"""
The @beta directive is used within the type system definition language to indicate beta portions of a
GraphQL service's schema, such as beta fields, enum values, arguments or input fields.
"""
directive @beta on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE | OBJECT
"""
The @ga directive is used within the type system definition language to indicate GA portions of a
GraphQL service's schema, such as GA fields, enum values, arguments or input fields.
"""
directive @ga on FIELD_DEFINITION
"""
The @ea directive is used within the type system definition language to indicate EA portions of a
GraphQL service's schema.
"""
directive @ea on FIELD_DEFINITION
"""
The @rollout directive is used within the type system definition language to indicate portions of a
GraphQL service's schema that is gradually rolling out. This APIs will be available to all accounts after a few weeks.
"""
directive @rollout on FIELD_DEFINITION
type Query {
accountBySubdomain(
accountID: ID!
"""a list of required subdomains"""
subdomains: [String!]!
): [AccountDataPayload!] @ga
accountManagement(accountId: ID!): AccountManagementQueries
"""
The accountMetrics query helps you analyze the state and quality of the connections
of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS
tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics,
statics, and analytics for the account.
"""
accountMetrics(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
"""
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory.
"""
timeFrame: TimeFrame!
"""
When the boolean argument groupInterfaces is set to __true__, then the data for all the
interfaces are aggregated to a single interface.
"""
groupInterfaces: Boolean
"""
When the boolean argument groupDevices is set to __true__, then the analytics for all the
Sockets (usually two in high availability) are aggregated as one result.
For the best results for aggregated Sockets, we recommend that there is consistent
names and functionality (for example Destination) for the links on both Sockets.
"""
groupDevices: Boolean
): AccountMetrics @ga
accountRoles(accountID: ID!, accountType: AccountType): AccountRolesResult! @ga
"""
Current snapshot-based metrics that show near real‑time data for the account.
Provides analytics that are similar to the Topology page for the account.
"""
accountSnapshot(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
): AccountSnapshot @ga
admin(accountId: ID!, adminID: ID!): GetAdminPayload @ga
admins(accountID: ID!, limit: Int = 50, from: Int = 0, search: String = "", sort: [SortInput], adminIDs: [ID!]): AdminsResult @ga
"BETA"
appStats(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
postAggFilters: [AppStatsPostAggFilter!]
sort: [AppStatsSort!]
): AppStats @ga
"BETA"
appStatsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
): AppStatsTimeSeries @ga
"""Audit Feed for account changes"""
auditFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
ids: [ID!] @deprecated(reason: "by accountIDs")
timeFrame: TimeFrame!
filters: [AuditFieldFilterInput!]
"Marker to use to get results from"
marker: String
): AuditFeed @ga
catalogs(accountId: ID!): CatalogQueries
container(accountId: ID!): ContainerQueries
devices(accountId: ID!): DevicesQueries! @beta
enterpriseDirectory(accountId: ID!): EnterpriseDirectoryQueries @ea
"""Lookup entities with a specific type, potentially filtered and paged"""
entityLookup(
"""The account ID (or 0 for non-authenticated requests)"""
accountID: ID!
"""Type of entity to lookup for"""
type: EntityType!
"""Sets the maximum number of items to retrieve"""
limit: Int = 50
"""Sets the offset number of items (for paging)"""
from: Int = 0
"""
Return items under a parent entity (can be site, vpn user, etc),
used to filter for networks that belong to a specific site for example
"""
parent: EntityInput
"""
Adds additional search parameters for the lookup. Available options:
country lookup: "removeExcluded" to return only allowed countries
countryState lookup: country code ("US", "CN", etc) to get country's states
"""
search: String = ""
"""
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not
universally available, and may not be applicable specific Entity types. If used on non applicable entity
type, an error will be generated.
"""
entityIDs: [ID!]
"""
Adds additional sort criteria(s) for the lookup.
This option is not universally available, and may not be applicable specific Entity types.
"""
sort: [SortInput]
"""Custom filters for entityLookup"""
filters: [LookupFilterInput]
"""Additional helper fields"""
helperFields: [String!]
): EntityLookupResult! @ga
events(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
postAggFilters: [EventsPostAggFilter!]
sort: [EventsSort!]
): Events @ga
"""Event Feed for events paged by a topic partitions offsets marker"""
eventsFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
filters: [EventFeedFieldFilterInput!]
"Marker to use to get results from"
marker: String
): EventsFeedData @ga
eventsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
): EventsTimeSeries @ga
"""Fetch group configuration for your account"""
groups(accountId: ID!): GroupsQueries
hardware(accountId: ID!): HardwareQueries
"""Retrieve the account hardware inventory"""
hardwareManagement(accountId: ID!): HardwareManagementQueries
"""Retrieve the account(s) license inventory and license consumption"""
licensing(accountId: ID!): LicensingQueries
policy(accountId: ID!): PolicyQueries
popLocations(accountId: ID!): PopLocationQueries
sandbox(accountId: ID!): SandboxQueries @rollout
servicePrincipalAdmin(accountId: ID!, adminID: ID!): GetServicePrincipalAdminPayload @ga
site(accountId: ID!): SiteQueries!
"""
Provides historical metrics for physical and logical interfaces on Cato Sockets.
This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
"""
socketPortMetrics(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [SocketPortMetricsMeasure]
dimensions: [SocketPortMetricsDimension]
filters: [SocketPortMetricsFilter!]
postAggFilters: [SocketPortMetricsPostAggFilter!]
sort: [SocketPortMetricsSort!]
): SocketPortMetrics @ga
"""
Provides historical time series metrics for physical and logical interfaces on Cato Sockets.
This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
"""
socketPortMetricsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [SocketPortMetricsMeasure]
dimensions: [SocketPortMetricsDimension]
filters: [SocketPortMetricsFilter!]
): SocketPortMetricsTimeSeries @ga
"""
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
1. Regular account - Return only 1 subdomain relating to the regular account
2. Reseller account - Return all subdomains including the reseller account subdomain
3. Reseller account - Return only the reseller account subdomain
"""
subDomains(
"""Unique Identifier of Account"""
accountID: ID!
"""
When the boolean argument managedAccount is set to true (default), then the query returns all subdomains related to the account
"""
managedAccount: Boolean
): [SubDomain!]! @ga
xdr(accountID: ID!): XDR!
}
type Mutation {
accountManagement(accountId: ID!): AccountManagementMutations
admin(accountId: ID!): AdminMutations!
container(accountId: ID!): ContainerMutations
enterpriseDirectory(accountId: ID!): EnterpriseDirectoryMutations @ea
"""Mutations for creating, updating, or deleting groups"""
groups(accountId: ID!): GroupsMutations
hardware(accountId: ID!): HardwareMutations
licensing(accountId: ID!): LicensingMutations
policy(accountId: ID!): PolicyMutations
sandbox(accountId: ID!): SandboxMutations @rollout
site(accountId: ID!): SiteMutations!
sites(accountId: ID!): SiteMutations! @deprecated(reason: "in favor of site")
xdr(accountId: ID!): XdrMutations!
}
"""
The `MicrosoftEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.
"""
type MicrosoftEndpoint implements Endpoint & MergedIncident {
alerts: [MicrosoftDefenderEndpointAlert!]!
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
device: MicrosoftDeviceDetails
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
firstSignal: DateTime!
id: ID!
indication: String!
lastSignal: DateTime!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
tags: [String!]!
ticket: String
user: UserRef
vendor: VendorEnum
}
"""
The `MicrosoftDeviceDetails` object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.
"""
type MicrosoftDeviceDetails implements DeviceDetails {
avStatus: DeviceAvStatusEnum
azureAdDeviceId: String
deviceName: String
externalIp: String
firstSeenDateTime: DateTime
healthStatus: DeviceHealthStatusEnum
id: ID!
ipInterfaces: [String!]!
localIp: String
loggedOnUsers: [EndpointUser!]!
onboardingStatus: OnboardingStatusEnum
osDetails: OsDetails
rbacGroup: RbacGroup
}
enum OnboardingStatusEnum {
CAN_BE_ONBOARDED
INSUFFICIENT_INFO
ONBOARDED
}
"""
The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.
"""
type MicrosoftEndpointUser implements EndpointUser {
accountName: String
domainName: String
id: ID!
name: String!
principalName: String
userSid: String
}
"""
The `MicrosoftDefenderEndpointAlert` object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.
"""
type MicrosoftDefenderEndpointAlert implements EndpointAlert {
activities: [MicrosoftActivity!]!
alertWebUrl: String
category: String
classification: AlertClassificationEnum
comments: [String!]!
createdDateTime: DateTime
criticality: Int
description: String
destinationIp: String
destinationUrl: String
detectionSource: DetectionSourceEnum
determination: AlertDeterminationEnum
externalIp: String
firstActivityDateTime: DateTime
id: ID!
lastActivityDateTime: DateTime
lastUpdateDateTime: DateTime
localIp: String
mitreSubTechnique: [Mitre!]!
mitreTechnique: [Mitre!]!
ownerName: String
providerAlertId: String
recommendedActions: String
resolvedDateTime: DateTime
resources: [MicrosoftEndpointResource!]!
status: MsAlertStatus
threatFamilyName: String
threatName: String
threatType: String
title: String
}
interface MicrosoftEndpointResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
tags: [String!]!
roles: [ResourceRoleEnum!]!
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.
"""
type MicrosoftProcessResource implements ProcessResource & MicrosoftEndpointResource & EndpointResource {
action: String
createdDateTime: DateTime
id: ID!
imageFile: FileDetails
processCommandLine: String
processId: Int!
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
userAccount: EndpointUser
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftFileResource` object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.
"""
type MicrosoftFileResource implements FileResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
detectionStatus: DetectionStatusEnum
fileDetails: FileDetails
id: ID!
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
"""
type MicrosoftRegistryResource implements RegistryResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
hive: String
id: ID!
key: String
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
value: String
valueName: String
valueType: String
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftNetworkResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
"""
type MicrosoftNetworkResource implements MicrosoftEndpointResource & NetworkResource & EndpointResource {
action: String
createdDateTime: DateTime
destinationIp: String
destinationPort: Int
dnsRequest: String
dnsResponse: String
id: ID!
method: String
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
sourcePort: Int
tags: [String!]!
url: String
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftActivity` object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.
"""
type MicrosoftActivity implements Activity {
action: String
firstActivityDateTime: DateTime
id: ID!
lastActivityDateTime: DateTime
parentResourceId: ID!
resourceId: ID!
}
type RbacGroup {
id: ID!
name: String
}
enum MsAlertStatus {
IN_PROGRESS
NEW
RESOLVED
}
enum DetectionSourceEnum {
ANTIVIRUS
APP_GOVERNANCE_DETECTION
APP_GOVERNANCE_POLICY
AUTOMATED_INVESTIGATION
AZURE_AD_IDENTITY_PROTECTION
CLOUD_APP_SECURITY
CUSTOM_DETECTION
CUSTOM_TI
MANUAL
MICROSOFT_DATA_LOSS_PREVENTION
MICROSOFT_DEFENDER_FOR_ENDPOINT
MICROSOFT_DEFENDER_FOR_IDENTITY
MICROSOFT_DEFENDER_FOR_OFFICE365
MICROSOFT_THREAT_EXPERTS
MICROSOFT365_DEFENDER
SMART_SCREEN
}
enum AlertClassificationEnum {
FALSE_POSITIVE
INFORMATIONAL_EXPECTED_ACTIVITY
TRUE_POSITIVE
}
enum AlertDeterminationEnum {
APT
COMPROMISED_ACCOUNT
CONFIRMED_ACTIVITY
LINE_OF_BUSINESS_APPLICATION
MALICIOUS_USER_ACTIVITY
MALWARE
MULTI_STAGED_ATTACK
NOT_ENOUGH_DATA_TO_VALIDATE
NOT_MALICIOUS
OTHER
PHISHING
SECURITY_PERSONNEL
SECURITY_TESTING
UNWANTED_SOFTWARE
}
enum MsResourceVerdictEnum {
Benign
Informational
Malicious
Suspicious
}
type XDR {
"""
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
"""
stories(input: StoryInput!): StoriesData @beta
"""
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
"""
story(storyId: ID, producer: StoryProducerEnum, incidentId: ID): Story @beta
}
type XdrMutations {
"""Post comments that help track the story investigation"""
addStoryComment(input: AddStoryCommentInput!): AddStoryCommentPayload @beta
"""
Manage Story Actions, such as the story Verdict, Type, and Classification. You can also enter Additional Info that is relevant to the story.
"""
analystFeedback(input: AnalystFeedbackInput!): AnalystFeedbackPayload @beta
"""Delete a previously posted comment using the comment ID."""
deleteStoryComment(input: DeleteStoryCommentInput!): DeleteStoryCommentPayload @beta
}
type AnalystFeedbackPayload {
"""
Data related to the actions and information that an analyst adds to the XDR story
"""
story: Story
}
type AddStoryCommentPayload {
"""Add a new comment to the XDR story"""
comment: StoryComment!
}
type DeleteStoryCommentPayload {
"""Delete an existing comment from an XDR story"""
comment: StoryComment!
}
input AddStoryCommentInput {
"""The relevant Story"""
storyId: ID!
"""Enter the text for the XDR story comment"""
text: String!
}
input DeleteStoryCommentInput {
"""The comment ID"""
commentId: ID!
"""The relevant Story"""
storyId: ID!
}
type ThreatClassificationRef implements ObjectRef {
id: ID!
name: String!
}
type ThreatTypeRef implements ObjectRef {
id: ID!
name: String!
}
type AllowlistRuleRef implements ObjectRef {
id: ID!
name: String!
}
type ResponsePolicyRuleRef implements ObjectRef {
id: ID!
name: String!
}
input AnalystFeedbackInput {
"""
Free text for the analyst to enter additional information about the XDR story
"""
additionalInfo: String
"""Enum for analyst to assign the severity of a Malicious XDR story"""
severity: SeverityEnum
"""Enum for the current status of the XDR story."""
status: StoryStatusEnum
"""The relevant Story"""
storyId: ID!
"""
More detailed description of the type of threat. For example, the Anonymizer threatType can be assigned the Bitorrent Client threatClassification.
"""
threatClassification: String
"""Type of threat for the XDR story that is assigned by the analyst"""
threatType: StoryThreatType
"""Enum for analyst to assign the verdict of the XDR story"""
verdict: StoryVerdictEnum
}
input StoryThreatType {
details: String
name: String!
recommendedAction: String
}
enum StoryVerdictEnum {
Benign
Informational
Malicious
Suspicious
}
enum TargetType {
domain
fqdn
ip
url
}
input StoryInput {
filter: [StoryFilterInput!]!
paging: PagingInput!
sort: [StorySortInput!]
}
input StorySortInput {
fieldName: StorySortFieldName!
order: SortDirectionEnum
}
enum StorySortFieldName {
accountName
createdAt
criticality
engineType
firstSignal
producer
queryName
riskScore
severity
source
sourceIp
status
updatedAt
}
input StoryFilterInput {
accountId: AccountIdPredicate
criticality: IntPredicate
engineType: EngineTypePredicate
incidentId: StringPredicate
ioa: StringPredicate
muted: BooleanPredicate
producer: StoryProducerPredicate
queryName: StringPredicate
severity: StorySeverityPredicate
source: StringPredicate
sourceIp: StringPredicate
status: StoryStatusPredicate
storyId: StoryIdPredicate
timeFrame: TimeFramePredicate!
vendor: VendorPredicate
verdict: StoryVerdictPredicate
}
input StoryVerdictPredicate {
in: [StoryVerdictEnum!]
not_in: [StoryVerdictEnum!]
}
input TimeFramePredicate {
time: TimeFrame!
timeFrameModifier: TimeFrameModifier
}
enum TimeFrameModifier {
AnalystUpdate
StoryCreate
StoryUpdate
}
input AccountIdPredicate {
in: [ID!]
not_in: [ID!]
}
input StoryIdPredicate {
in: [ID!]
not_in: [ID!]
}
input StorySeverityPredicate {
in: [SeverityEnum!]
not_in: [SeverityEnum!]
}
enum SeverityEnum {
High
Low
Medium
}
input StoryProducerPredicate {
in: [StoryProducerEnum!]
not_in: [StoryProducerEnum!]
}
input StoryStatusPredicate {
in: [StoryStatusEnum!]
not_in: [StoryStatusEnum!]
}
input IntPredicate {
eq: Int
gt: Int
gte: Int
in: [Int!]
lt: Int
lte: Int
not_in: [Int!]
}
input StringPredicate {
contains: String
in: [String]
not_in: [String]
}
input BooleanPredicate {
is: String!
}
input EngineTypePredicate {
in: [StoryEngineTypeEnum!]
not_in: [StoryEngineTypeEnum!]
}
input VendorPredicate {
in: [VendorEnum!]
not_in: [VendorEnum!]
}
enum SortDirectionEnum {
asc
desc
}
type StoriesData {
"""Fields returned from the Story query"""
items: [Story!]!
"""
Define the stories that are returned, similar to a page of stories in the Cato Management Application
"""
paging: Paging!
}
type Paging {
"""
Based on the filter and sort parameters, the first story that is returned
"""
from: Int!
"""
Based on the filter and sort parameters, the number of stories returned after the from. For example, the argument {from: 10, limit: 10} returns stories 10-20.
"""
limit: Int!
"""Total number of stories returned"""
total: Int!
}
type Story {
"""ID for your Cato account"""
accountId: Int!
"""Name of the account in the Cato Management Application"""
accountName: String
"""Email address of the analyst working on the story"""
analystEmail: String
"""Name of analyst working on the story"""
analystName: String
"""Timestamp when the story was created"""
createdAt: DateTime!
"""Unique Cato ID for each story"""
id: ID!
"""
Data related to the fields and incidents that were merged to create or update the story
"""
incident: MergedIncident!
"""
URL for the playbook in the Knowledge Base to help troubleshoot the story
"""
playbook: String
"""Summary of the story"""
summary: String
"""Data for the story timeline"""
timeline: [TimelineItem!]!
"""Timestamp when the story was most recently updated"""
updatedAt: DateTime!
}
enum StoryStatusEnum {
Closed
Monitoring
Open
PendingAnalysis
PendingMoreInfo
Reopened
}
"""For XDR stories, items that happened during the lifetime of the story"""
type TimelineItem {
"""Additional information about this timeline item"""
additionalInfo: String
"""Data about the analyst for this timeline item (ie. name, email)"""
analystInfo: AnalystInfo
"""Icon for the timeline item"""
category: TimelineItemCategoryEnum
"""
Brief summary of action related to the timeline item (ie. Story created, Status update to)
"""
context: String!
"""Timestamp the timeline item was created"""
createdAt: DateTime!
"""Description of the timeline item"""
description: String! @deprecated(reason: "use 'descriptions' instead")
"""Description of the timeline item"""
descriptions: [String!]!
"""Type of threat assigned by the analyst"""
type: TimelineTypeEnum!
}
type AnalystInfo {
"""Security analyst email address"""
email: String
"""Security analyst name"""
name: String
}
enum TimelineTypeEnum {
Action
Comment
Diff
}
enum TimelineItemCategoryEnum {
Error
Information
Warning
}
type StoryComment {
actor: ActorRef!
createdAt: Time!
id: ID!
text: String!
}
interface MergedIncident {
"""Unique Cato ID for each story"""
id: ID!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Connection for the incident"""
connectionType: ConnectionTypeEnum
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact)
For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""
For Network stories - The site where the network issue is occurring
For Security stories - IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""The ticket an analyst created for this story"""
ticket: String
"""Status for the story"""
status: StoryStatusEnum
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""For Security stories, description of the threat"""
description: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
"""Cato ID and name for the site"""
site: SiteRef
"""Cato ID and name for the user"""
user: UserRef
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
categories: [IncidentCategory!]!
entities: [IncidentEntity!]!
tags: [String!]!
}
type AnalystFeedbackThreatType {
details: String
name: String
recommendedAction: String
}
type AnalystFeedback {
additionalInfo: String
severity: SeverityEnum
threatClassification: String
threatType: AnalystFeedbackThreatType
verdict: StoryVerdictEnum
}
interface Anomalies implements MergedIncident {
id: ID!
firstSignal: DateTime!
lastSignal: DateTime!
engineType: StoryEngineTypeEnum
vendor: VendorEnum
producer: StoryProducerEnum!
producerName: String!
connectionType: ConnectionTypeEnum
indication: String!
queryName: String
source: String
criticality: Int
ticket: String
status: StoryStatusEnum
research: Boolean
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
storyDuration: Int
description: String
analystFeedback: AnalystFeedback
site: SiteRef
user: UserRef
sourceIp: String
similarStoriesData: [SimilarStoryData!]!
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
categories: [IncidentCategory!]!
entities: [IncidentEntity!]!
tags: [String!]!
direction: String
}
"""
The `AnomalyStats` object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.
"""
type AnomalyStats implements Anomalies & MergedIncident {
analystFeedback: AnalystFeedback
breakdownField: String
categories: [IncidentCategory!]!
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
drillDownFilter: [StoryDrillDownFilter!]
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
extra: [Extra!]
firstSignal: DateTime!
gaussian: Gaussian
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
metric: Metric
metricDetails: MetricDetails
mitres: [Mitre!]
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
rules: [String!]
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
subjectType: String
tags: [String!]!
targets: [IncidentTargetRep!]!
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
"""
The `AnomalyEvents` object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.
"""
type AnomalyEvents implements Anomalies & MergedIncident {
analystFeedback: AnalystFeedback
breakdownField: String
categories: [IncidentCategory!]!
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
drillDownFilter: [StoryDrillDownFilter!]
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
extra: [Extra!]
firstSignal: DateTime!
gaussian: Gaussian
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
metric: Metric
metricDetails: MetricDetails
mitres: [Mitre!]
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
rules: [String!]
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
subjectType: String
tags: [String!]!
targets: [IncidentTargetRep!]!
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
type Metric {
name: String!
value: Float!
}
type Gaussian {
avg: Float
n: Float
ss: Float
std: Float
z_score: Float
}
type Extra {
name: String!
type: String!
value: String!
}
type MetricDetails {
name: String!
units: String!
}
"""
The "Threat" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.
"""
type Threat implements MergedIncident {
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
"""Client Class for the traffic flow"""
clientClass: [String!]!
"""Connection for this incident"""
connectionType: ConnectionTypeEnum
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""Name of the device"""
deviceName: String
"""Traffic direction for the threat"""
direction: String
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
"""Data for the Cato event for this story"""
events: [Event!]
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""Data about the traffic flow for the threat"""
flows: [IncidentFlow!]
"""Cardinality of traffic flows for the threat"""
flowsCardinality: Int
"""Unique Cato ID for this threat"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Timestamp for the first incident signal related to this story"""
lastSignal: DateTime!
"""Username for the device"""
logonName: String
"""MAC address of the device"""
macAddress: String
"""Mitre data for the story (ie. ID, name)"""
mitres: [Mitre!]
"""OS for device or host that is the threat target"""
os: String
"""Predicted threat type for the story based on Cato algorithm"""
predictedThreatType: String
"""Predicted verdict of the story based on Cato algorithm"""
predictedVerdict: StoryVerdictEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
"""The estimated risk level of the threat (ie. Malicious, High, Low)"""
riskLevel: RiskLevelEnum
"""Data for stories that are similar"""
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Cato ID for the site that is the source of the threat"""
srcSiteId: String
"""Status of this story"""
status: StoryStatusEnum
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
tags: [String!]!
"""Data about the target of the threat"""
targets: [IncidentTargetRep!]!
"""The ticket an analyst created for this story"""
ticket: String
"""Timeseries data for the incident"""
timeSeries: [IncidentTimeseries!]
"""Cato ID and name for the user"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
}
"""
The `ThreatPrevention` object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.
"""
type ThreatPrevention implements MergedIncident {
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
events: [Event!]
firstSignal: DateTime!
flowsCardinality: Int
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
mitres: [Mitre!]
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
riskLevel: RiskLevelEnum
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
tags: [String!]!
targets: [IncidentTargetRep!]!
threatPreventionsEvents: [ThreatPreventionEvents!]
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
type SimilarStoryData {
indication: String
similarityPercentage: Float
storyId: String
threatClassification: String
threatTypeName: String
verdict: String
}
type ThreatPreventionEvents {
appName: String
clientClass: String
createdAt: DateTime
destinationCountry: String
destinationGeolocation: String
destinationIp: String
destinationPort: Int
direction: String
dnsResponseIP: String
domain: String
fileHash: String
httpResponseCode: Int
ja3: String
method: String
referrer: String
smbFileName: String
sourceGeolocation: String
sourceIp: String
sourcePort: Int
target: String
tunnelGeolocation: String
url: String
user: String
userAgent: String
}
enum NetworkXDREventTypeEnum {
DEGRADED
INSIGHT
RESOLVED
}
enum LinkConfigPrecedenceEnum {
ACTIVE
LAST_RESORT
PASSIVE
}
enum LinkStatusEnum {
ACTIVE
PASSIVE
}
enum DeviceConfigHaRoleEnum {
PRIMARY
SECONDARY
}
enum DeviceHaRoleStateEnum {
BACKUP
MASTER
}
enum NetworkEventSourceEnum {
BGP_SESSION
DEVICE
HOST
ISP
LINK
POP
SITE
}
enum LinkQualityIssueTypeEnum {
CONGESTION
DISTANCE
JITTER
PACKET_LOSS
}
enum TrafficDirectionEnum {
DOWNSTREAM
UPSTREAM
}
type BGPConnection {
catoAsn: Asn16
catoIp: String
connectionName: String
peerAsn: Asn32
peerIp: String
}
type LinkQualityIssue {
current: Int
direction: TrafficDirectionEnum
issueType: LinkQualityIssueTypeEnum
threshold: Int
}
type NetworkTimelineEvent {
acknowledged: Boolean
bgpConnection: BGPConnection
created: DateTime!
description: String
deviceConfigHaRole: DeviceConfigHaRoleEnum
deviceHaRoleState: DeviceHaRoleStateEnum
eventIds: [String!]!
eventType: NetworkXDREventTypeEnum
hostIp: String
incidentId: String
isp: String
linkConfigBandwidth: String
linkConfigPrecedence: LinkConfigPrecedenceEnum
linkId: String
linkName: String
linkQualityIssue: LinkQualityIssue
linkStatus: LinkStatusEnum
muted: Boolean
networkEventSource: NetworkEventSourceEnum
pop: String
ruleName: String
socketSerialId: String
tunnelResetCount: Int
validated: DateTime!
}
enum IlmmOnboardingStatus {
COMPLETE
FAILED
MISSING
PENDING
}
type IspLoaFile {
fileHash: String
fileName: String
uploadedAt: Time
}
type IlmmContact {
email: String
name: String
phone: String
}
type IlmmLinkDetails {
activeLicense: Boolean
comments: String
description: String
ispLinkId: String
linkId: String
onboardingStatus: IlmmOnboardingStatus
}
type IlmmIspDetails {
countryCode: String
description: String
ispAccountId: String
loaFile: IspLoaFile
name: String
supportEmail: String
supportPhone: String
}
type IlmmDetails {
contacts: [IlmmContact!]
ispDetails: IlmmIspDetails
linkDetails: IlmmLinkDetails
}
"""
The `NetworkXDRIncident` object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.
"""
type NetworkXDRIncident implements MergedIncident {
acknowledged: Boolean
analystFeedback: AnalystFeedback
bgpConnection: BGPConnection
categories: [IncidentCategory!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceConfigHaRole: DeviceConfigHaRoleEnum
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
firstSignal: DateTime!
hostIp: String
id: ID!
ilmmDetails: IlmmDetails
indication: String!
isp: String
lastSignal: DateTime!
licenseBandwidth: String
licenseRegion: String
linkConfigPrecedence: LinkConfigPrecedenceEnum
linkId: String
linkName: String
muted: Boolean
networkIncidentTimeline: [NetworkTimelineEvent!]!
occurrences: Int
pop: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
ruleName: String
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteConfigLocation: String
siteConnectionType: String
siteName: String!
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
storyType: String!
tags: [String!]!
ticket: String
user: UserRef
vendor: VendorEnum
}
type AiOperationsIncident implements MergedIncident {
accountOperationIncident: AccountOperationsIncident
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
eventsGraphQuery: EventsGraphQuery
firstSignal: DateTime!
flowLastTime: DateTime! @deprecated(reason: "use 'lastSignal' instead")
flowStartTime: DateTime! @deprecated(reason: "use 'firstSignal' instead")
id: ID!
indication: String!
ioa: String! @deprecated(reason: "'ioa' is deprecated, use 'indication' instead")
lastSignal: DateTime!
occurrences: Int
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
riskScore: Int! @deprecated(reason: "'riskScore' is deprecated, use 'criticality' instead")
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
tags: [String!]!
ticket: String
type: AiOperationsIncidentTypeEnum
user: UserRef
vendor: VendorEnum
}
type EventsGraphQuery {
timeSeriesEvents: TimeSeriesEvents
type: GraphType!
}
enum GraphType {
ANALYTICS
}
type TimeSeriesEvents {
accountID: String!
buckets: Int!
dimensions: [GraphEventsDimension!]!
filters: [GraphEventsFilter!]!
measures: [GraphEventsMeasure!]!
timeFrame: TimeFrame!
}
type GraphEventsMeasure {
aggType: String!
fieldName: String!
trend: Boolean
}
type GraphEventsDimension {
fieldName: String!
}
type GraphEventsFilter {
fieldName: String!
operator: String!
values: [String!]!
}
type AccountOperationsIncident {
incidentTimeline: [AccountOperationsTimelineBase!]!
metadata: [AccountOperationsMetadata!]!
playbooks: [AiOperationsPlaybook!]!
}
interface AccountOperationsTimelineBase {
id: ID!
created: Time!
validated: Time!
description: String!
type: AccountOperationsTimelineType!
}
type AiOperationsPlaybook {
description: String!
link: String
title: String!
}
type AccountOperationsTimelineEvent implements AccountOperationsTimelineBase {
created: Time!
description: String!
eventIds: [String!]!
id: ID!
muted: Boolean!
type: AccountOperationsTimelineType!
validated: Time!
}
enum AccountOperationsTimelineType {
Action
Event
}
enum AiOperationsIncidentTypeEnum {
Account
}
type AccountOperationsMetadata {
key: String!
type: MetadataType!
value: String!
}
enum MetadataType {
TXT
}
enum ScanResult {
BYPASS_BY_CONTENT_RULE
BYPASS_BY_OTHER
BYPASS_BY_TYPE
CANCELLED
CLEAN
ENCRYPTED
VIRUS_FOUND
}
type Event {
action: String
appId: String
appName: String
dnsProtectionCategory: String
eventType: String
ruleId: String
scanResult: ScanResult
severity: String
signatureId: String
threatName: String
threatType: String
virusName: String
}
type Mitre {
id: String
name: String
}
type IncidentTargetRep {
analysisScore: Float
categories: String
catoPopularity: Int
countryOfRegistration: String
creationTime: DateTime
engines: Int
eventData: [Event!]!
infectionSource: Boolean
name: String
searchHits: String
threatFeeds: Int
threatReference: String
type: TargetType
}
type IncidentFlow {
appName: String
clientClass: String
createdAt: DateTime
destinationCountry: String
destinationGeolocation: String
destinationIp: String
destinationPort: Int
direction: String
dnsResponseIP: String
domain: String
fileHash: String
httpResponseCode: Int
ja3: String
method: String
referer: String
smbFileName: String
sourceGeolocation: String
sourceIp: String
sourcePort: Int
target: String
tunnelGeolocation: String
url: String
user: String
userAgent: String
}
type StoryDrillDownFilter {
name: String!
value: String! @deprecated(reason: "No longer supported")
values: [String!]!
}
enum RiskLevelEnum {
Benign
High
Inconclusive
Low
Malicious
Medium
nan
}
enum StoryProducerEnum {
AnomalyEvents
AnomalyExperience
AnomalyStats
CatoEndpointAlert
EntraIdAlert
MicrosoftEndpointDefender
NetworkMonitor @deprecated(reason: "No longer supported")
"""The producer of the Site Operations stories"""
NetworkXDR
ThreatHunt
ThreatPrevention
}
enum StoryEngineTypeEnum {
ANOMALY
ENDPOINT
IDENTITY
NETWORK
THREAT
}
enum VendorEnum {
CATO
MICROSOFT
}
enum ConnectionTypeEnum {
Host
Site
User
}
type IncidentTimeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"whether to normalize the data into per second (i.e. divide by granularity)"
perSecond: Boolean = true
): [[Float!]]
"""The parameter by which the timeseries data is grouped"""
groupBy: String
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
key: TimeseriesKey
"Indicates the type of the timeseries"
label: String!
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
}
enum IncidentCategory {
OPERATIONAL
OTHER
SECURITY
}
type IncidentEntity {
data: [IncidentEntityData!]!
kind: String
ref: ObjectRef!
role: String
type: String
}
type IncidentEntityData {
fieldName: String!
values: [String!]!
}
type DataQuery {
buckets: Int
dataSource: DataSourceEnum
fields: [String!]!
filters: [QueryParameter!]!
measures: [MeasuresParameters!]!
}
enum DataSourceEnum {
AppStats
AppStatsTimeSeries
ConnectivityStats
ConnectivityStatsTimeSeries
DeviceHardwareMetrics
Events
EventsList
EventsTimeSeries
HardwareMetricsTimeSeries
LmmTimeSeries
}
type MeasuresParameters {
aggType: String
fieldName: String
unitType: MeasuresUnitType
}
enum MeasuresUnitType {
BITS_PER_SECOND
COUNT
MILLISECONDS
PERCENTAGE
}
type QueryParameter {
name: String
operator: String
value: String
values: [String!]!
}
type UnknownEntityRef implements ObjectRef {
id: ID!
name: String!
}
type GenericIncident implements MergedIncident {
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
"""Connection for the incident"""
connectionType: ConnectionTypeEnum
"""
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact)
For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""For Security stories, description of the threat"""
description: String
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
evidences: [GenericIncidentEvidence!]!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""Unique Cato ID for each story"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
mitres: [Mitre!]
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
queries: [DataQuery!]!
"""Category for the indication ID related to the story"""
queryName: String
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
For Network stories - The site where the network issue is occurring
For Security stories - IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Status for the story"""
status: StoryStatusEnum
statusInfo: GenericIncidentStatusInfo
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
tags: [String!]!
"""The ticket an analyst created for this story"""
ticket: String
"""Cato ID and name for the user"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
vendorInfo: GenericIncidentVendorInfo
}
type GenericIncidentVendorInfo {
engineType: String
incidentUrl: String
name: String
product: String
status: String
}
type GenericIncidentStatusInfo {
classification: String
incidentStatus: String
verdict: StoryVerdictEnum
}
type GenericIncidentEvidence {
data: [GenericIncidentEvidenceData!]!
type: GenericIncidentEvidenceType!
value: String
}
type GenericIncidentEvidenceData {
fieldName: String!
values: [String!]!
}
enum GenericIncidentEvidenceType {
CONFIG
DOMAIN
FILE
HASH
IP
METRIC
OTHER
URL
}
interface Endpoint implements MergedIncident {
"""Unique Cato ID for the story"""
id: ID!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
"""
Enum for the Producer (specific XDR engine and service) involved with the incident
"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Enum for the connection for this incident (ie. site, host, user)"""
connectionType: ConnectionTypeEnum
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
criticality: Int
ticket: String
status: StoryStatusEnum
research: Boolean
siteName: String
storyDuration: Int
description: String
sourceIp: String
analystFeedback: AnalystFeedback
site: SiteRef
user: UserRef
similarStoriesData: [SimilarStoryData!]!
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
categories: [IncidentCategory!]!
entities: [IncidentEntity!]!
tags: [String!]!
device: DeviceDetails
alerts: [EndpointAlert!]!
}
interface EndpointAlert {
id: ID!
title: String
description: String
threatName: String
mitreTechnique: [Mitre!]!
mitreSubTechnique: [Mitre!]!
createdDateTime: DateTime
resources: [EndpointResource!]!
activities: [Activity!]!
criticality: Int
externalIp: String
localIp: String
}
interface Activity {
id: ID!
resourceId: ID!
parentResourceId: ID!
}
interface DeviceDetails {
id: ID!
deviceName: String
osDetails: OsDetails
loggedOnUsers: [EndpointUser!]!
externalIp: String
localIp: String
}
type OsDetails {
osBuild: Int
osType: String!
osVersion: String
}
interface EndpointUser {
id: ID!
name: String!
}
enum ResourceRoleEnum {
ADDED
ATTACKED
ATTACKER
COMMAND_AND_CONTROL
COMPROMISED
CONTEXTUAL
CREATED
DESTINATION
EDITED
LOADED
POLICY_VIOLATOR
SCANNED
SOURCE
SUSPICIOUS
}
enum RemediationStatusEnum {
BLOCKED
CLEAN
DELETED
DELETED_REBOOT
DISABLED
DISINFECT_FAILED
DISINFECTED
INFECTED
MOVED
MOVED_REBOOT
NOT_FOUND
NOT_STARTED
PASSWORD_PROTECTED
PREVENTED
REBOOT_REQUIRED
REMEDIATED
SCAN_FAILED
SUCCESS
SUSPICIOUS
UNKNOWN
}
enum DeviceHealthStatusEnum {
ACTIVE
IMPAIRED_COMMUNICATION
INACTIVE
NO_SENSOR_DATA
NO_SENSOR_DATA_IMPAIRED_COMMUNICATION
}
enum DeviceAvStatusEnum {
DISABLED
NOT_REPORTING
NOT_UPDATED
UPDATED
}
interface EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
}
interface ProcessResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
processId: Int!
processCommandLine: String
imageFile: FileDetails
userAccount: EndpointUser
}
interface FileResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
fileDetails: FileDetails
detectionStatus: DetectionStatusEnum
}
interface RegistryResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
hive: String
key: String
value: String
valueName: String
valueType: String
}
type FileDetails {
issuer: String
md5: String
name: String
path: String
publisher: String
sha1: String
sha256: String
signer: String
size: Int
}
enum DetectionStatusEnum {
BLOCKED
DETECTED
PREVENTED
}
interface NetworkResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
dnsRequest: String
dnsResponse: String
destinationIp: String
destinationPort: Int
sourcePort: Int
url: String
method: String
}
"""
The `CatoEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.
"""
type CatoEndpoint implements Endpoint & MergedIncident {
"""Details for the threat detected by the EPP"""
alerts: [CatoEndpointAlert!]!
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
categories: [IncidentCategory!]!
"""enum for the connection for this incident (ie. host, user)"""
connectionType: ConnectionTypeEnum
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""Details for the EPP device (ie. device name, OS, MAC address)"""
device: CatoEndpointDeviceDetails
"""enum that shows XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
entities: [IncidentEntity!]!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""ID for the Endpoint Protection story"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
"""
enum for the Producer (specific XDR engine or service) involved with the incident
"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
""""""
queryName: String
"""
TRUE indicates that the story is currently being researched by Security Analysts
"""
research: Boolean
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
Source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Enum for the status of this story (ie. Open, Closed, Monitoring)"""
status: StoryStatusEnum
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
tags: [String!]!
"""The ticket for this story"""
ticket: String
"""Cato ID and name for the site"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
}
enum CatoEndpointEngineType {
AntiMalware
Behavioral
}
"""
The `CatoEndpointDeviceDetails` object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.
"""
type CatoEndpointDeviceDetails implements DeviceDetails {
"""Name of the device"""
deviceName: String
externalIp: String
"""Unique Cato ID for this story"""
id: ID!
localIp: String
"""Data for one or more users logged in to the device"""
loggedOnUsers: [EndpointUser!]!
"""MAC address of the device"""
macAddress: String
"""OS data (ie. type, build, version)"""
osDetails: OsDetails
}
"""
The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.
"""
type CatoEndpointUser implements EndpointUser {
"""ID for the user"""
id: ID!
"""Username for the user whose activity generated the indication"""
name: String!
}
"""
The `CatoEndpointAlert` object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.
"""
type CatoEndpointAlert implements EndpointAlert {
"""Unique Cato IDs for the activities related to the alert"""
activities: [CatoActivity!]!
"""Timestamp that the threat was detected and the alert generated"""
createdDateTime: DateTime
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""EPP profile that is assigned to this device"""
endpointProtectionProfile: String
"""Enum for the EPP engine related to this story"""
engineType: CatoEndpointEngineType
externalIp: String
"""Unique Cato ID for the Endpoint Protection story"""
id: ID!
localIp: String
"""MITRE ATT&CK® sub-technique for the threat"""
mitreSubTechnique: [Mitre!]!
"""MITRE ATT&CK® technique for the threat"""
mitreTechnique: [Mitre!]!
"""Data for the remediation status of the alert"""
resources: [CatoResource!]!
"""Enum for the remediation status of the EPP alert"""
status: RemediationStatusEnum
"""Name of threat detected on the device"""
threatName: String
"""Title of the endpoint alert"""
title: String
}
interface CatoResource implements EndpointResource {
"""Unique Cato ID for this EPP resource"""
id: ID!
"""Timestamp that the this resource was used"""
createdDateTime: DateTime
"""Enum for the remediation status associated with this resource"""
remediationStatus: RemediationStatusEnum
}
"""
The `CatoProcessResource` is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.
"""
type CatoProcessResource implements ProcessResource & CatoResource & EndpointResource {
"""Timestamp that the this resource was used"""
createdDateTime: DateTime
"""Unique Cato ID for this resource"""
id: ID!
"""Details of the file related to this process"""
imageFile: FileDetails
"""CLI command related to this process"""
processCommandLine: String
"""ID for the process"""
processId: Int!
"""Enum for the remediation status associated with this resource"""
remediationStatus: RemediationStatusEnum
"""User account related to this process"""
userAccount: EndpointUser
}
"""
The `CatoFileResource` is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.
"""
type CatoFileResource implements FileResource & CatoResource & EndpointResource {
"""Timestamp that the this file resource was used"""
createdDateTime: DateTime
"""Enum for the detection status of this file resource"""
detectionStatus: DetectionStatusEnum
"""Details of the file related to this resource"""
fileDetails: FileDetails
"""Unique Cato ID for this file resource"""
id: ID!
"""Enum for the remediation status associated with this file resource"""
remediationStatus: RemediationStatusEnum
}
"""
CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.
"""
type CatoActivity implements Activity {
"""Unique Cato ID for this activity"""
id: ID!
"""
Unique Cato ID for the preceding resource (process or file) in the alert
"""
parentResourceId: ID!
"""
Unique Cato ID for the resource (process or file) involved in the alert
"""
resourceId: ID!
}
type SiteMutations {
"""Adds a new BGP peer to the specified site."""
addBgpPeer(input: AddBgpPeerInput!): AddBgpPeerPayload @beta
"""
Add a new physical connection to a cloud interconnect site.Either connect to a partner, or a non-supported public provider
"""
addCloudInterconnectPhysicalConnection(input: AddCloudInterconnectPhysicalConnectionInput!): AddCloudInterconnectPhysicalConnectionPayload @beta
"""Add a new cloud interconnect site."""
addCloudInterconnectSite(input: AddCloudInterconnectSiteInput!): AddCloudInterconnectSitePayload @beta
addIpsecIkeV2Site(input: AddIpsecIkeV2SiteInput!): AddIpsecIkeV2SitePayload @beta
addIpsecIkeV2SiteTunnels(siteId: ID!, input: AddIpsecIkeV2SiteTunnelsInput!): AddIpsecIkeV2SiteTunnelsPayload @beta
addNetworkRange(lanSocketInterfaceId: ID!, input: AddNetworkRangeInput!): AddNetworkRangePayload @ga
"""Add a secondary AWS vSocket to an existing site"""
addSecondaryAwsVSocket(input: AddSecondaryAwsVSocketInput!): AddSecondaryAwsVSocketPayload @beta
"""Add a secondary Azure vSocket to an existing site"""
addSecondaryAzureVSocket(input: AddSecondaryAzureVSocketInput!): AddSecondaryAzureVSocketPayload @beta
addSocketAddOnCard(input: AddSocketAddOnCardInput!): AddSocketAddOnCardPayload @rollout @beta
addSocketSite(input: AddSocketSiteInput!): AddSocketSitePayload @ga
addStaticHost(siteId: ID!, input: AddStaticHostInput!): AddStaticHostPayload @ga
"""
Assign a license to an existing site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
assignSiteBwLicense(input: AssignSiteBwLicenseInput!): AssignSiteBwLicensePayload @beta
"""Removes an existing BGP peer configuration from a site."""
removeBgpPeer(input: RemoveBgpPeerInput!): RemoveBgpPeerPayload @beta
"""Remove a physical connection from a cloud interconnect site."""
removeCloudInterconnectPhysicalConnection(input: RemoveCloudInterconnectPhysicalConnectionInput!): RemoveCloudInterconnectPhysicalConnectionPayload @beta
removeIpsecIkeV2SiteTunnels(siteId: ID!, input: RemoveIpsecIkeV2SiteTunnelsInput!): RemoveIpsecIkeV2SiteTunnelsPayload @beta
removeNetworkRange(networkRangeId: ID!): RemoveNetworkRangePayload @ga
"""Remove the secondary AWS vSocket from an existing site"""
removeSecondaryAwsVSocket(socketId: ID!): RemoveSecondaryAwsVSocketPayload @beta
"""Remove the secondary Azure vSocket from an existing site"""
removeSecondaryAzureVSocket(socketId: ID!): RemoveSecondaryAzureVSocketPayload @beta
removeSite(siteId: ID!): RemoveSitePayload @ga
"""
Remove a license from a site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
removeSiteBwLicense(input: RemoveSiteBwLicenseInput!): RemoveSiteBwLicensePayload @beta
removeSocketAddOnCard(input: RemoveSocketAddOnCardInput!): RemoveSocketAddOnCardPayload @beta
removeStaticHost(hostId: ID!): RemoveStaticHostPayload @ga
"""
Replace an existing license of a site. This API is used to make sure the site
will always have a license to avoid traffic drop for sites without licenses. // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
replaceSiteBwLicense(input: ReplaceSiteBwLicenseInput!): ReplaceSiteBwLicensePayload @beta
"""
Requests an upgrade for multiple sites to specific versions.
Returns the result of the request.
"""
startSiteUpgrade(input: StartSiteUpgradeInput!): StartSiteUpgradePayload @rollout @beta
"""Updates an existing BGP peer configuration."""
updateBgpPeer(input: UpdateBgpPeerInput!): UpdateBgpPeerPayload @beta
"""Update an existing physical connection at a cloud interconnect site."""
updateCloudInterconnectPhysicalConnection(input: UpdateCloudInterconnectPhysicalConnectionInput!): UpdateCloudInterconnectPhysicalConnectionPayload @beta
updateHa(siteId: ID!, input: UpdateHaInput!): UpdateHaPayload @ga
updateIpsecIkeV2SiteGeneralDetails(siteId: ID!, input: UpdateIpsecIkeV2SiteGeneralDetailsInput!): UpdateIpsecIkeV2SiteGeneralDetailsPayload @beta
updateIpsecIkeV2SiteTunnels(siteId: ID!, input: UpdateIpsecIkeV2SiteTunnelsInput!): UpdateIpsecIkeV2SiteTunnelsPayload @beta
updateNetworkRange(networkRangeId: ID!, input: UpdateNetworkRangeInput!): UpdateNetworkRangePayload @ga
"""Update the secondary AWS vSocket from in an existing site"""
updateSecondaryAwsVSocket(input: UpdateSecondaryAwsVSocketInput!): UpdateSecondaryAwsVSocketPayload @beta
"""Update the secondary Azure vSocket in an existing site"""
updateSecondaryAzureVSocket(input: UpdateSecondaryAzureVSocketInput!): UpdateSecondaryAzureVSocketPayload @beta
"""
Update the bandwidth allocation of an assigned pool license of an existing site (does not apply for site license allocation) // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
"""
updateSiteBwLicense(input: UpdateSiteBwLicenseInput!): UpdateSiteBwLicensePayload @beta
updateSiteGeneralDetails(siteId: ID!, input: UpdateSiteGeneralDetailsInput!): UpdateSiteGeneralDetailsPayload @ga
updateSocketInterface(siteId: ID!, socketInterfaceId: SocketInterfaceIDEnum!, input: UpdateSocketInterfaceInput!): UpdateSocketInterfacePayload @ga
updateStaticHost(hostId: ID!, input: UpdateStaticHostInput!): UpdateStaticHostPayload @ga
}
type SiteQueries {
"""Retrieves available socket versions for the specified platforms."""
availableVersionList(input: AvailableVersionListInput!): AvailableVersionListPayload @rollout @beta
"""Retrieves details of a specific BGP peer by reference."""
bgpPeer(input: BgpPeerRefInput!): BgpPeer @beta
"""Retrieves a list of all BGP peers associated with the specified site."""
bgpPeerList(input: BgpPeerListInput!): BgpPeerListPayload @beta
"""
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
"""
cloudInterconnectConnectionConnectivity(input: CloudInterconnectConnectionConnectivityInput!): CloudInterconnectConnectionConnectivity @beta
"""Get details of a physical connection at a cloud interconnect site."""
cloudInterconnectPhysicalConnection(input: CloudInterconnectPhysicalConnectionInput!): CloudInterconnectPhysicalConnection @beta
"""Get the ID of a physical connection at a cloud interconnect site."""
cloudInterconnectPhysicalConnectionId(input: CloudInterconnectPhysicalConnectionIdInput!): CloudInterconnectPhysicalConnectionId @beta
"""Retrieves details of a specific secondary AWS vSocket."""
secondaryAwsVSocket(socketId: ID!): SecondaryAwsVSocket @beta
"""Retrieves details of a specific secondary Azure vSocket."""
secondaryAzureVSocket(socketId: ID!): SecondaryAzureVSocket @beta
"""
Provides the BGP status of the specified site, including session and route details.
"""
siteBgpStatus(input: SiteBgpStatusInput!): SiteBgpStatus @beta
siteGeneralDetails(site: SiteRefInput!): SiteGeneralDetailsPayload @beta
}
input AddSecondaryAwsVSocketInput {
"""The IP address of LAN interface"""
eniIpAddress: IPAddress!
"""The subnet of the LAN interface"""
eniIpSubnet: NetworkSubnet!
"""The ID of the LAN route table"""
routeTableId: String!
"""
Information about the site where the secondary AWS VSocket is being added.
"""
site: SiteRefInput!
}
input AddSecondaryAzureVSocketInput {
"""The floating IP address"""
floatingIp: IPAddress!
"""The IP address of the interface"""
interfaceIp: IPAddress!
"""
Information about the site where the secondary Azure VSocket is being added.
"""
site: SiteRefInput!
}
type AddSecondaryAwsVSocketPayload {
"""The secondary socket id"""
id: ID!
}
type AddSecondaryAzureVSocketPayload {
"""The secondary socket id"""
id: ID!
}
type RemoveSecondaryAwsVSocketPayload {
secondaryAwsVSocket: SecondaryAwsVSocket!
}
type RemoveSecondaryAzureVSocketPayload {
secondaryAzureVSocket: SecondaryAzureVSocket!
}
type SecondaryAzureVSocket {
"""The floating IP address"""
floatingIp: IPAddress!
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the interface"""
interfaceIp: IPAddress!
"""
Information about the site where the secondary Azure vSocket is being added.
"""
site: SiteRef!
}
type SecondaryAwsVSocket {
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the secondary vSocket"""
ipAddress: IPAddress!
"""The ID of the secondary vSocket route table"""
routeTableId: String!
"""Site associated with this secondary vSocket."""
site: SiteRef!
"""The subnet of the secondary vSocket"""
subnet: NetworkSubnet!
}
input UpdateSecondaryAzureVSocketInput {
"""The floating IP address"""
floatingIp: IPAddress
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the interface"""
interfaceIp: IPAddress
}
type UpdateSecondaryAzureVSocketPayload {
"""The updated secondary Azure vSocket object."""
secondaryAzureVSocket: SecondaryAzureVSocket!
}
input UpdateSecondaryAwsVSocketInput {
"""The ID of the secondary vSocket"""
id: ID!
"""The IP address of the secondary vSocket"""
ipAddress: IPAddress
"""The ID of the secondary vSocket route table"""
routeTableId: String
"""The subnet of the secondary vSocket"""
subnet: NetworkSubnet
}
type UpdateSecondaryAwsVSocketPayload {
"""The updated secondary AWS vSocket object."""
secondaryAwsVSocket: SecondaryAwsVSocket!
}
enum SocketPortMetricsFieldName {
"Unique identifier of the account that owns the site."
account_id
"Total bytes received downstream (from the network to the device)."
bytes_downstream
"Combined total of upstream and downstream bytes."
bytes_total
"Total bytes sent upstream (from the device to the network)."
bytes_upstream
"Reference Signal Received Power – measures LTE/5G signal strength (dBm)."
cellular_rsrp
"Reference Signal Received Quality – a key LTE/5G metric for link quality (dB)."
cellular_rsrq
"Received Signal Strength Indicator – legacy strength metric (dBm)."
cellular_rssi
"Generic signal strength indicator (often maps to bars or percentage)."
cellular_signal_strength
"Signal to Interference + Noise Ratio – LTE/5G metric for signal clarity (dB)."
cellular_sinr
"Unique identifier of the Socket (Cato edge device)."
device_id
"Indicates the high-availability (HA) role of the device (e.g., active, standby)."
ha_role
"Type of physical interface (e.g., ethernet, cellular)."
physical_interface_type
"SIM card number (for cellular interfaces)."
sim_num
"Unique identifier of the site where the socket is deployed."
site_id
"Human-readable name of the site."
site_name
"The name or ID of the physical or logical interface on the Socket device (e.g., eth0, cell1)."
socket_interface
"Describes the interface role such as primary, backup, cellular, or none."
socket_interface_role
"Current download throughput in Mbps."
throughput_downstream
"Current upload throughput in Mbps."
throughput_upstream
"Type of transport used by the interface (e.g., wired, lte, 5g, wifi)."
transport_type
}
type SocketPortMetrics {
from: DateTime
id: ID
records(limit: Int, from: Int): [SocketPortMetricsRecord!]
to: DateTime
total: Int
totals: Map
}
type SocketPortMetricsRecord {
fields: [SocketPortMetricsField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
prevTimeFrame: Map
trends: Map
}
type SocketPortMetricsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
type SocketPortMetricsField {
name: SocketPortMetricsFieldName!
value: Value!
}
input SocketPortMetricsMeasure {
aggType: AggregationType!
fieldName: SocketPortMetricsFieldName!
trend: Boolean
}
input SocketPortMetricsDimension {
fieldName: SocketPortMetricsFieldName!
}
input SocketPortMetricsFilter {
fieldName: SocketPortMetricsFieldName!
operator: FilterOperator!
values: [String!]!
}
input SocketPortMetricsPostAggFilter {
aggType: AggregationType!
filter: SocketPortMetricsFilter!
}
input SocketPortMetricsSort {
fieldName: SocketPortMetricsFieldName!
order: DirectionEnum!
}
input AddSocketSiteInput {
""""""
connectionType: SiteConnectionTypeEnum! = SOCKET_X1500
description: String
"""The name of the site"""
name: String!
"""The native range of the site"""
nativeNetworkRange: IPSubnet!
"""The location of the site"""
siteLocation: AddSiteLocationInput!
"""Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER."""
siteType: SiteType! = BRANCH
translatedSubnet: IPSubnet
"""VLAN ID for native range"""
vlan: Vlan
}
input AddSiteLocationInput {
"""optional address"""
address: String
"""city name, must belong to the country or country and state"""
city: String
"""country code"""
countryCode: String!
"""optional state code"""
stateCode: String
"""time zone"""
timezone: String!
}
input UpdateSocketInterfaceInput {
"""Only relevant for ALTERNATIVE, LAYER_2_WAN"""
altWan: SocketInterfaceAltWanInput
"""Only relevant for CATO, ALTERNATIVE, LAYER_2_WAN"""
bandwidth: SocketInterfaceBandwidthInput
destType: SocketInterfaceDestType!
"""Only relevant for LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP"""
lag: SocketInterfaceLagInput
"""
Only relevant for LAN, VRRP_AND_LAN, LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP
"""
lan: SocketInterfaceLanInput
name: String
"""Only relevant for CATO"""
offCloud: SocketInterfaceOffCloudInput
"""Only relevant for VRRP"""
vrrp: SocketInterfaceVrrpInput
"""Only relevant for CATO"""
wan: SocketInterfaceWanInput
}
type UpdateSocketInterfacePayload {
siteId: ID!
socketInterfaceId: SocketInterfaceIDEnum!
}
input SocketInterfaceBandwidthInput {
downstreamBandwidth: Int
downstreamBandwidthMbpsPrecision: Float @beta
upstreamBandwidth: Int
upstreamBandwidthMbpsPrecision: Float @beta
}
input SocketInterfaceWanInput {
precedence: SocketInterfacePrecedenceEnum!
role: SocketInterfaceRole!
}
input SocketInterfaceLanInput {
localIp: IPAddress!
subnet: IPSubnet!
translatedSubnet: IPSubnet
}
input SocketInterfaceOffCloudInput {
enabled: Boolean!
publicIp: IPAddress
publicStaticPort: Int
}
input SocketInterfaceAltWanInput {
privateGatewayIp: IPAddress!
privateInterfaceIp: IPAddress!
privateNetwork: IPSubnet!
privateVlanTag: Int
publicGatewayIp: IPAddress
publicInterfaceIp: IPAddress
publicNetwork: IPSubnet
publicVlanTag: Int
}
input SocketInterfaceLagInput {
minLinks: Int!
}
input SocketInterfaceVrrpInput {
vrrpType: VrrpType
}
input AddNetworkRangeInput {
"""Only relevant for AZURE HA sites"""
azureFloatingIp: IPAddress
"""Only relevant for NATIVE, VLAN rangeType"""
dhcpSettings: NetworkDhcpSettingsInput
"""Only relevant for ROUTED_ROUTE rangeType"""
gateway: IPAddress
internetOnly: Boolean
"""
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
"""
localIp: IPAddress
"""BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType"""
mdnsReflector: Boolean
name: String!
rangeType: SubnetType!
subnet: IPSubnet!
translatedSubnet: IPSubnet
"""Only relevant for VLAN network rangeType"""
vlan: Int
}
input UpdateNetworkRangeInput {
"""Only relevant for AZURE HA sites"""
azureFloatingIp: IPAddress
"""Only relevant for NATIVE, VLAN rangeType"""
dhcpSettings: NetworkDhcpSettingsInput
"""Only relevant for ROUTED_ROUTE rangeType"""
gateway: IPAddress
internetOnly: Boolean
"""
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
"""
localIp: IPAddress
"""BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType"""
mdnsReflector: Boolean
name: String
rangeType: SubnetType
subnet: IPSubnet
translatedSubnet: IPSubnet
"""Only relevant for NATIVE and VLAN network rangeType"""
vlan: Int
}
input NetworkDhcpSettingsInput {
"""Only relevant for DHCP range"""
dhcpMicrosegmentation: Boolean
dhcpType: DhcpType!
ipRange: IPRange
relayGroupId: ID
}
input UpdateHaInput {
primaryManagementIp: IPAddress
secondaryManagementIp: IPAddress
vrid: Int
}
input AddStaticHostInput {
ip: IPAddress!
macAddress: String
name: String!
}
input UpdateStaticHostInput {
ip: IPAddress
macAddress: String
name: String
}
type RemoveSitePayload {
siteId: ID!
}
type AddSocketSitePayload {
siteId: ID!
}
type AddNetworkRangePayload {
networkRangeId: ID!
}
type UpdateNetworkRangePayload {
networkRangeId: ID!
}
type RemoveNetworkRangePayload {
networkRangeId: ID!
}
type UpdateHaPayload {
siteId: ID!
}
type AddStaticHostPayload {
hostId: ID!
}
type UpdateStaticHostPayload {
hostId: ID!
}
type RemoveStaticHostPayload {
hostId: ID!
}
enum SocketInterfacePrecedenceEnum {
ACTIVE
LAST_RESORT
PASSIVE
}
enum SiteConnectionTypeEnum {
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
SOCKET_GCP1500
SOCKET_X1500
SOCKET_X1600
SOCKET_X1600_LTE
SOCKET_X1700
}
enum HaRole {
PRIMARY
SECONDARY
}
"""A from-to range (used for DHCP range, for example)"""
scalar IPRange
"""
Enter the time frame for the data that the query returns.
The argument is in the format \.\ This argument is mandatory.
These are the supported options to define the time frame:
last.\ - The value for the last type is according to ISO-8601 and returns data
for the previous specific times. For example:
timeFrame = last.PT5M shows the previous 5 minutes
timeFrame = last.PT2H shows the previous 2 hours
timeFrame = last.P1D shows the previous 1 day
timeFrame = last.P3M shows the previous 3 months
timeFrame = last.P1Y shows the previous 1 year
utc.\ - The time frame combines a start and end date in the format YY-MM-DD/hh:mm:ss
according to the specified time zone. You must enter all the date and time values for the argument. For example:
timeFrame = utc.2020-02-{11/04:50:00--21/04:50:00} shows 10 days of analytics data from February 11, 2020 4:50:00 am to February 21, 2020 4:50:00 am
timeFrame = utc.2020-02-11/{04:50:15--16:50:15} shows 12 hours of analytics data on February 11, 2020, from 4:50:15 am to 16:50:15 pm
timeFrame = utc.2020-{02-11/04:50:00--04-11/04:50:00} shows 2 months of analytics data from February 11, 2020 4:50:00 am to April 11 4:50:00 am
timeFrame = utc.{2019-10-01/04:50:00--2020/02-01/04:50:00} shows 4 months of analytics data from October 1, 2019 4:50:00 am to February 11 4:50:00 am
This format lets you configure a time frame the includes more than one calendar year
"""
scalar TimeFrame
"""File upload - https://gqlgen.com/reference/file-upload/"""
scalar Upload
enum UnitType {
bits
"""Bits per second"""
bps
bytes
"""Bytes per second"""
bytesPerSec
"""The number of occurrences for this unit"""
count
ms
none
packets
percent
"""health analytics for the site"""
score
"""
For metrics that are measured in seconds, such as tunnelAge, the number of seconds
"""
seconds
}
enum AggregationType {
any
avg
changes
count
count_distinct
distinct
max
min
sum
uniq_set
}
enum DirectionEnum {
asc
desc
}
enum FilterOperator {
between
exists
gt
gte
in
is
is_not
lt
lte
not_between
not_exists
not_in
}
type RBACRole {
description: String
id: ID!
isPredefined: Boolean!
name: String!
}
type AdminRole {
allowedAccounts: [ID!]
allowedEntities: [Entity!]
role: RBACRole!
}
type PolicyMutations {
antiMalwareFileHash(input: AntiMalwareFileHashPolicyMutationInput): AntiMalwareFileHashPolicyMutations
applicationControl(input: ApplicationControlPolicyMutationInput): ApplicationControlPolicyMutations
appTenantRestriction(input: AppTenantRestrictionPolicyMutationInput): AppTenantRestrictionPolicyMutations
clientConnectivity(input: ClientConnectivityPolicyMutationInput): ClientConnectivityPolicyMutations
dynamicIpAllocation(input: DynamicIpAllocationPolicyMutationInput): DynamicIpAllocationPolicyMutations
internetFirewall(input: InternetFirewallPolicyMutationInput): InternetFirewallPolicyMutations
remotePortFwd(input: RemotePortFwdPolicyMutationInput): RemotePortFwdPolicyMutations
socketLan(input: SocketLanPolicyMutationInput): SocketLanPolicyMutations
splitTunnel(input: SplitTunnelPolicyMutationInput): SplitTunnelPolicyMutations
terminalServer(input: TerminalServerPolicyMutationInput): TerminalServerPolicyMutations
tlsInspect(input: TlsInspectPolicyMutationInput): TlsInspectPolicyMutations
wanFirewall(input: WanFirewallPolicyMutationInput): WanFirewallPolicyMutations
wanNetwork(input: WanNetworkPolicyMutationInput): WanNetworkPolicyMutations
ztnaAlwaysOn(input: ZtnaAlwaysOnPolicyMutationInput): ZtnaAlwaysOnPolicyMutations
}
type AccountMetrics {
"""Starting time"""
from: DateTime
"""The size of a single time bucket in seconds"""
granularity: Int
"""Unique Identifier of Account."""
id: ID
"""Site connectivity metrics for the requested sites."""
sites(
"""
A list of unique IDs for each site. If specified, only sites in this list are returned. Otherwise, all sites are returned.
"""
siteIDs: [ID!]
ids: [String!] @deprecated(reason: "by siteIDs")
): [SiteMetrics!]
timeseries(
labels: [TimeseriesMetricType!]
"number of buckets, defaults to 10, max 1000"
buckets: Int
): [Timeseries!]
"""Ending time"""
to: DateTime
"""
Connectivity metrics for the requested users connecting remotely with the Client.
Doesn’t include user traffic behind a site.
"""
users(
"""
A list of unique IDs for each user. If specified, only users in this list are returned. Otherwise, no user metrics are returned.
"""
userIDs: [ID!]
): [SiteMetrics!]
}
type InterfaceMetrics {
"""Time stamp annotation that shows a time increment for a GUI"""
annotations(types: [String!]): [TimeAnnotation!]
"""
Basic configuration information about the Socket interface . Applicable only for site
"""
interfaceInfo: InterfaceInfo
"""
Data related to IPsec sites, such as IKE version . Applicable only for site
"""
ipsecInfo: IPSecInfo
"""Traffic data for the link"""
metrics(
"Normalize collected metrics as per-second values"
toRate: Boolean = false
): Metrics
"""Link name in the Cato Management Application"""
name: String
"""object that is a specific time duration"""
periods: [TimePeriod!]
"""IP address the ISP allocates to the WAN link"""
remoteIP: String
"""Data related to the link IP address, such as country code"""
remoteIPInfo: IPInfo
"""
Data related to Socket and vSocket sites, such as serial number and Socket version. Applicable only for site
"""
socketInfo: SocketInfo
"""
For site metrics, timeseries info field will include: siteID, interfaceName, for last mile metrics it will also
include the destination last mile check
"""
timeseries(buckets: Int, labels: [TimeseriesMetricType!]): [Timeseries!]
}
type SiteMetrics {
"""
Timeseries with the number of flows (connections) in the site. Applicable only for site
"""
flowCount: Timeseries
"""
Timeseries with the number of hosts in the site. Applicable only for site
"""
hostCount: Timeseries
"""
Timeseries with the configurable limit of the number of hosts in the site. Applicable only for site
"""
hostLimit: Timeseries
"""Site ID"""
id: ID
"""
Shows general information about the site (array with nested fields). Applicable only for site
"""
info: SiteInfo
"""Analytics that are returned for the links for a site"""
interfaces: [InterfaceMetrics!]
"""Traffic metrics and data for sites"""
metrics(
"Normalize collected metrics as per-second values"
toRate: Boolean = false
): Metrics
"""Site names"""
name: String
samples: Int @deprecated(reason: "internal use")
}
type Timeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"whether to normalize the data into per second (i.e. divide by granularity)"
perSecond: Boolean = true
"If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1"
withMissingData: Boolean = false
"In case we want to have the default size bucket (from properties)"
useDefaultSizeBucket: Boolean = false
): [[Float!]]
"List of dimension values for this timeseries"
dimensions: [DimensionData!]
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
"Timeseries key: measure and dimension values"
key: TimeseriesKey
"Indicates the type of the timeseries"
label: String!
"""Summary of the metrics over the given time frame"""
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
}
"""An object for marking specific events in time."""
type TimeAnnotation {
"""Description of the event"""
label: String!
"""Brief description of the event"""
shortLabel: String!
"""Timestamp of the event"""
time: Float!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: AnnotationType!
}
"""An object for marking durations!"""
type TimePeriod {
"""
An tuple of two numbers representing start time, end time in ms since epoch, start bucket index, end bucket index
"""
duration: [Float!]!
"""Label that describes the metrics"""
title: String!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: PeriodType!
}
enum TimeseriesMetricType {
"""Total avg downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream
"""Total max downstream traffic (from the site to the Cato Cloud)"""
bytesDownstreamMax
"""Total number of bytes of upstream and downstream traffic"""
bytesTotal
"""Total avg upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream
"""Total max upstream traffic (from the site to the Cato Cloud)"""
bytesUpstreamMax
"""Health analytics for the site"""
health @deprecated(reason: "No longer supported")
"""
Jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream
"""
Jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream
"""
Latency from socket directly to a well known global service, not through Cato. This is used to measure last
mile provider's performance, independent of the service.
"""
lastMileLatency
"""
Packet loss from socket directly to a well known global services, not through Cato This is used to measure last
mile provider's performance, independent of the service.
"""
lastMilePacketLoss
"""Number of packets lost for downstream traffic"""
lostDownstream
"""Percent of packet loss for downstream traffic"""
lostDownstreamPcnt
"""Number of packets lost for upstream traffic"""
lostUpstream
"""Percent of packet loss for upstream traffic"""
lostUpstreamPcnt
"""Total packets discarded for downstream traffic"""
packetsDiscardedDownstream
"""Percent packets discarded for downstream traffic"""
packetsDiscardedDownstreamPcnt
"""Total packets discarded for upstream traffic"""
packetsDiscardedUpstream
"""Percent packets discarded for upstream traffic"""
packetsDiscardedUpstreamPcnt
"""Total downstream packets"""
packetsDownstream
"""Total upstream packets"""
packetsUpstream
"""Round-trip time from the Socket to the Cato Cloud"""
rtt
"The age of the physical tunnel in milliseconds (It is zeroed even on transparent reconnect)"
tunnelAge
}
enum PeriodType {
"traffic was seen"
active
"some packets were discarded after queue timeout"
congested
"unspecified period type"
generic
"multiple last mile destinations measured large latency (greater than 500ms)"
lastmileLatency
"multiple last mile destinations measured packet loss"
lastmilePacketLoss
"missing data"
missingData
"some packets were queued"
overlowed
"packet loss connectivity issue"
packetLoss
"interface in standby mode"
passiveLink
"period connected to specific pop instance"
pop
}
enum AnnotationType {
"""Other events that are included in annotations"""
generic
"""The site connects to a different PoP"""
popChange
"""The ISP IP address (remote IP) changed"""
remoteIPChange
"""Change for HA status role"""
roleChange
}
type DimensionData {
"Type of the dimension"
label: String!
"String value of the dimension"
value: String
}
type TimeseriesKey {
"List of dimension key-value pair for this timeseries key"
dimensions: [DimensionKey!]
"Measure field"
measureFieldName: String!
}
type DimensionKey {
"Dimension field"
fieldName: String!
"String value of the dimension"
value: String
}
type EventRecord {
"fields in map format (see Map scalar)"
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
time: DateTime
}
type EventsFeedAccountRecords {
errorString: String
id: ID
records(fieldNames: [EventFieldName!]): [EventRecord!]
}
type EventsFeedData {
accounts: [EventsFeedAccountRecords]
fetchedCount: Int!
marker: String
}
input EventFeedFieldFilterInput {
fieldName: EventFeedFilterFieldName!
"Use event_type and event_sub_type for events"
operator: EventFeedFilterOperator!
values: [String!]
}
"""Search operators on Event Feed"""
enum EventFeedFilterOperator {
in
is
is_not
not_in
}
enum EventFeedFilterFieldName {
"Sub-type for Routing, Security, Connectivity, System or Sockets Management event"
event_sub_type
"Routing, Security, Connectivity, System or Sockets Management event"
event_type
}
input AddIpsecIkeV2SiteInput {
description: String
"""The name of the site"""
name: String!
"""The native range of the site"""
nativeNetworkRange: IPSubnet!
"""The location of the site"""
siteLocation: AddSiteLocationInput!
"""Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER."""
siteType: SiteType! = BRANCH
"""VLAN ID for native range"""
vlan: Vlan
}
input UpdateIpsecIkeV2SiteGeneralDetailsInput {
"""The auth message parameters."""
authMessage: IpsecIkeV2MessageInput
"""
Determines the protocol for establishing the Security Association (SA) Tunnel. Valid values are:
Responder-Only Mode: Cato Cloud only responds to incoming requests by the initiator (e.g. a Firewall device) to establish a security association.
Bidirectional Mode: Both Cato Cloud and the peer device on customer site can initiate the IPSec SA establishment.
"""
connectionMode: ConnectionMode
"""
The authentication identification type used for SA authentication. When using “BIDIRECTIONAL”, it is set to “IPv4” by default. Other methods are available in Responder mode only.
"""
identificationType: IdentificationType
"""The init message parameters"""
initMessage: IpsecIkeV2MessageInput
"""The local IP ranges for the SAs"""
networkRanges: [IPSubnet]
}
input IpsecIkeV2MessageInput {
"""
The SA tunnel encryption method. Note: For situations where GCM isn’t supported for the INIT phase, we recommend that you use the CBC algorithm for the INIT phase, and GCM for AUTH
"""
cipher: IpSecCipher
"""
The Diffie-Hellman Group. The first number is the DH-group number, and the second number is the corresponding prime modulus size in bits
"""
dhGroup: IpSecDHGroup
"""
The algorithm used to verify the integrity and authenticity of IPsec packets
"""
integrity: IpSecHash
"""
The Pseudo-random function (PRF) used to derive the cryptographic keys used in the SA establishment process
"""
prf: IpSecHash
}
input LastMileBwInput {
"""
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth.
"""
downstream: Int
"""
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps with single decimal precision. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth.
"""
downstreamMbpsPrecision: Float
"""
The maximum upstream bandwidth, in Mbps. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud.
"""
upstream: Int
"""
The maximum upstream bandwidth, in Mbps with single decimal precision. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud.
"""
upstreamMbpsPrecision: Float
}
input AddIpsecIkeV2TunnelInput {
"""
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
"""
lastMileBw: LastMileBwInput
"""Tunnel name"""
name: String
"""
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateCatoIp: IPAddress
"""
Site private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateSiteIp: IPAddress
"""Pre-shared key. This field is write-only."""
psk: String!
"""The public IP address where the IPsec tunnel is initiated"""
publicSiteIp: IPAddress
"""Tunnel role"""
role: IPSecV2TunnelRole
}
input UpdateIpsecIkeV2TunnelInput {
"""
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
"""
lastMileBw: LastMileBwInput
"""Tunnel name"""
name: String
"""
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateCatoIp: IPAddress
"""
Site private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateSiteIp: IPAddress
"""Pre-shared key. This field is write-only."""
psk: String
"""The public IP address where the IPsec tunnel is initiated"""
publicSiteIp: IPAddress
"""Tunnel role"""
role: IPSecV2TunnelRole
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId!
}
input UpdateIpsecIkeV2TunnelsInput {
"""The destination type of the IPsec tunnel"""
destinationType: DestinationType
"""The PoP location ID"""
popLocationId: ID
"""
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
"""
publicCatoIpId: ID
tunnels: [UpdateIpsecIkeV2TunnelInput!]!
}
input AddIpsecIkeV2TunnelsInput {
"""The destination type of the IPsec tunnel"""
destinationType: DestinationType
"""The PoP location ID"""
popLocationId: ID
"""
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
"""
publicCatoIpId: ID
tunnels: [AddIpsecIkeV2TunnelInput!]!
}
input UpdateIpsecIkeV2SiteTunnelsInput {
"""The configuration of the site’s primary tunnel"""
primary: UpdateIpsecIkeV2TunnelsInput
"""The configuration of the site’s secondary tunnel"""
secondary: UpdateIpsecIkeV2TunnelsInput
}
input AddIpsecIkeV2SiteTunnelsInput {
"""The configuration of the site’s primary tunnel"""
primary: AddIpsecIkeV2TunnelsInput
"""The configuration of the site’s secondary tunnel"""
secondary: AddIpsecIkeV2TunnelsInput
}
input RemoveIpsecIkeV2SiteTunnelsInput {
"""The IDs of the tunnels"""
tunnelId: [IPSecV2InterfaceId!]!
}
type AddIpsecIkeV2SitePayload {
"""The ID of the site"""
siteId: ID!
}
type UpdateIpsecIkeV2SiteGeneralDetailsPayload {
"""The local ID for the site"""
localId: String
"""The ID of the site"""
siteId: ID!
}
type UpdateIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type UpdateIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [UpdateIpsecIkeV2SiteTunnelPayload!]!
}
type AddIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type RemoveIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type AddIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [AddIpsecIkeV2SiteTunnelPayload!]!
}
type RemoveIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [RemoveIpsecIkeV2SiteTunnelPayload!]!
}
type UpdateIpsecIkeV2SiteTunnelsPayload {
"""The primary multi-tunnel"""
primary: UpdateIpsecIkeV2SiteMultiTunnelPayload
"""The secondary multi-tunnel"""
secondary: UpdateIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type AddIpsecIkeV2SiteTunnelsPayload {
"""Cato’s FQDN for the primary tunnel"""
primary: AddIpsecIkeV2SiteMultiTunnelPayload
"""Cato’s FQDN for the secondary tunnel"""
secondary: AddIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type RemoveIpsecIkeV2SiteTunnelsPayload {
"""Cato’s FQDN for the primary tunnel"""
primary: RemoveIpsecIkeV2SiteMultiTunnelPayload
"""Cato’s FQDN for the secondary tunnel"""
secondary: RemoveIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type HardwareManagementQueries {
"""Retrieve the account socket inventory"""
socketInventory(input: SocketInventoryInput): SocketInventoryPayload! @beta
}
input SocketInventoryInput {
filter: SocketInventoryFilterInput
paging: PagingInput
sort: SocketInventoryOrderInput
}
input SocketInventoryFilterInput {
"""
Will run contains operation for the provided text on the following fields serialNumber,socketMac,socketVersion,installedSite,
shippingCompany,trackingNumber,deliverySiteName,description,hardwareVersion with OR between them
"""
freeText: FreeTextFilterInput
}
input SocketInventoryOrderInput {
accountName: SortOrderInput
deliverySiteName: SortOrderInput
description: SortOrderInput
hardwareVersion: SortOrderInput
installedSite: SortOrderInput
serialNumber: SortOrderInput
shippingCompany: SortOrderInput
shippingDate: SortOrderInput
socketType: SortOrderInput
"""Default sort field"""
status: SortOrderInput
}
type SocketInventoryPayload {
items: [SocketInventoryItem!]!
pageInfo: PageInfo!
}
type SocketInventoryItem {
"""Socket account"""
account: AccountRef!
"""Available upgrade versions"""
availableUpgradeVersions: [String!]!
"""Name of the delivery site"""
deliverySiteName: String
"""Description"""
description: String
"""Hardware Version"""
hardwareVersion: String
"""ID"""
id: ID!
"""Is primary socket"""
isPrimary: Boolean!
"""Registration status"""
registrationStatus: SocketRegistrationStatus
"""Serial number (unique)"""
serialNumber: String
"""Shipping company"""
shippingCompany: String
"""Shipping date"""
shippingDate: DateTime
"""Socket's site"""
site: SiteRef
"""Mac address"""
socketMac: MacAddress
"""Socket Type"""
socketType: SocketPlatform
"""Socket version"""
socketVersion: String
"""Socket status (see SocketInventoryItemStatus)"""
status: SocketInventoryItemStatus
"""tracking number from the shipping company"""
trackingNumber: String
"""tracking url from the shipping company"""
trackingUrl: Url
"""Are automatic upgrade paused"""
upgradesPaused: Boolean!
"""Upgrade status"""
upgradeStatus: SocketUpgradeStatus
}
enum SocketInventoryItemStatus {
CONNECTED
DELIVERED
INSTALLED
ORDERED
SHIPPED
}
type Events {
from: DateTime
id: ID
records(limit: Int, from: Int): [EventsRecord!]
to: DateTime
total: Int
totals: Map
}
type EventsRecord {
fields: [EventField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
prevTimeFrame: Map
trends: Map
}
type EventsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
input EventsMeasure {
aggType: AggregationType!
fieldName: EventFieldName!
trend: Boolean
}
input EventsDimension {
fieldName: EventFieldName!
}
input EventsFilter {
fieldName: EventFieldName!
operator: FilterOperator!
values: [String!]!
}
input EventsPostAggFilter {
aggType: AggregationType!
filter: EventsFilter!
}
input EventsSort {
fieldName: EventFieldName!
order: DirectionEnum!
}
type EventField {
name: EventFieldName!
value: Value!
}
type AuditFeedAccountRecords {
id: ID
records(fieldNames: [AuditFieldName!]): [AuditRecord!]
}
type AuditFeed {
accounts: [AuditFeedAccountRecords]
fetchedCount: Int!
from: DateTime
hasMore: Boolean
marker: String
to: DateTime
}
"""
Search operators on ElasticSearch. Between operators are applicable only to numeric fields
Note that not operators are slower
"""
enum ElasticOperator {
between
exists
in
is
is_not
not_between
not_exists
not_in
}
"""
FieldName for the different types of FieldName inputs
Use the EventFieldName for events, and AuditFieldName for audit
"""
input FieldNameInput {
AuditFieldName: AuditFieldName
}
input AuditFieldFilterInput {
fieldName: FieldNameInput!
"Use AuditFieldName for audits"
operator: ElasticOperator!
values: [String!]
}
"""Represents a single event in the audit database"""
type AuditRecord {
account: EntityInfo
admin: Entity
apiKey: Entity
"All fields in the audit record (including the admin and object)"
fields: [AuditField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
object: Entity
time: DateTime
}
type StringValue {
string: String
}
type DateValue {
date: DateTime
}
union Value = StringValue | DateValue | Entity
type AuditField {
name: String!
value: Value!
}
enum AuditFieldName {
"The name of the account on which the record was created"
account
"The id of the account on which the record was created"
account_id
"The admin whose action generated the record"
admin
"The ID of the admin whose action generated the record"
admin_id
"The api key whose action generated the record"
apiKey
audit_creation_type
"the nature of the change: `CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED`"
change_type
"Time the record was created"
creation_date
"Time the record was committed to storage"
insertion_date
"The name of the object that was affected, e.g. 'My Site'"
model_name
"The type of object that was affected. e.g. Site, Socket, SocketInterface"
model_type
"Less granular than model_name, a general marker of the modified area: administration, configuration, security"
module
}
enum EntityType {
"""A reference to a configured Account under reseller"""
account
"""An account administrator (user in Cato Console)"""
admin
"""An external IP address in a specific PoP reserved for the account"""
allocatedIP
"""Any entity (matches everything)"""
any
"Pooled licenses available for use"
availablePooledUsage
"Site licenses available for use"
availableSiteUsage
"""A settlement with over 1K population"""
city
"""Geographical and political entity recognized internationally"""
country
"""
Represents a state or territory within a country. It is a sub-division of the country
"""
countryState
"A reference to DHCP Relay Group within account"
dhcpRelayGroup
groupSubscription
"""A reference to the configured Host within Site"""
host
"A reference to LAN Firewall Rule within Site"
lanFirewall
"A reference to Local Routing Rule within Site"
localRouting
location
mailingListSubscription
"""A reference to the configured Network Interface within Site"""
networkInterface
"Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number"
portProtocol
"l4 services for LAN firewall rules"
simpleService
"""A reference to a configured Site within Account"""
site
"union of the globalRange and a Subnet"
siteRange
"""
Time zone, which is a geographical region where clocks are set to the same time
"""
timezone
"""A reference to the configured VPN User within Account"""
vpnUser
webhookSubscription
}
"""Input for adding a new cloud interconnect site."""
input AddCloudInterconnectSiteInput {
"""Description of the site."""
description: String
"""Name of the site."""
name: String!
"""Location details of the site."""
siteLocation: AddSiteLocationInput!
"""Type of the site."""
siteType: SiteType! = BRANCH
}
"""Payload for adding a new cloud interconnect site."""
type AddCloudInterconnectSitePayload {
"""ID of the newly added site."""
siteId: ID!
}
"""
Input for adding a new physical connection to a cloud interconnect site.
"""
input AddCloudInterconnectPhysicalConnectionInput {
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth!
"""Method of encapsulation.Wither .1Q/QinQ"""
encapsulationMethod: TaggingMethod!
"""High availability role of the connection."""
haRole: HaRole!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput!
"""Private IP address of Cato."""
privateCatoIp: IPAddress!
"""Private IP address of the site."""
privateSiteIp: IPAddress!
"""
Name of the service provider. Usually a partner, or a fabric service provider.
"""
serviceProviderName: String!
"""Identifying data for the site."""
site: SiteRefInput!
"""Subnet for the connection, the BGP peering range. /30 CIDR."""
subnet: NetworkSubnet!
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth!
}
"""
Payload for adding a new physical connection to a cloud interconnect site.
"""
type AddCloudInterconnectPhysicalConnectionPayload {
"""ID of the newly added connection."""
id: ID!
}
"""
Payload for updating an existing physical connection at a cloud interconnect site.
"""
type UpdateCloudInterconnectPhysicalConnectionPayload {
"""ID of the updated connection."""
id: ID!
}
"""
Input for updating an existing physical connection at a cloud interconnect site.
"""
input UpdateCloudInterconnectPhysicalConnectionInput {
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth
"""Method of encapsulation."""
encapsulationMethod: TaggingMethod
"""ID of the connection to be updated."""
id: ID!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput
"""Private IP address of Cato."""
privateCatoIp: IPAddress
"""Private IP address of the site."""
privateSiteIp: IPAddress
"""Name of the service provider."""
serviceProviderName: String
"""Subnet for the connection."""
subnet: NetworkSubnet
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth
}
"""
Input for removing a physical connection from a cloud interconnect site.
"""
input RemoveCloudInterconnectPhysicalConnectionInput {
"""ID of the connection to be removed."""
id: ID!
}
"""
Payload for removing a physical connection from a cloud interconnect site.
"""
type RemoveCloudInterconnectPhysicalConnectionPayload {
"""ID of the removed connection."""
id: ID!
}
"""
Input for getting details of a physical connection at a cloud interconnect site.
"""
input CloudInterconnectPhysicalConnectionInput {
"""ID of the connection."""
id: ID!
}
"""Details of a physical connection at a cloud interconnect site."""
type CloudInterconnectPhysicalConnection {
"""C-VLAN applicable only for QINQ connections."""
cVlan: Vlan
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth!
"""Method of encapsulation."""
encapsulationMethod: TaggingMethod!
"""High availability role of the connection. Either Primary or Secondary."""
haRole: HaRole!
"""ID of the connection."""
id: ID!
"""Identifying data for the POP location."""
popLocation: PopLocationRef!
"""Private IP address of Cato, used for BGP routing."""
privateCatoIp: IPAddress!
"""Private IP address of the site, used for BGP routing."""
privateSiteIp: IPAddress!
"""Name of the service provider."""
serviceProviderName: String!
"""Identifying data for the site."""
site: SiteRef!
"""Subnet for the connection."""
subnet: NetworkSubnet!
"""S-VLAN applicable only for QINQ connections."""
sVlan: Vlan
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth!
"""VLAN applicable only for DOT1Q connections."""
vlan: Vlan
}
"""
Input for getting the ID of a physical connection at a cloud interconnect site.
"""
input CloudInterconnectPhysicalConnectionIdInput {
"""High availability role of the connection."""
haRole: HaRole!
"""Identifying data for the site."""
site: SiteRefInput!
}
"""ID of a physical connection at a cloud interconnect site."""
type CloudInterconnectPhysicalConnectionId {
"""ID of the connection."""
id: ID!
}
"""
Input for checking the connectivity status of a cloud interconnect connection.
"""
input CloudInterconnectConnectionConnectivityInput {
"""ID of the connection."""
id: ID!
}
"""Connectivity status of a cloud interconnect connection."""
type CloudInterconnectConnectionConnectivity {
"""Indicates if the connection is successful."""
success: Boolean!
}
enum SocketInterfaceDestType {
ALTERNATIVE
CATO
INTERFACE_DISABLED
LAN
LAN_AND_HA
LAN_LAG_MASTER
LAN_LAG_MASTER_AND_VRRP
LAN_LAG_MEMBER
LAYER_2_WAN
VRRP
VRRP_AND_LAN
}
enum VrrpType {
DIRECT_LINK
VIA_SWITCH
}
"SocketInterface available ids, INT_# stands for 1,2,3...12 supported ids"
enum SocketInterfaceIDEnum {
INT_1
INT_10
INT_11
INT_12
INT_2
INT_3
INT_4
INT_5
INT_6
INT_7
INT_8
INT_9
LAN1
LAN2
LTE
USB1
USB2
WAN1
WAN2
WLAN
}
enum SocketInterfaceRole {
wan_1
wan_2
wan_3
wan_4
}
enum IPSecV2InterfaceId {
PRIMARY1
PRIMARY2
PRIMARY3
SECONDARY1
SECONDARY2
SECONDARY3
}
enum IPSecV2TunnelRole {
WAN1
WAN2
WAN3
}
type SubDomain {
accountId: ID!
accountName: String!
accountType: String!
subDomain: String!
}
input UpdateAccountRoleInput {
id: ID!
name: String
}
input UpdateAdminRoleInput {
allowedAccounts: [ID!]
allowedEntities: [EntityInput!]
role: UpdateAccountRoleInput!
}
enum SiteType {
BRANCH
CLOUD_DC
DATACENTER
HEADQUARTERS
}
type AdminsResult {
items: [Admin!]!
total: Int!
}
type EntityLookupResult {
items: [EntityInfo!]!
total: Int
}
enum AdminType {
LOGIN
SERVICE_PRINCIPLE
}
"""A CC2 administrator"""
type Admin {
adminType: AdminType
allowedItems: [Entity!]
creationDate: DateTime
email: String
firstName: String
id: ID!
lastName: String
managedRoles: [AdminRole!]
mfaEnabled: Boolean
modifyDate: DateTime
nativeAccountID: ID
passwordNeverExpires: Boolean
presentUsageAndEvents: Boolean
resellerRoles: [AdminRole!]
role: UserRole
status: OperationalStatus
version: String!
}
enum UserRole {
EDITOR
OWNER
PUBLIC_EDITOR
PUBLIC_VIEWER
SITES_VIEWER
SUPER_USER
VIEWER
}
enum AccountType {
ALL
REGULAR
RESELLER
SYSTEM
}
enum IpSecCipher {
AES_CBC_128
AES_CBC_256
AES_GCM_128
AES_GCM_256
AUTOMATIC
DES3_CBC
NONE
}
enum IpSecHash {
AUTOMATIC
MD5
NONE
SHA1
SHA256
SHA384
SHA512
}
enum IpSecDHGroup {
AUTOMATIC
DH_14_MODP2048
DH_15_MODP3072
DH_16_MODP4096
DH_19_ECP256
DH_2_MODP1024
DH_20_ECP384
DH_21_ECP521
DH_5_MODP1536
NONE
}
enum ConnectionMode {
BIDIRECTIONAL
RESPONDER_ONLY
}
enum IdentificationType {
EMAIL
FQDN
IPV4
KEY_ID
}
enum DestinationType {
FQDN
IPv4
}
enum ProtoType {
CROSS_CONNECT
IPSEC_CLIENT
IPSEC_HOST
IPSEC_V2
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
SOCKET_GCP1500
SOCKET_X1500
SOCKET_X1600
SOCKET_X1600_LTE
SOCKET_X1700
VSOCKET_VGX
VSOCKET_VGX_AWS
VSOCKET_VGX_AZURE
VSOCKET_VGX_ESX
}
enum SocketRegistrationStatus {
ASSIGNED_SITE
ASSIGNED_SITE_PENDING_REGISTER
NEW
PENDING
REGISTERED
REJECTED
UNASSIGNING
}
enum SocketUpgradeStatus {
CANCEL
FAIL
FATAL
PENDING
PENDING_REBOOT
RETRY
SKIP
STARTED
STARTING
SUCCESS
}
enum SocketPlatform {
AWS1500
AZ1500
ESX1500
GCP1500
X1500
X1500_BR2
X1500B_BR2
X1600
X1600_LTE
X1700
X1700B
}
enum SubnetType {
Direct
Native
Routed
SecondaryNative
VLAN
}
enum DhcpType {
ACCOUNT_DEFAULT
DHCP_DISABLED
DHCP_RANGE
DHCP_RELAY
}
input LookupFilterInput {
filter: LookupFilterType
value: String
}
enum LookupFilterType {
"""Custom filter for country, used by city and state entityLookup"""
country
"""
Custom filter to be used with Site entityLookup, to get only sites with Alt WAN, possible values:
"true",
"false",
"""
filterByAltWan
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as backhauling gateways, possible values:
"true",
"false",
"""
filterByBackhaulingGW
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values (there are more values that can supported):
"SOCKET_X1500",
"SOCKET_X1600",
"SOCKET_X1700",
"VSOCKET_VGX_ESX",
"VSOCKET_VGX_AWS"
"VSOCKET_VGX_AZURE"
"SOCKET_X1600_LTE",
"""
filterByConnectionType
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values:
"SOCKET",
"IPSEC",
"vSOCKET",
"PHYSICAL_SOCKET"
"""
filterByConnectionTypeFamily
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as OffCloudTransportEnabled, possible values:
"true",
"false",
"""
filterByOffCloudTransportEnabled
"""Custom filter for state used by city entityLookup"""
state
}
type AccountRolesResult {
items: [RBACRole!]!
total: Int!
}
type AccountDataPayload {
id: ID!
name: String!
subdomain: String!
}
type Entity {
id: ID!
name: String
type: EntityType!
}
input EntityInput {
id: ID!
name: String
type: EntityType!
}
type EntityInfo {
description: String!
entity: Entity!
helperFields: Map!
}
input BgpPeerListInput {
"""Identifies the site whose BGP peers are listed."""
site: SiteRefInput!
}
type BgpPeerListPayload {
"""BGP peers associated with the site."""
bgpPeer: [BgpPeer!]!
"""Total number of BGP peers found."""
total: Int!
}
input AddBgpPeerInput {
"""Advertise all routes if true."""
advertiseAllRoutes: Boolean! = false
"""Advertise the default route (0.0.0.0/0) if true."""
advertiseDefaultRoute: Boolean! = true
"""Advertise summarized routes if true."""
advertiseSummaryRoutes: Boolean! = false
"""Enable BFD for session failure detection if true."""
bfdEnabled: Boolean! = false
"""Required BFD configuration if BFD is enabled."""
bfdSettings: BfdSettingsInput
"""The AS number of Cato's BGP endpoint."""
catoAsn: Asn16!
"""Default action for routes not matching filters (ACCEPT or DROP)."""
defaultAction: BgpDefaultAction!
"""Excluded rules from the default action."""
defaultActionExclusion: [BgpFilterRuleInput!]! = []
"""Time (in seconds) before declaring the peer unreachable."""
holdTime: Int! = 60
"""Time (in seconds) between keepalive messages."""
keepaliveInterval: Int! = 20
"""MD5 authentication key for secure sessions."""
md5AuthKey: String
"""Route preference metric; lower values are given precedence."""
metric: Int! = 100
"""Name of the BGP configuration entity."""
name: String!
"""The AS number of the peer BGP endpoint."""
peerAsn: Asn32!
"""IP address of the peer BGP endpoint."""
peerIp: IPAddress!
"""Perform NAT if true."""
performNat: Boolean! = false
"""Information about the site where the BGP peer is being added."""
site: SiteRefInput!
"""Summarized routes to advertise."""
summaryRoute: [BgpSummaryRouteInput!]! = []
"""Configuration for tracking the health and status of the BGP peer."""
tracking: BgpTrackingInput
}
input BgpPeerRefInput {
"""Specifies the method of identification (default is by ID)."""
by: ObjectRefBy! = ID
"""Value used to identify the BGP peer (e.g., ID or name)."""
input: String!
}
type BgpPeer {
"""Indicates if all routes are advertised."""
advertiseAllRoutes: Boolean!
"""Indicates if the default route is advertised."""
advertiseDefaultRoute: Boolean!
"""Indicates if summarized routes are advertised."""
advertiseSummaryRoutes: Boolean!
"""Indicates if BFD is enabled for failure detection."""
bfdEnabled: Boolean!
"""BFD configuration."""
bfdSettings: BfdSettings
"""AS number of Cato's BGP endpoint."""
catoAsn: Asn16!
"""IP address of Cato's BGP endpoint."""
catoIp: IPAddress!
"""Default action for routes not matching filters (ACCEPT or DROP)."""
defaultAction: BgpDefaultAction!
"""Rules excluded from the default action."""
defaultActionExclusion: [BgpFilterRule!]!
"""Time before declaring the peer unreachable."""
holdTime: Int!
"""Unique identifier for the BGP peer."""
id: ID!
"""Interval between keepalive messages."""
keepaliveInterval: Int!
"""MD5 authentication key for secure sessions."""
md5AuthKey: String
"""Metric for route preferences."""
metric: Int!
"""Name of the BGP configuration entity."""
name: String!
"""AS number of the peer BGP endpoint."""
peerAsn: Asn32!
"""IP address of the peer BGP endpoint."""
peerIp: IPAddress!
"""Indicates if NAT is performed on routes."""
performNat: Boolean!
"""Site associated with this BGP peer."""
site: SiteRef!
"""Summarized routes advertised to the peer."""
summaryRoute: [BgpSummaryRoute!]!
"""Tracking configuration for health and availability."""
tracking: BgpTracking
}
input BgpTrackingInput {
"""Frequency of health alerts."""
alertFrequency: PolicyRuleTrackingFrequencyEnum! = HOURLY
"""Indicates if tracking is enabled."""
enabled: Boolean! = false
"""Subscription ID associated with this tracking rule."""
subscriptionId: ID!
}
type BgpTracking {
"""Frequency of health alerts."""
alertFrequency: PolicyRuleTrackingFrequencyEnum!
"""Indicates if tracking is enabled."""
enabled: Boolean!
"""Unique identifier for the tracking rule."""
id: ID!
"""Subscription ID associated with the rule."""
subscriptionId: ID
}
type AddBgpPeerPayload {
"""The BGP peer that was successfully added."""
bgpPeer: BgpPeer!
}
input UpdateBgpPeerInput {
"""Update for all route advertisements."""
advertiseAllRoutes: Boolean
"""Update for default route advertisement."""
advertiseDefaultRoute: Boolean
"""Update for summary route advertisement."""
advertiseSummaryRoutes: Boolean
"""Update to enable or disable BFD."""
bfdEnabled: Boolean
"""Updated BFD settings."""
bfdSettings: BfdSettingsInput
"""Updated AS number of Cato's BGP endpoint."""
catoAsn: Asn16
"""Update for the default action on unmatched routes."""
defaultAction: BgpDefaultAction
"""Updated rules excluded from the default action."""
defaultActionExclusion: [BgpFilterRuleInput!]
"""Updated hold time for the BGP session."""
holdTime: Int
"""Unique identifier of the BGP peer to be updated."""
id: ID!
"""Updated keepalive interval for the BGP session."""
keepaliveInterval: Int
"""Updated MD5 authentication key."""
md5AuthKey: String
"""Updated metric value for route preferences."""
metric: Int
"""Updated name of the BGP configuration entity."""
name: String
"""Updated AS number of the peer BGP endpoint."""
peerAsn: Asn32
"""Updated IP address of the peer BGP endpoint."""
peerIp: IPAddress
"""Update for NAT configuration."""
performNat: Boolean
"""Updated summarized routes to advertise."""
summaryRoute: [BgpSummaryRouteInput!]
"""Updated tracking configuration for the BGP peer."""
tracking: BgpTrackingInput
}
input BfdSettingsInput {
"""Number of missed BFD packets before considering the session down."""
multiplier: Int! = 5
"""
Time interval (in milliseconds) in which this peer expects to receive BFD packets.
"""
receiveInterval: Int! = 1000
"""Time interval (in milliseconds) between BFD packets sent by this peer."""
transmitInterval: Int! = 1000
}
type BfdSettings {
"""Number of missed BFD packets before considering the session down."""
multiplier: Int!
"""
Time interval (in milliseconds) in which this peer expects to receive BFD packets.
"""
receiveInterval: Int!
"""Time interval (in milliseconds) between BFD packets sent by this peer."""
transmitInterval: Int!
}
type UpdateBgpPeerPayload {
"""The updated BGP peer object."""
bgpPeer: BgpPeer!
}
input RemoveBgpPeerInput {
"""Unique identifier of the BGP peer to be removed."""
id: ID!
}
type RemoveBgpPeerPayload {
"""The BGP peer that was successfully removed."""
bgpPeer: BgpPeer!
}
enum BgpDefaultAction {
"""Default action to accept all unmatched routes."""
ACCEPT
"""Default action to drop all unmatched routes."""
DROP
}
input SiteBgpStatusInput {
"""Identifying data for the site whose BGP status is being queried."""
site: SiteRefInput!
}
type SiteBgpStatus {
"""Raw BGP status information."""
rawStatus: [String!]!
"""Detailed BGP status, including session and route details."""
status: [BgpDetailedStatus!]!
}
type BgpDetailedStatus {
"""Status of the BFD session (if applicable)."""
bfdSession: String
"""Status of the BGP session (e.g., established, down)."""
bgpSession: String!
"""Routes rejected from the peer."""
rejectedRoutesFromPeer: [BgpRejectedRoutesFromPeer!]!
"""IP address of the remote BGP peer."""
remoteIp: IPAddress!
"""Routes received from the peer."""
routesFromPeer: [String!]!
"""Routes sent to the peer."""
routesToPeer: [String!]!
}
type BgpSummaryRoute {
"""Community values associated with the route."""
community: [BgpCommunity!]!
"""Unique identifier of the summarized route."""
id: ID!
"""Subnet of the summarized route."""
route: NetworkSubnet!
}
input BgpSummaryRouteInput {
"""Community values to associate with the summarized route."""
community: [BgpCommunityInput!]! = []
"""Subnet of the summarized route to be advertised."""
route: NetworkSubnet!
}
type BgpRouteExactAndInclusiveFilterRule {
"""Minimum prefix length for the filter rule."""
ge: Int
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRef!]!
"""Global IP ranges to exclude."""
globalIpRangeException: [GlobalIpRangeRef!]!
"""Unique identifier of the filter rule."""
id: ID!
"""Maximum prefix length for the filter rule."""
le: Int
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]!
"""Network subnets to exclude."""
networkSubnetException: [NetworkSubnet!]!
}
type BgpRouteExactFilterRule {
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRef!]!
"""Unique identifier of the exact filter rule."""
id: ID!
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]!
}
type BgpCommunityFilterRule {
"""Community values to match."""
community: [BgpCommunity!]!
"""Unique identifier of the community filter rule."""
id: ID!
"""Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL)."""
predicate: BgpCommunityFilterPredicate!
}
type BgpFilterRule {
"""
Exact and inclusive filter rule. Please choose only one filter rule type.
"""
bgpRouteExactAndInclusiveFilterRule: BgpRouteExactAndInclusiveFilterRule
"""Exact route filter rule. Please choose only one filter rule type."""
bgpRouteExactFilterRule: BgpRouteExactFilterRule
"""Community filter rule. Please choose only one filter rule type."""
communityFilterRule: BgpCommunityFilterRule
}
input BgpFilterRuleInput {
"""Input for exact and inclusive filter rule."""
bgpRouteExactAndInclusiveFilterRule: BgpRouteExactAndInclusiveFilterRuleInput
"""Input for exact route filter rule."""
bgpRouteExactFilterRule: BgpRouteExactFilterRuleInput
"""Input for community filter rule."""
communityFilterRule: BgpCommunityFilterRuleInput
}
input BgpRouteExactFilterRuleInput {
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRefInput!]! = []
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]! = []
}
input BgpRouteExactAndInclusiveFilterRuleInput {
"""Minimum prefix length for the filter rule."""
ge: Int
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRefInput!]! = []
"""Global IP ranges to exclude."""
globalIpRangeException: [GlobalIpRangeRefInput!]! = []
"""Maximum prefix length for the filter rule."""
le: Int
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]! = []
"""Network subnets to exclude."""
networkSubnetException: [NetworkSubnet!]! = []
}
input BgpCommunityFilterRuleInput {
"""Community values to match."""
community: [BgpCommunityInput!]! = []
"""Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL)."""
predicate: BgpCommunityFilterPredicate
}
enum BgpCommunityFilterPredicate {
"""Matches exactly the specified community value."""
EQUAL
"""Matches any community value except the specified one."""
NOT_EQUAL
}
type BgpRejectedRoutesFromPeer {
"""Community values associated with the rejected route."""
community: [BgpCommunity!]!
"""Timestamp of the last attempt to publish the rejected route."""
lastPublishAttempt: DateTime
"""Filter rule that caused the rejection."""
rule: String
"""Subnet of the rejected route."""
subnet: NetworkSubnet
"""Reason for rejecting the route."""
type: String
}
interface ObjectRef {
"Object's unique identifier"
id: ID!
"Object's unique name"
name: String!
}
enum ObjectRefBy {
ID
NAME
}
"Time zone identifier E.g.: America/New_York"
scalar TimeZone
"Wall time. E.g.: 12:34:56 or 12:34"
scalar Time
"2006-01-02T15:04:05Z07:00 (RFC3339)"
scalar DateTime
"2006-01-02"
scalar Date
"""
A generic key-value map.
Represents an arbitrary JSON object, e.g.:
{ "key1": "value1", "key2": "value2" }
Keys must be strings, and values can be of any valid JSON type (string, number, boolean, array, or object).
"""
scalar Map
"An IPv4 IP address"
scalar IPAddress
scalar IPSubnet
"""
Top level domain is actually second level domain (e.g. example.com)
It is recommended to use as a broad way of distinguishing domains, because they **frequently use multiple hosts**.
"""
scalar Domain
"""Fully Qualified Domain Name: An exact host name (e.g. www.example.com)"""
scalar Fqdn
"VLAN Identifier. A number in the range 1-4094 used to uniquely identify a Virtual Local Area Network (VLAN) in networking environments"
scalar Vlan
"Application Risk"
scalar ApplicationRisk
"A 64-character hex string representing a SHA-256 hash. Typically used for secure validation and cryptographic integrity checks"
scalar SHA_256
enum OperatingSystem {
ANDROID
EMBEDDED
IOS
LINUX
MACOS
WINDOWS
}
"Email address. E.g.: user@company.org"
scalar Email
"Phone number. E.g.: +1 505 333 4070"
scalar Phone
"Network port number. Must be in range [0-65535] E.g.: 433, 8080, 80, etc.."
scalar Port
"16 bit autonomous system number [0-65535]"
scalar Asn16
"32 bit autonomous system number [0-4294967295]"
scalar Asn32
scalar NetworkBandwidth
"A Uniform Resource Locator, colloquially known as an address on the Web. E.g.: http://www.example.com/page/"
scalar Url
enum DayOfWeek {
FRIDAY
MONDAY
SATURDAY
SUNDAY
THURSDAY
TUESDAY
WEDNESDAY
}
"FF:FF:FF:FF OR FF-FF-FF-FF"
scalar MacAddress
"Http header name"
scalar HttpHeaderName
"Http header value"
scalar HttpHeaderValue
"Subnet in CIDR notation E.g.: 10.0.0.0/24"
scalar NetworkSubnet
"Inclusive range of IPs"
type IpAddressRange {
from: IPAddress!
to: IPAddress!
}
"Inclusive range of IPs"
input IpAddressRangeInput {
from: IPAddress!
to: IPAddress!
}
"Inclusive network port range"
type PortRange {
from: Port!
to: Port!
}
"Inclusive network port range"
input PortRangeInput {
from: Port!
to: Port!
}
input IPAddressFilterInput {
between: [IPAddress!]
eq: IPAddress
in: [IPAddress!]
neq: IPAddress
nin: [IPAddress!]
nwithin: NetworkSubnet
within: NetworkSubnet
}
enum IpProtocol {
ANY
ICMP
TCP
"TCP or UDP"
TCP_UDP
UDP
}
enum SimpleServiceType {
DNS_TCP
DNS_UDP
FTP
HTTP
HTTPS
MYSQL
RDP
SMTP
SSH
}
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol"
type CustomService {
port: [Port!]
portRange: PortRange
protocol: IpProtocol!
}
"Add a Custom Service defined by a combination of L4 ports and an IP Protocol"
input CustomServiceInput {
port: [Port!]
portRange: PortRangeInput
protocol: IpProtocol!
}
type CustomServiceIp {
ip: IPAddress
ipRange: IpAddressRange
name: String!
}
input CustomServiceIpInput {
ip: IPAddress
ipRange: IpAddressRangeInput
name: String!
}
type SimpleService {
name: SimpleServiceType!
}
input SimpleServiceInput {
name: SimpleServiceType!
}
input AccountFilter {
accountInclusion: AccountInclusion
in: [ID!]
}
"""
A reference identifying the User object. ID: Unique User Identifier, Name: The User Name
"""
type UserRef implements ObjectRef {
id: ID!
name: String!
}
input UserRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the UsersGroup object. ID: Unique UsersGroup Identifier, Name: The UsersGroup Name
"""
type UsersGroupRef implements ObjectRef {
id: ID!
name: String!
}
input UsersGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the DeviceProfile object. ID: Unique DeviceProfile Identifier, Name: The DeviceProfile Name
"""
type DeviceProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DeviceProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying of the PrivateApplication object. ID: Unique PrivateApplication Identifier, Name: The PrivateApplication Name
"""
type PrivateApplicationRef implements ObjectRef {
id: ID!
name: String!
}
interface ActorRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Admin object. ID: Unique Admin Identifier, Name: The Admin Name
"""
type AdminRef implements ActorRef & ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the ApiKey object. ID: Unique ApiKey Identifier, Name: The ApiKey Name
"""
type ApiKeyRef implements ActorRef & ObjectRef {
id: ID!
name: String!
}
input ActorRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the CustomCategory object. ID: Unique CustomCategory Identifier, Name: The CustomCategory Name
"""
type CustomCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input CustomCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Group object. ID: Unique Group Identifier, Name: The Group Name
"""
type GroupRef implements ObjectRef {
id: ID!
name: String!
}
input GroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
type RbacRoleRef implements ObjectRef {
id: ID!
name: String!
}
type AccessTokenRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the AllocatedIp object. ID: Unique AllocatedIp Identifier, Name: The AllocatedIp Name
"""
type AllocatedIpRef implements ObjectRef {
id: ID!
name: String!
}
input AllocatedIpRefInput {
by: ObjectRefBy! = ID
input: String!
}
type DhcpRelayGroupRef implements ObjectRef {
id: ID!
name: String!
}
"""
Returns data for the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched
to the route advertised by BGP. They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
type FloatingSubnetRef implements ObjectRef {
"Unique Floating Subnet ID"
id: ID!
"Name for the Floating Subnet"
name: String!
}
"""
Defines the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched
to the route advertised by BGP. They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
input FloatingSubnetRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
type GlobalRangeRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Host object. ID: Unique Host Identifier, Name: The Host Name
"""
type HostRef implements ObjectRef {
id: ID!
name: String!
}
input HostRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the NetworkInterface object. ID: Unique NetworkInterface Identifier, Name: The NetworkInterface Name
"""
type NetworkInterfaceRef implements ObjectRef {
id: ID!
name: String!
}
input NetworkInterfaceRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name
"""
type SiteRef implements ObjectRef {
id: ID!
name: String!
}
input SiteRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Account object. ID: Unique Account Identifier, Name: The Account Name
"""
type AccountRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the SiteNetworkSubnet object. ID: Unique SiteNetworkSubnet Identifier, Name: The SiteNetworkSubnet Name
"""
type SiteNetworkSubnetRef implements ObjectRef {
id: ID!
name: String!
}
input SiteNetworkSubnetRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Application object. ID: Unique Application Identifier, Name: The Application Name
"""
type ApplicationRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the ApplicationCategory object. ID: Unique ApplicationCategory Identifier, Name: The ApplicationCategory Name
"""
type ApplicationCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SanctionedAppsCategory object. ID: Unique SanctionedAppsCategory Identifier, Name: The SanctionedAppsCategory Name
"""
type SanctionedAppsCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input SanctionedAppsCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
type CloudApplicationRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the CustomApplication object. ID: Unique CustomApplication Identifier, Name: The CustomApplication Name
"""
type CustomApplicationRef implements ObjectRef {
id: ID!
name: String!
}
input CustomApplicationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Service object. ID: Unique Service Identifier, Name: The Service Name
"""
type ServiceRef implements ObjectRef {
id: ID!
name: String!
}
input ServiceRefInput {
by: ObjectRefBy! = ID
input: String!
}
type SimpleServiceRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Country object. ID: Unique Country Identifier, Name: The Country Name
"""
type CountryRef implements ObjectRef {
id: ID!
name: String!
}
input CountryRefInput {
by: ObjectRefBy! = ID
input: String!
}
type InterfaceSubnetRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the SubscriptionGroup object. ID: Unique SubscriptionGroup Identifier, Name: The SubscriptionGroup Name
"""
type SubscriptionGroupRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionWebhook object. ID: Unique SubscriptionWebhook Identifier, Name: The SubscriptionWebhook Name
"""
type SubscriptionWebhookRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionWebhookRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionMailingList object. ID: Unique SubscriptionMailingList Identifier, Name: The SubscriptionMailingList Name
"""
type SubscriptionMailingListRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionMailingListRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SystemGroup object. ID: Unique SystemGroup Identifier, Name: The SystemGroup Name
"""
type SystemGroupRef implements ObjectRef {
id: ID!
name: String!
}
input SystemGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the GlobalIpRange object. ID: Unique GlobalIpRange Identifier, Name: The GlobalIpRange Name
"""
type GlobalIpRangeRef implements ObjectRef {
id: ID!
name: String!
}
input GlobalIpRangeRefInput {
by: ObjectRefBy! = ID
input: String!
}
type StringValueSetRef implements ObjectRef {
id: ID!
name: String!
}
input StringValueSetRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlActivityRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlActivityRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlActivityFieldRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlActivityFieldRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlCriterionRef implements ObjectRef {
id: ID!
name: String!
}
type ApplicationControlContentTypeRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlContentTypeRefInput {
by: ObjectRefBy! = ID
input: String!
}
type ApplicationControlContentTypeGroupRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationControlContentTypeGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
type DlpContentProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DlpContentProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
type DlpEdmProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DlpEdmProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
type BandwidthManagementRef implements ObjectRef {
id: ID!
name: String!
}
input BandwidthManagementRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the PopLocation object. ID: Unique PopLocation Identifier, Name: The PopLocation Name
"""
type PopLocationRef implements ObjectRef {
id: ID!
name: String!
}
input PopLocationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"A group with members of FQDN type"
type FqdnContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"A group with members of IPAddressRange type"
type IpAddressRangeContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Add a container by ID or name"
input ContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
input FqdnContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
input IpAddressRangeContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
"A group with members of a single type of entity (for example: IP, FQDN)"
type ContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"""Referring a location object"""
type LocationRef implements ObjectRef {
id: ID!
name: String!
}
"""Referring an invoice object"""
type InvoiceRef implements ObjectRef {
id: ID!
name: String!
}
"A reference identifying the UserNotificationTemplate object. ID: Unique UserNotificationTemplate Identifier, Name: The UserNotificationTemplate Name"
type UserNotificationTemplateRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Application Connector object. ID: Unique Application Connector Identifier, Name: The Application Connector Name
"""
type ApplicationConnectorCatalogEntityRef implements ObjectRef {
id: ID!
name: String!
}
enum AccountInclusion {
ALL_ACCOUNTS
MANAGED_ACCOUNTS_ONLY
}
input SortOrderInput {
direction: SortOrder! = ASC
priority: Int! = 1
}
enum SortOrder {
ASC
DESC
}
type PageInfo {
total: Int!
}
input IdFilterInput {
eq: ID
in: [ID!]
neq: ID
nin: [ID!]
}
input SiteRefFilterInput {
eq: SiteRefInput
in: [SiteRefInput!]
neq: SiteRefInput
nin: [SiteRefInput!]
}
input UserRefFilterInput {
eq: UserRefInput
in: [UserRefInput!]
neq: UserRefInput
nin: [UserRefInput!]
}
input StringFilterInput {
eq: String
in: [String!]
neq: String
nin: [String!]
}
input AdvancedStringFilterInput {
eq: String
in: [String!]
neq: String
nin: [String!]
regex: String
}
input IntFilterInput {
between: [Int!]
eq: Int
gt: Int
gte: Int
in: [Int!]
lt: Int
lte: Int
neq: Int
nin: [Int!]
}
input DateTimeFilterInput {
between: [DateTime!]
eq: DateTime
gt: DateTime
gte: DateTime
in: [DateTime!]
lt: DateTime
lte: DateTime
neq: DateTime
nin: [DateTime!]
}
input FreeTextFilterInput {
search: String!
}
input BooleanFilterInput {
eq: Boolean
neq: Boolean
}
type AuditingMetadata {
updatedBy: ActorRef!
updatedTime: DateTime!
}
input AuditingMetadataFilterInput {
updatedBy: ActorRefInput
updatedTime: DateTimeFilterInput
}
input AuditingMetadataSortInput {
updatedBy: SortOrderInput
updatedTime: SortOrderInput
}
enum AddressValidationStatus {
INVALID
NA
VALID
}
type PostalAddress {
"Address validation status"
addressValidated: AddressValidationStatus!
"City"
cityName: String
"Country"
country: CountryRef!
"State (only for USA)"
stateName: String
"Street name and number"
street: String
"Zip Code"
zipCode: String
}
type ContactDetails {
"Contact email address"
email: Email
"Contact name"
name: String
"Contact phone number"
phone: Phone
}
input PostalAddressInput {
"City"
cityName: String
"Country"
country: CountryRefInput!
"State (only for USA)"
stateName: String
"Street name and number"
street: String
"Zip Code"
zipCode: String
}
input ContactDetailsInput {
"Contact email address"
email: Email
"Contact name"
name: String
"Contact phone number"
phone: Phone
}
enum RBACAction {
EDIT
NONE
VIEW
}
"System categories for TLS inspection policy"
enum TlsInspectSystemCategory {
"High-popularity cloud apps that were analyzed by Cato's security team and confirmed to be safe for inspection."
POPULAR_CLOUD_APPS
"Top domains found to be broadly TLS-inspected across the Cato cloud. TLS-inspecting these domains is likely to be safe."
SAFE_TO_INSPECT_DOMAINS
}
input PagingInput {
from: Int! = 0
limit: Int! = 100
}
input SortInput {
field: String
order: DirectionInput
}
enum DirectionInput {
asc
desc
}
enum TaggingMethod {
DOT1Q
QINQ
}
input TaggingMethodFilterInput {
eq: TaggingMethod
in: [TaggingMethod!]
neq: TaggingMethod
nin: [TaggingMethod!]
}
type BgpCommunity {
"""Start of the community range."""
from: Asn16!
"""End of the community range."""
to: Asn16!
}
input BgpCommunityInput {
"""Start of the community range."""
from: Asn16!
"""End of the community range."""
to: Asn16!
}
type EntityAccess {
action: RBACAction!
}
type ZtnaAppConnectorRef implements ObjectRef {
"Unique ZTNA app connector ID"
id: ID!
"Name for the ZTNA app connector"
name: String!
}
enum AppStatsFieldName {
"The account id"
account_id
"The account name"
account_name
"Active Directory name"
ad_name
"The application identifier"
app @deprecated(reason: "use application_id instead")
"The application name"
application @deprecated(reason: "use application_name instead")
"Application description"
application_description
"The application identifier"
application_id
"The application name"
application_name
""
application_risk_level
"The application risk score assigned by Cato"
application_risk_score
"Application type (CUSTOM or ORDINARY)"
application_type
"Cato system categories of the application"
categories
"Cato system category of the application"
category @deprecated(reason: "use categories instead")
"Type of process generating this traffic"
client_class
"Socket or SDP Client version"
client_version
"For hosts configured with a static IP in the Cato Management Application, the host name"
configured_host_name
"Connection Origin"
connection_origin
"Application description"
description @deprecated(reason: "use application_description instead")
"For Internet traffic, country where the destination host is located"
dest_country
"IP for destination host or Cato Client"
dest_ip
"Destination is site or remote user"
dest_is_site_or_vpn
"Destination port"
dest_port
"Destination site or remote user identifier"
dest_site
"Destination Site or remote user identifier"
dest_site_id
"Destination Site or remote user name"
dest_site_name
"Device Categories"
device_categories
"Unique Cato ID for devices"
device_id
"Device Manufacturer"
device_manufacturer
"Device Model"
device_model
"Name for device related to the traffic"
device_name
"Device OS Type"
device_os_type
"Device posture profiles"
device_posture_profile
"Device Type"
device_type
""
discovered_app
""
domain @deprecated(reason: "user tld instead")
"data downloaded from cloud applications"
downstream
"Egress PoP Name"
egress_pop_name
"Egress Site Name for backhauling traffic"
egress_site_name
""
flows_created
"Full path URL application activity"
full_path_url
"IP address of host related to event"
host_ip
"MAC address of host related to event"
host_mac
"the country in which the registered application headquarteres is located"
hq_location
"HTTP request method (ie. Get, Post)"
http_request_method
""
ip @deprecated(reason: "use src_ip/dest_ip instead. Planned end-of-life (EoL) date: July 1, 2026.")
"Network protocol for this event"
ip_protocol
"indicates whether the application is considered cloud app/SaaS app"
is_cloud_app
"Is the application defined as sanctioned?"
is_sanctioned_app
"The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)"
ISP_name
"Matched network rule"
network_rule
"new cloud application identifier"
new_app
"OS version for the device (such as 14.3.0)"
os_version
"PoP name"
pop_name
"QoS Priority value"
qos_priority
""
risk_level @deprecated(reason: "use application_risk_level instead")
"the application risk score assigned by Cato"
risk_score @deprecated(reason: "use application_risk_score instead")
"Is the application defined as sanctioned?"
sanctioned @deprecated(reason: "use is_sanctioned_app instead")
"Country in which the source host is located"
site_country
"State in which the source host is located"
site_state
"Name for Socket interface"
socket_interface
"Country in which the source host is located (detected via public IP address)"
src_country
"Country Code of country in which the source host is located (detected via public IP address)"
src_country_code
"IP for source host or Cato Client"
src_ip
"Source is site or remote user"
src_is_site_or_vpn
"IP address provided by ISP to site or Client"
src_isp_ip
"Internal port number"
src_port
"Site country code alpha2"
src_site_country_code
"Source site or remote user identifier"
src_site_id
"Source site or remote user name"
src_site_name
"Site state code"
src_site_state
"Name of subnet as defined in Cato Management Application"
subnet @deprecated(reason: "use subnet_name instead")
"Name of subnet as defined in Cato Management Application"
subnet_name
"Shows if traffic was TCP accelerated or not"
tcp_acceleration
"Top level domain"
tld
"Shows if traffic was TLS inspected or not"
tls_inspection
"TLS Inspection rule name"
tls_rule_name
"the total sum of upstream and downstream data in bytes"
traffic @deprecated(reason: "use upstream or downstream instead")
"Traffic direction"
traffic_direction
"Translated Client IP"
translated_client_ip
"Translated Server IP"
translated_server_ip
"data uploaded to cloud applications"
upstream
"Method used to get identity with User Awareness (such as Identity Agent)"
user_awareness_method
"User identifier"
user_id
"User name"
user_name
"User’s email address"
vpn_user_email
""
vpn_user_id @deprecated(reason: "use user_id instead")
}
type AppStats {
from: DateTime
id: ID
records(limit: Int, from: Int): [AppStatsRecord!]
to: DateTime
total: Int
totals: Map
}
type AppStatsRecord {
fields: [AppStatsField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
prevTimeFrame: Map
trends: Map
}
type AppStatsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
type AppStatsField {
name: AppStatsFieldName!
value: Value!
}
input Measure {
aggType: AggregationType!
fieldName: AppStatsFieldName!
trend: Boolean
}
input Dimension {
fieldName: AppStatsFieldName!
}
input AppStatsFilter {
fieldName: AppStatsFieldName!
operator: FilterOperator!
values: [String!]!
}
input AppStatsPostAggFilter {
aggType: AggregationType!
filter: AppStatsFilter!
}
input AppStatsSort {
fieldName: AppStatsFieldName!
order: DirectionEnum!
}
type AdminMutations {
addAdmin(input: AddAdminInput!): AddAdminPayload @ga
addServicePrincipalAdmin(input: AddServicePrincipalAdminInput!): AddServicePrincipalAdminPayload @ga
removeAdmin(adminID: ID!): RemoveAdminPayload @ga
removeServicePrincipalAdmin(adminID: ID!): RemoveServicePrincipalAdminPayload @ga
updateAdmin(adminID: ID!, input: UpdateAdminInput!): UpdateAdminPayload @ga
updateServicePrincipalAdmin(adminID: ID!, input: UpdateServicePrincipalAdminInput!): UpdateServicePrincipalAdminPayload @ga
}
type GetAdminPayload {
adminType: AdminType!
creationDate: String!
email: String!
firstName: String!
id: ID!
lastName: String!
managedRoles: [AdminRole!]
mfaEnabled: Boolean!
passwordNeverExpires: Boolean!
resellerRoles: [AdminRole!]
}
type GetServicePrincipalAdminPayload {
adminType: AdminType!
creationDate: String!
email: String
id: ID!
managedRoles: [AdminRole!]
name: String!
resellerRoles: [AdminRole!]
}
input AddAdminInput {
adminType: AdminType
email: String
firstName: String!
lastName: String!
managedRoles: [UpdateAdminRoleInput!]
mfaEnabled: Boolean @deprecated(reason: "It is recommended to always require MFA when using User Credential authentication.")
passwordNeverExpires: Boolean!
resellerRoles: [UpdateAdminRoleInput!]
}
input AddServicePrincipalAdminInput {
email: String
managedRoles: [UpdateAdminRoleInput!]
name: String!
resellerRoles: [UpdateAdminRoleInput!]
}
input UpdateAdminInput {
firstName: String
lastName: String
managedRoles: [UpdateAdminRoleInput!]
mfaEnabled: Boolean @deprecated(reason: "It is recommended to always require MFA when using User Credential authentication.")
passwordNeverExpires: Boolean
resellerRoles: [UpdateAdminRoleInput!]
}
input UpdateServicePrincipalAdminInput {
managedRoles: [UpdateAdminRoleInput!]
name: String
resellerRoles: [UpdateAdminRoleInput!]
}
type AddAdminPayload {
adminID: ID!
}
type AddServicePrincipalAdminPayload {
adminID: ID!
}
type RemoveAdminPayload {
adminID: ID!
}
type UpdateAdminPayload {
adminID: ID!
}
type RemoveServicePrincipalAdminPayload {
adminID: ID!
}
type UpdateServicePrincipalAdminPayload {
adminID: ID!
}
type AccountManagementQueries {
"""Read the account information"""
account: AccountInfo @ga
}
type AccountManagementMutations {
"""Add a new account"""
addAccount(input: AddAccountInput!): AccountInfo @ga
"""
Sets the account status to "Disabled" for accounts with plan = "Trial" and status = "Active" or "Locked".
"""
disableAccount(accountId: ID!): DisableAccountPayload @beta
"""
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
"""
removeAccount(accountId: ID!): RemoveAccountPayload @ga
"""Update existing account attributes"""
updateAccount(input: UpdateAccountInput!): AccountInfo @ga
}
input AddAccountInput {
"""User-defined information as defined by an account admin"""
description: String
"""The name of the account"""
name: String!
"""The account tenancy (single-tenant / multi-tenant)"""
tenancy: AccountTenancy!
"""The time zone of the account. Default: UTC (GMT + 0)."""
timezone: TimeZone!
"""The account type (Partner / customer)"""
type: AccountProfileType!
}
input UpdateAccountInput {
"""Account description"""
description: String
}
type AccountInfo {
"""Audit data for the account"""
audit: AccountAuditData!
"""User-defined information as defined by an account admin"""
description: String
"""The ID of the account"""
id: ID!
"""The name of the account"""
name: String!
"""The account plan"""
plan: AccountPlan
"""The account status"""
status: AccountStatus!
"""The account tenancy e.g. single-tenant / multi-tenant"""
tenancy: AccountTenancy!
"""The time zone of the account. Default: UTC (GMT + 0)."""
timeZone: TimeZone!
"""The account type e.g. Partner or Customer"""
type: AccountProfileType!
}
type AccountAuditData {
"""The Admin / API key name used for creating the account"""
createdBy: String!
"""The date when the account created"""
createdTime: DateTime!
}
type RemoveAccountPayload {
"""General info of the removed account"""
accountInfo: AccountInfo!
}
type DisableAccountPayload {
"""General info of the disabled account"""
accountInfo: AccountInfo!
}
"""enum for account type"""
enum AccountProfileType {
"""A customer account"""
CUSTOMER
"""A partner account"""
PARTNER
}
"""enum for account tenancy"""
enum AccountTenancy {
"""Multi tenant account - default for partner accounts"""
MULTI_TENANT
"""Single tenant account - default for customer accounts"""
SINGLE_TENANT
}
"""enum that shows account license status"""
enum AccountStatus {
ACTIVE
DISABLED
LOCKED
}
enum LicenseSku {
"""Cato AI Security Applications SKU"""
CATO_AI_SEC_APP_U
"""Cato AI Security Users SKU"""
CATO_AI_SEC_U
"""Cato Anti Malware (legacy) service SKU"""
CATO_ANTI_MALWARE
"""Cato Anti Malware Next Generation (legacy) service SKU"""
CATO_ANTI_MALWARE_NG
"""Cato CASB service SKU"""
CATO_CASB
"""Cato datalake Group SKU"""
CATO_DATALAKE
"""12 months data retention SKU"""
CATO_DATALAKE_12M
"""3 months data retention SKU"""
CATO_DATALAKE_3M
"""6 months data retention SKU"""
CATO_DATALAKE_6M
"""Cato DEM service SKU"""
CATO_DEM
"""Cato DLP service SKU"""
CATO_DLP
"""Cato EPP service SKU"""
CATO_EPP
"""Cato ILMM service SKU"""
CATO_ILMM
"""Cato IoT/OT Security service SKU"""
CATO_IOT_OT
"""Public IPs SKU"""
CATO_IP_ADD
"""Cato IPS (legacy) service SKU"""
CATO_IPS
"""Cato Managed XDR service SKU"""
CATO_MANAGED_XDR
"""Cato MDR service SKU"""
CATO_MDR
"""Cato NOCaaS service SKU"""
CATO_NOCAAS_HF
"""Site pooled bandwidth SASE SKU"""
CATO_PB
"""Site pooled bandwidth SSE SKU"""
CATO_PB_SSE
"""Cato Remote Browser Isolation (RBI) service SKU"""
CATO_RBI
"""Cato SAAS Group SKU"""
CATO_SAAS
CATO_SAAS_SECURITY_API
"""
Cato SAAS Security API with more than two Applications integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_ALL_APPS
"""
Cato SAAS Security API with one application integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_ONE_APP
"""
Cato SAAS Security API with two applications integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_TWO_APPS
"""SD-WAN Network, Pool Bandwidth"""
CATO_SDWN
"""Site bandwidth SASE SKU"""
CATO_SITE
"""Site bandwidth SSE SKU"""
CATO_SSE_SITE
"""Cato Threat Prevention (legacy) service SKU"""
CATO_THREAT_PREVENTION
"""Cato Advanced Threat Prevention service SKU"""
CATO_THREAT_PREVENTION_ADV
"""Cato XDR service SKU"""
CATO_XDR_PRO
"""Cato XOps service SKU"""
CATO_XOPS
"""ZTNA remote users SKU"""
CATO_ZTNA_USERS
"""ZTNA remote users SKU"""
MOBILE_USERS @deprecated(reason: "replaced with CATO_ZTNA_USERS")
}
"""Input parameters for querying available versions."""
input AvailableVersionListInput {
"""List of platforms to retrieve available versions for."""
platforms: [String!]!
}
"""Input for bulk site upgrade requests."""
input StartSiteUpgradeInput {
upgrades: [SiteUpgradeRequest!]!
}
"""Represents a single site upgrade request."""
input SiteUpgradeRequest {
site: SiteRefInput!
"""Target version to upgrade the site's sockets to."""
targetVersion: String!
}
"""Response payload for available versions query."""
type AvailableVersionListPayload {
"""List of available versions for each requested platform."""
items: [PlatformVersions!]!
}
"""Represents available versions for a specific platform."""
type PlatformVersions {
"""The platform for which versions are retrieved."""
platform: String!
"""List of available socket versions for this platform."""
versions: [String!]!
}
"""Wrapper for site upgrade response."""
type StartSiteUpgradePayload {
"""List of individual site upgrade results."""
results: [SiteUpgradeInfo!]!
}
"""Information about a site upgrade."""
type SiteUpgradeInfo {
"""The scheduled UTC time for the upgrade."""
scheduledAt: String!
site: SiteRef!
"""The requested version for this site."""
targetVersion: String!
}
enum AntiMalwareFileHashAction {
"Block file download by filehash action"
BLOCK
"Bypass file download by filehash action"
BYPASS
}
input AntiMalwareFileHashAddRuleDataInput {
"The action when the file hash is matched: [BLOCK | BYPASS]"
action: AntiMalwareFileHashAction! = BLOCK
description: String! = ""
enabled: Boolean!
"The date when the block or bypass action expires"
expirationDate: DateTime!
"The name of the file"
fileName: String!
name: String!
"The file's unique SHA-256 hash identifier"
sha256: SHA_256!
}
input AntiMalwareFileHashAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: AntiMalwareFileHashAddRuleDataInput!
}
type AntiMalwareFileHashPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [AntiMalwareFileHashRulePayload!]!
sections: [PolicySectionPayload!]!
}
input AntiMalwareFileHashPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input AntiMalwareFileHashPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type AntiMalwareFileHashPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: AntiMalwareFileHashPolicy
status: PolicyMutationStatus!
}
type AntiMalwareFileHashPolicyMutations {
addRule(input: AntiMalwareFileHashAddRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): AntiMalwareFileHashPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): AntiMalwareFileHashPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): AntiMalwareFileHashPolicyMutationPayload! @beta
removeRule(input: AntiMalwareFileHashRemoveRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: AntiMalwareFileHashPolicyUpdateInput!): AntiMalwareFileHashPolicyMutationPayload! @beta
updateRule(input: AntiMalwareFileHashUpdateRuleInput!): AntiMalwareFileHashRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type AntiMalwareFileHashPolicyQueries {
policy(input: AntiMalwareFileHashPolicyInput): AntiMalwareFileHashPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input AntiMalwareFileHashPolicyUpdateInput {
state: PolicyToggleState
}
input AntiMalwareFileHashRemoveRuleInput {
id: ID!
}
type AntiMalwareFileHashRule implements IPolicyRule {
"The action when the file hash is matched: [BLOCK | BYPASS]"
action: AntiMalwareFileHashAction!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"The date when the block or bypass action expires"
expirationDate: DateTime!
"The name of the file"
fileName: String!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
"The file's unique SHA-256 hash identifier"
sha256: SHA_256!
}
type AntiMalwareFileHashRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: AntiMalwareFileHashRulePayload
status: PolicyMutationStatus!
}
type AntiMalwareFileHashRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: AntiMalwareFileHashRule!
}
input AntiMalwareFileHashUpdateRuleDataInput {
"The action when the file hash is matched: [BLOCK | BYPASS]"
action: AntiMalwareFileHashAction
description: String
enabled: Boolean
"The date when the block or bypass action expires"
expirationDate: DateTime
"The name of the file"
fileName: String
name: String
"The file's unique SHA-256 hash identifier"
sha256: SHA_256
}
input AntiMalwareFileHashUpdateRuleInput {
id: ID!
rule: AntiMalwareFileHashUpdateRuleDataInput!
}
"policies which configuration can be read with query APIs."
type PolicyQueries {
antiMalwareFileHash: AntiMalwareFileHashPolicyQueries
applicationControl: ApplicationControlPolicyQueries
appTenantRestriction: AppTenantRestrictionPolicyQueries
clientConnectivity: ClientConnectivityPolicyQueries
dynamicIpAllocation: DynamicIpAllocationPolicyQueries
internetFirewall: InternetFirewallPolicyQueries
remotePortFwd: RemotePortFwdPolicyQueries
socketLan: SocketLanPolicyQueries
splitTunnel: SplitTunnelPolicyQueries
terminalServer: TerminalServerPolicyQueries
tlsInspect: TlsInspectPolicyQueries
wanFirewall: WanFirewallPolicyQueries
wanNetwork: WanNetworkPolicyQueries
ztnaAlwaysOn: ZtnaAlwaysOnPolicyQueries
}
type SandboxQueries {
" Get a list of sandbox reports "
reports(input: SandboxReportsInput!): SandboxReportsPayload! @beta
}
type SandboxMutations {
" Delete a sandbox report "
deleteReport(input: DeleteReportInput!): DeleteReportPayload! @beta
" Upload a file for sandbox analysis "
uploadFile(input: UploadFileInput!): UploadFilePayload! @beta
}
" Output of sandbox reports query "
type SandboxReportsPayload {
" Pagination information "
pageInfo: PageInfo!
" List of sandbox reports "
report: [SandboxReport!]!
}
" Sandbox report meta-data "
type SandboxReport {
" Report creation date "
creationDate: DateTime!
" Report download URL (if ready) "
downloadUrl: Url
" Report expiration date "
expirationDate: DateTime
" Sandbox analysis failure reason (if any) "
failureReason: SandboxFailureReason
" File hash (SHA-256) "
fileHash: String!
" File name "
fileName: String
" Sandbox analysis status "
status: SandboxStatus!
" Sandbox verdict "
verdict: SandboxVerdict
}
" Upload file response "
type UploadFilePayload {
" Upload URL (HTTP PUT) "
uploadUrl: Url
}
" Delete report response "
type DeleteReportPayload {
" File hash (SHA-256) "
fileHash: String!
}
" Sandbox analysis verdict "
enum SandboxVerdict {
" File is clean "
BENIGN
" File is malicious "
MALICIOUS
" File is suspicious "
SUSPICIOUS
}
" Sandbox analysis status "
enum SandboxStatus {
" Report has expired "
EXPIRED
" Analysis has failed "
FAILED
" File is being analyzed "
IN_PROGRESS
" File is pending analysis "
PENDING
" File is queued for retry after throttling "
QUEUED
" Analysis is complete - report is ready "
READY
}
" Sandbox analysis failure reason "
enum SandboxFailureReason {
" Failed to fetch report from sandbox service after 10 minutes "
ANALYSIS_TIMEOUT
" Reached configured queued limit for account "
EXCEED_RATE_LIMIT
" Internal server error "
INTERNAL_ERROR
" Invalid file size (0 or too large) "
INVALID_FILE_SIZE
" Failed to submit file for sandbox analysis "
SUBMISSION_ERROR
" Unsupported file type "
UNSUPPORTED_FILE_TYPE
}
" Sandbox reports query input "
input SandboxReportsInput {
" Query filter criteria "
filter: SandboxReportsFilterInput
" Query pagination criteria "
paging: PagingInput! = {limit: 25, from: 0}
" Query sorting criteria "
sort: SandboxReportsSortInput! = {reportCreateDate: {direction: DESC, priority: 1}}
}
" Sandbox reports query filter "
input SandboxReportsFilterInput {
" File hash filter "
fileHash: [StringFilterInput!]
" File name filter "
fileName: [StringFilterInput!]
" Report creation date filter "
reportCreateDate: [DateTimeFilterInput!]
}
" Sandbox reports query sorting "
input SandboxReportsSortInput {
" Sort by file name "
fileName: SortOrderInput
" Sort by report creation date "
reportCreateDate: SortOrderInput
}
" Upload file input "
input UploadFileInput {
" Uploaded file name "
fileName: String!
}
" Delete report input "
input DeleteReportInput {
" File hash (SHA-256) to be deleted "
fileHash: String!
}
type PopLocationMachineRef implements ObjectRef {
id: ID!
name: String!
}
type PopLocationServiceUnitRef implements ObjectRef {
id: ID!
name: String!
}
type PopLocationQueries {
popLocationList(input: PopLocationFilterInput): PopLocationPayload @beta
}
type PopLocationPayload {
"""
The actual list of PoP locations matching the given filter criteria. Each entry is a non-null PopLocation object.
"""
items: [PopLocation!]!
}
type PopLocation {
"""
Lists the available cloud interconnect options (e.g., AWS Direct Connect, Azure ExpressRoute) at this PoP.
Each entry in the list is a PopLocationCloudInterconnect object describing interconnect capabilities.
"""
cloudInterconnect: [PopLocationCloudInterconnect!]!
"""
Reference to the country where the PoP resides. Links to a CountryRef object that may contain name, ISO code, or additional geopolitical metadata
"""
country: CountryRef!
"""
User-facing name of the PoP (e.g., for dashboards or UI displays). Often formatted for readability
"""
displayName: String!
"""
Unique identifier for the PoP location. Globally unique across the Cato platform
"""
id: ID!
"""
indicates whether the PoP is a private location (customer-owned or dedicated) as opposed to part of the public/shared Cato cloud
"""
isPrivate: Boolean!
"""
Internal name of the PoP location, used for system-level identification. Usually the city of the PoP
"""
name: String!
}
input PopLocationFilterInput {
"""
Filters PoPs based on their geographical country. Useful for regional filtering or compliance.
"""
country: CountryRefFilterInput
"""PoP location's unique identifier (ID)."""
id: IdFilterInput
"""Filter by setting - cloud interconnect tags (e.g.,1Q or QinQ)."""
interconnectTagging: PopLocationCloudInterconnectFilterInput
"""
Filters based on whether a PoP is private or public and a part of the Cato Cloud (public or reserved for a specific partner/customer).
"""
isPrivate: BooleanFilterInput
"""Filter by name of the PoP Location, usually represented by the city."""
name: StringFilterInput
"""
Filters for PoPs marked as “primary,” likely signifying main or preferred locations in a geographic area.
"""
primary: BooleanFilterInput
"""
Filters PoPs based on regional licensing rules or designations, possibly aligning with regional compliance or pricing.
"""
siteLicenseRegion: StringFilterInput
}
type PopLocationCloudInterconnect {
providerName: String!
taggingMethod: TaggingMethod!
}
input PopLocationCloudInterconnectFilterInput {
taggingMethod: TaggingMethodFilterInput
}
input CountryRefFilterInput {
eq: CountryRefInput
in: [CountryRefInput!]
neq: CountryRefInput
nin: [CountryRefInput!]
}
enum ConnectionOriginEnum {
ANY
REMOTE
SITE
}
type DeviceAttributes {
"The category of the firewall device."
category: [String!]!
"The manufacturer of the firewall device."
manufacturer: [String!]!
"The model of the firewall device."
model: [String!]!
"The operating system of the firewall device."
os: [String!]!
"The version of the operating system of the firewall device."
osVersion: [String!]!
"The type of the firewall device."
type: [String!]!
}
input DeviceAttributesInput {
"The category of the firewall device."
category: [String!]! = []
"The manufacturer of the firewall device."
manufacturer: [String!]! = []
"The model of the firewall device."
model: [String!]! = []
"The operating system of the firewall device."
os: [String!]! = []
"The version of the operating system of the firewall device."
osVersion: [String!]! = []
"The type of the firewall device."
type: [String!]! = []
}
input DeviceAttributesUpdateInput {
"The category of the firewall device."
category: [String!]
"The manufacturer of the firewall device."
manufacturer: [String!]
"The model of the firewall device."
model: [String!]
"The operating system of the firewall device."
os: [String!]
"The version of the operating system of the firewall device."
osVersion: [String!]
"The type of the firewall device."
type: [String!]
}
"Shared interface for any policy"
interface IPolicy {
"TRUE = Policy is enabled, FALSE = Policy is disabled"
enabled: Boolean!
"Return list of rules in the policy"
rules: [IPolicyRulePayload!]!
"Return sections in the policy"
sections: [PolicySectionPayload!]!
"Audit data for the policy"
audit: PolicyAudit
"Return data for the Policy revision"
revision: PolicyRevision
}
"Results of policy change"
interface IPolicyMutationPayload {
"Data for the policy"
policy: IPolicy
"Enum for the status of the policy change"
status: PolicyMutationStatus!
"List of errors related to the policy change"
errors: [PolicyMutationError!]!
}
interface IPolicyRule {
"Rule ID"
id: ID!
"Name of the rule"
name: String!
"Description for the rule"
description: String
"Position / priority of rule"
index: Int!
"TRUE = Rule is enabled, FALSE = Rule is disabled"
enabled: Boolean!
"Policy section where the rule is located"
section: PolicySectionInfo
}
"Results of rule change"
interface IPolicyRuleMutationPayload {
"Returns settings for the rule"
rule: IPolicyRulePayload
"Enum for the status of the policy change"
status: PolicyMutationStatus!
"List of errors related to the policy change"
errors: [PolicyMutationError!]!
}
"Results of changes to the rule"
interface IPolicyRulePayload {
audit: PolicyElementAudit!
"Rule that was changed"
rule: IPolicyRule!
"Summary of rule change, (ie. ADDED, UPDATED)"
properties: [PolicyElementPropertiesEnum!]!
}
"Enum for the type of time range a rule is active"
enum PolicyActiveOnEnum {
ALWAYS
CUSTOM_RECURRING
CUSTOM_TIMEFRAME
WORKING_HOURS
}
"Input for adding section info to a policy"
input PolicyAddSectionInfoInput {
name: String!
}
"Input for adding a section to a policy"
input PolicyAddSectionInput {
at: PolicySectionPositionInput!
section: PolicyAddSectionInfoInput!
}
type PolicyAudit {
publishedBy: String!
publishedTime: DateTime!
}
input PolicyCreateRevisionInput {
description: String! = ""
name: String!
}
"Returns data for a custom recurring time range that a rule is active"
type PolicyCustomRecurring {
days: [DayOfWeek!]!
from: Time!
to: Time!
}
"Input of data for a custom recurring time range that a rule is active"
input PolicyCustomRecurringInput {
days: [DayOfWeek!]! = []
from: Time!
to: Time!
}
"Input of data for a custom recurring time range that a rule is active"
input PolicyCustomRecurringUpdateInput {
days: [DayOfWeek!]
from: Time
to: Time
}
"Returns data for a custom one-time time range that a rule is active"
type PolicyCustomTimeframe {
from: DateTime!
to: DateTime!
}
"Input of data for a custom one-time time range that a rule is active"
input PolicyCustomTimeframeInput {
from: DateTime!
to: DateTime!
}
"Input of data for a custom one-time time range that a rule is active"
input PolicyCustomTimeframeUpdateInput {
from: DateTime
to: DateTime
}
"Discards unpublished revision for the policy and reverts to the settings for the published policy."
input PolicyDiscardRevisionInput {
id: ID
}
type PolicyElementAudit {
"The admin, or the API-key, that performed the last update"
updatedBy: String!
"The last date and time the rule was updated"
updatedTime: DateTime!
}
"Attributes describing the rule state or type"
enum PolicyElementPropertiesEnum {
"New (added) rule"
ADDED
"""
An object can not be moved, or referenced when moving other objects.
However its properties and content can be modified.
"""
ANCHORED
"A rule locked for changes by other admins"
LOCKED
"A rule moved to a different position"
MOVED
"Removed (deleted) rule"
REMOVED
"A pre-defined (system) rule that cannot be modified or removed"
SYSTEM
"Updated (modified) existing rule"
UPDATED
}
interface PolicyInfo {
id: ID!
name: String!
description: String!
enabled: Boolean!
policyLevel: PolicyLevelEnum!
audit: PolicyAudit!
}
enum PolicyLevelEnum {
MAIN
SUB_POLICY
}
input PolicyLevelEnumFilterInput {
eq: PolicyLevelEnum
in: [PolicyLevelEnum!]
neq: PolicyLevelEnum
nin: [PolicyLevelEnum!]
}
interface PolicyListPayload {
items: [PolicyInfo!]!
paging: PageInfo!
}
"Move the rule to a different position in the policy"
input PolicyMoveRuleInput {
id: ID!
to: PolicyRulePositionInput
}
"Input for moving a section within a policy"
input PolicyMoveSectionInput {
id: ID!
to: PolicySectionPositionInput
}
"Move the sub rule to a different position in the policy"
input PolicyMoveSubRuleInput {
id: ID!
to: PolicySubRulePositionInput!
}
"""
The `PolicyMutationError` enum defines various error messages related to policy publishing in the policy platform service.
## Policy Errors
### `ConcurrentPolicyPublish`
- **Error Message:** "Another policy is currently publishing"
### `PolicyRevisionMismatch`
- **Error Message:** "Revision is not owned by the admin"
### `PolicyRevisionNotFound`
- **Error Message:** "Revision was not found"
### `PolicyInvalidEntity`
- **Error Message:** "Invalid entity"
### `DuplicateRuleName`
- **Error Message:** "Rule with the same name already exists"
### `DuplicateSectionName`
- **Error Message:** "Section with the same name already exists"
### `PolicyFailure`
- **Error Message:** "Can’t publish policy due to an internal error. Please try again in a few minutes"
## Rule Errors
### `ruleIsLocked`
- **Error Message:** "Rule is locked by another revision"
### `ruleWasRemoved`
- **Error Message:** "Rule was already removed"
### `ruleNotExist`
- **Error Message:** "Rule does not exist"
### `ruleSectionNotExist`
- **Error Message:** "Section does not exist"
### `ruleSectionIsLocked`
- **Error Message:** "Section is locked by another revision"
### `rulePositionInvalid`
- **Error Message:** "Rule position is invalid"
### `ruleNameIsEmpty`
- **Error Message:** "Rule name can't be empty"
### `ruleNameAlreadyExists`
- **Error Message:** "Rule with the same name already exists"
### `ruleSystemModification`
- **Error Message:** "Can't modify a system rule"
### `ruleSystemMove`
- **Error Message:** "Can't add a rule above the system rules"
### `ruleHasInvalidEntity`
- **Error Message:** "Rule has an invalid entity"
### `failedValidatingRule`
- **Error Message:** "Something went wrong, couldn't validate rule"
## Section Errors
### `sectionIsLocked`
- **Error Message:** "Section is locked by another revision"
### `sectionSystemMove`
- **Error Message:** "Section with system rules cannot be moved or removed"
### `sectionNotExist`
- **Error Message:** "Section does not exist"
### `sectionPositionInvalid`
- **Error Message:** "Section position is invalid"
"""
type PolicyMutationError {
errorCode: String
errorMessage: String
}
input PolicyMutationRevisionInput {
id: ID
}
"Enum for the status of a policy mutation"
enum PolicyMutationStatus {
FAILURE
SUCCESS
}
"""
Published revision is the active policy
applied on the traffic.
In addition, when a policy is published, revision changes become visible
to other admins, and rules locked by the revision become unlocked
"""
input PolicyPublishRevisionInput {
description: String
name: String
}
interface PolicyRef implements ObjectRef {
"Policy's unique identifier"
id: ID!
"Policy's unique name"
name: String!
}
"Input for removing a section from a policy"
input PolicyRemoveSectionInput {
id: ID!
}
"Returns data about the policy revision, such as when the change was made, how many rules were changed, etc."
type PolicyRevision {
changes: Int!
createdTime: DateTime!
description: String!
id: ID!
name: String!
updatedTime: DateTime!
}
"Input for specifying a policy revision"
input PolicyRevisionInput {
id: ID
type: PolicyRevisionType = PRIVATE
}
"Enum for the type of a policy revision"
enum PolicyRevisionType {
PRIVATE
PUBLIC
}
"Returns data for publishing the policy"
type PolicyRevisionsPayload {
revision: [PolicyRevision!]!
}
"Returns the time period during which the rule is active, outside this period, the rule is inactive"
type PolicyRuleActivePeriod {
"The time the rule becomes active, if not used, default null"
effectiveFrom: DateTime
"The time the rule expires, if not used, default null"
expiresAt: DateTime
useEffectiveFrom: Boolean!
useExpiresAt: Boolean!
}
input PolicyRuleActivePeriodInput {
"The time the rule becomes active, if not used, default null"
effectiveFrom: DateTime
"The time the rule expires, if not used, default null"
expiresAt: DateTime
useEffectiveFrom: Boolean! = false
useExpiresAt: Boolean! = false
}
input PolicyRuleActivePeriodUpdateInput {
"The time the rule becomes active, if not used, default null"
effectiveFrom: DateTime
"The time the rule expires, if not used, default null"
expiresAt: DateTime
useEffectiveFrom: Boolean
useExpiresAt: Boolean
}
"Enum for the position of a rule within a policy"
enum PolicyRulePositionEnum {
"The rule position is after the pre-existing specified rule"
AFTER_RULE
"The rule position is before the pre-existing specified rule"
BEFORE_RULE
"The rule position is immediately after the system rules (first non-system rule)"
FIRST_IN_POLICY
"The rule position is first in the specified section"
FIRST_IN_SECTION
"The rule position is last in the policy"
LAST_IN_POLICY
"The rule position is last in the specified section"
LAST_IN_SECTION
}
"Parameters required to define the rule position"
input PolicyRulePositionInput {
"Position relative to a policy, a section or another rule"
position: PolicyRulePositionEnum
"The identifier of the object (e.g. a rule, a section) relative to which the position of the added rule is defined"
ref: ID
}
"Returns data for the alert settings for the rule"
type PolicyRuleTrackingAlert {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean!
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum!
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRef!]!
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRef!]!
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRef!]!
}
"Input of data for the alert settings for the rule"
input PolicyRuleTrackingAlertInput {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean! = false
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum! = HOURLY
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRefInput!]! = []
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRefInput!]! = []
}
"Input of data for the alert settings for the rule"
input PolicyRuleTrackingAlertUpdateInput {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRefInput!]
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRefInput!]
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRefInput!]
}
"Returns data if an alert is sent for a rule"
type PolicyRuleTrackingEvent {
enabled: Boolean!
}
"Input of data if an alert is sent for a rule"
input PolicyRuleTrackingEventInput {
enabled: Boolean! = false
}
"Input of data if an alert is sent for a rule"
input PolicyRuleTrackingEventUpdateInput {
enabled: Boolean
}
"Enum for the frequency of an alert event for a rule"
enum PolicyRuleTrackingFrequencyEnum {
DAILY
HOURLY
IMMEDIATE
WEEKLY
}
enum PolicyRuleTypeEnum {
"Indicate rule is a regular policy rule"
POLICY_RULE
"Indicate the rule is a scoping context for sub policy"
SUB_POLICY_SCOPE
}
type PolicySchedule {
activeOn: PolicyActiveOnEnum!
customRecurring: PolicyCustomRecurring
customTimeframe: PolicyCustomTimeframe
}
input PolicyScheduleInput {
activeOn: PolicyActiveOnEnum! = ALWAYS
customRecurring: PolicyCustomRecurringInput
customTimeframe: PolicyCustomTimeframeInput
}
input PolicyScheduleUpdateInput {
activeOn: PolicyActiveOnEnum
customRecurring: PolicyCustomRecurringUpdateInput
customTimeframe: PolicyCustomTimeframeUpdateInput
}
"Define settings for a policy section"
type PolicySectionInfo {
id: ID!
name: String!
subPolicyId: ID
}
type PolicySectionMutationPayload {
errors: [PolicyMutationError!]!
section: PolicySectionPayload
status: PolicyMutationStatus!
}
type PolicySectionPayload {
access: EntityAccess
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
section: PolicySectionInfo!
}
enum PolicySectionPositionEnum {
AFTER_SECTION
BEFORE_SECTION
LAST_IN_POLICY
}
input PolicySectionPositionInput {
position: PolicySectionPositionEnum!
ref: ID
}
"Enum for the position of a rule within a policy"
enum PolicySubRulePositionEnum {
"The rule position is after the pre-existing specified rule"
AFTER_SUB_RULE
"The rule position is before the pre-existing specified rule"
BEFORE_SUB_RULE
"The rule position is first in the specified rule"
FIRST_IN_RULE
"The rule position is last in the specified rule"
LAST_IN_RULE
}
"Parameters required to define the rule position"
input PolicySubRulePositionInput {
"Position relative to a policy, a section or another rule"
position: PolicySubRulePositionEnum!
"The identifier of the sub-rule relative to which the position of the added rule is defined"
ref: ID!
}
"Enum for the state of a policy"
enum PolicyToggleState {
DISABLED
ENABLED
}
type PolicyTracking {
alert: PolicyRuleTrackingAlert!
event: PolicyRuleTrackingEvent!
}
input PolicyTrackingInput {
alert: PolicyRuleTrackingAlertInput! = {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}
event: PolicyRuleTrackingEventInput! = {enabled: false}
}
input PolicyTrackingUpdateInput {
alert: PolicyRuleTrackingAlertUpdateInput
event: PolicyRuleTrackingEventUpdateInput
}
input PolicyUpdateSectionInfoInput {
name: String
}
input PolicyUpdateSectionInput {
id: ID!
section: PolicyUpdateSectionInfoInput!
}
input PortRangeUpdateInput {
from: Port
to: Port
}
interface SubPolicyPayload {
policy: PolicyInfo!
properties: [SubPolicyProperty!]!
}
enum SubPolicyProperty {
READ_ONLY
}
input SocketLanAddRuleDataInput {
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestinationInput! = {vlan: [], ipRange: [], subnet: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], group: [], floatingSubnet: [], siteNetworkSubnet: []}
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection! = TO
enabled: Boolean!
name: String!
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettingsInput! = {enabled: false, natType: DYNAMIC_PAT}
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanServiceInput! = {simple: [], custom: []}
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSiteInput! = {site: [], group: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSourceInput! = {vlan: [], ipRange: [], group: [], subnet: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], floatingSubnet: [], siteNetworkSubnet: []}
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType! = WAN
}
input SocketLanAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: SocketLanAddRuleDataInput!
}
"Returns the settings for Destination of a Wan Firewall rule."
type SocketLanDestination {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
vlan: [Vlan!]!
}
"Input of the settings for Destination of a Wan Firewall rule."
input SocketLanDestinationInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
vlan: [Vlan!]! = []
}
"Input of the settings for Destination of a Wan Firewall rule."
input SocketLanDestinationUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
vlan: [Vlan!]
}
enum SocketLanDirection {
"Specifies two-way direction."
BOTH
"Specifies one-way direction."
TO
}
enum SocketLanFirewallAction {
ALLOW
BLOCK
}
input SocketLanFirewallAddRuleDataInput {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction! = ALLOW
"Application traffic matching criteria."
application: SocketLanFirewallApplicationInput! = {application: [], customApp: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
description: String! = ""
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestinationInput! = {vlan: [], ipRange: [], subnet: [], site: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], group: [], floatingSubnet: [], siteNetworkSubnet: []}
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection! = TO
enabled: Boolean!
name: String!
"Service traffic matching criteria."
service: SocketLanFirewallServiceTypeInput! = {simple: [], standard: [], custom: []}
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSourceInput! = {vlan: [], mac: [], ipRange: [], group: [], subnet: [], site: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], floatingSubnet: [], siteNetworkSubnet: []}
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
input SocketLanFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicySubRulePositionInput
"Parameters for the rule you are adding"
rule: SocketLanFirewallAddRuleDataInput!
}
"Defines applications for the socket LAN firewall."
type SocketLanFirewallApplication {
"Applications matching criteria for this rule."
application: [ApplicationRef!]!
"Custom applications that can be matched by"
customApp: [CustomApplicationRef!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
globalIpRange: [GlobalIpRangeRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
"Defines applications for the socket LAN firewall."
input SocketLanFirewallApplicationInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]! = []
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
subnet: [NetworkSubnet!]! = []
}
"Defines applications for the socket LAN firewall."
input SocketLanFirewallApplicationUpdateInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]
domain: [Domain!]
fqdn: [Fqdn!]
globalIpRange: [GlobalIpRangeRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
"Defines destinations for the socket LAN firewall."
type SocketLanFirewallDestination {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Sites defined for your account."
site: [SiteRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]!
"Predefined system groups in your account."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines destinations for the socket LAN firewall."
input SocketLanFirewallDestinationInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Sites defined for your account."
site: [SiteRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]! = []
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines destinations for the socket LAN firewall."
input SocketLanFirewallDestinationUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Sites defined for your account."
site: [SiteRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
enum SocketLanFirewallDirection {
"Specifies two-way direction."
BOTH
"Specifies one-way direction."
TO
}
type SocketLanFirewallPolicyMutations {
addRule(input: SocketLanFirewallAddRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
moveRule(input: PolicyMoveSubRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
removeRule(input: SocketLanFirewallRemoveRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
updateRule(input: SocketLanFirewallUpdateRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
}
input SocketLanFirewallRemoveRuleInput {
id: ID!
}
type SocketLanFirewallRule implements IPolicyRule {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction!
"Application traffic matching criteria."
application: SocketLanFirewallApplication!
"Description for the rule"
description: String!
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestination!
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Service traffic matching criteria."
service: SocketLanFirewallServiceType!
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSource!
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTracking!
}
type SocketLanFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketLanFirewallRulePayload
status: PolicyMutationStatus!
}
type SocketLanFirewallRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketLanFirewallRule!
}
"Defines services used in the socket LAN firewall."
type SocketLanFirewallServiceType {
"Custom services defined for this rule."
custom: [CustomService!]!
"Simple services allowed by the firewall rule."
simple: [SimpleService!]!
"Standard services allowed by the firewall rule."
standard: [ServiceRef!]!
}
"Defines services used in the socket LAN firewall."
input SocketLanFirewallServiceTypeInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]! = []
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]! = []
"Standard services allowed by the firewall rule."
standard: [ServiceRefInput!]! = []
}
"Defines services used in the socket LAN firewall."
input SocketLanFirewallServiceTypeUpdateInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]
"Standard services allowed by the firewall rule."
standard: [ServiceRefInput!]
}
"Defines sources for the socket LAN firewall."
type SocketLanFirewallSource {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"MAC addresses of devices matching criteria."
mac: [MacAddress!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Sites defined for your account."
site: [SiteRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]!
"Predefined system groups in your account."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the socket LAN firewall."
input SocketLanFirewallSourceInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"MAC addresses of devices matching criteria."
mac: [MacAddress!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Sites defined for your account."
site: [SiteRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]! = []
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the socket LAN firewall."
input SocketLanFirewallSourceUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"MAC addresses of devices matching criteria."
mac: [MacAddress!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Sites defined for your account."
site: [SiteRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
input SocketLanFirewallUpdateRuleDataInput {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction
"Application traffic matching criteria."
application: SocketLanFirewallApplicationUpdateInput
description: String
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestinationUpdateInput
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection
enabled: Boolean
name: String
"Service traffic matching criteria."
service: SocketLanFirewallServiceTypeUpdateInput
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTrackingUpdateInput
}
input SocketLanFirewallUpdateRuleInput {
id: ID!
rule: SocketLanFirewallUpdateRuleDataInput!
}
"Defines NAT settings for the socket LAN policy."
type SocketLanNatSettings {
"Indicates if NAT is enabled."
enabled: Boolean!
natType: SocketLanNatType!
}
"Defines NAT settings for the socket LAN policy."
input SocketLanNatSettingsInput {
"Indicates if NAT is enabled."
enabled: Boolean! = false
natType: SocketLanNatType! = DYNAMIC_PAT
}
"Defines NAT settings for the socket LAN policy."
input SocketLanNatSettingsUpdateInput {
"Indicates if NAT is enabled."
enabled: Boolean
natType: SocketLanNatType
}
enum SocketLanNatType {
DYNAMIC_PAT
}
type SocketLanPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [SocketLanRulePayload!]!
sections: [PolicySectionPayload!]!
}
input SocketLanPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input SocketLanPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type SocketLanPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: SocketLanPolicy
status: PolicyMutationStatus!
}
type SocketLanPolicyMutations {
addRule(input: SocketLanAddRuleInput!): SocketLanRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): SocketLanPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): SocketLanPolicyMutationPayload! @beta
firewall: SocketLanFirewallPolicyMutations!
moveRule(input: PolicyMoveRuleInput!): SocketLanRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): SocketLanPolicyMutationPayload! @beta
removeRule(input: SocketLanRemoveRuleInput!): SocketLanRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: SocketLanPolicyUpdateInput!): SocketLanPolicyMutationPayload! @beta
updateRule(input: SocketLanUpdateRuleInput!): SocketLanRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type SocketLanPolicyQueries {
policy(input: SocketLanPolicyInput): SocketLanPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input SocketLanPolicyUpdateInput {
state: PolicyToggleState
}
input SocketLanRemoveRuleInput {
id: ID!
}
type SocketLanRule implements IPolicyRule {
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestination!
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
firewall: [SocketLanFirewallRulePayload!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettings!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanService!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSite!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSource!
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType!
}
type SocketLanRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketLanRulePayload
status: PolicyMutationStatus!
}
type SocketLanRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketLanRule!
}
"Defines services used in the socket LAN policy."
type SocketLanService {
"Custom Port/Protocol service."
custom: [CustomService!]!
"List of L4 based services."
simple: [SimpleService!]!
}
"Defines services used in the socket LAN policy."
input SocketLanServiceInput {
"Custom Port/Protocol service."
custom: [CustomServiceInput!]! = []
"List of L4 based services."
simple: [SimpleServiceInput!]! = []
}
"Defines services used in the socket LAN policy."
input SocketLanServiceUpdateInput {
"Custom Port/Protocol service."
custom: [CustomServiceInput!]
"List of L4 based services."
simple: [SimpleServiceInput!]
}
"Represents the site configurations in the socket LAN policy."
type SocketLanSite {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRef!]!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRef!]!
}
"Represents the site configurations in the socket LAN policy."
input SocketLanSiteInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRefInput!]! = []
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRefInput!]! = []
}
"Represents the site configurations in the socket LAN policy."
input SocketLanSiteUpdateInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRefInput!]
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRefInput!]
}
"Defines sources for the socket LAN policy."
type SocketLanSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRef!]!
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRef!]!
"Hosts and servers defined for your under Socket sites."
host: [HostRef!]!
"IP address."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network range defined for a site."
networkInterface: [NetworkInterfaceRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]!
"Predefined Cato groups."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the socket LAN policy."
input SocketLanSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your under Socket sites."
host: [HostRefInput!]! = []
"IP address."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the socket LAN policy."
input SocketLanSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRefInput!]
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRefInput!]
"Hosts and servers defined for your under Socket sites."
host: [HostRefInput!]
"IP address."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network range defined for a site."
networkInterface: [NetworkInterfaceRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]
"Predefined Cato groups."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
enum SocketLanTransportType {
"Specifies LAN transport type, routed locally for inspection of LAN Firewall."
LAN
"Specifies WAN transport type, send to the PoP for inspection of WAN Firewall."
WAN
}
input SocketLanUpdateRuleDataInput {
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestinationUpdateInput
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection
enabled: Boolean
name: String
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettingsUpdateInput
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanServiceUpdateInput
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSiteUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSourceUpdateInput
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType
}
input SocketLanUpdateRuleInput {
id: ID!
rule: SocketLanUpdateRuleDataInput!
}
input WanNetworkAddRuleDataInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], customServiceIp: [], customService: [], domain: [], fqdn: [], service: []}
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRefInput!
"The configuration of the rule."
configuration: WanNetworkRuleConfigurationInput! = {activeTcpAcceleration: false, packetLossMitigation: false, preserveSourcePort: false, primaryTransport: {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}, secondaryTransport: {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}, allocationIp: [], popLocation: [], backhaulingSite: []}
description: String! = ""
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
enabled: Boolean!
"Exceptions to the rule."
exceptions: [WanNetworkRuleExceptionInput!]! = []
name: String!
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType! = NONE
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType! = WAN
"The source of the traffic for the rule."
source: WanNetworkRuleSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
}
input WanNetworkAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: WanNetworkAddRuleDataInput!
}
type WanNetworkPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [WanNetworkRulePayload!]!
sections: [PolicySectionPayload!]!
}
input WanNetworkPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input WanNetworkPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type WanNetworkPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanNetworkPolicy
status: PolicyMutationStatus!
}
type WanNetworkPolicyMutations {
addRule(input: WanNetworkAddRuleInput!): WanNetworkRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): WanNetworkPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): WanNetworkPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): WanNetworkRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): WanNetworkPolicyMutationPayload! @beta
removeRule(input: WanNetworkRemoveRuleInput!): WanNetworkRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: WanNetworkPolicyUpdateInput!): WanNetworkPolicyMutationPayload! @beta
updateRule(input: WanNetworkUpdateRuleInput!): WanNetworkRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type WanNetworkPolicyQueries {
policy(input: WanNetworkPolicyInput): WanNetworkPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input WanNetworkPolicyUpdateInput {
state: PolicyToggleState
}
input WanNetworkRemoveRuleInput {
id: ID!
}
type WanNetworkRule implements IPolicyRule {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplication!
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRef!
"The configuration of the rule."
configuration: WanNetworkRuleConfiguration!
"Description for the rule"
description: String!
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestination!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Exceptions to the rule."
exceptions: [WanNetworkRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType!
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType!
"Policy section where the rule is located"
section: PolicySectionInfo!
"The source of the traffic for the rule."
source: WanNetworkRuleSource!
}
type WanNetworkRuleApplication {
appCategory: [ApplicationCategoryRef!]!
application: [ApplicationRef!]!
customApp: [CustomApplicationRef!]!
customCategory: [CustomCategoryRef!]!
customService: [CustomService!]!
customServiceIp: [CustomServiceIp!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
service: [ServiceRef!]!
}
input WanNetworkRuleApplicationInput {
appCategory: [ApplicationCategoryRefInput!]! = []
application: [ApplicationRefInput!]! = []
customApp: [CustomApplicationRefInput!]! = []
customCategory: [CustomCategoryRefInput!]! = []
customService: [CustomServiceInput!]! = []
customServiceIp: [CustomServiceIpInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
service: [ServiceRefInput!]! = []
}
input WanNetworkRuleApplicationUpdateInput {
appCategory: [ApplicationCategoryRefInput!]
application: [ApplicationRefInput!]
customApp: [CustomApplicationRefInput!]
customCategory: [CustomCategoryRefInput!]
customService: [CustomServiceInput!]
customServiceIp: [CustomServiceIpInput!]
domain: [Domain!]
fqdn: [Fqdn!]
service: [ServiceRefInput!]
}
type WanNetworkRuleConfiguration {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean!
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRef!]!
"The site for backhaul routing option."
backhaulingSite: [SiteRef!]!
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean!
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRef!]!
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean!
"The primary transport method."
primaryTransport: WanNetworkRuleTransport!
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransport!
}
input WanNetworkRuleConfigurationInput {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean! = false
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRefInput!]! = []
"The site for backhaul routing option."
backhaulingSite: [SiteRefInput!]! = []
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean! = false
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRefInput!]! = []
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean! = false
"The primary transport method."
primaryTransport: WanNetworkRuleTransportInput! = {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransportInput! = {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}
}
input WanNetworkRuleConfigurationUpdateInput {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRefInput!]
"The site for backhaul routing option."
backhaulingSite: [SiteRefInput!]
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRefInput!]
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean
"The primary transport method."
primaryTransport: WanNetworkRuleTransportUpdateInput
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransportUpdateInput
}
type WanNetworkRuleDestination {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
site: [SiteRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input WanNetworkRuleDestinationInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
site: [SiteRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input WanNetworkRuleDestinationUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
site: [SiteRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
type WanNetworkRuleException {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplication!
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestination!
"The name of the network rule."
name: String!
"The source of the traffic for the rule."
source: WanNetworkRuleSource!
}
input WanNetworkRuleExceptionInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], customServiceIp: [], customService: [], domain: [], fqdn: [], service: []}
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
"The name of the network rule."
name: String!
"The source of the traffic for the rule."
source: WanNetworkRuleSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
}
enum WanNetworkRuleInterfaceRole {
"Automatic interface role."
AUTOMATIC
"No interface role."
NONE
"WAN1 interface role."
WAN1
"WAN2 interface role."
WAN2
"WAN3 interface role."
WAN3
"WAN4 interface role."
WAN4
"WAN5 interface role."
WAN5
"WAN6 interface role."
WAN6
}
type WanNetworkRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: WanNetworkRulePayload
status: PolicyMutationStatus!
}
type WanNetworkRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: WanNetworkRule!
}
enum WanNetworkRuleRouteType {
"Backhaul routing."
BACKHAUL
"Backhaul hairpinning routing."
BACKHAUL_HAIRPINNING
"NAT routing."
NAT
"No routing."
NONE
"Optimized routing. Smart Egress using closest destination"
OPTIMIZED
"Route via a specific path."
VIA
}
type WanNetworkRuleSource {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
site: [SiteRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input WanNetworkRuleSourceInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
site: [SiteRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input WanNetworkRuleSourceUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
site: [SiteRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
type WanNetworkRuleTransport {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole!
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole!
transportType: WanNetworkRuleTransportType!
}
input WanNetworkRuleTransportInput {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole! = AUTOMATIC
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole! = AUTOMATIC
transportType: WanNetworkRuleTransportType! = AUTOMATIC
}
enum WanNetworkRuleTransportType {
"Alternative WAN transport type."
ALTERNATIVE_WAN
"Automatic transport type."
AUTOMATIC
"No transport type."
NONE
"Off-cloud transport type."
OFF_CLOUD
"WAN transport type."
WAN
}
input WanNetworkRuleTransportUpdateInput {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole
transportType: WanNetworkRuleTransportType
}
enum WanNetworkRuleType {
"Inbound Internet transport type."
INBOUND_INTERNET
"Internet transport type."
INTERNET
"WAN transport type."
WAN
}
input WanNetworkUpdateRuleDataInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationUpdateInput
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRefInput
"The configuration of the rule."
configuration: WanNetworkRuleConfigurationUpdateInput
description: String
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationUpdateInput
enabled: Boolean
"Exceptions to the rule."
exceptions: [WanNetworkRuleExceptionInput!]
name: String
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType
"The source of the traffic for the rule."
source: WanNetworkRuleSourceUpdateInput
}
input WanNetworkUpdateRuleInput {
id: ID!
rule: WanNetworkUpdateRuleDataInput!
}
type LicensingQueries {
"""BETA"""
licensingInfo: LicensingInfo @beta
}
type LicensingMutations {
"""BETA"""
updateCommercialLicense(input: UpdateCommercialLicenseInput!): UpdateCommercialLicensePayload @beta
}
input UpdateCommercialLicenseInput {
"""The unique identifier of the license to update"""
licenseId: ID!
"""The desired start date for the license activation"""
startDate: DateTime
}
type UpdateCommercialLicensePayload {
"""The license that was modified"""
license: License!
}
"""Public license API"""
type LicensingInfo {
aiSecurityApplications: [AISecurityApplicationsLicense!]!
aiSecurityUsers: [AISecurityUsersLicense!]!
atp: [AtpLicense!]!
casb: [CasbLicense!]!
dataLake: [DataLakeLicense!]!
dem: [DemLicense!]!
dlp: [DlpLicense!]!
endpointProtection: [EndpointProtectionLicense!]!
"""License usage and allocation across the managed accounts"""
globalLicenseAllocations: GlobalLicenseAllocations!
ilmm: [IlmmLicense!]!
iotOt: [IotOtLicense!]!
ips: [IpsLicense!]!
"""License inventory"""
licenses: [License!]! @deprecated(reason: "please use individual license type fields")
malwareProtection: [MalwareProtectionLicense!]!
managedXdr: [ManagedXdrLicense!]!
mdr: [MdrLicense!]!
nextGenMalwareProtection: [NextGenMalwareProtectionLicense!]!
nocaas: [NOCaaSLicense!]!
pooledBandwidth: [PooledBandwidthLicense!]!
publicIps: [PublicIpsLicense!]!
rbi: [RbiLicense!]!
saasSecurityApi: [SaasSecurityApiLicense!]!
site: [SiteLicense!]!
threatPrevention: [ThreatPreventionLicense!]!
xdrPro: [XdrProLicense!]!
xOps: [XOpsLicense!]!
ztnaUsers: [ZtnaUsersLicense!]!
}
"""License usage and allocation across all accounts"""
type GlobalLicenseAllocations {
"""Public IP addresses usage across the accounts"""
publicIps: PublicIpsLicenseAllocations
"""ZTNA license allocation across the accounts"""
ztnaUsers: ZtnaUsersLicenseAllocations
}
"""IP addresses license usage and allocation across all accounts"""
type PublicIpsLicenseAllocations {
allocated: Int!
available: Int!
total: Int!
}
"""Global ZTNA license usage and allocation across all accounts"""
type ZtnaUsersLicenseAllocations {
"""Total users allocated a ZTNA license"""
allocated: Int!
"""Available users not yet allocated a license"""
available: Int!
"""Total ZTNA licenses for users"""
total: Int!
}
"""enum for license plan type (site license, service license, etc...)"""
enum LicensePlan {
COMMERCIAL
TRIAL
}
"""enum that shows account license status"""
enum AccountPlan {
COMMERCIAL
TRIAL
}
"""
enum for account plan status – the current license status within the license lifecycle
"""
enum LicenseStatus {
"""A license that is currently active"""
ACTIVE
"""An expired license is no longer active"""
DISABLED
"""A license in a grace period"""
LOCKED
"""The license is pending customer activation by setting a start date"""
PENDING
"""
An existing license with a future start date that is not currently active
"""
SCHEDULED
"""
A license that is active before its start date, for partners and customers to verify the relevant configurations
"""
STAGING
}
"""
An interface containing properties that are common to all license types
"""
interface License {
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
description: String
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License activation status"""
status: LicenseStatus!
"""License start date"""
startDate: DateTime
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
}
interface QuantifiableLicense implements License {
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
description: String
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License activation status"""
status: LicenseStatus!
"""License initiation date"""
startDate: DateTime
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""license quantity"""
total: Int!
}
type DataLakeLicense implements License & QuantifiableLicense {
description: String
"""
The version of the Data Processing Agreement (DPA) that your company signed with Cato.
"""
dpaVersion: DpaVersion!
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""
Data retention period, in months, during which the account data may remain on the Cato Cloud. After this period the data will be permanently deleted.
"""
retentionPeriod: Int
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""
Total number of the Data Storage Units under this license. Each Data Storage Unit increases the allowed ingestion rate (events per hour and total events storage)
"""
total: Int!
}
"""The DPA agreement, based on your contract with Cato"""
enum DpaVersion {
DPA_2019_01
DPA_2021_01
DPA_2023_01
}
"""Public IP address license"""
type PublicIpsLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The number of public IPs available in the licenses"""
total: Int!
}
"""Site bandwidth license"""
type SiteLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""
For the relevant license groups, indicates whether this is a global or regional license. For other regions, the value is set to ‘NA’ (not applicable).
"""
regionality: Regionality
"""Identifying data for the site the license is assigned to"""
site: SiteRef
"""The license group."""
siteLicenseGroup: SiteLicenseGroup!
"""The selected service type, e.g SASE or SSE."""
siteLicenseType: SiteLicenseType!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""Maximum available bandwidth for the site, in Mbps"""
total: Int!
}
type PooledBandwidthLicense implements License & QuantifiableLicense {
"""
Accounts that this license is assigned to (and the license usage within each account)
"""
accounts: [PartnerPooledBandwidthLicenseAccount!]!
"""
allocated bandwidth, in Mbps, for all the sites assigned to this license.
"""
allocatedBandwidth: Int!
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""Regional license group"""
siteLicenseGroup: SiteLicenseGroup!
"""The selected service type, e.g SASE or SSE."""
siteLicenseType: SiteLicenseType!
"""
Sites that this license is assigned to (and the license usage within each site)
"""
sites: [PooledBandwidthLicenseSite!]!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""
Maximum available bandwidth, in Mbps, for all the sites under this license. This constitutes the bandwidth pool that is allocated to different sites.
"""
total: Int!
}
type PooledBandwidthLicenseSite {
"""Allocated bandwidth for this site"""
allocatedBandwidth: Int!
"""Identifying data for the site"""
site: SiteRef!
}
type PartnerPooledBandwidthLicenseAccount {
"""Identifying data for the account"""
account: AccountRef!
"""Allocated bandwidth for this account"""
allocatedBandwidth: Int!
}
enum SiteLicenseGroup {
"""legacy license group"""
AFRICA
"""legacy license group"""
ANZ
"""legacy license group"""
APJ
"""Country with stand-alone licenses (not part of a group)"""
CHINA
"""legacy license group"""
DUBAI
"""legacy license group"""
EUROPE
GROUP_1
GROUP_2
"""legacy license group"""
LATAM
"""legacy license group"""
MIDDLE_EAST
"""Country with stand-alone licenses (not part of a group)"""
MOROCCO
"""legacy license group"""
NAM
"""Country with stand-alone licenses (not part of a group)"""
VIETNAM
}
enum SiteLicenseType {
SASE
SSE
}
"""ZTNA remote users license"""
type ZtnaUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The maximum amount of ZTNA users for the region."""
total: Int!
"""Specify a license group that you are limiting the number of ZTNA users"""
ztnaUsersLicenseGroup: ZtnaUsersLicenseGroup!
}
"""Geographical regions that can be associated with a remote user license"""
enum ZtnaUsersLicenseGroup {
"""Country with stand-alone licenses (not part of a group)"""
CHINA
"""Legacy group"""
DUBAI
GENERAL
"""Legacy group"""
LATAM
"""Country with stand-alone licenses (not part of a group)"""
MOROCCO
"""Country with stand-alone licenses (not part of a group)"""
VIETNAM
}
"""
REGIONAL and GLOBAL licenses for MOROCCO, CHINA, and VIETNAM group values
"""
enum Regionality {
"""Global traffic going outside of the region"""
GLOBAL
"""Site traffic within the region"""
REGIONAL
}
"""End Point Protection (EPP) license details"""
type EndpointProtectionLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The maximum number of users that can use this service"""
total: Int!
}
"""Intelligent Last Mile Monitoring (ILMM) License details"""
type IlmmLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The total amount of ILMM licenses."""
total: Int!
}
"""
Intrusion Prevention System (IPS) service license (Legacy license, replaced by TP)
"""
type IpsLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Anti-Malware service license details (Legacy license, replaced by TP)"""
type MalwareProtectionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""
NG Anti-Malware service license details (Legacy license, replaced by TP)
"""
type NextGenMalwareProtectionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Threat Prevention (TP) license details"""
type ThreatPreventionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""NOC as a Service (NOCaaS) service license details"""
type NOCaaSLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Cloud Access Security Broker (CASB) service license details"""
type CasbLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Data Loss Prevention (DLP) Service license details"""
type DlpLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""MDR service license details"""
type MdrLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Managed XDR service license details"""
type ManagedXdrLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Remote Browser Isolation (RBI) service license details"""
type RbiLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""SaaS Security API service license details"""
type SaasSecurityApiLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""license quantity"""
total: Int!
}
"""XDR Pro (extended detection and response) service license details"""
type XdrProLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The number of knowledge users that the XDR Pro service refers to"""
total: Int!
}
"""DEM service license details"""
type DemLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""IoT/OT Security service license details"""
type IotOtLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Advanced Threat Prevention (ATP) service license details"""
type AtpLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""XOps service license details"""
type XOpsLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""AI Security Users service license details"""
type AISecurityUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""AI Security Applications service license details"""
type AISecurityApplicationsLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it.
"""
id: ID
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
input AssignSiteBwLicenseInput {
"""
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license.
This field should not be used if a site license is used.
"""
bw: Int
"""The license that is being assigned"""
licenseId: ID!
"""The site the license is assigned to"""
site: SiteRefInput!
}
type AssignSiteBwLicensePayload {
license: License!
}
input UpdateSiteBwLicenseInput {
"""
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license.
"""
bw: Int!
"""The license that is being assigned"""
licenseId: ID!
"""The site the license is being assigned to"""
site: SiteRefInput!
}
type UpdateSiteBwLicensePayload {
license: License!
}
input ReplaceSiteBwLicenseInput {
"""
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license.
This field should not be used if a site license is used.
"""
bw: Int
"""The license that is being assigned"""
licenseIdToAdd: ID!
"""The license that is being removed"""
licenseIdToRemove: ID!
"""The site to replace the licenses for"""
site: SiteRefInput!
}
type ReplaceSiteBwLicensePayload {
license: License!
}
input RemoveSiteBwLicenseInput {
"""The license that is being removed"""
licenseId: ID!
"""The site to remove the licenses from"""
site: SiteRefInput!
}
type RemoveSiteBwLicensePayload {
license: License!
}
type HardwareQueries {
"""Count of hardware items by shipping status"""
countHardwareByStatus: StatusCount @beta
"""Retrieve the account hardware items"""
hardware(input: HardwareSearchInput): HardwarePayload @beta
}
type HardwareMutations {
"""Set Shipping details for a list of hardware"""
updateHardwareShipping(input: UpdateHardwareShippingInput!): HardwarePayload @beta
}
enum ShippingStatus {
CONFIRM_SHIPPING
DELIVERED
IN_TRANSIT
PENDING_INFO
}
input HardwareSearchInput {
filter: HardwareFilterInput
paging: PagingInput = {limit: 100, from: 0}
sort: HardwareSortInput
}
input HardwareShippingDetailsInput {
"""The shipping details"""
details: ShippingDetailsInput!
"""Power cable type (for sockets only)"""
powerCable: String
}
input ShippingDetailsInput {
"""Address for delivery"""
address: AddressInput
"""Comment"""
comment: String
"""Delivery contact detail"""
contact: ContactDetailsInput
"""Shipping method"""
incoterms: String
"""Delivery instruction (required for EXW incoterms)"""
instruction: String
"""Vat id (required for Brazil)"""
vatId: String
}
input AddressInput {
"""City"""
cityName: String!
"""Company name (recipient)"""
companyName: String!
"""Country"""
countryName: String!
"""State (required only for USA)"""
stateName: String
"""Street name and number"""
street: String!
"""Zip Code"""
zipCode: String!
}
input HardwareFilterInput {
account: [AccountFilter!]
countryCode: StringFilterInput
countryName: [StringFilterInput!]
"""
Will run contains operation for the provided text on the following fields productType,
sfId, siteName, quoteId, model, zipCode, country, city, state, street, companyName, contactName,
trackingUrl, trackingNumber, serialNumber and comment with OR between them
"""
freeText: FreeTextFilterInput
id: [IdFilterInput!]
licenseStartDate: [DateTimeFilterInput!]
product: [StringFilterInput!]
serialNumber: [StringFilterInput!]
shippingStatus: [ShippingStatusFilterInput!]
validAddress: BooleanFilterInput
}
input ShippingStatusFilterInput {
eq: ShippingStatus
in: [ShippingStatus!]
neq: ShippingStatus
nin: [ShippingStatus!]
}
input HardwareSortInput {
country: SortOrderInput
incoterms: SortOrderInput
licenseId: SortOrderInput
"""Default sort field"""
licenseStartDate: SortOrderInput
productType: SortOrderInput
quoteId: SortOrderInput
serialNumber: SortOrderInput
shippingDate: SortOrderInput
shippingStatus: SortOrderInput
siteName: SortOrderInput
}
input UpdateHardwareShippingInput {
""" The shipping details to update"""
details: HardwareShippingDetailsInput!
""" The ids of items to update"""
ids: [ID!]!
}
type ShippingDetails {
"""City"""
cityName: String
"""Comment"""
comment: String
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetails
"""Country"""
countryName: String
"""Shipping method"""
incoterms: String
"""Delivery instruction (required for EXW incoterms)"""
instruction: String
"""Power cable type (for sockets only)"""
powerCable: String
"""State (required only for USA)"""
stateName: String
"""Street name and number"""
street: String
"""Vat id (required for Brazil)"""
vatId: String
"""Zip Code"""
zipCode: String
}
type ShippingTracking {
"""Carrier (shipping company)"""
carrier: String
"""Shipping date"""
shippingDate: Date
"""Shipping status"""
shippingStatus: ShippingStatus
"""Tracking number"""
trackingNumber: String
"""Tracking url"""
trackingUrl: String
}
type HardwarePayload {
"""The results"""
items: [Hardware!]!
"""Pagination details"""
pageInfo: PageInfo
}
type Hardware {
"""Cma account"""
account: AccountRef
"""Id"""
id: ID!
"""Last modified"""
lastModified: DateTime
"""Crm License Id"""
licenseId: ID
"""License start date"""
licenseStartDate: Date
"""Reference to the Enterprise Directory address"""
locationId: ID
"""Product Mac address"""
macAddress: String
"""Product model"""
model: String
"""Product order number"""
poNumber: String
"""Product type"""
productType: String
"""Quote ID where the product was purchased"""
quoteId: String
"""Serial number"""
serialNumber: String
"""Shipping details"""
shippingDetail: ShippingDetails
"""Shipping tracking data"""
shippingTracking: ShippingTracking
"""The site’s country"""
siteCountryName: String
"""Validation details"""
validation: HardwareValidation
}
type HardwareValidation {
"""Address validation details"""
addressValidationStatus: AddressValidationStatus
"""Complete item"""
completed: Boolean!
"""Incomplete reason"""
incompleteReason: String
}
type StatusCount {
CONFIRM_SHIPPING: Int
DELIVERED: Int
IN_TRANSIT: Int
PENDING_INFO: Int
}
"""Queries for reading groups-related information"""
type GroupsQueries {
"""
Get a specific group configuration. The group can be identified by ID or name.
"""
group(input: GroupRefInput!): Group @beta
"""
Get a list of groups, with optional filters and sorting.
This query only returns basic information for each group (e.g. name, ID).
To view full configuration details, including members, use the `group` query for each result.
"""
groupList(input: GroupListInput = {paging: {limit: 100, from: 0}, sort: {name: {direction: ASC, priority: 1}}}): GroupListPayload @beta
"""Check which policies use the group."""
whereUsed(input: GroupRefInput!): GroupWhereUsedPayload @beta
}
"""
A group is a collection of typed members (e.g., sites, hosts).
Groups can include members of different types.
When you update a group or use it in a policy, the system verifies that all members are allowed in the policy's scope.
If a group is used in a policy that doesn’t support certain member types, you can't add those types to the group.
If a group already includes unsupported types, you can only assign it to a policy that supports those types.
A member type is valid if it's supported in the group and allowed in the policy scope.
"""
type Group {
"""Contains creation and modification metadata for the group"""
audit: AuditingMetadata!
"""Optional free-text description for documentation or context"""
description: String
"""Unique ID for the group."""
id: ID!
"""
Lists the members in this group. Supports paging, filtering, and sorting by type and name
"""
members(input: GroupMembersListInput! = {paging: {limit: 100, from: 0}, sort: {name: {direction: ASC, priority: 2}, type: {direction: ASC, priority: 1}}}): GroupMembersListPayload!
"""
Total number of group members. When paging and filtering is used, this number may be higher than the number of members returned by the query
"""
membersCount: Int!
"""
Breakdown of member count by type (e.g., number of sites, hosts, etc.).
"""
membersCountPerType: [GroupMemberTypeCount!]!
"""Name of the group (not guaranteed to be globally unique)."""
name: String!
}
"""
Describes where the group is used across policies and scopes.
Includes a list of policy scopes where the group is applied,
and identifies any member types that are not supported in those policy scopes.
"""
type GroupWhereUsedPayload {
"""
Member types in the group that are not valid in one or more scopes where the group is used.
"""
invalidMemberTypes: [InvalidGroupMemberTypeInScope!]!
"""
List of scopes where the group is used. Each scope indicates the policy type and field.
"""
usage: [GroupScope!]!
"""Value is True if the group is used in at least one policy or scope."""
used: Boolean!
}
"""
Represents a member type in the group that is not supported in one or more scopes.
Each scope indicates where the member type is not allowed.
"""
type InvalidGroupMemberTypeInScope {
"""
List of scopes (policy type and field) where this member type is not supported.
"""
scope: [GroupScope!]!
"""The unsupported member type (e.g., site, host, etc.)"""
type: GroupMemberRefType!
}
"""
The scope (context) in which a group is used or supported.
Includes the policy type and the specific field name(s) where the group is used.
"""
type GroupScope {
"""
The specific fields within the policy where the group is used (e.g., 'source', 'destination').
"""
field: [String!]!
"""The type of policy (e.g.,WAN Firewall)."""
type: String!
}
"""
A list of group members, pagination details, applied filters, and sorting information.
"""
type GroupMembersListPayload {
"""
List of members that matched the query (including filtering, sorting, and paging).
"""
items: [GroupMemberRefTyped!]!
"""Pagination information for the result set (e.g., offset, total count)."""
paging: PageInfo!
}
"""
Filter, sort, and pagination applied when fetching the the list of group members.
"""
input GroupMembersListInput {
filter: [GroupMembersListFilterInput!]
paging: PagingInput! = {limit: 100, from: 0}
sort: GroupMembersListSortInput! = {name: {direction: ASC, priority: 2}, type: {direction: ASC, priority: 1}}
}
"""Filters to narrow down group members that are fetched."""
input GroupMembersListFilterInput {
"""Filter group members by name"""
name: [AdvancedStringFilterInput!]
"""Filter group members by type"""
type: [GroupMemberRefTypeFilterInput!]
}
"""
Sort group members by one or more fields.
If multiple fields are specified, the system uses their priority to determine order. For example, type with priority 1 will be used first, then name with priority 2.
"""
input GroupMembersListSortInput {
"""Sort by member name"""
name: SortOrderInput
"""Sort by member type"""
type: SortOrderInput
}
"""
Reference to a group member, including its ID, name, and type.
Used when listing or identifying members within a group.
"""
type GroupMemberRefTyped implements ObjectRef {
"Object's unique identifier"
id: ID!
"Object's unique name"
name: String!
type: GroupMemberRefType!
}
"""A reference to a group member, used when adding or filtering members."""
input GroupMemberRefTypedInput {
"""Whether to resolve the reference by ID or name. Defaults to ID."""
by: ObjectRefBy! = ID
"""The value of the member identifier (ID or name)"""
input: String!
"""The member type."""
type: GroupMemberRefType!
}
"""Counts how many members of each type the group contains."""
type GroupMemberTypeCount {
"""Number of members of this type that belong to the group"""
membersCount: Int!
"""The member type (e.g., SITE, HOST)"""
type: GroupMemberRefType!
}
"""List groups with optional filters, sorting, and pagination."""
input GroupListInput {
"""Filter groups by ID, name, member, audit data, or free-text"""
filter: [GroupListFilterInput!]
"""Pagination settings"""
paging: PagingInput! = {limit: 100, from: 0}
"""Sorting options, default behavior is ascending by name"""
sort: GroupListSortInput! = {name: {direction: ASC, priority: 1}}
}
"""Apply filters when fetching the list of groups."""
input GroupListFilterInput {
"""Filter by audit metadata (e.g., created by)"""
audit: [AuditingMetadataFilterInput!]
"""Free-text search across textual fields like name"""
freeText: FreeTextFilterInput
"""Filter by group ID"""
id: [IdFilterInput!]
"""Filter groups that include specific members"""
member: [GroupMemberFilterInput!]
"""Filter by group name"""
name: [AdvancedStringFilterInput!]
}
"""Filter groups by member reference."""
input GroupMemberFilterInput {
"""Member reference used to identify the groups it belongs to"""
ref: GroupMemberRefTypedInput!
}
"""Member types that can be referenced in a group."""
enum GroupMemberRefType {
FLOATING_SUBNET
GLOBAL_IP_RANGE
HOST
NETWORK_INTERFACE
SITE
SITE_NETWORK_SUBNET
}
"""Filter member types using the supported operators"""
input GroupMemberRefTypeFilterInput {
"""Match if member type equals this value"""
eq: GroupMemberRefType
"""Match if member type is in this list"""
in: [GroupMemberRefType!]
"""Match if member type does not equal this value"""
neq: GroupMemberRefType
"""Match if member type is not in this list"""
nin: [GroupMemberRefType!]
}
"""Sort groups by name or audit metadata"""
input GroupListSortInput {
"""Sort groups by audit metadata (e.g., creation time)"""
audit: AuditingMetadataSortInput
"""ort groups by name"""
name: SortOrderInput
}
"""
A list of groups returned by the groupList query, with pagination info.
"""
type GroupListPayload {
"""The list of fetched groups"""
items: [Group!]!
"""Pagination that was applied during the fetch"""
paging: PageInfo!
}
"""Operations for managing groups"""
type GroupsMutations {
"""Create a new group"""
createGroup(input: CreateGroupInput!): CreateGroupPayload @beta
"""Delete a group"""
deleteGroup(input: GroupRefInput!): DeleteGroupPayload @beta
"""
Update an existing group, including attributes such as name, description, and member items
"""
updateGroup(input: UpdateGroupInput!): UpdateGroupPayload @beta
}
"""Create a new group"""
input CreateGroupInput {
"""Optional description for the group"""
description: String
"""
Initial list of members for the new group. There is a maximum of 500 members per createGroup mutation
"""
members: [GroupMemberRefTypedInput!]
"""The name of the new group"""
name: String!
}
"""The created group object."""
type CreateGroupPayload {
group: Group!
}
"""
Update attributes for a group. Only the provided fields are updated - the other fields are not changed
Note: You can only update a total of 500 group members at one time, this means 'membersToAdd + membersToRemove' or 'members' must be less than 500
"""
input UpdateGroupInput {
"""New description for the group, if changing"""
description: String
"""Specify the group you’re updating"""
group: GroupRefInput!
"""Replaces all members in the group with this list of members"""
members: [GroupMemberRefTypedInput!]
"""
Adds members to the existing set of members. Can't be used together with the 'members' field
"""
membersToAdd: [GroupMemberRefTypedInput!]
"""
Removes members from the group. Can't be used together with the 'members' field
"""
membersToRemove: [GroupMemberRefTypedInput!]
"""New name for the group, if changing"""
name: String
}
"""The updated group object"""
type UpdateGroupPayload {
"""Updated group"""
group: Group!
}
"""The deleted group object"""
type DeleteGroupPayload {
"""The group that was deleted"""
group: Group!
}
type SiteGeneralDetailsPayload {
description: String
"""Only relevant for socket sites"""
preferredPopLocation: SitePreferredPopLocation
site: SiteRef!
siteLocation: SiteLocation!
siteType: SiteType!
}
type SiteLocation {
address: String
cityName: String
countryCode: String!
stateCode: String
timezone: String!
}
type SitePreferredPopLocation {
"""
Forces the socket to connect exclusively to the configured PoP locations
"""
preferredOnly: Boolean!
primary: PopLocationRef
secondary: PopLocationRef
}
input UpdateSiteGeneralDetailsInput {
description: String
name: String
"""Only relevant for socket sites"""
preferredPopLocation: UpdateSitePreferredPopLocationInput
siteLocation: UpdateSiteLocationInput
siteType: SiteType
}
input UpdateSiteLocationInput {
address: String
cityName: String
countryCode: String
stateCode: String
timezone: String
}
input UpdateSitePreferredPopLocationInput {
"""
Forces the socket to connect exclusively to the configured PoP locations
"""
preferredOnly: Boolean!
"""
Set the location reference to -1, `Automatic`, or null to enable automatic selection.
Set the location reference to -2 or `None` to disable the preferred PoP location (only allowed for secondary).
"""
primary: PopLocationRefInput
secondary: PopLocationRefInput
}
type UpdateSiteGeneralDetailsPayload {
siteId: ID!
}
"The action applied by the Internet Firewall if the rule is matched"
enum InternetFirewallActionEnum {
"Allow the network traffic to pass through the firewall."
ALLOW
"Deny the network traffic from passing through the firewall."
BLOCK
"Requests user confirmation to allow or block network traffic."
PROMPT
"Apply Remote Browser Isolation (RBI) to the network traffic"
RBI
}
input InternetFirewallAddRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum! = BLOCK
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodInput! = {useEffectiveFrom: false, useExpiresAt: false}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestinationInput! = {application: [], customApp: [], appCategory: [], customCategory: [], sanctionedAppsCategory: [], country: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: [], remoteAsn: [], containers: {fqdnContainer: [], ipAddressRangeContainer: []}}
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]! = []
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleExceptionInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceTypeInput! = {standard: [], custom: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Rule parameters and relevant position"
input InternetFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: InternetFirewallAddRuleDataInput!
}
input InternetFirewallAddSubPolicyDataInput {
description: String!
name: String!
}
input InternetFirewallAddSubPolicyInput {
at: PolicyRulePositionInput!
policy: InternetFirewallAddSubPolicyDataInput
scope: InternetFirewallAddRuleDataInput!
}
type InternetFirewallAddSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
type InternetFirewallContainer {
fqdnContainer: [FqdnContainerRef!]!
ipAddressRangeContainer: [IpAddressRangeContainerRef!]!
}
input InternetFirewallContainerInput {
fqdnContainer: [FqdnContainerRefInput!]! = []
ipAddressRangeContainer: [IpAddressRangeContainerRefInput!]! = []
}
input InternetFirewallContainerUpdateInput {
fqdnContainer: [FqdnContainerRefInput!]
ipAddressRangeContainer: [IpAddressRangeContainerRefInput!]
}
"Returns the settings for Destination of an Internet Firewall rule"
type InternetFirewallDestination {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
containers: InternetFirewallContainer!
"Countries"
country: [CountryRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]!
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRef!]!
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]!
}
"Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)"
input InternetFirewallDestinationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
containers: InternetFirewallContainerInput! = {fqdnContainer: [], ipAddressRangeContainer: []}
"Countries"
country: [CountryRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]! = []
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]! = []
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]! = []
}
"Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)"
input InternetFirewallDestinationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
containers: InternetFirewallContainerUpdateInput
"Countries"
country: [CountryRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]
}
type InternetFirewallPolicy implements IPolicy {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyAudit
"Description for the policy"
description: String!
enabled: Boolean!
"Policy ID"
id: ID!
"Name of the policy, the default name for the policy containing all sub-policies is 'Main'"
name: String!
revision: PolicyRevision
rules: [InternetFirewallRulePayload!]!
sections: [PolicySectionPayload!]!
"Holds a list of all allowed sub-policies according to admin access capabilities"
subPolicies: [InternetFirewallSubPolicyPayload!]!
}
type InternetFirewallPolicyInfo implements PolicyInfo {
audit: PolicyAudit!
description: String!
enabled: Boolean!
id: ID!
name: String!
policyLevel: PolicyLevelEnum!
}
input InternetFirewallPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input InternetFirewallPolicyListFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
policyLevel: [PolicyLevelEnumFilterInput!]
}
input InternetFirewallPolicyListInput {
filter: InternetFirewallPolicyListFilterInput
paging: PagingInput! = {limit: 100, from: 0}
sort: InternetFirewallPolicyListSortInput! = {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}
}
type InternetFirewallPolicyListPayload implements PolicyListPayload {
items: [InternetFirewallPolicyInfo!]!
paging: PageInfo!
}
input InternetFirewallPolicyListSortInput {
name: SortOrderInput
policyLevel: SortOrderInput
}
input InternetFirewallPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Internet Firewall policy information provided in the API response"
type InternetFirewallPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
"The Internet firewall Policy information returned to the caller in the API response."
type InternetFirewallPolicyMutations {
"Add a new rule to the Internet Firewall policy."
addRule(input: InternetFirewallAddRuleInput!): InternetFirewallRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Add a new sub-policy to the Internet Firewall policy."
addSubPolicy(input: InternetFirewallAddSubPolicyInput!): InternetFirewallAddSubPolicyMutationPayload! @beta
"Create the policy revision. Create a new empty policy revision."
createPolicyRevision(input: PolicyCreateRevisionInput!): InternetFirewallPolicyMutationPayload! @beta
"Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted."
discardPolicyRevision(input: PolicyDiscardRevisionInput): InternetFirewallPolicyMutationPayload! @beta
"Change the relative location of an existing rule within the Internet Firewall policy."
moveRule(input: PolicyMoveRuleInput!): InternetFirewallRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
"Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins."
publishPolicyRevision(input: PolicyPublishRevisionInput): InternetFirewallPolicyMutationPayload! @beta
"Remove an existing rule from the Internet Firewall policy."
removeRule(input: InternetFirewallRemoveRuleInput!): InternetFirewallRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Remove an existing sub-policy from the Internet Firewall policy."
removeSubPolicy(input: InternetFirewallRemoveSubPolicyInput!): InternetFirewallRemoveSubPolicyMutationPayload! @beta
"""
Change the state of the policy, e.g. enable or disable the policy.
Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
"""
updatePolicy(input: InternetFirewallPolicyUpdateInput!): InternetFirewallPolicyMutationPayload! @beta
"Update an existing rule of the Internet Firewall policy."
updateRule(input: InternetFirewallUpdateRuleInput!): InternetFirewallRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type InternetFirewallPolicyQueries {
policy(input: InternetFirewallPolicyInput): InternetFirewallPolicy! @beta
"Provides a list of all policies of Internet Firewall with filtering, pagination and sorting capabilities"
policyList(input: InternetFirewallPolicyListInput! = {sort: {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}, paging: {limit: 100, from: 0}}): InternetFirewallPolicyListPayload! @beta
revisions: PolicyRevisionsPayload @beta
}
type InternetFirewallPolicyRef implements PolicyRef & ObjectRef {
id: ID!
name: String!
}
input InternetFirewallPolicyRefInput {
by: ObjectRefBy!
input: String!
}
input InternetFirewallPolicyUpdateInput {
state: PolicyToggleState
}
input InternetFirewallRemoveRuleInput {
id: ID!
}
input InternetFirewallRemoveSubPolicyInput {
ref: InternetFirewallPolicyRefInput!
}
type InternetFirewallRemoveSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
type InternetFirewallRule implements IPolicyRule {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum!
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriod!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestination!
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributes!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceType!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSource!
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTracking!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
type InternetFirewallRuleException {
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum!
"Source country matching criteria for the exception."
country: [CountryRef!]!
"Destination matching criteria for the exception."
destination: InternetFirewallDestination!
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRef!]!
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributes!
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]!
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: InternetFirewallServiceType!
"Source traffic matching criteria for the exception."
source: InternetFirewallSource!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
input InternetFirewallRuleExceptionInput {
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum! = ANY
"Source country matching criteria for the exception."
country: [CountryRefInput!]! = []
"Destination matching criteria for the exception."
destination: InternetFirewallDestinationInput! = {application: [], customApp: [], appCategory: [], customCategory: [], sanctionedAppsCategory: [], country: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: [], remoteAsn: [], containers: {fqdnContainer: [], ipAddressRangeContainer: []}}
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRefInput!]! = []
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]! = []
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: InternetFirewallServiceTypeInput! = {standard: [], custom: []}
"Source traffic matching criteria for the exception."
source: InternetFirewallSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
}
type InternetFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: InternetFirewallRulePayload
status: PolicyMutationStatus!
}
"Internet Firewall policy information for a specific revision"
type InternetFirewallRulePayload implements IPolicyRulePayload {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: InternetFirewallRule!
"""
POLICY_RULE = Rule is a regular policy rule
SUB_POLICY_SCOPE = Rule is a scoping rule wrapping a sub-policy and predicate apply to all sub-policy rules
"""
ruleType: PolicyRuleTypeEnum!
"A reference to the sub-policy the entity is referring to"
subPolicy: InternetFirewallPolicyRef
}
"Returns the Service Type to which this Internet Firewall rule applies"
type InternetFirewallServiceType {
custom: [CustomService!]!
standard: [ServiceRef!]!
}
"Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input InternetFirewallServiceTypeInput {
custom: [CustomServiceInput!]! = []
standard: [ServiceRefInput!]! = []
}
"Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input InternetFirewallServiceTypeUpdateInput {
custom: [CustomServiceInput!]
standard: [ServiceRefInput!]
}
"Returns the settings for Source of an Internet Firewall rule"
type InternetFirewallSource {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input InternetFirewallSourceInput {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input InternetFirewallSourceUpdateInput {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
type InternetFirewallSubPolicyPayload implements SubPolicyPayload {
access: EntityAccess!
policy: InternetFirewallPolicyInfo!
properties: [SubPolicyProperty!]!
}
input InternetFirewallUpdateRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestinationUpdateInput
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesUpdateInput
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]
enabled: Boolean
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleExceptionInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceTypeUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingUpdateInput
}
input InternetFirewallUpdateRuleInput {
id: ID!
rule: InternetFirewallUpdateRuleDataInput!
}
input RemotePortFwdAddRuleDataInput {
description: String! = ""
enabled: Boolean!
externalIp: AllocatedIpRefInput!
externalPortRange: PortRangeInput!
forwardIcmp: Boolean! = false
internalIp: IPAddress!
internalPortRange: PortRangeInput!
name: String!
remoteIPs: RemotePortFwdRemoteIpsInput! = {ip: [], ipRange: [], subnet: [], globalIpRange: []}
restrictionType: RemotePortFwdRestrictionType! = ALLOW_LIST
tracking: PolicyRuleTrackingAlertInput! = {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}
}
"Rule parameters and relevant position"
input RemotePortFwdAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: RemotePortFwdAddRuleDataInput!
}
type RemotePortFwdPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [RemotePortFwdRulePayload!]!
sections: [PolicySectionPayload!]!
}
input RemotePortFwdPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input RemotePortFwdPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Remote port forwarding policy information provided in the API response"
type RemotePortFwdPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: RemotePortFwdPolicy
status: PolicyMutationStatus!
}
"The Remote Port Forwarding Policy information returned to the caller in the API response."
type RemotePortFwdPolicyMutations {
"Add a new port forwarding rule to enable remote access to internal services."
addRule(input: RemotePortFwdAddRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Create a new empty policy revision for port forwarding rules."
createPolicyRevision(input: PolicyCreateRevisionInput!): RemotePortFwdPolicyMutationPayload! @beta
"Discard the policy revision. All changes in this revision are discarded and the revision is deleted."
discardPolicyRevision(input: PolicyDiscardRevisionInput): RemotePortFwdPolicyMutationPayload! @beta
"Change the priority/position of an existing port forwarding rule."
moveRule(input: PolicyMoveRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
"Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins."
publishPolicyRevision(input: PolicyPublishRevisionInput): RemotePortFwdPolicyMutationPayload! @beta
"Remove an existing port forwarding rule from the policy."
removeRule(input: RemotePortFwdRemoveRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing."
updatePolicy(input: RemotePortFwdPolicyUpdateInput!): RemotePortFwdPolicyMutationPayload! @beta
"Update an existing port forwarding rule configuration."
updateRule(input: RemotePortFwdUpdateRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type RemotePortFwdPolicyQueries {
policy(input: RemotePortFwdPolicyInput): RemotePortFwdPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input RemotePortFwdPolicyUpdateInput {
state: PolicyToggleState
}
type RemotePortFwdRemoteIps {
globalIpRange: [GlobalIpRangeRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
input RemotePortFwdRemoteIpsInput {
globalIpRange: [GlobalIpRangeRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
subnet: [NetworkSubnet!]! = []
}
input RemotePortFwdRemoteIpsUpdateInput {
globalIpRange: [GlobalIpRangeRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
input RemotePortFwdRemoveRuleInput {
id: ID!
}
enum RemotePortFwdRestrictionType {
ALLOW_LIST
BLOCK_LIST
}
type RemotePortFwdRule implements IPolicyRule {
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
externalIp: AllocatedIpRef!
externalPortRange: PortRange!
forwardIcmp: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
internalIp: IPAddress!
internalPortRange: PortRange!
"Name of the rule"
name: String!
remoteIPs: RemotePortFwdRemoteIps!
restrictionType: RemotePortFwdRestrictionType!
"Policy section where the rule is located"
section: PolicySectionInfo!
tracking: PolicyRuleTrackingAlert!
}
type RemotePortFwdRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: RemotePortFwdRulePayload
status: PolicyMutationStatus!
}
type RemotePortFwdRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: RemotePortFwdRule!
}
input RemotePortFwdUpdateRuleDataInput {
description: String
enabled: Boolean
externalIp: AllocatedIpRefInput
externalPortRange: PortRangeUpdateInput
forwardIcmp: Boolean
internalIp: IPAddress
internalPortRange: PortRangeUpdateInput
name: String
remoteIPs: RemotePortFwdRemoteIpsUpdateInput
restrictionType: RemotePortFwdRestrictionType
tracking: PolicyRuleTrackingAlertUpdateInput
}
input RemotePortFwdUpdateRuleInput {
id: ID!
rule: RemotePortFwdUpdateRuleDataInput!
}
enum WanFirewallActionEnum {
"Allow the network traffic to pass through the firewall."
ALLOW
"Deny the network traffic from passing through the firewall."
BLOCK
"Requests user confirmation to allow or block network traffic."
PROMPT
}
input WanFirewallAddRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum! = BLOCK
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodInput! = {useEffectiveFrom: false, useExpiresAt: false}
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], sanctionedAppsCategory: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestinationInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]! = []
direction: WanFirewallDirectionEnum! = TO
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleExceptionInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceTypeInput! = {standard: [], custom: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSourceInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Rule parameters and relevant position"
input WanFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: WanFirewallAddRuleDataInput!
}
input WanFirewallAddSubPolicyDataInput {
description: String!
name: String!
}
input WanFirewallAddSubPolicyInput {
at: PolicyRulePositionInput!
policy: WanFirewallAddSubPolicyDataInput
scope: WanFirewallAddRuleDataInput!
}
type WanFirewallAddSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
"Application match criteria set"
type WanFirewallApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
}
"Application match criteria set"
input WanFirewallApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
}
"Application match criteria set"
input WanFirewallApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
}
"Returns the settings for Destination of a Wan Firewall rule"
type WanFirewallDestination {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallDestinationInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallDestinationUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
enum WanFirewallDirectionEnum {
BOTH
TO
}
type WanFirewallPolicy implements IPolicy {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyAudit
"Description for the policy"
description: String!
enabled: Boolean!
"Policy ID"
id: ID!
"Name of the policy, the default name for the policy containing all sub-policies is 'Main'"
name: String!
revision: PolicyRevision
rules: [WanFirewallRulePayload!]!
sections: [PolicySectionPayload!]!
"Holds a list of all allowed sub-policies according to admin access capabilities"
subPolicies: [WanFirewallSubPolicyPayload!]!
}
type WanFirewallPolicyInfo implements PolicyInfo {
audit: PolicyAudit!
description: String!
enabled: Boolean!
id: ID!
name: String!
policyLevel: PolicyLevelEnum!
}
input WanFirewallPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input WanFirewallPolicyListFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
policyLevel: [PolicyLevelEnumFilterInput!]
}
input WanFirewallPolicyListInput {
filter: WanFirewallPolicyListFilterInput
paging: PagingInput! = {limit: 100, from: 0}
sort: WanFirewallPolicyListSortInput! = {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}
}
type WanFirewallPolicyListPayload implements PolicyListPayload {
items: [WanFirewallPolicyInfo!]!
paging: PageInfo!
}
input WanFirewallPolicyListSortInput {
name: SortOrderInput
policyLevel: SortOrderInput
}
input WanFirewallPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Wan Firewall policy information provided in the API response"
type WanFirewallPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
"The Wan Firewall Policy information returned to the caller in the API response."
type WanFirewallPolicyMutations {
"Add a new rule to the Wan Firewall policy."
addRule(input: WanFirewallAddRuleInput!): WanFirewallRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Add a new sub-policy to the Wan Firewall policy."
addSubPolicy(input: WanFirewallAddSubPolicyInput!): WanFirewallAddSubPolicyMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): WanFirewallPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): WanFirewallPolicyMutationPayload! @beta
"Change the relative location of an existing rule within the Wan Firewall policy."
moveRule(input: PolicyMoveRuleInput!): WanFirewallRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): WanFirewallPolicyMutationPayload! @beta
"Remove an existing rule from the Wan Firewall policy."
removeRule(input: WanFirewallRemoveRuleInput!): WanFirewallRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Remove an existing sub-policy from the Wan Firewall policy."
removeSubPolicy(input: WanFirewallRemoveSubPolicyInput!): WanFirewallRemoveSubPolicyMutationPayload! @beta
"""
Change the state of the policy, e.g. enable or disable the policy.
Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
"""
updatePolicy(input: WanFirewallPolicyUpdateInput!): WanFirewallPolicyMutationPayload! @beta
"Update an existing rule of the Wan Firewall policy."
updateRule(input: WanFirewallUpdateRuleInput!): WanFirewallRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type WanFirewallPolicyQueries {
policy(input: WanFirewallPolicyInput): WanFirewallPolicy! @beta
"Provides a list of all policies of Wan Firewall with filtering, pagination and sorting capabilities"
policyList(input: WanFirewallPolicyListInput! = {sort: {name: {direction: ASC, priority: 1}, policyLevel: {direction: ASC, priority: 2}}, paging: {limit: 100, from: 0}}): WanFirewallPolicyListPayload! @beta
revisions: PolicyRevisionsPayload @beta
}
type WanFirewallPolicyRef implements PolicyRef & ObjectRef {
id: ID!
name: String!
}
input WanFirewallPolicyRefInput {
by: ObjectRefBy!
input: String!
}
input WanFirewallPolicyUpdateInput {
state: PolicyToggleState
}
input WanFirewallRemoveRuleInput {
id: ID!
}
input WanFirewallRemoveSubPolicyInput {
ref: WanFirewallPolicyRefInput!
}
type WanFirewallRemoveSubPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
type WanFirewallRule implements IPolicyRule {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum!
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriod!
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplication!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestination!
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributes!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]!
direction: WanFirewallDirectionEnum!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceType!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSource!
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTracking!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
type WanFirewallRuleException {
"Application matching criteria for the exception."
application: WanFirewallApplication!
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum!
"Source country matching criteria for the exception."
country: [CountryRef!]!
"Destination matching criteria for the exception."
destination: WanFirewallDestination!
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRef!]!
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributes!
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]!
"Direction origin matching criteria for the exception"
direction: WanFirewallDirectionEnum!
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: WanFirewallServiceType!
"Source matching criteria for the exception."
source: WanFirewallSource!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
input WanFirewallRuleExceptionInput {
"Application matching criteria for the exception."
application: WanFirewallApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], sanctionedAppsCategory: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum! = ANY
"Source country matching criteria for the exception."
country: [CountryRefInput!]! = []
"Destination matching criteria for the exception."
destination: WanFirewallDestinationInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRefInput!]! = []
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]! = []
"Direction origin matching criteria for the exception"
direction: WanFirewallDirectionEnum! = TO
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: WanFirewallServiceTypeInput! = {standard: [], custom: []}
"Source matching criteria for the exception."
source: WanFirewallSourceInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
}
type WanFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: WanFirewallRulePayload
status: PolicyMutationStatus!
}
"Wan Firewall policy information for a specific revision"
type WanFirewallRulePayload implements IPolicyRulePayload {
"Holds the complete set of access capabilities and limitations associated with the entity."
access: EntityAccess!
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: WanFirewallRule!
"""
POLICY_RULE = Rule is a regular policy rule
SUB_POLICY_SCOPE = Rule is a scoping rule wrapping a sub-policy and predicate apply to all sub-policy rules
"""
ruleType: PolicyRuleTypeEnum!
"A reference to the sub-policy the entity is referring to"
subPolicy: WanFirewallPolicyRef
}
"Returns the Service Type to which this Wan Firewall rule applies"
type WanFirewallServiceType {
custom: [CustomService!]!
standard: [ServiceRef!]!
}
"Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input WanFirewallServiceTypeInput {
custom: [CustomServiceInput!]! = []
standard: [ServiceRefInput!]! = []
}
"Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input WanFirewallServiceTypeUpdateInput {
custom: [CustomServiceInput!]
standard: [ServiceRefInput!]
}
"Returns the settings for Source of an Wan Firewall rule"
type WanFirewallSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
type WanFirewallSubPolicyPayload implements SubPolicyPayload {
access: EntityAccess!
policy: WanFirewallPolicyInfo!
properties: [SubPolicyProperty!]!
}
input WanFirewallUpdateRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum
"The time period during which the rule is active, outside this period, the rule is inactive"
activePeriod: PolicyRuleActivePeriodUpdateInput
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplicationUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestinationUpdateInput
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesUpdateInput
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]
direction: WanFirewallDirectionEnum
enabled: Boolean
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleExceptionInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceTypeUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingUpdateInput
}
input WanFirewallUpdateRuleInput {
id: ID!
rule: WanFirewallUpdateRuleDataInput!
}
enum EventFieldName {
"Identifies system access software or device"
access_method
"Access Point Name"
access_point_name
"Account ID"
account_id
"Firewall, QoS or LAG action"
action
"A list of actions taken, if more than one action was taken as defined by a policy"
actions_taken
"The activity resource ID being referenced with resource type."
activity_resource_id
"Defines the type of entity performing the action, helping to distinguish between different categories of users."
actor_type
"Active Directory name"
ad_name
"The estimated risk level of the AI threat"
ai_app_risk_level
"AI Proxy rule name"
ai_proxy_rule_name
"A unique identifier of the alert notification"
alert_id
"Always-on Configuration"
always_on_configuration
"Analyst Verdict"
analyst_verdict
"The name of the API, e.g. eventsFeed"
api_name
"Specifies whether the API is a query (read) or a mutation (create/update/delete)"
api_type
"Name of application activity"
app_activity
"SaaS user activities into categories."
app_activity_category
"Activity type"
app_activity_type
"Related Apps"
app_stack
"Application ID of the flow"
application_id
"The name of the application associated with the flow"
application_name
"Application risk score"
application_risk
"Application type (Custom or System)"
application_type
"Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN"
auth_method
"Examples: MFA or password"
authentication_type
"BGP ASN for Cato peer"
bgp_cato_asn
"BGP IP for Cato peer"
bgp_cato_ip
"BGP disconnect error code"
bgp_error_code
"BGP ASN for remote peer"
bgp_peer_asn
"BGP IP for remote peer"
bgp_peer_ip
"CIDR for BGP route"
bgp_route_cidr
"BGP disconnect error message"
bgp_suberror_code
"The browser on which the extension is installed"
browser_type
"The current version of the browser"
browser_version
"Always-On Bypass Duration In Seconds"
bypass_duration_sec
"Always-On Bypass Method"
bypass_method
"Always-On Bypass Reason"
bypass_reason
"Cato system category"
categories
"Cato application name"
cato_app
"Activity classification, e.g. FALSE_POSITIVE"
classification
"Expiration date for Client certificate"
client_cert_expires
"Name of Client certificate"
client_cert_name
"Type of process generating this traffic"
client_class
"""
Admins can configure the Client connection mode to control which types of traffic are routed and protected by Cato. The available options are:
All Ports and Protocols – Secures all application traffic across any port or protocol.
Web-only (HTTPS) – Secures only browser-based traffic over HTTPS.
"""
client_connection_mode
"Client IP address"
client_ip
"Socket or SDP Client version"
client_version
"Shows the display name of the target user involved in an activity"
collaborator_name
"For SaaS Security API, email addresses of the users that received the file"
collaborators
"Confidence Level"
confidence_level
"For hosts configured with a static IP in the Cato Management Application, the host name"
configured_host_name
"The algorithm that is used (CUBIC /NewReno / BBR)"
congestion_algorithm
"Connect on boot Enabled/Disabled"
connect_on_boot
"Connection Origin"
connection_origin
"For SaaS Security API, unique identifier of the connector"
connector_id
"For SaaS Security API, name of the connector"
connector_name
"For SaaS Security API, status of the connector"
connector_status
"For SaaS Security API, SaaS app for the connector"
connector_type
"IoC Container Name"
container_name
"An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories."
correlation_id
"CPU Core ID"
cpu_core_id
"Criticality"
criticality
"Custom category ID"
custom_category_id
"Custom category name"
custom_category_name
"For Internet traffic, country where the destination host is located"
dest_country
"For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)"
dest_country_code
"The unique identifier by the SaaS vendor for the target group in an activity."
dest_group_id
"Identifies the target group involved in an activity"
dest_group_name
"Destination IP address"
dest_ip
"For WAN traffic, destination is site or SDP user"
dest_is_site_or_vpn
"The destination process ID"
dest_pid
"Destination port"
dest_port
"Destination process command line"
dest_process_cmdline
"Destination process parent file path"
dest_process_parent_path
"Destination process parent process ID"
dest_process_parent_pid
"Destination process file path"
dest_process_path
"Unique internal Cato ID for the destination site or remote user"
dest_site_id
"The name of the destination site"
dest_site_name
"Short description of the detection"
detection_name
"""
Triggered when malware has been detected EPP Behavioral engines and has been dealt with:
• on_detection: the event is triggered upon malware detection;
• on_end_disinfect: the event is triggered upon detection and followed disinfection;
• on_inject: the event is triggered upon code injection.
"""
detection_stage
"Device Categories"
device_categories
"Device Certificate Validated/Not Validated"
device_certificate
"Unique Cato ID for devices"
device_id
"Device Manufacturer"
device_manufacturer
"Device Model"
device_model
"Name for device related to the event"
device_name
"Device OS Type"
device_os_type
"Device posture profiles"
device_posture_profile
"Device Type"
device_type
"Host name of Domain Controller that created LDAP event"
directory_host_name
"IP address of Domain Controller that created LDAP event"
directory_ip
"Result of LDAP Domain Controller sync event"
directory_sync_result
"Type of LDAP Domain Controller sync event"
directory_sync_type
"If policy is set to disinfect, return the result of this action"
disinfect_result
"Describes the behavior when the DLP system encounters a failure"
dlp_fail_mode
"DLP profiles related to the event"
dlp_profiles
"Defines the scanning methods used by the DLP system"
dlp_scan_types
"Cato’s DNS Protection type that matched the DNS request"
dns_protection_category
"Domain queried in the DNS request"
dns_query
"Type of record (ie. DNS record: A, AAAA, MX, or PTR)"
dns_record_type
"Domain name based on the SSL SNI, HTTP host name, or DNS name"
domain_name
"Duration in milliseconds between the start and end of a transaction or operation. For example, in DNS or HTTP events, this reflects the time between the request and the corresponding response."
duration_ms
"Dynamic Control IDs applied in the event"
dynamic_control_ids
"Dynamic control names applied in the event"
dynamic_control_names
"The scope of the dynamic control Applied in the event"
dynamic_control_scope
"Dynamic control threat categories applied in the event"
dynamic_control_threat_categories
"Egress PoP Name"
egress_pop_name
"Egress Site Name for backhauling traffic"
egress_site_name
"Email Subject"
email_subject
"The ID for the endpoint"
endpoint_id
"The engine type associated with the event"
engine_type
"The Endpoint Protection Engine that detected the malware"
epp_engine_type @deprecated(reason: "use engine_type instead. Planned end-of-life (EoL) date: April 1, 2026.")
"The profile assigned to the endpoint upon detection of the malware"
epp_profile
"Count for events that are repeated multiple times during one minute"
event_count
"Event Id"
event_id
"Cato's description of the event"
event_message
"Sub-type for Routing, Security, Connectivity, System or Sockets Management event"
event_sub_type
"Routing, Security, Connectivity, System or Sockets Management event"
event_type
"Provides details about why a specific action or process failed"
failure_reason
"File hash"
file_hash
"File name"
file_name
"The file operation when this event occurred"
file_operation
"File path"
file_path
"File size"
file_size
"File Topic - The topic of the file content, as classified by the DLP auto-classification engine"
file_topic
"File Topic Category - The category associated with the classified file topic, as determined by the DLP auto-classification engine"
file_topic_category
"File type"
file_type
"The final status for this object after performing actions as defined by the policy"
final_object_status
"Amount of flows for a given incident"
flows_cardinality
"Full path URL application activity"
full_path_url
"A unique identifier for the AI Security Guard associated with the event"
guard_id
"The name of the AI Security Guard associated with the event"
guard_name
"The type of AI Security Guard associated with the event"
guard_type
"An identifier for a guest user using Cato through a Captive Portal"
guest_user
"IP address of host related to event"
host_ip
"MAC address of host related to event"
host_mac
"HTTP request method (ie. Get, Post)"
http_request_method
"HTTP status code returned (ie. for DNS request, DNS-over-HTTPS (DoH) server when DoH is used)."
http_response_code
"For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)"
incident_aggregation
"Unique Cato ID that identifies this security incident"
incident_id
"Indication"
indication
"Indicator"
indicator
"The initial status of the object, before any policy was applied"
initial_object_status
"Cato Internal-use only"
internalId @deprecated(reason: "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Network protocol for this event"
ip_protocol
"Classifies users based on their permissions."
is_admin
"Indicates whether an activity requires administrative permissions."
is_admin_activity
"Is Compliant"
is_compliant
"Is Managed"
is_managed
"Is the app for this event defined as a sanctioned app? (True/False)"
is_sanctioned_app
"If the events was part of the sinkhole flow"
is_sinkhole
"The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)"
ISP_name
"Name defined for the public API Key in the Cato Management Application"
key_name
"A list of labels providing additional context for the event"
labels
"Role of the conversation participant for the analyzed turn (user, assistant, or tool call)"
last_turn_role
"Data that measures the congestion for a specific link"
link_health_is_congested
"Data that measures the jitter for a specific link"
link_health_jitter
"Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP"
link_health_latency
"Data that measures the packet loss for a specific link"
link_health_pkt_loss
"Link type – Cato, Alt. WAN or LAG"
link_type
"The user logged into this endpoint during this event"
logged_in_user
"Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)"
login_type
"Matched DLP data types related to the event"
matched_data_types
"Unique identifier used to correlate request and response events for the same message"
message_id
"Mitre attack subtechniques"
mitre_attack_subtechniques
"Mitre attack tactics"
mitre_attack_tactics
"Mitre attack techniques"
mitre_attack_techniques
"Flow NAT error reason"
nat_error
"Network Access"
network_access
"Matched network rule"
network_rule
"For SaaS Security API, API Error of Apps Security Notification"
notification_api_error
"For SaaS Security API, description of Apps Security Notification"
notification_description
"Unique identifier by the 3rd party App of the object being referenced"
object_id
"The name of the object for this event (for example: file name)"
object_name
"Specifies the type of object being acted upon (e.g., file, folder)"
object_type
"Office mode Enabled/Disabled"
office_mode
"Host OS or tunnel device"
os_type
"OS version for the device (such as 14.3.0)"
os_version
"Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App)"
out_of_band_access
"Name of the on-prem deployment environment where the event originated from"
outpost_environment_name
"For SaaS Security API, email address of the file owner"
owner
"Pac File Enabled/Disabled"
pac_file
"For SaaS Security API, parent Microsoft 365 connector"
parent_connector_name
"Name of PoP location"
pop_name
"Precedence"
precedence
"Indicate how many processes are part of this event"
processes_count
"Producer"
producer
"Related project name(s)"
projects
"Prompt Page Selected Action"
prompt_action
"The name of the provider, for example cloud provider - AWS"
provider_name
"Public source IP"
public_ip
"QoS Priority value"
qos_priority
"For QoS, the time that this QoS event started. The event is generated when the QoS event finishes"
qos_reported_time
"Specifies the path to a quarantine folder for isolated files"
quarantine_folder_path
"A Unique ID for the quarantined file"
quarantine_uuid
"Raw Data"
raw_data
"Textual recommendation of the steps to take"
recommended_actions
"The URL that links directly to the object involved in the activity"
reference_url
"Referer URL from the HTTP request header indicating the source of the request."
referer_url
"The region of the object"
region_name
"Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)"
registration_code
"Request packet size in bytes (ie. DNS request packet)"
request_size
"The ID of the resource in the cloud provider"
resource_id
"The specific name or identifier of the resource."
resource_name
"The type of resource being referenced."
resource_type
"Response packet size in bytes (ie. DNS response packet)"
response_size
"(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low – ie. adware Medium – ie. network scans High – ie. spyware or worms"
risk_level
"The time when the rule is no longer in active"
rule_expiration_time
"Unique Cato ID for the security rule related to the event"
rule_id
"Rule name"
rule_name
"Server IP address"
server_ip
"Indicates the internal vendor service or module that produced the data reported in this event"
service_name
"Unique identifier for grouping multiple messages within the same session"
session_id
"Severity defined for the rule"
severity
"Sharing Options for the file (such as SharePoint)"
sharing_scope
"Sign In Types"
sign_in_event_types
"For IPS and SAM, ID of the IPS signature"
signature_id
"Name for Socket interface"
socket_interface
"Socket interface ID"
socket_interface_id
"For Socket upgrades, new version number"
socket_new_version
"For Socket upgrade, previous version number"
socket_old_version
"Type of Socket reset (Hardware/Software)"
socket_reset
"For Socket HA events, indicates if the Socket is primary or secondary"
socket_role
"Socket serial number"
socket_serial
"Socket version number"
socket_version
"Split Tunnel Configuration"
split_tunnel_configuration
"Country in which the source host is located (detected via public IP address)"
src_country
"Country Code of country in which the source host is located (detected via public IP address)"
src_country_code
"IP for host or Cato Client"
src_ip
"Source type: site or remote user"
src_is_site_or_vpn
"IP address provided by ISP to site or Client"
src_isp_ip
"Source process ID"
src_pid
"Internal port number"
src_port
"Source process command line"
src_process_cmdline
"Source process parent file path"
src_process_parent_path
"Source process parent process ID"
src_process_parent_pid
"Source process file path"
src_process_path
"Unique internal Cato ID for the site or remote user"
src_site_id
"Source site or remote user"
src_site_name
"Static host"
static_host
"""
The story status.
Possible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring
"""
status
"Story Id"
story_id
"Name of subnet as defined in Cato Management Application"
subnet_name
"The name of the subscription"
subscription_name
"Number of targets (servers) associated with this event"
targets_cardinality
"Shows if traffic was TCP accelerated or not"
tcp_acceleration
"Unique identifier for the tenant within a multi-tenant environment"
tenant_id
"Tenant Name"
tenant_name
"Tenant Restriction Rule Name"
tenant_restriction_rule_name
"""
Contains the detection risk level. Could be one of the following:
• Info - this is information-only event, the activity is not malicious;
• Suspicious - the event is suspicious. It may be malicious, but there is not enough information
• Malware - the event is malicious activity
"""
threat_confidence
"For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked"
threat_name
"Link to external malware reference"
threat_reference
"The higher the score, the more dangerous the event. In range between 1 - 100 inclusive"
threat_score
"Type of malware event"
threat_type
"Result of malware event (clean indicates a safe file)"
threat_verdict
"Time stamp of the event (Linux epoch format)"
time
"Time stamp of the event (Human-readable format)"
time_str
"A short summary of the activity"
title
"TLS Certificate Error"
tls_certificate_error
"TLS Error Description"
tls_error_description
"TLS Error Type"
tls_error_type
"Shows if traffic was TLS inspected or not"
tls_inspection
"TLS Inspection rule name"
tls_rule_name
"TLS Version"
tls_version
"Total number of tokens processed"
total_tokens
"Direction of network traffic for this event, values are inbound or outbound"
traffic_direction
"Total transaction size in bytes, including both the request and response"
transaction_size
"Translated Client IP"
translated_client_ip
"Translated Server IP"
translated_server_ip
"Trigger"
trigger
"Trust Type"
trust_type
"Trusted networks Enabled/Disabled"
trusted_networks
"Tunnel Protocol TCP/UDP"
tunnel_ip_protocol
"Protocol for the tunnel"
tunnel_protocol
"Socket upgrade end time (Linux epoch format):"
upgrade_end_time
"Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)"
upgrade_initiated_by
"Socket upgrade start time (Linux epoch format)"
upgrade_start_time
"URL associated with the event"
url
"User Agent"
user_agent
"Method used to get identity with User Awareness (such as Identity Agent)"
user_awareness_method
"User ID"
user_id
"User that generated the event"
user_name
"Identifies the origin of the user’s connection."
user_origin
"For Block/Prompt page, reference ID to report incorrect category"
user_reference_id
"User risk level category"
user_risk_level
"The vendor that identified the incident, such as Cato or Microsoft"
vendor
"Shows the id of the target user involved in an activity"
vendor_collaborator_id
"Vendor Device Id"
vendor_device_id
"Vendor Device Name"
vendor_device_name
"Vendor Event Id"
vendor_event_id
"Identifies the organization in the vendor’s system"
vendor_org_id
"Third party vendor policy description"
vendor_policy_description
"Third party vendor policy ID"
vendor_policy_id
"Third party vendor policy name"
vendor_policy_name
"Identifies the site in the vendor’s system"
vendor_site_id
"Identifies the user in the vendor’s system"
vendor_user_id
"Unique Cato Visible ID for devices"
visible_device_id @deprecated(reason: "use device_id instead. Planned end-of-life (EoL) date: April 1, 2026.")
"Lan access Allowed / Blocked"
vpn_lan_access
"User’s email address"
vpn_user_email
"WiFi authentication type"
wifi_authentication_type
"WiFi BSSID (Basic Service Set Identifier)"
wifi_bssid
"WiFi channel"
wifi_channel
"WiFi description"
wifi_description
"Wifi Event Reason Code"
wifi_event_reason_code
"Wifi Event Type"
wifi_event_type
"Wifi Event Type Code"
wifi_event_type_code
"Wifi Protocol"
wifi_protocol
"WiFi radio band"
wifi_radio_band
"Wifi Security Protocols"
wifi_security
"WiFi signal strength"
wifi_signal_strength
"WiFi SSID (Service Set Identifier)"
wifi_ssid
"Wifi milliseconds since association to the Access Point"
wifi_time_since_assoc_ms
"For LDAP sync events, name of the AD domain"
windows_domain_name
"XFF HTTP header indicates the original IP address for the connections"
xff
}
type EnterpriseDirectoryQueries {
"""Retrieve the account location items"""
locationList(input: EnterpriseDirectoryLocationListInput): EnterpriseDirectoryLocationListPayload! @beta
}
type EnterpriseDirectoryMutations {
archiveLocation(locationId: ID): EnterpriseDirectoryArchiveLocationPayload @beta
createLocation(input: EnterpriseDirectoryCreateLocationInput!): EnterpriseDirectoryCreateLocationPayload @beta
restoreLocation(locationId: ID): EnterpriseDirectoryRestoreLocationPayload @beta
updateLocation(input: EnterpriseDirectoryUpdateLocationInput!): EnterpriseDirectoryUpdateLocationPayload @beta
}
type EnterpriseDirectoryLocationListPayload {
"""The results"""
items: [Location!]!
"""Pagination details"""
pageInfo: PageInfo
}
type EnterpriseDirectoryCreateLocationPayload {
"""The created location"""
location: Location!
}
type EnterpriseDirectoryUpdateLocationPayload {
"""The updated location"""
location: Location!
}
type EnterpriseDirectoryArchiveLocationPayload {
"""The archived location"""
location: Location!
}
type EnterpriseDirectoryRestoreLocationPayload {
"""The restored location"""
location: Location!
}
type Location {
"""Cma account"""
account: AccountRef!
"""Is archived"""
archived: Boolean!
"""Audit data"""
audit: AuditingMetadata!
"""Business unit"""
businessUnit: String
"""Location description"""
description: String
"""Location details"""
details: LocationDetails!
"""Location id"""
id: ID!
"""Location name"""
name: String!
"""Location type"""
type: LocationType!
}
type LocationDetails {
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetails
"""Postal location"""
postalAddress: PostalAddress!
"""Is shipping location"""
shippingLocation: Boolean!
"""Vat id (required for Brazil)"""
vatId: String
}
input EnterpriseDirectoryLocationListInput {
filter: LocationFilterInput
paging: PagingInput = {limit: 100, from: 0}
sort: LocationSortInput = {name: {direction: ASC, priority: 1}}
}
input LocationSortInput {
country: SortOrderInput
"""Default sort field"""
name: SortOrderInput
type: SortOrderInput
}
input LocationFilterInput {
account: [AccountFilter!]
countryCode: [StringFilterInput!]
"""
Will use contains operator for the provided text on the location fields
"""
freeText: FreeTextFilterInput
id: [IdFilterInput!]
includeArchived: Boolean = false
isShippingLocation: Boolean
name: [StringFilterInput!]
type: [LocationTypeFilterInput!]
}
input LocationTypeFilterInput {
eq: LocationType
in: [LocationType!]
neq: LocationType
nin: [LocationType!]
}
input EnterpriseDirectoryCreateLocationInput {
"""Business unit"""
businessUnit: String
"""Description"""
description: String
"""Location details"""
details: CreateLocationDetailsInput!
"""Location name"""
name: String!
"""Location type"""
type: LocationType!
}
input EnterpriseDirectoryUpdateLocationInput {
"""Business unit"""
businessUnit: String
"""Description"""
description: String
"""Location details"""
details: UpdateLocationDetailsInput
"""Location id"""
id: ID!
"""Location name"""
name: String
"""Location type"""
type: LocationType
}
input CreateLocationDetailsInput {
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetailsInput
"""Postal location"""
postalAddress: PostalAddressInput!
"""Vat id (required for Brazil)"""
vatId: String
}
input UpdateLocationDetailsInput {
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetailsInput
"""Postal location"""
postalAddress: PostalAddressInput
"""Vat id (required for Brazil)"""
vatId: String
}
enum LocationType {
BRANCH
CLOUD_DATA_CENTER
DATA_CENTER
HEADQUARTERS
WAREHOUSE
}
type DevicesQueries {
attributesCatalog: DeviceAttributesCatalogQueries! @beta
csvExport(input: DeviceCsvExportInput): ExportJobResponse! @beta
csvExportStatus(jobId: ID!): ExportStatusResponse! @beta
list(input: DeviceV2Input): DevicesPayload @beta
}
type DeviceV2 {
"Device category grouping based on role or type"
category: String
"Compliance posture of the device according to policy/integration checks (e.g., 'compliant', 'noncompliant', 'unknown')"
complianceState: String
"Confidence score for device classification accuracy"
confidence: DeviceConfidenceLevel
"Profile describing how the device connects to the network"
connectionProfile: DeviceConnectionProfile
"Timestamp of when the device was first detected"
firstSeen: DateTime
"Hardware information for the device"
hw: DeviceHw
"Unique identifier for the device record"
id: ID!
ip: String @deprecated(reason: "Use ipAddress instead")
"Current or last known IP address of the device"
ipAddress: IPAddress
"True/false flag showing whether the device is under admin management"
isManaged: Boolean!
"Timestamp of the most recent device activity"
lastSeen: DateTime
"Human-readable name of the device"
name: String
"Information about the network environment the device connects to"
network: DeviceNetwork
"Reference to the device's network (Rename to 'network' after fe is aligned)"
networkInfo: DeviceNetworkRef
"Network interface card details for the device"
nic: DeviceNic
"The origins (e.g., integrations, data feeds) that detected the device"
originTypes: [OriginType!]!
"Operating system details of the device"
os: DeviceOs
"Numerical value representing the device's security risk"
riskScore: Int
"Reference to the site where the device is located"
site: SiteRef
"Reference to the user linked with this device"
user: UserRef
}
"The origins (e.g., integrations, data feeds) that detected the device"
enum OriginType {
"Device details reported by the Armis security platform"
Armis
"Device information provided by the Cato Networks platform"
CatoNetworks
"Device data gathered from Claroty's security platform"
Claroty
"Device details provided by CrowdStrike endpoint security"
Crowdstrike
"Device information from Juniper Mist network infrastructure platform"
JuniperMist
"Device information from Microsoft Defender endpoint platform"
MicrosoftDefender
"Device data collected from Microsoft Intune MDM"
MicrosoftIntune
"Device information from SentinelOne endpoint platform"
SentinelOne
"Origin of the device data could not be determined"
Unknown
"Device information identified through Zoom integration"
Zoom
}
union DeviceNetworkRef = SiteNetworkSubnetRef | GlobalRangeRef | GlobalIpRangeRef | FloatingSubnetRef
type DeviceNic {
"The unique MAC address of the device's network interface card"
macAddress: MacAddress
"Manufacturer of the network interface (e.g., Intel, Broadcom)"
vendor: String
}
type DeviceOs {
"Name of the operating system product (e.g., Windows, iOS)"
product: String
"Vendor or publisher of the operating system"
vendor: String
"Specific version or release of the operating system"
version: String
}
type DeviceHw {
"Brand or vendor that produced the device"
manufacturer: String
"Specific hardware model identifier"
model: String
"Hardware type of the device (e.g., laptop, printer)"
type: String
}
type DeviceNetwork {
"Name of the associated network"
networkName: String
"Subnet in which the device resides"
subnet: String
}
type DeviceConnectionProfile {
"List of applications the device communicates with"
destApps: [String!]!
"Domains contacted by the device"
destDomains: [String!]!
"Destination hosts accessed by the device"
destHosts: [String!]!
"Traffic direction indicators (e.g., inbound, outbound)"
directions: [String!]!
}
enum DeviceConfidenceLevel {
"Device classification is strongly validated by multiple signals"
HIGH
"Device classification has minimal supporting evidence"
LOW
"Device classification has moderate supporting signals"
MEDIUM
}
input DeviceV2Input {
"List of filter conditions applied to narrow down devices"
filter: [DeviceV2FilterInput!]
"Paging input to control results (default limit = 100)"
paging: PagingInput! = {limit: 100, from: 0}
"Sorting configuration (default: sort by id descending)"
sort: DeviceSortInput! = {id: {direction: DESC, priority: 1}}
}
type DevicesPayload {
"List of devices returned by the query"
device: [DeviceV2!]!
"Metadata describing pagination details"
paging: PageInfo!
}
"Input for sorting devices by various fields"
input DeviceSortInput {
"Sort by device category"
category: SortOrderInput
"Sort by classification confidence level"
confidence: SortOrderInput
"Sort by first detection timestamp"
firstSeen: SortOrderInput
"Sort by hardware fields"
hw: DeviceHwSortOrderInput
"Sort by device unique identifier"
id: SortOrderInput
"Sort by IP address"
ip: SortOrderInput
"Sort by last activity timestamp"
lastSeen: SortOrderInput
"Sort by device name"
name: SortOrderInput
"Sort by network fields"
network: DeviceNetworkSortOrderInput
"Sort by network interface fields"
nic: DeviceNicSortOrderInput
"Sort by operating system fields"
os: DeviceOsSortOrderInput
"Sort by security risk score"
riskScore: SortOrderInput
"Sort by site-related fields"
site: DeviceSiteSortOrderInput
"Sort by user-related fields"
user: DeviceUserSortOrderInput
}
input DeviceNicSortOrderInput {
macAddress: SortOrderInput
vendor: SortOrderInput
}
input DeviceSiteSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
input DeviceUserSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
input DeviceOsSortOrderInput {
product: SortOrderInput
vendor: SortOrderInput
version: SortOrderInput
}
input DeviceHwSortOrderInput {
manufacturer: SortOrderInput
model: SortOrderInput
type: SortOrderInput
}
input DeviceNetworkSortOrderInput {
networkName: SortOrderInput
subnet: SortOrderInput
}
"Input for filtering devices by various criteria"
input DeviceV2FilterInput {
"Filter by device category"
category: [StringFilterInput!]
"Filter by compliance state criteria"
complianceState: [StringFilterInput!]
"Filter by classification confidence level"
confidence: [DeviceConfidenceLevelFilterInput!]
"Filter by first detection timestamp"
firstSeen: [DateTimeFilterInput!]
"Filter by hardware criteria"
hw: DeviceHwFilterInput
"Filter by device unique identifier"
id: [IdFilterInput!]
ip: [StringFilterInput!] @deprecated(reason: "Use ipAddress instead")
"Filter by IP address"
ipAddress: [IPAddressFilterInput!]
"Filter by management status"
isManaged: [BooleanFilterInput!]
"Filter by last activity timestamp"
lastSeen: [DateTimeFilterInput!]
"Filter by device name"
name: [StringFilterInput!]
"Filter by network criteria"
network: DeviceNetworkFilterInput
"Filter by network interface criteria"
nic: DeviceNicFilterInput
originTypes: [OriginTypeFilterInput!]
"Filter by operating system criteria"
os: DeviceOsFilterInput
"Filter by security risk score"
riskScore: [IntFilterInput!]
"Filter by site reference"
site: [SiteRefFilterInput!]
"Filter by user reference"
user: [UserRefFilterInput!]
}
"Filter input for device confidence level with equality and inclusion operators"
input DeviceConfidenceLevelFilterInput {
"Equals - exact confidence level match"
eq: DeviceConfidenceLevel
"In - match any of the specified confidence levels"
in: [DeviceConfidenceLevel!]
"Not equals - exclude specific confidence level"
neq: DeviceConfidenceLevel
"Not in - exclude all specified confidence levels"
nin: [DeviceConfidenceLevel!]
}
input OriginTypeFilterInput {
"Has all - include devices that have all specified origin types"
hasAll: [OriginType!]
"In - include devices that have any of the specified origin types"
in: [OriginType!]
"Not in - exclude devices that have any of the specified origin types"
nin: [OriginType!]
}
input MacAddressFilterInput {
eq: MacAddress
in: [MacAddress!]
neq: MacAddress
nin: [MacAddress!]
}
input DeviceNicFilterInput {
macAddress: [MacAddressFilterInput!]
vendor: [StringFilterInput!]
}
input DeviceOsFilterInput {
product: [StringFilterInput!]
vendor: [StringFilterInput!]
version: [StringFilterInput!]
}
input DeviceHwFilterInput {
manufacturer: [StringFilterInput!]
model: [StringFilterInput!]
type: [StringFilterInput!]
}
input DeviceNetworkFilterInput {
networkName: [StringFilterInput!]
subnet: [StringFilterInput!]
}
input DeviceAttributeCatalogInput {
filter: StringFilterInput
paging: PagingInput
sort: SortOrderInput
}
type DeviceAttributesCatalogQueries {
category(sort: SortOrderInput): DeviceAttributeCatalogPayload!
compliance(input: DeviceComplianceCatalogInput): DeviceComplianceCatalogPayload!
manufacturer(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
model(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
os(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
type(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
}
type DeviceComplianceCatalogPayload {
items: [DeviceComplianceCatalogItem!]!
pageInfo: PageInfo!
}
type DeviceComplianceCatalogItem {
applicationConnector: ApplicationConnectorCatalogEntityRef!
state: String!
}
input DeviceComplianceCatalogInput {
filter: DeviceComplianceFilterInput
paging: PagingInput
sort: DeviceComplianceSortInput
}
input DeviceComplianceFilterInput {
applicationConnector: ApplicationConnectorCatalogEntityRefFilterInput
state: StringFilterInput
}
input ApplicationConnectorCatalogEntityRefFilterInput {
id: IdFilterInput
name: StringFilterInput
}
input DeviceComplianceSortInput {
applicationConnector: ApplicationConnectorCatalogEntityRefSortOrderInput
state: SortOrderInput
}
input ApplicationConnectorCatalogEntityRefSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
type DeviceAttributeCatalogPayload {
items: [String!]!
pageInfo: PageInfo!
}
"Response returned when initiating a CSV export job"
type ExportJobResponse {
"Unique identifier for the export job"
jobId: ID!
"Status message about the export job initiation"
message: String
}
"Response containing the current status and details of an export job"
type ExportStatusResponse {
"Download URL (available when status is COMPLETED)"
downloadUrl: String
"Timestamp when the download URL expires"
expiresAt: DateTime
"Unique identifier for the export job"
jobId: ID!
"Status message describing current state"
message: String
"Completion percentage (0-100%)"
progress: Float
"Current status of the export job"
status: ExportJobStatus!
}
"Status values for export job lifecycle"
enum ExportJobStatus {
"Export job finished successfully and file is ready for download"
COMPLETED
"Export job encountered an error and could not complete"
FAILED
"Export job is currently being processed"
IN_PROGRESS
"Export job has been queued but not yet started"
PENDING
}
"Input for CSV export with optional filtering"
input DeviceCsvExportInput {
"Filter devices by various criteria before export"
filter: [DeviceV2FilterInput!]
}
type ContainerQueries {
fqdn: FqdnContainerQueries!
ipAddressRange: IpAddressRangeContainerQueries!
list(input: ContainerSearchInput!): ContainerSearchPayload! @beta
}
type ContainerMutations {
delete(input: DeleteContainerInput!): DeleteContainerPayload! @beta
fqdn: FqdnContainerMutations!
ipAddressRange: IpAddressRangeContainerMutations!
}
"A group with members of a single type of entity (for example: IPAddress, FQDN)"
interface Container {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Description for the container"
description: String
"Number of items in the container"
size: Int!
"Audit metadata about the container"
audit: ContainerAudit!
"Information about automatic synchronization of the container"
syncData: ContainerSyncData
"Audit information about the last synchronization of the container"
syncDataAudit: ContainerSyncDataAudit
}
"Audit metadata about the container"
type ContainerAudit {
"Indicates when the container was created"
createdAt: DateTime!
"Indicates who created the container"
createdBy: String!
"Indicated when the container was last updated"
lastModifiedAt: DateTime!
"Indicates who was the last to update the container"
lastModifiedBy: String!
}
"Information about automatic synchronization of the container"
type ContainerSyncData {
"File type that is synchronized"
fileType: ContainerFileType
"Notifications for sync data"
notifications: ContainerSyncDataNotification!
"Interval of time between synchronizations"
timeInterval: Int!
"Unit of time for the interval"
timeUnit: ContainerSyncDataTimeUnit!
"URL from which the container is synchronized"
url: Url!
}
type ContainerSyncDataNotification {
mailingList: [SubscriptionMailingListRef!]!
subscriptionGroup: [SubscriptionGroupRef!]!
webhook: [SubscriptionWebhookRef!]!
}
"Audit information about the last synchronization of the container"
type ContainerSyncDataAudit {
"Error message, only if last sync had an error"
errorMsg: String
"Timestamp of the last attempt sync"
lastSyncAttempt: DateTime!
"Timestamp of the last successful sync"
lastSynced: DateTime!
}
enum ContainerSyncDataTimeUnit {
DAY
HOUR
}
"Container search result, including all containers that matched input criteria"
type ContainerSearchPayload {
"A list of matched containers"
containers: [Container!]!
}
type DeleteContainerPayload {
"The data of the container before it was deleted"
container: Container!
}
type TestContainerFromUrlPayload {
sizeInvalid: Int!
sizeValid: Int!
topInvalid: [String!]!
topValid: [String!]!
}
"Filtering input to container search"
input ContainerSearchInput {
"Allows filtering container search by container ID or container name"
refs: [ContainerRefInput!]! = []
"Allows filtering container search by specific container types"
types: [ContainerType!]! = []
}
"Identification of container for delete operation"
input DeleteContainerInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Create synchronization data for a container"
input CreateContainerSyncDataInput {
notifications: CreateContainerSyncDataNotificationInput!
timeInterval: Int!
timeUnit: ContainerSyncDataTimeUnit!
url: Url!
}
input CreateContainerSyncDataNotificationInput {
mailingList: [SubscriptionMailingListRefInput!]! = []
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
webhook: [SubscriptionWebhookRefInput!]! = []
}
"Update synchronization data for a container"
input UpdateContainerSyncDataInput {
notifications: UpdateContainerSyncDataNotificationInput
timeInterval: Int
timeUnit: ContainerSyncDataTimeUnit
url: Url
}
input UpdateContainerSyncDataNotificationInput {
mailingList: [SubscriptionMailingListRefInput!]! = []
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
webhook: [SubscriptionWebhookRefInput!]! = []
}
input TestContainerFromUrlInput {
fileType: ContainerFileType! = CSV
url: Url!
}
enum ContainerType {
FQDN
IP_RANGE
}
enum ContainerFileType {
CSV
STIX
}
type FqdnContainerMutations {
addValues(input: FqdnContainerAddValuesInput!): FqdnContainerAddValuesPayload! @beta
createFromFile(input: CreateFqdnContainerFromFileInput!): CreateFqdnContainerFromFilePayload! @beta
createFromList(input: CreateFqdnContainerFromListInput!): CreateFqdnContainerFromListPayload! @beta
createFromURL(input: CreateFqdnContainerFromUrlInput!): CreateFqdnContainerFromUrlPayload! @beta
removeValues(input: FqdnContainerRemoveValuesInput!): FqdnContainerRemoveValuesPayload! @beta
syncFromURL(input: SyncFqdnContainerFromUrlInput!): SyncFqdnContainerFromUrlPayload! @beta
updateFromFile(input: UpdateFqdnContainerFromFileInput!): UpdateFqdnContainerFromFilePayload! @beta
updateFromList(input: UpdateFqdnContainerFromListInput!): UpdateFqdnContainerFromListPayload! @beta
updateFromURL(input: UpdateFqdnContainerFromUrlInput!): UpdateFqdnContainerFromUrlPayload! @beta
}
type FqdnContainerQueries {
downloadFile(input: DownloadFqdnContainerFileInput!): DownloadFqdnContainerFilePayload! @beta
search(input: FqdnContainerSearchInput!): FqdnContainerSearchPayload! @beta
searchFqdn(input: FqdnContainerSearchFqdnInput!): FqdnContainerSearchFqdnPayload! @beta
testFromURL(input: TestContainerFromUrlInput!): TestContainerFromUrlPayload! @beta
}
"A group with members of FQDN type"
type FqdnContainer implements Container {
"Audit metadata about the container"
audit: ContainerAudit!
"Description for the container"
description: String
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Number of items in the container"
size: Int!
"Information about automatic synchronization of the container"
syncData: ContainerSyncData
"Audit information about the last synchronization of the container"
syncDataAudit: ContainerSyncDataAudit
}
"Payload of FQDN container search"
type FqdnContainerSearchPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of FQDN search query"
type FqdnContainerSearchFqdnPayload {
"List of containers with members of type FQDN"
containers: [FqdnContainer!]!
}
"Payload of AddValues operation on FQDN typed container"
type FqdnContainerAddValuesPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of RemoveValues operation on FQDN typed container"
type FqdnContainerRemoveValuesPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of CreateFromFile operation on FQDN typed container"
type CreateFqdnContainerFromFilePayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of UpdateFromFile operation on FQDN typed container"
type UpdateFqdnContainerFromFilePayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of CreateFromList operation on FQDN typed container"
type CreateFqdnContainerFromListPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of UpdateFromList operation on FQDN typed container"
type UpdateFqdnContainerFromListPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
type CreateFqdnContainerFromUrlPayload {
container: FqdnContainer!
}
type UpdateFqdnContainerFromUrlPayload {
container: FqdnContainer!
}
type SyncFqdnContainerFromUrlPayload {
container: FqdnContainer!
}
"Payload of download FQDN typed container file"
type DownloadFqdnContainerFilePayload {
"Content of a file encoded in base64 format"
encodedFile: String!
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Input for creating FQDN typed container from file"
input CreateFqdnContainerFromFileInput {
"Description for the container"
description: String!
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Name for the container"
name: String!
"Multipart file containing FQDNs with fileType delimiter"
uploadFile: Upload
}
input CreateFqdnContainerFromListInput {
description: String!
name: String!
values: [Fqdn!]! = []
}
"Input for updating FQDN typed container from file"
input UpdateFqdnContainerFromFileInput {
"Description for the container"
description: String
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
"Multipart file containing FQDNs with fileType delimiter"
uploadFile: Upload
}
input UpdateFqdnContainerFromListInput {
description: String!
ref: ContainerRefInput!
values: [Fqdn!]
}
"Input for adding values to existing FQDN typed container"
input FqdnContainerAddValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [Fqdn!]! = []
}
"Input for removing values from existing FQDN typed container"
input FqdnContainerRemoveValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [Fqdn!]! = []
}
input CreateFqdnContainerFromUrlInput {
description: String! = ""
fileType: ContainerFileType! = CSV
name: String!
syncData: CreateContainerSyncDataInput!
}
input UpdateFqdnContainerFromUrlInput {
description: String
fileType: ContainerFileType = CSV
ref: ContainerRefInput!
syncData: UpdateContainerSyncDataInput
}
input SyncFqdnContainerFromUrlInput {
ref: ContainerRefInput!
}
"Input for searching FQDN typed container"
input FqdnContainerSearchInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Input for searching FQDN typed containers that contain a specific FQDN"
input FqdnContainerSearchFqdnInput {
fqdn: Fqdn!
}
"Input for searching FQDN typed container to download its content"
input DownloadFqdnContainerFileInput {
by: ObjectRefBy!
input: String!
}
type IpAddressRangeContainerMutations {
addValues(input: IpAddressRangeContainerAddValuesInput!): IpAddressRangeContainerAddValuesPayload! @beta
createFromFile(input: CreateIpAddressRangeContainerFromFileInput!): CreateIpAddressRangeContainerFromFilePayload! @beta
createFromList(input: CreateIpAddressRangeContainerFromListInput!): CreateIpAddressRangeContainerFromListPayload! @beta
createFromURL(input: CreateIpAddressRangeContainerFromUrlInput!): CreateIpAddressRangeContainerFromUrlPayload! @beta
removeValues(input: IpAddressRangeContainerRemoveValuesInput!): IpAddressRangeContainerRemoveValuesPayload! @beta
syncFromURL(input: SyncIpAddressRangeContainerFromUrlInput!): SyncIpAddressRangeContainerFromUrlPayload! @beta
updateFromFile(input: UpdateIpAddressRangeContainerFromFileInput!): UpdateIpAddressRangeContainerFromFilePayload! @beta
updateFromList(input: UpdateIpAddressRangeContainerFromListInput!): UpdateIpAddressRangeContainerFromListPayload! @beta
updateFromURL(input: UpdateIpAddressRangeContainerFromUrlInput!): UpdateIpAddressRangeContainerFromUrlPayload! @beta
}
type IpAddressRangeContainerQueries {
downloadFile(input: DownloadIpAddressRangeContainerFileInput!): DownloadIpAddressRangeContainerFilePayload! @beta
search(input: IpAddressRangeContainerSearchInput!): IpAddressRangeContainerSearchPayload! @beta
searchIpAddressRange(input: IpAddressRangeContainerSearchIpAddressRangeInput!): IpAddressRangeContainerSearchIpAddressRangePayload! @beta
testFromURL(input: TestContainerFromUrlInput!): TestContainerFromUrlPayload! @beta
}
"A group with members of IPAddressRange type"
type IpAddressRangeContainer implements Container {
"Audit metadata about the container"
audit: ContainerAudit!
"Description for the container"
description: String
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Number of items in the container"
size: Int!
"Information about automatic synchronization of the container"
syncData: ContainerSyncData
"Audit information about the last synchronization of the container"
syncDataAudit: ContainerSyncDataAudit
}
"Payload of IPAddressRange container search"
type IpAddressRangeContainerSearchPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of IPAddressRange search query"
type IpAddressRangeContainerSearchIpAddressRangePayload {
"List of containers with members of type IPAddressRange"
containers: [IpAddressRangeContainer!]!
}
"Payload of AddValues operation on IPAddressRange typed container"
type IpAddressRangeContainerAddValuesPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of AddValues operation on IPAddressRange typed container"
type IpAddressRangeContainerRemoveValuesPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of CreateFromFile operation on IPAddressRange typed container"
type CreateIpAddressRangeContainerFromFilePayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of UpdateFromFile operation on IPAddressRange typed container"
type UpdateIpAddressRangeContainerFromFilePayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of CreateFromList operation on IPAddressRange typed container"
type CreateIpAddressRangeContainerFromListPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of UpdateFromList operation on IPAddressRange typed container"
type UpdateIpAddressRangeContainerFromListPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
type CreateIpAddressRangeContainerFromUrlPayload {
container: IpAddressRangeContainer!
}
type UpdateIpAddressRangeContainerFromUrlPayload {
container: IpAddressRangeContainer!
}
type SyncIpAddressRangeContainerFromUrlPayload {
container: IpAddressRangeContainer!
}
"Payload of download IPAddressRange typed container file"
type DownloadIpAddressRangeContainerFilePayload {
"Content of a file encoded in base64 format"
encodedFile: String!
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Input for creating IPAddressRange typed container from file"
input CreateIpAddressRangeContainerFromFileInput {
"Description for the container"
description: String!
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Name for the container"
name: String!
"Multipart file containing IPAddressRanges with fileType delimiter"
uploadFile: Upload
}
input CreateIpAddressRangeContainerFromListInput {
description: String!
name: String!
values: [IpAddressRangeInput!]! = []
}
"Input for updating existing IPAddressRange typed container from file"
input UpdateIpAddressRangeContainerFromFileInput {
"Description for the container"
description: String
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
"Multipart file containing IPAddressRanges with fileType delimiter"
uploadFile: Upload
}
input UpdateIpAddressRangeContainerFromListInput {
description: String!
ref: ContainerRefInput!
values: [IpAddressRangeInput!]
}
"Input for adding values to existing IPAddressRange typed container"
input IpAddressRangeContainerAddValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [IpAddressRangeInput!]! = []
}
"Input for removing values from existing IPAddressRange typed container"
input IpAddressRangeContainerRemoveValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [IpAddressRangeInput!]! = []
}
input CreateIpAddressRangeContainerFromUrlInput {
description: String! = ""
fileType: ContainerFileType! = CSV
name: String!
syncData: CreateContainerSyncDataInput!
}
input UpdateIpAddressRangeContainerFromUrlInput {
description: String
fileType: ContainerFileType = CSV
ref: ContainerRefInput!
syncData: UpdateContainerSyncDataInput
}
input SyncIpAddressRangeContainerFromUrlInput {
ref: ContainerRefInput!
}
"Filtering input to IPAddressRange container search"
input IpAddressRangeContainerSearchInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Input for searching IPAddressRange typed containers that contain a specific IPAddressRange"
input IpAddressRangeContainerSearchIpAddressRangeInput {
ipAddressRange: IpAddressRangeInput!
}
"Input for searching IPAddressRange typed container to download its content"
input DownloadIpAddressRangeContainerFileInput {
by: ObjectRefBy!
input: String!
}
type AccountSnapshot {
"""Unique Identifier of Account"""
id: ID
"Sites includes information about online as well as offline sites"
sites(
"""
List of Unique Site Identifiers. If specified, only sites in list will be returned
"""
siteIDs: [ID!]
ids: [Int!] @deprecated(reason: "by siteIDs")
): [SiteSnapshot!]
timestamp: DateTime
"VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested"
users(
"request specific IDs, regardless of if connected or not"
userIDs: [ID!]
ids: [Int!] @deprecated(reason: "by userIDs")
): [UserSnapshot!]
}
"""A general structure to contain IP detailed information"""
type IPInfo {
"""Geolocation city"""
city: String
"""Geolocation ISO country code"""
countryCode: String
"""Geolocation country name"""
countryName: String
"""IP address of the link"""
ip: String
"""Geolocation latitude for the ISP"""
latitude: Float
"""Geolocation longitude for the ISP"""
longitude: Float
"""ISP Internet provider"""
provider: String
"""Geolocation state"""
state: String
}
"""Basic information about socket"""
type SocketInfo {
"""Unique ID for Socket"""
id: String
"""
For HA configurations, when this boolean value is true, this the primary Socket
"""
isPrimary: Boolean
"""Shows Socket type"""
platform: SocketPlatform
"""Serial number for the Socket"""
serial: String
"""Software version number that is currently installed on the Socket"""
version: String
"""Timestamp when the Socket upgraded to the current hardware version"""
versionUpdateTime: DateTime
}
"""Basic IPSec configuration information"""
type IPSecInfo {
"""The source IP address for the IPsec tunnel in the Cato Cloud"""
catoIP: String
"""Shows 1 for IKEv1 and 2 for IKEv2"""
ikeVersion: Int
"""
For HA configurations, when this boolean value is true, this the primary IPsec firewall or routing device
"""
isPrimary: Boolean
"""The destination IP address for the IPsec tunnel (in the site)"""
remoteIP: String
"""List of tunnels configured on the device"""
tunnelConfig: [TunnelConfig!]!
}
type TunnelConfig {
"""The Local ID of the IPsec tunnel, specific to this tunnel"""
localId: String
"""Unique identifier for each tunnel"""
tunnelId: String
"""
The destination IP address for the IPsec tunnel (in the site), specific to this tunnel
"""
tunnelRemoteIdentifier: String
}
"""Basic Socket Interface configuration information"""
type InterfaceInfo {
"""The destination type configured to the Socket interface"""
destType: String
"""
Maximum allowed bandwidth for traffic on this port, from the Cato Cloud to the site
"""
downstreamBandwidth: Int
"""
Maximum allowed bandwidth for traffic on this port in MBPS with single decimal point, from the Cato Cloud to the site
"""
downstreamBandwidthMbpsPrecision: Float @beta
"""ID for the Socket port in the Socket WebUI Monitor tab"""
id: ID!
"""Name for the port in the Cato Management Application"""
name: String
"""
Maximum allowed bandwidth on this port, for traffic from the site to the Cato Cloud
"""
upstreamBandwidth: Int
"""
Maximum allowed bandwidth on this port in MBPS with single decimal point, for traffic from the site to the Cato Cloud
"""
upstreamBandwidthMbpsPrecision: Float @beta
"""Role for the WAN interface"""
wanRole: SocketInterfaceWanRole @beta
}
"""Basic Site configuration information"""
type SiteInfo {
"""Address of the physical site location"""
address: String
"""City of the physical site location"""
cityName: String
"""
The Connection Type field defines how the site connects to the Cato Cloud, such as X1500 Socket or AWS vSocket (array with nested fields)
"""
connType: ProtoType
"""Code for the Country that is the physical location of the site"""
countryCode: String
"""Country that is the physical location of the site"""
countryName: String
"""State of the country that is the physical site location"""
countryStateName: String
"""Timestamp for when the site was created"""
creationTime: DateTime
"""User defined description of the site"""
description: String
"""Basic configuration information about the Socket interface"""
interfaces: [InterfaceInfo!]
"""data related to IPsec sites, such as IKE version"""
ipsec: [IPSecInfo!]
"""
When this boolean value is true, the site is enabled for high availability
"""
isHA: Boolean
"""Name for the site"""
name: String
"""Geographical PoP region that the site is licensed to use"""
region: String
"""
Data related to Socket and vSocket sites, such as serial number and Socket version (array with nested fields)
"""
sockets: [SocketInfo!]
"""
Site type in the Cato Management Application, such as branch office or datacenter
"""
type: SiteType
}
"""Basic Site Ha readiness information"""
type HaStatus {
keepalive: HaSubStatus
readiness: HaReadiness
socketVersion: HaSubStatus
wanConnectivity: HaSubStatus
}
"Basic User configuration information"
type UserInfo {
"Additional authentication mechanism, currently MFA or NONE"
authMethod: String
"""Timestamp when the VPN user was created in the account"""
creationTime: DateTime
"""Email address of the VPN user"""
email: String
"""Name of the VPN user"""
name: String
"User creation mechanism, current supported REGULAR or LDAP"
origin: String
"""Phone number for the VPN user"""
phoneNumber: String
"""Status of the Client as the type STRING"""
status: OperationalStatus
}
type RecentConnection {
"""Serial number for the Device"""
deviceName: String
"The duration of the connection"
duration: Int
"""Name for the port in the Cato Management Application"""
interfaceName: String
"The last time this connection was detected (so lastConnected - duration is the start of the connection"
lastConnected: DateTime
"The name of the PoP that the traffic flow was connected to"
popName: String
"""IP address the ISP allocates to the WAN link"""
remoteIP: String
"""
IP address, ISP, and geographical information related to the PoP that the traffic flow was connected to
"""
remoteIPInfo: IPInfo
}
type InterfaceLinkState {
"""Shows the duplex mode for the link"""
duplex: String
"""Indicates if the WAN interface has an IP address"""
hasAddress: Boolean
"""Indicates if the interface is connected to the Internet"""
hasInternet: Boolean
"""Indicates if a connection has been established with the Cato Cloud"""
hasTunnel: Boolean
"""The ID for the specific Socket port, for example LAN1 or LAN2"""
id: ID
"""Shows the maximum bandwidth configured for the link"""
linkSpeed: String
"""Indicates if there is a physical connection to the port"""
mediaIn: Boolean
"""When this boolean value is true, then the link for the port is up"""
up: Boolean
}
type DeviceSnapshot {
"""
A boolean value that indicates if the site is connected to the Cato Cloud
"""
connected: Boolean
"""For connected devices (this somewhat overlaps to last duration)"""
connectedSince: DateTime
"""Indicates the Socket uptime"""
deviceUptime: Int
"""
Shows if this is the primary or secondary Socket in high availability mode
"""
haRole: String
"""Unique internal Cato ID for the Socket"""
id: ID
"""Unique identifier for the device"""
identifier: String
"""Snapshot data for outbound facing interfaces"""
interfaces: [InterfaceSnapshot!]
"""
Information of the link state of various interfaces in the devices. Unlike the `interfacess` field, it contains
all links of the device, not just the outbound facing ones
"""
interfacesLinkState: [InterfaceLinkState!]
"""Device's internal IP in the account's routing table"""
internalIP: String
"""The last time the device was seen"""
lastConnected: DateTime
"""
The uptime of the last tunnel from this device (or current), in seconds
"""
lastDuration: Int
"""The ID of the PoP that the Socket is connected to"""
lastPopID: Int
"""The PoP name that the Socket is connected to"""
lastPopName: String
"""The time the mfa cookie (for sdp users) was created"""
mfaCreationTime: Int
"""Shows the amount of time remaining before the MFA token expires"""
mfaExpirationTime: Int
"""Name of the device"""
name: String
"""Operating system of the Device."""
osType: String
"""Version of the Socket operating system"""
osVersion: String
"""Data related to the most recent completed traffic flows"""
recentConnections: [RecentConnection!]
"""Shows the release group for the site"""
releaseGroup: String
"""Shows data related to the Socket, such as version and serial number"""
socketInfo: SocketInfo
"""Shows the Socket model or vSocket type"""
type: String
"""Device version"""
version: String
"""Device major version"""
versionNumber: Int
}
type InterfaceSnapshot {
"""State of the BGP tunnel to the Cato Cloud"""
bgpState: BgpState
"""Information about cellular (LTE) interface"""
cellularInterfaceInfo: CellularInterface
"""Shows if the WAN link is connected to the PoP"""
connected: Boolean
"""Interface ID for the WAN link"""
id: ID
"""
data about the WAN link that is configured in the Socket Configuration window for the site
"""
info: InterfaceInfo
"""WAN link name in the Cato Management Application"""
name: String
"""Interface Natural order for WAN link"""
naturalOrder: Int
"""Physical WAN port on the Socket"""
physicalPort: Int
"""The name of the PoP that the WAN link is connected to"""
popName: String
"""
The ID of the PoP that the WAN link was connected to before the current one
"""
previousPopID: Int
"""
The name of the PoP that the WAN link was connected to before the current one
"""
previousPopName: String
"""
Reason that the tunnel required a new connection (for example, PoP or Socket restarted)
"""
tunnelConnectionReason: String
"""IP address of the WAN ISP"""
tunnelRemoteIP: String
"""IP address, ISP, and geographical information related to the WAN ISP"""
tunnelRemoteIPInfo: IPInfo
"""Number of seconds that the tunnel is connected to a PoP"""
tunnelUptime: Int
type: String @deprecated(reason: "No longer supported")
}
type Metrics {
"""total downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream: Float
"""total traffic for the site"""
bytesTotal: Float
"""total upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream: Float
"""total amount of time for the site data"""
duration: Int
"""
The number of flows (connections) in the tunnel. Relevant only for per site Metrics, ignored in per-interface
metrics.
"""
flowCount: Float
"""duration in seconds for a single metrics bucket"""
granularity: Int
"""
The number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics.
"""
hostCount: Float
"""
The configurable limit of the number of hosts in the tunnel. Relevant only for per site Metrics, ignored in
per-interface metrics.
"""
hostLimit: Float
"""
jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream: Float
"""
jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream: Float
"""number of packets lost for downstream traffic"""
lostDownstream: Float
"""percent of packet loss for downstream traffic"""
lostDownstreamPcnt: Float
"""number of packets lost for upstream traffic"""
lostUpstream: Float
"""percent of packet loss for upstream traffic"""
lostUpstreamPcnt: Float
"""total packets discarded for downstream traffic"""
packetsDiscardedDownstream: Float
"""total packets discarded for upstream traffic"""
packetsDiscardedUpstream: Float
"""total downstream packets"""
packetsDownstream: Float
"""total upstream packets"""
packetsUpstream: Float
"""round-trip time from the site to the Cato Cloud"""
rtt: Int
}
type CellularInterface {
"""
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch.
"""
apn: String
"""
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI).
"""
apnSelectionMethod: ApnMethod
"""
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out).
"""
disconnectionReason: CellularDisconnectionReason
"""Unique identifier (20-digit number) for the modem."""
iccid: String
"""Unique identifier (15-digit number) for a specific SIM."""
imei: String
"""
Indicates if the cellular modem is currently connected to the internet.
"""
isModemConnected: Boolean!
"""Indicates if the modem is currently suspended."""
isModemSuspended: Boolean!
"""Indicates whether roaming is enabled."""
isRoamingAllowed: Boolean!
"""Indicates whether a SIM is detected in the first slot."""
isSimSlot1Detected: Boolean!
"""Indicates whether a SIM is detected in the second slot."""
isSimSlot2Detected: Boolean!
"""
Represents the current status of the modem. Valid values are Error, OK, or Unknown.
"""
modemStatus: CellularModemStatus
"""2G, 3G, or 4G"""
networkType: CellularNetworkType
"""Displays the operator or carrier name, such as Verizon."""
operatorName: String
"""
Represents the signal strength of the cellular connection, in units of calculation.
"""
signalStrength: String
"""The phone number associated with the SIM."""
simNumber: String
"""
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default.
"""
simSlotId: Int
}
enum CellularNetworkType {
TYPE_2G
TYPE_3G
TYPE_4G
TYPE_UNKNOWN
}
enum SocketInterfaceWanRole {
NONE
WAN_1
WAN_2
WAN_3
WAN_4
}
enum CellularModemStatus {
STATUS_ERROR
STATUS_OK
STATUS_UNKNOWN
}
enum CellularDisconnectionReason {
REASON_NONE
REASON_TIMEOUT
}
enum ApnMethod {
METHOD_AUTO
METHOD_MANUAL
METHOD_UNKNOWN
}
enum HaReadiness {
not_ready
ready
}
enum HaSubStatus {
fail
ok
}
enum ConnectivityStatus {
"""Connected to the Cato Cloud"""
connected
"""Disconnected from the Cato Cloud"""
disconnected
}
enum OperationalStatus {
"""Passing traffic"""
active
"""Disabled in the Cato Management Application"""
disabled
"""License has expired for this site and you can't configure it"""
locked
"""After you create the site before it is connected to the Cato Cloud"""
new
"For VPN users only"
pending_code_generation
"For VPN users only"
pending_mfa_configuration
"For VPN users only"
pending_user_configuration
}
type UserSnapshot {
"""
In this state the client does not create its own connection, but reuses
the Office's socket connection
"""
connectedInOffice: Boolean
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"The host name of the device"
deviceName: String
"""Data related to the Client"""
devices: [DeviceSnapshot!]
"""VPN user ID"""
id: ID
"""General information about the VPN user"""
info: UserInfo
"""IP address of the PoP that the Client is connected to"""
internalIP: String
"Last time the user was connected (relevant if not currently connected)"
lastConnected: DateTime
"User name from configuration, same as info.name"
name: String
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""Operating system of the device the Client is running on"""
osType: String
"""Version of the operating system for the device"""
osVersion: String
"""ID of the PoP that the Client is connected to"""
popID: Int
"""Name of the PoP that the VPN user is connected to"""
popName: String
"""Data related to the most recent completed VPN connections"""
recentConnections: [RecentConnection!]
"""IP address of the Client"""
remoteIP: String
"""IP address, ISP, and geographical information related to the Client"""
remoteIPInfo: IPInfo
"How long has the user been connected (in seconds)"
uptime: Int
"VPN client version string"
version: String
"VPN client version number"
versionNumber: Int
}
type SiteSnapshot {
"""Alternative WAN connectivity status"""
altWanStatus: String
"""For connected sites, since when are they connected"""
connectedSince: DateTime
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"""Degraded status and details"""
degradedStatus: DegradedStatus
"""Data related to the Sockets for a site"""
devices: [DeviceSnapshot!]
"""Site HA readiness information"""
haStatus: HaStatus
"""Number of hosts connected to a site"""
hostCount: Int
"""site ID"""
id: ID
"""General real-time information about the site"""
info: SiteInfo
"""
Relevant when the site is disconnected - the last time the device was connected
"""
lastConnected: DateTime
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""Name of the PoP that the site is connected to"""
popName: String
protoId: ID
}
enum DegradedStatusReason {
ALT_WAN_DISCONNECTED
CROSS_CONNECT_CIRCUIT_DISCONNECTED
HA_NOT_READY_INCOMPATIBLE_MAJOR_SOCKET_VERSIONS
HA_NOT_READY_NO_KEEPALIVE
HA_NOT_READY_SOCKET_DISCONNECTED
IPSEC_MULTI_TUNNEL_TUNNEL_DISCONNECTED
IPSEC_TUNNEL_DISCONNECTED
LAN_DISCONNECTED
LAN_LAG_DISCONNECTED
LAN_LAG_MEMBER_DISCONNECTED
WAN_DISCONNECTED
WAN_TUNNEL_DISCONNECTED
}
type DegradedStatus {
degradedDetails: [DegradedDetail!]!
isDegraded: Boolean!
}
type DegradedDetail {
args: DegradedStatusArgs
reason: DegradedStatusReason!
}
union DegradedStatusArgs = DegradedStatusSocketVersionsArgs | DegradedStatusBasicDataArgs | DegradedStatusSocketArgs | DegradedStatusLastConnectedArgs | DegradedStatusMultiTunnelArgs
type DegradedStatusLastConnectedArgs {
lastConnectedDate: DateTime
}
type DegradedStatusBasicDataArgs {
deviceName: String!
lastConnectedDate: DateTime
}
type DegradedStatusSocketArgs {
deviceName: String!
lastConnectedDate: DateTime
portID: ID!
portName: String!
}
type DegradedStatusSocketVersionsArgs {
primaryVersion: String!
secondaryVersion: String!
}
type DegradedStatusMultiTunnelArgs {
deviceName: String!
lastConnectedDate: DateTime
tunnelID: ID!
tunnelName: String!
}
enum BgpState {
Active
Connect
Established
Idle
OpenConfirm
OpenSent
StateMAX
}
type CatalogQueries {
catalogApplication(input: ApplicationRefInput!): CatalogApplication @beta
catalogApplicationList(input: CatalogApplicationListInput!): CatalogApplicationListPayload @beta
contentTypeGroupList(input: CatalogApplicationContentTypeGroupListInput!): CatalogApplicationContentTypeGroupListPayload @beta
}
type CatalogApplicationContentType {
id: ID!
name: String!
}
type CatalogApplicationContentTypeGroup {
contentType: [CatalogApplicationContentType!]!
id: ID!
name: String!
}
input CatalogApplicationContentTypeGroupListInput {
filter: [CatalogApplicationContentTypeGroupFilterInput!]
paging: PagingInput = {limit: 100, from: 0}
sort: CatalogApplicationContentTypeGroupSortInput
}
input CatalogApplicationContentTypeGroupSortInput {
name: SortOrderInput
}
input CatalogApplicationListInput {
filter: [CatalogApplicationFilterInput!]
paging: PagingInput = {limit: 100, from: 0}
sort: CatalogApplicationSortInput
}
input CatalogApplicationContentTypeGroupFilterInput {
contentType: [CatalogApplicationContentTypeFilterInput!]
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CatalogApplicationContentTypeFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CatalogApplicationFilterInput {
activity: [CatalogApplicationActivityFilterInput!]
capability: [CatalogApplicationCapabilityFilterInput!]
category: [CatalogApplicationCategoryFilterInput!]
id: [IdFilterInput!]
name: [StringFilterInput!]
recentlyAdded: [BooleanFilterInput!]
risk: [IntFilterInput!]
tenantActivity: [BooleanFilterInput!]
type: [CatalogApplicationTypeFilterInput!]
}
input CatalogApplicationTypeFilterInput {
eq: CatalogApplicationType
in: [CatalogApplicationType!]
neq: CatalogApplicationType
nin: [CatalogApplicationType!]
}
input CatalogApplicationCapabilityFilterInput {
hasAny: [CatalogApplicationCapability!]
}
input CatalogApplicationCategoryFilterInput {
hasAny: [ApplicationCategoryRefInput!]
}
input CatalogApplicationActivityFilterInput {
hasAny: [CatalogApplicationActivityRefInput!]
}
input CatalogApplicationActivityRefInput {
by: ObjectRefBy! = ID
input: String!
}
input CatalogApplicationSortInput {
category: CatalogApplicationCategorySortInput
description: SortOrderInput
name: SortOrderInput
risk: SortOrderInput
type: SortOrderInput
}
input CatalogApplicationCategorySortInput {
name: SortOrderInput
}
enum CatalogApplicationType {
APPLICATION
CLOUD_APPLICATION
SERVICE
}
type CatalogApplicationContentTypeGroupListPayload {
contentTypeGroup: [CatalogApplicationContentTypeGroup!]!
pageInfo: PageInfo!
}
type CatalogApplicationListPayload {
application: [CatalogApplication!]!
pageInfo: PageInfo!
}
type CatalogApplicationActivityField {
id: ID!
name: String!
possibleOperators: [CatalogApplicationActivityFieldOperator!]!
possibleValues: [String!]!
}
enum CatalogApplicationActivityFieldOperator {
CONTAINS
GREATER_THAN
IN
IS
LESS_EQUALS
}
type CatalogApplicationActivity {
fields: [CatalogApplicationActivityField!]!
id: ID!
name: String!
}
enum CatalogApplicationAttribute {
SUPPORTED
UNKNOWN
UNSUPPORTED
}
enum CatalogApplicationCapability {
AI_SECURITY_API_INTEGRATION
AI_SECURITY_BROWSER_PLUGIN
AI_SECURITY_NETWORK_PROXY
ANTI_MALWARE_INLINE
APP_CONTROL_API
APP_CONTROL_INLINE
DATA_PROTECTION_API
DATA_PROTECTION_INLINE
FILE_CONTROL_INLINE
FIREWALL_INTLINE
LAN_FIREWALL
}
type CatalogApplicationComplianceAttributes {
c5Attestation: CatalogApplicationAttribute
cjis: CatalogApplicationAttribute
cobit: CatalogApplicationAttribute
coppa: CatalogApplicationAttribute
csaStar: CatalogApplicationAttribute
cyberEssentialsPlusUk: CatalogApplicationAttribute
euUsDataPrivacyFramework: CatalogApplicationAttribute
fedRamp: CatalogApplicationAttribute
ferpa: CatalogApplicationAttribute
ffiec: CatalogApplicationAttribute
finra: CatalogApplicationAttribute
fisma: CatalogApplicationAttribute
gapp: CatalogApplicationAttribute
gdpr: CatalogApplicationAttribute
glba: CatalogApplicationAttribute
hippa: CatalogApplicationAttribute!
hitrustCsf: CatalogApplicationAttribute
isae3402: CatalogApplicationAttribute!
iso27001: CatalogApplicationAttribute!
iso27002: CatalogApplicationAttribute
iso27017: CatalogApplicationAttribute
iso27018: CatalogApplicationAttribute
iso9000: CatalogApplicationAttribute
iso9001: CatalogApplicationAttribute
itar: CatalogApplicationAttribute
japanPrivacyMark: CatalogApplicationAttribute
jerichoForumCommandments: CatalogApplicationAttribute
nistSp80053: CatalogApplicationAttribute
pciDss: CatalogApplicationAttribute!
soc1: CatalogApplicationAttribute!
soc2: CatalogApplicationAttribute!
soc3: CatalogApplicationAttribute!
sox: CatalogApplicationAttribute!
trustArcPrivacy: CatalogApplicationAttribute
}
enum CatalogApplicationDataRetentionPolicy {
CONFIGURABLE_BY_USER
DAYS_1_30
DELETION_UPON_REQUEST
MONTHS_1_12
MORE_THAN_1_YEAR
UNKNOWN
WHILE_ACCOUNT_IS_ACTIVE
}
enum CatalogApplicationDataDeletionPolicy {
AFTER_ACCOUNT_DELETION
IMMEDIATE_ON_REQUEST
NOT_OFFERED
UNKNOWN
WITHIN_30_DAYS
WITHIN_90_DAYS
}
enum CatalogApplicationDataOwnership {
CUSTOMER_OWNS_DATA
SHARED_OWNERSHIP
UNKNOWN
VENDOR_OWNS_DATA
}
enum CatalogApplicationEncryptionStrengthAtRest {
ENCRYPTION_128_BIT
ENCRYPTION_192_BIT
ENCRYPTION_256_BIT
ENCRYPTION_GT_256_BIT
ENCRYPTION_NOT_DISCLOSED
ENCRYPTION_UNKNOWN
}
enum CatalogApplicationWeakCipherSupport {
DES_3
MULTIPLE_WEAK_CIPHERS
NONE
RC4
SHA_1
TLS_1_0_1_1
UNKNOWN
}
enum CatalogApplicationTlsVersionSupport {
TLS_1_1_OR_OLDER
TLS_1_2
TLS_1_2_PLUS
TLS_1_3
UNKNOWN
}
type CatalogApplicationSecurityAttributes {
auditTrail: CatalogApplicationAttribute!
dataDeletionPolicy: CatalogApplicationDataDeletionPolicy
dataOwnership: CatalogApplicationDataOwnership
dataRetentionPolicy: CatalogApplicationDataRetentionPolicy
dataSegregatedByTenant: CatalogApplicationAttribute
disasterRecovery: CatalogApplicationAttribute
encryptionAtRest: CatalogApplicationAttribute!
encryptionInTransit: CatalogApplicationAttribute
encryptionStrengthAtRest: CatalogApplicationEncryptionStrengthAtRest
httpSecurityHeaders: CatalogApplicationAttribute!
mfa: CatalogApplicationAttribute!
physicalDataCenterSecurity: CatalogApplicationAttribute
privacyPolicyUrl: String
rbac: CatalogApplicationAttribute!
rememberPassword: CatalogApplicationAttribute!
sso: CatalogApplicationAttribute!
termsOfUseCustomerProtectionUrl: String
tlsEnforcement: CatalogApplicationAttribute!
tlsVersionSupport: CatalogApplicationTlsVersionSupport
trustedCertificate: CatalogApplicationAttribute!
weakCipherSupport: CatalogApplicationWeakCipherSupport
}
type CatalogApplicationIdentityAccessManagementAttributes {
accessControlEnforcement: CatalogApplicationAttribute
ipBasedAccessRestrictions: CatalogApplicationAttribute
samlAuthentication: CatalogApplicationAttribute
}
enum EmployeeRange {
"1-10 employees"
BETWEEN_00001_00010
"11-50 employees"
BETWEEN_00011_00050
"51-100 employees"
BETWEEN_00051_00100
"101-250 employees"
BETWEEN_00101_00250
"251-500 employees"
BETWEEN_00251_00500
"501-1,000 employees"
BETWEEN_00501_01000
"1,001-5,000 employees"
BETWEEN_01001_05000
"5,001-10,000 employees"
BETWEEN_05001_10000
"10,000+ employees"
BETWEEN_10001_MAX
}
enum AiSecurityRisk {
CRITICAL
HIGH
LOW
MEDIUM
}
enum AiSecurityScope {
EMBEDDED
NATIVE
}
enum AiSecurityDataUsagePolicyType {
GENERAL_DATA_USAGE
NO_DATA_USAGE
NOT_MENTIONED
TRAINS_ON_DATA
}
type AiSecurityDataUsagePolicy {
description: String
reference: String
referenceType: String
referenceUrl: String
type: AiSecurityDataUsagePolicyType
}
type AiSecurityAttributes {
dataUsagePolicy: AiSecurityDataUsagePolicy
risk: AiSecurityRisk
scope: AiSecurityScope
}
type CatalogApplication {
activity: [CatalogApplicationActivity!]!
aiSecurity: AiSecurityAttributes
capability: [CatalogApplicationCapability!]!
category: [ApplicationCategoryRef!]!
city: String
complianceAttributes: CatalogApplicationComplianceAttributes!
description: String
descriptionSummary: String
id: ID!
identityAccessManagementAttributes: CatalogApplicationIdentityAccessManagementAttributes
ipoStatus: String
name: String!
numOfEmployees: EmployeeRange
originCountry: CountryRef
recentlyAdded: Boolean!
region: String
risk: ApplicationRisk
sanctioned: Boolean!
securityAttributes: CatalogApplicationSecurityAttributes!
standardPorts: [CustomService!]!
tenantActivity: [CatalogApplicationActivity!]!
type: CatalogApplicationType!
website: Url
}
"Allowed actions"
enum AppTenantRestrictionActionEnum {
"Do not inject any Headers nor Values for outgoing traffic"
BYPASS
"Inject Headers and Values for outgoing traffic"
INJECT_HEADERS
}
input AppTenantRestrictionAddRuleDataInput {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum! = INJECT_HEADERS
"Applications for the rule (pre-defined)"
application: ApplicationRefInput!
description: String! = ""
enabled: Boolean!
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValueInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum! = HIGH
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: [], country: []}
}
input AppTenantRestrictionAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: AppTenantRestrictionAddRuleDataInput!
}
"pair of header name and value"
type AppTenantRestrictionHeaderValue {
"Header to inject"
name: HttpHeaderName!
"Value to inject"
value: HttpHeaderValue!
}
"pair of header name and value"
input AppTenantRestrictionHeaderValueInput {
"Header to inject"
name: HttpHeaderName!
"Value to inject"
value: HttpHeaderValue!
}
type AppTenantRestrictionPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [AppTenantRestrictionRulePayload!]!
sections: [PolicySectionPayload!]!
}
input AppTenantRestrictionPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input AppTenantRestrictionPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type AppTenantRestrictionPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: AppTenantRestrictionPolicy
status: PolicyMutationStatus!
}
type AppTenantRestrictionPolicyMutations {
addRule(input: AppTenantRestrictionAddRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): AppTenantRestrictionPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): AppTenantRestrictionPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): AppTenantRestrictionPolicyMutationPayload! @beta
removeRule(input: AppTenantRestrictionRemoveRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: AppTenantRestrictionPolicyUpdateInput!): AppTenantRestrictionPolicyMutationPayload! @beta
updateRule(input: AppTenantRestrictionUpdateRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type AppTenantRestrictionPolicyQueries {
policy(input: AppTenantRestrictionPolicyInput): AppTenantRestrictionPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input AppTenantRestrictionPolicyUpdateInput {
state: PolicyToggleState
}
input AppTenantRestrictionRemoveRuleInput {
id: ID!
}
type AppTenantRestrictionRule implements IPolicyRule {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum!
"Applications for the rule (pre-defined)"
application: ApplicationRef!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValue!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSource!
}
type AppTenantRestrictionRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: AppTenantRestrictionRulePayload
status: PolicyMutationStatus!
}
type AppTenantRestrictionRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: AppTenantRestrictionRule!
}
"Severity options"
enum AppTenantRestrictionSeverityEnum {
"High severity"
HIGH
"Low severity"
LOW
"Medium severity"
MEDIUM
}
"Returns the settings for Source of an App Tenant Restriction rule"
type AppTenantRestrictionSource {
"Source country traffic matching criteria."
country: [CountryRef!]!
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an App Tenant Restriction rule"
input AppTenantRestrictionSourceInput {
"Source country traffic matching criteria."
country: [CountryRefInput!]! = []
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an App Tenant Restriction rule"
input AppTenantRestrictionSourceUpdateInput {
"Source country traffic matching criteria."
country: [CountryRefInput!]
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input AppTenantRestrictionUpdateRuleDataInput {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
description: String
enabled: Boolean
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValueInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSourceUpdateInput
}
input AppTenantRestrictionUpdateRuleInput {
id: ID!
rule: AppTenantRestrictionUpdateRuleDataInput!
}
"Access method matching configuration"
type ApplicationControlAccessMethod {
"Specifies the access method type"
accessMethod: ApplicationControlAccessMethodType!
"Defines the comparison operator"
operator: ApplicationControlOperator!
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRef
}
"Access method matching configuration"
input ApplicationControlAccessMethodInput {
"Specifies the access method type"
accessMethod: ApplicationControlAccessMethodType! = USER_AGENT
"Defines the comparison operator"
operator: ApplicationControlOperator! = IS
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRefInput
}
"Application Control Access Method Type"
enum ApplicationControlAccessMethodType {
"User agent identification method"
USER_AGENT
}
"Application Control Action"
enum ApplicationControlAction {
"Permit the action"
ALLOW
"Prevent the action"
BLOCK
"Log the action without enforcement"
MONITOR
}
"Activity matching configuration"
type ApplicationControlActivity {
"References the application control activity type"
activity: ApplicationControlActivityRef!
"References specific application control activity fields associated with the activity type"
field: ApplicationControlActivityFieldRef
"Defines the operator used for comparisons"
operator: ApplicationControlOperator
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRef
}
"Activity matching configuration"
input ApplicationControlActivityInput {
"References the application control activity type"
activity: ApplicationControlActivityRefInput!
"References specific application control activity fields associated with the activity type"
field: ApplicationControlActivityFieldRefInput
"Defines the operator used for comparisons"
operator: ApplicationControlOperator = IS
"Specifies the comparison value (used with all operators except IN)"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRefInput
}
input ApplicationControlAddRuleDataInput {
"Defines application control settings. Must only be used when ruleType is APPLICATION"
applicationRule: ApplicationControlApplicationRuleInput = {application: {applicationType: []}, applicationActivitySatisfy: ANY, applicationActivity: [], applicationContext: {applicationTenant: []}, accessMethod: [], source: {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}, device: [], action: BLOCK, tracking: {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}, schedule: {activeOn: ALWAYS}, severity: HIGH, applicationCriteriaSatisfy: ANY, applicationCriteria: {attributes: {complianceAttributes: {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}, securityAttributes: {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}}, originCountry: [], risk: []}}
"Defines data control settings. Must only be used when ruleType is DATA"
dataRule: ApplicationControlDataRuleInput = {application: {applicationType: []}, applicationContext: {applicationTenant: []}, applicationActivitySatisfy: ANY, applicationActivity: [], accessMethod: [], source: {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}, device: [], action: BLOCK, tracking: {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}, schedule: {activeOn: ALWAYS}, severity: HIGH, fileAttributeSatisfy: ANY, fileAttribute: [], dlpProfile: {contentProfile: [], edmProfile: []}}
description: String! = ""
enabled: Boolean!
"Defines file control settings. Must only be used when ruleType is FILE"
fileRule: ApplicationControlFileRuleInput = {application: {applicationType: []}, applicationActivitySatisfy: ANY, applicationActivity: [], accessMethod: [], source: {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}, device: [], action: BLOCK, tracking: {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}, schedule: {activeOn: ALWAYS}, severity: HIGH, fileAttributeSatisfy: ANY, fileAttribute: []}
name: String!
"""
Determines which rule configuration to use.
When set to APPLICATION, only applicationRule should be used.
When set to DATA, only dataRule should be used.
When set to FILE, only fileRule should be used
"""
ruleType: ApplicationControlRuleType! = APPLICATION
}
input ApplicationControlAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: ApplicationControlAddRuleDataInput!
}
"Application matching configuration. Only one of the following fields should be filled - the others must remain empty."
type ApplicationControlApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: ApplicationCategoryRef
"Applications for the rule (pre-defined)"
application: ApplicationRef
"Application types"
applicationType: [ApplicationType!]!
"Custom (user-defined) applications"
customApp: CustomApplicationRef
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: CustomCategoryRef
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: SanctionedAppsCategoryRef
}
"Application matching configuration. Only one of the following fields should be filled - the others must remain empty."
input ApplicationControlApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: ApplicationCategoryRefInput
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
"Application types"
applicationType: [ApplicationType!]! = []
"Custom (user-defined) applications"
customApp: CustomApplicationRefInput
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: CustomCategoryRefInput
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: SanctionedAppsCategoryRefInput
}
"Configuration for application-based control rules"
type ApplicationControlApplicationRule {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethod!]!
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction!
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplication!
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivity!]!
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy!
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContext!
"Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets"
applicationCriteria: ApplicationControlCriteria!
"Determines whether ANY or ALL criteria must match"
applicationCriteriaSatisfy: ApplicationControlSatisfy!
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRef!]!
"Defines time periods when the rule is active"
schedule: PolicySchedule!
"Indicates the rule's severity level"
severity: ApplicationControlSeverity!
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSource!
"Specifies event logging and notification settings"
tracking: PolicyTracking!
}
"Configuration for application-based control rules"
input ApplicationControlApplicationRuleInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]! = []
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction! = BLOCK
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationInput! = {applicationType: []}
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]! = []
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy! = ANY
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextInput! = {applicationTenant: []}
"Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets"
applicationCriteria: ApplicationControlCriteriaInput! = {attributes: {complianceAttributes: {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}, securityAttributes: {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}}, originCountry: [], risk: []}
"Determines whether ANY or ALL criteria must match"
applicationCriteriaSatisfy: ApplicationControlSatisfy! = ANY
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]! = []
"Defines time periods when the rule is active"
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Indicates the rule's severity level"
severity: ApplicationControlSeverity! = HIGH
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceInput! = {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Specifies event logging and notification settings"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Configuration for application-based control rules"
input ApplicationControlApplicationRuleUpdateInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationUpdateInput
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextUpdateInput
"Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets"
applicationCriteria: ApplicationControlCriteriaUpdateInput
"Determines whether ANY or ALL criteria must match"
applicationCriteriaSatisfy: ApplicationControlSatisfy
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]
"Defines time periods when the rule is active"
schedule: PolicyScheduleUpdateInput
"Indicates the rule's severity level"
severity: ApplicationControlSeverity
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceUpdateInput
"Specifies event logging and notification settings"
tracking: PolicyTrackingUpdateInput
}
"Application matching configuration. Only one of the following fields should be filled - the others must remain empty."
input ApplicationControlApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: ApplicationCategoryRefInput
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
"Application types"
applicationType: [ApplicationType!]
"Custom (user-defined) applications"
customApp: CustomApplicationRefInput
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: CustomCategoryRefInput
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: SanctionedAppsCategoryRefInput
}
"Attribute Value"
enum ApplicationControlAttributeValue {
"Any Value"
ANY
"Not Supported"
NOT_SUPPORTED
"Supported"
SUPPORTED
}
"Application attributes, such as compliance and security, see the app catalog for details"
type ApplicationControlAttributes {
"Compliance attributes"
complianceAttributes: ApplicationControlComplianceAttributes!
"Security attributes"
securityAttributes: ApplicationControlSecurityAttributes!
}
"Application attributes, such as compliance and security, see the app catalog for details"
input ApplicationControlAttributesInput {
"Compliance attributes"
complianceAttributes: ApplicationControlComplianceAttributesInput! = {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}
"Security attributes"
securityAttributes: ApplicationControlSecurityAttributesInput! = {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}
}
"Application attributes, such as compliance and security, see the app catalog for details"
input ApplicationControlAttributesUpdateInput {
"Compliance attributes"
complianceAttributes: ApplicationControlComplianceAttributesUpdateInput
"Security attributes"
securityAttributes: ApplicationControlSecurityAttributesUpdateInput
}
"Compliance attributes"
type ApplicationControlComplianceAttributes {
"HIPAA"
hippa: ApplicationControlAttributeValue!
"ISAE 3402"
isae3402: ApplicationControlAttributeValue!
"ISO 27001"
iso27001: ApplicationControlAttributeValue!
"PCI DSS"
pciDss: ApplicationControlAttributeValue!
"SOC 1"
soc1: ApplicationControlAttributeValue!
"SOC 2"
soc2: ApplicationControlAttributeValue!
"SOC 3"
soc3: ApplicationControlAttributeValue!
"SOX"
sox: ApplicationControlAttributeValue!
}
"Compliance attributes"
input ApplicationControlComplianceAttributesInput {
"HIPAA"
hippa: ApplicationControlAttributeValue! = ANY
"ISAE 3402"
isae3402: ApplicationControlAttributeValue! = ANY
"ISO 27001"
iso27001: ApplicationControlAttributeValue! = ANY
"PCI DSS"
pciDss: ApplicationControlAttributeValue! = ANY
"SOC 1"
soc1: ApplicationControlAttributeValue! = ANY
"SOC 2"
soc2: ApplicationControlAttributeValue! = ANY
"SOC 3"
soc3: ApplicationControlAttributeValue! = ANY
"SOX"
sox: ApplicationControlAttributeValue! = ANY
}
"Compliance attributes"
input ApplicationControlComplianceAttributesUpdateInput {
"HIPAA"
hippa: ApplicationControlAttributeValue
"ISAE 3402"
isae3402: ApplicationControlAttributeValue
"ISO 27001"
iso27001: ApplicationControlAttributeValue
"PCI DSS"
pciDss: ApplicationControlAttributeValue
"SOC 1"
soc1: ApplicationControlAttributeValue
"SOC 2"
soc2: ApplicationControlAttributeValue
"SOC 3"
soc3: ApplicationControlAttributeValue
"SOX"
sox: ApplicationControlAttributeValue
}
"Additional attributes for application control"
type ApplicationControlConfig {
"Data Control Enabled"
dataControlEnabled: PolicyToggleState!
}
input ApplicationControlConfigInput {
"Data Control Enabled"
dataControlEnabled: PolicyToggleState! = ENABLED
}
type ApplicationControlContext {
"Defines the name of the application tenant to which the policy rule applies"
applicationTenant: [ApplicationControlTenant!]!
}
input ApplicationControlContextInput {
"Defines the name of the application tenant to which the policy rule applies"
applicationTenant: [ApplicationControlTenantInput!]! = []
}
input ApplicationControlContextUpdateInput {
"Defines the name of the application tenant to which the policy rule applies"
applicationTenant: [ApplicationControlTenantInput!]
}
"Application criteria configuration"
type ApplicationControlCriteria {
"Application attributes, such as compliance and security, see the app catalog for details"
attributes: ApplicationControlAttributes!
"Application registered country of origin"
originCountry: [CountryRef!]!
"Application risk"
risk: [ApplicationControlRiskCriteria!]!
}
"Application criteria configuration"
input ApplicationControlCriteriaInput {
"Application attributes, such as compliance and security, see the app catalog for details"
attributes: ApplicationControlAttributesInput! = {complianceAttributes: {iso27001: ANY, sox: ANY, hippa: ANY, soc1: ANY, soc2: ANY, soc3: ANY, isae3402: ANY, pciDss: ANY}, securityAttributes: {mfa: ANY, encryptionAtRest: ANY, auditTrail: ANY, rbac: ANY, rememberPassword: ANY, sso: ANY, trustedCertificate: ANY, tlsEnforcement: ANY, httpSecurityHeaders: ANY}}
"Application registered country of origin"
originCountry: [CountryRefInput!]! = []
"Application risk"
risk: [ApplicationControlRiskCriteriaInput!]! = []
}
"Application criteria configuration"
input ApplicationControlCriteriaUpdateInput {
"Application attributes, such as compliance and security, see the app catalog for details"
attributes: ApplicationControlAttributesUpdateInput
"Application registered country of origin"
originCountry: [CountryRefInput!]
"Application risk"
risk: [ApplicationControlRiskCriteriaInput!]
}
"Configuration for data-based control rules"
type ApplicationControlDataRule {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethod!]!
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction!
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplication!
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivity!]!
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy!
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContext!
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRef!]!
"Specifies DLP profile matching criteria with OR logic within sets and AND between sets"
dlpProfile: ApplicationControlDlpProfile!
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttribute!]!
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy!
"Defines time periods when the rule is active"
schedule: PolicySchedule!
"Indicates the rule's severity level"
severity: ApplicationControlSeverity!
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSource!
"Specifies event logging and notification settings"
tracking: PolicyTracking!
}
"Configuration for data-based control rules"
input ApplicationControlDataRuleInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]! = []
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction! = BLOCK
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationInput! = {applicationType: []}
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]! = []
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy! = ANY
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextInput! = {applicationTenant: []}
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]! = []
"Specifies DLP profile matching criteria with OR logic within sets and AND between sets"
dlpProfile: ApplicationControlDlpProfileInput! = {contentProfile: [], edmProfile: []}
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]! = []
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy! = ANY
"Defines time periods when the rule is active"
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Indicates the rule's severity level"
severity: ApplicationControlSeverity! = HIGH
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceInput! = {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Specifies event logging and notification settings"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Configuration for data-based control rules"
input ApplicationControlDataRuleUpdateInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationUpdateInput
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy
"Defines application context criteria with OR logic within sets and AND between sets"
applicationContext: ApplicationControlContextUpdateInput
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]
"Specifies DLP profile matching criteria with OR logic within sets and AND between sets"
dlpProfile: ApplicationControlDlpProfileUpdateInput
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy
"Defines time periods when the rule is active"
schedule: PolicyScheduleUpdateInput
"Indicates the rule's severity level"
severity: ApplicationControlSeverity
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceUpdateInput
"Specifies event logging and notification settings"
tracking: PolicyTrackingUpdateInput
}
"DLP profile configuration"
type ApplicationControlDlpProfile {
"References DLP content matching profiles"
contentProfile: [DlpContentProfileRef!]!
"References DLP exact data matching profiles"
edmProfile: [DlpEdmProfileRef!]!
}
"DLP profile configuration"
input ApplicationControlDlpProfileInput {
"References DLP content matching profiles"
contentProfile: [DlpContentProfileRefInput!]! = []
"References DLP exact data matching profiles"
edmProfile: [DlpEdmProfileRefInput!]! = []
}
"DLP profile configuration"
input ApplicationControlDlpProfileUpdateInput {
"References DLP content matching profiles"
contentProfile: [DlpContentProfileRefInput!]
"References DLP exact data matching profiles"
edmProfile: [DlpEdmProfileRefInput!]
}
"File attribute matching configuration"
type ApplicationControlFileAttribute {
"Specifies the content types groups (used only with Content Type attribute)"
contentTypeGroupValues: [ApplicationControlContentTypeGroupRef!]!
"Specifies the content types (used only with Content Type attribute)"
contentTypeValues: [ApplicationControlContentTypeRef!]!
"Specifies the file attribute type"
fileAttribute: ApplicationControlFileAttributeType!
"Defines the comparison operator"
operator: ApplicationControlOperator!
"Specifies the comparison value (used with all attributes except Content Type)"
value: String
}
"File attribute matching configuration"
input ApplicationControlFileAttributeInput {
"Specifies the content types groups (used only with Content Type attribute)"
contentTypeGroupValues: [ApplicationControlContentTypeGroupRefInput!]! = []
"Specifies the content types (used only with Content Type attribute)"
contentTypeValues: [ApplicationControlContentTypeRefInput!]! = []
"Specifies the file attribute type"
fileAttribute: ApplicationControlFileAttributeType! = CONTENT_TYPE
"Defines the comparison operator"
operator: ApplicationControlOperator! = IS
"Specifies the comparison value (used with all attributes except Content Type)"
value: String
}
"Application Control File Attribute Type"
enum ApplicationControlFileAttributeType {
"File encryption status"
CONTENT_IS_ENCRYPTED
"File Size"
CONTENT_SIZE
"File type classification"
CONTENT_TYPE
}
"Configuration for file-based control rules"
type ApplicationControlFileRule {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethod!]!
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction!
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplication!
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivity!]!
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy!
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRef!]!
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttribute!]!
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy!
"Defines time periods when the rule is active"
schedule: PolicySchedule!
"Indicates the rule's severity level"
severity: ApplicationControlSeverity!
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSource!
"Specifies event logging and notification settings"
tracking: PolicyTracking!
}
"Configuration for file-based control rules"
input ApplicationControlFileRuleInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]! = []
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction! = BLOCK
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationInput! = {applicationType: []}
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]! = []
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy! = ANY
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]! = []
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]! = []
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy! = ANY
"Defines time periods when the rule is active"
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Indicates the rule's severity level"
severity: ApplicationControlSeverity! = HIGH
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceInput! = {country: [], host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Specifies event logging and notification settings"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Configuration for file-based control rules"
input ApplicationControlFileRuleUpdateInput {
"Defines access method criteria with OR logic within sets and AND between sets"
accessMethod: [ApplicationControlAccessMethodInput!]
"Defines the enforcement action when rule conditions match"
action: ApplicationControlAction
"Defines application matching criteria with OR logic within sets and AND between sets"
application: ApplicationControlApplicationUpdateInput
"Defines activity matching criteria using activitySatisfy logic within sets and AND between sets"
applicationActivity: [ApplicationControlActivityInput!]
"Determines whether ANY or ALL activity criteria must match"
applicationActivitySatisfy: ApplicationControlSatisfy
"Defines device profile criteria with OR logic within sets and AND between sets"
device: [DeviceProfileRefInput!]
"Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets"
fileAttribute: [ApplicationControlFileAttributeInput!]
"Determines whether ANY or ALL file attribute criteria must match"
fileAttributeSatisfy: ApplicationControlSatisfy
"Defines time periods when the rule is active"
schedule: PolicyScheduleUpdateInput
"Indicates the rule's severity level"
severity: ApplicationControlSeverity
"Defines source traffic criteria with OR logic within sets and AND between sets"
source: ApplicationControlSourceUpdateInput
"Specifies event logging and notification settings"
tracking: PolicyTrackingUpdateInput
}
"Application Control Operator"
enum ApplicationControlOperator {
"Substring match comparison"
CONTAINS
"Numerical greater than comparison"
GREATER_THAN
"Set membership comparison"
IN
"Exact match comparison"
IS
"Numerical less than or equal comparison"
LESS_THAN_OR_EQUAL
}
type ApplicationControlPolicy implements IPolicy {
additionalAttributes: ApplicationControlConfig
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [ApplicationControlRulePayload!]!
sections: [PolicySectionPayload!]!
}
input ApplicationControlPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input ApplicationControlPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type ApplicationControlPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: ApplicationControlPolicy
status: PolicyMutationStatus!
}
type ApplicationControlPolicyMutations {
addRule(input: ApplicationControlAddRuleInput!): ApplicationControlRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): ApplicationControlPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): ApplicationControlPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): ApplicationControlRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): ApplicationControlPolicyMutationPayload! @beta
removeRule(input: ApplicationControlRemoveRuleInput!): ApplicationControlRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: ApplicationControlPolicyUpdateInput!): ApplicationControlPolicyMutationPayload! @beta
updateRule(input: ApplicationControlUpdateRuleInput!): ApplicationControlRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type ApplicationControlPolicyQueries {
policy(input: ApplicationControlPolicyInput): ApplicationControlPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input ApplicationControlPolicyUpdateInput {
additionalAttributes: ApplicationControlConfigInput
state: PolicyToggleState
}
input ApplicationControlRemoveRuleInput {
id: ID!
}
"Application risk"
type ApplicationControlRiskCriteria {
"Application risk"
risk: ApplicationRisk!
"Application risk operator"
riskOperator: ApplicationControlOperator!
}
"Application risk"
input ApplicationControlRiskCriteriaInput {
"Application risk"
risk: ApplicationRisk!
"Application risk operator"
riskOperator: ApplicationControlOperator! = IS
}
type ApplicationControlRule implements IPolicyRule {
"Defines application control settings. Must only be used when ruleType is APPLICATION"
applicationRule: ApplicationControlApplicationRule
"Defines data control settings. Must only be used when ruleType is DATA"
dataRule: ApplicationControlDataRule
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Defines file control settings. Must only be used when ruleType is FILE"
fileRule: ApplicationControlFileRule
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Determines which rule configuration to use.
When set to APPLICATION, only applicationRule should be used.
When set to DATA, only dataRule should be used.
When set to FILE, only fileRule should be used
"""
ruleType: ApplicationControlRuleType!
"Policy section where the rule is located"
section: PolicySectionInfo!
}
type ApplicationControlRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: ApplicationControlRulePayload
status: PolicyMutationStatus!
}
type ApplicationControlRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: ApplicationControlRule!
}
"Application Control Rule Type"
enum ApplicationControlRuleType {
"Specifies an application control rule"
APPLICATION
"Specifies an data control rule"
DATA
"Specifies an file control rule"
FILE
}
"Application Control Satisfy"
enum ApplicationControlSatisfy {
"Match only if all criteria are met"
ALL
"Match if any criteria are met"
ANY
}
"Security attributes"
type ApplicationControlSecurityAttributes {
"Audit trail"
auditTrail: ApplicationControlAttributeValue!
"Encryption at rest"
encryptionAtRest: ApplicationControlAttributeValue!
"Http security headers"
httpSecurityHeaders: ApplicationControlAttributeValue!
"MFA"
mfa: ApplicationControlAttributeValue!
"RBAC"
rbac: ApplicationControlAttributeValue!
"Remember password"
rememberPassword: ApplicationControlAttributeValue!
"SSO"
sso: ApplicationControlAttributeValue!
"TLS enforcement"
tlsEnforcement: ApplicationControlAttributeValue!
"Trusted certificate"
trustedCertificate: ApplicationControlAttributeValue!
}
"Security attributes"
input ApplicationControlSecurityAttributesInput {
"Audit trail"
auditTrail: ApplicationControlAttributeValue! = ANY
"Encryption at rest"
encryptionAtRest: ApplicationControlAttributeValue! = ANY
"Http security headers"
httpSecurityHeaders: ApplicationControlAttributeValue! = ANY
"MFA"
mfa: ApplicationControlAttributeValue! = ANY
"RBAC"
rbac: ApplicationControlAttributeValue! = ANY
"Remember password"
rememberPassword: ApplicationControlAttributeValue! = ANY
"SSO"
sso: ApplicationControlAttributeValue! = ANY
"TLS enforcement"
tlsEnforcement: ApplicationControlAttributeValue! = ANY
"Trusted certificate"
trustedCertificate: ApplicationControlAttributeValue! = ANY
}
"Security attributes"
input ApplicationControlSecurityAttributesUpdateInput {
"Audit trail"
auditTrail: ApplicationControlAttributeValue
"Encryption at rest"
encryptionAtRest: ApplicationControlAttributeValue
"Http security headers"
httpSecurityHeaders: ApplicationControlAttributeValue
"MFA"
mfa: ApplicationControlAttributeValue
"RBAC"
rbac: ApplicationControlAttributeValue
"Remember password"
rememberPassword: ApplicationControlAttributeValue
"SSO"
sso: ApplicationControlAttributeValue
"TLS enforcement"
tlsEnforcement: ApplicationControlAttributeValue
"Trusted certificate"
trustedCertificate: ApplicationControlAttributeValue
}
"Severity level"
enum ApplicationControlSeverity {
"Indicates a high severity level"
HIGH
"Indicates a low severity level"
LOW
"Indicates a medium severity level"
MEDIUM
}
"Source traffic matching configuration"
type ApplicationControlSource {
"Country traffic matching criteria"
country: [CountryRef!]!
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Source traffic matching configuration"
input ApplicationControlSourceInput {
"Country traffic matching criteria"
country: [CountryRefInput!]! = []
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Source traffic matching configuration"
input ApplicationControlSourceUpdateInput {
"Country traffic matching criteria"
country: [CountryRefInput!]
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
"Tenant matching configuration"
type ApplicationControlTenant {
"Defines the operator used for comparisons"
operator: ApplicationControlOperator
"Specifies the comparison value"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRef
}
"Tenant matching configuration"
input ApplicationControlTenantInput {
"Defines the operator used for comparisons"
operator: ApplicationControlOperator = IS
"Specifies the comparison value"
value: String
"References a set of values (used only with IN operator)"
valueSet: StringValueSetRefInput
}
input ApplicationControlUpdateRuleDataInput {
"Defines application control settings. Must only be used when ruleType is APPLICATION"
applicationRule: ApplicationControlApplicationRuleUpdateInput
"Defines data control settings. Must only be used when ruleType is DATA"
dataRule: ApplicationControlDataRuleUpdateInput
description: String
enabled: Boolean
"Defines file control settings. Must only be used when ruleType is FILE"
fileRule: ApplicationControlFileRuleUpdateInput
name: String
"""
Determines which rule configuration to use.
When set to APPLICATION, only applicationRule should be used.
When set to DATA, only dataRule should be used.
When set to FILE, only fileRule should be used
"""
ruleType: ApplicationControlRuleType
}
input ApplicationControlUpdateRuleInput {
id: ID!
rule: ApplicationControlUpdateRuleDataInput!
}
"Application Type"
enum ApplicationType {
"Application"
APPLICATION
"Cloud Application type"
CLOUD_APPLICATION
"Service"
SERVICE
}
enum TlsInspectAction {
BYPASS
INSPECT
}
input TlsInspectAddRuleDataInput {
"Action to be taken on the traffic."
action: TlsInspectAction! = INSPECT
"Application matching criteria for."
application: TlsInspectApplicationInput! = {application: [], appCategory: [], country: [], customApp: [], customCategory: [], customServiceIp: [], domain: [], fqdn: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], customService: [], remoteAsn: [], service: [], tlsInspectCategory: []}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"Country traffic matching criteria."
country: [CountryRefInput!]! = []
description: String! = ""
"Device Profile traffic matching criteria."
devicePostureProfile: [DeviceProfileRefInput!]! = []
enabled: Boolean!
name: String!
"Operating System traffic matching criteria."
platform: [OperatingSystem!]! = []
"Source traffic matching criteria."
source: TlsInspectSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], subnet: [], ipRange: [], networkInterface: [], site: [], systemGroup: [], usersGroup: [], ip: [], siteNetworkSubnet: []}
"Action to be taken on the traffic when an untrusted certificate is detected."
untrustedCertificateAction: TlsInspectUntrustedCertificateAction! = ALLOW
}
input TlsInspectAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: TlsInspectAddRuleDataInput!
}
"Application match criteria set"
type TlsInspectApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Countries matching criteria for the rule"
country: [CountryRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53"
customService: [CustomService!]!
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8"
customServiceIp: [CustomServiceIp!]!
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]!
"Add the Service Type to which this TLS inspection rule applies"
service: [ServiceRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"System categories for TLS inspection policy"
tlsInspectCategory: [TlsInspectSystemCategory!]!
}
"Application match criteria set"
input TlsInspectApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Countries matching criteria for the rule"
country: [CountryRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53"
customService: [CustomServiceInput!]! = []
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8"
customServiceIp: [CustomServiceIpInput!]! = []
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]! = []
"Add the Service Type to which this TLS inspection rule applies"
service: [ServiceRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"System categories for TLS inspection policy"
tlsInspectCategory: [TlsInspectSystemCategory!]! = []
}
"Application match criteria set"
input TlsInspectApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Countries matching criteria for the rule"
country: [CountryRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53"
customService: [CustomServiceInput!]
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8"
customServiceIp: [CustomServiceIpInput!]
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]
"Add the Service Type to which this TLS inspection rule applies"
service: [ServiceRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"System categories for TLS inspection policy"
tlsInspectCategory: [TlsInspectSystemCategory!]
}
"Default rule settings for the TLS Inspection policy"
type TlsInspectConfig {
"Action to take on traffic that matches the default rule"
defaultRuleAction: TlsInspectAction!
"Action to take when an untrusted certificate is detected for traffic matching the default rule"
defaultRuleUntrustedCertificateAction: TlsInspectUntrustedCertificateAction!
}
input TlsInspectConfigInput {
"Action to take on traffic that matches the default rule"
defaultRuleAction: TlsInspectAction! = INSPECT
"Action to take when an untrusted certificate is detected for traffic matching the default rule"
defaultRuleUntrustedCertificateAction: TlsInspectUntrustedCertificateAction! = ALLOW
}
type TlsInspectPolicy implements IPolicy {
additionalAttributes: TlsInspectConfig
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [TlsInspectRulePayload!]!
sections: [PolicySectionPayload!]!
}
input TlsInspectPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input TlsInspectPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type TlsInspectPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: TlsInspectPolicy
status: PolicyMutationStatus!
}
type TlsInspectPolicyMutations {
addRule(input: TlsInspectAddRuleInput!): TlsInspectRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): TlsInspectPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): TlsInspectPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): TlsInspectRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): TlsInspectPolicyMutationPayload! @beta
removeRule(input: TlsInspectRemoveRuleInput!): TlsInspectRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: TlsInspectPolicyUpdateInput!): TlsInspectPolicyMutationPayload! @beta
updateRule(input: TlsInspectUpdateRuleInput!): TlsInspectRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type TlsInspectPolicyQueries {
policy(input: TlsInspectPolicyInput): TlsInspectPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input TlsInspectPolicyUpdateInput {
additionalAttributes: TlsInspectConfigInput
state: PolicyToggleState
}
input TlsInspectRemoveRuleInput {
id: ID!
}
type TlsInspectRule implements IPolicyRule {
"Action to be taken on the traffic."
action: TlsInspectAction!
"Application matching criteria for."
application: TlsInspectApplication!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"Country traffic matching criteria."
country: [CountryRef!]!
"Description for the rule"
description: String!
"Device Profile traffic matching criteria."
devicePostureProfile: [DeviceProfileRef!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Operating System traffic matching criteria."
platform: [OperatingSystem!]!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Source traffic matching criteria."
source: TlsInspectSource!
"Action to be taken on the traffic when an untrusted certificate is detected."
untrustedCertificateAction: TlsInspectUntrustedCertificateAction!
}
type TlsInspectRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: TlsInspectRulePayload
status: PolicyMutationStatus!
}
type TlsInspectRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: TlsInspectRule!
}
"Returns the settings for Source of an TLS inspection rule"
type TlsInspectSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an TLS inspection rule"
input TlsInspectSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an TLS inspection rule"
input TlsInspectSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
enum TlsInspectUntrustedCertificateAction {
ALLOW
BLOCK
PROMPT
}
input TlsInspectUpdateRuleDataInput {
"Action to be taken on the traffic."
action: TlsInspectAction
"Application matching criteria for."
application: TlsInspectApplicationUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"Country traffic matching criteria."
country: [CountryRefInput!]
description: String
"Device Profile traffic matching criteria."
devicePostureProfile: [DeviceProfileRefInput!]
enabled: Boolean
name: String
"Operating System traffic matching criteria."
platform: [OperatingSystem!]
"Source traffic matching criteria."
source: TlsInspectSourceUpdateInput
"Action to be taken on the traffic when an untrusted certificate is detected."
untrustedCertificateAction: TlsInspectUntrustedCertificateAction
}
input TlsInspectUpdateRuleInput {
id: ID!
rule: TlsInspectUpdateRuleDataInput!
}
"""
A reference identifying the AiSecurityDataProfile object. ID: Unique AiSecurityDataProfile Identifier, Name: The AiSecurityDataProfile Name
TODO: rename data to Content
"""
type AiSecurityDataProfileRef implements ObjectRef {
id: ID!
name: String!
}
"A reference identifying the Guard object. ID: Unique Guard Identifier, Name: The Guard Name"
type AiSecurityGuardRef implements ObjectRef {
id: ID!
name: String!
}
enum SocketAddOnType {
FOUR_10G_FIBER
FOUR_1G_COPPER
TWO_10G_FIBER
TWO_1G_FIBER
}
type SocketAddOnCard {
expansionSlotNumber: SocketAddOnExpansionSlotNumber!
type: SocketAddOnType!
}
input SocketAddOnCardInput {
expansionSlotNumber: SocketAddOnExpansionSlotNumber!
type: SocketAddOnType!
}
enum SocketAddOnExpansionSlotNumber {
SLOT_1
SLOT_2
}
type AddSocketAddOnCardPayload {
addOns: [SocketAddOnCard!]!
}
input AddSocketAddOnCardInput {
addOns: [SocketAddOnCardInput!]!
site: SiteRefInput!
}
type RemoveSocketAddOnCardPayload {
addOns: [SocketAddOnCard!]!
}
input RemoveSocketAddOnCardInput {
expansionSlotNumbers: [SocketAddOnExpansionSlotNumber!]!
site: SiteRefInput!
}
"Specifies the level of protection against tampering"
enum AntiTamperModeEnum {
"Tampering attempts are logged, but changes are permitted"
MONITOR
"No protection. Users are allowed to make changes"
OFF
"Changes are blocked. Users are not allowed to make modifications"
PROTECT
}
"The action applied by the client connectivity if the rule is matched"
enum ClientConnectivityActionEnum {
"Allow WAN and Internet"
ALLOW
"Allow Internet"
ALLOW_INTERNET
"Block"
BLOCK
}
input ClientConnectivityAddRuleDataInput {
"The action applied by the client connectivity if the rule is matched"
action: ClientConnectivityActionEnum! = ALLOW
"User confidence level"
confidenceLevel: ClientConnectivityConfidenceLevelEnum! = HIGH
"""
Connection origin matching criteria.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
connectionOrigin: [ClientConnectivityOriginEnum!]! = []
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
enabled: Boolean!
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]! = []
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ClientConnectivitySourceInput! = {user: [], usersGroup: []}
"Public ISP IP Range matching criteria."
sourceRange: [ClientConnectivitySourceRangeInput!]! = []
}
input ClientConnectivityAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: ClientConnectivityAddRuleDataInput!
}
"Describe how reliable the user's authentication is"
enum ClientConnectivityConfidenceLevelEnum {
"The user has authenticated the Client and the Cato token is either valid or expired"
ANY
"High Confidence - User authenticated and the token is valid"
HIGH
"Low Confidence - User authenticated, but the token has expired"
LOW
}
"Defines Origin of the connection"
enum ClientConnectivityOriginEnum {
"Any connection origin"
ANY
"User is connecting from the client"
REMOTE
"User is connecting from the browser extension"
REMOTE_EXTENSION
}
type ClientConnectivityPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [ClientConnectivityRulePayload!]!
sections: [PolicySectionPayload!]!
}
input ClientConnectivityPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input ClientConnectivityPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type ClientConnectivityPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: ClientConnectivityPolicy
status: PolicyMutationStatus!
}
type ClientConnectivityPolicyMutations {
addRule(input: ClientConnectivityAddRuleInput!): ClientConnectivityRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): ClientConnectivityPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): ClientConnectivityPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): ClientConnectivityRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): ClientConnectivityPolicyMutationPayload! @beta
removeRule(input: ClientConnectivityRemoveRuleInput!): ClientConnectivityRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: ClientConnectivityPolicyUpdateInput!): ClientConnectivityPolicyMutationPayload! @beta
updateRule(input: ClientConnectivityUpdateRuleInput!): ClientConnectivityRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type ClientConnectivityPolicyQueries {
policy(input: ClientConnectivityPolicyInput): ClientConnectivityPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input ClientConnectivityPolicyUpdateInput {
state: PolicyToggleState
}
input ClientConnectivityRemoveRuleInput {
id: ID!
}
type ClientConnectivityRule implements IPolicyRule {
"The action applied by the client connectivity if the rule is matched"
action: ClientConnectivityActionEnum!
"User confidence level"
confidenceLevel: ClientConnectivityConfidenceLevelEnum!
"""
Connection origin matching criteria.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
connectionOrigin: [ClientConnectivityOriginEnum!]!
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ClientConnectivitySource!
"Public ISP IP Range matching criteria."
sourceRange: [ClientConnectivitySourceRange!]!
}
type ClientConnectivityRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: ClientConnectivityRulePayload
status: PolicyMutationStatus!
}
type ClientConnectivityRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: ClientConnectivityRule!
}
"Users or user groups that the policy will apply on"
type ClientConnectivitySource {
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Users or user groups that the policy will apply on"
input ClientConnectivitySourceInput {
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Public ISP IP Range for source matching"
type ClientConnectivitySourceRange {
"Globally defined IP range"
globalIpRange: GlobalIpRangeRef!
}
"Public ISP IP Range for source matching"
input ClientConnectivitySourceRangeInput {
"Globally defined IP range"
globalIpRange: GlobalIpRangeRefInput!
}
"Users or user groups that the policy will apply on"
input ClientConnectivitySourceUpdateInput {
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input ClientConnectivityUpdateRuleDataInput {
"The action applied by the client connectivity if the rule is matched"
action: ClientConnectivityActionEnum
"User confidence level"
confidenceLevel: ClientConnectivityConfidenceLevelEnum
"""
Connection origin matching criteria.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
connectionOrigin: [ClientConnectivityOriginEnum!]
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
enabled: Boolean
name: String
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ClientConnectivitySourceUpdateInput
"Public ISP IP Range matching criteria."
sourceRange: [ClientConnectivitySourceRangeInput!]
}
input ClientConnectivityUpdateRuleInput {
id: ID!
rule: ClientConnectivityUpdateRuleDataInput!
}
input DynamicIpAllocationAddRuleDataInput {
country: [CountryRefInput!]! = []
description: String! = ""
enabled: Boolean!
name: String!
platform: [OperatingSystem!]! = []
range: DynamicIpAllocationRangeInput!
source: DynamicIpAllocationSourceInput! = {user: [], usersGroup: []}
}
input DynamicIpAllocationAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: DynamicIpAllocationAddRuleDataInput!
}
type DynamicIpAllocationPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [DynamicIpAllocationRulePayload!]!
sections: [PolicySectionPayload!]!
}
input DynamicIpAllocationPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input DynamicIpAllocationPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type DynamicIpAllocationPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: DynamicIpAllocationPolicy
status: PolicyMutationStatus!
}
type DynamicIpAllocationPolicyMutations {
addRule(input: DynamicIpAllocationAddRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): DynamicIpAllocationPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): DynamicIpAllocationPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): DynamicIpAllocationPolicyMutationPayload! @beta
removeRule(input: DynamicIpAllocationRemoveRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: DynamicIpAllocationPolicyUpdateInput!): DynamicIpAllocationPolicyMutationPayload! @beta
updateRule(input: DynamicIpAllocationUpdateRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type DynamicIpAllocationPolicyQueries {
policy(input: DynamicIpAllocationPolicyInput): DynamicIpAllocationPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input DynamicIpAllocationPolicyUpdateInput {
state: PolicyToggleState
}
type DynamicIpAllocationRange {
globalIpRange: GlobalIpRangeRef!
}
input DynamicIpAllocationRangeInput {
globalIpRange: GlobalIpRangeRefInput!
}
input DynamicIpAllocationRangeUpdateInput {
globalIpRange: GlobalIpRangeRefInput
}
input DynamicIpAllocationRemoveRuleInput {
id: ID!
}
type DynamicIpAllocationRule implements IPolicyRule {
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
platform: [OperatingSystem!]!
range: DynamicIpAllocationRange!
"Policy section where the rule is located"
section: PolicySectionInfo!
source: DynamicIpAllocationSource!
}
type DynamicIpAllocationRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: DynamicIpAllocationRulePayload
status: PolicyMutationStatus!
}
type DynamicIpAllocationRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: DynamicIpAllocationRule!
}
type DynamicIpAllocationSource {
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input DynamicIpAllocationSourceInput {
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input DynamicIpAllocationSourceUpdateInput {
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
input DynamicIpAllocationUpdateRuleDataInput {
country: [CountryRefInput!]
description: String
enabled: Boolean
name: String
platform: [OperatingSystem!]
range: DynamicIpAllocationRangeUpdateInput
source: DynamicIpAllocationSourceUpdateInput
}
input DynamicIpAllocationUpdateRuleInput {
id: ID!
rule: DynamicIpAllocationUpdateRuleDataInput!
}
"The action applied by the split tunnel if the rule is matched"
enum SplitTunnelActionEnum {
"Route all traffic to Cato"
EXCLUDE
"Route all traffic Out-of-Tunnel"
INCLUDE
OFF
"User choose routing preference"
USER_DEFINED
}
input SplitTunnelAddRuleDataInput {
"The action applied by the split tunnel if the rule is matched"
action: SplitTunnelActionEnum! = EXCLUDE
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
coverage: SplitTunnelCoverageEnum! = ALL
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SplitTunnelDestinationInput! = {application: [], globalIpRange: []}
dnsExclusion: SplitTunnelDnsExclusionInput! = {domain: []}
enabled: Boolean!
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]! = []
routingPriority: SplitTunnelRoutingPriorityEnum! = LAN
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SplitTunnelSourceInput! = {user: [], usersGroup: []}
sourceNetwork: SplitTunnelSourceNetworkInput! = {sourceNetworkType: ANY}
}
input SplitTunnelAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: SplitTunnelAddRuleDataInput!
}
enum SplitTunnelCoverageEnum {
"All Ports and Protocols"
ALL
"Web-only (PAC based)"
WEB_ONLY
}
"Destination match criteria set"
type SplitTunnelDestination {
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Globally defined IP range"
globalIpRange: [GlobalIpRangeRef!]!
}
"Destination match criteria set"
input SplitTunnelDestinationInput {
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Globally defined IP range"
globalIpRange: [GlobalIpRangeRefInput!]! = []
}
"Destination match criteria set"
input SplitTunnelDestinationUpdateInput {
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Globally defined IP range"
globalIpRange: [GlobalIpRangeRefInput!]
}
type SplitTunnelDnsExclusion {
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]!
}
input SplitTunnelDnsExclusionInput {
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]! = []
}
input SplitTunnelDnsExclusionUpdateInput {
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]
}
type SplitTunnelPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [SplitTunnelRulePayload!]!
sections: [PolicySectionPayload!]!
}
input SplitTunnelPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input SplitTunnelPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type SplitTunnelPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: SplitTunnelPolicy
status: PolicyMutationStatus!
}
type SplitTunnelPolicyMutations {
addRule(input: SplitTunnelAddRuleInput!): SplitTunnelRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): SplitTunnelPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): SplitTunnelPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): SplitTunnelRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): SplitTunnelPolicyMutationPayload! @beta
removeRule(input: SplitTunnelRemoveRuleInput!): SplitTunnelRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: SplitTunnelPolicyUpdateInput!): SplitTunnelPolicyMutationPayload! @beta
updateRule(input: SplitTunnelUpdateRuleInput!): SplitTunnelRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type SplitTunnelPolicyQueries {
policy(input: SplitTunnelPolicyInput): SplitTunnelPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input SplitTunnelPolicyUpdateInput {
state: PolicyToggleState
}
input SplitTunnelRemoveRuleInput {
id: ID!
}
"The action applied by the split tunnel if the rule is matched"
enum SplitTunnelRoutingPriorityEnum {
LAN
TUNNEL
}
type SplitTunnelRule implements IPolicyRule {
"The action applied by the split tunnel if the rule is matched"
action: SplitTunnelActionEnum!
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
coverage: SplitTunnelCoverageEnum!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SplitTunnelDestination!
dnsExclusion: SplitTunnelDnsExclusion!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]!
routingPriority: SplitTunnelRoutingPriorityEnum!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SplitTunnelSource!
sourceNetwork: SplitTunnelSourceNetwork!
}
type SplitTunnelRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SplitTunnelRulePayload
status: PolicyMutationStatus!
}
type SplitTunnelRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SplitTunnelRule!
}
"Returns the settings for Source of an Split Tunnel rule"
type SplitTunnelSource {
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Split Tunnel rule"
input SplitTunnelSourceInput {
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
type SplitTunnelSourceNetwork {
sourceNetworkType: SplitTunnelSourceNetworkTypeEnum!
}
input SplitTunnelSourceNetworkInput {
sourceNetworkType: SplitTunnelSourceNetworkTypeEnum! = ANY
}
enum SplitTunnelSourceNetworkTypeEnum {
ANY
"Any Managed Network"
ANY_MANAGED_NETWORK
"Any Unmanaged Network"
ANY_UNMANAGED_NETWORK
}
input SplitTunnelSourceNetworkUpdateInput {
sourceNetworkType: SplitTunnelSourceNetworkTypeEnum
}
"Input of the settings for Source of an Split Tunnel rule"
input SplitTunnelSourceUpdateInput {
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input SplitTunnelUpdateRuleDataInput {
"The action applied by the split tunnel if the rule is matched"
action: SplitTunnelActionEnum
"""
Country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
coverage: SplitTunnelCoverageEnum
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SplitTunnelDestinationUpdateInput
dnsExclusion: SplitTunnelDnsExclusionUpdateInput
enabled: Boolean
name: String
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]
routingPriority: SplitTunnelRoutingPriorityEnum
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SplitTunnelSourceUpdateInput
sourceNetwork: SplitTunnelSourceNetworkUpdateInput
}
input SplitTunnelUpdateRuleInput {
id: ID!
rule: SplitTunnelUpdateRuleDataInput!
}
input TerminalServerAddRuleDataInput {
"""
Allowed Host IP range.
all the other IPs will be blocked by the pop.
Globally defined IP range
"""
allowedHostIP: GlobalIpRangeRefInput!
description: String! = ""
enabled: Boolean!
"""
Exclude traffic IP Range.
all traffic to those Ips will be excluded from the GRE tunnel.
Globally defined IP range
"""
excludeTraffic: [GlobalIpRangeRefInput!]! = []
name: String!
}
input TerminalServerAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: TerminalServerAddRuleDataInput!
}
type TerminalServerPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [TerminalServerRulePayload!]!
sections: [PolicySectionPayload!]!
}
input TerminalServerPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input TerminalServerPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type TerminalServerPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: TerminalServerPolicy
status: PolicyMutationStatus!
}
type TerminalServerPolicyMutations {
addRule(input: TerminalServerAddRuleInput!): TerminalServerRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): TerminalServerPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): TerminalServerPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): TerminalServerRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): TerminalServerPolicyMutationPayload! @beta
removeRule(input: TerminalServerRemoveRuleInput!): TerminalServerRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: TerminalServerPolicyUpdateInput!): TerminalServerPolicyMutationPayload! @beta
updateRule(input: TerminalServerUpdateRuleInput!): TerminalServerRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type TerminalServerPolicyQueries {
policy(input: TerminalServerPolicyInput): TerminalServerPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input TerminalServerPolicyUpdateInput {
state: PolicyToggleState
}
input TerminalServerRemoveRuleInput {
id: ID!
}
type TerminalServerRule implements IPolicyRule {
"""
Allowed Host IP range.
all the other IPs will be blocked by the pop.
Globally defined IP range
"""
allowedHostIP: GlobalIpRangeRef!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
Exclude traffic IP Range.
all traffic to those Ips will be excluded from the GRE tunnel.
Globally defined IP range
"""
excludeTraffic: [GlobalIpRangeRef!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
}
type TerminalServerRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: TerminalServerRulePayload
status: PolicyMutationStatus!
}
type TerminalServerRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: TerminalServerRule!
}
input TerminalServerUpdateRuleDataInput {
"""
Allowed Host IP range.
all the other IPs will be blocked by the pop.
Globally defined IP range
"""
allowedHostIP: GlobalIpRangeRefInput
description: String
enabled: Boolean
"""
Exclude traffic IP Range.
all traffic to those Ips will be excluded from the GRE tunnel.
Globally defined IP range
"""
excludeTraffic: [GlobalIpRangeRefInput!]
name: String
}
input TerminalServerUpdateRuleInput {
id: ID!
rule: TerminalServerUpdateRuleDataInput!
}
input ZtnaAlwaysOnAddRuleDataInput {
"The action applied by the Always On rule"
action: ZtnaAlwaysOnRuleActionEnum! = ENFORCE
"Allow Direct internet access until a connection to the pop is established"
allowFailOpen: Boolean! = false
"Allow user to bypass Always On"
allowUserBypass: Boolean! = false
"Specifies the level of protection against tampering"
antiTamperMode: AntiTamperModeEnum = OFF
"Bypass disconnection duration"
bypassDuration: ZtnaAlwaysOnTimeInput!
description: String! = ""
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
devicePostureProfile: [DeviceProfileRefInput!]! = []
enabled: Boolean!
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]! = []
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ZtnaAlwaysOnSourceInput! = {user: [], usersGroup: []}
}
input ZtnaAlwaysOnAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: ZtnaAlwaysOnAddRuleDataInput!
}
type ZtnaAlwaysOnPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [ZtnaAlwaysOnRulePayload!]!
sections: [PolicySectionPayload!]!
}
input ZtnaAlwaysOnPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input ZtnaAlwaysOnPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type ZtnaAlwaysOnPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: ZtnaAlwaysOnPolicy
status: PolicyMutationStatus!
}
type ZtnaAlwaysOnPolicyMutations {
addRule(input: ZtnaAlwaysOnAddRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): ZtnaAlwaysOnPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): ZtnaAlwaysOnPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): ZtnaAlwaysOnPolicyMutationPayload! @beta
removeRule(input: ZtnaAlwaysOnRemoveRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: ZtnaAlwaysOnPolicyUpdateInput!): ZtnaAlwaysOnPolicyMutationPayload! @beta
updateRule(input: ZtnaAlwaysOnUpdateRuleInput!): ZtnaAlwaysOnRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type ZtnaAlwaysOnPolicyQueries {
policy(input: ZtnaAlwaysOnPolicyInput): ZtnaAlwaysOnPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input ZtnaAlwaysOnPolicyUpdateInput {
state: PolicyToggleState
}
input ZtnaAlwaysOnRemoveRuleInput {
id: ID!
}
type ZtnaAlwaysOnRule implements IPolicyRule {
"The action applied by the Always On rule"
action: ZtnaAlwaysOnRuleActionEnum!
"Allow Direct internet access until a connection to the pop is established"
allowFailOpen: Boolean!
"Allow user to bypass Always On"
allowUserBypass: Boolean!
"Specifies the level of protection against tampering"
antiTamperMode: AntiTamperModeEnum
"Bypass disconnection duration"
bypassDuration: ZtnaAlwaysOnTime!
"Description for the rule"
description: String!
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
devicePostureProfile: [DeviceProfileRef!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ZtnaAlwaysOnSource!
}
"The action applied by the Always on policy if the rule is matched"
enum ZtnaAlwaysOnRuleActionEnum {
"Enforce always on policy."
ENFORCE
"On demand always on policy."
IGNORE
}
type ZtnaAlwaysOnRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: ZtnaAlwaysOnRulePayload
status: PolicyMutationStatus!
}
type ZtnaAlwaysOnRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: ZtnaAlwaysOnRule!
}
"Returns the settings for Source of an Always On rule"
type ZtnaAlwaysOnSource {
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Always On rule"
input ZtnaAlwaysOnSourceInput {
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Always On rule"
input ZtnaAlwaysOnSourceUpdateInput {
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
"Return the disconnection duration time"
type ZtnaAlwaysOnTime {
"Duration time value"
time: Int!
"Time unit for the duration"
unit: ZtnaAlwaysOnTimeUnit!
}
"Return the disconnection duration time"
input ZtnaAlwaysOnTimeInput {
"Duration time value"
time: Int!
"Time unit for the duration"
unit: ZtnaAlwaysOnTimeUnit! = MINUTES
}
"Return the time unit of the duration time"
enum ZtnaAlwaysOnTimeUnit {
"Time in hours"
HOURS
"Time in minutes"
MINUTES
}
"Return the disconnection duration time"
input ZtnaAlwaysOnTimeUpdateInput {
"Duration time value"
time: Int
"Time unit for the duration"
unit: ZtnaAlwaysOnTimeUnit
}
input ZtnaAlwaysOnUpdateRuleDataInput {
"The action applied by the Always On rule"
action: ZtnaAlwaysOnRuleActionEnum
"Allow Direct internet access until a connection to the pop is established"
allowFailOpen: Boolean
"Allow user to bypass Always On"
allowUserBypass: Boolean
"Specifies the level of protection against tampering"
antiTamperMode: AntiTamperModeEnum
"Bypass disconnection duration"
bypassDuration: ZtnaAlwaysOnTimeUpdateInput
description: String
"""
Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
devicePostureProfile: [DeviceProfileRefInput!]
enabled: Boolean
name: String
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
platform: [OperatingSystem!]
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: ZtnaAlwaysOnSourceUpdateInput
}
input ZtnaAlwaysOnUpdateRuleInput {
id: ID!
rule: ZtnaAlwaysOnUpdateRuleDataInput!
}