pid
"Destination port. CMA Name: Destination Port"
dest_port
"Destination process command line. CMA Name: Destination Process Command Line"
dest_process_cmdline
"Destination process parent file path. CMA Name: Destination Process Parent Path"
dest_process_parent_path
"Destination process parent process ID. CMA Name: Destination Process Parent PID"
dest_process_parent_pid
"Destination process file path. CMA Name: Destination Process Path"
dest_process_path
"Unique internal Cato ID for the destination site or remote user. CMA Name: Dest Site ID"
dest_site_id
"The name of the destination site. CMA Name: Destination Site"
dest_site_name
"Short description of the detection. CMA Name: Detection Name"
detection_name
"""
Triggered when malware has been detected EPP Behavioral engines and has been dealt with:
• on_detection: the event is triggered upon malware detection;
• on_end_disinfect: the event is triggered upon detection and followed disinfection;
• on_inject: the event is triggered upon code injection.
CMA Name: Detection Stage
"""
detection_stage
"Device Categories. CMA Name: Device Category"
device_categories
"Device Certificate Validated/Not Validated. CMA Name: Device Certificate"
device_certificate
"The device compliance state at the time of the event, as reported by Intune. CMA Name: Device Compliance State"
device_compliance_state
"Unique Cato ID for devices. CMA Name: Device ID"
device_id
"Device Manufacturer. CMA Name: Device Manufacturer"
device_manufacturer
"Device Model. CMA Name: Device Model"
device_model
"Name for device related to the event. CMA Name: Device Name"
device_name
"Device OS Type. CMA Name: Device OS Type"
device_os_type
"Device posture profiles. CMA Name: Device Posture Profile"
device_posture_profile
"Device Type. CMA Name: Device Type"
device_type
"Host name of Domain Controller that created LDAP event. CMA Name: Directory Host Name"
directory_host_name
"IP address of Domain Controller that created LDAP event. CMA Name: Directory IP"
directory_ip
"Result of LDAP Domain Controller sync event. CMA Name: Directory Sync Result"
directory_sync_result
"Type of LDAP Domain Controller sync event. CMA Name: Directory Sync Type"
directory_sync_type
"If policy is set to disinfect, return the result of this action. CMA Name: Disinfect Result"
disinfect_result
"Describes the behavior when the DLP system encounters a failure. CMA Name: DLP Fail Mode"
dlp_fail_mode
"DLP profiles related to the event. CMA Name: DLP Profiles"
dlp_profiles
"Defines the scanning methods used by the DLP system. CMA Name: Data Classifier"
dlp_scan_types
"Cato’s DNS Protection type that matched the DNS request. CMA Name: DNS Protection Category"
dns_protection_category
"Domain queried in the DNS request. CMA Name: DNS Query"
dns_query
"Type of record (ie. DNS record: A, AAAA, MX, or PTR). CMA Name: Dns Record Type"
dns_record_type
"Domain name based on the SSL SNI, HTTP host name, or DNS name. CMA Name: Domain Name"
domain_name
"Duration in milliseconds between the start and end of a transaction or operation. For example, in DNS or HTTP events, this reflects the time between the request and the corresponding response. CMA Name: Duration Ms"
duration_ms
"Dynamic Control IDs applied in the event. CMA Name: Dynamic Control IDs"
dynamic_control_ids
"Dynamic control names applied in the event. CMA Name: Dynamic Control Names"
dynamic_control_names
"The scope of the dynamic control Applied in the event. CMA Name: Dynamic Control Scope"
dynamic_control_scope
"Dynamic control threat categories applied in the event. CMA Name: Dynamic Control Threat Categories"
dynamic_control_threat_categories
"Egress PoP Name. CMA Name: Egress PoP Name"
egress_pop_name
"Egress Site Name for backhauling traffic. CMA Name: Egress Site"
egress_site_name
"Email Subject. CMA Name: Email Subject"
email_subject
"The ID for the endpoint. CMA Name: Endpoint ID"
endpoint_id
"The engine type associated with the event. CMA Name: Engine Type"
engine_type
"The Endpoint Protection Engine that detected the malware. CMA Name: Engine Type"
epp_engine_type @deprecated(reason: "use engine_type instead. Planned end-of-life (EoL) date: April 1, 2026.")
"The profile assigned to the endpoint upon detection of the malware. CMA Name: Endpoint Protection Profile"
epp_profile
"Count for events that are repeated multiple times during one minute. CMA Name: Event Count"
event_count
"Event Id. CMA Name: Event ID"
event_id
"Cato's description of the event. CMA Name: Event Message"
event_message
"Sub-type for Routing, Security, Connectivity, System or Sockets Management event. CMA Name: Sub-Type"
event_sub_type
"Routing, Security, Connectivity, System or Sockets Management event. CMA Name: Event Type"
event_type
"Provides details about why a specific action or process failed. CMA Name: Failure Reason"
failure_reason
"File hash. CMA Name: File Hash"
file_hash
"File name. CMA Name: File Name"
file_name
"The file operation when this event occurred. CMA Name: File Operation"
file_operation
"File path. CMA Name: File Path"
file_path
"File size. CMA Name: File Size (bytes)"
file_size
"File Topic - The topic of the file content, as classified by the DLP auto-classification engine. CMA Name: File Topic"
file_topic
"File Topic Category - The category associated with the classified file topic, as determined by the DLP auto-classification engine. CMA Name: File Topic Category"
file_topic_category
"File type. CMA Name: File Type"
file_type
"The final status for this object after performing actions as defined by the policy. CMA Name: Final Object Status"
final_object_status
"Uniquely identifies a traffic flow and enables correlation of events and other records related to the same flow. Only available for native data integration created in the CMA and eventsFeed API. Not available in the events or eventsTimeSeries API."
flow_id
"Amount of flows for a given incident. CMA Name: Flows Cardinality"
flows_cardinality
"Full path URL application activity. CMA Name: Full Path URL"
full_path_url
"A unique identifier for the AI Security Guard associated with the event. CMA Name: Guard ID"
guard_id
"The name of the AI Security Guard associated with the event. CMA Name: Guard Name"
guard_name
"The type of AI Security Guard associated with the event. CMA Name: Guard Type"
guard_type
"An identifier for a guest user using Cato through a Captive Portal. CMA Name: Guest User"
guest_user
"IP address of host related to event. CMA Name: Host IP"
host_ip
"MAC address of host related to event. CMA Name: Host MAC Address"
host_mac
"HTTP request method (ie. Get, Post). CMA Name: Request Method"
http_request_method
"HTTP status code returned (ie. for DNS request, DNS-over-HTTPS (DoH) server when DoH is used). CMA Name: Http Response Code"
http_response_code
"For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false). CMA Name: Incident Aggregation"
incident_aggregation
"Unique Cato ID that identifies this security incident. CMA Name: Incident ID"
incident_id
"Indication. CMA Name: Indication"
indication
"Indicator. CMA Name: Indicator"
indicator
"The initial status of the object, before any policy was applied. CMA Name: Initial Object Status"
initial_object_status
"Cato Internal-use only. CMA Name: Internal ID"
internalId @deprecated(reason: "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Network protocol for this event. CMA Name: IP Protocol"
ip_protocol
"Classifies users based on their permissions. CMA Name: Is Admin"
is_admin
"Indicates whether an activity requires administrative permissions. CMA Name: Is Admin Activity"
is_admin_activity
"Is the application a cloud application? True if it is, False if not, null if no catalog application is associated. CMA Name: Is Cloud App"
is_cloud_app
"Is Compliant. CMA Name: Is Compliant"
is_compliant
"Is Managed. CMA Name: Is Managed"
is_managed
"Is the app for this event defined as a sanctioned app? (True/False). CMA Name: Is Sanctioned App"
is_sanctioned_app
"If the events was part of the sinkhole flow. CMA Name: Is Sinkhole"
is_sinkhole
"The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically). CMA Name: ISP Name"
ISP_name
"Name defined for the public API Key in the Cato Management Application. CMA Name: Api Key Name"
key_name
"A list of labels providing additional context for the event. CMA Name: Labels"
labels
"Role of the conversation participant for the analyzed turn (user, assistant, or tool call). CMA Name: Last Turn Role"
last_turn_role
"Data that measures the congestion for a specific link. CMA Name: Link Health is Congested"
link_health_is_congested
"Data that measures the jitter for a specific link. CMA Name: Link Health - Jitter"
link_health_jitter
"Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP. CMA Name: Link Health - Latency"
link_health_latency
"Data that measures the packet loss for a specific link. CMA Name: Link Health - Packet Loss"
link_health_pkt_loss
"Link type – Cato, Alt. WAN or LAG. CMA Name: Link Type"
link_type
"The user logged into this endpoint during this event. CMA Name: Logged In User"
logged_in_user
"Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic). CMA Name: Login Type"
login_type
"Matched DLP data types related to the event. CMA Name: Matched Data Types"
matched_data_types
"Unique identifier used to correlate request and response events for the same message. CMA Name: Message ID"
message_id
"Mitre attack subtechniques. CMA Name: Mitre Attack Subtechniques"
mitre_attack_subtechniques
"Mitre attack tactics. CMA Name: Mitre Attack Tactics"
mitre_attack_tactics
"Mitre attack techniques. CMA Name: Mitre Attack Techniques"
mitre_attack_techniques
"Flow NAT error reason. CMA Name: NAT Error"
nat_error
"Network Access. CMA Name: Network Access"
network_access
"Matched network rule. CMA Name: Network Rule"
network_rule
"For SaaS Security API, API Error of Apps Security Notification. CMA Name: Notification API Error"
notification_api_error
"For SaaS Security API, description of Apps Security Notification. CMA Name: Notification Description"
notification_description
"Unique identifier by the 3rd party App of the object being referenced. CMA Name: Object ID"
object_id
"The name of the object for this event (for example: file name). CMA Name: Object Name"
object_name
"Specifies the type of object being acted upon (e.g., file, folder). CMA Name: Object Type"
object_type
"Office mode Enabled/Disabled. CMA Name: Office Mode"
office_mode
"Host OS or tunnel device. CMA Name: OS Type"
os_type
"OS version for the device (such as 14.3.0). CMA Name: OS Version"
os_version
"Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App). CMA Name: Out of Band Access"
out_of_band_access
"Name of the on-prem deployment environment where the event originated from. CMA Name: Outpost Environment Name"
outpost_environment_name
"For SaaS Security API, email address of the file owner. CMA Name: Owner"
owner
"Pac File Enabled/Disabled. CMA Name: PAC File"
pac_file
"For SaaS Security API, parent Microsoft 365 connector. CMA Name: Parent Connector Name"
parent_connector_name
"Name of PoP location. CMA Name: PoP Name"
pop_name
"Precedence. CMA Name: Precedence"
precedence
"Indicate how many processes are part of this event. CMA Name: Processes Involved Count"
processes_count
"Producer. CMA Name: Producer"
producer
"Related project name(s). CMA Name: Projects"
projects
"Prompt Page Selected Action. CMA Name: Prompt Action"
prompt_action
"The name of the provider, for example cloud provider - AWS. CMA Name: Provider Name"
provider_name
"Public source IP. CMA Name: Public Source IP"
public_ip
"QoS Priority value. CMA Name: QoS Priority"
qos_priority
"For QoS, the time that this QoS event started. The event is generated when the QoS event finishes. CMA Name: QoS Reported Time"
qos_reported_time
"Specifies the path to a quarantine folder for isolated files. CMA Name: Quarantine Folder Path"
quarantine_folder_path
"A Unique ID for the quarantined file. CMA Name: Quarantine UUID"
quarantine_uuid
"Raw Data. Only available for native data integration created in the CMA and eventsFeed API. Not available in the events or eventsTimeSeries API."
raw_data
"RBI Profile used for RBI Session. CMA Name: RBI Profile"
rbi_profile
"Textual recommendation of the steps to take. CMA Name: Recommended Actions"
recommended_actions
"The URL that links directly to the object involved in the activity. CMA Name: Reference Url"
reference_url
"Referer URL from the HTTP request header indicating the source of the request. CMA Name: Referer Url"
referer_url
"The region of the object. CMA Name: Region Name"
region_name
"Registration code used the first time that a SDP user authenticates (the code is partially obfuscated). CMA Name: Registration Code"
registration_code
"Request packet size in bytes (ie. DNS request packet). CMA Name: Request Size"
request_size
"The ID of the resource in the cloud provider. CMA Name: The ID of the resource"
resource_id
"The specific name or identifier of the resource. CMA Name: Resource Name"
resource_name
"The type of resource being referenced. CMA Name: Resource Type"
resource_type
"Response packet size in bytes (ie. DNS response packet). CMA Name: Response Size"
response_size
"(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low – ie. adware Medium – ie. network scans High – ie. spyware or worms. CMA Name: Risk Level"
risk_level
"The time when the rule is no longer in active. CMA Name: Rule Expiration Time"
rule_expiration_time
"Unique Cato ID for the security rule related to the event. CMA Name: Rule ID"
rule_id
"Rule name. CMA Name: Rule"
rule_name
"Secondary socket serial number. CMA Name: Secondary Socket Serial"
secondary_socket_serial @deprecated(reason: "use socket_serial instead. Planned end-of-life (EoL) date: April 1, 2026.")
"Server IP address. CMA Name: Server IP"
server_ip
"The TLS key exchange algorithm negotiated between the connecting client and the Cato PoP during TLS inspection. This is the algorithm used to establish the shared secret for encrypting traffic on the server-facing (inbound) side of the proxy. CMA Name: Server Key Exchange Algorithm"
server_key_exchange_algorithm
"Indicates the internal vendor service or module that produced the data reported in this event. CMA Name: Service Name"
service_name
"Unique identifier for grouping multiple messages within the same session. CMA Name: Session ID"
session_id
"Severity defined for the rule. CMA Name: Severity"
severity
"Sharing Options for the file (such as SharePoint). CMA Name: Sharing Scope"
sharing_scope
"Sign In Types. CMA Name: Sign In Types"
sign_in_event_types
"For IPS and SAM, ID of the IPS signature. CMA Name: Signature ID"
signature_id
"Socket description. CMA Name: Socket Description"
socket_description
"Name for Socket interface. CMA Name: Interface ID"
socket_interface
"Socket interface ID. CMA Name: Socket Interface ID"
socket_interface_id
"Socket MAC address. CMA Name: Socket MAC Address"
socket_mac_address
"For Socket upgrades, new version number. CMA Name: Socket New Version"
socket_new_version
"For Socket upgrade, previous version number. CMA Name: Socket Old Version"
socket_old_version
"Type of Socket reset (Hardware/Software). CMA Name: Socket Reset"
socket_reset
"For Socket HA events, indicates if the Socket is primary or secondary. CMA Name: HA Role"
socket_role
"Socket serial number. CMA Name: Socket Serial"
socket_serial
"Socket version number. CMA Name: Socket Version"
socket_version
"Split Tunnel Configuration. CMA Name: Split Tunnel"
split_tunnel_configuration
"Country in which the source host is located (detected via public IP address). CMA Name: Source Country"
src_country
"Country Code of country in which the source host is located (detected via public IP address). CMA Name: Source Country Code"
src_country_code
"Source endpoint type (Site, SDP User, App Connector, API Client, or OOB). CMA Name: Source Endpoint Type"
src_endpoint_type
"IP for host or Cato Client. CMA Name: Source IP"
src_ip
"Source type: site or remote user. CMA Name: Source is Site or SDP User"
src_is_site_or_vpn
"IP address provided by ISP to site or Client. CMA Name: Source ISP IP"
src_isp_ip
"Source process ID. CMA Name: Source Process PID"
src_pid
"Internal port number. CMA Name: Source Port"
src_port
"Source process command line. CMA Name: Source Process Command Line"
src_process_cmdline
"Source process parent file path. CMA Name: Source Process Parent Path"
src_process_parent_path
"Source process parent process ID. CMA Name: Source Process Parent PID"
src_process_parent_pid
"Source process file path. CMA Name: Source Process Path"
src_process_path
"Unique internal Cato ID for the site or remote user. CMA Name: Src Site ID"
src_site_id
"Source site or remote user. CMA Name: Source Site"
src_site_name
"Static host. CMA Name: Static Host"
static_host
"""
The story status.
Possible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring.
CMA Name: Status
"""
status
"Story Id. CMA Name: Story ID"
story_id
"Name of subnet as defined in Cato Management Application. CMA Name: Subnet Name"
subnet_name
"The name of the subscription. CMA Name: Subscription Name"
subscription_name
"Number of targets (servers) associated with this event. CMA Name: Targets Cardinality"
targets_cardinality
"Shows if traffic was TCP accelerated or not. CMA Name: TCP Acceleration"
tcp_acceleration
"Unique identifier for the tenant within a multi-tenant environment. CMA Name: Tenant ID"
tenant_id
"Tenant Name. CMA Name: Tenant Name"
tenant_name
"Tenant Restriction Rule Name. CMA Name: Tenant Restriction Rule Name"
tenant_restriction_rule_name
"""
Contains the detection risk level. Could be one of the following:
• Info - this is information-only event, the activity is not malicious;
• Suspicious - the event is suspicious. It may be malicious, but there is not enough information
• Malware - the event is malicious activity.
CMA Name: Threat Confidence
"""
threat_confidence
"For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked. CMA Name: Threat Name"
threat_name
"Link to external malware reference. CMA Name: Threat Reference"
threat_reference
"The higher the score, the more dangerous the event. In range between 1 - 100 inclusive. CMA Name: Threat Score"
threat_score
"Type of malware event. CMA Name: Threat Type"
threat_type
"Result of malware event (clean indicates a safe file). CMA Name: Threat Verdict"
threat_verdict
"Time stamp of the event (Linux epoch format). CMA Name: Time"
time
"Time stamp of the event (Human-readable format). Only available for native data integration created in the CMA and eventsFeed API. Not available in the events or eventsTimeSeries API."
time_str
"A short summary of the activity. CMA Name: Title"
title
"TLS Certificate Error. CMA Name: TLS Certificate Error"
tls_certificate_error
"TLS Error Description. CMA Name: TLS Error Description"
tls_error_description
"TLS Error Type. CMA Name: TLS Error Type"
tls_error_type
"Shows if traffic was TLS inspected or not. CMA Name: TLS Inspection"
tls_inspection
"TLS Inspection rule name. CMA Name: TLS Rule Name"
tls_rule_name
"TLS Version. CMA Name: TLS Version"
tls_version
"Total number of tokens processed. CMA Name: Total Tokens"
total_tokens
"Direction of network traffic for this event, values are inbound or outbound. CMA Name: Traffic Direction"
traffic_direction
"Total transaction size in bytes, including both the request and response. CMA Name: Transaction Size"
transaction_size
"Translated Client IP. CMA Name: Translated Client IP"
translated_client_ip
"Translated Server IP. CMA Name: Translated Server IP"
translated_server_ip
"Trigger. CMA Name: Trigger"
trigger
"Trust Type. CMA Name: Trust Type"
trust_type
"Trusted networks Enabled/Disabled. CMA Name: Trusted Networks"
trusted_networks
"Tunnel Protocol TCP/UDP. CMA Name: Tunnel IP Protocol"
tunnel_ip_protocol
"Protocol for the tunnel. CMA Name: Tunnel Protocol"
tunnel_protocol
"Socket upgrade end time (Linux epoch format):. CMA Name: Upgrade End Time"
upgrade_end_time
"Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin). CMA Name: Upgrade Initiated By"
upgrade_initiated_by
"Socket upgrade start time (Linux epoch format). CMA Name: Upgrade Start Time"
upgrade_start_time
"URL associated with the event. CMA Name: URL"
url
"User Agent. CMA Name: User Agent"
user_agent
"Method used to get identity with User Awareness (such as Identity Agent). CMA Name: User Awareness Method"
user_awareness_method
"User ID. CMA Name: User ID"
user_id
"User that generated the event. CMA Name: User Name"
user_name
"Identifies the origin of the user’s connection. CMA Name: User Origin"
user_origin
"For Block/Prompt page, reference ID to report incorrect category. CMA Name: Event Reference ID"
user_reference_id
"User risk level category. CMA Name: User Risk Level"
user_risk_level
"The vendor that identified the incident, such as Cato or Microsoft. CMA Name: Vendor"
vendor
"Shows the id of the target user involved in an activity. CMA Name: Vendor Collaborator ID"
vendor_collaborator_id
"Vendor Device Id. CMA Name: Vendor Device ID"
vendor_device_id
"Vendor Device Name. CMA Name: Vendor Device Name"
vendor_device_name
"Vendor Event Id. CMA Name: Vendor Event ID"
vendor_event_id
"Identifies the organization in the vendor’s system. CMA Name: Vendor Org ID"
vendor_org_id
"Third party vendor policy description. CMA Name: Vendor Policy Description"
vendor_policy_description
"Third party vendor policy ID. CMA Name: Vendor Policy ID"
vendor_policy_id
"Third party vendor policy name. CMA Name: Vendor Policy Name"
vendor_policy_name
"Identifies the site in the vendor’s system. CMA Name: Vendor Site ID"
vendor_site_id
"Identifies the user in the vendor’s system. CMA Name: Vendor User ID"
vendor_user_id
"Unique Cato Visible ID for devices. CMA Name: Device ID"
visible_device_id @deprecated(reason: "use device_id instead. Planned end-of-life (EoL) date: April 1, 2026.")
"Lan access Allowed / Blocked. CMA Name: LAN Access"
vpn_lan_access
"User’s email address. CMA Name: SDP User Email"
vpn_user_email
"WiFi authentication type. CMA Name: Wifi Authentication Type"
wifi_authentication_type
"WiFi BSSID (Basic Service Set Identifier). CMA Name: Wifi Bssid"
wifi_bssid
"WiFi channel. CMA Name: Wifi Channel"
wifi_channel
"WiFi authentication failure reason. CMA Name: WiFi Auth Failure Reason"
wifi_description
"Wifi Event Reason Code. CMA Name: Wifi Event Reason Code"
wifi_event_reason_code
"Wifi Event Type. CMA Name: Wifi Event Type"
wifi_event_type
"Wifi Event Type Code. CMA Name: Wifi Event Type Code"
wifi_event_type_code
"WiFi event display name as shown in the vendor's management application. CMA Name: Wifi Event Vendor Name"
wifi_event_vendor_name
"Wifi Protocol. CMA Name: Wifi Protocol"
wifi_protocol
"WiFi radio band. CMA Name: Wifi Radio Band"
wifi_radio_band
"Wifi Security Protocols. CMA Name: Wifi Security"
wifi_security
"WiFi signal strength. CMA Name: Wifi Signal Strength"
wifi_signal_strength
"WiFi SSID (Service Set Identifier). CMA Name: Wifi Ssid"
wifi_ssid
"Wifi milliseconds since association to the Access Point. CMA Name: Wifi Time Since Assoc Ms"
wifi_time_since_assoc_ms
"For LDAP sync events, name of the AD domain. CMA Name: Windows Domain Name"
windows_domain_name
"XFF HTTP header indicates the original IP address for the connections. CMA Name: XFF"
xff
}
type EnterpriseDirectoryQueries {
"""Retrieve the account location items"""
locationList(input: EnterpriseDirectoryLocationListInput): EnterpriseDirectoryLocationListPayload @beta
}
type EnterpriseDirectoryMutations {
archiveLocation(locationId: ID): EnterpriseDirectoryArchiveLocationPayload @beta
createLocation(input: EnterpriseDirectoryCreateLocationInput!): EnterpriseDirectoryCreateLocationPayload @beta
restoreLocation(locationId: ID): EnterpriseDirectoryRestoreLocationPayload @beta
updateLocation(input: EnterpriseDirectoryUpdateLocationInput!): EnterpriseDirectoryUpdateLocationPayload @beta
}
type EnterpriseDirectoryLocationListPayload {
"""The results"""
items: [Location!]!
"""Pagination details"""
pageInfo: PageInfo
}
type EnterpriseDirectoryCreateLocationPayload {
"""The created location"""
location: Location!
}
type EnterpriseDirectoryUpdateLocationPayload {
"""The updated location"""
location: Location!
}
type EnterpriseDirectoryArchiveLocationPayload {
"""The archived location"""
location: Location!
}
type EnterpriseDirectoryRestoreLocationPayload {
"""The restored location"""
location: Location!
}
type Location {
"""Cma account"""
account: AccountRef!
"""Is archived"""
archived: Boolean!
"""Audit data"""
audit: AuditingMetadata!
"""Business unit"""
businessUnit: String
"""Location description"""
description: String
"""Location details"""
details: LocationDetails!
"""Location id"""
id: ID!
"""Location name"""
name: String!
"""Location type"""
type: LocationType!
}
type LocationDetails {
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetails
"""Postal location"""
postalAddress: PostalAddress!
"""Is shipping location"""
shippingLocation: Boolean!
"""Vat id (required for Brazil)"""
vatId: String
}
input EnterpriseDirectoryLocationListInput {
filter: LocationFilterInput
paging: PagingInput = {limit: 100, from: 0}
sort: LocationSortInput = {name: {direction: ASC, priority: 1}}
}
input LocationSortInput {
country: SortOrderInput
"""Default sort field"""
name: SortOrderInput
type: SortOrderInput
}
input LocationFilterInput {
account: [AccountFilter!]
countryCode: [StringFilterInput!]
"""
Will use contains operator for the provided text on the location fields
"""
freeText: FreeTextFilterInput
id: [IdFilterInput!]
includeArchived: Boolean = false
isShippingLocation: Boolean
name: [StringFilterInput!]
type: [LocationTypeFilterInput!]
}
input LocationTypeFilterInput {
eq: LocationType
in: [LocationType!]
neq: LocationType
nin: [LocationType!]
}
input EnterpriseDirectoryCreateLocationInput {
"""Business unit"""
businessUnit: String
"""Description"""
description: String
"""Location details"""
details: CreateLocationDetailsInput!
"""Location name"""
name: String!
"""Location type"""
type: LocationType!
}
input EnterpriseDirectoryUpdateLocationInput {
"""Business unit"""
businessUnit: String
"""Description"""
description: String
"""Location details"""
details: UpdateLocationDetailsInput
"""Location id"""
id: ID!
"""Location name"""
name: String
"""Location type"""
type: LocationType
}
input CreateLocationDetailsInput {
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetailsInput
"""Postal location"""
postalAddress: PostalAddressInput!
"""Vat id (required for Brazil)"""
vatId: String
}
input UpdateLocationDetailsInput {
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetailsInput
"""Postal location"""
postalAddress: PostalAddressInput
"""Vat id (required for Brazil)"""
vatId: String
}
enum LocationType {
BRANCH
CLOUD_DATA_CENTER
DATA_CENTER
HEADQUARTERS
WAREHOUSE
}
type DevicesQueries {
attributesCatalog: DeviceAttributesCatalogQueries! @beta
csvExport(input: DeviceCsvExportInput): ExportJobResponse! @beta
csvExportStatus(jobId: ID!): ExportStatusResponse! @beta
list(input: DeviceV2Input): DevicesPayload @beta
}
type DeviceV2 {
"Device category grouping based on role or type"
category: String
"Compliance posture of the device according to policy/integration checks (e.g., 'compliant', 'noncompliant', 'unknown')"
complianceState: String
"Confidence score for device classification accuracy"
confidence: DeviceConfidenceLevel
"Profile describing how the device connects to the network"
connectionProfile: DeviceConnectionProfile
"Timestamp of when the device was first detected"
firstSeen: DateTime
"Hardware information for the device"
hw: DeviceHw
"Unique identifier for the device record"
id: ID!
ip: String @deprecated(reason: "Use nics.ip instead")
"Current or last known IP address of the device"
ipAddress: IPAddress @deprecated(reason: "Use nics.ip instead")
"True/false flag showing whether the device is under admin management"
isManaged: Boolean!
"Timestamp of the most recent device activity"
lastSeen: DateTime
"Human-readable name of the device"
name: String
"Information about the network environment the device connects to"
network: DeviceNetwork @deprecated(reason: "Use nics.network instead")
"Reference to the device's network (Rename to 'network' after fe is aligned)"
networkInfo: DeviceNetworkRef @deprecated(reason: "Use nics.network instead")
"Network interface card details for the device"
nic: DeviceNic @deprecated(reason: "Use nics instead")
"List of network interface cards (NICs) associated with the device. Each entry represents a distinct interface"
nics: [DeviceNic!]!
"The origins (e.g., integrations, data feeds) that detected the device"
originTypes: [OriginType!]!
"Operating system details of the device"
os: DeviceOs
"Numerical value representing the device's security risk"
riskScore: Int
"Reference to the site where the device is located"
site: SiteRef @deprecated(reason: "Use nics.site instead")
"Reference to the user linked with this device"
user: UserRef
}
"The origins (e.g., integrations, data feeds) that detected the device"
enum OriginType {
"Device details reported by the Armis security platform"
Armis
"Device information provided by the Cato Networks platform"
CatoNetworks
"Device data gathered from Claroty's security platform"
Claroty
"Device details provided by CrowdStrike endpoint security"
Crowdstrike
"Device information from Juniper Mist network infrastructure platform"
JuniperMist
"Device information from Microsoft Defender endpoint platform"
MicrosoftDefender
"Device data collected from Microsoft Intune MDM"
MicrosoftIntune
"Device information from SentinelOne endpoint platform"
SentinelOne
"Origin of the device data could not be determined"
Unknown
"Device information identified through Zoom integration"
Zoom
}
union DeviceNetworkRef = SiteNetworkSubnetRef | GlobalRangeRef | GlobalIpRangeRef | FloatingSubnetRef
"Represents a single network interface card (NIC) associated with a device"
type DeviceNic {
"The IP address currently or last associated with this interface"
ip: IPAddress
"The unique MAC address of the device's network interface card"
macAddress: MacAddress
"Reference to the network context (e.g., site subnet, floating subnet, or global IP range) associated with this interface"
network: DeviceNetworkRef
"Reference to the site where this interface was observed"
site: SiteRef
"Manufacturer of the network interface (e.g., Intel, Broadcom)"
vendor: String
}
type DeviceOs {
"Name of the operating system product (e.g., Windows, iOS)"
product: String
"Vendor or publisher of the operating system"
vendor: String
"Specific version or release of the operating system"
version: String
}
type DeviceHw {
"Brand or vendor that produced the device"
manufacturer: String
"Specific hardware model identifier"
model: String
"Hardware type of the device (e.g., laptop, printer)"
type: String
}
type DeviceNetwork {
"Name of the associated network"
networkName: String
"Subnet in which the device resides"
subnet: String
}
type DeviceConnectionProfile {
"List of applications the device communicates with"
destApps: [String!]!
"Domains contacted by the device"
destDomains: [String!]!
"Destination hosts accessed by the device"
destHosts: [String!]!
"Traffic direction indicators (e.g., inbound, outbound)"
directions: [String!]!
}
enum DeviceConfidenceLevel {
"Device classification is strongly validated by multiple signals"
HIGH
"Device classification has minimal supporting evidence"
LOW
"Device classification has moderate supporting signals"
MEDIUM
}
input DeviceV2Input {
"List of filter conditions applied to narrow down devices"
filter: [DeviceV2FilterInput!]
"Paging input to control results (default limit = 100)"
paging: PagingInput! = {limit: 100, from: 0}
"Sorting configuration (default: sort by id descending)"
sort: DeviceSortInput! = {id: {direction: DESC, priority: 1}}
}
type DevicesPayload {
"List of devices returned by the query"
device: [DeviceV2!]!
"Metadata describing pagination details"
paging: PageInfo!
}
"Input for sorting devices by various fields"
input DeviceSortInput {
"Sort by device category"
category: SortOrderInput
"Sort by classification confidence level"
confidence: SortOrderInput
"Sort by first detection timestamp"
firstSeen: SortOrderInput
"Sort by hardware fields"
hw: DeviceHwSortOrderInput
"Sort by device unique identifier"
id: SortOrderInput
"Sort by IP address"
ip: SortOrderInput
"Sort by last activity timestamp"
lastSeen: SortOrderInput
"Sort by device name"
name: SortOrderInput
"Sort by network fields"
network: DeviceNetworkSortOrderInput
"Sort by network interface fields"
nic: DeviceNicSortOrderInput
"Sort by operating system fields"
os: DeviceOsSortOrderInput
"Sort by security risk score"
riskScore: SortOrderInput
"Sort by site-related fields"
site: DeviceSiteSortOrderInput
"Sort by user-related fields"
user: DeviceUserSortOrderInput
}
input DeviceNicSortOrderInput {
macAddress: SortOrderInput
vendor: SortOrderInput
}
input DeviceSiteSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
input DeviceUserSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
input DeviceOsSortOrderInput {
product: SortOrderInput
vendor: SortOrderInput
version: SortOrderInput
}
input DeviceHwSortOrderInput {
manufacturer: SortOrderInput
model: SortOrderInput
type: SortOrderInput
}
input DeviceNetworkSortOrderInput {
networkName: SortOrderInput
subnet: SortOrderInput
}
"Input for filtering devices by various criteria"
input DeviceV2FilterInput {
"Filter by device category"
category: [StringFilterInput!]
"Filter by compliance state criteria"
complianceState: [StringFilterInput!]
"Filter by classification confidence level"
confidence: [DeviceConfidenceLevelFilterInput!]
"Filter by first detection timestamp"
firstSeen: [DateTimeFilterInput!]
"Filter by hardware criteria"
hw: DeviceHwFilterInput
"Filter by device unique identifier"
id: [IdFilterInput!]
ip: [StringFilterInput!] @deprecated(reason: "Use ipAddress instead")
"Filter by IP address"
ipAddress: [IPAddressFilterInput!]
"Filter by management status"
isManaged: [BooleanFilterInput!]
"Filter by last activity timestamp"
lastSeen: [DateTimeFilterInput!]
"Filter by device name"
name: [StringFilterInput!]
"Filter by network criteria"
network: DeviceNetworkFilterInput
"Filter by network interface criteria"
nic: DeviceNicFilterInput
originTypes: [OriginTypeFilterInput!]
"Filter by operating system criteria"
os: DeviceOsFilterInput
"Filter by security risk score"
riskScore: [IntFilterInput!]
"Filter by site reference"
site: [SiteRefFilterInput!]
"Filter by user reference"
user: [UserRefFilterInput!]
}
"Filter input for device confidence level with equality and inclusion operators"
input DeviceConfidenceLevelFilterInput {
"Equals - exact confidence level match"
eq: DeviceConfidenceLevel
"In - match any of the specified confidence levels"
in: [DeviceConfidenceLevel!]
"Not equals - exclude specific confidence level"
neq: DeviceConfidenceLevel
"Not in - exclude all specified confidence levels"
nin: [DeviceConfidenceLevel!]
}
input OriginTypeFilterInput {
"Has all - include devices that have all specified origin types"
hasAll: [OriginType!]
"In - include devices that have any of the specified origin types"
in: [OriginType!]
"Not in - exclude devices that have any of the specified origin types"
nin: [OriginType!]
}
input MacAddressFilterInput {
eq: MacAddress
in: [MacAddress!]
neq: MacAddress
nin: [MacAddress!]
}
input DeviceNicFilterInput {
macAddress: [MacAddressFilterInput!]
vendor: [StringFilterInput!]
}
input DeviceOsFilterInput {
product: [StringFilterInput!]
vendor: [StringFilterInput!]
version: [StringFilterInput!]
}
input DeviceHwFilterInput {
manufacturer: [StringFilterInput!]
model: [StringFilterInput!]
type: [StringFilterInput!]
}
input DeviceNetworkFilterInput {
networkName: [StringFilterInput!]
subnet: [StringFilterInput!]
}
input DeviceAttributeCatalogInput {
filter: StringFilterInput
paging: PagingInput
sort: SortOrderInput
}
type DeviceAttributesCatalogQueries {
category(sort: SortOrderInput): DeviceAttributeCatalogPayload!
compliance(input: DeviceComplianceCatalogInput): DeviceComplianceCatalogPayload!
manufacturer(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
model(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
os(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
type(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
}
type DeviceComplianceCatalogPayload {
items: [DeviceComplianceCatalogItem!]!
pageInfo: PageInfo!
}
type DeviceComplianceCatalogItem {
applicationConnector: ApplicationConnectorCatalogEntityRef!
state: String!
}
input DeviceComplianceCatalogInput {
filter: DeviceComplianceFilterInput
paging: PagingInput
sort: DeviceComplianceSortInput
}
input DeviceComplianceFilterInput {
applicationConnector: ApplicationConnectorCatalogEntityRefFilterInput
state: StringFilterInput
}
input ApplicationConnectorCatalogEntityRefFilterInput {
id: IdFilterInput
name: StringFilterInput
}
input DeviceComplianceSortInput {
applicationConnector: ApplicationConnectorCatalogEntityRefSortOrderInput
state: SortOrderInput
}
input ApplicationConnectorCatalogEntityRefSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
type DeviceAttributeCatalogPayload {
items: [String!]!
pageInfo: PageInfo!
}
"Response returned when initiating a CSV export job"
type ExportJobResponse {
"Unique identifier for the export job"
jobId: ID!
"Status message about the export job initiation"
message: String
}
"Response containing the current status and details of an export job"
type ExportStatusResponse {
"Download URL (available when status is COMPLETED)"
downloadUrl: String
"Timestamp when the download URL expires"
expiresAt: DateTime
"Unique identifier for the export job"
jobId: ID!
"Status message describing current state"
message: String
"Completion percentage (0-100%)"
progress: Float
"Current status of the export job"
status: ExportJobStatus!
}
"Status values for export job lifecycle"
enum ExportJobStatus {
"Export job finished successfully and file is ready for download"
COMPLETED
"Export job encountered an error and could not complete"
FAILED
"Export job is currently being processed"
IN_PROGRESS
"Export job has been queued but not yet started"
PENDING
}
"Input for CSV export with optional filtering"
input DeviceCsvExportInput {
"Filter devices by various criteria before export"
filter: [DeviceV2FilterInput!]
}
type CustomAppDataQueries {
customApplication(input: CustomApplicationRefInput!): CustomApplication @rollout @beta
customApplicationList(input: CustomApplicationListInput!): CustomApplicationListPayload @rollout @beta
}
type CustomAppDataMutations {
addCustomApplication(input: AddCustomApplicationInput!): AddCustomApplicationPayload @rollout @beta
deleteCustomApplication(input: DeleteCustomApplicationInput!): DeleteCustomApplicationPayload @rollout @beta
updateCustomApplication(input: UpdateCustomApplicationInput!): UpdateCustomApplicationPayload @rollout @beta
}
input DeleteCustomApplicationInput {
customApplication: CustomApplicationRefInput!
}
type DeleteCustomApplicationPayload {
customApplication: CustomApplication!
}
type AddCustomApplicationPayload {
customApplication: CustomApplication!
}
type CustomApplication {
category: [ApplicationCategoryRef!]!
criteria: [CustomApplicationCriteria!]!
description: String
id: ID!
name: String!
}
input AddCustomApplicationInput {
category: [ApplicationCategoryRefInput!]
criteria: [CustomApplicationCriteriaInput!]!
description: String
name: String!
}
type UpdateCustomApplicationPayload {
customApplication: CustomApplication!
}
input UpdateCustomApplicationInput {
category: [ApplicationCategoryRefInput!]
criteria: [CustomApplicationCriteriaInput!]
description: String
id: ID!
name: String
}
input CustomApplicationCriteriaInput {
destination: CustomApplicationDestinationInput
port: [Port!]!
portRange: [PortRangeInput!]!
protocol: IpProtocol! = ANY
}
type CustomApplicationCriteria {
destination: CustomApplicationDestination
port: [Port!]!
portRange: [PortRange!]!
protocol: IpProtocol!
}
type CustomApplicationIp {
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
input CustomApplicationIpInput {
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
type CustomApplicationDestination {
destinationIp: CustomApplicationIp
domain: [Domain!]!
fqdn: [Fqdn!]!
}
input CustomApplicationDestinationInput {
destinationIp: CustomApplicationIpInput
domain: [Domain!]
fqdn: [Fqdn!]
}
type CustomApplicationListPayload {
items: [CustomApplication!]!
paging: PageInfo!
}
input CustomApplicationListInput {
filter: [CustomApplicationFilterInput!]
paging: PagingInput
sort: CustomApplicationSortInput
}
input CustomApplicationFilterInput {
category: [CustomApplicationCategoryFilterInput!]
"""Free-text search across name field only"""
freeText: FreeTextFilterInput
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CustomApplicationCategoryFilterInput {
hasAny: [ApplicationCategoryRefInput!]
}
input CustomApplicationSortInput {
category: ApplicationCategorySortInput
description: SortOrderInput
name: SortOrderInput
}
input ApplicationCategorySortInput {
name: SortOrderInput
}
type ContainerQueries {
fqdn: FqdnContainerQueries!
ipAddressRange: IpAddressRangeContainerQueries!
list(input: ContainerSearchInput!): ContainerSearchPayload! @beta
}
type ContainerMutations {
delete(input: DeleteContainerInput!): DeleteContainerPayload! @beta
fqdn: FqdnContainerMutations!
ipAddressRange: IpAddressRangeContainerMutations!
}
"A group with members of a single type of entity (for example: IPAddress, FQDN)"
interface Container {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Description for the container"
description: String
"Number of items in the container"
size: Int!
"Audit metadata about the container"
audit: ContainerAudit!
"Information about automatic synchronization of the container"
syncData: ContainerSyncData
"Audit information about the last synchronization of the container"
syncDataAudit: ContainerSyncDataAudit
}
"Audit metadata about the container"
type ContainerAudit {
"Indicates when the container was created"
createdAt: DateTime!
"Indicates who created the container"
createdBy: String!
"Indicated when the container was last updated"
lastModifiedAt: DateTime!
"Indicates who was the last to update the container"
lastModifiedBy: String!
}
"Information about automatic synchronization of the container"
type ContainerSyncData {
"File type that is synchronized"
fileType: ContainerFileType
"Notifications for sync data"
notifications: ContainerSyncDataNotification!
"Interval of time between synchronizations"
timeInterval: Int!
"Unit of time for the interval"
timeUnit: ContainerSyncDataTimeUnit!
"URL from which the container is synchronized"
url: Url!
}
type ContainerSyncDataNotification {
mailingList: [SubscriptionMailingListRef!]!
subscriptionGroup: [SubscriptionGroupRef!]!
webhook: [SubscriptionWebhookRef!]!
}
"Audit information about the last synchronization of the container"
type ContainerSyncDataAudit {
"Error message, only if last sync had an error"
errorMsg: String
"Timestamp of the last attempt sync"
lastSyncAttempt: DateTime!
"Timestamp of the last successful sync"
lastSynced: DateTime!
}
enum ContainerSyncDataTimeUnit {
DAY
HOUR
}
"Container search result, including all containers that matched input criteria"
type ContainerSearchPayload {
"A list of matched containers"
containers: [Container!]!
}
type DeleteContainerPayload {
"The data of the container before it was deleted"
container: Container!
}
type TestContainerFromUrlPayload {
sizeInvalid: Int!
sizeValid: Int!
topInvalid: [String!]!
topValid: [String!]!
}
"Filtering input to container search"
input ContainerSearchInput {
"Allows filtering container search by container ID or container name"
refs: [ContainerRefInput!]! = []
"Allows filtering container search by specific container types"
types: [ContainerType!]! = []
}
"Identification of container for delete operation"
input DeleteContainerInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Create synchronization data for a container"
input CreateContainerSyncDataInput {
notifications: CreateContainerSyncDataNotificationInput!
timeInterval: Int!
timeUnit: ContainerSyncDataTimeUnit!
url: Url!
}
input CreateContainerSyncDataNotificationInput {
mailingList: [SubscriptionMailingListRefInput!]! = []
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
webhook: [SubscriptionWebhookRefInput!]! = []
}
"Update synchronization data for a container"
input UpdateContainerSyncDataInput {
notifications: UpdateContainerSyncDataNotificationInput
timeInterval: Int
timeUnit: ContainerSyncDataTimeUnit
url: Url
}
input UpdateContainerSyncDataNotificationInput {
mailingList: [SubscriptionMailingListRefInput!]! = []
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
webhook: [SubscriptionWebhookRefInput!]! = []
}
input TestContainerFromUrlInput {
fileType: ContainerFileType! = CSV
url: Url!
}
enum ContainerType {
FQDN
IP_RANGE
}
enum ContainerFileType {
CSV
STIX
}
type FqdnContainerMutations {
addValues(input: FqdnContainerAddValuesInput!): FqdnContainerAddValuesPayload! @beta
createFromFile(input: CreateFqdnContainerFromFileInput!): CreateFqdnContainerFromFilePayload! @beta
createFromList(input: CreateFqdnContainerFromListInput!): CreateFqdnContainerFromListPayload! @beta
createFromURL(input: CreateFqdnContainerFromUrlInput!): CreateFqdnContainerFromUrlPayload! @beta
removeValues(input: FqdnContainerRemoveValuesInput!): FqdnContainerRemoveValuesPayload! @beta
syncFromURL(input: SyncFqdnContainerFromUrlInput!): SyncFqdnContainerFromUrlPayload! @beta
updateFromFile(input: UpdateFqdnContainerFromFileInput!): UpdateFqdnContainerFromFilePayload! @beta
updateFromList(input: UpdateFqdnContainerFromListInput!): UpdateFqdnContainerFromListPayload! @beta
updateFromURL(input: UpdateFqdnContainerFromUrlInput!): UpdateFqdnContainerFromUrlPayload! @beta
}
type FqdnContainerQueries {
downloadFile(input: DownloadFqdnContainerFileInput!): DownloadFqdnContainerFilePayload! @beta
search(input: FqdnContainerSearchInput!): FqdnContainerSearchPayload! @beta
searchFqdn(input: FqdnContainerSearchFqdnInput!): FqdnContainerSearchFqdnPayload! @beta
testFromURL(input: TestContainerFromUrlInput!): TestContainerFromUrlPayload! @beta
}
"A group with members of FQDN type"
type FqdnContainer implements Container {
"Audit metadata about the container"
audit: ContainerAudit!
"Description for the container"
description: String
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Number of items in the container"
size: Int!
"Information about automatic synchronization of the container"
syncData: ContainerSyncData
"Audit information about the last synchronization of the container"
syncDataAudit: ContainerSyncDataAudit
}
"Payload of FQDN container search"
type FqdnContainerSearchPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of FQDN search query"
type FqdnContainerSearchFqdnPayload {
"List of containers with members of type FQDN"
containers: [FqdnContainer!]!
}
"Payload of AddValues operation on FQDN typed container"
type FqdnContainerAddValuesPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of RemoveValues operation on FQDN typed container"
type FqdnContainerRemoveValuesPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of CreateFromFile operation on FQDN typed container"
type CreateFqdnContainerFromFilePayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of UpdateFromFile operation on FQDN typed container"
type UpdateFqdnContainerFromFilePayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of CreateFromList operation on FQDN typed container"
type CreateFqdnContainerFromListPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of UpdateFromList operation on FQDN typed container"
type UpdateFqdnContainerFromListPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
type CreateFqdnContainerFromUrlPayload {
container: FqdnContainer!
}
type UpdateFqdnContainerFromUrlPayload {
container: FqdnContainer!
}
type SyncFqdnContainerFromUrlPayload {
container: FqdnContainer!
}
"Payload of download FQDN typed container file"
type DownloadFqdnContainerFilePayload {
"Content of a file encoded in base64 format"
encodedFile: String!
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Input for creating FQDN typed container from file"
input CreateFqdnContainerFromFileInput {
"Description for the container"
description: String!
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Name for the container"
name: String!
"Multipart file containing FQDNs with fileType delimiter"
uploadFile: Upload
}
input CreateFqdnContainerFromListInput {
description: String!
name: String!
values: [Fqdn!]! = []
}
"Input for updating FQDN typed container from file"
input UpdateFqdnContainerFromFileInput {
"Description for the container"
description: String
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
"Multipart file containing FQDNs with fileType delimiter"
uploadFile: Upload
}
input UpdateFqdnContainerFromListInput {
description: String!
ref: ContainerRefInput!
values: [Fqdn!]
}
"Input for adding values to existing FQDN typed container"
input FqdnContainerAddValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [Fqdn!]! = []
}
"Input for removing values from existing FQDN typed container"
input FqdnContainerRemoveValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [Fqdn!]! = []
}
input CreateFqdnContainerFromUrlInput {
description: String! = ""
fileType: ContainerFileType! = CSV
name: String!
syncData: CreateContainerSyncDataInput!
}
input UpdateFqdnContainerFromUrlInput {
description: String
fileType: ContainerFileType = CSV
ref: ContainerRefInput!
syncData: UpdateContainerSyncDataInput
}
input SyncFqdnContainerFromUrlInput {
ref: ContainerRefInput!
}
"Input for searching FQDN typed container"
input FqdnContainerSearchInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Input for searching FQDN typed containers that contain a specific FQDN"
input FqdnContainerSearchFqdnInput {
fqdn: Fqdn!
}
"Input for searching FQDN typed container to download its content"
input DownloadFqdnContainerFileInput {
by: ObjectRefBy!
input: String!
}
type IpAddressRangeContainerMutations {
addValues(input: IpAddressRangeContainerAddValuesInput!): IpAddressRangeContainerAddValuesPayload! @beta
createFromFile(input: CreateIpAddressRangeContainerFromFileInput!): CreateIpAddressRangeContainerFromFilePayload! @beta
createFromList(input: CreateIpAddressRangeContainerFromListInput!): CreateIpAddressRangeContainerFromListPayload! @beta
createFromURL(input: CreateIpAddressRangeContainerFromUrlInput!): CreateIpAddressRangeContainerFromUrlPayload! @beta
removeValues(input: IpAddressRangeContainerRemoveValuesInput!): IpAddressRangeContainerRemoveValuesPayload! @beta
syncFromURL(input: SyncIpAddressRangeContainerFromUrlInput!): SyncIpAddressRangeContainerFromUrlPayload! @beta
updateFromFile(input: UpdateIpAddressRangeContainerFromFileInput!): UpdateIpAddressRangeContainerFromFilePayload! @beta
updateFromList(input: UpdateIpAddressRangeContainerFromListInput!): UpdateIpAddressRangeContainerFromListPayload! @beta
updateFromURL(input: UpdateIpAddressRangeContainerFromUrlInput!): UpdateIpAddressRangeContainerFromUrlPayload! @beta
}
type IpAddressRangeContainerQueries {
downloadFile(input: DownloadIpAddressRangeContainerFileInput!): DownloadIpAddressRangeContainerFilePayload! @beta
search(input: IpAddressRangeContainerSearchInput!): IpAddressRangeContainerSearchPayload! @beta
searchIpAddressRange(input: IpAddressRangeContainerSearchIpAddressRangeInput!): IpAddressRangeContainerSearchIpAddressRangePayload! @beta
testFromURL(input: TestContainerFromUrlInput!): TestContainerFromUrlPayload! @beta
}
"A group with members of IPAddressRange type"
type IpAddressRangeContainer implements Container {
"Audit metadata about the container"
audit: ContainerAudit!
"Description for the container"
description: String
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Number of items in the container"
size: Int!
"Information about automatic synchronization of the container"
syncData: ContainerSyncData
"Audit information about the last synchronization of the container"
syncDataAudit: ContainerSyncDataAudit
}
"Payload of IPAddressRange container search"
type IpAddressRangeContainerSearchPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of IPAddressRange search query"
type IpAddressRangeContainerSearchIpAddressRangePayload {
"List of containers with members of type IPAddressRange"
containers: [IpAddressRangeContainer!]!
}
"Payload of AddValues operation on IPAddressRange typed container"
type IpAddressRangeContainerAddValuesPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of AddValues operation on IPAddressRange typed container"
type IpAddressRangeContainerRemoveValuesPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of CreateFromFile operation on IPAddressRange typed container"
type CreateIpAddressRangeContainerFromFilePayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of UpdateFromFile operation on IPAddressRange typed container"
type UpdateIpAddressRangeContainerFromFilePayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of CreateFromList operation on IPAddressRange typed container"
type CreateIpAddressRangeContainerFromListPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of UpdateFromList operation on IPAddressRange typed container"
type UpdateIpAddressRangeContainerFromListPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
type CreateIpAddressRangeContainerFromUrlPayload {
container: IpAddressRangeContainer!
}
type UpdateIpAddressRangeContainerFromUrlPayload {
container: IpAddressRangeContainer!
}
type SyncIpAddressRangeContainerFromUrlPayload {
container: IpAddressRangeContainer!
}
"Payload of download IPAddressRange typed container file"
type DownloadIpAddressRangeContainerFilePayload {
"Content of a file encoded in base64 format"
encodedFile: String!
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Input for creating IPAddressRange typed container from file"
input CreateIpAddressRangeContainerFromFileInput {
"Description for the container"
description: String!
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Name for the container"
name: String!
"Multipart file containing IPAddressRanges with fileType delimiter"
uploadFile: Upload
}
input CreateIpAddressRangeContainerFromListInput {
description: String!
name: String!
values: [IpAddressRangeInput!]! = []
}
"Input for updating existing IPAddressRange typed container from file"
input UpdateIpAddressRangeContainerFromFileInput {
"Description for the container"
description: String
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
"Multipart file containing IPAddressRanges with fileType delimiter"
uploadFile: Upload
}
input UpdateIpAddressRangeContainerFromListInput {
description: String!
ref: ContainerRefInput!
values: [IpAddressRangeInput!]
}
"Input for adding values to existing IPAddressRange typed container"
input IpAddressRangeContainerAddValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [IpAddressRangeInput!]! = []
}
"Input for removing values from existing IPAddressRange typed container"
input IpAddressRangeContainerRemoveValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [IpAddressRangeInput!]! = []
}
input CreateIpAddressRangeContainerFromUrlInput {
description: String! = ""
fileType: ContainerFileType! = CSV
name: String!
syncData: CreateContainerSyncDataInput!
}
input UpdateIpAddressRangeContainerFromUrlInput {
description: String
fileType: ContainerFileType = CSV
ref: ContainerRefInput!
syncData: UpdateContainerSyncDataInput
}
input SyncIpAddressRangeContainerFromUrlInput {
ref: ContainerRefInput!
}
"Filtering input to IPAddressRange container search"
input IpAddressRangeContainerSearchInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Input for searching IPAddressRange typed containers that contain a specific IPAddressRange"
input IpAddressRangeContainerSearchIpAddressRangeInput {
ipAddressRange: IpAddressRangeInput!
}
"Input for searching IPAddressRange typed container to download its content"
input DownloadIpAddressRangeContainerFileInput {
by: ObjectRefBy!
input: String!
}
type AccountSnapshot {
"""Unique Identifier of Account"""
id: ID
"Sites includes information about online as well as offline sites"
sites(
"""
List of Unique Site Identifiers. If specified, only sites in list will be returned
"""
siteIDs: [ID!]
ids: [Int!] @deprecated(reason: "by siteIDs")
): [SiteSnapshot!]
timestamp: DateTime
"VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested"
users(
"request specific IDs, regardless of if connected or not"
userIDs: [ID!]
ids: [Int!] @deprecated(reason: "by userIDs")
): [UserSnapshot!]
}
"""A general structure to contain IP detailed information"""
type IPInfo {
"""Geolocation city"""
city: String
"""Geolocation ISO country code"""
countryCode: String
"""Geolocation country name"""
countryName: String
"""IP address of the link"""
ip: String
"""Geolocation latitude for the ISP"""
latitude: Float
"""Geolocation longitude for the ISP"""
longitude: Float
"""ISP Internet provider"""
provider: String
"""Geolocation state"""
state: String
}
"""Basic information about socket"""
type SocketInfo {
"""Unique ID for Socket"""
id: String
"""
For HA configurations, when this boolean value is true, this the primary Socket
"""
isPrimary: Boolean
"""Shows Socket type"""
platform: SocketPlatform
"""Serial number for the Socket"""
serial: String
"""Software version number that is currently installed on the Socket"""
version: String
"""Timestamp when the Socket upgraded to the current hardware version"""
versionUpdateTime: DateTime
}
"""Basic IPSec configuration information"""
type IPSecInfo {
"""The source IP address for the IPsec tunnel in the Cato Cloud"""
catoIP: String
"""Shows 1 for IKEv1 and 2 for IKEv2"""
ikeVersion: Int
"""
For HA configurations, when this boolean value is true, this the primary IPsec firewall or routing device
"""
isPrimary: Boolean
"""The destination IP address for the IPsec tunnel (in the site)"""
remoteIP: String
"""List of tunnels configured on the device"""
tunnelConfig: [TunnelConfig!]!
}
type TunnelConfig {
"""The Local ID of the IPsec tunnel, specific to this tunnel"""
localId: String
"""Unique identifier for each tunnel"""
tunnelId: String
"""
The destination IP address for the IPsec tunnel (in the site), specific to this tunnel
"""
tunnelRemoteIdentifier: String
}
"""Basic Socket Interface configuration information"""
type InterfaceInfo {
"""The destination type configured to the Socket interface"""
destType: String
"""
Maximum allowed bandwidth for traffic on this port, from the Cato Cloud to the site
"""
downstreamBandwidth: Int
"""
Maximum allowed bandwidth for traffic on this port in MBPS with single decimal point, from the Cato Cloud to the site
"""
downstreamBandwidthMbpsPrecision: Float @beta
"""ID for the Socket port in the Socket WebUI Monitor tab"""
id: ID!
"""Name for the port in the Cato Management Application"""
name: String
"""
Maximum allowed bandwidth on this port, for traffic from the site to the Cato Cloud
"""
upstreamBandwidth: Int
"""
Maximum allowed bandwidth on this port in MBPS with single decimal point, for traffic from the site to the Cato Cloud
"""
upstreamBandwidthMbpsPrecision: Float @beta
"""Role for the WAN interface"""
wanRole: SocketInterfaceWanRole @beta
}
"""Basic Site configuration information"""
type SiteInfo {
"""Address of the physical site location"""
address: String
"""City of the physical site location"""
cityName: String
"""
The Connection Type field defines how the site connects to the Cato Cloud, such as X1500 Socket or AWS vSocket (array with nested fields)
"""
connType: ProtoType
"""Code for the Country that is the physical location of the site"""
countryCode: String
"""Country that is the physical location of the site"""
countryName: String
"""State of the country that is the physical site location"""
countryStateName: String
"""Timestamp for when the site was created"""
creationTime: DateTime
"""User defined description of the site"""
description: String
"""Basic configuration information about the Socket interface"""
interfaces: [InterfaceInfo!]
"""data related to IPsec sites, such as IKE version"""
ipsec: [IPSecInfo!]
"""
When this boolean value is true, the site is enabled for high availability
"""
isHA: Boolean
"""Name for the site"""
name: String
"""Geographical PoP region that the site is licensed to use"""
region: String
"""
Data related to Socket and vSocket sites, such as serial number and Socket version (array with nested fields)
"""
sockets: [SocketInfo!]
"""
Site type in the Cato Management Application, such as branch office or datacenter
"""
type: SiteType
}
"""Basic Site Ha readiness information"""
type HaStatus {
keepalive: HaSubStatus
readiness: HaReadiness
socketVersion: HaSubStatus
wanConnectivity: HaSubStatus
}
"Basic User configuration information"
type UserInfo {
"Additional authentication mechanism, currently MFA or NONE"
authMethod: String
"""Timestamp when the VPN user was created in the account"""
creationTime: DateTime
"""Email address of the VPN user"""
email: String
"""Name of the VPN user"""
name: String
"User creation mechanism, current supported REGULAR or LDAP"
origin: String
"""Phone number for the VPN user"""
phoneNumber: String
"""Status of the Client as the type STRING"""
status: OperationalStatus
}
type RecentConnection {
"""Serial number for the Device"""
deviceName: String
"The duration of the connection"
duration: Int
"""Name for the port in the Cato Management Application"""
interfaceName: String
"The last time this connection was detected (so lastConnected - duration is the start of the connection"
lastConnected: DateTime
"The name of the PoP that the traffic flow was connected to"
popName: String
"""IP address the ISP allocates to the WAN link"""
remoteIP: String
"""
IP address, ISP, and geographical information related to the PoP that the traffic flow was connected to
"""
remoteIPInfo: IPInfo
}
type InterfaceLinkState {
"""Shows the duplex mode for the link"""
duplex: String
"""Indicates if the WAN interface has an IP address"""
hasAddress: Boolean
"""Indicates if the interface is connected to the Internet"""
hasInternet: Boolean
"""Indicates if a connection has been established with the Cato Cloud"""
hasTunnel: Boolean
"""The ID for the specific Socket port, for example LAN1 or LAN2"""
id: ID
"""Shows the maximum bandwidth configured for the link"""
linkSpeed: String
"""Indicates if there is a physical connection to the port"""
mediaIn: Boolean
"""When this boolean value is true, then the link for the port is up"""
up: Boolean
}
type DeviceSnapshot {
"""
A boolean value that indicates if the site is connected to the Cato Cloud
"""
connected: Boolean
"""For connected devices (this somewhat overlaps to last duration)"""
connectedSince: DateTime
"""Indicates the Socket uptime"""
deviceUptime: Int
"""
Shows if this is the primary or secondary Socket in high availability mode
"""
haRole: String
"""Unique internal Cato ID for the Socket"""
id: ID
"""Unique identifier for the device"""
identifier: String
"""Snapshot data for outbound facing interfaces"""
interfaces: [InterfaceSnapshot!]
"""
Information of the link state of various interfaces in the devices. Unlike the `interfacess` field, it contains
all links of the device, not just the outbound facing ones
"""
interfacesLinkState: [InterfaceLinkState!]
"""Device's internal IP in the account's routing table"""
internalIP: String
"""The last time the device was seen"""
lastConnected: DateTime
"""
The uptime of the last tunnel from this device (or current), in seconds
"""
lastDuration: Int
"""The ID of the PoP that the Socket is connected to"""
lastPopID: Int
"""The PoP name that the Socket is connected to"""
lastPopName: String
"""The time the mfa cookie (for sdp users) was created"""
mfaCreationTime: Int
"""Shows the amount of time remaining before the MFA token expires"""
mfaExpirationTime: Int
"""Name of the device"""
name: String
"""Operating system of the Device."""
osType: String
"""Version of the Socket operating system"""
osVersion: String
"""Data related to the most recent completed traffic flows"""
recentConnections: [RecentConnection!]
"""Shows the release group for the site"""
releaseGroup: String
"""Shows data related to the Socket, such as version and serial number"""
socketInfo: SocketInfo
"""Shows the Socket model or vSocket type"""
type: String
"""Device version"""
version: String
"""Device major version"""
versionNumber: Int
}
type InterfaceSnapshot {
"""State of the BGP tunnel to the Cato Cloud"""
bgpState: BgpState
"""Information about cellular (LTE) interface"""
cellularInterfaceInfo: CellularInterface
"""Shows if the WAN link is connected to the PoP"""
connected: Boolean
"""Interface ID for the WAN link"""
id: ID
"""
data about the WAN link that is configured in the Socket Configuration window for the site
"""
info: InterfaceInfo
"""WAN link name in the Cato Management Application"""
name: String
"""Interface Natural order for WAN link"""
naturalOrder: Int
"""Physical WAN port on the Socket"""
physicalPort: Int
"""The name of the PoP that the WAN link is connected to"""
popName: String
"""
The ID of the PoP that the WAN link was connected to before the current one
"""
previousPopID: Int
"""
The name of the PoP that the WAN link was connected to before the current one
"""
previousPopName: String
"""
Reason that the tunnel required a new connection (for example, PoP or Socket restarted)
"""
tunnelConnectionReason: String
"""IP address of the WAN ISP"""
tunnelRemoteIP: String
"""IP address, ISP, and geographical information related to the WAN ISP"""
tunnelRemoteIPInfo: IPInfo
"""Number of seconds that the tunnel is connected to a PoP"""
tunnelUptime: Int
type: String @deprecated(reason: "No longer supported")
}
type Metrics {
"""total downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream: Float
"""total traffic for the site"""
bytesTotal: Float
"""total upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream: Float
"""total amount of time for the site data"""
duration: Int
"""
The number of flows (connections) in the tunnel. Relevant only for per site Metrics, ignored in per-interface
metrics.
"""
flowCount: Float
"""duration in seconds for a single metrics bucket"""
granularity: Int
"""
The number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics.
"""
hostCount: Float
"""
The configurable limit of the number of hosts in the tunnel. Relevant only for per site Metrics, ignored in
per-interface metrics.
"""
hostLimit: Float
"""
jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream: Float
"""
jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream: Float
"""number of packets lost for downstream traffic"""
lostDownstream: Float
"""percent of packet loss for downstream traffic"""
lostDownstreamPcnt: Float
"""number of packets lost for upstream traffic"""
lostUpstream: Float
"""percent of packet loss for upstream traffic"""
lostUpstreamPcnt: Float
"""total packets discarded for downstream traffic"""
packetsDiscardedDownstream: Float
"""total packets discarded for upstream traffic"""
packetsDiscardedUpstream: Float
"""total downstream packets"""
packetsDownstream: Float
"""total upstream packets"""
packetsUpstream: Float
"""round-trip time from the site to the Cato Cloud"""
rtt: Int
}
type CellularInterface {
"""
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch.
"""
apn: String
"""
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI).
"""
apnSelectionMethod: ApnMethod
"""
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out).
"""
disconnectionReason: CellularDisconnectionReason
"""Unique identifier (20-digit number) for the modem."""
iccid: String
"""Unique identifier (15-digit number) for a specific SIM."""
imei: String
"""
Indicates if the cellular modem is currently connected to the internet.
"""
isModemConnected: Boolean!
"""Indicates if the modem is currently suspended."""
isModemSuspended: Boolean!
"""Indicates whether roaming is enabled."""
isRoamingAllowed: Boolean!
"""Indicates whether a SIM is detected in the first slot."""
isSimSlot1Detected: Boolean!
"""Indicates whether a SIM is detected in the second slot."""
isSimSlot2Detected: Boolean!
"""
Represents the current status of the modem. Valid values are Error, OK, or Unknown.
"""
modemStatus: CellularModemStatus
"""2G, 3G, or 4G"""
networkType: CellularNetworkType
"""Displays the operator or carrier name, such as Verizon."""
operatorName: String
"""
Represents the signal strength of the cellular connection, in units of calculation.
"""
signalStrength: String
"""The phone number associated with the SIM."""
simNumber: String
"""
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default.
"""
simSlotId: Int
}
enum CellularNetworkType {
TYPE_2G
TYPE_3G
TYPE_4G
TYPE_UNKNOWN
}
enum SocketInterfaceWanRole {
NONE
WAN_1
WAN_2
WAN_3
WAN_4
}
enum CellularModemStatus {
STATUS_ERROR
STATUS_OK
STATUS_UNKNOWN
}
enum CellularDisconnectionReason {
REASON_NONE
REASON_TIMEOUT
}
enum ApnMethod {
METHOD_AUTO
METHOD_MANUAL
METHOD_UNKNOWN
}
enum HaReadiness {
not_ready
ready
}
enum HaSubStatus {
fail
ok
}
enum ConnectivityStatus {
"""Connected to the Cato Cloud"""
connected
"""Disconnected from the Cato Cloud"""
disconnected
}
enum OperationalStatus {
"""Passing traffic"""
active
"""Disabled in the Cato Management Application"""
disabled
"""License has expired for this site and you can't configure it"""
locked
"""After you create the site before it is connected to the Cato Cloud"""
new
"For VPN users only"
pending_code_generation
"For VPN users only"
pending_mfa_configuration
"For VPN users only"
pending_user_configuration
}
type UserSnapshot {
"""
In this state the client does not create its own connection, but reuses
the Office's socket connection
"""
connectedInOffice: Boolean
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"The host name of the device"
deviceName: String
"""Data related to the Client"""
devices: [DeviceSnapshot!]
"""VPN user ID"""
id: ID
"""General information about the VPN user"""
info: UserInfo
"""IP address of the PoP that the Client is connected to"""
internalIP: String
"Last time the user was connected (relevant if not currently connected)"
lastConnected: DateTime
"User name from configuration, same as info.name"
name: String
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""Operating system of the device the Client is running on"""
osType: String
"""Version of the operating system for the device"""
osVersion: String
"""ID of the PoP that the Client is connected to"""
popID: Int
"""Name of the PoP that the VPN user is connected to"""
popName: String
"""Data related to the most recent completed VPN connections"""
recentConnections: [RecentConnection!]
"""IP address of the Client"""
remoteIP: String
"""IP address, ISP, and geographical information related to the Client"""
remoteIPInfo: IPInfo
"How long has the user been connected (in seconds)"
uptime: Int
"VPN client version string"
version: String
"VPN client version number"
versionNumber: Int
}
type SiteSnapshot {
"""Alternative WAN connectivity status"""
altWanStatus: String
"""For connected sites, since when are they connected"""
connectedSince: DateTime
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"""Degraded status and details"""
degradedStatus: DegradedStatus
"""Data related to the Sockets for a site"""
devices: [DeviceSnapshot!]
"""Site HA readiness information"""
haStatus: HaStatus
"""Number of hosts connected to a site"""
hostCount: Int
"""site ID"""
id: ID
"""General real-time information about the site"""
info: SiteInfo
"""
Relevant when the site is disconnected - the last time the device was connected
"""
lastConnected: DateTime
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""Name of the PoP that the site is connected to"""
popName: String
protoId: ID
}
enum DegradedStatusReason {
ALT_WAN_DISCONNECTED
CROSS_CONNECT_CIRCUIT_DISCONNECTED
HA_NOT_READY_INCOMPATIBLE_MAJOR_SOCKET_VERSIONS
HA_NOT_READY_NO_KEEPALIVE
HA_NOT_READY_SOCKET_DISCONNECTED
IPSEC_MULTI_TUNNEL_TUNNEL_DISCONNECTED
IPSEC_TUNNEL_DISCONNECTED
LAN_DISCONNECTED
LAN_LAG_DISCONNECTED
LAN_LAG_MEMBER_DISCONNECTED
WAN_DISCONNECTED
WAN_TUNNEL_DISCONNECTED
}
type DegradedStatus {
degradedDetails: [DegradedDetail!]!
isDegraded: Boolean!
}
type DegradedDetail {
args: DegradedStatusArgs
reason: DegradedStatusReason!
}
union DegradedStatusArgs = DegradedStatusSocketVersionsArgs | DegradedStatusBasicDataArgs | DegradedStatusSocketArgs | DegradedStatusLastConnectedArgs | DegradedStatusMultiTunnelArgs
type DegradedStatusLastConnectedArgs {
lastConnectedDate: DateTime
}
type DegradedStatusBasicDataArgs {
deviceName: String!
lastConnectedDate: DateTime
}
type DegradedStatusSocketArgs {
deviceName: String!
lastConnectedDate: DateTime
portID: ID!
portName: String!
}
type DegradedStatusSocketVersionsArgs {
primaryVersion: String!
secondaryVersion: String!
}
type DegradedStatusMultiTunnelArgs {
deviceName: String!
lastConnectedDate: DateTime
tunnelID: ID!
tunnelName: String!
}
enum BgpState {
Active
Connect
Established
Idle
OpenConfirm
OpenSent
StateMAX
}
type CatalogQueries {
catalogApplication(input: ApplicationRefInput!): CatalogApplication @beta
catalogApplicationList(input: CatalogApplicationListInput!): CatalogApplicationListPayload @beta
contentTypeGroupList(input: CatalogApplicationContentTypeGroupListInput!): CatalogApplicationContentTypeGroupListPayload @beta
}
type SiteBackhaulingPayload {
destination: BackhaulingDestination
nextHopIP: IPAddress
preferredSocketPort: String
site: SiteRef!
useAsBackhaulingGW: Boolean!
}
type UpdateSiteBackhaulingPayload {
destination: BackhaulingDestination
nextHopIP: IPAddress
preferredSocketPort: String
site: SiteRef!
useAsBackhaulingGW: Boolean!
}
enum BackhaulingDestination {
INTERNET_BREAKOUT
LOCAL_GATEWAY_IP
}
input UpdateSiteBackhaulingInput {
destination: BackhaulingDestination
nextHopIP: IPAddress
preferredSocketPort: String
site: SiteRefInput!
useAsBackhaulingGW: Boolean
}
enum AppStatsFieldName {
"Account ID. CMA Name: Account ID"
account_id
"Account name. CMA Name: Account Name"
account_name
"Active Directory name. CMA Name: Ad Name"
ad_name
"AI Proxy rule name. CMA Name: AI Proxy Rule Name"
ai_proxy_rule_name
"Application ID of the flow, in legacy format. CMA Name: Appid"
app @deprecated(reason: "use application_id instead. Planned end-of-life (EoL) date: June 30, 2026.")
"The application identifier. CMA Name: Application"
application @deprecated(reason: "use application_name instead. Planned end-of-life (EoL) date: June 30, 2026.")
"Description of the application. CMA Name: Application Description"
application_description
"Application ID of the flow. CMA Name: Application ID"
application_id
"Application of the flow. CMA Name: Application Name"
application_name
"Application risk level based on the application risk score. CMA Name: Application Risk Level"
application_risk_level
"Risk score of the application, based on Cato's risk assessment. CMA Name: Application Risk Score"
application_risk_score
"Application type (Custom, Private or System). CMA Name: Application Type"
application_type
"Cato system category. CMA Name: Categories"
categories
"Cato system category of the application. CMA Name: Category"
category @deprecated(reason: "use categories instead. Planned end-of-life (EoL) date: June 30, 2026.")
"Type of process generating this traffic. CMA Name: Client Class"
client_class
"Socket or SDP Client version. CMA Name: Client Version"
client_version
"For hosts configured with a static IP in the Cato Management Application, the host name. CMA Name: Configured Host Name"
configured_host_name
"Connection Origin. CMA Name: Connection Origin"
connection_origin
"Application description. CMA Name: Description"
description @deprecated(reason: "use application_description instead. Planned end-of-life (EoL) date: June 30, 2026.")
"For Internet traffic, country where the destination host is located. CMA Name: Destination Country"
dest_country
"For Internet traffic, destination host IP address. CMA Name: Dest Ip"
dest_ip
"For WAN traffic, destination is site or SDP user. CMA Name: Dest Is Site Or Vpn"
dest_is_site_or_vpn
"Destination port. CMA Name: Destination Port"
dest_port
"Destination Site or VPN user ID (proto). CMA Name: Dest Site"
dest_site
"Unique internal Cato ID for the destination site or remote user. CMA Name: Dest Site ID"
dest_site_id
"For Internet traffic, destination host IP address. CMA Name: Dest Site Name"
dest_site_name
"Device Categories. CMA Name: Device Category"
device_categories
"Unique Cato ID for devices. CMA Name: Device ID"
device_id
"Device Manufacturer. CMA Name: Device Manufacturer"
device_manufacturer
"Device Model. CMA Name: Device Model"
device_model
"Name for device related to the traffic. CMA Name: Device Name"
device_name
"Device OS Type. CMA Name: Device OS Type"
device_os_type
"Device posture profiles. CMA Name: Device Posture Profile"
device_posture_profile
"Device Type. CMA Name: Device Type"
device_type
"Total SaaS apps discovered ever until the To in the timeframe. CMA Name: Discovered App"
discovered_app
"Domain name. CMA Name: Domain Name"
domain @deprecated(reason: "use tld instead. Planned end-of-life (EoL) date: July 1, 2026.")
"Bytes sent from the destination to the host. CMA Name: Downstream"
downstream
"Duration of the flow in ms. Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API."
duration
"Egress PoP Name. CMA Name: Egress PoP Name"
egress_pop_name
"Egress Site Name for backhauling traffic. CMA Name: Egress Site"
egress_site_name
"Uniquely identifies a traffic flow and enables correlation of events and other records related to the same flow. Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API."
flow_id
"Time stamp of the flow start (Linux epoch format). Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API."
flow_start_time
"Number of flows created for this event. CMA Name: Flows Created"
flows_created
"Full path URL application activity. CMA Name: Full Path URL"
full_path_url
"IP address of host related to event. CMA Name: Host IP"
host_ip
"MAC address of host related to event. CMA Name: Host MAC Address"
host_mac
"Country of the application headquarters. CMA Name: Hq Location"
hq_location
"HTTP request method (ie. Get, Post). CMA Name: Request Method"
http_request_method
"Local IP address of the host. CMA Name: Local Ip"
ip @deprecated(reason: "use src_ip/dest_ip instead. Planned end-of-life (EoL) date: July 1, 2026.")
"Network protocol for this event. CMA Name: IP Protocol"
ip_protocol
"Is the application a cloud application? (True/False). CMA Name: Is Cloud App"
is_cloud_app
"Is last sample for flow. Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API."
is_flow_terminated
"Is the app for this event defined as a sanctioned app? (True/False). CMA Name: Is Sanctioned App"
is_sanctioned_app
"The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically). CMA Name: ISP Name"
ISP_name
"Matched network rule. CMA Name: Network Rule"
network_rule
"new_app. CMA Name: New App"
new_app
"OS version for the device (such as 14.3.0). CMA Name: OS Version"
os_version
"Name of PoP location. CMA Name: Pop Name"
pop_name
"QoS Priority value. CMA Name: QoS Priority"
qos_priority
"risk_level. CMA Name: Risk Level"
risk_level @deprecated(reason: "use application_risk_level instead. Planned end-of-life (EoL) date: June 30, 2026.")
"The application risk score assigned by Cato. CMA Name: Risk Score"
risk_score @deprecated(reason: "use application_risk_score instead. Planned end-of-life (EoL) date: June 30, 2026.")
"Is the application defined as sanctioned?. CMA Name: Sanctioned"
sanctioned @deprecated(reason: "use is_sanctioned_app instead. Planned end-of-life (EoL) date: June 30, 2026.")
"Country in which the source host is located. CMA Name: Site Country"
site_country
"State in which the source host is located. CMA Name: Site State"
site_state
"Name for Socket interface. CMA Name: Socket Interface"
socket_interface
"Country in which the source host is located (detected via public IP address). CMA Name: Source Country"
src_country
"Country Code of country in which the source host is located (detected via public IP address). CMA Name: Source Country Code"
src_country_code
"IP for host or Cato Client. CMA Name: Src Ip"
src_ip
"Source type: site or remote user. CMA Name: Src Is Site Or Vpn"
src_is_site_or_vpn
"IP address provided by ISP to site or Client. CMA Name: Source ISP IP"
src_isp_ip
"Internal port number. CMA Name: Source Port"
src_port
"Site country code alpha2. CMA Name: Src Site Country Code"
src_site_country_code
"Unique internal Cato ID for the site or remote user. CMA Name: Src Site ID"
src_site_id
"Source site or remote user. CMA Name: Src Site Name"
src_site_name
"Site state code. CMA Name: Src Site State"
src_site_state
"Name of subnet as defined in Cato Management Application. CMA Name: Subnet"
subnet @deprecated(reason: "use subnet_name instead. Planned end-of-life (EoL) date: June 30, 2026.")
"Name of subnet as defined in Cato Management Application. CMA Name: Subnet Name"
subnet_name
"Shows if traffic was TCP accelerated or not. CMA Name: TCP Acceleration"
tcp_acceleration
"Time stamp of the flow update (Human-readable format). Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API."
time_str
"Top Level Domain of the host name. CMA Name: Tld"
tld
"Shows if traffic was TLS inspected or not. CMA Name: TLS Inspection"
tls_inspection
"TLS Inspection rule name. CMA Name: TLS Rule Name"
tls_rule_name
"The total sum of upstream and downstream data in bytes. CMA Name: Traffic"
traffic
"Direction of network traffic for this event, values are inbound or outbound. CMA Name: Traffic Direction"
traffic_direction
"Translated Client IP. CMA Name: Translated Client IP"
translated_client_ip
"Translated Server IP. CMA Name: Translated Server IP"
translated_server_ip
"Bytes sent from the host to the destination. CMA Name: Upstream"
upstream
"Method used to get identity with User Awareness (such as Identity Agent). CMA Name: User Awareness Method"
user_awareness_method
"User ID. CMA Name: User ID"
user_id
"User that generated the event. CMA Name: User Name"
user_name
"User’s email address. CMA Name: SDP User Email"
vpn_user_email
"User ID. CMA Name: Vpn User ID"
vpn_user_id @deprecated(reason: "use user_id instead. Planned end-of-life (EoL) date: June 30, 2026.")
}
type CatalogApplicationContentType {
id: ID!
name: String!
}
type CatalogApplicationContentTypeGroup {
contentType: [CatalogApplicationContentType!]!
id: ID!
name: String!
}
input CatalogApplicationContentTypeGroupListInput {
filter: [CatalogApplicationContentTypeGroupFilterInput!]
paging: PagingInput = {limit: 100, from: 0}
sort: CatalogApplicationContentTypeGroupSortInput
}
input CatalogApplicationContentTypeGroupSortInput {
name: SortOrderInput
}
input CatalogApplicationListInput {
filter: [CatalogApplicationFilterInput!]
paging: PagingInput = {limit: 100, from: 0}
sort: CatalogApplicationSortInput
}
input CatalogApplicationContentTypeGroupFilterInput {
contentType: [CatalogApplicationContentTypeFilterInput!]
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CatalogApplicationContentTypeFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CatalogApplicationFilterInput {
activity: [CatalogApplicationActivityFilterInput!]
capability: [CatalogApplicationCapabilityFilterInput!]
category: [CatalogApplicationCategoryFilterInput!]
"""Free-text search across name, activity and activity fields """
freeText: FreeTextFilterInput
id: [IdFilterInput!]
name: [StringFilterInput!]
originCountry: [StringFilterInput!]
recentlyAdded: [BooleanFilterInput!]
risk: [IntFilterInput!]
tenantActivity: [BooleanFilterInput!]
type: [CatalogApplicationTypeFilterInput!]
}
input CatalogApplicationTypeFilterInput {
eq: CatalogApplicationType
in: [CatalogApplicationType!]
neq: CatalogApplicationType
nin: [CatalogApplicationType!]
}
input CatalogApplicationCapabilityFilterInput {
hasAny: [CatalogApplicationCapability!]
}
input CatalogApplicationCategoryFilterInput {
hasAny: [ApplicationCategoryRefInput!]
}
input CatalogApplicationActivityFilterInput {
hasAny: [CatalogApplicationActivityRefInput!]
}
input CatalogApplicationActivityRefInput {
by: ObjectRefBy! = ID
input: String!
}
input CatalogApplicationSortInput {
category: CatalogApplicationCategorySortInput
description: SortOrderInput
name: SortOrderInput
risk: SortOrderInput
type: SortOrderInput
}
input CatalogApplicationCategorySortInput {
name: SortOrderInput
}
enum CatalogApplicationType {
APPLICATION
CLOUD_APPLICATION
SERVICE
}
type CatalogApplicationContentTypeGroupListPayload {
contentTypeGroup: [CatalogApplicationContentTypeGroup!]!
pageInfo: PageInfo!
}
type CatalogApplicationListPayload {
application: [CatalogApplication!]!
pageInfo: PageInfo!
}
type CatalogApplicationActivityField {
id: ID!
name: String!
possibleOperators: [CatalogApplicationActivityFieldOperator!]!
possibleValues: [String!]!
}
enum CatalogApplicationActivityFieldOperator {
CONTAINS
GREATER_THAN
IN
IS
LESS_EQUALS
}
type CatalogApplicationActivity {
fields: [CatalogApplicationActivityField!]!
id: ID!
name: String!
}
enum CatalogApplicationAttribute {
SUPPORTED
UNKNOWN
UNSUPPORTED
}
enum CatalogApplicationCapability {
AI_SECURITY_API_INTEGRATION
AI_SECURITY_BROWSER_PLUGIN
AI_SECURITY_NETWORK_PROXY
ANTI_MALWARE_INLINE
APP_CONTROL_API
APP_CONTROL_INLINE
DATA_PROTECTION_API
DATA_PROTECTION_INLINE
FILE_CONTROL_INLINE
FIREWALL_INTLINE
LAN_FIREWALL
}
type CatalogApplicationComplianceAttributes {
c5Attestation: CatalogApplicationAttribute
cjis: CatalogApplicationAttribute
cobit: CatalogApplicationAttribute
coppa: CatalogApplicationAttribute
csaStar: CatalogApplicationAttribute
cyberEssentialsPlusUk: CatalogApplicationAttribute
euUsDataPrivacyFramework: CatalogApplicationAttribute
fedRamp: CatalogApplicationAttribute
ferpa: CatalogApplicationAttribute
ffiec: CatalogApplicationAttribute
finra: CatalogApplicationAttribute
fisma: CatalogApplicationAttribute
gapp: CatalogApplicationAttribute
gdpr: CatalogApplicationAttribute
glba: CatalogApplicationAttribute
hippa: CatalogApplicationAttribute!
hitrustCsf: CatalogApplicationAttribute
isae3402: CatalogApplicationAttribute!
iso27001: CatalogApplicationAttribute!
iso27002: CatalogApplicationAttribute
iso27017: CatalogApplicationAttribute
iso27018: CatalogApplicationAttribute
iso9000: CatalogApplicationAttribute
iso9001: CatalogApplicationAttribute
itar: CatalogApplicationAttribute
japanPrivacyMark: CatalogApplicationAttribute
jerichoForumCommandments: CatalogApplicationAttribute
nistSp80053: CatalogApplicationAttribute
pciDss: CatalogApplicationAttribute!
soc1: CatalogApplicationAttribute!
soc2: CatalogApplicationAttribute!
soc3: CatalogApplicationAttribute!
sox: CatalogApplicationAttribute!
trustArcPrivacy: CatalogApplicationAttribute
}
enum CatalogApplicationDataRetentionPolicy {
CONFIGURABLE_BY_USER
DAYS_1_30
DELETION_UPON_REQUEST
MONTHS_1_12
MORE_THAN_1_YEAR
UNKNOWN
WHILE_ACCOUNT_IS_ACTIVE
}
enum CatalogApplicationDataDeletionPolicy {
AFTER_ACCOUNT_DELETION
IMMEDIATE_ON_REQUEST
MORE_THAN_90_DAYS
NOT_OFFERED
UNKNOWN
WITHIN_30_DAYS
WITHIN_90_DAYS
}
enum CatalogApplicationDataOwnership {
CUSTOMER_OWNS_DATA
SHARED_OWNERSHIP
UNKNOWN
VENDOR_OWNS_DATA
}
enum CatalogApplicationEncryptionStrengthAtRest {
ENCRYPTION_128_BIT
ENCRYPTION_192_BIT
ENCRYPTION_256_BIT
ENCRYPTION_GT_256_BIT
ENCRYPTION_NOT_DISCLOSED
ENCRYPTION_UNKNOWN
}
enum CatalogApplicationWeakCipherSupport {
DES_3
MULTIPLE_WEAK_CIPHERS
NONE
RC4
SHA_1
TLS_1_0_1_1
UNKNOWN
}
enum CatalogApplicationTlsVersionSupport {
TLS_1_1_OR_OLDER
TLS_1_2
TLS_1_2_PLUS
TLS_1_3
UNKNOWN
}
type CatalogApplicationSecurityAttributes {
auditTrail: CatalogApplicationAttribute!
dataDeletionPolicy: CatalogApplicationDataDeletionPolicy
dataOwnership: CatalogApplicationDataOwnership
dataRetentionPolicy: CatalogApplicationDataRetentionPolicy
dataSegregatedByTenant: CatalogApplicationAttribute
disasterRecovery: CatalogApplicationAttribute
encryptionAtRest: CatalogApplicationAttribute!
encryptionInTransit: CatalogApplicationAttribute
encryptionStrengthAtRest: CatalogApplicationEncryptionStrengthAtRest
httpSecurityHeaders: CatalogApplicationAttribute!
mfa: CatalogApplicationAttribute!
physicalDataCenterSecurity: CatalogApplicationAttribute
privacyPolicyUrl: String
rbac: CatalogApplicationAttribute!
rememberPassword: CatalogApplicationAttribute!
sso: CatalogApplicationAttribute!
termsOfUseCustomerProtectionUrl: String
tlsEnforcement: CatalogApplicationAttribute!
tlsVersionSupport: CatalogApplicationTlsVersionSupport
trustedCertificate: CatalogApplicationAttribute!
weakCipherSupport: CatalogApplicationWeakCipherSupport
}
type CatalogApplicationIdentityAccessManagementAttributes {
accessControlEnforcement: CatalogApplicationAttribute
ipBasedAccessRestrictions: CatalogApplicationAttribute
samlAuthentication: CatalogApplicationAttribute
}
enum EmployeeRange {
"1-10 employees"
BETWEEN_00001_00010
"11-50 employees"
BETWEEN_00011_00050
"51-100 employees"
BETWEEN_00051_00100
"101-250 employees"
BETWEEN_00101_00250
"251-500 employees"
BETWEEN_00251_00500
"501-1,000 employees"
BETWEEN_00501_01000
"1,001-5,000 employees"
BETWEEN_01001_05000
"5,001-10,000 employees"
BETWEEN_05001_10000
"10,000+ employees"
BETWEEN_10001_MAX
}
enum AiSecurityRisk {
CRITICAL
HIGH
LOW
MEDIUM
}
enum AiSecurityScope {
EMBEDDED
NATIVE
}
enum AiSecurityDataUsagePolicyType {
GENERAL_DATA_USAGE
NO_DATA_USAGE
NOT_MENTIONED
TRAINS_ON_DATA
}
type AiSecurityDataUsagePolicy {
description: String
reference: String
referenceType: String
referenceUrl: String
type: AiSecurityDataUsagePolicyType
}
type AiSecurityAttributes {
dataUsagePolicy: AiSecurityDataUsagePolicy
risk: AiSecurityRisk
scope: AiSecurityScope
}
type CatalogApplication {
activity: [CatalogApplicationActivity!]!
aiSecurity: AiSecurityAttributes
capability: [CatalogApplicationCapability!]!
category: [ApplicationCategoryRef!]!
city: String
complianceAttributes: CatalogApplicationComplianceAttributes!
description: String
descriptionSummary: String
id: ID!
identityAccessManagementAttributes: CatalogApplicationIdentityAccessManagementAttributes
ipoStatus: String
name: String!
numOfEmployees: EmployeeRange
originCountry: CountryRef
recentlyAdded: Boolean!
region: String
risk: ApplicationRisk
sanctioned: Boolean!
securityAttributes: CatalogApplicationSecurityAttributes!
standardPorts: [CustomService!]!
tenantActivity: [CatalogApplicationActivity!]!
type: CatalogApplicationType!
website: Url
}
"Allowed actions"
enum AppTenantRestrictionActionEnum {
"Do not inject any Headers nor Values for outgoing traffic"
BYPASS
"Inject Headers and Values for outgoing traffic"
INJECT_HEADERS
}
input AppTenantRestrictionAddRuleDataInput {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum! = INJECT_HEADERS
"Applications for the rule (pre-defined)"
application: ApplicationRefInput!
description: String! = ""
enabled: Boolean!
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValueInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum! = HIGH
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: [], country: []}
}
input AppTenantRestrictionAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: AppTenantRestrictionAddRuleDataInput!
}
"pair of header name and value"
type AppTenantRestrictionHeaderValue {
"Header to inject"
name: HttpHeaderName!
"Value to inject"
value: HttpHeaderValue!
}
"pair of header name and value"
input AppTenantRestrictionHeaderValueInput {
"Header to inject"
name: HttpHeaderName!
"Value to inject"
value: HttpHeaderValue!
}
type AppTenantRestrictionPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [AppTenantRestrictionRulePayload!]!
sections: [PolicySectionPayload!]!
}
input AppTenantRestrictionPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input AppTenantRestrictionPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type AppTenantRestrictionPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: AppTenantRestrictionPolicy
status: PolicyMutationStatus!
}
type AppTenantRestrictionPolicyMutations {
addRule(input: AppTenantRestrictionAddRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): AppTenantRestrictionPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): AppTenantRestrictionPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): AppTenantRestrictionPolicyMutationPayload! @beta
removeRule(input: AppTenantRestrictionRemoveRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: AppTenantRestrictionPolicyUpdateInput!): AppTenantRestrictionPolicyMutationPayload! @beta
updateRule(input: AppTenantRestrictionUpdateRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type AppTenantRestrictionPolicyQueries {
policy(input: AppTenantRestrictionPolicyInput): AppTenantRestrictionPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input AppTenantRestrictionPolicyUpdateInput {
state: PolicyToggleState
}
input AppTenantRestrictionRemoveRuleInput {
id: ID!
}
type AppTenantRestrictionRule implements IPolicyRule {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum!
"Applications for the rule (pre-defined)"
application: ApplicationRef!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValue!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSource!
}
type AppTenantRestrictionRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: AppTenantRestrictionRulePayload
status: PolicyMutationStatus!
}
type AppTenantRestrictionRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: AppTenantRestrictionRule!
}
"Severity options"
enum AppTenantRestrictionSeverityEnum {
"High severity"
HIGH
"Low severity"
LOW
"Medium severity"
MEDIUM
}
"Returns the settings for Source of an App Tenant Restriction rule"
type AppTenantRestrictionSource {
"Source country traffic matching criteria."
country: [CountryRef!]!
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an App Tenant Restriction rule"
input AppTenantRestrictionSourceInput {
"Source country traffic matching criteria."
country: [CountryRefInput!]! = []
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an App Tenant Restriction rule"
input AppTenantRestrictionSourceUpdateInput {
"Source country traffic matching criteria."
country: [CountryRefInput!]
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input AppTenantRestrictionUpdateRuleDataInput {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
description: String
enabled: Boolean
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValueInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSourceUpdateInput
}
input AppTenantRestrictionUpdateRuleInput {
id: ID!
rule: AppTenantRestrictionUpdateRuleDataInput!
}
"Access method matching configuration"
type ApplicationControlAccessMethod {
"Specifies the access method type"
accessMethod: ApplicationControlAccessMethodType!
"Defines the comparison operator"
operator: ApplicationControlOperator!
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRef
}
"Access method matching configuration"
input ApplicationControlAccessMethodInput {
"Specifies the access method type"
accessMethod: ApplicationControlAccessMethodType! = USER_AGENT
"Defines the comparison operator"
operator: ApplicationControlOperator! = IS
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRefInput
}
"Application Control Access Method Type"
enum ApplicationControlAccessMethodType {
"User agent identification method"
USER_AGENT
}
"Application Control Action"
enum ApplicationControlAction {
"Permit the action"
ALLOW
"Prevent the action"
BLOCK
"Log the action without enforcement"
MONITOR
}
"Configuration for application control action"
type ApplicationControlActionConfig {
"Defines the user notification template to display when the rule blocks access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRef!]!
}
"Configuration for application control action"
input ApplicationControlActionConfigInput {
"Defines the user notification template to display when the rule blocks access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRefInput!]! = []
}
"Configuration for application control action"
input ApplicationControlActionConfigUpdateInput {
"Defines the user notification template to display when the rule blocks access. Only a single element is allowed."
userNotification: [UserNotificationTemplateRefInput!]
}
"Activity matching configuration"
type ApplicationControlActivity {
"References the application control activity type"
activity: ApplicationControlActivityRef!
"References specific application control activity fields associated with the activity type"
field: ApplicationControlActivityFieldRef
"Defines the operator used for comparisons"
operator: ApplicationControlOperator
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRef
}
"Activity matching configuration"
input ApplicationControlActivityInput {
"References the application control activity type"
activity: ApplicationControlActivityRefInput!
"References specific application control activity fields associated with the activity type"
field: ApplicationControlActivityFieldRefInput
"Defines the operator used for comparisons"
operator: ApplicationControlOperator = IS
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRefInput
}
input ApplicationControlAddRuleDataInput {
"Defines application control settings. Must only be used when ruleType is APPLICATION"
applicationRule: ApplicationControlApplicationRuleInput = {application: {applicationType: []}, applicationActivitySatisfy: ANY, applicationActivity: [], applicationContext: {applicationTenant: []}, accessMethod: [], source: {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}, device: [], action: BLOCK, tracking: {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}, schedule: {activeOn: ALWAYS}, severity: HIGH, applicationCriteriaSatisfy: ANY, applicationCriteria: {attributes: {complianceAttributes: {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}, securityAttributes: {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}}, originCountry: [], risk: []}, actionConfig: {userNotification: []}}
"Defines data control settings. Must only be used when ruleType is DATA"
dataRule: ApplicationControlDataRuleInput = {application: {applicationType: []}, applicationContext: {applicationTenant: []}, applicationActivitySatisfy: ANY, applicationActivity: [], accessMethod: [], source: {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}, device: [], action: BLOCK, tracking: {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}, schedule: {activeOn: ALWAYS}, severity: HIGH, fileAttributeSatisfy: ANY, fileAttribute: [], dlpProfile: {contentProfile: [], edmProfile: []}, actionConfig: {userNotification: []}}
description: String! = ""
enabled: Boolean!
"Defines file control settings. Must only be used when ruleType is FILE"
fileRule: ApplicationControlFileRuleInput = {application: {applicationType: []}, applicationActivitySatisfy: ANY, applicationActivity: [], accessMethod: [], source: {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}, device: [], action: BLOCK, tracking: {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}, schedule: {activeOn: ALWAYS}, severity: HIGH, fileAttributeSatisfy: ANY, fileAttribute: [], actionConfig: {userNotification: []}}
name: String!
"""
Determines which rule configuration to use.
When set to APPLICATION, only applicationRule should be used.
When set to DATA, only dataRule should be used.
When set to FILE, only fileRule should be used
"""
ruleType: ApplicationControlRuleType! = APPLICATION
}
input ApplicationControlAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: ApplicationControlAddRuleDataInput!
}
"Application matching configuration. Only one of the following fields should be filled - the others must remain empty."
type ApplicationControlApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: ApplicationCategoryRef
"Applications for the rule (pre-defined)"
application: ApplicationRef
"Application types"
applicationType: [ApplicationType!]!
"Custom (user-defined) applications"
customApp: CustomApplicationRef
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: CustomCategoryRef
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: SanctionedAppsCategoryRef
}
"Application matching configuration. Only one of the following fields should be filled - the others must remain empty."
input ApplicationControlApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: ApplicationCategoryRefInput
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
"Application types"
applicationType: [ApplicationType!]! = []
"Custom (user-defined) applications"
customApp: CustomApplicationRefInput
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: CustomCategoryRefInput
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: SanctionedAppsCategoryRefInput
}
"Configuration for application-based control rules"
type ApplicationControlApplicationRule {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethod!]!
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction!
"Configuration for application control action"
actionConfig: ApplicationControlActionConfig!
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplication!
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivity!]!
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy!
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContext!
"Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets"
applicationCriteria: ApplicationControlCriteria!
"Determines whether ANY or ALL criteria must match"
applicationCriteriaSatisfy: ApplicationControlSatisfy!
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRef!]!
"Defines time periods when the rule is active"
schedule: PolicySchedule!
"Indicates the rule's severity level"
severity: ApplicationControlSeverity!
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSource!
"Specifies event logging and notification settings"
tracking: PolicyTracking!
}
"Configuration for application-based control rules"
input ApplicationControlApplicationRuleInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]! = []
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction! = BLOCK
"Configuration for application control action"
actionConfig: ApplicationControlActionConfigInput! = {userNotification: []}
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationInput! = {applicationType: []}
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]! = []
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy! = ANY
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextInput! = {applicationTenant: []}
"Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets"
applicationCriteria: ApplicationControlCriteriaInput! = {attributes: {complianceAttributes: {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}, securityAttributes: {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}}, originCountry: [], risk: []}
"Determines whether ANY or ALL criteria must match"
applicationCriteriaSatisfy: ApplicationControlSatisfy! = ANY
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]! = []
"Defines time periods when the rule is active"
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Indicates the rule's severity level"
severity: ApplicationControlSeverity! = HIGH
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceInput! = {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Specifies event logging and notification settings"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Configuration for application-based control rules"
input ApplicationControlApplicationRuleUpdateInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction
"Configuration for application control action"
actionConfig: ApplicationControlActionConfigUpdateInput
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationUpdateInput
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextUpdateInput
"Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets"
applicationCriteria: ApplicationControlCriteriaUpdateInput
"Determines whether ANY or ALL criteria must match"
applicationCriteriaSatisfy: ApplicationControlSatisfy
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]
"Defines time periods when the rule is active"
schedule: PolicyScheduleUpdateInput
"Indicates the rule's severity level"
severity: ApplicationControlSeverity
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceUpdateInput
"Specifies event logging and notification settings"
tracking: PolicyTrackingUpdateInput
}
"Application matching configuration. Only one of the following fields should be filled - the others must remain empty."
input ApplicationControlApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: ApplicationCategoryRefInput
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
"Application types"
applicationType: [ApplicationType!]
"Custom (user-defined) applications"
customApp: CustomApplicationRefInput
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: CustomCategoryRefInput
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: SanctionedAppsCategoryRefInput
}
"Attribute Value"
enum ApplicationControlAttributeValue {
"Any Value"
ANY
"Not Supported"
NOT_SUPPORTED
"Supported"
SUPPORTED
}
"Application attributes, such as compliance and security, see the app catalog for details"
type ApplicationControlAttributes {
"Compliance attributes"
complianceAttributes: ApplicationControlComplianceAttributes!
"Security attributes"
securityAttributes: ApplicationControlSecurityAttributes!
}
"Application attributes, such as compliance and security, see the app catalog for details"
input ApplicationControlAttributesInput {
"Compliance attributes"
complianceAttributes: ApplicationControlComplianceAttributesInput! = {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}
"Security attributes"
securityAttributes: ApplicationControlSecurityAttributesInput! = {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}
}
"Application attributes, such as compliance and security, see the app catalog for details"
input ApplicationControlAttributesUpdateInput {
"Compliance attributes"
complianceAttributes: ApplicationControlComplianceAttributesUpdateInput
"Security attributes"
securityAttributes: ApplicationControlSecurityAttributesUpdateInput
}
"Compliance attributes"
type ApplicationControlComplianceAttributes {
"HIPAA"
hippa: ApplicationControlAttributeValue!
"ISAE 3402"
isae3402: ApplicationControlAttributeValue!
"ISO 27001"
iso27001: ApplicationControlAttributeValue!
"PCI DSS"
pciDss: ApplicationControlAttributeValue!
"SOC 1"
soc1: ApplicationControlAttributeValue!
"SOC 2"
soc2: ApplicationControlAttributeValue!
"SOC 3"
soc3: ApplicationControlAttributeValue!
"SOX"
sox: ApplicationControlAttributeValue!
}
"Compliance attributes"
input ApplicationControlComplianceAttributesInput {
"HIPAA"
hippa: ApplicationControlAttributeValue! = ANY
"ISAE 3402"
isae3402: ApplicationControlAttributeValue! = ANY
"ISO 27001"
iso27001: ApplicationControlAttributeValue! = ANY
"PCI DSS"
pciDss: ApplicationControlAttributeValue! = ANY
"SOC 1"
soc1: ApplicationControlAttributeValue! = ANY
"SOC 2"
soc2: ApplicationControlAttributeValue! = ANY
"SOC 3"
soc3: ApplicationControlAttributeValue! = ANY
"SOX"
sox: ApplicationControlAttributeValue! = ANY
}
"Compliance attributes"
input ApplicationControlComplianceAttributesUpdateInput {
"HIPAA"
hippa: ApplicationControlAttributeValue
"ISAE 3402"
isae3402: ApplicationControlAttributeValue
"ISO 27001"
iso27001: ApplicationControlAttributeValue
"PCI DSS"
pciDss: ApplicationControlAttributeValue
"SOC 1"
soc1: ApplicationControlAttributeValue
"SOC 2"
soc2: ApplicationControlAttributeValue
"SOC 3"
soc3: ApplicationControlAttributeValue
"SOX"
sox: ApplicationControlAttributeValue
}
"Additional attributes for application control"
type ApplicationControlConfig {
"Data Control Enabled"
dataControlEnabled: PolicyToggleState!
}
input ApplicationControlConfigInput {
"Data Control Enabled"
dataControlEnabled: PolicyToggleState! = ENABLED
}
type ApplicationControlContext {
"Defines the name of the application tenant to which the policy rule applies"
applicationTenant: [ApplicationControlTenant!]!
}
input ApplicationControlContextInput {
"Defines the name of the application tenant to which the policy rule applies"
applicationTenant: [ApplicationControlTenantInput!]! = []
}
input ApplicationControlContextUpdateInput {
"Defines the name of the application tenant to which the policy rule applies"
applicationTenant: [ApplicationControlTenantInput!]
}
"Application criteria configuration"
type ApplicationControlCriteria {
"Application attributes, such as compliance and security, see the app catalog for details"
attributes: ApplicationControlAttributes!
"Application registered country of origin"
originCountry: [CountryRef!]!
"Application risk"
risk: [ApplicationControlRiskCriteria!]!
}
"Application criteria configuration"
input ApplicationControlCriteriaInput {
"Application attributes, such as compliance and security, see the app catalog for details"
attributes: ApplicationControlAttributesInput! = {complianceAttributes: {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}, securityAttributes: {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}}
"Application registered country of origin"
originCountry: [CountryRefInput!]! = []
"Application risk"
risk: [ApplicationControlRiskCriteriaInput!]! = []
}
"Application criteria configuration"
input ApplicationControlCriteriaUpdateInput {
"Application attributes, such as compliance and security, see the app catalog for details"
attributes: ApplicationControlAttributesUpdateInput
"Application registered country of origin"
originCountry: [CountryRefInput!]
"Application risk"
risk: [ApplicationControlRiskCriteriaInput!]
}
"Configuration for data-based control rules"
type ApplicationControlDataRule {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethod!]!
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction!
"Configuration for application control action"
actionConfig: ApplicationControlActionConfig
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplication!
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivity!]!
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy!
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContext!
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRef!]!
"Specifies DLP profile matching criteria with OR logic within sets and AND between sets"
dlpProfile: ApplicationControlDlpProfile!
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttribute!]!
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy!
"Defines time periods when the rule is active"
schedule: PolicySchedule!
"Indicates the rule's severity level"
severity: ApplicationControlSeverity!
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSource!
"Specifies event logging and notification settings"
tracking: PolicyTracking!
}
"Configuration for data-based control rules"
input ApplicationControlDataRuleInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]! = []
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction! = BLOCK
"Configuration for application control action"
actionConfig: ApplicationControlActionConfigInput = {userNotification: []}
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationInput! = {applicationType: []}
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]! = []
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy! = ANY
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextInput! = {applicationTenant: []}
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]! = []
"Specifies DLP profile matching criteria with OR logic within sets and AND between sets"
dlpProfile: ApplicationControlDlpProfileInput! = {contentProfile: [], edmProfile: []}
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]! = []
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy! = ANY
"Defines time periods when the rule is active"
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Indicates the rule's severity level"
severity: ApplicationControlSeverity! = HIGH
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceInput! = {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Specifies event logging and notification settings"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Configuration for data-based control rules"
input ApplicationControlDataRuleUpdateInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction
"Configuration for application control action"
actionConfig: ApplicationControlActionConfigUpdateInput
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationUpdateInput
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextUpdateInput
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]
"Specifies DLP profile matching criteria with OR logic within sets and AND between sets"
dlpProfile: ApplicationControlDlpProfileUpdateInput
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy
"Defines time periods when the rule is active"
schedule: PolicyScheduleUpdateInput
"Indicates the rule's severity level"
severity: ApplicationControlSeverity
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceUpdateInput
"Specifies event logging and notification settings"
tracking: PolicyTrackingUpdateInput
}
"DLP profile configuration"
type ApplicationControlDlpProfile {
"References DLP content matching profiles"
contentProfile: [DlpContentProfileRef!]!
"References DLP exact data matching profiles"
edmProfile: [DlpEdmProfileRef!]!
}
"DLP profile configuration"
input ApplicationControlDlpProfileInput {
"References DLP content matching profiles"
contentProfile: [DlpContentProfileRefInput!]! = []
"References DLP exact data matching profiles"
edmProfile: [DlpEdmProfileRefInput!]! = []
}
"DLP profile configuration"
input ApplicationControlDlpProfileUpdateInput {
"References DLP content matching profiles"
contentProfile: [DlpContentProfileRefInput!]
"References DLP exact data matching profiles"
edmProfile: [DlpEdmProfileRefInput!]
}
"File attribute matching configuration"
type ApplicationControlFileAttribute {
"Specifies the content types groups (used only with Content Type attribute)"
contentTypeGroupValues: [ApplicationControlContentTypeGroupRef!]!
"Specifies the content types (used only with Content Type attribute)"
contentTypeValues: [ApplicationControlContentTypeRef!]!
"Specifies the file attribute type"
fileAttribute: ApplicationControlFileAttributeType!
"Defines the comparison operator"
operator: ApplicationControlOperator!
"Specifies the comparison value (used with all attributes except Content Type)"
value: String
}
"File attribute matching configuration"
input ApplicationControlFileAttributeInput {
"Specifies the content types groups (used only with Content Type attribute)"
contentTypeGroupValues: [ApplicationControlContentTypeGroupRefInput!]! = []
"Specifies the content types (used only with Content Type attribute)"
contentTypeValues: [ApplicationControlContentTypeRefInput!]! = []
"Specifies the file attribute type"
fileAttribute: ApplicationControlFileAttributeType! = CONTENT_TYPE
"Defines the comparison operator"
operator: ApplicationControlOperator! = IS
"Specifies the comparison value (used with all attributes except Content Type)"
value: String
}
"Application Control File Attribute Type"
enum ApplicationControlFileAttributeType {
"File encryption status"
CONTENT_IS_ENCRYPTED
"File Size"
CONTENT_SIZE
"File type classification"
CONTENT_TYPE
}
"Configuration for file-based control rules"
type ApplicationControlFileRule {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethod!]!
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction!
"Configuration for application control action"
actionConfig: ApplicationControlActionConfig
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplication!
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivity!]!
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy!
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRef!]!
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttribute!]!
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy!
"Defines time periods when the rule is active"
schedule: PolicySchedule!
"Indicates the rule's severity level"
severity: ApplicationControlSeverity!
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSource!
"Specifies event logging and notification settings"
tracking: PolicyTracking!
}
"Configuration for file-based control rules"
input ApplicationControlFileRuleInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]! = []
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction! = BLOCK
"Configuration for application control action"
actionConfig: ApplicationControlActionConfigInput = {userNotification: []}
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationInput! = {applicationType: []}
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]! = []
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy! = ANY
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]! = []
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]! = []
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy! = ANY
"Defines time periods when the rule is active"
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Indicates the rule's severity level"
severity: ApplicationControlSeverity! = HIGH
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceInput! = {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Specifies event logging and notification settings"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Configuration for file-based control rules"
input ApplicationControlFileRuleUpdateInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction
"Configuration for application control action"
actionConfig: ApplicationControlActionConfigUpdateInput
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationUpdateInput
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy
"Defines time periods when the rule is active"
schedule: PolicyScheduleUpdateInput
"Indicates the rule's severity level"
severity: ApplicationControlSeverity
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceUpdateInput
"Specifies event logging and notification settings"
tracking: PolicyTrackingUpdateInput
}
"Application Control Operator"
enum ApplicationControlOperator {
"Substring match comparison"
CONTAINS
"Numerical greater than comparison"
GREATER_THAN
"Set membership comparison"
IN
"Exact match comparison"
IS
"Numerical less than or equal comparison"
LESS_THAN_OR_EQUAL
}
type ApplicationControlPolicy implements IPolicy {
additionalAttributes: ApplicationControlConfig
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [ApplicationControlRulePayload!]!
sections: [PolicySectionPayload!]!
}
input ApplicationControlPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input ApplicationControlPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type ApplicationControlPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: ApplicationControlPolicy
status: PolicyMutationStatus!
}
type ApplicationControlPolicyMutations {
addRule(input: ApplicationControlAddRuleInput!): ApplicationControlRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): ApplicationControlPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): ApplicationControlPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): ApplicationControlRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): ApplicationControlPolicyMutationPayload! @beta
removeRule(input: ApplicationControlRemoveRuleInput!): ApplicationControlRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: ApplicationControlPolicyUpdateInput!): ApplicationControlPolicyMutationPayload! @beta
updateRule(input: ApplicationControlUpdateRuleInput!): ApplicationControlRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type ApplicationControlPolicyQueries {
policy(input: ApplicationControlPolicyInput): ApplicationControlPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input ApplicationControlPolicyUpdateInput {
additionalAttributes: ApplicationControlConfigInput
state: PolicyToggleState
}
input ApplicationControlRemoveRuleInput {
id: ID!
}
"Application risk"
type ApplicationControlRiskCriteria {
"Application risk"
risk: ApplicationRisk!
"Application risk operator"
riskOperator: ApplicationControlOperator!
}
"Application risk"
input ApplicationControlRiskCriteriaInput {
"Application risk"
risk: ApplicationRisk!
"Application risk operator"
riskOperator: ApplicationControlOperator! = IS
}
type ApplicationControlRule implements IPolicyRule {
"Defines application control settings. Must only be used when ruleType is APPLICATION"
applicationRule: ApplicationControlApplicationRule
"Defines data control settings. Must only be used when ruleType is DATA"
dataRule: ApplicationControlDataRule
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Defines file control settings. Must only be used when ruleType is FILE"
fileRule: ApplicationControlFileRule
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Determines which rule configuration to use.
When set to APPLICATION, only applicationRule should be used.
When set to DATA, only dataRule should be used.
When set to FILE, only fileRule should be used
"""
ruleType: ApplicationControlRuleType!
"Policy section where the rule is located"
section: PolicySectionInfo!
}
type ApplicationControlRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: ApplicationControlRulePayload
status: PolicyMutationStatus!
}
type ApplicationControlRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: ApplicationControlRule!
}
"Application Control Rule Type"
enum ApplicationControlRuleType {
"Specifies an application control rule"
APPLICATION
"Specifies an data control rule"
DATA
"Specifies an file control rule"
FILE
}
"Application Control Satisfy"
enum ApplicationControlSatisfy {
"Match only if all criteria are met"
ALL
"Match if any criteria are met"
ANY
}
"Security attributes"
type ApplicationControlSecurityAttributes {
"Audit trail"
auditTrail: ApplicationControlAttributeValue!
"Encryption at rest"
encryptionAtRest: ApplicationControlAttributeValue!
"Http security headers"
httpSecurityHeaders: ApplicationControlAttributeValue!
"MFA"
mfa: ApplicationControlAttributeValue!
"RBAC"
rbac: ApplicationControlAttributeValue!
"Remember password"
rememberPassword: ApplicationControlAttributeValue!
"SSO"
sso: ApplicationControlAttributeValue!
"TLS enforcement"
tlsEnforcement: ApplicationControlAttributeValue!
"Trusted certificate"
trustedCertificate: ApplicationControlAttributeValue!
}
"Security attributes"
input ApplicationControlSecurityAttributesInput {
"Audit trail"
auditTrail: ApplicationControlAttributeValue! = ANY
"Encryption at rest"
encryptionAtRest: ApplicationControlAttributeValue! = ANY
"Http security headers"
httpSecurityHeaders: ApplicationControlAttributeValue! = ANY
"MFA"
mfa: ApplicationControlAttributeValue! = ANY
"RBAC"
rbac: ApplicationControlAttributeValue! = ANY
"Remember password"
rememberPassword: ApplicationControlAttributeValue! = ANY
"SSO"
sso: ApplicationControlAttributeValue! = ANY
"TLS enforcement"
tlsEnforcement: ApplicationControlAttributeValue! = ANY
"Trusted certificate"
trustedCertificate: ApplicationControlAttributeValue! = ANY
}
"Security attributes"
input ApplicationControlSecurityAttributesUpdateInput {
"Audit trail"
auditTrail: ApplicationControlAttributeValue
"Encryption at rest"
encryptionAtRest: ApplicationControlAttributeValue
"Http security headers"
httpSecurityHeaders: ApplicationControlAttributeValue
"MFA"
mfa: ApplicationControlAttributeValue
"RBAC"
rbac: ApplicationControlAttributeValue
"Remember password"
rememberPassword: ApplicationControlAttributeValue
"SSO"
sso: ApplicationControlAttributeValue
"TLS enforcement"
tlsEnforcement: ApplicationControlAttributeValue
"Trusted certificate"
trustedCertificate: ApplicationControlAttributeValue
}
"Severity level"
enum ApplicationControlSeverity {
"Indicates a high severity level"
HIGH
"Indicates a low severity level"
LOW
"Indicates a medium severity level"
MEDIUM
}
"Source traffic matching configuration"
type ApplicationControlSource {
"Country traffic matching criteria"
country: [CountryRef!]!
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Source traffic matching configuration"
input ApplicationControlSourceInput {
"Country traffic matching criteria"
country: [CountryRefInput!]! = []
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Source traffic matching configuration"
input ApplicationControlSourceUpdateInput {
"Country traffic matching criteria"
country: [CountryRefInput!]
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
"Tenant matching configuration"
type ApplicationControlTenant {
"Defines the operator used for comparisons"
operator: ApplicationControlOperator
"Specifies the comparison value"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRef
}
"Tenant matching configuration"
input ApplicationControlTenantInput {
"Defines the operator used for comparisons"
operator: ApplicationControlOperator = IS
"Specifies the comparison value"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRefInput
}
input ApplicationControlUpdateRuleDataInput {
"Defines application control settings. Must only be used when ruleType is APPLICATION"
applicationRule: ApplicationControlApplicationRuleUpdateInput
"Defines data control settings. Must only be used when ruleType is DATA"
dataRule: ApplicationControlDataRuleUpdateInput
description: String
enabled: Boolean
"Defines file control settings. Must only be used when ruleType is FILE"
fileRule: ApplicationControlFileRuleUpdateInput
name: String
"""
Determines which rule configuration to use.
When set to APPLICATION, only applicationRule should be used.
When set to DATA, only dataRule should be used.
When set to FILE, only fileRule should be used
"""
ruleType: ApplicationControlRuleType
}
input ApplicationControlUpdateRuleInput {
id: ID!
rule: ApplicationControlUpdateRuleDataInput!
}
"Application Type"
enum ApplicationType {
"Application"
APPLICATION
"Cloud Application type"
CLOUD_APPLICATION
"Service"
SERVICE
}
enum TlsInspectAction {
BYPASS
INSPECT
}
input TlsInspectAddRuleDataInput {
"Action to be taken on the traffic."
action: TlsInspectAction! = INSPECT
"Application matching criteria for."
application: TlsInspectApplicationInput! = {application: [], appCategory: [], country: [], customApp: [], customCategory: [], customServiceIp: [], domain: [], fqdn: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], customService: [], remoteAsn: [], service: [], tlsInspectCategory: []}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"Country traffic matching criteria."
country: [CountryRefInput!]! = []
description: String! = ""
"Device Profile traffic matching criteria."
devicePostureProfile: [DeviceProfileRefInput!]! = []
enabled: Boolean!
name: String!
"Operating System traffic matching criteria."
platform: [OperatingSystem!]! = []
"Source traffic matching criteria."
source: TlsInspectSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], subnet: [], ipRange: [], networkInterface: [], site: [], systemGroup: [], usersGroup: [], ip: [], siteNetworkSubnet: []}
"Action to be taken on the traffic when an untrusted certificate is detected."
untrustedCertificateAction: TlsInspectUntrustedCertificateAction! = ALLOW
}
input TlsInspectAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: TlsInspectAddRuleDataInput!
}
"Application match criteria set"
type TlsInspectApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Countries matching criteria for the rule"
country: [CountryRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53"
customService: [CustomService!]!
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8"
customServiceIp: [CustomServiceIp!]!
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]!
"Add the Service Type to which this TLS inspection rule applies"
service: [ServiceRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"System categories for TLS inspection policy"
tlsInspectCategory: [TlsInspectSystemCategory!]!
}
"Application match criteria set"
input TlsInspectApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Countries matching criteria for the rule"
country: [CountryRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53"
customService: [CustomServiceInput!]! = []
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8"
customServiceIp: [CustomServiceIpInput!]! = []
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]! = []
"Add the Service Type to which this TLS inspection rule applies"
service: [ServiceRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"System categories for TLS inspection policy"
tlsInspectCategory: [TlsInspectSystemCategory!]! = []
}
"Application match criteria set"
input TlsInspectApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Countries matching criteria for the rule"
country: [CountryRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53"
customService: [CustomServiceInput!]
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8"
customServiceIp: [CustomServiceIpInput!]
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]
"Add the Service Type to which this TLS inspection rule applies"
service: [ServiceRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"System categories for TLS inspection policy"
tlsInspectCategory: [TlsInspectSystemCategory!]
}
"Default rule settings for the TLS Inspection policy"
type TlsInspectConfig {
"Action to take on traffic that matches the default rule"
defaultRuleAction: TlsInspectAction!
"Action to take when an untrusted certificate is detected for traffic matching the default rule"
defaultRuleUntrustedCertificateAction: TlsInspectUntrustedCertificateAction!
}
input TlsInspectConfigInput {
"Action to take on traffic that matches the default rule"
defaultRuleAction: TlsInspectAction! = INSPECT
"Action to take when an untrusted certificate is detected for traffic matching the default rule"
defaultRuleUntrustedCertificateAction: TlsInspectUntrustedCertificateAction! = ALLOW
}
type TlsInspectPolicy implements IPolicy {
additionalAttributes: TlsInspectConfig
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [TlsInspectRulePayload!]!
sections: [PolicySectionPayload!]!
}
input TlsInspectPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input TlsInspectPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type TlsInspectPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: TlsInspectPolicy
status: PolicyMutationStatus!
}
type TlsInspectPolicyMutations {
addRule(input: TlsInspectAddRuleInput!): TlsInspectRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): TlsInspectPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): TlsInspectPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): TlsInspectRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): TlsInspectPolicyMutationPayload! @beta
removeRule(input: TlsInspectRemoveRuleInput!): TlsInspectRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: TlsInspectPolicyUpdateInput!): TlsInspectPolicyMutationPayload! @beta
updateRule(input: TlsInspectUpdateRuleInput!): TlsInspectRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type TlsInspectPolicyQueries {
policy(input: TlsInspectPolicyInput): TlsInspectPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input TlsInspectPolicyUpdateInput {
additionalAttributes: TlsInspectConfigInput
state: PolicyToggleState
}
input TlsInspectRemoveRuleInput {
id: ID!
}
type TlsInspectRule implements IPolicyRule {
"Action to be taken on the traffic."
action: TlsInspectAction!
"Application matching criteria for."
application: TlsInspectApplication!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"Country traffic matching criteria."
country: [CountryRef!]!
"Description for the rule"
description: String!
"Device Profile traffic matching criteria."
devicePostureProfile: [DeviceProfileRef!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Operating System traffic matching criteria."
platform: [OperatingSystem!]!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Source traffic matching criteria."
source: TlsInspectSource!
"Action to be taken on the traffic when an untrusted certificate is detected."
untrustedCertificateAction: TlsInspectUntrustedCertificateAction!
}
type TlsInspectRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: TlsInspectRulePayload
status: PolicyMutationStatus!
}
type TlsInspectRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: TlsInspectRule!
}
"Returns the settings for Source of an TLS inspection rule"
type TlsInspectSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an TLS inspection rule"
input TlsInspectSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an TLS inspection rule"
input TlsInspectSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
enum TlsInspectUntrustedCertificateAction {
ALLOW
BLOCK
PROMPT
}
input TlsInspectUpdateRuleDataInput {
"Action to be taken on the traffic."
action: TlsInspectAction
"Application matching criteria for."
application: TlsInspectApplicationUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"Country traffic matching criteria."
country: [CountryRefInput!]
description: String
"Device Profile traffic matching criteria."
devicePostureProfile: [DeviceProfileRefInput!]
enabled: Boolean
name: String
"Operating System traffic matching criteria."
platform: [OperatingSystem!]
"Source traffic matching criteria."
source: TlsInspectSourceUpdateInput
"Action to be taken on the traffic when an untrusted certificate is detected."
untrustedCertificateAction: TlsInspectUntrustedCertificateAction
}
input TlsInspectUpdateRuleInput {
id: ID!
rule: TlsInspectUpdateRuleDataInput!
}
"""
A reference identifying the AiSecurityDataProfile object. ID: Unique AiSecurityDataProfile Identifier, Name: The AiSecurityDataProfile Name
TODO: rename data to Content
"""
type AiSecurityDataProfileRef implements ObjectRef {
id: ID!
name: String!
}
"A reference identifying the Guard object. ID: Unique Guard Identifier, Name: The Guard Name"
type AiSecurityGuardRef implements ObjectRef {
id: ID!
name: String!
}
enum SocketAddOnType {
FOUR_10G_FIBER
FOUR_1G_COPPER
TWO_10G_FIBER
TWO_1G_FIBER
}
type SocketAddOnCard {
expansionSlotNumber: SocketAddOnExpansionSlotNumber!
type: SocketAddOnType!
}
input SocketAddOnCardInput {
expansionSlotNumber: SocketAddOnExpansionSlotNumber!
type: SocketAddOnType!
}
enum SocketAddOnExpansionSlotNumber {
SLOT_1
SLOT_2
}
type AddSocketAddOnCardPayload {
addOns: [SocketAddOnCard!]!
}
input AddSocketAddOnCardInput {
addOns: [SocketAddOnCardInput!]!
site: SiteRefInput!
}
type RemoveSocketAddOnCardPayload {
addOns: [SocketAddOnCard!]!
}
input RemoveSocketAddOnCardInput {
expansionSlotNumbers: [SocketAddOnExpansionSlotNumber!]!
site: SiteRefInput!
}
"Specifies the level of protection against tampering"
enum AntiTamperModeEnum {
"Tampering attempts are logged, but changes are permitted"
MONITOR
"No protection. Users are allowed to make changes"
OFF
"Changes are blocked. Users are not allowed to make modifications"
PROTECT
}
"The action applied by the client connectivity if the rule is matched"
enum ClientConnectivityActionEnum {
"Allow WAN and Internet"
ALLOW
"Allow Internet"
ALLOW_INTERNET
"Block"
BLOCK
}
input ClientConnectivityAddRuleDataInput {
"The action applied by the client connectivity if the rule is matched"
action: ClientConnectivityActionEnum! = ALLOW
"User confidence level"
confidenceLevel: ClientConnectivityConfidenceLevelEnum! = HIGH
"""
Connection origin matching criteria.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
connectionOrigin: [ClientConnectivityOriginEnum!]! = []
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
enabled: Boolean!
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]! = []
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ClientConnectivitySourceInput! = {user: [], usersGroup: []}
"Public ISP IP Range matching criteria."
sourceRange: [ClientConnectivitySourceRangeInput!]! = []
}
input ClientConnectivityAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: ClientConnectivityAddRuleDataInput!
}
"Describe how reliable the user's authentication is"
enum ClientConnectivityConfidenceLevelEnum {
"The user has authenticated the Client and the Cato token is either valid or expired"
ANY
"High Confidence - User authenticated and the token is valid"
HIGH
"Low Confidence - User authenticated, but the token has expired"
LOW
}
"Defines Origin of the connection"
enum ClientConnectivityOriginEnum {
"Any connection origin"
ANY
"User is connecting from the client"
REMOTE
"User is connecting from the browser extension"
REMOTE_EXTENSION
}
type ClientConnectivityPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [ClientConnectivityRulePayload!]!
sections: [PolicySectionPayload!]!
}
input ClientConnectivityPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input ClientConnectivityPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type ClientConnectivityPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: ClientConnectivityPolicy
status: PolicyMutationStatus!
}
type ClientConnectivityPolicyMutations {
addRule(input: ClientConnectivityAddRuleInput!): ClientConnectivityRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): ClientConnectivityPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): ClientConnectivityPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): ClientConnectivityRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): ClientConnectivityPolicyMutationPayload! @beta
removeRule(input: ClientConnectivityRemoveRuleInput!): ClientConnectivityRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: ClientConnectivityPolicyUpdateInput!): ClientConnectivityPolicyMutationPayload! @beta
updateRule(input: ClientConnectivityUpdateRuleInput!): ClientConnectivityRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type ClientConnectivityPolicyQueries {
policy(input: ClientConnectivityPolicyInput): ClientConnectivityPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input ClientConnectivityPolicyUpdateInput {
state: PolicyToggleState
}
input ClientConnectivityRemoveRuleInput {
id: ID!
}
type ClientConnectivityRule implements IPolicyRule {
"The action applied by the client connectivity if the rule is matched"
action: ClientConnectivityActionEnum!
"User confidence level"
confidenceLevel: ClientConnectivityConfidenceLevelEnum!
"""
Connection origin matching criteria.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
connectionOrigin: [ClientConnectivityOriginEnum!]!
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ClientConnectivitySource!
"Public ISP IP Range matching criteria."
sourceRange: [ClientConnectivitySourceRange!]!
}
type ClientConnectivityRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: ClientConnectivityRulePayload
status: PolicyMutationStatus!
}
type ClientConnectivityRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: ClientConnectivityRule!
}
"Users or user groups that the policy will apply on"
type ClientConnectivitySource {
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Users or user groups that the policy will apply on"
input ClientConnectivitySourceInput {
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Public ISP IP Range for source matching"
type ClientConnectivitySourceRange {
"Globally defined IP range"
globalIpRange: GlobalIpRangeRef!
}
"Public ISP IP Range for source matching"
input ClientConnectivitySourceRangeInput {
"Globally defined IP range"
globalIpRange: GlobalIpRangeRefInput!
}
"Users or user groups that the policy will apply on"
input ClientConnectivitySourceUpdateInput {
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input ClientConnectivityUpdateRuleDataInput {
"The action applied by the client connectivity if the rule is matched"
action: ClientConnectivityActionEnum
"User confidence level"
confidenceLevel: ClientConnectivityConfidenceLevelEnum
"""
Connection origin matching criteria.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
connectionOrigin: [ClientConnectivityOriginEnum!]
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
enabled: Boolean
name: String
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ClientConnectivitySourceUpdateInput
"Public ISP IP Range matching criteria."
sourceRange: [ClientConnectivitySourceRangeInput!]
}
input ClientConnectivityUpdateRuleInput {
id: ID!
rule: ClientConnectivityUpdateRuleDataInput!
}
input DynamicIpAllocationAddRuleDataInput {
country: [CountryRefInput!]! = []
description: String! = ""
enabled: Boolean!
name: String!
platform: [OperatingSystem!]! = []
range: DynamicIpAllocationRangeInput!
source: DynamicIpAllocationSourceInput! = {user: [], usersGroup: []}
}
input DynamicIpAllocationAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: DynamicIpAllocationAddRuleDataInput!
}
type DynamicIpAllocationPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [DynamicIpAllocationRulePayload!]!
sections: [PolicySectionPayload!]!
}
input DynamicIpAllocationPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input DynamicIpAllocationPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type DynamicIpAllocationPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: DynamicIpAllocationPolicy
status: PolicyMutationStatus!
}
type DynamicIpAllocationPolicyMutations {
addRule(input: DynamicIpAllocationAddRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): DynamicIpAllocationPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): DynamicIpAllocationPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): DynamicIpAllocationPolicyMutationPayload! @beta
removeRule(input: DynamicIpAllocationRemoveRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: DynamicIpAllocationPolicyUpdateInput!): DynamicIpAllocationPolicyMutationPayload! @beta
updateRule(input: DynamicIpAllocationUpdateRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type DynamicIpAllocationPolicyQueries {
policy(input: DynamicIpAllocationPolicyInput): DynamicIpAllocationPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input DynamicIpAllocationPolicyUpdateInput {
state: PolicyToggleState
}
type DynamicIpAllocationRange {
globalIpRange: GlobalIpRangeRef!
}
input DynamicIpAllocationRangeInput {
globalIpRange: GlobalIpRangeRefInput!
}
input DynamicIpAllocationRangeUpdateInput {
globalIpRange: GlobalIpRangeRefInput
}
input DynamicIpAllocationRemoveRuleInput {
id: ID!
}
type DynamicIpAllocationRule implements IPolicyRule {
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
platform: [OperatingSystem!]!
range: DynamicIpAllocationRange!
"Policy section where the rule is located"
section: PolicySectionInfo!
source: DynamicIpAllocationSource!
}
type DynamicIpAllocationRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: DynamicIpAllocationRulePayload
status: PolicyMutationStatus!
}
type DynamicIpAllocationRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: DynamicIpAllocationRule!
}
type DynamicIpAllocationSource {
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input DynamicIpAllocationSourceInput {
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input DynamicIpAllocationSourceUpdateInput {
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
input DynamicIpAllocationUpdateRuleDataInput {
country: [CountryRefInput!]
description: String
enabled: Boolean
name: String
platform: [OperatingSystem!]
range: DynamicIpAllocationRangeUpdateInput
source: DynamicIpAllocationSourceUpdateInput
}
input DynamicIpAllocationUpdateRuleInput {
id: ID!
rule: DynamicIpAllocationUpdateRuleDataInput!
}
"The action applied by the split tunnel if the rule is matched"
enum SplitTunnelActionEnum {
"Route all traffic to Cato - Will be Deprecated by ROUTE_ALL_TO_CATO_EXCEPT"
EXCLUDE
"Route all traffic Out-of-Tunnel - Will be Deprecated by ROUTE_ONLY_SELECTED"
INCLUDE
OFF
"Route all traffic to Cato - Not yet supported"
ROUTE_ALL_TO_CATO_EXCEPT
"Route all traffic Out-of-Tunnel - Not yet supported"
ROUTE_ONLY_SELECTED
"User choose routing preference"
USER_DEFINED
}
input SplitTunnelAddRuleDataInput {
"The action applied by the split tunnel if the rule is matched"
action: SplitTunnelActionEnum! = EXCLUDE
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
coverage: SplitTunnelCoverageEnum = ALL
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SplitTunnelDestinationInput! = {application: [], globalIpRange: []}
dnsExclusion: SplitTunnelDnsExclusionInput = {domain: []}
enabled: Boolean!
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]! = []
routingPriority: SplitTunnelRoutingPriorityEnum! = LAN
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SplitTunnelSourceInput! = {user: [], usersGroup: []}
sourceNetwork: SplitTunnelSourceNetworkInput! = {sourceNetworkType: ANY}
}
input SplitTunnelAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: SplitTunnelAddRuleDataInput!
}
enum SplitTunnelCoverageEnum {
"All Ports and Protocols"
ALL
"Web-only (PAC based)"
WEB_ONLY
}
"Destination match criteria set"
type SplitTunnelDestination {
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Globally defined IP range"
globalIpRange: [GlobalIpRangeRef!]!
}
"Destination match criteria set"
input SplitTunnelDestinationInput {
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Globally defined IP range"
globalIpRange: [GlobalIpRangeRefInput!]! = []
}
"Destination match criteria set"
input SplitTunnelDestinationUpdateInput {
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Globally defined IP range"
globalIpRange: [GlobalIpRangeRefInput!]
}
type SplitTunnelDnsExclusion {
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]!
}
input SplitTunnelDnsExclusionInput {
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]! = []
}
input SplitTunnelDnsExclusionUpdateInput {
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]
}
type SplitTunnelPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [SplitTunnelRulePayload!]!
sections: [PolicySectionPayload!]!
}
input SplitTunnelPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input SplitTunnelPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type SplitTunnelPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: SplitTunnelPolicy
status: PolicyMutationStatus!
}
type SplitTunnelPolicyMutations {
addRule(input: SplitTunnelAddRuleInput!): SplitTunnelRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): SplitTunnelPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): SplitTunnelPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): SplitTunnelRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): SplitTunnelPolicyMutationPayload! @beta
removeRule(input: SplitTunnelRemoveRuleInput!): SplitTunnelRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: SplitTunnelPolicyUpdateInput!): SplitTunnelPolicyMutationPayload! @beta
updateRule(input: SplitTunnelUpdateRuleInput!): SplitTunnelRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type SplitTunnelPolicyQueries {
policy(input: SplitTunnelPolicyInput): SplitTunnelPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input SplitTunnelPolicyUpdateInput {
state: PolicyToggleState
}
input SplitTunnelRemoveRuleInput {
id: ID!
}
"The action applied by the split tunnel if the rule is matched"
enum SplitTunnelRoutingPriorityEnum {
LAN
TUNNEL
}
type SplitTunnelRule implements IPolicyRule {
"The action applied by the split tunnel if the rule is matched"
action: SplitTunnelActionEnum!
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
coverage: SplitTunnelCoverageEnum
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SplitTunnelDestination!
dnsExclusion: SplitTunnelDnsExclusion
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]!
routingPriority: SplitTunnelRoutingPriorityEnum!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SplitTunnelSource!
sourceNetwork: SplitTunnelSourceNetwork!
}
type SplitTunnelRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SplitTunnelRulePayload
status: PolicyMutationStatus!
}
type SplitTunnelRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SplitTunnelRule!
}
"Returns the settings for Source of an Split Tunnel rule"
type SplitTunnelSource {
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Split Tunnel rule"
input SplitTunnelSourceInput {
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
type SplitTunnelSourceNetwork {
sourceNetworkType: SplitTunnelSourceNetworkTypeEnum!
}
input SplitTunnelSourceNetworkInput {
sourceNetworkType: SplitTunnelSourceNetworkTypeEnum! = ANY
}
enum SplitTunnelSourceNetworkTypeEnum {
ANY
"Any Managed Network"
ANY_MANAGED_NETWORK
"Any Unmanaged Network"
ANY_UNMANAGED_NETWORK
}
input SplitTunnelSourceNetworkUpdateInput {
sourceNetworkType: SplitTunnelSourceNetworkTypeEnum
}
"Input of the settings for Source of an Split Tunnel rule"
input SplitTunnelSourceUpdateInput {
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input SplitTunnelUpdateRuleDataInput {
"The action applied by the split tunnel if the rule is matched"
action: SplitTunnelActionEnum
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
coverage: SplitTunnelCoverageEnum
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SplitTunnelDestinationUpdateInput
dnsExclusion: SplitTunnelDnsExclusionUpdateInput
enabled: Boolean
name: String
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]
routingPriority: SplitTunnelRoutingPriorityEnum
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SplitTunnelSourceUpdateInput
sourceNetwork: SplitTunnelSourceNetworkUpdateInput
}
input SplitTunnelUpdateRuleInput {
id: ID!
rule: SplitTunnelUpdateRuleDataInput!
}
input TerminalServerAddRuleDataInput {
"""
Allowed Host IP range.
all the other IPs will be blocked by the pop.
Globally defined IP range
"""
allowedHostIP: GlobalIpRangeRefInput!
description: String! = ""
enabled: Boolean!
"""
Exclude traffic IP Range.
all traffic to those Ips will be excluded from the GRE tunnel.
Globally defined IP range
"""
excludeTraffic: [GlobalIpRangeRefInput!]! = []
name: String!
}
input TerminalServerAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: TerminalServerAddRuleDataInput!
}
type TerminalServerPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [TerminalServerRulePayload!]!
sections: [PolicySectionPayload!]!
}
input TerminalServerPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input TerminalServerPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type TerminalServerPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: TerminalServerPolicy
status: PolicyMutationStatus!
}
type TerminalServerPolicyMutations {
addRule(input: TerminalServerAddRuleInput!): TerminalServerRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): TerminalServerPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): TerminalServerPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): TerminalServerRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): TerminalServerPolicyMutationPayload! @beta
removeRule(input: TerminalServerRemoveRuleInput!): TerminalServerRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: TerminalServerPolicyUpdateInput!): TerminalServerPolicyMutationPayload! @beta
updateRule(input: TerminalServerUpdateRuleInput!): TerminalServerRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type TerminalServerPolicyQueries {
policy(input: TerminalServerPolicyInput): TerminalServerPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input TerminalServerPolicyUpdateInput {
state: PolicyToggleState
}
input TerminalServerRemoveRuleInput {
id: ID!
}
type TerminalServerRule implements IPolicyRule {
"""
Allowed Host IP range.
all the other IPs will be blocked by the pop.
Globally defined IP range
"""
allowedHostIP: GlobalIpRangeRef!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
Exclude traffic IP Range.
all traffic to those Ips will be excluded from the GRE tunnel.
Globally defined IP range
"""
excludeTraffic: [GlobalIpRangeRef!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
}
type TerminalServerRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: TerminalServerRulePayload
status: PolicyMutationStatus!
}
type TerminalServerRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: TerminalServerRule!
}
input TerminalServerUpdateRuleDataInput {
"""
Allowed Host IP range.
all the other IPs will be blocked by the pop.
Globally defined IP range
"""
allowedHostIP: GlobalIpRangeRefInput
description: String
enabled: Boolean
"""
Exclude traffic IP Range.
all traffic to those Ips will be excluded from the GRE tunnel.
Globally defined IP range
"""
excludeTraffic: [GlobalIpRangeRefInput!]
name: String
}
input TerminalServerUpdateRuleInput {
id: ID!
rule: TerminalServerUpdateRuleDataInput!
}
input ZtnaAlwaysOnAddRuleDataInput {
"The action applied by the Always On rule"
action: ZtnaAlwaysOnRuleActionEnum! = ENFORCE
"Allow Direct internet access until a connection to the pop is established"
allowFailOpen: Boolean! = false
"Allow user to bypass Always On"
allowUserBypass: Boolean! = false
"Specifies the level of protection against tampering"
antiTamperMode: AntiTamperModeEnum = OFF
"Bypass disconnection duration"
bypassDuration: ZtnaAlwaysOnTimeInput!
description: String! = ""
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
devicePostureProfile: [DeviceProfileRefInput!]! = []
enabled: Boolean!
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]! = []
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ZtnaAlwaysOnSourceInput! = {user: [], usersGroup: []}
}
input ZtnaAlwaysOnAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: ZtnaAlwaysOnAddRuleDataInput!
}
type ZtnaAlwaysOnPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [ZtnaAlwaysOnRulePayload!]!
sections: [PolicySectionPayload!]!
}
input ZtnaAlwaysOnPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input ZtnaAlwaysOnPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type ZtnaAlwaysOnPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: ZtnaAlwaysOnPolicy
status: PolicyMutationStatus!
}
type ZtnaAlwaysOnPolicyMutations {
addRule(input: ZtnaAlwaysOnAddRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): ZtnaAlwaysOnPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): ZtnaAlwaysOnPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): ZtnaAlwaysOnPolicyMutationPayload! @beta
removeRule(input: ZtnaAlwaysOnRemoveRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: ZtnaAlwaysOnPolicyUpdateInput!): ZtnaAlwaysOnPolicyMutationPayload! @beta
updateRule(input: ZtnaAlwaysOnUpdateRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type ZtnaAlwaysOnPolicyQueries {
policy(input: ZtnaAlwaysOnPolicyInput): ZtnaAlwaysOnPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input ZtnaAlwaysOnPolicyUpdateInput {
state: PolicyToggleState
}
input ZtnaAlwaysOnRemoveRuleInput {
id: ID!
}
type ZtnaAlwaysOnRule implements IPolicyRule {
"The action applied by the Always On rule"
action: ZtnaAlwaysOnRuleActionEnum!
"Allow Direct internet access until a connection to the pop is established"
allowFailOpen: Boolean!
"Allow user to bypass Always On"
allowUserBypass: Boolean!
"Specifies the level of protection against tampering"
antiTamperMode: AntiTamperModeEnum
"Bypass disconnection duration"
bypassDuration: ZtnaAlwaysOnTime!
"Description for the rule"
description: String!
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
devicePostureProfile: [DeviceProfileRef!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ZtnaAlwaysOnSource!
}
"The action applied by the Always on policy if the rule is matched"
enum ZtnaAlwaysOnRuleActionEnum {
"Enforce always on policy."
ENFORCE
"On demand always on policy."
IGNORE
}
type ZtnaAlwaysOnRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: ZtnaAlwaysOnRulePayload
status: PolicyMutationStatus!
}
type ZtnaAlwaysOnRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: ZtnaAlwaysOnRule!
}
"Returns the settings for Source of an Always On rule"
type ZtnaAlwaysOnSource {
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Always On rule"
input ZtnaAlwaysOnSourceInput {
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Always On rule"
input ZtnaAlwaysOnSourceUpdateInput {
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
"Return the disconnection duration time"
type ZtnaAlwaysOnTime {
"Duration time value"
time: Int!
"Time unit for the duration"
unit: ZtnaAlwaysOnTimeUnit!
}
"Return the disconnection duration time"
input ZtnaAlwaysOnTimeInput {
"Duration time value"
time: Int!
"Time unit for the duration"
unit: ZtnaAlwaysOnTimeUnit! = MINUTES
}
"Return the time unit of the duration time"
enum ZtnaAlwaysOnTimeUnit {
"Time in hours"
HOURS
"Time in minutes"
MINUTES
}
"Return the disconnection duration time"
input ZtnaAlwaysOnTimeUpdateInput {
"Duration time value"
time: Int
"Time unit for the duration"
unit: ZtnaAlwaysOnTimeUnit
}
input ZtnaAlwaysOnUpdateRuleDataInput {
"The action applied by the Always On rule"
action: ZtnaAlwaysOnRuleActionEnum
"Allow Direct internet access until a connection to the pop is established"
allowFailOpen: Boolean
"Allow user to bypass Always On"
allowUserBypass: Boolean
"Specifies the level of protection against tampering"
antiTamperMode: AntiTamperModeEnum
"Bypass disconnection duration"
bypassDuration: ZtnaAlwaysOnTimeUpdateInput
description: String
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
devicePostureProfile: [DeviceProfileRefInput!]
enabled: Boolean
name: String
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ZtnaAlwaysOnSourceUpdateInput
}
input ZtnaAlwaysOnUpdateRuleInput {
id: ID!
rule: ZtnaAlwaysOnUpdateRuleDataInput!
}