"""
The @beta directive is used within the type system definition language to indicate beta portions of a
GraphQL service's schema, such as beta fields, enum values, arguments or input fields.
"""
directive @beta on FIELD_DEFINITION | ARGUMENT_DEFINITION | INPUT_FIELD_DEFINITION | ENUM_VALUE | OBJECT
"""
The @ga directive is used within the type system definition language to indicate GA portions of a
GraphQL service's schema, such as GA fields, enum values, arguments or input fields.
"""
directive @ga on FIELD_DEFINITION
"""
The @ea directive is used within the type system definition language to indicate EA portions of a
GraphQL service's schema.
"""
directive @ea on FIELD_DEFINITION
"""
The @rollout directive is used within the type system definition language to indicate portions of a
GraphQL service's schema that is gradually rolling out. This APIs will be available to all accounts after a few weeks.
"""
directive @rollout on FIELD_DEFINITION
type Query {
accountBySubdomain(
accountID: ID!
"""a list of required subdomains"""
subdomains: [String!]!
): [AccountDataPayload!] @ga
accountManagement(accountId: ID!): AccountManagementQueries
"""
The accountMetrics query helps you analyze the state and quality of the connections
of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS
tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics,
statics, and analytics for the account.
"""
accountMetrics(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
"""
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory.
"""
timeFrame: TimeFrame!
"""
When the boolean argument groupInterfaces is set to __true__, then the data for all the
interfaces are aggregated to a single interface.
"""
groupInterfaces: Boolean
"""
When the boolean argument groupDevices is set to __true__, then the analytics for all the
Sockets (usually two in high availability) are aggregated as one result.
For the best results for aggregated Sockets, we recommend that there is consistent
names and functionality (for example Destination) for the links on both Sockets.
"""
groupDevices: Boolean
): AccountMetrics @ga
accountRoles(accountID: ID!, accountType: AccountType): AccountRolesResult! @ga
"""
Current snapshot-based metrics that show near real‑time data for the account.
Provides analytics that are similar to the Topology page for the account.
"""
accountSnapshot(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
): AccountSnapshot @ga
admin(accountId: ID!, adminID: ID!): GetAdminPayload @ga
admins(accountID: ID!, limit: Int = 50, from: Int = 0, search: String = "", sort: [SortInput], adminIDs: [ID!]): AdminsResult @ga
"BETA"
appStats(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
sort: [AppStatsSort!]
): AppStats @ga
"BETA"
appStatsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
): AppStatsTimeSeries @ga
"""Audit Feed for account changes"""
auditFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
ids: [ID!] @deprecated(reason: "by accountIDs")
timeFrame: TimeFrame!
filters: [AuditFieldFilterInput!]
"Marker to use to get results from"
marker: String
): AuditFeed @ga
catalogs(accountId: ID!): CatalogQueries
container(accountId: ID!): ContainerQueries
devices(accountId: ID!): DevicesQueries! @beta
"""Lookup entities with a specific type, potentially filtered and paged"""
entityLookup(
"""The account ID (or 0 for non-authenticated requests)"""
accountID: ID!
"""Type of entity to lookup for"""
type: EntityType!
"""Sets the maximum number of items to retrieve"""
limit: Int = 50
"""Sets the offset number of items (for paging)"""
from: Int = 0
"""
Return items under a parent entity (can be site, vpn user, etc),
used to filter for networks that belong to a specific site for example
"""
parent: EntityInput
"""
Adds additional search parameters for the lookup. Available options:
country lookup: "removeExcluded" to return only allowed countries
countryState lookup: country code ("US", "CN", etc) to get country's states
"""
search: String = ""
"""
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not
universally available, and may not be applicable specific Entity types. If used on non applicable entity
type, an error will be generated.
"""
entityIDs: [ID!]
"""
Adds additional sort criteria(s) for the lookup.
This option is not universally available, and may not be applicable specific Entity types.
"""
sort: [SortInput]
"""Custom filters for entityLookup"""
filters: [LookupFilterInput]
"""Additional helper fields"""
helperFields: [String!]
): EntityLookupResult! @ga
events(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
sort: [EventsSort!]
): Events @ga
"""Event Feed for events paged by a topic partitions offsets marker"""
eventsFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
filters: [EventFeedFieldFilterInput!]
"Marker to use to get results from"
marker: String
): EventsFeedData @ga
eventsTimeSeries(
"Account ID"
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
): EventsTimeSeries @ga
hardware(accountId: ID!): HardwareQueries
"""Retrieve the account hardware inventory"""
hardwareManagement(accountId: ID!): HardwareManagementQueries
"""Retrieve the account(s) license inventory and license consumption"""
licensing(accountId: ID!): LicensingQueries
policy(accountId: ID!): PolicyQueries
sandbox(accountId: ID!): SandboxQueries @rollout
site(accountId: ID!): SiteQueries!
"""
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
1. Regular account - Return only 1 subdomain relating to the regular account
2. Reseller account - Return all subdomains including the reseller account subdomain
3. Reseller account - Return only the reseller account subdomain
"""
subDomains(
"""Unique Identifier of Account"""
accountID: ID!
"""
When the boolean argument managedAccount is set to true (default), then the query returns all subdomains related to the account
"""
managedAccount: Boolean
): [SubDomain!]! @ga
xdr(accountID: ID!): XDR!
}
type Mutation {
accountManagement(accountId: ID!): AccountManagementMutations
admin(accountId: ID!): AdminMutations!
container(accountId: ID!): ContainerMutations
hardware(accountId: ID!): HardwareMutations
policy(accountId: ID!): PolicyMutations
sandbox(accountId: ID!): SandboxMutations @rollout
site(accountId: ID!): SiteMutations!
sites(accountId: ID!): SiteMutations! @deprecated(reason: "in favor of site")
xdr(accountId: ID!): XdrMutations!
}
"""
The `MicrosoftEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.
"""
type MicrosoftEndpoint implements Endpoint & MergedIncident {
alerts: [MicrosoftDefenderEndpointAlert!]!
analystFeedback: AnalystFeedback
connectionType: ConnectionTypeEnum
criticality: Int
description: String
device: MicrosoftDeviceDetails
engineType: StoryEngineTypeEnum
firstSignal: DateTime!
id: ID!
indication: String!
lastSignal: DateTime!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
ticket: String
user: UserRef
vendor: VendorEnum
}
"""
The `MicrosoftDeviceDetails` object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.
"""
type MicrosoftDeviceDetails implements DeviceDetails {
avStatus: DeviceAvStatusEnum
azureAdDeviceId: String
deviceName: String
externalIp: String
firstSeenDateTime: DateTime
healthStatus: DeviceHealthStatusEnum
id: ID!
ipInterfaces: [String!]!
localIp: String
loggedOnUsers: [EndpointUser!]!
onboardingStatus: OnboardingStatusEnum
osDetails: OsDetails
rbacGroup: RbacGroup
}
enum OnboardingStatusEnum {
CAN_BE_ONBOARDED
INSUFFICIENT_INFO
ONBOARDED
}
"""
The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.
"""
type MicrosoftEndpointUser implements EndpointUser {
accountName: String
domainName: String
id: ID!
name: String!
principalName: String
userSid: String
}
"""
The `MicrosoftDefenderEndpointAlert` object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.
"""
type MicrosoftDefenderEndpointAlert implements EndpointAlert {
activities: [MicrosoftActivity!]!
alertWebUrl: String
category: String
classification: AlertClassificationEnum
comments: [String!]!
createdDateTime: DateTime
criticality: Int
description: String
destinationIp: String
destinationUrl: String
detectionSource: DetectionSourceEnum
determination: AlertDeterminationEnum
externalIp: String
firstActivityDateTime: DateTime
id: ID!
lastActivityDateTime: DateTime
lastUpdateDateTime: DateTime
localIp: String
mitreSubTechnique: [Mitre!]!
mitreTechnique: [Mitre!]!
ownerName: String
providerAlertId: String
recommendedActions: String
resolvedDateTime: DateTime
resources: [MicrosoftEndpointResource!]!
status: MsAlertStatus
threatFamilyName: String
threatName: String
threatType: String
title: String
}
interface MicrosoftEndpointResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
tags: [String!]!
roles: [ResourceRoleEnum!]!
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.
"""
type MicrosoftProcessResource implements ProcessResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
id: ID!
imageFile: FileDetails
processCommandLine: String
processId: Int!
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
userAccount: EndpointUser
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftFileResource` object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.
"""
type MicrosoftFileResource implements FileResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
detectionStatus: DetectionStatusEnum
fileDetails: FileDetails
id: ID!
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
"""
type MicrosoftRegistryResource implements RegistryResource & MicrosoftEndpointResource & EndpointResource {
createdDateTime: DateTime
hive: String
id: ID!
key: String
remediationStatus: RemediationStatusEnum
remediationStatusDetails: String
roles: [ResourceRoleEnum!]!
tags: [String!]!
value: String
valueName: String
valueType: String
verdict: MsResourceVerdictEnum
}
"""
The `MicrosoftActivity` object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.
"""
type MicrosoftActivity implements Activity {
action: String
firstActivityDateTime: DateTime
id: ID!
lastActivityDateTime: DateTime
parentResourceId: ID!
resourceId: ID!
}
type RbacGroup {
id: ID!
name: String
}
enum MsAlertStatus {
IN_PROGRESS
NEW
RESOLVED
}
enum DetectionSourceEnum {
ANTIVIRUS
APP_GOVERNANCE_DETECTION
APP_GOVERNANCE_POLICY
AUTOMATED_INVESTIGATION
AZURE_AD_IDENTITY_PROTECTION
CLOUD_APP_SECURITY
CUSTOM_DETECTION
CUSTOM_TI
MANUAL
MICROSOFT_DATA_LOSS_PREVENTION
MICROSOFT_DEFENDER_FOR_ENDPOINT
MICROSOFT_DEFENDER_FOR_IDENTITY
MICROSOFT_DEFENDER_FOR_OFFICE365
MICROSOFT_THREAT_EXPERTS
MICROSOFT365_DEFENDER
SMART_SCREEN
}
enum AlertClassificationEnum {
FALSE_POSITIVE
INFORMATIONAL_EXPECTED_ACTIVITY
TRUE_POSITIVE
}
enum AlertDeterminationEnum {
APT
COMPROMISED_ACCOUNT
CONFIRMED_ACTIVITY
LINE_OF_BUSINESS_APPLICATION
MALICIOUS_USER_ACTIVITY
MALWARE
MULTI_STAGED_ATTACK
NOT_ENOUGH_DATA_TO_VALIDATE
NOT_MALICIOUS
OTHER
PHISHING
SECURITY_PERSONNEL
SECURITY_TESTING
UNWANTED_SOFTWARE
}
enum MsResourceVerdictEnum {
Benign
Informational
Malicious
Suspicious
}
type XDR {
"""
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
"""
stories(input: StoryInput!): StoriesData @beta
"""
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
"""
story(storyId: ID, producer: StoryProducerEnum, incidentId: ID): Story @beta
}
type XdrMutations {
"""Post comments that help track the story investigation"""
addStoryComment(input: AddStoryCommentInput!): AddStoryCommentPayload @beta
"""
Manage Story Actions, such as the story Verdict, Type, and Classification. You can also enter Additional Info that is relevant to the story.
"""
analystFeedback(input: AnalystFeedbackInput!): AnalystFeedbackPayload @beta
"""Delete a previously posted comment using the comment ID."""
deleteStoryComment(input: DeleteStoryCommentInput!): DeleteStoryCommentPayload @beta
}
type AnalystFeedbackPayload {
"""
Data related to the actions and information that an analyst adds to the XDR story
"""
story: Story
}
type AddStoryCommentPayload {
"""Add a new comment to the XDR story"""
comment: StoryComment!
}
type DeleteStoryCommentPayload {
"""Delete an existing comment from an XDR story"""
comment: StoryComment!
}
input AddStoryCommentInput {
"""The relevant Story"""
storyId: ID!
"""Enter the text for the XDR story comment"""
text: String!
}
input DeleteStoryCommentInput {
"""The comment ID"""
commentId: ID!
"""The relevant Story"""
storyId: ID!
}
input AnalystFeedbackInput {
"""
Free text for the analyst to enter additional information about the XDR story
"""
additionalInfo: String
"""Enum for analyst to assign the severity of a Malicious XDR story"""
severity: SeverityEnum
"""Enum for the current status of the XDR story."""
status: StoryStatusEnum
"""The relevant Story"""
storyId: ID!
"""
More detailed description of the type of threat. For example, the Anonymizer threatType can be assigned the Bitorrent Client threatClassification.
"""
threatClassification: String
"""Type of threat for the XDR story that is assigned by the analyst"""
threatType: StoryThreatType
"""Enum for analyst to assign the verdict of the XDR story"""
verdict: StoryVerdictEnum
}
input StoryThreatType {
details: String
name: String!
recommendedAction: String
}
enum StoryVerdictEnum {
Benign
Informational
Malicious
Suspicious
}
enum TargetType {
domain
fqdn
ip
url
}
input StoryInput {
filter: [StoryFilterInput!]!
paging: PagingInput!
sort: [StorySortInput!]
}
input StorySortInput {
fieldName: StorySortFieldName!
order: SortDirectionEnum
}
enum StorySortFieldName {
accountName
createdAt
criticality
engineType
firstSignal
producer
queryName
riskScore
severity
source
sourceIp
status
updatedAt
}
input StoryFilterInput {
accountId: AccountIdPredicate
criticality: IntPredicate
engineType: EngineTypePredicate
incidentId: StringPredicate
ioa: StringPredicate
muted: BooleanPredicate
producer: StoryProducerPredicate
queryName: StringPredicate
severity: StorySeverityPredicate
source: StringPredicate
sourceIp: StringPredicate
status: StoryStatusPredicate
storyId: StoryIdPredicate
timeFrame: TimeFramePredicate!
vendor: VendorPredicate
verdict: StoryVerdictPredicate
}
input StoryVerdictPredicate {
in: [StoryVerdictEnum!]
not_in: [StoryVerdictEnum!]
}
input TimeFramePredicate {
time: TimeFrame!
timeFrameModifier: TimeFrameModifier
}
enum TimeFrameModifier {
AnalystUpdate
StoryCreate
StoryUpdate
}
input AccountIdPredicate {
in: [ID!]
not_in: [ID!]
}
input StoryIdPredicate {
in: [ID!]
not_in: [ID!]
}
input StorySeverityPredicate {
in: [SeverityEnum!]
not_in: [SeverityEnum!]
}
enum SeverityEnum {
High
Low
Medium
}
input StoryProducerPredicate {
in: [StoryProducerEnum!]
not_in: [StoryProducerEnum!]
}
input StoryStatusPredicate {
in: [StoryStatusEnum!]
not_in: [StoryStatusEnum!]
}
input IntPredicate {
eq: Int
gt: Int
gte: Int
in: [Int!]
lt: Int
lte: Int
not_in: [Int!]
}
input StringPredicate {
contains: String
in: [String]
not_in: [String]
}
input BooleanPredicate {
is: String!
}
input EngineTypePredicate {
in: [StoryEngineTypeEnum!]
not_in: [StoryEngineTypeEnum!]
}
input VendorPredicate {
in: [VendorEnum!]
not_in: [VendorEnum!]
}
enum SortDirectionEnum {
asc
desc
}
type StoriesData {
"""Fields returned from the Story query"""
items: [Story!]!
"""
Define the stories that are returned, similar to a page of stories in the Cato Management Application
"""
paging: Paging!
}
type Paging {
"""
Based on the filter and sort parameters, the first story that is returned
"""
from: Int!
"""
Based on the filter and sort parameters, the number of stories returned after the from. For example, the argument {from: 10, limit: 10} returns stories 10-20.
"""
limit: Int!
"""Total number of stories returned"""
total: Int!
}
type Story {
"""ID for your Cato account"""
accountId: Int!
"""Name of the account in the Cato Management Application"""
accountName: String
"""Email address of the analyst working on the story"""
analystEmail: String
"""Name of analyst working on the story"""
analystName: String
"""Timestamp when the story was created"""
createdAt: DateTime!
"""Unique Cato ID for each story"""
id: ID!
"""
Data related to the fields and incidents that were merged to create or update the story
"""
incident: MergedIncident!
"""
URL for the playbook in the Knowledge Base to help troubleshoot the story
"""
playbook: String
"""Summary of the story"""
summary: String
"""Data for the story timeline"""
timeline: [TimelineItem!]!
"""Timestamp when the story was most recently updated"""
updatedAt: DateTime!
}
enum StoryStatusEnum {
Closed
Monitoring
Open
PendingAnalysis
PendingMoreInfo
Reopened
}
"""For XDR stories, items that happened during the lifetime of the story"""
type TimelineItem {
"""Additional information about this timeline item"""
additionalInfo: String
"""Data about the analyst for this timeline item (ie. name, email)"""
analystInfo: AnalystInfo
"""Icon for the timeline item"""
category: TimelineItemCategoryEnum
"""
Brief summary of action related to the timeline item (ie. Story created, Status update to)
"""
context: String!
"""Timestamp the timeline item was created"""
createdAt: DateTime!
"""Description of the timeline item"""
description: String! @deprecated(reason: "use 'descriptions' instead")
"""Description of the timeline item"""
descriptions: [String!]!
"""Type of threat assigned by the analyst"""
type: TimelineTypeEnum!
}
type AnalystInfo {
"""Security analyst email address"""
email: String
"""Security analyst name"""
name: String
}
enum TimelineTypeEnum {
Action
Comment
Diff
}
enum TimelineItemCategoryEnum {
Error
Information
Warning
}
type StoryComment {
actor: ActorRef!
createdAt: Time!
id: ID!
text: String!
}
interface MergedIncident {
"""Unique Cato ID for each story"""
id: ID!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Connection for the incident"""
connectionType: ConnectionTypeEnum
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact)
For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""
For Network stories - The site where the network issue is occurring
For Security stories - IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""The ticket an analyst created for this story"""
ticket: String
"""Status for the story"""
status: StoryStatusEnum
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""For Security stories, description of the threat"""
description: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
"""Cato ID and name for the site"""
site: SiteRef
"""Cato ID and name for the user"""
user: UserRef
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
}
type AnalystFeedbackThreatType {
details: String
name: String
recommendedAction: String
}
type AnalystFeedback {
additionalInfo: String
severity: SeverityEnum
threatClassification: String
threatType: AnalystFeedbackThreatType
verdict: StoryVerdictEnum
}
interface Anomalies implements MergedIncident {
id: ID!
firstSignal: DateTime!
lastSignal: DateTime!
engineType: StoryEngineTypeEnum
vendor: VendorEnum
producer: StoryProducerEnum!
producerName: String!
connectionType: ConnectionTypeEnum
indication: String!
queryName: String
source: String
criticality: Int
ticket: String
status: StoryStatusEnum
research: Boolean
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
storyDuration: Int
description: String
analystFeedback: AnalystFeedback
site: SiteRef
user: UserRef
sourceIp: String
similarStoriesData: [SimilarStoryData!]!
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
direction: String
}
"""
The `AnomalyStats` object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.
"""
type AnomalyStats implements Anomalies & MergedIncident {
analystFeedback: AnalystFeedback
breakdownField: String
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
drillDownFilter: [StoryDrillDownFilter!]
engineType: StoryEngineTypeEnum
extra: [Extra!]
firstSignal: DateTime!
gaussian: Gaussian
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
metric: Metric
metricDetails: MetricDetails
mitres: [Mitre!]
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
rules: [String!]
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
subjectType: String
targets: [IncidentTargetRep!]!
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
"""
The `AnomalyEvents` object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.
"""
type AnomalyEvents implements Anomalies & MergedIncident {
analystFeedback: AnalystFeedback
breakdownField: String
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
drillDownFilter: [StoryDrillDownFilter!]
engineType: StoryEngineTypeEnum
extra: [Extra!]
firstSignal: DateTime!
gaussian: Gaussian
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
metric: Metric
metricDetails: MetricDetails
mitres: [Mitre!]
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
rules: [String!]
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
subjectType: String
targets: [IncidentTargetRep!]!
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
type Metric {
name: String!
value: Float!
}
type Gaussian {
avg: Float
n: Float
ss: Float
std: Float
z_score: Float
}
type Extra {
name: String!
type: String!
value: String!
}
type MetricDetails {
name: String!
units: String!
}
"""
The "Threat" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.
"""
type Threat implements MergedIncident {
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
"""Client Class for the traffic flow"""
clientClass: [String!]!
"""Connection for this incident"""
connectionType: ConnectionTypeEnum
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""Name of the device"""
deviceName: String
"""Traffic direction for the threat"""
direction: String
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Data for the Cato event for this story"""
events: [Event!]
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""Data about the traffic flow for the threat"""
flows: [IncidentFlow!]
"""Cardinality of traffic flows for the threat"""
flowsCardinality: Int
"""Unique Cato ID for this threat"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Timestamp for the first incident signal related to this story"""
lastSignal: DateTime!
"""Username for the device"""
logonName: String
"""MAC address of the device"""
macAddress: String
"""Mitre data for the story (ie. ID, name)"""
mitres: [Mitre!]
"""OS for device or host that is the threat target"""
os: String
"""Predicted threat type for the story based on Cato algorithm"""
predictedThreatType: String
"""Predicted verdict of the story based on Cato algorithm"""
predictedVerdict: StoryVerdictEnum
"""Producer (specific XDR engine and service) involved with the incident"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
The value is TRUE when the story is currently being researched by Security Analysts
"""
research: Boolean
"""The estimated risk level of the threat (ie. Malicious, High, Low)"""
riskLevel: RiskLevelEnum
"""Data for stories that are similar"""
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
The source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Cato ID for the site that is the source of the threat"""
srcSiteId: String
"""Status of this story"""
status: StoryStatusEnum
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""Data about the target of the threat"""
targets: [IncidentTargetRep!]!
"""The ticket an analyst created for this story"""
ticket: String
"""Timeseries data for the incident"""
timeSeries: [IncidentTimeseries!]
"""Cato ID and name for the user"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
}
"""
The `ThreatPrevention` object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.
"""
type ThreatPrevention implements MergedIncident {
analystFeedback: AnalystFeedback
clientClass: [String!]!
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceName: String
direction: String
engineType: StoryEngineTypeEnum
events: [Event!]
firstSignal: DateTime!
flowsCardinality: Int
id: ID!
indication: String!
lastSignal: DateTime!
logonName: String
macAddress: String
mitres: [Mitre!]
os: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
riskLevel: RiskLevelEnum
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteName: String @deprecated(reason: "'siteName' is deprecated, use 'site.name' instead")
source: String
sourceIp: String
srcSiteId: String
status: StoryStatusEnum
storyDuration: Int
targets: [IncidentTargetRep!]!
threatPreventionsEvents: [ThreatPreventionEvents!]
ticket: String
timeSeries: [IncidentTimeseries!]
user: UserRef
vendor: VendorEnum
}
type SimilarStoryData {
indication: String
similarityPercentage: Float
storyId: String
threatClassification: String
threatTypeName: String
verdict: String
}
type ThreatPreventionEvents {
appName: String
clientClass: String
createdAt: DateTime
destinationCountry: String
destinationGeolocation: String
destinationIp: String
destinationPort: Int
direction: String
dnsResponseIP: String
domain: String
fileHash: String
httpResponseCode: Int
ja3: String
method: String
referrer: String
smbFileName: String
sourceGeolocation: String
sourceIp: String
sourcePort: Int
target: String
tunnelGeolocation: String
url: String
user: String
userAgent: String
}
enum NetworkXDREventTypeEnum {
DEGRADED
INSIGHT
RESOLVED
}
enum LinkConfigPrecedenceEnum {
ACTIVE
LAST_RESORT
PASSIVE
}
enum LinkStatusEnum {
ACTIVE
PASSIVE
}
enum DeviceConfigHaRoleEnum {
PRIMARY
SECONDARY
}
enum DeviceHaRoleStateEnum {
BACKUP
MASTER
}
enum NetworkEventSourceEnum {
BGP_SESSION
DEVICE
HOST
ISP
LINK
POP
SITE
}
enum LinkQualityIssueTypeEnum {
CONGESTION
DISTANCE
JITTER
PACKET_LOSS
}
enum TrafficDirectionEnum {
DOWNSTREAM
UPSTREAM
}
type BGPConnection {
catoAsn: Asn16
catoIp: String
connectionName: String
peerAsn: Asn32
peerIp: String
}
type LinkQualityIssue {
current: Int
direction: TrafficDirectionEnum
issueType: LinkQualityIssueTypeEnum
threshold: Int
}
type NetworkTimelineEvent {
acknowledged: Boolean
bgpConnection: BGPConnection
created: DateTime!
description: String
deviceConfigHaRole: DeviceConfigHaRoleEnum
deviceHaRoleState: DeviceHaRoleStateEnum
eventIds: [String!]!
eventType: NetworkXDREventTypeEnum
hostIp: String
incidentId: String
isp: String
linkConfigBandwidth: String
linkConfigPrecedence: LinkConfigPrecedenceEnum
linkId: String
linkName: String
linkQualityIssue: LinkQualityIssue
linkStatus: LinkStatusEnum
muted: Boolean
networkEventSource: NetworkEventSourceEnum
pop: String
ruleName: String
socketSerialId: String
tunnelResetCount: Int
validated: DateTime!
}
enum IlmmOnboardingStatus {
COMPLETE
FAILED
MISSING
PENDING
}
type IspLoaFile {
fileHash: String
fileName: String
uploadedAt: Time
}
type IlmmContact {
email: String
name: String
phone: String
}
type IlmmLinkDetails {
activeLicense: Boolean
comments: String
description: String
ispLinkId: String
linkId: String
onboardingStatus: IlmmOnboardingStatus
}
type IlmmIspDetails {
countryCode: String
description: String
ispAccountId: String
loaFile: IspLoaFile
name: String
supportEmail: String
supportPhone: String
}
type IlmmDetails {
contacts: [IlmmContact!]
ispDetails: IlmmIspDetails
linkDetails: IlmmLinkDetails
}
"""
The `NetworkXDRIncident` object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.
"""
type NetworkXDRIncident implements MergedIncident {
acknowledged: Boolean
analystFeedback: AnalystFeedback
bgpConnection: BGPConnection
connectionType: ConnectionTypeEnum
criticality: Int
description: String
deviceConfigHaRole: DeviceConfigHaRoleEnum
engineType: StoryEngineTypeEnum
firstSignal: DateTime!
hostIp: String
id: ID!
ilmmDetails: IlmmDetails
indication: String!
isp: String
lastSignal: DateTime!
licenseBandwidth: String
licenseRegion: String
linkConfigPrecedence: LinkConfigPrecedenceEnum
linkId: String
linkName: String
muted: Boolean
networkIncidentTimeline: [NetworkTimelineEvent!]!
occurrences: Int
pop: String
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
producer: StoryProducerEnum!
producerName: String!
queryName: String
research: Boolean
ruleName: String
similarStoriesData: [SimilarStoryData!]!
site: SiteRef
siteConfigLocation: String
siteConnectionType: String
siteName: String!
source: String
sourceIp: String
status: StoryStatusEnum
storyDuration: Int
storyType: String!
ticket: String
user: UserRef
vendor: VendorEnum
}
enum ScanResult {
BYPASS_BY_CONTENT_RULE
BYPASS_BY_OTHER
BYPASS_BY_TYPE
CANCELLED
CLEAN
ENCRYPTED
VIRUS_FOUND
}
type Event {
action: String
appId: String
appName: String
dnsProtectionCategory: String
eventType: String
ruleId: String
scanResult: ScanResult
severity: String
signatureId: String
threatName: String
threatType: String
virusName: String
}
type Mitre {
id: String
name: String
}
type IncidentTargetRep {
analysisScore: Float
categories: String
catoPopularity: Int
countryOfRegistration: String
creationTime: DateTime
engines: Int
eventData: [Event!]!
infectionSource: Boolean
name: String
searchHits: String
threatFeeds: Int
threatReference: String
type: TargetType
}
type IncidentFlow {
appName: String
clientClass: String
createdAt: DateTime
destinationCountry: String
destinationGeolocation: String
destinationIp: String
destinationPort: Int
direction: String
dnsResponseIP: String
domain: String
fileHash: String
httpResponseCode: Int
ja3: String
method: String
referer: String
smbFileName: String
sourceGeolocation: String
sourceIp: String
sourcePort: Int
target: String
tunnelGeolocation: String
url: String
user: String
userAgent: String
}
type StoryDrillDownFilter {
name: String!
value: String! @deprecated(reason: "No longer supported")
values: [String!]!
}
enum RiskLevelEnum {
Benign
High
Inconclusive
Low
Malicious
Medium
nan
}
enum StoryProducerEnum {
AnomalyEvents
AnomalyExperience
AnomalyStats
CatoEndpointAlert
EntraIdAlert
MicrosoftEndpointDefender
NetworkMonitor
NetworkXDR
ThreatHunt
ThreatPrevention
}
enum StoryEngineTypeEnum {
ANOMALY
ENDPOINT
IDENTITY
NETWORK
THREAT
}
enum VendorEnum {
CATO
MICROSOFT
}
enum ConnectionTypeEnum {
Host
Site
User
}
type IncidentTimeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"whether to normalize the data into per second (i.e. divide by granularity)"
perSecond: Boolean = true
): [[Float!]]
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
key: TimeseriesKey
"Indicates the type of the timeseries"
label: String!
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
}
interface Endpoint implements MergedIncident {
"""Unique Cato ID for the story"""
id: ID!
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
"""XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
"""
Enum for the Producer (specific XDR engine and service) involved with the incident
"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
"""Enum for the connection for this incident (ie. site, host, user)"""
connectionType: ConnectionTypeEnum
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""Category for the indication ID related to the story"""
queryName: String
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
criticality: Int
ticket: String
status: StoryStatusEnum
research: Boolean
siteName: String
storyDuration: Int
description: String
sourceIp: String
analystFeedback: AnalystFeedback
site: SiteRef
user: UserRef
similarStoriesData: [SimilarStoryData!]!
predictedVerdict: StoryVerdictEnum
predictedThreatType: String
device: DeviceDetails
alerts: [EndpointAlert!]!
}
interface EndpointAlert {
id: ID!
title: String
description: String
threatName: String
mitreTechnique: [Mitre!]!
mitreSubTechnique: [Mitre!]!
createdDateTime: DateTime
resources: [EndpointResource!]!
activities: [Activity!]!
criticality: Int
externalIp: String
localIp: String
}
interface Activity {
id: ID!
resourceId: ID!
parentResourceId: ID!
}
interface DeviceDetails {
id: ID!
deviceName: String
osDetails: OsDetails
loggedOnUsers: [EndpointUser!]!
externalIp: String
localIp: String
}
type OsDetails {
osBuild: Int
osType: String!
osVersion: String
}
interface EndpointUser {
id: ID!
name: String!
}
enum ResourceRoleEnum {
ADDED
ATTACKED
ATTACKER
COMMAND_AND_CONTROL
COMPROMISED
CONTEXTUAL
CREATED
DESTINATION
EDITED
LOADED
POLICY_VIOLATOR
SCANNED
SOURCE
SUSPICIOUS
}
enum RemediationStatusEnum {
BLOCKED
CLEAN
DELETED
DELETED_REBOOT
DISABLED
DISINFECT_FAILED
DISINFECTED
INFECTED
MOVED
MOVED_REBOOT
NOT_FOUND
NOT_STARTED
PASSWORD_PROTECTED
PREVENTED
REBOOT_REQUIRED
REMEDIATED
SCAN_FAILED
SUCCESS
SUSPICIOUS
UNKNOWN
}
enum DeviceHealthStatusEnum {
ACTIVE
IMPAIRED_COMMUNICATION
INACTIVE
NO_SENSOR_DATA
NO_SENSOR_DATA_IMPAIRED_COMMUNICATION
}
enum DeviceAvStatusEnum {
DISABLED
NOT_REPORTING
NOT_UPDATED
UPDATED
}
interface EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
}
interface ProcessResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
processId: Int!
processCommandLine: String
imageFile: FileDetails
userAccount: EndpointUser
}
interface FileResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
fileDetails: FileDetails
detectionStatus: DetectionStatusEnum
}
interface RegistryResource implements EndpointResource {
id: ID!
createdDateTime: DateTime
remediationStatus: RemediationStatusEnum
hive: String
key: String
value: String
valueName: String
valueType: String
}
type FileDetails {
issuer: String
md5: String
name: String
path: String
publisher: String
sha1: String
sha256: String
signer: String
size: Int
}
enum DetectionStatusEnum {
BLOCKED
DETECTED
PREVENTED
}
"""
The `CatoEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.
"""
type CatoEndpoint implements Endpoint & MergedIncident {
"""Details for the threat detected by the EPP"""
alerts: [CatoEndpointAlert!]!
"""Fields related to analysts research of the threat incident"""
analystFeedback: AnalystFeedback
"""enum for the connection for this incident (ie. host, user)"""
connectionType: ConnectionTypeEnum
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""Details for the EPP device (ie. device name, OS, MAC address)"""
device: CatoEndpointDeviceDetails
"""enum that shows XDR engine involved with the incident"""
engineType: StoryEngineTypeEnum
"""Timestamp for the first incident signal related to this story"""
firstSignal: DateTime!
"""ID for the Endpoint Protection story"""
id: ID!
"""
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications.
"""
indication: String!
"""
Timestamp for the last (most recent) incident signal related to this story
"""
lastSignal: DateTime!
predictedThreatType: String
predictedVerdict: StoryVerdictEnum
"""
enum for the Producer (specific XDR engine or service) involved with the incident
"""
producer: StoryProducerEnum!
"""
Full name of the Producer (specific XDR engine and service) involved with the incident
"""
producerName: String!
""""""
queryName: String
"""
TRUE indicates that the story is currently being researched by Security Analysts
"""
research: Boolean
similarStoriesData: [SimilarStoryData!]!
"""Cato ID and name for the site"""
site: SiteRef
"""Site name related to the story"""
siteName: String
"""
IP address, name of device, or SDP user on your network involved in the story
"""
source: String
"""
Source IP address of the device in your network sending or receiving the flow
"""
sourceIp: String
"""Enum for the status of this story (ie. Open, Closed, Monitoring)"""
status: StoryStatusEnum
"""
Amount of time since the story was opened (no value for closed stories)
"""
storyDuration: Int
"""The ticket for this story"""
ticket: String
"""Cato ID and name for the site"""
user: UserRef
"""Vendor that identified the incident, such as Cato or Microsoft"""
vendor: VendorEnum
}
enum CatoEndpointEngineType {
AntiMalware
Behavioral
}
"""
The `CatoEndpointDeviceDetails` object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.
"""
type CatoEndpointDeviceDetails implements DeviceDetails {
"""Name of the device"""
deviceName: String
externalIp: String
"""Unique Cato ID for this story"""
id: ID!
localIp: String
"""Data for one or more users logged in to the device"""
loggedOnUsers: [EndpointUser!]!
"""MAC address of the device"""
macAddress: String
"""OS data (ie. type, build, version)"""
osDetails: OsDetails
}
"""
The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.
"""
type CatoEndpointUser implements EndpointUser {
"""ID for the user"""
id: ID!
"""Username for the user whose activity generated the indication"""
name: String!
}
"""
The `CatoEndpointAlert` object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.
"""
type CatoEndpointAlert implements EndpointAlert {
"""Unique Cato IDs for the activities related to the alert"""
activities: [CatoActivity!]!
"""Timestamp that the threat was detected and the alert generated"""
createdDateTime: DateTime
"""
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk)
"""
criticality: Int
"""Description of the threat"""
description: String
"""EPP profile that is assigned to this device"""
endpointProtectionProfile: String
"""Enum for the EPP engine related to this story"""
engineType: CatoEndpointEngineType
externalIp: String
"""Unique Cato ID for the Endpoint Protection story"""
id: ID!
localIp: String
"""MITRE ATT&CK® sub-technique for the threat"""
mitreSubTechnique: [Mitre!]!
"""MITRE ATT&CK® technique for the threat"""
mitreTechnique: [Mitre!]!
"""Data for the remediation status of the alert"""
resources: [CatoResource!]!
"""Enum for the remediation status of the EPP alert"""
status: RemediationStatusEnum
"""Name of threat detected on the device"""
threatName: String
"""Title of the endpoint alert"""
title: String
}
interface CatoResource implements EndpointResource {
"""Unique Cato ID for this EPP resource"""
id: ID!
"""Timestamp that the this resource was used"""
createdDateTime: DateTime
"""Enum for the remediation status associated with this resource"""
remediationStatus: RemediationStatusEnum
}
"""
The `CatoProcessResource` is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.
"""
type CatoProcessResource implements ProcessResource & CatoResource & EndpointResource {
"""Timestamp that the this resource was used"""
createdDateTime: DateTime
"""Unique Cato ID for this resource"""
id: ID!
"""Details of the file related to this process"""
imageFile: FileDetails
"""CLI command related to this process"""
processCommandLine: String
"""ID for the process"""
processId: Int!
"""Enum for the remediation status associated with this resource"""
remediationStatus: RemediationStatusEnum
"""User account related to this process"""
userAccount: EndpointUser
}
"""
The `CatoFileResource` is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.
"""
type CatoFileResource implements FileResource & CatoResource & EndpointResource {
"""Timestamp that the this file resource was used"""
createdDateTime: DateTime
"""Enum for the detection status of this file resource"""
detectionStatus: DetectionStatusEnum
"""Details of the file related to this resource"""
fileDetails: FileDetails
"""Unique Cato ID for this file resource"""
id: ID!
"""Enum for the remediation status associated with this file resource"""
remediationStatus: RemediationStatusEnum
}
"""
CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.
"""
type CatoActivity implements Activity {
"""Unique Cato ID for this activity"""
id: ID!
"""
Unique Cato ID for the preceding resource (process or file) in the alert
"""
parentResourceId: ID!
"""
Unique Cato ID for the resource (process or file) involved in the alert
"""
resourceId: ID!
}
type SiteMutations {
"""Adds a new BGP peer to the specified site."""
addBgpPeer(input: AddBgpPeerInput!): AddBgpPeerPayload @beta
"""
Add a new physical connection to a cloud interconnect site.Either connect to a partner, or a non-supported public provider
"""
addCloudInterconnectPhysicalConnection(input: AddCloudInterconnectPhysicalConnectionInput!): AddCloudInterconnectPhysicalConnectionPayload @beta
"""Add a new cloud interconnect site."""
addCloudInterconnectSite(input: AddCloudInterconnectSiteInput!): AddCloudInterconnectSitePayload @beta
addIpsecIkeV2Site(input: AddIpsecIkeV2SiteInput!): AddIpsecIkeV2SitePayload @beta
addIpsecIkeV2SiteTunnels(siteId: ID!, input: AddIpsecIkeV2SiteTunnelsInput!): AddIpsecIkeV2SiteTunnelsPayload @beta
addNetworkRange(lanSocketInterfaceId: ID!, input: AddNetworkRangeInput!): AddNetworkRangePayload @ga
"""Add a secondary AWS vSocket to an existing site"""
addSecondaryAwsVSocket(input: AddSecondaryAwsVSocketInput!): AddSecondaryAwsVSocketPayload @beta
"""Add a secondary Azure vSocket to an existing site"""
addSecondaryAzureVSocket(input: AddSecondaryAzureVSocketInput!): AddSecondaryAzureVSocketPayload @beta
addSocketSite(input: AddSocketSiteInput!): AddSocketSitePayload @ga
addStaticHost(siteId: ID!, input: AddStaticHostInput!): AddStaticHostPayload @ga
"""Removes an existing BGP peer configuration from a site."""
removeBgpPeer(input: RemoveBgpPeerInput!): RemoveBgpPeerPayload @beta
"""Remove a physical connection from a cloud interconnect site."""
removeCloudInterconnectPhysicalConnection(input: RemoveCloudInterconnectPhysicalConnectionInput!): RemoveCloudInterconnectPhysicalConnectionPayload @beta
removeIpsecIkeV2SiteTunnels(siteId: ID!, input: RemoveIpsecIkeV2SiteTunnelsInput!): RemoveIpsecIkeV2SiteTunnelsPayload @beta
removeNetworkRange(networkRangeId: ID!): RemoveNetworkRangePayload @ga
removeSite(siteId: ID!): RemoveSitePayload @ga
removeStaticHost(hostId: ID!): RemoveStaticHostPayload @ga
"""Updates an existing BGP peer configuration."""
updateBgpPeer(input: UpdateBgpPeerInput!): UpdateBgpPeerPayload @beta
"""Update an existing physical connection at a cloud interconnect site."""
updateCloudInterconnectPhysicalConnection(input: UpdateCloudInterconnectPhysicalConnectionInput!): UpdateCloudInterconnectPhysicalConnectionPayload @beta
updateHa(siteId: ID!, input: UpdateHaInput!): UpdateHaPayload @ga
updateIpsecIkeV2SiteGeneralDetails(siteId: ID!, input: UpdateIpsecIkeV2SiteGeneralDetailsInput!): UpdateIpsecIkeV2SiteGeneralDetailsPayload @beta
updateIpsecIkeV2SiteTunnels(siteId: ID!, input: UpdateIpsecIkeV2SiteTunnelsInput!): UpdateIpsecIkeV2SiteTunnelsPayload @beta
updateNetworkRange(networkRangeId: ID!, input: UpdateNetworkRangeInput!): UpdateNetworkRangePayload @ga
updateSiteGeneralDetails(siteId: ID!, input: UpdateSiteGeneralDetailsInput!): UpdateSiteGeneralDetailsPayload @ga
updateSocketInterface(siteId: ID!, socketInterfaceId: SocketInterfaceIDEnum!, input: UpdateSocketInterfaceInput!): UpdateSocketInterfacePayload @ga
updateStaticHost(hostId: ID!, input: UpdateStaticHostInput!): UpdateStaticHostPayload @ga
}
type SiteQueries {
"""Retrieves details of a specific BGP peer by reference."""
bgpPeer(input: BgpPeerRefInput!): BgpPeer @beta
"""Retrieves a list of all BGP peers associated with the specified site."""
bgpPeerList(input: BgpPeerListInput!): BgpPeerListPayload @beta
"""
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
"""
cloudInterconnectConnectionConnectivity(input: CloudInterconnectConnectionConnectivityInput!): CloudInterconnectConnectionConnectivity @beta
"""Get details of a physical connection at a cloud interconnect site."""
cloudInterconnectPhysicalConnection(input: CloudInterconnectPhysicalConnectionInput!): CloudInterconnectPhysicalConnection @beta
"""Get the ID of a physical connection at a cloud interconnect site."""
cloudInterconnectPhysicalConnectionId(input: CloudInterconnectPhysicalConnectionIdInput!): CloudInterconnectPhysicalConnectionId @beta
"""
Provides the BGP status of the specified site, including session and route details.
"""
siteBgpStatus(input: SiteBgpStatusInput!): SiteBgpStatus @beta
}
input AddSecondaryAwsVSocketInput {
"""The IP address of LAN interface"""
eniIpAddress: IPAddress!
"""The subnet of the LAN interface"""
eniIpSubnet: NetworkSubnet!
"""The ID of the LAN route table"""
routeTableId: String!
"""
Information about the site where the secondary AWS VSocket is being added.
"""
site: SiteRefInput!
}
input AddSecondaryAzureVSocketInput {
"""The floating IP address"""
floatingIp: IPAddress!
"""The IP address of the interface"""
interfaceIp: IPAddress!
"""
Information about the site where the secondary Azure VSocket is being added.
"""
site: SiteRefInput!
}
type AddSecondaryAwsVSocketPayload {
"""The secondary socket id"""
id: ID!
}
type AddSecondaryAzureVSocketPayload {
"""The secondary socket id"""
id: ID!
}
input AddSocketSiteInput {
""""""
connectionType: SiteConnectionTypeEnum! = SOCKET_X1500
description: String
"""The name of the site"""
name: String!
"""The native range of the site"""
nativeNetworkRange: IPSubnet!
"""The location of the site"""
siteLocation: AddSiteLocationInput!
"""Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER."""
siteType: SiteType! = BRANCH
translatedSubnet: IPSubnet
"""VLAN ID for native range"""
vlan: Vlan
}
input AddSiteLocationInput {
"""optional address"""
address: String
"""city name, must belong to the country or country and state"""
city: String
"""country code"""
countryCode: String!
"""optional state code"""
stateCode: String
"""time zone"""
timezone: String!
}
input UpdateSiteGeneralDetailsInput {
description: String
name: String
siteLocation: UpdateSiteLocationInput
siteType: SiteType
}
input UpdateSiteLocationInput {
address: String
cityName: String
countryCode: String
stateCode: String
timezone: String
}
input UpdateSocketInterfaceInput {
"""Only relevant for ALTERNATIVE, LAYER_2_WAN"""
altWan: SocketInterfaceAltWanInput
"""Only relevant for CATO, ALTERNATIVE, LAYER_2_WAN"""
bandwidth: SocketInterfaceBandwidthInput
destType: SocketInterfaceDestType!
"""Only relevant for LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP"""
lag: SocketInterfaceLagInput
"""
Only relevant for LAN, VRRP_AND_LAN, LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP
"""
lan: SocketInterfaceLanInput
name: String
"""Only relevant for CATO"""
offCloud: SocketInterfaceOffCloudInput
"""Only relevant for VRRP"""
vrrp: SocketInterfaceVrrpInput
"""Only relevant for CATO"""
wan: SocketInterfaceWanInput
}
type UpdateSocketInterfacePayload {
siteId: ID!
socketInterfaceId: SocketInterfaceIDEnum!
}
input SocketInterfaceBandwidthInput {
downstreamBandwidth: Int
downstreamBandwidthMbpsPrecision: Float @beta
upstreamBandwidth: Int
upstreamBandwidthMbpsPrecision: Float @beta
}
input SocketInterfaceWanInput {
precedence: SocketInterfacePrecedenceEnum!
role: SocketInterfaceRole!
}
input SocketInterfaceLanInput {
localIp: IPAddress!
subnet: IPSubnet!
translatedSubnet: IPSubnet
}
input SocketInterfaceOffCloudInput {
enabled: Boolean!
publicIp: IPAddress
publicStaticPort: Int
}
input SocketInterfaceAltWanInput {
privateGatewayIp: IPAddress!
privateInterfaceIp: IPAddress!
privateNetwork: IPSubnet!
privateVlanTag: Int
publicGatewayIp: IPAddress
publicInterfaceIp: IPAddress
publicNetwork: IPSubnet
publicVlanTag: Int
}
input SocketInterfaceLagInput {
minLinks: Int!
}
input SocketInterfaceVrrpInput {
vrrpType: VrrpType
}
input AddNetworkRangeInput {
"""Only relevant for AZURE HA sites"""
azureFloatingIp: IPAddress
"""Only relevant for NATIVE, VLAN rangeType"""
dhcpSettings: NetworkDhcpSettingsInput
"""Only relevant for ROUTED_ROUTE rangeType"""
gateway: IPAddress
internetOnly: Boolean
"""
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
"""
localIp: IPAddress
"""BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType"""
mdnsReflector: Boolean
name: String!
rangeType: SubnetType!
subnet: IPSubnet!
translatedSubnet: IPSubnet
"""Only relevant for VLAN network rangeType"""
vlan: Int
}
input UpdateNetworkRangeInput {
"""Only relevant for AZURE HA sites"""
azureFloatingIp: IPAddress
"""Only relevant for NATIVE, VLAN rangeType"""
dhcpSettings: NetworkDhcpSettingsInput
"""Only relevant for ROUTED_ROUTE rangeType"""
gateway: IPAddress
internetOnly: Boolean
"""
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
"""
localIp: IPAddress
"""BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType"""
mdnsReflector: Boolean
name: String
rangeType: SubnetType
subnet: IPSubnet
translatedSubnet: IPSubnet
"""Only relevant for NATIVE and VLAN network rangeType"""
vlan: Int
}
input NetworkDhcpSettingsInput {
dhcpType: DhcpType!
ipRange: IPRange
relayGroupId: ID
}
input UpdateHaInput {
primaryManagementIp: IPAddress
secondaryManagementIp: IPAddress
vrid: Int
}
input AddStaticHostInput {
ip: IPAddress!
macAddress: String
name: String!
}
input UpdateStaticHostInput {
ip: IPAddress
macAddress: String
name: String
}
type RemoveSitePayload {
siteId: ID!
}
type AddSocketSitePayload {
siteId: ID!
}
type UpdateSiteGeneralDetailsPayload {
siteId: ID!
}
type AddNetworkRangePayload {
networkRangeId: ID!
}
type UpdateNetworkRangePayload {
networkRangeId: ID!
}
type RemoveNetworkRangePayload {
networkRangeId: ID!
}
type UpdateHaPayload {
siteId: ID!
}
type AddStaticHostPayload {
hostId: ID!
}
type UpdateStaticHostPayload {
hostId: ID!
}
type RemoveStaticHostPayload {
hostId: ID!
}
enum SocketInterfacePrecedenceEnum {
ACTIVE
LAST_RESORT
PASSIVE
}
enum SiteConnectionTypeEnum {
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
SOCKET_GCP1500
SOCKET_X1500
SOCKET_X1600
SOCKET_X1600_LTE
SOCKET_X1700
}
enum HaRole {
PRIMARY
SECONDARY
}
scalar IPSubnet
"""A from-to range (used for DHCP range, for example)"""
scalar IPRange
"""A key value pairs object { "key1": "value1", "key2": "value2" }"""
scalar Map
"""
Enter the time frame for the data that the query returns.
The argument is in the format \.\ This argument is mandatory.
These are the supported options to define the time frame:
last.\ - The value for the last type is according to ISO-8601 and returns data
for the previous specific times. For example:
timeFrame = last.PT5M shows the previous 5 minutes
timeFrame = last.PT2H shows the previous 2 hours
timeFrame = last.P1D shows the previous 1 day
timeFrame = last.P3M shows the previous 3 months
timeFrame = last.P1Y shows the previous 1 year
utc.\ - The time frame combines a start and end date in the format YY-MM-DD/hh:mm:ss
according to the specified time zone. You must enter all the date and time values for the argument. For example:
timeFrame = utc.2020-02-{11/04:50:00--21/04:50:00} shows 10 days of analytics data from February 11, 2020 4:50:00 am to February 21, 2020 4:50:00 am
timeFrame = utc.2020-02-11/{04:50:15--16:50:15} shows 12 hours of analytics data on February 11, 2020, from 4:50:15 am to 16:50:15 pm
timeFrame = utc.2020-{02-11/04:50:00--04-11/04:50:00} shows 2 months of analytics data from February 11, 2020 4:50:00 am to April 11 4:50:00 am
timeFrame = utc.{2019-10-01/04:50:00--2020/02-01/04:50:00} shows 4 months of analytics data from October 1, 2019 4:50:00 am to February 11 4:50:00 am
This format lets you configure a time frame the includes more than one calendar year
"""
scalar TimeFrame
"""File upload - https://gqlgen.com/reference/file-upload/"""
scalar Upload
enum UnitType {
bits
"""Bits per second"""
bps
bytes
"""Bytes per second"""
bytesPerSec
"""The number of occurrences for this unit"""
count
ms
none
packets
percent
"""health analytics for the site"""
score
"""
For metrics that are measured in seconds, such as tunnelAge, the number of seconds
"""
seconds
}
enum AggregationType {
any
avg
changes
count
count_distinct
distinct
max
min
sum
uniq_set
}
enum DirectionEnum {
asc
desc
}
enum FilterOperator {
between
exists
gt
gte
in
is
is_not
lt
lte
not_between
not_exists
not_in
}
type RBACRole {
description: String
id: ID!
isPredefined: Boolean!
name: String!
}
type AdminRole {
allowedAccounts: [ID!]
allowedEntities: [Entity!]
role: RBACRole!
}
"Allowed actions"
enum AppTenantRestrictionActionEnum {
"Do not inject any Headers nor Values for outgoing traffic"
BYPASS
"Inject Headers and Values for outgoing traffic"
INJECT_HEADERS
}
input AppTenantRestrictionAddRuleDataInput {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum! = INJECT_HEADERS
"Applications for the rule (pre-defined)"
application: ApplicationRefInput!
description: String! = ""
enabled: Boolean!
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValueInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum! = HIGH
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: [], country: []}
}
input AppTenantRestrictionAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: AppTenantRestrictionAddRuleDataInput!
}
"pair of header name and value"
type AppTenantRestrictionHeaderValue {
"Header to inject"
name: HttpHeaderName!
"Value to inject"
value: HttpHeaderValue!
}
"pair of header name and value"
input AppTenantRestrictionHeaderValueInput {
"Header to inject"
name: HttpHeaderName!
"Value to inject"
value: HttpHeaderValue!
}
type AppTenantRestrictionPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [AppTenantRestrictionRulePayload!]!
sections: [PolicySectionPayload!]!
}
input AppTenantRestrictionPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input AppTenantRestrictionPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type AppTenantRestrictionPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: AppTenantRestrictionPolicy
status: PolicyMutationStatus!
}
type AppTenantRestrictionPolicyMutations {
addRule(input: AppTenantRestrictionAddRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): AppTenantRestrictionPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): AppTenantRestrictionPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): AppTenantRestrictionPolicyMutationPayload! @beta
removeRule(input: AppTenantRestrictionRemoveRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: AppTenantRestrictionPolicyUpdateInput!): AppTenantRestrictionPolicyMutationPayload! @beta
updateRule(input: AppTenantRestrictionUpdateRuleInput!): AppTenantRestrictionRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type AppTenantRestrictionPolicyQueries {
policy(input: AppTenantRestrictionPolicyInput): AppTenantRestrictionPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input AppTenantRestrictionPolicyUpdateInput {
state: PolicyToggleState
}
input AppTenantRestrictionRemoveRuleInput {
id: ID!
}
type AppTenantRestrictionRule implements IPolicyRule {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum!
"Applications for the rule (pre-defined)"
application: ApplicationRef!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValue!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSource!
}
type AppTenantRestrictionRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: AppTenantRestrictionRulePayload
status: PolicyMutationStatus!
}
type AppTenantRestrictionRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: AppTenantRestrictionRule!
}
"Severity options"
enum AppTenantRestrictionSeverityEnum {
"High severity"
HIGH
"Low severity"
LOW
"Medium severity"
MEDIUM
}
"Returns the settings for Source of an App Tenant Restriction rule"
type AppTenantRestrictionSource {
"Source country traffic matching criteria."
country: [CountryRef!]!
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an App Tenant Restriction rule"
input AppTenantRestrictionSourceInput {
"Source country traffic matching criteria."
country: [CountryRefInput!]! = []
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an App Tenant Restriction rule"
input AppTenantRestrictionSourceUpdateInput {
"Source country traffic matching criteria."
country: [CountryRefInput!]
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input AppTenantRestrictionUpdateRuleDataInput {
"The action applied by the App Tenant Restriction if the rule is matched"
action: AppTenantRestrictionActionEnum
"Applications for the rule (pre-defined)"
application: ApplicationRefInput
description: String
enabled: Boolean
"Headers and Values to Inject"
headers: [AppTenantRestrictionHeaderValueInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"Severity defined for the rule"
severity: AppTenantRestrictionSeverityEnum
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: AppTenantRestrictionSourceUpdateInput
}
input AppTenantRestrictionUpdateRuleInput {
id: ID!
rule: AppTenantRestrictionUpdateRuleDataInput!
}
enum ConnectionOriginEnum {
ANY
REMOTE
SITE
}
type DeviceAttributes {
"The category of the firewall device."
category: [String!]!
"The manufacturer of the firewall device."
manufacturer: [String!]!
"The model of the firewall device."
model: [String!]!
"The operating system of the firewall device."
os: [String!]!
"The version of the operating system of the firewall device."
osVersion: [String!]!
"The type of the firewall device."
type: [String!]!
}
input DeviceAttributesInput {
"The category of the firewall device."
category: [String!]! = []
"The manufacturer of the firewall device."
manufacturer: [String!]! = []
"The model of the firewall device."
model: [String!]! = []
"The operating system of the firewall device."
os: [String!]! = []
"The version of the operating system of the firewall device."
osVersion: [String!]! = []
"The type of the firewall device."
type: [String!]! = []
}
input DeviceAttributesUpdateInput {
"The category of the firewall device."
category: [String!]
"The manufacturer of the firewall device."
manufacturer: [String!]
"The model of the firewall device."
model: [String!]
"The operating system of the firewall device."
os: [String!]
"The version of the operating system of the firewall device."
osVersion: [String!]
"The type of the firewall device."
type: [String!]
}
input DynamicIpAllocationAddRuleDataInput {
country: [CountryRefInput!]! = []
description: String! = ""
enabled: Boolean!
name: String!
platform: [OperatingSystem!]! = []
range: DynamicIpAllocationRangeInput!
source: DynamicIpAllocationSourceInput! = {user: [], usersGroup: []}
}
input DynamicIpAllocationAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: DynamicIpAllocationAddRuleDataInput!
}
type DynamicIpAllocationPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [DynamicIpAllocationRulePayload!]!
sections: [PolicySectionPayload!]!
}
input DynamicIpAllocationPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input DynamicIpAllocationPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type DynamicIpAllocationPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: DynamicIpAllocationPolicy
status: PolicyMutationStatus!
}
type DynamicIpAllocationPolicyMutations {
addRule(input: DynamicIpAllocationAddRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): DynamicIpAllocationPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): DynamicIpAllocationPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): DynamicIpAllocationPolicyMutationPayload! @beta
removeRule(input: DynamicIpAllocationRemoveRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: DynamicIpAllocationPolicyUpdateInput!): DynamicIpAllocationPolicyMutationPayload! @beta
updateRule(input: DynamicIpAllocationUpdateRuleInput!): DynamicIpAllocationRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type DynamicIpAllocationPolicyQueries {
policy(input: DynamicIpAllocationPolicyInput): DynamicIpAllocationPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input DynamicIpAllocationPolicyUpdateInput {
state: PolicyToggleState
}
type DynamicIpAllocationRange {
globalIpRange: GlobalIpRangeRef!
}
input DynamicIpAllocationRangeInput {
globalIpRange: GlobalIpRangeRefInput!
}
input DynamicIpAllocationRangeUpdateInput {
globalIpRange: GlobalIpRangeRefInput
}
input DynamicIpAllocationRemoveRuleInput {
id: ID!
}
type DynamicIpAllocationRule implements IPolicyRule {
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
platform: [OperatingSystem!]!
range: DynamicIpAllocationRange!
"Policy section where the rule is located"
section: PolicySectionInfo!
source: DynamicIpAllocationSource!
}
type DynamicIpAllocationRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: DynamicIpAllocationRulePayload
status: PolicyMutationStatus!
}
type DynamicIpAllocationRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: DynamicIpAllocationRule!
}
type DynamicIpAllocationSource {
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input DynamicIpAllocationSourceInput {
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input DynamicIpAllocationSourceUpdateInput {
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
input DynamicIpAllocationUpdateRuleDataInput {
country: [CountryRefInput!]
description: String
enabled: Boolean
name: String
platform: [OperatingSystem!]
range: DynamicIpAllocationRangeUpdateInput
source: DynamicIpAllocationSourceUpdateInput
}
input DynamicIpAllocationUpdateRuleInput {
id: ID!
rule: DynamicIpAllocationUpdateRuleDataInput!
}
"Shared interface for any policy"
interface IPolicy {
"TRUE = Policy is enabled, FALSE = Policy is disabled"
enabled: Boolean!
"Return list of rules in the policy"
rules: [IPolicyRulePayload!]!
"Return sections in the policy"
sections: [PolicySectionPayload!]!
"Audit data for the policy"
audit: PolicyAudit
"Return data for the Policy revision"
revision: PolicyRevision
}
"Results of policy change"
interface IPolicyMutationPayload {
"Data for the policy"
policy: IPolicy
"Enum for the status of the policy change"
status: PolicyMutationStatus!
"List of errors related to the policy change"
errors: [PolicyMutationError!]!
}
interface IPolicyRule {
"Rule ID"
id: ID!
"Name of the rule"
name: String!
"Description for the rule"
description: String
"Position / priority of rule"
index: Int!
"TRUE = Rule is enabled, FALSE = Rule is disabled"
enabled: Boolean!
"Policy section where the rule is located"
section: PolicySectionInfo
}
"Results of rule change"
interface IPolicyRuleMutationPayload {
"Returns settings for the rule"
rule: IPolicyRulePayload
"Enum for the status of the policy change"
status: PolicyMutationStatus!
"List of errors related to the policy change"
errors: [PolicyMutationError!]!
}
"Results of changes to the rule"
interface IPolicyRulePayload {
audit: PolicyElementAudit!
"Rule that was changed"
rule: IPolicyRule!
"Summary of rule change, (ie. ADDED, UPDATED)"
properties: [PolicyElementPropertiesEnum!]!
}
"The action applied by the Internet Firewall if the rule is matched"
enum InternetFirewallActionEnum {
"Allow the network traffic to pass through the firewall."
ALLOW
"Deny the network traffic from passing through the firewall."
BLOCK
"Requests user confirmation to allow or block network traffic."
PROMPT
"Apply Remote Browser Isolation (RBI) to the network traffic"
RBI
}
input InternetFirewallAddRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum! = BLOCK
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestinationInput! = {application: [], customApp: [], appCategory: [], customCategory: [], sanctionedAppsCategory: [], country: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: [], remoteAsn: [], containers: {fqdnContainer: [], ipAddressRangeContainer: []}}
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]! = []
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleExceptionInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceTypeInput! = {standard: [], custom: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Rule parameters and relevant position"
input InternetFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: InternetFirewallAddRuleDataInput!
}
type InternetFirewallContainer {
fqdnContainer: [FqdnContainerRef!]!
ipAddressRangeContainer: [IpAddressRangeContainerRef!]!
}
input InternetFirewallContainerInput {
fqdnContainer: [FqdnContainerRefInput!]! = []
ipAddressRangeContainer: [IpAddressRangeContainerRefInput!]! = []
}
input InternetFirewallContainerUpdateInput {
fqdnContainer: [FqdnContainerRefInput!]
ipAddressRangeContainer: [IpAddressRangeContainerRefInput!]
}
"Returns the settings for Destination of an Internet Firewall rule"
type InternetFirewallDestination {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
containers: InternetFirewallContainer!
"Countries"
country: [CountryRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]!
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRef!]!
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]!
}
"Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)"
input InternetFirewallDestinationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
containers: InternetFirewallContainerInput! = {fqdnContainer: [], ipAddressRangeContainer: []}
"Countries"
country: [CountryRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]! = []
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]! = []
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]! = []
}
"Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)"
input InternetFirewallDestinationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
containers: InternetFirewallContainerUpdateInput
"Countries"
country: [CountryRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com."
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Remote Autonomous System Number (ASN)"
remoteAsn: [Asn32!]
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]
"Network subnets in CIDR notation"
subnet: [NetworkSubnet!]
}
type InternetFirewallPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [InternetFirewallRulePayload!]!
sections: [PolicySectionPayload!]!
}
input InternetFirewallPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input InternetFirewallPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Internet Firewall policy information provided in the API response"
type InternetFirewallPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: InternetFirewallPolicy
status: PolicyMutationStatus!
}
"The Internet firewall Policy information returned to the caller in the API response."
type InternetFirewallPolicyMutations {
"Add a new rule to the Internet Firewall policy."
addRule(input: InternetFirewallAddRuleInput!): InternetFirewallRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Create the policy revision. Create a new empty policy revision."
createPolicyRevision(input: PolicyCreateRevisionInput!): InternetFirewallPolicyMutationPayload! @beta
"Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted."
discardPolicyRevision(input: PolicyDiscardRevisionInput): InternetFirewallPolicyMutationPayload! @beta
"Change the relative location of an existing rule within the Internet Firewall policy."
moveRule(input: PolicyMoveRuleInput!): InternetFirewallRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
"Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins."
publishPolicyRevision(input: PolicyPublishRevisionInput): InternetFirewallPolicyMutationPayload! @beta
"Remove an existing rule from the Internet Firewall policy."
removeRule(input: InternetFirewallRemoveRuleInput!): InternetFirewallRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"""
Change the state of the policy, e.g. enable or disable the policy.
Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
"""
updatePolicy(input: InternetFirewallPolicyUpdateInput!): InternetFirewallPolicyMutationPayload! @beta
"Update an existing rule of the Internet Firewall policy."
updateRule(input: InternetFirewallUpdateRuleInput!): InternetFirewallRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type InternetFirewallPolicyQueries {
policy(input: InternetFirewallPolicyInput): InternetFirewallPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input InternetFirewallPolicyUpdateInput {
state: PolicyToggleState
}
input InternetFirewallRemoveRuleInput {
id: ID!
}
type InternetFirewallRule implements IPolicyRule {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestination!
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributes!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceType!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSource!
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTracking!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
type InternetFirewallRuleException {
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum!
"Source country matching criteria for the exception."
country: [CountryRef!]!
"Destination matching criteria for the exception."
destination: InternetFirewallDestination!
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRef!]!
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributes!
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]!
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: InternetFirewallServiceType!
"Source traffic matching criteria for the exception."
source: InternetFirewallSource!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
input InternetFirewallRuleExceptionInput {
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum! = ANY
"Source country matching criteria for the exception."
country: [CountryRefInput!]! = []
"Destination matching criteria for the exception."
destination: InternetFirewallDestinationInput! = {application: [], customApp: [], appCategory: [], customCategory: [], sanctionedAppsCategory: [], country: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: [], remoteAsn: [], containers: {fqdnContainer: [], ipAddressRangeContainer: []}}
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRefInput!]! = []
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]! = []
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: InternetFirewallServiceTypeInput! = {standard: [], custom: []}
"Source traffic matching criteria for the exception."
source: InternetFirewallSourceInput! = {ip: [], host: [], site: [], subnet: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
}
type InternetFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: InternetFirewallRulePayload
status: PolicyMutationStatus!
}
"Internet Firewall policy information for a specific revision"
type InternetFirewallRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: InternetFirewallRule!
}
"Returns the Service Type to which this Internet Firewall rule applies"
type InternetFirewallServiceType {
custom: [CustomService!]!
standard: [ServiceRef!]!
}
"Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input InternetFirewallServiceTypeInput {
custom: [CustomServiceInput!]! = []
standard: [ServiceRefInput!]! = []
}
"Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input InternetFirewallServiceTypeUpdateInput {
custom: [CustomServiceInput!]
standard: [ServiceRefInput!]
}
"Returns the settings for Source of an Internet Firewall rule"
type InternetFirewallSource {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input InternetFirewallSourceInput {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input InternetFirewallSourceUpdateInput {
"Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP."
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input InternetFirewallUpdateRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: InternetFirewallActionEnum
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: InternetFirewallDestinationUpdateInput
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesUpdateInput
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]
enabled: Boolean
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [InternetFirewallRuleExceptionInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: InternetFirewallServiceTypeUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: InternetFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingUpdateInput
}
input InternetFirewallUpdateRuleInput {
id: ID!
rule: InternetFirewallUpdateRuleDataInput!
}
"Enum for the type of time range a rule is active"
enum PolicyActiveOnEnum {
ALWAYS
CUSTOM_RECURRING
CUSTOM_TIMEFRAME
WORKING_HOURS
}
"Input for adding section info to a policy"
input PolicyAddSectionInfoInput {
name: String!
}
"Input for adding a section to a policy"
input PolicyAddSectionInput {
at: PolicySectionPositionInput!
section: PolicyAddSectionInfoInput!
}
type PolicyAudit {
publishedBy: String!
publishedTime: DateTime!
}
input PolicyCreateRevisionInput {
description: String! = ""
name: String!
}
"Returns data for a custom recurring time range that a rule is active"
type PolicyCustomRecurring {
days: [DayOfWeek!]!
from: Time!
to: Time!
}
"Input of data for a custom recurring time range that a rule is active"
input PolicyCustomRecurringInput {
days: [DayOfWeek!]! = []
from: Time!
to: Time!
}
"Input of data for a custom recurring time range that a rule is active"
input PolicyCustomRecurringUpdateInput {
days: [DayOfWeek!]
from: Time
to: Time
}
"Returns data for a custom one-time time range that a rule is active"
type PolicyCustomTimeframe {
from: DateTime!
to: DateTime!
}
"Input of data for a custom one-time time range that a rule is active"
input PolicyCustomTimeframeInput {
from: DateTime!
to: DateTime!
}
"Input of data for a custom one-time time range that a rule is active"
input PolicyCustomTimeframeUpdateInput {
from: DateTime
to: DateTime
}
"Discards unpublished revision for the policy and reverts to the settings for the published policy."
input PolicyDiscardRevisionInput {
id: ID
}
type PolicyElementAudit {
"The admin, or the API-key, that performed the last update"
updatedBy: String!
"The last date and time the rule was updated"
updatedTime: DateTime!
}
"Attributes describing the rule state or type"
enum PolicyElementPropertiesEnum {
"New (added) rule"
ADDED
"""
An object can not be moved, or referenced when moving other objects.
However its properties and content can be modified.
"""
ANCHORED
"A rule locked for changes by other admins"
LOCKED
"A rule moved to a different position"
MOVED
"Removed (deleted) rule"
REMOVED
"A pre-defined (system) rule that cannot be modified or removed"
SYSTEM
"Updated (modified) existing rule"
UPDATED
}
"Move the rule to a different position in the policy"
input PolicyMoveRuleInput {
id: ID!
to: PolicyRulePositionInput
}
"Input for moving a section within a policy"
input PolicyMoveSectionInput {
id: ID!
to: PolicySectionPositionInput
}
"Move the sub rule to a different position in the policy"
input PolicyMoveSubRuleInput {
id: ID!
to: PolicySubRulePositionInput!
}
"""
The `PolicyMutationError` enum defines various error messages related to policy publishing in the policy platform service.
## Policy Errors
### `ConcurrentPolicyPublish`
- **Error Message:** "Another policy is currently publishing"
### `PolicyRevisionMismatch`
- **Error Message:** "Revision is not owned by the admin"
### `PolicyRevisionNotFound`
- **Error Message:** "Revision was not found"
### `PolicyInvalidEntity`
- **Error Message:** "Invalid entity"
### `DuplicateRuleName`
- **Error Message:** "Rule with the same name already exists"
### `DuplicateSectionName`
- **Error Message:** "Section with the same name already exists"
### `PolicyFailure`
- **Error Message:** "Can’t publish policy due to an internal error. Please try again in a few minutes"
## Rule Errors
### `ruleIsLocked`
- **Error Message:** "Rule is locked by another revision"
### `ruleWasRemoved`
- **Error Message:** "Rule was already removed"
### `ruleNotExist`
- **Error Message:** "Rule does not exist"
### `ruleSectionNotExist`
- **Error Message:** "Section does not exist"
### `ruleSectionIsLocked`
- **Error Message:** "Section is locked by another revision"
### `rulePositionInvalid`
- **Error Message:** "Rule position is invalid"
### `ruleNameIsEmpty`
- **Error Message:** "Rule name can't be empty"
### `ruleNameAlreadyExists`
- **Error Message:** "Rule with the same name already exists"
### `ruleSystemModification`
- **Error Message:** "Can't modify a system rule"
### `ruleSystemMove`
- **Error Message:** "Can't add a rule above the system rules"
### `ruleHasInvalidEntity`
- **Error Message:** "Rule has an invalid entity"
### `failedValidatingRule`
- **Error Message:** "Something went wrong, couldn't validate rule"
## Section Errors
### `sectionIsLocked`
- **Error Message:** "Section is locked by another revision"
### `sectionSystemMove`
- **Error Message:** "Section with system rules cannot be moved or removed"
### `sectionNotExist`
- **Error Message:** "Section does not exist"
### `sectionPositionInvalid`
- **Error Message:** "Section position is invalid"
"""
type PolicyMutationError {
errorCode: String
errorMessage: String
}
input PolicyMutationRevisionInput {
id: ID
}
"Enum for the status of a policy mutation"
enum PolicyMutationStatus {
FAILURE
SUCCESS
}
"Policies that can be configured with mutation APIs."
type PolicyMutations {
appTenantRestriction(input: AppTenantRestrictionPolicyMutationInput): AppTenantRestrictionPolicyMutations
dynamicIpAllocation(input: DynamicIpAllocationPolicyMutationInput): DynamicIpAllocationPolicyMutations
internetFirewall(input: InternetFirewallPolicyMutationInput): InternetFirewallPolicyMutations
remotePortFwd(input: RemotePortFwdPolicyMutationInput): RemotePortFwdPolicyMutations
socketLan(input: SocketLanPolicyMutationInput): SocketLanPolicyMutations
wanFirewall(input: WanFirewallPolicyMutationInput): WanFirewallPolicyMutations
wanNetwork(input: WanNetworkPolicyMutationInput): WanNetworkPolicyMutations
}
"""
Published revision is the active policy
applied on the traffic.
In addition, when a policy is published, revision changes become visible
to other admins, and rules locked by the revision become unlocked
"""
input PolicyPublishRevisionInput {
description: String
name: String
}
"policies which configuration can be read with query APIs."
type PolicyQueries {
appTenantRestriction: AppTenantRestrictionPolicyQueries
dynamicIpAllocation: DynamicIpAllocationPolicyQueries
internetFirewall: InternetFirewallPolicyQueries
remotePortFwd: RemotePortFwdPolicyQueries
socketLan: SocketLanPolicyQueries
wanFirewall: WanFirewallPolicyQueries
wanNetwork: WanNetworkPolicyQueries
}
"Input for removing a section from a policy"
input PolicyRemoveSectionInput {
id: ID!
}
"Returns data about the policy revision, such as when the change was made, how many rules were changed, etc."
type PolicyRevision {
changes: Int!
createdTime: DateTime!
description: String!
id: ID!
name: String!
updatedTime: DateTime!
}
"Input for specifying a policy revision"
input PolicyRevisionInput {
id: ID
type: PolicyRevisionType = PRIVATE
}
"Enum for the type of a policy revision"
enum PolicyRevisionType {
PRIVATE
PUBLIC
}
"Returns data for publishing the policy"
type PolicyRevisionsPayload {
revision: [PolicyRevision!]!
}
"Enum for the position of a rule within a policy"
enum PolicyRulePositionEnum {
"The rule position is after the pre-existing specified rule"
AFTER_RULE
"The rule position is before the pre-existing specified rule"
BEFORE_RULE
"The rule position is immediately after the system rules (first non-system rule)"
FIRST_IN_POLICY
"The rule position is first in the specified section"
FIRST_IN_SECTION
"The rule position is last in the policy"
LAST_IN_POLICY
"The rule position is last in the specified section"
LAST_IN_SECTION
}
"Parameters required to define the rule position"
input PolicyRulePositionInput {
"Position relative to a policy, a section or another rule"
position: PolicyRulePositionEnum
"The identifier of the object (e.g. a rule, a section) relative to which the position of the added rule is defined"
ref: ID
}
"Returns data for the alert settings for the rule"
type PolicyRuleTrackingAlert {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean!
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum!
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRef!]!
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRef!]!
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRef!]!
}
"Input of data for the alert settings for the rule"
input PolicyRuleTrackingAlertInput {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean! = false
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum! = HOURLY
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRefInput!]! = []
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRefInput!]! = []
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRefInput!]! = []
}
"Input of data for the alert settings for the rule"
input PolicyRuleTrackingAlertUpdateInput {
"TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched"
enabled: Boolean
"Returns data for the alert frequency"
frequency: PolicyRuleTrackingFrequencyEnum
"Returns data for the Mailing List that receives the alert"
mailingList: [SubscriptionMailingListRefInput!]
"Returns data for the Subscription Group that receives the alert"
subscriptionGroup: [SubscriptionGroupRefInput!]
"Returns data for the Webhook that receives the alert"
webhook: [SubscriptionWebhookRefInput!]
}
"Returns data if an alert is sent for a rule"
type PolicyRuleTrackingEvent {
enabled: Boolean!
}
"Input of data if an alert is sent for a rule"
input PolicyRuleTrackingEventInput {
enabled: Boolean! = false
}
"Input of data if an alert is sent for a rule"
input PolicyRuleTrackingEventUpdateInput {
enabled: Boolean
}
"Enum for the frequency of an alert event for a rule"
enum PolicyRuleTrackingFrequencyEnum {
DAILY
HOURLY
IMMEDIATE
WEEKLY
}
type PolicySchedule {
activeOn: PolicyActiveOnEnum!
customRecurring: PolicyCustomRecurring
customTimeframe: PolicyCustomTimeframe
}
input PolicyScheduleInput {
activeOn: PolicyActiveOnEnum! = ALWAYS
customRecurring: PolicyCustomRecurringInput
customTimeframe: PolicyCustomTimeframeInput
}
input PolicyScheduleUpdateInput {
activeOn: PolicyActiveOnEnum
customRecurring: PolicyCustomRecurringUpdateInput
customTimeframe: PolicyCustomTimeframeUpdateInput
}
"Define settings for a policy section"
type PolicySectionInfo {
id: ID!
name: String!
}
type PolicySectionMutationPayload {
errors: [PolicyMutationError!]!
section: PolicySectionPayload
status: PolicyMutationStatus!
}
type PolicySectionPayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
section: PolicySectionInfo!
}
enum PolicySectionPositionEnum {
AFTER_SECTION
BEFORE_SECTION
LAST_IN_POLICY
}
input PolicySectionPositionInput {
position: PolicySectionPositionEnum!
ref: ID
}
"Enum for the position of a rule within a policy"
enum PolicySubRulePositionEnum {
"The rule position is after the pre-existing specified rule"
AFTER_SUB_RULE
"The rule position is before the pre-existing specified rule"
BEFORE_SUB_RULE
"The rule position is first in the specified rule"
FIRST_IN_RULE
"The rule position is last in the specified rule"
LAST_IN_RULE
}
"Parameters required to define the rule position"
input PolicySubRulePositionInput {
"Position relative to a policy, a section or another rule"
position: PolicySubRulePositionEnum!
"The identifier of the sub-rule relative to which the position of the added rule is defined"
ref: ID!
}
"Enum for the state of a policy"
enum PolicyToggleState {
DISABLED
ENABLED
}
type PolicyTracking {
alert: PolicyRuleTrackingAlert!
event: PolicyRuleTrackingEvent!
}
input PolicyTrackingInput {
alert: PolicyRuleTrackingAlertInput! = {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}
event: PolicyRuleTrackingEventInput! = {enabled: false}
}
input PolicyTrackingUpdateInput {
alert: PolicyRuleTrackingAlertUpdateInput
event: PolicyRuleTrackingEventUpdateInput
}
input PolicyUpdateSectionInfoInput {
name: String
}
input PolicyUpdateSectionInput {
id: ID!
section: PolicyUpdateSectionInfoInput!
}
"inclusive network port range"
input PortRangeUpdateInput {
from: Port
to: Port
}
input RemotePortFwdAddRuleDataInput {
description: String! = ""
enabled: Boolean!
externalIp: AllocatedIpRefInput!
externalPortRange: PortRangeInput!
forwardIcmp: Boolean! = false
internalIp: IPAddress!
internalPortRange: PortRangeInput!
name: String!
remoteIPs: RemotePortFwdRemoteIpsInput! = {ip: [], ipRange: [], subnet: [], globalIpRange: []}
restrictionType: RemotePortFwdRestrictionType! = ALLOW_LIST
tracking: PolicyRuleTrackingAlertInput! = {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}
}
"Rule parameters and relevant position"
input RemotePortFwdAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: RemotePortFwdAddRuleDataInput!
}
type RemotePortFwdPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [RemotePortFwdRulePayload!]!
sections: [PolicySectionPayload!]!
}
input RemotePortFwdPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input RemotePortFwdPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Remote port forwarding policy information provided in the API response"
type RemotePortFwdPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: RemotePortFwdPolicy
status: PolicyMutationStatus!
}
"The Remote Port Forwarding Policy information returned to the caller in the API response."
type RemotePortFwdPolicyMutations {
"Add a new port forwarding rule to enable remote access to internal services."
addRule(input: RemotePortFwdAddRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
"Create a new empty policy revision for port forwarding rules."
createPolicyRevision(input: PolicyCreateRevisionInput!): RemotePortFwdPolicyMutationPayload! @beta
"Discard the policy revision. All changes in this revision are discarded and the revision is deleted."
discardPolicyRevision(input: PolicyDiscardRevisionInput): RemotePortFwdPolicyMutationPayload! @beta
"Change the priority/position of an existing port forwarding rule."
moveRule(input: PolicyMoveRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
"Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins."
publishPolicyRevision(input: PolicyPublishRevisionInput): RemotePortFwdPolicyMutationPayload! @beta
"Remove an existing port forwarding rule from the policy."
removeRule(input: RemotePortFwdRemoveRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing."
updatePolicy(input: RemotePortFwdPolicyUpdateInput!): RemotePortFwdPolicyMutationPayload! @beta
"Update an existing port forwarding rule configuration."
updateRule(input: RemotePortFwdUpdateRuleInput!): RemotePortFwdRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type RemotePortFwdPolicyQueries {
policy(input: RemotePortFwdPolicyInput): RemotePortFwdPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input RemotePortFwdPolicyUpdateInput {
state: PolicyToggleState
}
type RemotePortFwdRemoteIps {
globalIpRange: [GlobalIpRangeRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
input RemotePortFwdRemoteIpsInput {
globalIpRange: [GlobalIpRangeRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
subnet: [NetworkSubnet!]! = []
}
input RemotePortFwdRemoteIpsUpdateInput {
globalIpRange: [GlobalIpRangeRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
input RemotePortFwdRemoveRuleInput {
id: ID!
}
enum RemotePortFwdRestrictionType {
ALLOW_LIST
BLOCK_LIST
}
type RemotePortFwdRule implements IPolicyRule {
"Description for the rule"
description: String!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
externalIp: AllocatedIpRef!
externalPortRange: PortRange!
forwardIcmp: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
internalIp: IPAddress!
internalPortRange: PortRange!
"Name of the rule"
name: String!
remoteIPs: RemotePortFwdRemoteIps!
restrictionType: RemotePortFwdRestrictionType!
"Policy section where the rule is located"
section: PolicySectionInfo!
tracking: PolicyRuleTrackingAlert!
}
type RemotePortFwdRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: RemotePortFwdRulePayload
status: PolicyMutationStatus!
}
type RemotePortFwdRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: RemotePortFwdRule!
}
input RemotePortFwdUpdateRuleDataInput {
description: String
enabled: Boolean
externalIp: AllocatedIpRefInput
externalPortRange: PortRangeUpdateInput
forwardIcmp: Boolean
internalIp: IPAddress
internalPortRange: PortRangeUpdateInput
name: String
remoteIPs: RemotePortFwdRemoteIpsUpdateInput
restrictionType: RemotePortFwdRestrictionType
tracking: PolicyRuleTrackingAlertUpdateInput
}
input RemotePortFwdUpdateRuleInput {
id: ID!
rule: RemotePortFwdUpdateRuleDataInput!
}
input SocketLanAddRuleDataInput {
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestinationInput! = {vlan: [], ipRange: [], subnet: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], group: [], floatingSubnet: [], siteNetworkSubnet: []}
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection! = TO
enabled: Boolean!
name: String!
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettingsInput! = {enabled: false, natType: DYNAMIC_PAT}
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanServiceInput! = {simple: [], custom: []}
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSiteInput! = {site: [], group: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSourceInput! = {vlan: [], ipRange: [], group: [], subnet: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], floatingSubnet: [], siteNetworkSubnet: []}
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType! = WAN
}
input SocketLanAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: SocketLanAddRuleDataInput!
}
"Returns the settings for Destination of a Wan Firewall rule."
type SocketLanDestination {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
vlan: [Vlan!]!
}
"Input of the settings for Destination of a Wan Firewall rule."
input SocketLanDestinationInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
vlan: [Vlan!]! = []
}
"Input of the settings for Destination of a Wan Firewall rule."
input SocketLanDestinationUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
vlan: [Vlan!]
}
enum SocketLanDirection {
"Specifies two-way direction."
BOTH
"Specifies one-way direction."
TO
}
enum SocketLanFirewallAction {
ALLOW
BLOCK
}
input SocketLanFirewallAddRuleDataInput {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction! = ALLOW
"Application traffic matching criteria."
application: SocketLanFirewallApplicationInput! = {application: [], customApp: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
description: String! = ""
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestinationInput! = {vlan: [], ipRange: [], subnet: [], site: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], group: [], floatingSubnet: [], siteNetworkSubnet: []}
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection! = TO
enabled: Boolean!
name: String!
"Service traffic matching criteria."
service: SocketLanFirewallServiceTypeInput! = {simple: [], standard: [], custom: []}
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSourceInput! = {vlan: [], mac: [], ipRange: [], group: [], subnet: [], site: [], networkInterface: [], systemGroup: [], host: [], ip: [], globalIpRange: [], floatingSubnet: [], siteNetworkSubnet: []}
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
input SocketLanFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicySubRulePositionInput
"Parameters for the rule you are adding"
rule: SocketLanFirewallAddRuleDataInput!
}
"Defines applications for the socket LAN firewall."
type SocketLanFirewallApplication {
"Applications matching criteria for this rule."
application: [ApplicationRef!]!
"Custom applications that can be matched by"
customApp: [CustomApplicationRef!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
globalIpRange: [GlobalIpRangeRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
subnet: [NetworkSubnet!]!
}
"Defines applications for the socket LAN firewall."
input SocketLanFirewallApplicationInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]! = []
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
subnet: [NetworkSubnet!]! = []
}
"Defines applications for the socket LAN firewall."
input SocketLanFirewallApplicationUpdateInput {
"Applications matching criteria for this rule."
application: [ApplicationRefInput!]
"Custom applications that can be matched by"
customApp: [CustomApplicationRefInput!]
domain: [Domain!]
fqdn: [Fqdn!]
globalIpRange: [GlobalIpRangeRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
subnet: [NetworkSubnet!]
}
"Defines destinations for the socket LAN firewall."
type SocketLanFirewallDestination {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Sites defined for your account."
site: [SiteRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]!
"Predefined system groups in your account."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines destinations for the socket LAN firewall."
input SocketLanFirewallDestinationInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Sites defined for your account."
site: [SiteRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]! = []
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines destinations for the socket LAN firewall."
input SocketLanFirewallDestinationUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Sites defined for your account."
site: [SiteRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets to which traffic is directed."
subnet: [NetworkSubnet!]
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
enum SocketLanFirewallDirection {
"Specifies two-way direction."
BOTH
"Specifies one-way direction."
TO
}
type SocketLanFirewallPolicyMutations {
addRule(input: SocketLanFirewallAddRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
moveRule(input: PolicyMoveSubRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
removeRule(input: SocketLanFirewallRemoveRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
updateRule(input: SocketLanFirewallUpdateRuleInput!): SocketLanFirewallRuleMutationPayload! @beta
}
input SocketLanFirewallRemoveRuleInput {
id: ID!
}
type SocketLanFirewallRule implements IPolicyRule {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction!
"Application traffic matching criteria."
application: SocketLanFirewallApplication!
"Description for the rule"
description: String!
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestination!
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Service traffic matching criteria."
service: SocketLanFirewallServiceType!
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSource!
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTracking!
}
type SocketLanFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketLanFirewallRulePayload
status: PolicyMutationStatus!
}
type SocketLanFirewallRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketLanFirewallRule!
}
"Defines services used in the socket LAN firewall."
type SocketLanFirewallServiceType {
"Custom services defined for this rule."
custom: [CustomService!]!
"Simple services allowed by the firewall rule."
simple: [SimpleService!]!
"Standard services allowed by the firewall rule."
standard: [ServiceRef!]!
}
"Defines services used in the socket LAN firewall."
input SocketLanFirewallServiceTypeInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]! = []
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]! = []
"Standard services allowed by the firewall rule."
standard: [ServiceRefInput!]! = []
}
"Defines services used in the socket LAN firewall."
input SocketLanFirewallServiceTypeUpdateInput {
"Custom services defined for this rule."
custom: [CustomServiceInput!]
"Simple services allowed by the firewall rule."
simple: [SimpleServiceInput!]
"Standard services allowed by the firewall rule."
standard: [ServiceRefInput!]
}
"Defines sources for the socket LAN firewall."
type SocketLanFirewallSource {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRef!]!
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account."
group: [GroupRef!]!
"Hosts and servers defined for your account."
host: [HostRef!]!
"IPv4 addresses."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"MAC addresses of devices matching criteria."
mac: [MacAddress!]!
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRef!]!
"Sites defined for your account."
site: [SiteRef!]!
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]!
"Predefined system groups in your account."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the socket LAN firewall."
input SocketLanFirewallSourceInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account."
host: [HostRefInput!]! = []
"IPv4 addresses."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"MAC addresses of devices matching criteria."
mac: [MacAddress!]! = []
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"Sites defined for your account."
site: [SiteRefInput!]! = []
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]! = []
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the socket LAN firewall."
input SocketLanFirewallSourceUpdateInput {
"Floating subnets used to identify traffic based on specific criteria."
floatingSubnet: [FloatingSubnetRefInput!]
"Global IP ranges defined for your account."
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account."
group: [GroupRefInput!]
"Hosts and servers defined for your account."
host: [HostRefInput!]
"IPv4 addresses."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"MAC addresses of devices matching criteria."
mac: [MacAddress!]
"Network interfaces defined for your site."
networkInterface: [NetworkInterfaceRefInput!]
"Sites defined for your account."
site: [SiteRefInput!]
"Subnets specific to a site defined for your account."
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets from which traffic originates."
subnet: [NetworkSubnet!]
"Predefined system groups in your account."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
input SocketLanFirewallUpdateRuleDataInput {
"Action to take when the rule is matched (ALLOW or BLOCK)."
action: SocketLanFirewallAction
"Application traffic matching criteria."
application: SocketLanFirewallApplicationUpdateInput
description: String
"""
Defines destinations for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
destination: SocketLanFirewallDestinationUpdateInput
"Direction of the traffic (TO or BOTH)."
direction: SocketLanFirewallDirection
enabled: Boolean
name: String
"Service traffic matching criteria."
service: SocketLanFirewallServiceTypeUpdateInput
"""
Defines sources for the socket LAN firewall.
Also, inherited by Network Rule above.
"""
source: SocketLanFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications."
tracking: PolicyTrackingUpdateInput
}
input SocketLanFirewallUpdateRuleInput {
id: ID!
rule: SocketLanFirewallUpdateRuleDataInput!
}
"Defines NAT settings for the socket LAN policy."
type SocketLanNatSettings {
"Indicates if NAT is enabled."
enabled: Boolean!
natType: SocketLanNatType!
}
"Defines NAT settings for the socket LAN policy."
input SocketLanNatSettingsInput {
"Indicates if NAT is enabled."
enabled: Boolean! = false
natType: SocketLanNatType! = DYNAMIC_PAT
}
"Defines NAT settings for the socket LAN policy."
input SocketLanNatSettingsUpdateInput {
"Indicates if NAT is enabled."
enabled: Boolean
natType: SocketLanNatType
}
enum SocketLanNatType {
DYNAMIC_PAT
}
type SocketLanPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [SocketLanRulePayload!]!
sections: [PolicySectionPayload!]!
}
input SocketLanPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input SocketLanPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type SocketLanPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: SocketLanPolicy
status: PolicyMutationStatus!
}
type SocketLanPolicyMutations {
addRule(input: SocketLanAddRuleInput!): SocketLanRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): SocketLanPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): SocketLanPolicyMutationPayload! @beta
firewall: SocketLanFirewallPolicyMutations!
moveRule(input: PolicyMoveRuleInput!): SocketLanRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): SocketLanPolicyMutationPayload! @beta
removeRule(input: SocketLanRemoveRuleInput!): SocketLanRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: SocketLanPolicyUpdateInput!): SocketLanPolicyMutationPayload! @beta
updateRule(input: SocketLanUpdateRuleInput!): SocketLanRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type SocketLanPolicyQueries {
policy(input: SocketLanPolicyInput): SocketLanPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input SocketLanPolicyUpdateInput {
state: PolicyToggleState
}
input SocketLanRemoveRuleInput {
id: ID!
}
type SocketLanRule implements IPolicyRule {
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestination!
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
firewall: [SocketLanFirewallRulePayload!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettings!
"Policy section where the rule is located"
section: PolicySectionInfo!
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanService!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSite!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSource!
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType!
}
type SocketLanRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: SocketLanRulePayload
status: PolicyMutationStatus!
}
type SocketLanRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: SocketLanRule!
}
"Defines services used in the socket LAN policy."
type SocketLanService {
"Custom Port/Protocol service."
custom: [CustomService!]!
"List of L4 based services."
simple: [SimpleService!]!
}
"Defines services used in the socket LAN policy."
input SocketLanServiceInput {
"Custom Port/Protocol service."
custom: [CustomServiceInput!]! = []
"List of L4 based services."
simple: [SimpleServiceInput!]! = []
}
"Defines services used in the socket LAN policy."
input SocketLanServiceUpdateInput {
"Custom Port/Protocol service."
custom: [CustomServiceInput!]
"List of L4 based services."
simple: [SimpleServiceInput!]
}
"Represents the site configurations in the socket LAN policy."
type SocketLanSite {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRef!]!
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRef!]!
}
"Represents the site configurations in the socket LAN policy."
input SocketLanSiteInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRefInput!]! = []
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRefInput!]! = []
}
"Represents the site configurations in the socket LAN policy."
input SocketLanSiteUpdateInput {
"""
The group of sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
group: [GroupRefInput!]
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: [SiteRefInput!]
}
"Defines sources for the socket LAN policy."
type SocketLanSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRef!]!
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRef!]!
"Hosts and servers defined for your under Socket sites."
host: [HostRef!]!
"IP address."
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRange!]!
"Network range defined for a site."
networkInterface: [NetworkInterfaceRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]!
"Predefined Cato groups."
systemGroup: [SystemGroupRef!]!
"VLAN ID matching criteria."
vlan: [Vlan!]!
}
"Defines sources for the socket LAN policy."
input SocketLanSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRefInput!]! = []
"Hosts and servers defined for your under Socket sites."
host: [HostRefInput!]! = []
"IP address."
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site."
networkInterface: [NetworkInterfaceRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups."
systemGroup: [SystemGroupRefInput!]! = []
"VLAN ID matching criteria."
vlan: [Vlan!]! = []
}
"Defines sources for the socket LAN policy."
input SocketLanSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects."
globalIpRange: [GlobalIpRangeRefInput!]
"Predefined Cato groups, Socket sites/objects only."
group: [GroupRefInput!]
"Hosts and servers defined for your under Socket sites."
host: [HostRefInput!]
"IP address."
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range."
ipRange: [IpAddressRangeInput!]
"Network range defined for a site."
networkInterface: [NetworkInterfaceRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site."
subnet: [NetworkSubnet!]
"Predefined Cato groups."
systemGroup: [SystemGroupRefInput!]
"VLAN ID matching criteria."
vlan: [Vlan!]
}
enum SocketLanTransportType {
"Specifies LAN transport type, routed locally for inspection of LAN Firewall."
LAN
"Specifies WAN transport type, send to the PoP for inspection of WAN Firewall."
WAN
}
input SocketLanUpdateRuleDataInput {
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: SocketLanDestinationUpdateInput
"Direction of the traffic initiator matching criteria. "
direction: SocketLanDirection
enabled: Boolean
name: String
"Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP."
nat: SocketLanNatSettingsUpdateInput
"Destination service matching criteria for the rule. Port/Protocol based."
service: SocketLanServiceUpdateInput
"""
The sites the policy will be enforced on.
Socket sites only, with Socket v22 onwards.
"""
site: SocketLanSiteUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: SocketLanSourceUpdateInput
"""
The transport of the matching traffic.
Either govern traffic to be routed locally (LAN), or to the PoP(WAN).
Traffic is send to the WAN by default.
Traffic routed in the LAN, enforced by the LAN Firewall rules.
"""
transport: SocketLanTransportType
}
input SocketLanUpdateRuleInput {
id: ID!
rule: SocketLanUpdateRuleDataInput!
}
enum WanFirewallActionEnum {
"Allow the network traffic to pass through the firewall."
ALLOW
"Deny the network traffic from passing through the firewall."
BLOCK
"Requests user confirmation to allow or block network traffic."
PROMPT
}
input WanFirewallAddRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum! = BLOCK
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], sanctionedAppsCategory: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum! = ANY
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]! = []
description: String! = ""
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestinationInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]! = []
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]! = []
direction: WanFirewallDirectionEnum! = TO
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleExceptionInput!]! = []
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleInput! = {activeOn: ALWAYS}
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceTypeInput! = {standard: [], custom: []}
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSourceInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingInput! = {event: {enabled: false}, alert: {enabled: false, frequency: HOURLY, subscriptionGroup: [], webhook: [], mailingList: []}}
}
"Rule parameters and relevant position"
input WanFirewallAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: WanFirewallAddRuleDataInput!
}
"Application match criteria set"
type WanFirewallApplication {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRef!]!
"Applications for the rule (pre-defined)"
application: [ApplicationRef!]!
"Custom (user-defined) applications"
customApp: [CustomApplicationRef!]!
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRef!]!
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]!
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"IPv4 addresses"
ip: [IPAddress!]!
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRange!]!
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
}
"Application match criteria set"
input WanFirewallApplicationInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]! = []
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]! = []
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]! = []
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]! = []
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]! = []
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"IPv4 addresses"
ip: [IPAddress!]! = []
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]! = []
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
}
"Application match criteria set"
input WanFirewallApplicationUpdateInput {
"Cato category of applications which are dynamically updated by Cato"
appCategory: [ApplicationCategoryRefInput!]
"Applications for the rule (pre-defined)"
application: [ApplicationRefInput!]
"Custom (user-defined) applications"
customApp: [CustomApplicationRefInput!]
"Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc."
customCategory: [CustomCategoryRefInput!]
"""
A Second-Level Domain (SLD).
It matches all Top-Level Domains (TLD), and subdomains that include the Domain.
Example: example.com.
"""
domain: [Domain!]
"An exact match of the fully qualified domain (FQDN). Example: www.my.example.com."
fqdn: [Fqdn!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"IPv4 addresses"
ip: [IPAddress!]
"A range of IPs. Every IP within the range will be matched"
ipRange: [IpAddressRangeInput!]
"Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization."
sanctionedAppsCategory: [SanctionedAppsCategoryRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
}
"Returns the settings for Destination of a Wan Firewall rule"
type WanFirewallDestination {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallDestinationInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallDestinationUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
enum WanFirewallDirectionEnum {
BOTH
TO
}
type WanFirewallPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [WanFirewallRulePayload!]!
sections: [PolicySectionPayload!]!
}
input WanFirewallPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input WanFirewallPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
"Wan Firewall policy information provided in the API response"
type WanFirewallPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanFirewallPolicy
status: PolicyMutationStatus!
}
"The Wan Firewall Policy information returned to the caller in the API response."
type WanFirewallPolicyMutations {
"Add a new rule to the Wan Firewall policy."
addRule(input: WanFirewallAddRuleInput!): WanFirewallRuleMutationPayload! @beta
"""
Add a new section to the policy.
First section behaves as follows:
When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it.
The first section containing the default system rules can be modified but not deleted.
The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
"""
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): WanFirewallPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): WanFirewallPolicyMutationPayload! @beta
"Change the relative location of an existing rule within the Wan Firewall policy."
moveRule(input: PolicyMoveRuleInput!): WanFirewallRuleMutationPayload! @beta
"""
Move a section to a new position within the policy.
The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
"""
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): WanFirewallPolicyMutationPayload! @beta
"Remove an existing rule from the Wan Firewall policy."
removeRule(input: WanFirewallRemoveRuleInput!): WanFirewallRuleMutationPayload! @beta
"Delete an existing section. The first section in policy cannot be deleted."
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
"""
Change the state of the policy, e.g. enable or disable the policy.
Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
"""
updatePolicy(input: WanFirewallPolicyUpdateInput!): WanFirewallPolicyMutationPayload! @beta
"Update an existing rule of the Wan Firewall policy."
updateRule(input: WanFirewallUpdateRuleInput!): WanFirewallRuleMutationPayload! @beta
"Update policy section attributes"
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type WanFirewallPolicyQueries {
policy(input: WanFirewallPolicyInput): WanFirewallPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input WanFirewallPolicyUpdateInput {
state: PolicyToggleState
}
input WanFirewallRemoveRuleInput {
id: ID!
}
type WanFirewallRule implements IPolicyRule {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum!
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplication!
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum!
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRef!]!
"Description for the rule"
description: String!
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestination!
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRef!]!
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributes!
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]!
direction: WanFirewallDirectionEnum!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicySchedule!
"Policy section where the rule is located"
section: PolicySectionInfo!
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceType!
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSource!
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTracking!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
type WanFirewallRuleException {
"Application matching criteria for the exception."
application: WanFirewallApplication!
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum!
"Source country matching criteria for the exception."
country: [CountryRef!]!
"Destination matching criteria for the exception."
destination: WanFirewallDestination!
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRef!]!
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributes!
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]!
"Direction origin matching criteria for the exception"
direction: WanFirewallDirectionEnum!
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: WanFirewallServiceType!
"Source matching criteria for the exception."
source: WanFirewallSource!
}
"Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules."
input WanFirewallRuleExceptionInput {
"Application matching criteria for the exception."
application: WanFirewallApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], sanctionedAppsCategory: [], domain: [], fqdn: [], ip: [], subnet: [], ipRange: [], globalIpRange: []}
"Connection origin matching criteria for the exception."
connectionOrigin: ConnectionOriginEnum! = ANY
"Source country matching criteria for the exception."
country: [CountryRefInput!]! = []
"Destination matching criteria for the exception."
destination: WanFirewallDestinationInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
"Source Device Profile matching criteria for the exception."
device: [DeviceProfileRefInput!]! = []
"Source Device Attributes matching criteria for the exception."
deviceAttributes: DeviceAttributesInput! = {category: [], type: [], model: [], manufacturer: [], os: [], osVersion: []}
"Source device OS matching criteria for the exception."
deviceOS: [OperatingSystem!]! = []
"Direction origin matching criteria for the exception"
direction: WanFirewallDirectionEnum! = TO
"A unique name of the rule exception."
name: String!
"Destination service matching criteria for the exception."
service: WanFirewallServiceTypeInput! = {standard: [], custom: []}
"Source matching criteria for the exception."
source: WanFirewallSourceInput! = {host: [], site: [], subnet: [], ip: [], ipRange: [], globalIpRange: [], networkInterface: [], siteNetworkSubnet: [], floatingSubnet: [], user: [], usersGroup: [], group: [], systemGroup: []}
}
type WanFirewallRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: WanFirewallRulePayload
status: PolicyMutationStatus!
}
"Wan Firewall policy information for a specific revision"
type WanFirewallRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: WanFirewallRule!
}
"Returns the Service Type to which this Wan Firewall rule applies"
type WanFirewallServiceType {
custom: [CustomService!]!
standard: [ServiceRef!]!
}
"Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input WanFirewallServiceTypeInput {
custom: [CustomServiceInput!]! = []
standard: [ServiceRefInput!]! = []
}
"Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)"
input WanFirewallServiceTypeUpdateInput {
custom: [CustomServiceInput!]
standard: [ServiceRefInput!]
}
"Returns the settings for Source of an Wan Firewall rule"
type WanFirewallSource {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRef!]!
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRef!]!
"Groups defined for your account"
group: [GroupRef!]!
"Hosts and servers defined for your account"
host: [HostRef!]!
"IPv4 address"
ip: [IPAddress!]!
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRange!]!
"Network range defined for a site"
networkInterface: [NetworkInterfaceRef!]!
"Site defined for the account"
site: [SiteRef!]!
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]!
"Predefined Cato groups"
systemGroup: [SystemGroupRef!]!
"Individual users defined for the account"
user: [UserRef!]!
"Group of users"
usersGroup: [UsersGroupRef!]!
}
"Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallSourceInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]! = []
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]! = []
"Groups defined for your account"
group: [GroupRefInput!]! = []
"Hosts and servers defined for your account"
host: [HostRefInput!]! = []
"IPv4 address"
ip: [IPAddress!]! = []
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]! = []
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]! = []
"Site defined for the account"
site: [SiteRefInput!]! = []
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]! = []
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]! = []
"Individual users defined for the account"
user: [UserRefInput!]! = []
"Group of users"
usersGroup: [UsersGroupRefInput!]! = []
}
"Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)"
input WanFirewallSourceUpdateInput {
"""
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP.
They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
floatingSubnet: [FloatingSubnetRefInput!]
"Globally defined IP range, IP and subnet objects"
globalIpRange: [GlobalIpRangeRefInput!]
"Groups defined for your account"
group: [GroupRefInput!]
"Hosts and servers defined for your account"
host: [HostRefInput!]
"IPv4 address"
ip: [IPAddress!]
"Multiple separate IP addresses or an IP range"
ipRange: [IpAddressRangeInput!]
"Network range defined for a site"
networkInterface: [NetworkInterfaceRefInput!]
"Site defined for the account"
site: [SiteRefInput!]
"GlobalRange + InterfaceSubnet"
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
"Subnets and network ranges defined for the LAN interfaces of a site"
subnet: [NetworkSubnet!]
"Predefined Cato groups"
systemGroup: [SystemGroupRefInput!]
"Individual users defined for the account"
user: [UserRefInput!]
"Group of users"
usersGroup: [UsersGroupRefInput!]
}
input WanFirewallUpdateRuleDataInput {
"The action applied by the Internet Firewall if the rule is matched"
action: WanFirewallActionEnum
"""
Application traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
application: WanFirewallApplicationUpdateInput
"Connection origin of the traffic"
connectionOrigin: ConnectionOriginEnum
"""
Source country traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
country: [CountryRefInput!]
description: String
"""
Destination traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
destination: WanFirewallDestinationUpdateInput
"""
Source Device Profile traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
device: [DeviceProfileRefInput!]
"""
Additional device attributes such as category, type, model, and manufacturer.
Logical 'OR' is applied within the criteria set.
Logical 'AND' is applied between criteria sets.
"""
deviceAttributes: DeviceAttributesUpdateInput
"""
Source device Operating System traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
deviceOS: [OperatingSystem!]
direction: WanFirewallDirectionEnum
enabled: Boolean
"""
The set of exceptions for the rule.
Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules.
"""
exceptions: [WanFirewallRuleExceptionInput!]
name: String
"The time period specifying when the rule is enabled, otherwise it is disabled."
schedule: PolicyScheduleUpdateInput
"""
Destination service traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
service: WanFirewallServiceTypeUpdateInput
"""
Source traffic matching criteria.
Logical ‘OR’ is applied within the criteria set.
Logical ‘AND’ is applied between criteria sets.
"""
source: WanFirewallSourceUpdateInput
"Tracking information when the rule is matched, such as events and notifications"
tracking: PolicyTrackingUpdateInput
}
input WanFirewallUpdateRuleInput {
id: ID!
rule: WanFirewallUpdateRuleDataInput!
}
input WanNetworkAddRuleDataInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], customServiceIp: [], customService: [], domain: [], fqdn: [], service: []}
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRefInput!
"The configuration of the rule."
configuration: WanNetworkRuleConfigurationInput! = {activeTcpAcceleration: false, packetLossMitigation: false, preserveSourcePort: false, primaryTransport: {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}, secondaryTransport: {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}, allocationIp: [], popLocation: [], backhaulingSite: []}
description: String! = ""
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
enabled: Boolean!
"Exceptions to the rule."
exceptions: [WanNetworkRuleExceptionInput!]! = []
name: String!
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType! = NONE
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType! = WAN
"The source of the traffic for the rule."
source: WanNetworkRuleSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
}
input WanNetworkAddRuleInput {
"Position of the rule in the policy"
at: PolicyRulePositionInput
"Parameters for the rule you are adding"
rule: WanNetworkAddRuleDataInput!
}
type WanNetworkPolicy implements IPolicy {
audit: PolicyAudit
enabled: Boolean!
revision: PolicyRevision
rules: [WanNetworkRulePayload!]!
sections: [PolicySectionPayload!]!
}
input WanNetworkPolicyInput {
"""
A revision is a specific instance of the policy.
Unpublished revisions are working copies of the policy available to a specific
admin or a set of admins
Published revisions are revisions that were applied to the account network.
The last published revision is the active policy.
"""
revision: PolicyRevisionInput
}
input WanNetworkPolicyMutationInput {
revision: PolicyMutationRevisionInput
}
type WanNetworkPolicyMutationPayload implements IPolicyMutationPayload {
errors: [PolicyMutationError!]!
policy: WanNetworkPolicy
status: PolicyMutationStatus!
}
type WanNetworkPolicyMutations {
addRule(input: WanNetworkAddRuleInput!): WanNetworkRuleMutationPayload! @beta
addSection(input: PolicyAddSectionInput!): PolicySectionMutationPayload! @beta
createPolicyRevision(input: PolicyCreateRevisionInput!): WanNetworkPolicyMutationPayload! @beta
discardPolicyRevision(input: PolicyDiscardRevisionInput): WanNetworkPolicyMutationPayload! @beta
moveRule(input: PolicyMoveRuleInput!): WanNetworkRuleMutationPayload! @beta
moveSection(input: PolicyMoveSectionInput!): PolicySectionMutationPayload! @beta
publishPolicyRevision(input: PolicyPublishRevisionInput): WanNetworkPolicyMutationPayload! @beta
removeRule(input: WanNetworkRemoveRuleInput!): WanNetworkRuleMutationPayload! @beta
removeSection(input: PolicyRemoveSectionInput!): PolicySectionMutationPayload! @beta
updatePolicy(input: WanNetworkPolicyUpdateInput!): WanNetworkPolicyMutationPayload! @beta
updateRule(input: WanNetworkUpdateRuleInput!): WanNetworkRuleMutationPayload! @beta
updateSection(input: PolicyUpdateSectionInput!): PolicySectionMutationPayload! @beta
}
type WanNetworkPolicyQueries {
policy(input: WanNetworkPolicyInput): WanNetworkPolicy! @beta
revisions: PolicyRevisionsPayload @beta
}
input WanNetworkPolicyUpdateInput {
state: PolicyToggleState
}
input WanNetworkRemoveRuleInput {
id: ID!
}
type WanNetworkRule implements IPolicyRule {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplication!
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRef!
"The configuration of the rule."
configuration: WanNetworkRuleConfiguration!
"Description for the rule"
description: String!
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestination!
"""
TRUE = Rule is enabled
FALSE = Rule is disabled
"""
enabled: Boolean!
"Exceptions to the rule."
exceptions: [WanNetworkRuleException!]!
"Rule ID"
id: ID!
"Position / priority of rule"
index: Int!
"Name of the rule"
name: String!
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType!
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType!
"Policy section where the rule is located"
section: PolicySectionInfo!
"The source of the traffic for the rule."
source: WanNetworkRuleSource!
}
type WanNetworkRuleApplication {
appCategory: [ApplicationCategoryRef!]!
application: [ApplicationRef!]!
customApp: [CustomApplicationRef!]!
customCategory: [CustomCategoryRef!]!
customService: [CustomService!]!
customServiceIp: [CustomServiceIp!]!
domain: [Domain!]!
fqdn: [Fqdn!]!
service: [ServiceRef!]!
}
input WanNetworkRuleApplicationInput {
appCategory: [ApplicationCategoryRefInput!]! = []
application: [ApplicationRefInput!]! = []
customApp: [CustomApplicationRefInput!]! = []
customCategory: [CustomCategoryRefInput!]! = []
customService: [CustomServiceInput!]! = []
customServiceIp: [CustomServiceIpInput!]! = []
domain: [Domain!]! = []
fqdn: [Fqdn!]! = []
service: [ServiceRefInput!]! = []
}
input WanNetworkRuleApplicationUpdateInput {
appCategory: [ApplicationCategoryRefInput!]
application: [ApplicationRefInput!]
customApp: [CustomApplicationRefInput!]
customCategory: [CustomCategoryRefInput!]
customService: [CustomServiceInput!]
customServiceIp: [CustomServiceIpInput!]
domain: [Domain!]
fqdn: [Fqdn!]
service: [ServiceRefInput!]
}
type WanNetworkRuleConfiguration {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean!
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRef!]!
"The site for backhaul routing option."
backhaulingSite: [SiteRef!]!
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean!
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRef!]!
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean!
"The primary transport method."
primaryTransport: WanNetworkRuleTransport!
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransport!
}
input WanNetworkRuleConfigurationInput {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean! = false
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRefInput!]! = []
"The site for backhaul routing option."
backhaulingSite: [SiteRefInput!]! = []
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean! = false
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRefInput!]! = []
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean! = false
"The primary transport method."
primaryTransport: WanNetworkRuleTransportInput! = {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransportInput! = {transportType: AUTOMATIC, primaryInterfaceRole: AUTOMATIC, secondaryInterfaceRole: AUTOMATIC}
}
input WanNetworkRuleConfigurationUpdateInput {
"Indicates if TCP acceleration is enabled."
activeTcpAcceleration: Boolean
"The allocated IP for NAT routing. Taken from IP Allocation, per PoP."
allocationIp: [AllocatedIpRefInput!]
"The site for backhaul routing option."
backhaulingSite: [SiteRefInput!]
"Indicates if packet loss mitigation is enabled."
packetLossMitigation: Boolean
"The PoP location for routing and egressing from Cato Cloud."
popLocation: [PopLocationRefInput!]
"Indicates if the source port should be preserved."
preserveSourcePort: Boolean
"The primary transport method."
primaryTransport: WanNetworkRuleTransportUpdateInput
"The secondary transport method."
secondaryTransport: WanNetworkRuleTransportUpdateInput
}
type WanNetworkRuleDestination {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
site: [SiteRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input WanNetworkRuleDestinationInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
site: [SiteRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input WanNetworkRuleDestinationUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
site: [SiteRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
type WanNetworkRuleException {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplication!
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestination!
"The name of the network rule."
name: String!
"The source of the traffic for the rule."
source: WanNetworkRuleSource!
}
input WanNetworkRuleExceptionInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationInput! = {application: [], appCategory: [], customApp: [], customCategory: [], customServiceIp: [], customService: [], domain: [], fqdn: [], service: []}
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
"The name of the network rule."
name: String!
"The source of the traffic for the rule."
source: WanNetworkRuleSourceInput! = {user: [], floatingSubnet: [], globalIpRange: [], group: [], host: [], ip: [], ipRange: [], networkInterface: [], subnet: [], site: [], siteNetworkSubnet: [], systemGroup: [], usersGroup: []}
}
enum WanNetworkRuleInterfaceRole {
"Automatic interface role."
AUTOMATIC
"No interface role."
NONE
"WAN1 interface role."
WAN1
"WAN2 interface role."
WAN2
"WAN3 interface role."
WAN3
"WAN4 interface role."
WAN4
"WAN5 interface role."
WAN5
"WAN6 interface role."
WAN6
}
type WanNetworkRuleMutationPayload implements IPolicyRuleMutationPayload {
errors: [PolicyMutationError!]!
rule: WanNetworkRulePayload
status: PolicyMutationStatus!
}
type WanNetworkRulePayload implements IPolicyRulePayload {
audit: PolicyElementAudit!
properties: [PolicyElementPropertiesEnum!]!
rule: WanNetworkRule!
}
enum WanNetworkRuleRouteType {
"Backhaul routing."
BACKHAUL
"Backhaul hairpinning routing."
BACKHAUL_HAIRPINNING
"NAT routing."
NAT
"No routing."
NONE
"Optimized routing. Smart Egress using closest destination"
OPTIMIZED
"Route via a specific path."
VIA
}
type WanNetworkRuleSource {
floatingSubnet: [FloatingSubnetRef!]!
globalIpRange: [GlobalIpRangeRef!]!
group: [GroupRef!]!
host: [HostRef!]!
ip: [IPAddress!]!
ipRange: [IpAddressRange!]!
networkInterface: [NetworkInterfaceRef!]!
site: [SiteRef!]!
siteNetworkSubnet: [SiteNetworkSubnetRef!]!
subnet: [NetworkSubnet!]!
systemGroup: [SystemGroupRef!]!
user: [UserRef!]!
usersGroup: [UsersGroupRef!]!
}
input WanNetworkRuleSourceInput {
floatingSubnet: [FloatingSubnetRefInput!]! = []
globalIpRange: [GlobalIpRangeRefInput!]! = []
group: [GroupRefInput!]! = []
host: [HostRefInput!]! = []
ip: [IPAddress!]! = []
ipRange: [IpAddressRangeInput!]! = []
networkInterface: [NetworkInterfaceRefInput!]! = []
site: [SiteRefInput!]! = []
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]! = []
subnet: [NetworkSubnet!]! = []
systemGroup: [SystemGroupRefInput!]! = []
user: [UserRefInput!]! = []
usersGroup: [UsersGroupRefInput!]! = []
}
input WanNetworkRuleSourceUpdateInput {
floatingSubnet: [FloatingSubnetRefInput!]
globalIpRange: [GlobalIpRangeRefInput!]
group: [GroupRefInput!]
host: [HostRefInput!]
ip: [IPAddress!]
ipRange: [IpAddressRangeInput!]
networkInterface: [NetworkInterfaceRefInput!]
site: [SiteRefInput!]
siteNetworkSubnet: [SiteNetworkSubnetRefInput!]
subnet: [NetworkSubnet!]
systemGroup: [SystemGroupRefInput!]
user: [UserRefInput!]
usersGroup: [UsersGroupRefInput!]
}
type WanNetworkRuleTransport {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole!
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole!
transportType: WanNetworkRuleTransportType!
}
input WanNetworkRuleTransportInput {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole! = AUTOMATIC
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole! = AUTOMATIC
transportType: WanNetworkRuleTransportType! = AUTOMATIC
}
enum WanNetworkRuleTransportType {
"Alternative WAN transport type."
ALTERNATIVE_WAN
"Automatic transport type."
AUTOMATIC
"No transport type."
NONE
"Off-cloud transport type."
OFF_CLOUD
"WAN transport type."
WAN
}
input WanNetworkRuleTransportUpdateInput {
"The primary interface role."
primaryInterfaceRole: WanNetworkRuleInterfaceRole
"The secondary interface role."
secondaryInterfaceRole: WanNetworkRuleInterfaceRole
transportType: WanNetworkRuleTransportType
}
enum WanNetworkRuleType {
"Inbound Internet transport type."
INBOUND_INTERNET
"Internet transport type."
INTERNET
"WAN transport type."
WAN
}
input WanNetworkUpdateRuleDataInput {
"The application or category of traffic for the rule."
application: WanNetworkRuleApplicationUpdateInput
"The bandwidth priority (QoS) for the rule."
bandwidthPriority: BandwidthManagementRefInput
"The configuration of the rule."
configuration: WanNetworkRuleConfigurationUpdateInput
description: String
"The destination of the traffic for the rule."
destination: WanNetworkRuleDestinationUpdateInput
enabled: Boolean
"Exceptions to the rule."
exceptions: [WanNetworkRuleExceptionInput!]
name: String
"Defines the routing method for the rule. By default, traffic will egress from connected PoP."
routeType: WanNetworkRuleRouteType
"Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic."
ruleType: WanNetworkRuleType
"The source of the traffic for the rule."
source: WanNetworkRuleSourceUpdateInput
}
input WanNetworkUpdateRuleInput {
id: ID!
rule: WanNetworkUpdateRuleDataInput!
}
type AccountMetrics {
"""Starting time"""
from: DateTime
"""The size of a single time bucket in seconds"""
granularity: Int
"""Unique Identifier of Account."""
id: ID
"""Site connectivity metrics for the requested sites."""
sites(
"""
A list of unique IDs for each site. If specified, only sites in this list are returned. Otherwise, all sites are returned.
"""
siteIDs: [ID!]
ids: [String!] @deprecated(reason: "by siteIDs")
): [SiteMetrics!]
timeseries(
labels: [TimeseriesMetricType!]
"number of buckets, defaults to 10, max 1000"
buckets: Int
): [Timeseries!]
"""Ending time"""
to: DateTime
"""
Connectivity metrics for the requested users connecting remotely with the Client.
Doesn’t include user traffic behind a site.
"""
users(
"""
A list of unique IDs for each user. If specified, only users in this list are returned. Otherwise, no user metrics are returned.
"""
userIDs: [ID!]
): [SiteMetrics!]
}
type AccountSnapshot {
"""Unique Identifier of Account"""
id: ID
"Sites includes information about online as well as offline sites"
sites(
"""
List of Unique Site Identifiers. If specified, only sites in list will be returned
"""
siteIDs: [ID!]
ids: [Int!] @deprecated(reason: "by siteIDs")
): [SiteSnapshot!]
timestamp: DateTime
"VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested"
users(
"request specific IDs, regardless of if connected or not"
userIDs: [ID!]
ids: [Int!] @deprecated(reason: "by userIDs")
): [UserSnapshot!]
}
"""A general structure to contain IP detailed information"""
type IPInfo {
"""Geolocation city"""
city: String
"""Geolocation ISO country code"""
countryCode: String
"""Geolocation country name"""
countryName: String
"""IP address of the link"""
ip: String
"""Geolocation latitude for the ISP"""
latitude: Float
"""Geolocation longitude for the ISP"""
longitude: Float
"""ISP Internet provider"""
provider: String
"""Geolocation state"""
state: String
}
"""Basic information about socket"""
type SocketInfo {
"""Unique ID for Socket"""
id: String
"""
For HA configurations, when this boolean value is true, this the primary Socket
"""
isPrimary: Boolean
"""Shows Socket type"""
platform: SocketPlatform
"""Serial number for the Socket"""
serial: String
"""Software version number that is currently installed on the Socket"""
version: String
"""Timestamp when the Socket upgraded to the current hardware version"""
versionUpdateTime: DateTime
}
"""Basic IPSec configuration information"""
type IPSecInfo {
"""The source IP address for the IPsec tunnel in the Cato Cloud"""
catoIP: String
"""Shows 1 for IKEv1 and 2 for IKEv2"""
ikeVersion: Int
"""
For HA configurations, when this boolean value is true, this the primary IPsec firewall or routing device
"""
isPrimary: Boolean
"""The destination IP address for the IPsec tunnel (in the site)"""
remoteIP: String
}
"""Basic Socket Interface configuration information"""
type InterfaceInfo {
"""The destination type configured to the Socket interface"""
destType: String
"""
Maximum allowed bandwidth for traffic on this port, from the Cato Cloud to the site
"""
downstreamBandwidth: Int
"""
Maximum allowed bandwidth for traffic on this port in MBPS with single decimal point, from the Cato Cloud to the site
"""
downstreamBandwidthMbpsPrecision: Float @beta
"""ID for the Socket port in the Socket WebUI Monitor tab"""
id: ID!
"""Name for the port in the Cato Management Application"""
name: String
"""
Maximum allowed bandwidth on this port, for traffic from the site to the Cato Cloud
"""
upstreamBandwidth: Int
"""
Maximum allowed bandwidth on this port in MBPS with single decimal point, for traffic from the site to the Cato Cloud
"""
upstreamBandwidthMbpsPrecision: Float @beta
"""Role for the WAN interface"""
wanRole: SocketInterfaceWanRole @beta
}
"""Basic Site configuration information"""
type SiteInfo {
"""Address of the physical site location"""
address: String
"""City of the physical site location"""
cityName: String
"""
The Connection Type field defines how the site connects to the Cato Cloud, such as X1500 Socket or AWS vSocket (array with nested fields)
"""
connType: ProtoType
"""Code for the Country that is the physical location of the site"""
countryCode: String
"""Country that is the physical location of the site"""
countryName: String
"""State of the country that is the physical site location"""
countryStateName: String
"""Timestamp for when the site was created"""
creationTime: DateTime
"""User defined description of the site"""
description: String
"""Basic configuration information about the Socket interface"""
interfaces: [InterfaceInfo!]
"""data related to IPsec sites, such as IKE version"""
ipsec: [IPSecInfo!]
"""
When this boolean value is true, the site is enabled for high availability
"""
isHA: Boolean
"""Name for the site"""
name: String
"""Geographical PoP region that the site is licensed to use"""
region: String
"""
Data related to Socket and vSocket sites, such as serial number and Socket version (array with nested fields)
"""
sockets: [SocketInfo!]
"""
Site type in the Cato Management Application, such as branch office or datacenter
"""
type: SiteType
}
"""Basic Site Ha readiness information"""
type HaStatus {
keepalive: HaSubStatus
readiness: HaReadiness
socketVersion: HaSubStatus
wanConnectivity: HaSubStatus
}
"Basic User configuration information"
type UserInfo {
"Additional authentication mechanism, currently MFA or NONE"
authMethod: String
"""Timestamp when the VPN user was created in the account"""
creationTime: DateTime
"""Email address of the VPN user"""
email: String
"""Name of the VPN user"""
name: String
"User creation mechanism, current supported REGULAR or LDAP"
origin: String
"""Phone number for the VPN user"""
phoneNumber: String
"""Status of the Client as the type STRING"""
status: OperationalStatus
}
type RecentConnection {
"""Serial number for the Device"""
deviceName: String
"The duration of the connection"
duration: Int
"""Name for the port in the Cato Management Application"""
interfaceName: String
"The last time this connection was detected (so lastConnected - duration is the start of the connection"
lastConnected: DateTime
"The name of the PoP that the traffic flow was connected to"
popName: String
"""IP address the ISP allocates to the WAN link"""
remoteIP: String
"""
IP address, ISP, and geographical information related to the PoP that the traffic flow was connected to
"""
remoteIPInfo: IPInfo
}
type InterfaceLinkState {
"""Shows the duplex mode for the link"""
duplex: String
"""Indicates if the WAN interface has an IP address"""
hasAddress: Boolean
"""Indicates if the interface is connected to the Internet"""
hasInternet: Boolean
"""Indicates if a connection has been established with the Cato Cloud"""
hasTunnel: Boolean
"""The ID for the specific Socket port, for example LAN1 or LAN2"""
id: ID
"""Shows the maximum bandwidth configured for the link"""
linkSpeed: String
"""Indicates if there is a physical connection to the port"""
mediaIn: Boolean
"""When this boolean value is true, then the link for the port is up"""
up: Boolean
}
type DeviceSnapshot {
"""
A boolean value that indicates if the site is connected to the Cato Cloud
"""
connected: Boolean
"""For connected devices (this somewhat overlaps to last duration)"""
connectedSince: DateTime
"""Indicates the Socket uptime"""
deviceUptime: Int
"""
Shows if this is the primary or secondary Socket in high availability mode
"""
haRole: String
"""Unique internal Cato ID for the Socket"""
id: ID
"""Unique identifier for the device"""
identifier: String
"""Snapshot data for outbound facing interfaces"""
interfaces: [InterfaceSnapshot!]
"""
Information of the link state of various interfaces in the devices. Unlike the `interfacess` field, it contains
all links of the device, not just the outbound facing ones
"""
interfacesLinkState: [InterfaceLinkState!]
"""Device's internal IP in the account's routing table"""
internalIP: String
"""The last time the device was seen"""
lastConnected: DateTime
"""
The uptime of the last tunnel from this device (or current), in seconds
"""
lastDuration: Int
"""The ID of the PoP that the Socket is connected to"""
lastPopID: Int
"""The PoP name that the Socket is connected to"""
lastPopName: String
"""The time the mfa cookie (for sdp users) was created"""
mfaCreationTime: Int
"""Shows the amount of time remaining before the MFA token expires"""
mfaExpirationTime: Int
"""Name of the device"""
name: String
"""Operating system of the Device."""
osType: String
"""Version of the Socket operating system"""
osVersion: String
"""Data related to the most recent completed traffic flows"""
recentConnections: [RecentConnection!]
"""Shows the release group for the site"""
releaseGroup: String
"""Shows data related to the Socket, such as version and serial number"""
socketInfo: SocketInfo
"""Shows the Socket model or vSocket type"""
type: String
"""Device version"""
version: String
"""Device major version"""
versionNumber: Int
}
type InterfaceMetrics {
"""Time stamp annotation that shows a time increment for a GUI"""
annotations(types: [String!]): [TimeAnnotation!]
"""
Basic configuration information about the Socket interface . Applicable only for site
"""
interfaceInfo: InterfaceInfo
"""
Data related to IPsec sites, such as IKE version . Applicable only for site
"""
ipsecInfo: IPSecInfo
"""Traffic data for the link"""
metrics(
"Normalize collected metrics as per-second values"
toRate: Boolean = false
): Metrics
"""Link name in the Cato Management Application"""
name: String
"""object that is a specific time duration"""
periods: [TimePeriod!]
"""IP address the ISP allocates to the WAN link"""
remoteIP: String
"""Data related to the link IP address, such as country code"""
remoteIPInfo: IPInfo
"""
Data related to Socket and vSocket sites, such as serial number and Socket version. Applicable only for site
"""
socketInfo: SocketInfo
"""
For site metrics, timeseries info field will include: siteID, interfaceName, for last mile metrics it will also
include the destination last mile check
"""
timeseries(buckets: Int, labels: [TimeseriesMetricType!]): [Timeseries!]
}
type InterfaceSnapshot {
"""Information about cellular (LTE) interface"""
cellularInterfaceInfo: CellularInterface
"""Shows if the WAN link is connected to the PoP"""
connected: Boolean
"""Interface ID for the WAN link"""
id: ID
"""
data about the WAN link that is configured in the Socket Configuration window for the site
"""
info: InterfaceInfo
"""WAN link name in the Cato Management Application"""
name: String
"""Interface Natural order for WAN link"""
naturalOrder: Int
"""Physical WAN port on the Socket"""
physicalPort: Int
"""The name of the PoP that the WAN link is connected to"""
popName: String
"""
The ID of the PoP that the WAN link was connected to before the current one
"""
previousPopID: Int
"""
The name of the PoP that the WAN link was connected to before the current one
"""
previousPopName: String
"""
Reason that the tunnel required a new connection (for example, PoP or Socket restarted)
"""
tunnelConnectionReason: String
"""IP address of the WAN ISP"""
tunnelRemoteIP: String
"""IP address, ISP, and geographical information related to the WAN ISP"""
tunnelRemoteIPInfo: IPInfo
"""Number of seconds that the tunnel is connected to a PoP"""
tunnelUptime: Int
type: String @deprecated(reason: "No longer supported")
}
type Metrics {
"""total downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream: Float
"""total traffic for the site"""
bytesTotal: Float
"""total upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream: Float
"""total amount of time for the site data"""
duration: Int
"""
The number of flows (connections) in the tunnel. Relevant only for per site Metrics, ignored in per-interface
metrics.
"""
flowCount: Float
"""duration in seconds for a single metrics bucket"""
granularity: Int
"""
The number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics.
"""
hostCount: Float
"""
The configurable limit of the number of hosts in the tunnel. Relevant only for per site Metrics, ignored in
per-interface metrics.
"""
hostLimit: Float
"""
jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream: Float
"""
jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream: Float
"""number of packets lost for downstream traffic"""
lostDownstream: Float
"""percent of packet loss for downstream traffic"""
lostDownstreamPcnt: Float
"""number of packets lost for upstream traffic"""
lostUpstream: Float
"""percent of packet loss for upstream traffic"""
lostUpstreamPcnt: Float
"""total packets discarded for downstream traffic"""
packetsDiscardedDownstream: Float
"""total packets discarded for upstream traffic"""
packetsDiscardedUpstream: Float
"""total downstream packets"""
packetsDownstream: Float
"""total upstream packets"""
packetsUpstream: Float
"""round-trip time from the site to the Cato Cloud"""
rtt: Int
}
type CellularInterface {
"""
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch.
"""
apn: String
"""
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI).
"""
apnSelectionMethod: ApnMethod
"""
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out).
"""
disconnectionReason: CellularDisconnectionReason
"""Unique identifier (20-digit number) for the modem."""
iccid: String
"""Unique identifier (15-digit number) for a specific SIM."""
imei: String
"""
Indicates if the cellular modem is currently connected to the internet.
"""
isModemConnected: Boolean!
"""Indicates if the modem is currently suspended."""
isModemSuspended: Boolean!
"""Indicates whether roaming is enabled."""
isRoamingAllowed: Boolean!
"""Indicates whether a SIM is detected in the first slot."""
isSimSlot1Detected: Boolean!
"""Indicates whether a SIM is detected in the second slot."""
isSimSlot2Detected: Boolean!
"""
Represents the current status of the modem. Valid values are Error, OK, or Unknown.
"""
modemStatus: CellularModemStatus
"""2G, 3G, or 4G"""
networkType: CellularNetworkType
"""Displays the operator or carrier name, such as Verizon."""
operatorName: String
"""
Represents the signal strength of the cellular connection, in units of calculation.
"""
signalStrength: String
"""The phone number associated with the SIM."""
simNumber: String
"""
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default.
"""
simSlotId: Int
}
enum CellularNetworkType {
TYPE_2G
TYPE_3G
TYPE_4G
TYPE_UNKNOWN
}
enum SocketInterfaceWanRole {
NONE
WAN_1
WAN_2
WAN_3
WAN_4
}
enum CellularModemStatus {
STATUS_ERROR
STATUS_OK
STATUS_UNKNOWN
}
enum CellularDisconnectionReason {
REASON_NONE
REASON_TIMEOUT
}
enum ApnMethod {
METHOD_AUTO
METHOD_MANUAL
METHOD_UNKNOWN
}
type SiteMetrics {
"""
Timeseries with the number of flows (connections) in the site. Applicable only for site
"""
flowCount: Timeseries
"""
Timeseries with the number of hosts in the site. Applicable only for site
"""
hostCount: Timeseries
"""
Timeseries with the configurable limit of the number of hosts in the site. Applicable only for site
"""
hostLimit: Timeseries
"""Site ID"""
id: ID
"""
Shows general information about the site (array with nested fields). Applicable only for site
"""
info: SiteInfo
"""Analytics that are returned for the links for a site"""
interfaces: [InterfaceMetrics!]
"""Traffic metrics and data for sites"""
metrics(
"Normalize collected metrics as per-second values"
toRate: Boolean = false
): Metrics
"""Site names"""
name: String
samples: Int @deprecated(reason: "internal use")
}
enum HaReadiness {
not_ready
ready
}
enum HaSubStatus {
fail
ok
}
enum ConnectivityStatus {
"""Connected to the Cato Cloud"""
connected
"""Disconnected from the Cato Cloud"""
disconnected
}
enum OperationalStatus {
"""Passing traffic"""
active
"""Disabled in the Cato Management Application"""
disabled
"""License has expired for this site and you can't configure it"""
locked
"""After you create the site before it is connected to the Cato Cloud"""
new
"For VPN users only"
pending_code_generation
"For VPN users only"
pending_mfa_configuration
"For VPN users only"
pending_user_configuration
}
type UserSnapshot {
"""
In this state the client does not create its own connection, but reuses
the Office's socket connection
"""
connectedInOffice: Boolean
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"The host name of the device"
deviceName: String
"""Data related to the Client"""
devices: [DeviceSnapshot!]
"""VPN user ID"""
id: ID
"""General information about the VPN user"""
info: UserInfo
"""IP address of the PoP that the Client is connected to"""
internalIP: String
"Last time the user was connected (relevant if not currently connected)"
lastConnected: DateTime
"User name from configuration, same as info.name"
name: String
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""Operating system of the device the Client is running on"""
osType: String
"""Version of the operating system for the device"""
osVersion: String
"""ID of the PoP that the Client is connected to"""
popID: Int
"""Name of the PoP that the VPN user is connected to"""
popName: String
"""Data related to the most recent completed VPN connections"""
recentConnections: [RecentConnection!]
"""IP address of the Client"""
remoteIP: String
"""IP address, ISP, and geographical information related to the Client"""
remoteIPInfo: IPInfo
"How long has the user been connected (in seconds)"
uptime: Int
"VPN client version string"
version: String
"VPN client version number"
versionNumber: Int
}
type SiteSnapshot {
"""Alternative WAN connectivity status"""
altWanStatus: String
"""For connected sites, since when are they connected"""
connectedSince: DateTime
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"""Data related to the Sockets for a site"""
devices: [DeviceSnapshot!]
"""Site HA readiness information"""
haStatus: HaStatus
"""Number of hosts connected to a site"""
hostCount: Int
"""site ID"""
id: ID
"""General real-time information about the site"""
info: SiteInfo
"""
Relevant when the site is disconnected - the last time the device was connected
"""
lastConnected: DateTime
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""Name of the PoP that the site is connected to"""
popName: String
protoId: ID
}
type Timeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"whether to normalize the data into per second (i.e. divide by granularity)"
perSecond: Boolean = true
"If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1"
withMissingData: Boolean = false
"In case we want to have the default size bucket (from properties)"
useDefaultSizeBucket: Boolean = false
): [[Float!]]
"List of dimension values for this timeseries"
dimensions: [DimensionData!]
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
"Timeseries key: measure and dimension values"
key: TimeseriesKey
"Indicates the type of the timeseries"
label: String!
"""Summary of the metrics over the given time frame"""
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
}
"""An object for marking specific events in time."""
type TimeAnnotation {
"""Description of the event"""
label: String!
"""Brief description of the event"""
shortLabel: String!
"""Timestamp of the event"""
time: Float!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: AnnotationType!
}
"""An object for marking durations!"""
type TimePeriod {
"""
An tuple of two numbers representing start time, end time in ms since epoch, start bucket index, end bucket index
"""
duration: [Float!]!
"""Label that describes the metrics"""
title: String!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: PeriodType!
}
enum TimeseriesMetricType {
"""Total avg downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream
"""Total max downstream traffic (from the site to the Cato Cloud)"""
bytesDownstreamMax
"""Total number of bytes of upstream and downstream traffic"""
bytesTotal
"""Total avg upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream
"""Total max upstream traffic (from the site to the Cato Cloud)"""
bytesUpstreamMax
"""Health analytics for the site"""
health @deprecated(reason: "No longer supported")
"""
Jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream
"""
Jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream
"""
Latency from socket directly to a well known global service, not through Cato. This is used to measure last
mile provider's performance, independent of the service.
"""
lastMileLatency
"""
Packet loss from socket directly to a well known global services, not through Cato This is used to measure last
mile provider's performance, independent of the service.
"""
lastMilePacketLoss
"""Number of packets lost for downstream traffic"""
lostDownstream
"""Percent of packet loss for downstream traffic"""
lostDownstreamPcnt
"""Number of packets lost for upstream traffic"""
lostUpstream
"""Percent of packet loss for upstream traffic"""
lostUpstreamPcnt
"""Total packets discarded for downstream traffic"""
packetsDiscardedDownstream
"""Percent packets discarded for downstream traffic"""
packetsDiscardedDownstreamPcnt
"""Total packets discarded for upstream traffic"""
packetsDiscardedUpstream
"""Percent packets discarded for upstream traffic"""
packetsDiscardedUpstreamPcnt
"""Total downstream packets"""
packetsDownstream
"""Total upstream packets"""
packetsUpstream
"""Round-trip time from the Socket to the Cato Cloud"""
rtt
"The age of the physical tunnel in milliseconds (It is zeroed even on transparent reconnect)"
tunnelAge
}
enum PeriodType {
"traffic was seen"
active
"some packets were discarded after queue timeout"
congested
"unspecified period type"
generic
"multiple last mile destinations measured large latency (greater than 500ms)"
lastmileLatency
"multiple last mile destinations measured packet loss"
lastmilePacketLoss
"missing data"
missingData
"some packets were queued"
overlowed
"packet loss connectivity issue"
packetLoss
"interface in standby mode"
passiveLink
"period connected to specific pop instance"
pop
}
enum AnnotationType {
"""Other events that are included in annotations"""
generic
"""The site connects to a different PoP"""
popChange
"""The ISP IP address (remote IP) changed"""
remoteIPChange
"""Change for HA status role"""
roleChange
}
type DimensionData {
"Type of the dimension"
label: String!
"String value of the dimension"
value: String
}
type TimeseriesKey {
"List of dimension key-value pair for this timeseries key"
dimensions: [DimensionKey!]
"Measure field"
measureFieldName: String!
}
type DimensionKey {
"Dimension field"
fieldName: String!
"String value of the dimension"
value: String
}
type EventRecord {
"fields in map format (see Map scalar)"
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
time: DateTime
}
type EventsFeedAccountRecords {
errorString: String
id: ID
records(fieldNames: [EventFieldName!]): [EventRecord!]
}
type EventsFeedData {
accounts: [EventsFeedAccountRecords]
fetchedCount: Int!
marker: String
}
input EventFeedFieldFilterInput {
fieldName: EventFeedFilterFieldName!
"Use event_type and event_sub_type for events"
operator: EventFeedFilterOperator!
values: [String!]
}
"""Search operators on Event Feed"""
enum EventFeedFilterOperator {
in
is
is_not
not_in
}
enum EventFeedFilterFieldName {
"Sub-type for Routing, Security, Connectivity, System or Sockets Management event"
event_sub_type
"Routing, Security, Connectivity, System or Sockets Management event"
event_type
}
input AddIpsecIkeV2SiteInput {
description: String
"""The name of the site"""
name: String!
"""The native range of the site"""
nativeNetworkRange: IPSubnet!
"""The location of the site"""
siteLocation: AddSiteLocationInput!
"""Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER."""
siteType: SiteType! = BRANCH
"""VLAN ID for native range"""
vlan: Vlan
}
input UpdateIpsecIkeV2SiteGeneralDetailsInput {
"""The auth message parameters."""
authMessage: IpsecIkeV2MessageInput
"""
Determines the protocol for establishing the Security Association (SA) Tunnel. Valid values are:
Responder-Only Mode: Cato Cloud only responds to incoming requests by the initiator (e.g. a Firewall device) to establish a security association.
Bidirectional Mode: Both Cato Cloud and the peer device on customer site can initiate the IPSec SA establishment.
"""
connectionMode: ConnectionMode
"""
The authentication identification type used for SA authentication. When using “BIDIRECTIONAL”, it is set to “IPv4” by default. Other methods are available in Responder mode only.
"""
identificationType: IdentificationType
"""The init message parameters"""
initMessage: IpsecIkeV2MessageInput
"""The local IP ranges for the SAs"""
networkRanges: [IPSubnet]
}
input IpsecIkeV2MessageInput {
"""
The SA tunnel encryption method. Note: For situations where GCM isn’t supported for the INIT phase, we recommend that you use the CBC algorithm for the INIT phase, and GCM for AUTH
"""
cipher: IpSecCipher
"""
The Diffie-Hellman Group. The first number is the DH-group number, and the second number is the corresponding prime modulus size in bits
"""
dhGroup: IpSecDHGroup
"""
The algorithm used to verify the integrity and authenticity of IPsec packets
"""
integrity: IpSecHash
"""
The Pseudo-random function (PRF) used to derive the cryptographic keys used in the SA establishment process
"""
prf: IpSecHash
}
input LastMileBwInput {
"""
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth.
"""
downstream: Int
"""
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps with single decimal precision. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth.
"""
downstreamMbpsPrecision: Float
"""
The maximum upstream bandwidth, in Mbps. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud.
"""
upstream: Int
"""
The maximum upstream bandwidth, in Mbps with single decimal precision. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud.
"""
upstreamMbpsPrecision: Float
}
input AddIpsecIkeV2TunnelInput {
"""
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
"""
lastMileBw: LastMileBwInput
"""Tunnel name"""
name: String
"""
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateCatoIp: IPAddress
"""
Site private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateSiteIp: IPAddress
"""Pre-shared key. This field is write-only."""
psk: String!
"""The public IP address where the IPsec tunnel is initiated"""
publicSiteIp: IPAddress
"""Tunnel role"""
role: IPSecV2TunnelRole
}
input UpdateIpsecIkeV2TunnelInput {
"""
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
"""
lastMileBw: LastMileBwInput
"""Tunnel name"""
name: String
"""
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateCatoIp: IPAddress
"""
Site private IP, used for BGP routing. Applicable for sites using BGP only
"""
privateSiteIp: IPAddress
"""Pre-shared key. This field is write-only."""
psk: String
"""The public IP address where the IPsec tunnel is initiated"""
publicSiteIp: IPAddress
"""Tunnel role"""
role: IPSecV2TunnelRole
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId!
}
input UpdateIpsecIkeV2TunnelsInput {
"""The destination type of the IPsec tunnel"""
destinationType: DestinationType
"""The PoP location ID"""
popLocationId: ID
"""
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
"""
publicCatoIpId: ID
tunnels: [UpdateIpsecIkeV2TunnelInput!]!
}
input AddIpsecIkeV2TunnelsInput {
"""The destination type of the IPsec tunnel"""
destinationType: DestinationType
"""The PoP location ID"""
popLocationId: ID
"""
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
"""
publicCatoIpId: ID
tunnels: [AddIpsecIkeV2TunnelInput!]!
}
input UpdateIpsecIkeV2SiteTunnelsInput {
"""The configuration of the site’s primary tunnel"""
primary: UpdateIpsecIkeV2TunnelsInput
"""The configuration of the site’s secondary tunnel"""
secondary: UpdateIpsecIkeV2TunnelsInput
}
input AddIpsecIkeV2SiteTunnelsInput {
"""The configuration of the site’s primary tunnel"""
primary: AddIpsecIkeV2TunnelsInput
"""The configuration of the site’s secondary tunnel"""
secondary: AddIpsecIkeV2TunnelsInput
}
input RemoveIpsecIkeV2SiteTunnelsInput {
"""The IDs of the tunnels"""
tunnelId: [IPSecV2InterfaceId!]!
}
type AddIpsecIkeV2SitePayload {
"""The ID of the site"""
siteId: ID!
}
type UpdateIpsecIkeV2SiteGeneralDetailsPayload {
"""The local ID for the site"""
localId: String
"""The ID of the site"""
siteId: ID!
}
type UpdateIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type UpdateIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [UpdateIpsecIkeV2SiteTunnelPayload!]!
}
type AddIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type RemoveIpsecIkeV2SiteTunnelPayload {
"""The local ID for the tunnel"""
localId: String
"""The ID of the tunnel"""
tunnelId: IPSecV2InterfaceId
}
type AddIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [AddIpsecIkeV2SiteTunnelPayload!]!
}
type RemoveIpsecIkeV2SiteMultiTunnelPayload {
"""Cato’s FQDN for the multi-tunnel"""
fqdn: Fqdn
tunnels: [RemoveIpsecIkeV2SiteTunnelPayload!]!
}
type UpdateIpsecIkeV2SiteTunnelsPayload {
"""The primary multi-tunnel"""
primary: UpdateIpsecIkeV2SiteMultiTunnelPayload
"""The secondary multi-tunnel"""
secondary: UpdateIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type AddIpsecIkeV2SiteTunnelsPayload {
"""Cato’s FQDN for the primary tunnel"""
primary: AddIpsecIkeV2SiteMultiTunnelPayload
"""Cato’s FQDN for the secondary tunnel"""
secondary: AddIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type RemoveIpsecIkeV2SiteTunnelsPayload {
"""Cato’s FQDN for the primary tunnel"""
primary: RemoveIpsecIkeV2SiteMultiTunnelPayload
"""Cato’s FQDN for the secondary tunnel"""
secondary: RemoveIpsecIkeV2SiteMultiTunnelPayload
"""The ID of the site"""
siteId: ID!
}
type HardwareManagementQueries {
"""Retrieve the account socket inventory"""
socketInventory(input: SocketInventoryInput): SocketInventoryPayload! @beta
}
input SocketInventoryInput {
filter: SocketInventoryFilterInput
paging: PagingInput
sort: SocketInventoryOrderInput
}
input SocketInventoryFilterInput {
"""
Will run contains operation for the provided text on the following fields serialNumber,socketMac,socketVersion,installedSite,
shippingCompany,trackingNumber,deliverySiteName,description with OR between them
"""
freeText: FreeTextFilterInput
}
input SocketInventoryOrderInput {
accountName: SortOrderInput
deliverySiteName: SortOrderInput
description: SortOrderInput
installedSite: SortOrderInput
serialNumber: SortOrderInput
shippingCompany: SortOrderInput
shippingDate: SortOrderInput
socketType: SortOrderInput
"""Default sort field"""
status: SortOrderInput
}
type SocketInventoryPayload {
items: [SocketInventoryItem!]!
pageInfo: PageInfo!
}
type SocketInventoryItem {
"""Socket account"""
account: AccountRef!
"""Available upgrade versions"""
availableUpgradeVersions: [String!]!
"""Name of the delivery site"""
deliverySiteName: String
"""Description"""
description: String
"""ID"""
id: ID!
"""Is primary socket"""
isPrimary: Boolean!
"""Registration status"""
registrationStatus: SocketRegistrationStatus
"""Serial number (unique)"""
serialNumber: String
"""Shipping company"""
shippingCompany: String
"""Shipping date"""
shippingDate: DateTime
"""Socket's site"""
site: SiteRef
"""Mac address"""
socketMac: MacAddress
"""Socket Type"""
socketType: SocketPlatform
"""Socket version"""
socketVersion: String
"""Socket status (see SocketInventoryItemStatus)"""
status: SocketInventoryItemStatus
"""tracking number from the shipping company"""
trackingNumber: String
"""tracking url from the shipping company"""
trackingUrl: Url
"""Are automatic upgrade paused"""
upgradesPaused: Boolean!
"""Upgrade status"""
upgradeStatus: SocketUpgradeStatus
}
enum SocketInventoryItemStatus {
CONNECTED
DELIVERED
INSTALLED
ORDERED
SHIPPED
}
type Events {
from: DateTime
id: ID
records(limit: Int, from: Int): [EventsRecord!]
to: DateTime
total: Int
totals: Map
}
type EventsRecord {
fields: [EventField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
prevTimeFrame: Map
trends: Map
}
type EventsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
input EventsMeasure {
aggType: AggregationType!
fieldName: EventFieldName!
trend: Boolean
}
input EventsDimension {
fieldName: EventFieldName!
}
input EventsFilter {
fieldName: EventFieldName!
operator: FilterOperator!
values: [String!]!
}
input EventsSort {
fieldName: EventFieldName!
order: DirectionEnum!
}
type EventField {
name: EventFieldName!
value: Value!
}
type AuditFeedAccountRecords {
id: ID
records(fieldNames: [AuditFieldName!]): [AuditRecord!]
}
type AuditFeed {
accounts: [AuditFeedAccountRecords]
fetchedCount: Int!
from: DateTime
hasMore: Boolean
marker: String
to: DateTime
}
"""
Search operators on ElasticSearch. Between operators are applicable only to numeric fields
Note that not operators are slower
"""
enum ElasticOperator {
between
exists
in
is
is_not
not_between
not_exists
not_in
}
"""
FieldName for the different types of FieldName inputs
Use the EventFieldName for events, and AuditFieldName for audit
"""
input FieldNameInput {
AuditFieldName: AuditFieldName
}
input AuditFieldFilterInput {
fieldName: FieldNameInput!
"Use AuditFieldName for audits"
operator: ElasticOperator!
values: [String!]
}
"""Represents a single event in the audit database"""
type AuditRecord {
account: EntityInfo
admin: Entity
apiKey: Entity
"All fields in the audit record (including the admin and object)"
fields: [AuditField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
object: Entity
time: DateTime
}
type StringValue {
string: String
}
type DateValue {
date: DateTime
}
union Value = StringValue | DateValue | Entity
type AuditField {
name: String!
value: Value!
}
enum AuditFieldName {
"The name of the account on which the record was created"
account
"The id of the account on which the record was created"
account_id
"The admin whose action generated the record"
admin
"The ID of the admin whose action generated the record"
admin_id
"The api key whose action generated the record"
apiKey
audit_creation_type
"the nature of the change: `CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED`"
change_type
"Time the record was created"
creation_date
"Time the record was committed to storage"
insertion_date
"The name of the object that was affected, e.g. 'My Site'"
model_name
"The type of object that was affected. e.g. Site, Socket, SocketInterface"
model_type
"Less granular than model_name, a general marker of the modified area: administration, configuration, security"
module
}
enum EntityType {
"""A reference to a configured Account under reseller"""
account
"""An account administrator (user in Cato Console)"""
admin
"""An external IP address in a specific PoP reserved for the account"""
allocatedIP
"""Any entity (matches everything)"""
any
"Pooled licenses available for use"
availablePooledUsage
"Site licenses available for use"
availableSiteUsage
"""A settlement with over 1K population"""
city
"""Geographical and political entity recognized internationally"""
country
"""
Represents a state or territory within a country. It is a sub-division of the country
"""
countryState
"A reference to DHCP Relay Group within account"
dhcpRelayGroup
groupSubscription
"""A reference to the configured Host within Site"""
host
"A reference to LAN Firewall Rule within Site"
lanFirewall
"A reference to Local Routing Rule within Site"
localRouting
location
mailingListSubscription
"""A reference to the configured Network Interface within Site"""
networkInterface
"Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number"
portProtocol
"l4 services for LAN firewall rules"
simpleService
"""A reference to a configured Site within Account"""
site
"union of the globalRange and a Subnet"
siteRange
"""
Time zone, which is a geographical region where clocks are set to the same time
"""
timezone
"""A reference to the configured VPN User within Account"""
vpnUser
webhookSubscription
}
type ContainerQueries {
fqdn: FqdnContainerQueries!
ipAddressRange: IpAddressRangeContainerQueries!
list(input: ContainerSearchInput!): ContainerSearchPayload! @beta
}
type ContainerMutations {
delete(input: DeleteContainerInput!): DeleteContainerPayload! @beta
fqdn: FqdnContainerMutations!
ipAddressRange: IpAddressRangeContainerMutations!
}
"A group with members of a single type of entity (for example: IPAddress, FQDN)"
interface Container {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Description for the container"
description: String
"Number of items in the container"
size: Int!
"Audit metadata about the container"
audit: ContainerAudit!
}
"Audit metadata about the container"
type ContainerAudit {
"Indicates when the container was created"
createdAt: DateTime!
"Indicates who created the container"
createdBy: String!
"Indicated when the container was last updated"
lastModifiedAt: DateTime!
"Indicates who was the last to update the container"
lastModifiedBy: String!
}
"Container search result, including all containers that matched input criteria"
type ContainerSearchPayload {
"A list of matched containers"
containers: [Container!]!
}
type DeleteContainerPayload {
"The data of the container before it was deleted"
container: Container!
}
"Filtering input to container search"
input ContainerSearchInput {
"Allows filtering container search by container ID or container name"
refs: [ContainerRefInput!]! = []
"Allows filtering container search by specific container types"
types: [ContainerType!]! = []
}
"Identification of container for delete operation"
input DeleteContainerInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
enum ContainerType {
FQDN
IP_RANGE
}
enum ContainerFileType {
CSV
STIX
}
type FqdnContainerMutations {
addValues(input: FqdnContainerAddValuesInput!): FqdnContainerAddValuesPayload! @beta
createFromFile(input: CreateFqdnContainerFromFileInput!): CreateFqdnContainerFromFilePayload! @beta
removeValues(input: FqdnContainerRemoveValuesInput!): FqdnContainerRemoveValuesPayload! @beta
updateFromFile(input: UpdateFqdnContainerFromFileInput!): UpdateFqdnContainerFromFilePayload! @beta
}
type FqdnContainerQueries {
downloadFile(input: DownloadFqdnContainerFileInput!): DownloadFqdnContainerFilePayload! @beta
search(input: FqdnContainerSearchInput!): FqdnContainerSearchPayload! @beta
searchFqdn(input: FqdnContainerSearchFqdnInput!): FqdnContainerSearchFqdnPayload! @beta
}
"A group with members of FQDN type"
type FqdnContainer implements Container {
"Audit metadata about the container"
audit: ContainerAudit!
"Description for the container"
description: String
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Number of items in the container"
size: Int!
}
"Payload of FQDN container search"
type FqdnContainerSearchPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of FQDN search query"
type FqdnContainerSearchFqdnPayload {
"List of containers with members of type FQDN"
containers: [FqdnContainer!]!
}
"Payload of AddValues operation on FQDN typed container"
type FqdnContainerAddValuesPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of RemoveValues operation on FQDN typed container"
type FqdnContainerRemoveValuesPayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of CreateFromFile operation on FQDN typed container"
type CreateFqdnContainerFromFilePayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of UpdateFromFile operation on FQDN typed container"
type UpdateFqdnContainerFromFilePayload {
"Container with members of type FQDN"
container: FqdnContainer!
}
"Payload of download FQDN typed container file"
type DownloadFqdnContainerFilePayload {
"Content of a file encoded in base64 format"
encodedFile: String!
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Input for creating FQDN typed container from file"
input CreateFqdnContainerFromFileInput {
"Description for the container"
description: String!
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Name for the container"
name: String!
"Multipart file containing FQDNs with fileType delimiter"
uploadFile: Upload
}
"Input for updating FQDN typed container from file"
input UpdateFqdnContainerFromFileInput {
"Description for the container"
description: String
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
"Multipart file containing FQDNs with fileType delimiter"
uploadFile: Upload
}
"Input for adding values to existing FQDN typed container"
input FqdnContainerAddValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [Fqdn!]! = []
}
"Input for removing values from existing FQDN typed container"
input FqdnContainerRemoveValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [Fqdn!]! = []
}
"Input for searching FQDN typed container"
input FqdnContainerSearchInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Input for searching FQDN typed containers that contain a specific FQDN"
input FqdnContainerSearchFqdnInput {
fqdn: Fqdn!
}
"Input for searching FQDN typed container to download its content"
input DownloadFqdnContainerFileInput {
by: ObjectRefBy!
input: String!
}
type IpAddressRangeContainerMutations {
addValues(input: IpAddressRangeContainerAddValuesInput!): IpAddressRangeContainerAddValuesPayload! @beta
createFromFile(input: CreateIpAddressRangeContainerFromFileInput!): CreateIpAddressRangeContainerFromFilePayload! @beta
removeValues(input: IpAddressRangeContainerRemoveValuesInput!): IpAddressRangeContainerRemoveValuesPayload! @beta
updateFromFile(input: UpdateIpAddressRangeContainerFromFileInput!): UpdateIpAddressRangeContainerFromFilePayload! @beta
}
type IpAddressRangeContainerQueries {
downloadFile(input: DownloadIpAddressRangeContainerFileInput!): DownloadIpAddressRangeContainerFilePayload! @beta
search(input: IpAddressRangeContainerSearchInput!): IpAddressRangeContainerSearchPayload! @beta
searchIpAddressRange(input: IpAddressRangeContainerSearchIpAddressRangeInput!): IpAddressRangeContainerSearchIpAddressRangePayload! @beta
}
"A group with members of IPAddressRange type"
type IpAddressRangeContainer implements Container {
"Audit metadata about the container"
audit: ContainerAudit!
"Description for the container"
description: String
"Unique container ID"
id: ID!
"Name for the container"
name: String!
"Number of items in the container"
size: Int!
}
"Payload of IPAddressRange container search"
type IpAddressRangeContainerSearchPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of IPAddressRange search query"
type IpAddressRangeContainerSearchIpAddressRangePayload {
"List of containers with members of type IPAddressRange"
containers: [IpAddressRangeContainer!]!
}
"Payload of AddValues operation on IPAddressRange typed container"
type IpAddressRangeContainerAddValuesPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of AddValues operation on IPAddressRange typed container"
type IpAddressRangeContainerRemoveValuesPayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of CreateFromFile operation on IPAddressRange typed container"
type CreateIpAddressRangeContainerFromFilePayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of UpdateFromFile operation on IPAddressRange typed container"
type UpdateIpAddressRangeContainerFromFilePayload {
"Container with members of type IPAddressRange"
container: IpAddressRangeContainer!
}
"Payload of download IPAddressRange typed container file"
type DownloadIpAddressRangeContainerFilePayload {
"Content of a file encoded in base64 format"
encodedFile: String!
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Input for creating IPAddressRange typed container from file"
input CreateIpAddressRangeContainerFromFileInput {
"Description for the container"
description: String!
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Name for the container"
name: String!
"Multipart file containing IPAddressRanges with fileType delimiter"
uploadFile: Upload
}
"Input for updating existing IPAddressRange typed container from file"
input UpdateIpAddressRangeContainerFromFileInput {
"Description for the container"
description: String
"File type that will be uploaded"
fileType: ContainerFileType! = CSV
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
"Multipart file containing IPAddressRanges with fileType delimiter"
uploadFile: Upload
}
"Input for adding values to existing IPAddressRange typed container"
input IpAddressRangeContainerAddValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [IpAddressRangeInput!]! = []
}
"Input for removing values from existing IPAddressRange typed container"
input IpAddressRangeContainerRemoveValuesInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
values: [IpAddressRangeInput!]! = []
}
"Filtering input to IPAddressRange container search"
input IpAddressRangeContainerSearchInput {
"Reference to existing container by container ID or container name"
ref: ContainerRefInput!
}
"Input for searching IPAddressRange typed containers that contain a specific IPAddressRange"
input IpAddressRangeContainerSearchIpAddressRangeInput {
ipAddressRange: IpAddressRangeInput!
}
"Input for searching IPAddressRange typed container to download its content"
input DownloadIpAddressRangeContainerFileInput {
by: ObjectRefBy!
input: String!
}
"""Input for adding a new cloud interconnect site."""
input AddCloudInterconnectSiteInput {
"""Description of the site."""
description: String
"""Name of the site."""
name: String!
"""Location details of the site."""
siteLocation: AddSiteLocationInput!
"""Type of the site."""
siteType: SiteType! = BRANCH
}
"""Payload for adding a new cloud interconnect site."""
type AddCloudInterconnectSitePayload {
"""ID of the newly added site."""
siteId: ID!
}
"""
Input for adding a new physical connection to a cloud interconnect site.
"""
input AddCloudInterconnectPhysicalConnectionInput {
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth!
"""Method of encapsulation.Wither .1Q/QinQ"""
encapsulationMethod: TaggingMethod!
"""High availability role of the connection."""
haRole: HaRole!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput!
"""Private IP address of Cato."""
privateCatoIp: IPAddress!
"""Private IP address of the site."""
privateSiteIp: IPAddress!
"""
Name of the service provider. Usually a partner, or a fabric service provider.
"""
serviceProviderName: String!
"""Identifying data for the site."""
site: SiteRefInput!
"""Subnet for the connection, the BGP peering range. /30 CIDR."""
subnet: NetworkSubnet!
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth!
}
"""
Payload for adding a new physical connection to a cloud interconnect site.
"""
type AddCloudInterconnectPhysicalConnectionPayload {
"""ID of the newly added connection."""
id: ID!
}
"""
Payload for updating an existing physical connection at a cloud interconnect site.
"""
type UpdateCloudInterconnectPhysicalConnectionPayload {
"""ID of the updated connection."""
id: ID!
}
"""
Input for updating an existing physical connection at a cloud interconnect site.
"""
input UpdateCloudInterconnectPhysicalConnectionInput {
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth
"""Method of encapsulation."""
encapsulationMethod: TaggingMethod
"""ID of the connection to be updated."""
id: ID!
"""Identifying data for the POP location."""
popLocation: PopLocationRefInput
"""Private IP address of Cato."""
privateCatoIp: IPAddress
"""Private IP address of the site."""
privateSiteIp: IPAddress
"""Name of the service provider."""
serviceProviderName: String
"""Subnet for the connection."""
subnet: NetworkSubnet
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth
}
"""
Input for removing a physical connection from a cloud interconnect site.
"""
input RemoveCloudInterconnectPhysicalConnectionInput {
"""ID of the connection to be removed."""
id: ID!
}
"""
Payload for removing a physical connection from a cloud interconnect site.
"""
type RemoveCloudInterconnectPhysicalConnectionPayload {
"""ID of the removed connection."""
id: ID!
}
"""
Input for getting details of a physical connection at a cloud interconnect site.
"""
input CloudInterconnectPhysicalConnectionInput {
"""ID of the connection."""
id: ID!
}
"""Details of a physical connection at a cloud interconnect site."""
type CloudInterconnectPhysicalConnection {
"""C-VLAN applicable only for QINQ connections."""
cVlan: Vlan
"""Downstream bandwidth limit."""
downstreamBwLimit: NetworkBandwidth!
"""Method of encapsulation."""
encapsulationMethod: TaggingMethod!
"""High availability role of the connection. Either Primary or Secondary."""
haRole: HaRole!
"""ID of the connection."""
id: ID!
"""Identifying data for the POP location."""
popLocation: PopLocationRef!
"""Private IP address of Cato, used for BGP routing."""
privateCatoIp: IPAddress!
"""Private IP address of the site, used for BGP routing."""
privateSiteIp: IPAddress!
"""Name of the service provider."""
serviceProviderName: String!
"""Identifying data for the site."""
site: SiteRef!
"""Subnet for the connection."""
subnet: NetworkSubnet!
"""S-VLAN applicable only for QINQ connections."""
sVlan: Vlan
"""Upstream bandwidth limit."""
upstreamBwLimit: NetworkBandwidth!
"""VLAN applicable only for DOT1Q connections."""
vlan: Vlan
}
"""
Input for getting the ID of a physical connection at a cloud interconnect site.
"""
input CloudInterconnectPhysicalConnectionIdInput {
"""High availability role of the connection."""
haRole: HaRole!
"""Identifying data for the site."""
site: SiteRefInput!
}
"""ID of a physical connection at a cloud interconnect site."""
type CloudInterconnectPhysicalConnectionId {
"""ID of the connection."""
id: ID!
}
"""
Input for checking the connectivity status of a cloud interconnect connection.
"""
input CloudInterconnectConnectionConnectivityInput {
"""ID of the connection."""
id: ID!
}
"""Connectivity status of a cloud interconnect connection."""
type CloudInterconnectConnectionConnectivity {
"""Indicates if the connection is successful."""
success: Boolean!
}
enum SocketInterfaceDestType {
ALTERNATIVE
CATO
INTERFACE_DISABLED
LAN
LAN_AND_HA
LAN_LAG_MASTER
LAN_LAG_MASTER_AND_VRRP
LAN_LAG_MEMBER
LAYER_2_WAN
VRRP
VRRP_AND_LAN
}
enum VrrpType {
DIRECT_LINK
VIA_SWITCH
}
"SocketInterface available ids, INT_# stands for 1,2,3...12 supported ids"
enum SocketInterfaceIDEnum {
INT_1
INT_10
INT_11
INT_12
INT_2
INT_3
INT_4
INT_5
INT_6
INT_7
INT_8
INT_9
LAN1
LAN2
LTE
USB1
USB2
WAN1
WAN2
WLAN
}
enum SocketInterfaceRole {
wan_1
wan_2
wan_3
wan_4
}
enum IPSecV2InterfaceId {
PRIMARY1
PRIMARY2
PRIMARY3
SECONDARY1
SECONDARY2
SECONDARY3
}
enum IPSecV2TunnelRole {
WAN1
WAN2
WAN3
}
type SubDomain {
accountId: ID!
accountName: String!
accountType: String!
subDomain: String!
}
input UpdateAccountRoleInput {
id: ID!
name: String
}
input UpdateAdminRoleInput {
allowedAccounts: [ID!]
allowedEntities: [EntityInput!]
role: UpdateAccountRoleInput!
}
enum SiteType {
BRANCH
CLOUD_DC
DATACENTER
HEADQUARTERS
}
type AdminsResult {
items: [Admin!]!
total: Int!
}
type EntityLookupResult {
items: [EntityInfo!]!
total: Int
}
enum AdminType {
LOGIN
SERVICE_PRINCIPLE
}
"""A CC2 administrator"""
type Admin {
adminType: AdminType
allowedItems: [Entity!]
creationDate: DateTime
email: String
firstName: String
id: ID!
lastName: String
managedRoles: [AdminRole!]
mfaEnabled: Boolean
modifyDate: DateTime
nativeAccountID: ID
passwordNeverExpires: Boolean
presentUsageAndEvents: Boolean
resellerRoles: [AdminRole!]
role: UserRole
status: OperationalStatus
version: String!
}
enum UserRole {
EDITOR
OWNER
PUBLIC_EDITOR
PUBLIC_VIEWER
SITES_VIEWER
SUPER_USER
VIEWER
}
enum AccountType {
ALL
REGULAR
RESELLER
SYSTEM
}
enum IpSecCipher {
AES_CBC_128
AES_CBC_256
AES_GCM_128
AES_GCM_256
AUTOMATIC
DES3_CBC
NONE
}
enum IpSecHash {
AUTOMATIC
MD5
NONE
SHA1
SHA256
SHA384
SHA512
}
enum IpSecDHGroup {
AUTOMATIC
DH_14_MODP2048
DH_15_MODP3072
DH_16_MODP4096
DH_19_ECP256
DH_2_MODP1024
DH_20_ECP384
DH_21_ECP521
DH_5_MODP1536
NONE
}
enum ConnectionMode {
BIDIRECTIONAL
RESPONDER_ONLY
}
enum IdentificationType {
EMAIL
FQDN
IPV4
KEY_ID
}
enum DestinationType {
FQDN
IPv4
}
enum ProtoType {
CROSS_CONNECT
IPSEC_CLIENT
IPSEC_HOST
IPSEC_V2
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
SOCKET_GCP1500
SOCKET_X1500
SOCKET_X1600
SOCKET_X1600_LTE
SOCKET_X1700
VSOCKET_VGX
VSOCKET_VGX_AWS
VSOCKET_VGX_AZURE
VSOCKET_VGX_ESX
}
enum SocketRegistrationStatus {
ASSIGNED_SITE
ASSIGNED_SITE_PENDING_REGISTER
NEW
PENDING
REGISTERED
REJECTED
UNASSIGNING
}
enum SocketUpgradeStatus {
CANCEL
FAIL
FATAL
PENDING
PENDING_REBOOT
RETRY
SKIP
STARTED
STARTING
SUCCESS
}
enum SocketPlatform {
AWS1500
AZ1500
ESX1500
GCP1500
X1500
X1500_BR2
X1500B_BR2
X1600
X1600_LTE
X1700
X1700B
}
enum SubnetType {
Direct
Native
Routed
SecondaryNative
VLAN
}
enum DhcpType {
ACCOUNT_DEFAULT
DHCP_DISABLED
DHCP_RANGE
DHCP_RELAY
}
input LookupFilterInput {
filter: LookupFilterType
value: String
}
enum LookupFilterType {
"""Custom filter for country, used by city and state entityLookup"""
country
"""
Custom filter to be used with Site entityLookup, to get only sites with Alt WAN, possible values:
"true",
"false",
"""
filterByAltWan
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as backhauling gateways, possible values:
"true",
"false",
"""
filterByBackhaulingGW
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values (there are more values that can supported):
"SOCKET_X1500",
"SOCKET_X1600",
"SOCKET_X1700",
"VSOCKET_VGX_ESX",
"VSOCKET_VGX_AWS"
"VSOCKET_VGX_AZURE"
"SOCKET_X1600_LTE",
"""
filterByConnectionType
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values:
"SOCKET",
"IPSEC",
"vSOCKET",
"PHYSICAL_SOCKET"
"""
filterByConnectionTypeFamily
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as OffCloudTransportEnabled, possible values:
"true",
"false",
"""
filterByOffCloudTransportEnabled
"""Custom filter for state used by city entityLookup"""
state
}
type AccountRolesResult {
items: [RBACRole!]!
total: Int!
}
type AccountDataPayload {
id: ID!
name: String!
subdomain: String!
}
type Entity {
id: ID!
name: String
type: EntityType!
}
input EntityInput {
id: ID!
name: String
type: EntityType!
}
type EntityInfo {
description: String!
entity: Entity!
helperFields: Map!
}
input BgpPeerListInput {
"""Identifies the site whose BGP peers are listed."""
site: SiteRefInput!
}
type BgpPeerListPayload {
"""BGP peers associated with the site."""
bgpPeer: [BgpPeer!]!
"""Total number of BGP peers found."""
total: Int!
}
input AddBgpPeerInput {
"""Advertise all routes if true."""
advertiseAllRoutes: Boolean! = false
"""Advertise the default route (0.0.0.0/0) if true."""
advertiseDefaultRoute: Boolean! = true
"""Advertise summarized routes if true."""
advertiseSummaryRoutes: Boolean! = false
"""Enable BFD for session failure detection if true."""
bfdEnabled: Boolean! = false
"""Required BFD configuration if BFD is enabled."""
bfdSettings: BfdSettingsInput
"""The AS number of Cato's BGP endpoint."""
catoAsn: Asn16!
"""Default action for routes not matching filters (ACCEPT or DROP)."""
defaultAction: BgpDefaultAction!
"""Excluded rules from the default action."""
defaultActionExclusion: [BgpFilterRuleInput!]! = []
"""Time (in seconds) before declaring the peer unreachable."""
holdTime: Int! = 60
"""Time (in seconds) between keepalive messages."""
keepaliveInterval: Int! = 20
"""MD5 authentication key for secure sessions."""
md5AuthKey: String
"""Route preference metric; lower values are given precedence."""
metric: Int! = 100
"""Name of the BGP configuration entity."""
name: String!
"""The AS number of the peer BGP endpoint."""
peerAsn: Asn32!
"""IP address of the peer BGP endpoint."""
peerIp: IPAddress!
"""Perform NAT if true."""
performNat: Boolean! = false
"""Information about the site where the BGP peer is being added."""
site: SiteRefInput!
"""Summarized routes to advertise."""
summaryRoute: [BgpSummaryRouteInput!]! = []
"""Configuration for tracking the health and status of the BGP peer."""
tracking: BgpTrackingInput
}
input BgpPeerRefInput {
"""Specifies the method of identification (default is by ID)."""
by: ObjectRefBy! = ID
"""Value used to identify the BGP peer (e.g., ID or name)."""
input: String!
}
type BgpPeer {
"""Indicates if all routes are advertised."""
advertiseAllRoutes: Boolean!
"""Indicates if the default route is advertised."""
advertiseDefaultRoute: Boolean!
"""Indicates if summarized routes are advertised."""
advertiseSummaryRoutes: Boolean!
"""Indicates if BFD is enabled for failure detection."""
bfdEnabled: Boolean!
"""BFD configuration."""
bfdSettings: BfdSettings
"""AS number of Cato's BGP endpoint."""
catoAsn: Asn16!
"""IP address of Cato's BGP endpoint."""
catoIp: IPAddress!
"""Default action for routes not matching filters (ACCEPT or DROP)."""
defaultAction: BgpDefaultAction!
"""Rules excluded from the default action."""
defaultActionExclusion: [BgpFilterRule!]!
"""Time before declaring the peer unreachable."""
holdTime: Int!
"""Unique identifier for the BGP peer."""
id: ID!
"""Interval between keepalive messages."""
keepaliveInterval: Int!
"""MD5 authentication key for secure sessions."""
md5AuthKey: String
"""Metric for route preferences."""
metric: Int!
"""Name of the BGP configuration entity."""
name: String!
"""AS number of the peer BGP endpoint."""
peerAsn: Asn32!
"""IP address of the peer BGP endpoint."""
peerIp: IPAddress!
"""Indicates if NAT is performed on routes."""
performNat: Boolean!
"""Site associated with this BGP peer."""
site: SiteRef!
"""Summarized routes advertised to the peer."""
summaryRoute: [BgpSummaryRoute!]!
"""Tracking configuration for health and availability."""
tracking: BgpTracking
}
input BgpTrackingInput {
"""Frequency of health alerts."""
alertFrequency: PolicyRuleTrackingFrequencyEnum! = HOURLY
"""Indicates if tracking is enabled."""
enabled: Boolean! = false
"""Subscription ID associated with this tracking rule."""
subscriptionId: ID!
}
type BgpTracking {
"""Frequency of health alerts."""
alertFrequency: PolicyRuleTrackingFrequencyEnum!
"""Indicates if tracking is enabled."""
enabled: Boolean!
"""Unique identifier for the tracking rule."""
id: ID!
"""Subscription ID associated with the rule."""
subscriptionId: ID
}
type AddBgpPeerPayload {
"""The BGP peer that was successfully added."""
bgpPeer: BgpPeer!
}
input UpdateBgpPeerInput {
"""Update for all route advertisements."""
advertiseAllRoutes: Boolean
"""Update for default route advertisement."""
advertiseDefaultRoute: Boolean
"""Update for summary route advertisement."""
advertiseSummaryRoutes: Boolean
"""Update to enable or disable BFD."""
bfdEnabled: Boolean
"""Updated BFD settings."""
bfdSettings: BfdSettingsInput
"""Updated AS number of Cato's BGP endpoint."""
catoAsn: Asn16
"""Update for the default action on unmatched routes."""
defaultAction: BgpDefaultAction
"""Updated rules excluded from the default action."""
defaultActionExclusion: [BgpFilterRuleInput!]
"""Updated hold time for the BGP session."""
holdTime: Int
"""Unique identifier of the BGP peer to be updated."""
id: ID!
"""Updated keepalive interval for the BGP session."""
keepaliveInterval: Int
"""Updated MD5 authentication key."""
md5AuthKey: String
"""Updated metric value for route preferences."""
metric: Int
"""Updated name of the BGP configuration entity."""
name: String
"""Updated AS number of the peer BGP endpoint."""
peerAsn: Asn32
"""Updated IP address of the peer BGP endpoint."""
peerIp: IPAddress
"""Update for NAT configuration."""
performNat: Boolean
"""Updated summarized routes to advertise."""
summaryRoute: [BgpSummaryRouteInput!]
"""Updated tracking configuration for the BGP peer."""
tracking: BgpTrackingInput
}
input BfdSettingsInput {
"""Number of missed BFD packets before considering the session down."""
multiplier: Int! = 5
"""
Time interval (in milliseconds) in which this peer expects to receive BFD packets.
"""
receiveInterval: Int! = 1000
"""Time interval (in milliseconds) between BFD packets sent by this peer."""
transmitInterval: Int! = 1000
}
type BfdSettings {
"""Number of missed BFD packets before considering the session down."""
multiplier: Int!
"""
Time interval (in milliseconds) in which this peer expects to receive BFD packets.
"""
receiveInterval: Int!
"""Time interval (in milliseconds) between BFD packets sent by this peer."""
transmitInterval: Int!
}
type UpdateBgpPeerPayload {
"""The updated BGP peer object."""
bgpPeer: BgpPeer!
}
input RemoveBgpPeerInput {
"""Unique identifier of the BGP peer to be removed."""
id: ID!
}
type RemoveBgpPeerPayload {
"""The BGP peer that was successfully removed."""
bgpPeer: BgpPeer!
}
enum BgpDefaultAction {
"""Default action to accept all unmatched routes."""
ACCEPT
"""Default action to drop all unmatched routes."""
DROP
}
input SiteBgpStatusInput {
"""Identifying data for the site whose BGP status is being queried."""
site: SiteRefInput!
}
type SiteBgpStatus {
"""Raw BGP status information."""
rawStatus: [String!]!
"""Detailed BGP status, including session and route details."""
status: [BgpDetailedStatus!]!
}
type BgpDetailedStatus {
"""Status of the BFD session (if applicable)."""
bfdSession: String
"""Status of the BGP session (e.g., established, down)."""
bgpSession: String!
"""Routes rejected from the peer."""
rejectedRoutesFromPeer: [BgpRejectedRoutesFromPeer!]!
"""IP address of the remote BGP peer."""
remoteIp: IPAddress!
"""Routes received from the peer."""
routesFromPeer: [String!]!
"""Routes sent to the peer."""
routesToPeer: [String!]!
}
type BgpSummaryRoute {
"""Community values associated with the route."""
community: [BgpCommunity!]!
"""Unique identifier of the summarized route."""
id: ID!
"""Subnet of the summarized route."""
route: NetworkSubnet!
}
input BgpSummaryRouteInput {
"""Community values to associate with the summarized route."""
community: [BgpCommunityInput!]! = []
"""Subnet of the summarized route to be advertised."""
route: NetworkSubnet!
}
type BgpRouteExactAndInclusiveFilterRule {
"""Minimum prefix length for the filter rule."""
ge: Int
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRef!]!
"""Global IP ranges to exclude."""
globalIpRangeException: [GlobalIpRangeRef!]!
"""Unique identifier of the filter rule."""
id: ID!
"""Maximum prefix length for the filter rule."""
le: Int
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]!
"""Network subnets to exclude."""
networkSubnetException: [NetworkSubnet!]!
}
type BgpRouteExactFilterRule {
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRef!]!
"""Unique identifier of the exact filter rule."""
id: ID!
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]!
}
type BgpCommunityFilterRule {
"""Community values to match."""
community: [BgpCommunity!]!
"""Unique identifier of the community filter rule."""
id: ID!
"""Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL)."""
predicate: BgpCommunityFilterPredicate!
}
type BgpFilterRule {
"""
Exact and inclusive filter rule. Please choose only one filter rule type.
"""
bgpRouteExactAndInclusiveFilterRule: BgpRouteExactAndInclusiveFilterRule
"""Exact route filter rule. Please choose only one filter rule type."""
bgpRouteExactFilterRule: BgpRouteExactFilterRule
"""Community filter rule. Please choose only one filter rule type."""
communityFilterRule: BgpCommunityFilterRule
}
input BgpFilterRuleInput {
"""Input for exact and inclusive filter rule."""
bgpRouteExactAndInclusiveFilterRule: BgpRouteExactAndInclusiveFilterRuleInput
"""Input for exact route filter rule."""
bgpRouteExactFilterRule: BgpRouteExactFilterRuleInput
"""Input for community filter rule."""
communityFilterRule: BgpCommunityFilterRuleInput
}
input BgpRouteExactFilterRuleInput {
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRefInput!]! = []
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]! = []
}
input BgpRouteExactAndInclusiveFilterRuleInput {
"""Minimum prefix length for the filter rule."""
ge: Int
"""Global IP ranges to include."""
globalIpRange: [GlobalIpRangeRefInput!]! = []
"""Global IP ranges to exclude."""
globalIpRangeException: [GlobalIpRangeRefInput!]! = []
"""Maximum prefix length for the filter rule."""
le: Int
"""Network subnets to include."""
networkSubnet: [NetworkSubnet!]! = []
"""Network subnets to exclude."""
networkSubnetException: [NetworkSubnet!]! = []
}
input BgpCommunityFilterRuleInput {
"""Community values to match."""
community: [BgpCommunityInput!]! = []
"""Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL)."""
predicate: BgpCommunityFilterPredicate
}
enum BgpCommunityFilterPredicate {
"""Matches exactly the specified community value."""
EQUAL
"""Matches any community value except the specified one."""
NOT_EQUAL
}
type BgpCommunity {
"""Start of the community range."""
from: Asn16!
"""End of the community range."""
to: Asn16!
}
input BgpCommunityInput {
"""Start of the community range."""
from: Asn16!
"""End of the community range."""
to: Asn16!
}
type BgpRejectedRoutesFromPeer {
"""Community values associated with the rejected route."""
community: [BgpCommunity!]!
"""Timestamp of the last attempt to publish the rejected route."""
lastPublishAttempt: DateTime
"""Filter rule that caused the rejection."""
rule: String
"""Subnet of the rejected route."""
subnet: NetworkSubnet
"""Reason for rejecting the route."""
type: String
}
interface ObjectRef {
"Object's unique identifier"
id: ID!
"Object's unique name"
name: String!
}
enum ObjectRefBy {
ID
NAME
}
"Time zone identifier E.g.: America/New_York"
scalar TimeZone
"Wall time. E.g.: 12:34:56 or 12:34"
scalar Time
"2006-01-02T15:04:05Z07:00 (RFC3339)"
scalar DateTime
"2006-01-02"
scalar Date
"An IPv4 IP address"
scalar IPAddress
"""
Top level domain is actually second level domain (e.g. example.com)
It is recommended to use as a broad way of distinguishing domains, because they **frequently use multiple hosts**.
"""
scalar Domain
"""Fully Qualified Domain Name: An exact host name (e.g. www.example.com)"""
scalar Fqdn
"VLAN Identifier"
scalar Vlan
"Application Risk"
scalar ApplicationRisk
enum OperatingSystem {
ANDROID
EMBEDDED
IOS
LINUX
MACOS
WINDOWS
}
"Email address. E.g.: user@company.org"
scalar Email
"Network port number. Must be in range [0-65535] E.g.: 433, 8080, 80, etc.."
scalar Port
"16 bit autonomous system number [0-65535]"
scalar Asn16
"32 bit autonomous system number [0-4294967295]"
scalar Asn32
scalar NetworkBandwidth
"A Uniform Resource Locator, colloquially known as an address on the Web. E.g.: http://www.example.com/page/"
scalar Url
enum DayOfWeek {
FRIDAY
MONDAY
SATURDAY
SUNDAY
THURSDAY
TUESDAY
WEDNESDAY
}
"FF:FF:FF:FF OR FF-FF-FF-FF"
scalar MacAddress
"Http header name"
scalar HttpHeaderName
"Http header value"
scalar HttpHeaderValue
"Subnet in CIDR notation E.g.: 10.0.0.0/24"
scalar NetworkSubnet
"Inclusive range of IPs"
type IpAddressRange {
from: IPAddress!
to: IPAddress!
}
"Inclusive range of IPs"
input IpAddressRangeInput {
from: IPAddress!
to: IPAddress!
}
"Inclusive network port range"
type PortRange {
from: Port!
to: Port!
}
"Inclusive network port range"
input PortRangeInput {
from: Port!
to: Port!
}
enum IpProtocol {
ANY
ICMP
TCP
"TCP or UDP"
TCP_UDP
UDP
}
enum SimpleServiceType {
DNS_TCP
DNS_UDP
FTP
HTTP
HTTPS
MYSQL
RDP
SMTP
SSH
}
"Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol"
type CustomService {
port: [Port!]
portRange: PortRange
protocol: IpProtocol!
}
"Add a Custom Service defined by a combination of L4 ports and an IP Protocol"
input CustomServiceInput {
port: [Port!]
portRange: PortRangeInput
protocol: IpProtocol!
}
type CustomServiceIp {
ip: IPAddress
ipRange: IpAddressRange
name: String!
}
input CustomServiceIpInput {
ip: IPAddress
ipRange: IpAddressRangeInput
name: String!
}
type SimpleService {
name: SimpleServiceType!
}
input SimpleServiceInput {
name: SimpleServiceType!
}
input AccountFilter {
accountInclusion: AccountInclusion
in: [ID!]
}
type CatalogQueries {
catalogApplication(input: ApplicationRefInput!): CatalogApplication @beta
catalogApplicationList(input: CatalogApplicationListInput!): CatalogApplicationListPayload @beta
contentTypeGroupList(input: CatalogApplicationContentTypeGroupListInput!): CatalogApplicationContentTypeGroupListPayload @beta
}
"""
A reference identifying the User object. ID: Unique User Identifier, Name: The User Name
"""
type UserRef implements ObjectRef {
id: ID!
name: String!
}
input UserRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the UsersGroup object. ID: Unique UsersGroup Identifier, Name: The UsersGroup Name
"""
type UsersGroupRef implements ObjectRef {
id: ID!
name: String!
}
input UsersGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the DeviceProfile object. ID: Unique DeviceProfile Identifier, Name: The DeviceProfile Name
"""
type DeviceProfileRef implements ObjectRef {
id: ID!
name: String!
}
input DeviceProfileRefInput {
by: ObjectRefBy! = ID
input: String!
}
interface ActorRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Admin object. ID: Unique Admin Identifier, Name: The Admin Name
"""
type AdminRef implements ActorRef & ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the ApiKey object. ID: Unique ApiKey Identifier, Name: The ApiKey Name
"""
type ApiKeyRef implements ActorRef & ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the CustomCategory object. ID: Unique CustomCategory Identifier, Name: The CustomCategory Name
"""
type CustomCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input CustomCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Group object. ID: Unique Group Identifier, Name: The Group Name
"""
type GroupRef implements ObjectRef {
id: ID!
name: String!
}
input GroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the AllocatedIp object. ID: Unique AllocatedIp Identifier, Name: The AllocatedIp Name
"""
type AllocatedIpRef implements ObjectRef {
id: ID!
name: String!
}
input AllocatedIpRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
Returns data for the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched
to the route advertised by BGP. They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
type FloatingSubnetRef implements ObjectRef {
"Unique Floating Subnet ID"
id: ID!
"Name for the Floating Subnet"
name: String!
}
"""
Defines the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched
to the route advertised by BGP. They are not associated with a specific site.
This is useful in scenarios such as active-standby high availability routed via BGP.
"""
input FloatingSubnetRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
type GlobalRangeRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the Host object. ID: Unique Host Identifier, Name: The Host Name
"""
type HostRef implements ObjectRef {
id: ID!
name: String!
}
input HostRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the NetworkInterface object. ID: Unique NetworkInterface Identifier, Name: The NetworkInterface Name
"""
type NetworkInterfaceRef implements ObjectRef {
id: ID!
name: String!
}
input NetworkInterfaceRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name
"""
type SiteRef implements ObjectRef {
id: ID!
name: String!
}
input SiteRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Account object. ID: Unique Account Identifier, Name: The Account Name
"""
type AccountRef implements ObjectRef {
id: ID!
name: String!
}
"""
A reference identifying the SiteNetworkSubnet object. ID: Unique SiteNetworkSubnet Identifier, Name: The SiteNetworkSubnet Name
"""
type SiteNetworkSubnetRef implements ObjectRef {
id: ID!
name: String!
}
input SiteNetworkSubnetRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Application object. ID: Unique Application Identifier, Name: The Application Name
"""
type ApplicationRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the ApplicationCategory object. ID: Unique ApplicationCategory Identifier, Name: The ApplicationCategory Name
"""
type ApplicationCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input ApplicationCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SanctionedAppsCategory object. ID: Unique SanctionedAppsCategory Identifier, Name: The SanctionedAppsCategory Name
"""
type SanctionedAppsCategoryRef implements ObjectRef {
id: ID!
name: String!
}
input SanctionedAppsCategoryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the CustomApplication object. ID: Unique CustomApplication Identifier, Name: The CustomApplication Name
"""
type CustomApplicationRef implements ObjectRef {
id: ID!
name: String!
}
input CustomApplicationRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Service object. ID: Unique Service Identifier, Name: The Service Name
"""
type ServiceRef implements ObjectRef {
id: ID!
name: String!
}
input ServiceRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the Country object. ID: Unique Country Identifier, Name: The Country Name
"""
type CountryRef implements ObjectRef {
id: ID!
name: String!
}
input CountryRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionGroup object. ID: Unique SubscriptionGroup Identifier, Name: The SubscriptionGroup Name
"""
type SubscriptionGroupRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionWebhook object. ID: Unique SubscriptionWebhook Identifier, Name: The SubscriptionWebhook Name
"""
type SubscriptionWebhookRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionWebhookRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SubscriptionMailingList object. ID: Unique SubscriptionMailingList Identifier, Name: The SubscriptionMailingList Name
"""
type SubscriptionMailingListRef implements ObjectRef {
id: ID!
name: String!
}
input SubscriptionMailingListRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the SystemGroup object. ID: Unique SystemGroup Identifier, Name: The SystemGroup Name
"""
type SystemGroupRef implements ObjectRef {
id: ID!
name: String!
}
input SystemGroupRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the GlobalIpRange object. ID: Unique GlobalIpRange Identifier, Name: The GlobalIpRange Name
"""
type GlobalIpRangeRef implements ObjectRef {
id: ID!
name: String!
}
input GlobalIpRangeRefInput {
by: ObjectRefBy! = ID
input: String!
}
type BandwidthManagementRef implements ObjectRef {
id: ID!
name: String!
}
input BandwidthManagementRefInput {
by: ObjectRefBy! = ID
input: String!
}
"""
A reference identifying the PopLocation object. ID: Unique PopLocation Identifier, Name: The PopLocation Name
"""
type PopLocationRef implements ObjectRef {
id: ID!
name: String!
}
input PopLocationRefInput {
by: ObjectRefBy! = ID
input: String!
}
interface IContainerRef implements ObjectRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"A group with members of FQDN type"
type FqdnContainerRef implements ObjectRef & IContainerRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"A group with members of IPAddressRange type"
type IpAddressRangeContainerRef implements ObjectRef & IContainerRef {
"Unique container ID"
id: ID!
"Name for the container"
name: String!
}
"Add a container by ID or name"
input ContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
input FqdnContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
input IpAddressRangeContainerRefInput {
"Defines the object identification method – by ID (default) or by name"
by: ObjectRefBy! = ID
"The object identification (ID or name) value"
input: String!
}
enum AccountInclusion {
ALL_ACCOUNTS
MANAGED_ACCOUNTS_ONLY
}
input SortOrderInput {
direction: SortOrder! = ASC
priority: Int! = 1
}
enum SortOrder {
ASC
DESC
}
type PageInfo {
total: Int!
}
input IdFilterInput {
eq: ID
in: [ID!]
neq: ID
nin: [ID!]
}
input SiteRefFilterInput {
eq: SiteRefInput
in: [SiteRefInput!]
neq: SiteRefInput
nin: [SiteRefInput!]
}
input UserRefFilterInput {
eq: UserRefInput
in: [UserRefInput!]
neq: UserRefInput
nin: [UserRefInput!]
}
input StringFilterInput {
eq: String
in: [String!]
neq: String
nin: [String!]
}
input IntFilterInput {
between: [Int!]
eq: Int
gt: Int
gte: Int
in: [Int!]
lt: Int
lte: Int
neq: Int
nin: [Int!]
}
input DateTimeFilterInput {
between: [DateTime!]
eq: DateTime
gt: DateTime
gte: DateTime
in: [DateTime!]
lt: DateTime
lte: DateTime
neq: DateTime
nin: [DateTime!]
}
input FreeTextFilterInput {
search: String!
}
input BooleanFilterInput {
eq: Boolean
neq: Boolean
}
input PagingInput {
from: Int! = 0
limit: Int! = 100
}
input SortInput {
field: String
order: DirectionInput
}
enum DirectionInput {
asc
desc
}
enum TaggingMethod {
DOT1Q
QINQ
}
enum AppStatsFieldName {
"Active Directory name"
ad_name
"The application identifier"
app
"The application name"
application
"Cato system category of the application"
category
"Application description"
description
"IP for destination host or Cato Client"
dest_ip
"Destination is site or remote user"
dest_is_site_or_vpn
"Destination site or remote user identifier"
dest_site
"Destination Site or remote user identifier"
dest_site_id
"Destination Site or remote user name"
dest_site_name
"Name for device related to the traffic"
device_name
""
discovered_app
""
domain
"data downloaded from cloud applications"
downstream
""
flows_created
"the country in which the registered application headquarteres is located"
hq_location
""
ip
"indicates whether the application is considered cloud app/SaaS app"
is_cloud_app
"new cloud application identifier"
new_app
""
risk_level
"the application risk score assigned by Cato"
risk_score
"Is the application defined as sanctioned?"
sanctioned
"Country in which the source host is located"
site_country
"State in which the source host is located"
site_state
"Name for Socket interface"
socket_interface
"IP for source host or Cato Client"
src_ip
"Source is site or remote user"
src_is_site_or_vpn
"Source site or remote user identifier"
src_site_id
"Source site or remote user name"
src_site_name
"Name of subnet as defined in Cato Management Application"
subnet
"the total sum of upstream and downstream data in bytes"
traffic
"Traffic direction"
traffic_direction
"data uploaded to cloud applications"
upstream
"User identifier"
user_id
"User name"
user_name
""
vpn_user_id @deprecated(reason: "use user_id instead")
}
type AppStats {
from: DateTime
id: ID
records(limit: Int, from: Int): [AppStatsRecord!]
to: DateTime
total: Int
totals: Map
}
type AppStatsRecord {
fields: [AppStatsField!]
"fields in map format (see Map scalar)"
fieldsMap: Map
fieldsUnitTypes: [UnitType!]
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
prevTimeFrame: Map
trends: Map
}
type AppStatsTimeSeries {
from: DateTime
granularity: Int
id: ID
timeseries(buckets: Int!): [Timeseries!]
to: DateTime
}
type AppStatsField {
name: AppStatsFieldName!
value: Value!
}
input Measure {
aggType: AggregationType!
fieldName: AppStatsFieldName!
trend: Boolean
}
input Dimension {
fieldName: AppStatsFieldName!
}
input AppStatsFilter {
fieldName: AppStatsFieldName!
operator: FilterOperator!
values: [String!]!
}
input AppStatsSort {
fieldName: AppStatsFieldName!
order: DirectionEnum!
}
type AdminMutations {
addAdmin(input: AddAdminInput!): AddAdminPayload @ga
removeAdmin(adminID: ID!): RemoveAdminPayload @ga
updateAdmin(adminID: ID!, input: UpdateAdminInput!): UpdateAdminPayload @ga
}
type GetAdminPayload {
adminType: AdminType!
creationDate: String!
email: String!
firstName: String!
id: ID!
lastName: String!
managedRoles: [AdminRole!]
mfaEnabled: Boolean!
passwordNeverExpires: Boolean!
resellerRoles: [AdminRole!]
}
input AddAdminInput {
adminType: AdminType
email: String!
firstName: String!
lastName: String!
managedRoles: [UpdateAdminRoleInput!]
mfaEnabled: Boolean @deprecated(reason: "It is recommended to always require MFA when using User Credential authentication.")
passwordNeverExpires: Boolean!
resellerRoles: [UpdateAdminRoleInput!]
}
input UpdateAdminInput {
firstName: String
lastName: String
managedRoles: [UpdateAdminRoleInput!]
mfaEnabled: Boolean @deprecated(reason: "It is recommended to always require MFA when using User Credential authentication.")
passwordNeverExpires: Boolean
resellerRoles: [UpdateAdminRoleInput!]
}
type AddAdminPayload {
adminID: ID!
}
type RemoveAdminPayload {
adminID: ID!
}
type UpdateAdminPayload {
adminID: ID!
}
type AccountManagementQueries {
"""Read the account information"""
account: AccountInfo @ga
}
type AccountManagementMutations {
"""Add a new account"""
addAccount(input: AddAccountInput!): AccountInfo @ga
"""
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
"""
removeAccount(accountId: ID!): RemoveAccountPayload @ga
"""Update existing account attributes"""
updateAccount(input: UpdateAccountInput!): AccountInfo @ga
}
input AddAccountInput {
"""User-defined information as defined by an account admin"""
description: String
"""The name of the account"""
name: String!
"""The account tenancy (single-tenant / multi-tenant)"""
tenancy: AccountTenancy!
"""The time zone of the account. Default: UTC (GMT + 0)."""
timezone: TimeZone!
"""The account type (Partner / customer)"""
type: AccountProfileType!
}
input UpdateAccountInput {
"""Account description"""
description: String
}
type AccountInfo {
"""Audit data for the account"""
audit: AccountAuditData!
"""User-defined information as defined by an account admin"""
description: String
"""The ID of the account"""
id: ID!
"""The name of the account"""
name: String!
"""The account tenancy e.g. single-tenant / multi-tenant"""
tenancy: AccountTenancy!
"""The time zone of the account. Default: UTC (GMT + 0)."""
timeZone: TimeZone!
"""The account type e.g. Partner or Customer"""
type: AccountProfileType!
}
type AccountAuditData {
"""The Admin / API key name used for creating the account"""
createdBy: String!
"""The date when the account created"""
createdTime: DateTime!
}
type RemoveAccountPayload {
"""General info of the removed account"""
accountInfo: AccountInfo!
}
"""enum for account type"""
enum AccountProfileType {
"""A customer account"""
CUSTOMER
"""A partner account"""
PARTNER
}
"""enum for account tenancy"""
enum AccountTenancy {
"""Multi tenant account - default for partner accounts"""
MULTI_TENANT
"""Single tenant account - default for customer accounts"""
SINGLE_TENANT
}
type SandboxQueries {
" Get a list of sandbox reports "
reports(input: SandboxReportsInput!): SandboxReportsPayload! @beta
}
type SandboxMutations {
" Delete a sandbox report "
deleteReport(input: DeleteReportInput!): DeleteReportPayload! @beta
" Upload a file for sandbox analysis "
uploadFile(input: UploadFileInput!): UploadFilePayload! @beta
}
" Output of sandbox reports query "
type SandboxReportsPayload {
" Pagination information "
pageInfo: PageInfo!
" List of sandbox reports "
report: [SandboxReport!]!
}
" Sandbox report meta-data "
type SandboxReport {
" Report creation date "
creationDate: DateTime!
" Report download URL (if ready) "
downloadUrl: Url
" Report expiration date "
expirationDate: DateTime
" Sandbox analysis failure reason (if any) "
failureReason: SandboxFailureReason
" File hash (SHA-256) "
fileHash: String!
" File name "
fileName: String
" Sandbox analysis status "
status: SandboxStatus!
" Sandbox verdict "
verdict: SandboxVerdict
}
" Upload file response "
type UploadFilePayload {
" Upload URL (HTTP PUT) "
uploadUrl: Url
}
" Delete report response "
type DeleteReportPayload {
" File hash (SHA-256) "
fileHash: String!
}
" Sandbox analysis verdict "
enum SandboxVerdict {
" File is clean "
BENIGN
" File is malicious "
MALICIOUS
" File is suspicious "
SUSPICIOUS
}
" Sandbox analysis status "
enum SandboxStatus {
" Report has expired "
EXPIRED
" Analysis has failed "
FAILED
" File is being analyzed "
IN_PROGRESS
" File is pending analysis "
PENDING
" Analysis is complete - report is ready "
READY
}
" Sandbox analysis failure reason "
enum SandboxFailureReason {
" Failed to fetch report from sandbox service after 10 minutes "
ANALYSIS_TIMEOUT
" Internal server error "
INTERNAL_ERROR
" Invalid file size (0 or too large) "
INVALID_FILE_SIZE
" Failed to submit file for sandbox analysis "
SUBMISSION_ERROR
" Unsupported file type "
UNSUPPORTED_FILE_TYPE
}
" Sandbox reports query input "
input SandboxReportsInput {
" Query filter criteria "
filter: SandboxReportsFilterInput
" Query pagination criteria "
paging: PagingInput! = {limit: 25, from: 0}
" Query sorting criteria "
sort: SandboxReportsSortInput! = {reportCreateDate: {direction: DESC, priority: 1}}
}
" Sandbox reports query filter "
input SandboxReportsFilterInput {
" File hash filter "
fileHash: [StringFilterInput!]
" File name filter "
fileName: [StringFilterInput!]
" Report creation date filter "
reportCreateDate: [DateTimeFilterInput!]
}
" Sandbox reports query sorting "
input SandboxReportsSortInput {
" Sort by file name "
fileName: SortOrderInput
" Sort by report creation date "
reportCreateDate: SortOrderInput
}
" Upload file input "
input UploadFileInput {
" Uploaded file name "
fileName: String!
}
" Delete report input "
input DeleteReportInput {
" File hash (SHA-256) to be deleted "
fileHash: String!
}
type LicensingQueries {
"""BETA"""
licensingInfo: LicensingInfo @beta
}
"""Public license API"""
type LicensingInfo {
"""License usage and allocation across the managed accounts"""
globalLicenseAllocations: GlobalLicenseAllocations!
"""License inventory"""
licenses: [License!]!
}
"""License usage and allocation across all accounts"""
type GlobalLicenseAllocations {
"""Public IP addresses usage across the accounts"""
publicIps: PublicIpsLicenseAllocations
"""ZTNA license allocation across the accounts"""
ztnaUsers: ZtnaUsersLicenseAllocations
}
"""IP addresses license usage and allocation across all accounts"""
type PublicIpsLicenseAllocations {
allocated: Int!
available: Int!
total: Int!
}
"""Global ZTNA license usage and allocation across all accounts"""
type ZtnaUsersLicenseAllocations {
"""Total users allocated a ZTNA license"""
allocated: Int!
"""Available users not yet allocated a license"""
available: Int!
"""Total ZTNA licenses for users"""
total: Int!
}
"""enum for license plan type (site license, service license, etc...)"""
enum LicensePlan {
COMMERCIAL
TRIAL
}
"""
enum for account plan status – the current license status within the license lifecycle
"""
enum LicenseStatus {
"""A license that is currently active"""
ACTIVE
"""An expired license is no longer active"""
DISABLED
"""A license in a grace period"""
LOCKED
"""
An existing license with a future start date that is not currently active
"""
SCHEDULED
"""
A license that is active before its start date, for partners and customers to verify the relevant configurations
"""
STAGING
}
"""
An interface containing properties that are common to all license types
"""
interface License {
description: String
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License activation status"""
status: LicenseStatus!
"""License start date"""
startDate: DateTime
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
}
interface QuantifiableLicense implements License {
description: String
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License activation status"""
status: LicenseStatus!
"""License initiation date"""
startDate: DateTime
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""license quantity"""
total: Int!
}
enum LicenseSku {
"""Cato Anti Malware (legacy) service SKU"""
CATO_ANTI_MALWARE
"""Cato Anti Malware Next Generation (legacy) service SKU"""
CATO_ANTI_MALWARE_NG
"""Cato CASB service SKU"""
CATO_CASB
"""Cato datalake Group SKU"""
CATO_DATALAKE
"""12 months data retention SKU"""
CATO_DATALAKE_12M
"""3 months data retention SKU"""
CATO_DATALAKE_3M
"""6 months data retention SKU"""
CATO_DATALAKE_6M
"""Cato DEM service SKU"""
CATO_DEM
"""Cato DLP service SKU"""
CATO_DLP
"""Cato EPP service SKU"""
CATO_EPP
"""Cato ILMM service SKU"""
CATO_ILMM
"""Cato IoT/OT Security service SKU"""
CATO_IOT_OT
"""Public IPs SKU"""
CATO_IP_ADD
"""Cato IPS (legacy) service SKU"""
CATO_IPS
"""Cato Managed XDR service SKU"""
CATO_MANAGED_XDR
"""Cato MDR (XDR Pro) service SKU"""
CATO_MDR
"""Cato NOCaaS service SKU"""
CATO_NOCAAS_HF
"""Site pooled bandwidth SASE SKU"""
CATO_PB
"""Site pooled bandwidth SSE SKU"""
CATO_PB_SSE
"""Cato Remote Browser Isolation (RBI) service SKU"""
CATO_RBI
"""Cato SAAS Group SKU"""
CATO_SAAS
CATO_SAAS_SECURITY_API
"""
Cato SAAS Security API with more than two Applications integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_ALL_APPS
"""
Cato SAAS Security API with one application integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_ONE_APP
"""
Cato SAAS Security API with two applications integration (legacy) service SKU
"""
CATO_SAAS_SECURITY_API_TWO_APPS
"""Site bandwidth SASE SKU"""
CATO_SITE
"""Site bandwidth SSE SKU"""
CATO_SSE_SITE
"""Cato Threat Prevention (legacy) service SKU"""
CATO_THREAT_PREVENTION
"""Cato Advanced Threat Prevention service SKU"""
CATO_THREAT_PREVENTION_ADV
"""Cato XDR service SKU"""
CATO_XDR_PRO
"""ZTNA remote users SKU"""
CATO_ZTNA_USERS
"""ZTNA remote users SKU"""
MOBILE_USERS @deprecated(reason: "replaced with CATO_ZTNA_USERS")
}
type DataLakeLicense implements License & QuantifiableLicense {
description: String
"""
The version of the Data Processing Agreement (DPA) that your company signed with Cato.
"""
dpaVersion: DpaVersion!
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""
Data retention period, in months, during which the account data may remain on the Cato Cloud. After this period the data will be permanently deleted.
"""
retentionPeriod: Int
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""
Total number of the Data Storage Units under this license. Each Data Storage Unit increases the allowed ingestion rate (events per hour and total events storage)
"""
total: Int!
}
"""The DPA agreement, based on your contract with Cato"""
enum DpaVersion {
DPA_2019_01
DPA_2021_01
DPA_2023_01
}
"""Public IP address license"""
type PublicIpsLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The number of public IPs available in the licenses"""
total: Int!
}
"""Site bandwidth license"""
type SiteLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""
For the relevant license groups, indicates whether this is a global or regional license. For other regions, the value is set to ‘NA’ (not applicable).
"""
regionality: Regionality
"""Identifying data for the site the license is assigned to"""
site: SiteRef
"""The license group."""
siteLicenseGroup: SiteLicenseGroup!
"""The selected service type, e.g SASE or SSE."""
siteLicenseType: SiteLicenseType!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""Maximum available bandwidth for the site, in Mbps"""
total: Int!
}
type PooledBandwidthLicense implements License & QuantifiableLicense {
"""
Accounts that this license is assigned to (and the license usage within each account)
"""
accounts: [PartnerPooledBandwidthLicenseAccount!]!
"""
allocated bandwidth, in Mbps, for all the sites assigned to this license.
"""
allocatedBandwidth: Int!
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""Regional license group"""
siteLicenseGroup: SiteLicenseGroup!
"""The selected service type, e.g SASE or SSE."""
siteLicenseType: SiteLicenseType!
"""
Sites that this license is assigned to (and the license usage within each site)
"""
sites: [PooledBandwidthLicenseSite!]!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""
Maximum available bandwidth, in Mbps, for all the sites under this license. This constitutes the bandwidth pool that is allocated to different sites.
"""
total: Int!
}
type PooledBandwidthLicenseSite {
"""Allocated bandwidth for this site"""
allocatedBandwidth: Int!
"""Identifying data for the site"""
site: SiteRef!
}
type PartnerPooledBandwidthLicenseAccount {
"""Identifying data for the account"""
account: AccountRef!
"""Allocated bandwidth for this account"""
allocatedBandwidth: Int!
}
enum SiteLicenseGroup {
"""legacy license group"""
AFRICA
"""legacy license group"""
ANZ
"""legacy license group"""
APJ
"""Country with stand-alone licenses (not part of a group)"""
CHINA
"""legacy license group"""
DUBAI
"""legacy license group"""
EUROPE
GROUP_1
GROUP_2
"""legacy license group"""
LATAM
"""legacy license group"""
MIDDLE_EAST
"""Country with stand-alone licenses (not part of a group)"""
MOROCCO
"""legacy license group"""
NAM
"""Country with stand-alone licenses (not part of a group)"""
VIETNAM
}
enum SiteLicenseType {
SASE
SSE
}
"""ZTNA remote users license"""
type ZtnaUsersLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The maximum amount of ZTNA users for the region."""
total: Int!
"""Specify a license group that you are limiting the number of ZTNA users"""
ztnaUsersLicenseGroup: ZtnaUsersLicenseGroup!
}
"""Geographical regions that can be associated with a remote user license"""
enum ZtnaUsersLicenseGroup {
"""Country with stand-alone licenses (not part of a group)"""
CHINA
"""Legacy group"""
DUBAI
GENERAL
"""Legacy group"""
LATAM
"""Country with stand-alone licenses (not part of a group)"""
MOROCCO
"""Country with stand-alone licenses (not part of a group)"""
VIETNAM
}
"""
REGIONAL and GLOBAL licenses for MOROCCO, CHINA, and VIETNAM group values
"""
enum Regionality {
"""Global traffic going outside of the region"""
GLOBAL
"""Site traffic within the region"""
REGIONAL
}
"""End Point Protection (EPP) license details"""
type EndpointProtectionLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The maximum number of users that can use this service"""
total: Int!
}
"""Intelligent Last Mile Monitoring (ILMM) License details"""
type IlmmLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The total amount of ILMM licenses."""
total: Int!
}
"""
Intrusion Prevention System (IPS) service license (Legacy license, replaced by TP)
"""
type IpsLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Anti-Malware service license details (Legacy license, replaced by TP)"""
type MalwareProtectionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""
NG Anti-Malware service license details (Legacy license, replaced by TP)
"""
type NextGenMalwareProtectionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Threat Prevention (TP) license details"""
type ThreatPreventionLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""NOC as a Service (NOCaaS) service license details"""
type NOCaaSLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Cloud Access Security Broker (CASB) service license details"""
type CasbLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Data Loss Prevention (DLP) Service license details"""
type DlpLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Managed XDR service license details"""
type ManagedXdrLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Remote Browser Isolation (RBI) service license details"""
type RbiLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""SaaS Security API service license details"""
type SaasSecurityApiLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""license quantity"""
total: Int!
}
"""XDR Pro (extended detection and response) service license details"""
type XdrProLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""The number of knowledge users that the XDR Pro service refers to"""
total: Int!
}
"""DEM service license details"""
type DemLicense implements License & QuantifiableLicense {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
"""License quantity"""
total: Int!
}
"""IoT/OT Security service license details"""
type IotOtLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
"""Advanced Threat Prevention (ATP) service license details"""
type AtpLicense implements License {
description: String
"""License expiration date"""
expirationDate: DateTime!
"""The date of the last update to the license"""
lastUpdated: DateTime
"""License plan type"""
plan: LicensePlan!
"""The license SKU"""
sku: LicenseSku!
"""License start date"""
startDate: DateTime
"""License activation status"""
status: LicenseStatus!
}
type HardwareQueries {
"""Retrieve the account hardware items"""
hardware(input: HardwareSearchInput): HardwarePayload @beta
}
type HardwareMutations {
"""Set Shipping details for a list of hardware"""
updateHardwareShipping(input: UpdateHardwareShippingInput!): HardwarePayload @beta
}
enum ShippingStatus {
CONFIRM_SHIPPING
DELIVERED
IN_TRANSIT
PENDING_INFO
}
enum AddressValidationStatus {
INVALID
NA
VALID
}
input HardwareSearchInput {
filter: HardwareFilterInput
paging: PagingInput = {limit: 100, from: 0}
sort: HardwareSortInput
}
input HardwareShippingDetailsInput {
"""The shipping details"""
details: ShippingDetailsInput!
"""Power cable type (for sockets only)"""
powerCable: String
}
input ShippingDetailsInput {
"""Address for delivery"""
address: AddressInput
"""Comment"""
comment: String
"""Delivery contact detail"""
contact: ContactDetailsInput
"""Shipping method"""
incoterms: String
"""Delivery instruction (required for EXW incoterms)"""
instruction: String
"""Vat id (required for Brazil)"""
vatId: String
}
input AddressInput {
"""City"""
cityName: String!
"""Company name (recipient)"""
companyName: String!
"""Country"""
countryName: String!
"""State (only for USA and Canada)"""
stateName: String
"""Street name and number"""
street: String!
"""Zip Code"""
zipCode: String!
}
input ContactDetailsInput {
"""Contact email address"""
email: Email
"""Contact name"""
name: String
"""Contact phone number"""
phone: String
}
input HardwareFilterInput {
account: [AccountFilter!]
countryName: [StringFilterInput!]
"""
Will run contains operation for the provided text on the following fields productType,
sfId, quoteId, model, zipCode, country, city, state, street, companyName, contactName,
trackingUrl, trackingNumber and comment with OR between them
"""
freeText: FreeTextFilterInput
id: [IdFilterInput!]
licenseStartDate: [DateTimeFilterInput!]
product: [StringFilterInput!]
serialNumber: [StringFilterInput!]
shippingStatus: [ShippingStatusFilterInput!]
validAddress: BooleanFilterInput
}
input ShippingStatusFilterInput {
eq: ShippingStatus
in: [ShippingStatus!]
neq: ShippingStatus
nin: [ShippingStatus!]
}
input HardwareSortInput {
accountName: SortOrderInput
country: SortOrderInput
incoterms: SortOrderInput
licenseId: SortOrderInput
"""Default sort field"""
licenseStartDate: SortOrderInput
productType: SortOrderInput
quoteId: SortOrderInput
shippingDate: SortOrderInput
shippingStatus: SortOrderInput
siteName: SortOrderInput
}
input UpdateHardwareShippingInput {
""" The shipping details to update"""
details: HardwareShippingDetailsInput!
""" The ids of items to update"""
ids: [ID!]!
}
type ShippingDetails {
"""City"""
cityName: String
"""Comment"""
comment: String
"""Company name (recipient)"""
companyName: String
"""Delivery contact detail"""
contact: ContactDetails
"""Country"""
countryName: String
"""Shipping method"""
incoterms: String
"""Delivery instruction (required for EXW incoterms)"""
instruction: String
"""Power cable type (for sockets only)"""
powerCable: String
"""State (only for USA and Canada)"""
stateName: String
"""Street name and number"""
street: String
"""Vat id (required for Brazil)"""
vatId: String
"""Zip Code"""
zipCode: String
}
type ContactDetails {
"""Contact email address"""
email: Email
"""Contact name"""
name: String
"""Contact phone number"""
phone: String
}
type ShippingTracking {
"""Carrier (shipping company)"""
carrier: String
"""Shipping date"""
shippingDate: Date
"""Shipping status"""
shippingStatus: ShippingStatus
"""Tracking number"""
trackingNumber: String
"""Tracking url"""
trackingUrl: Url
}
type HardwarePayload {
"""The results"""
items: [Hardware!]!
"""Pagination details"""
pageInfo: PageInfo
}
type Hardware {
"""Cma account"""
account: AccountRef
"""Id"""
id: ID!
"""Last modified"""
lastModified: DateTime
"""Crm License Id"""
licenseId: ID
"""License start date"""
licenseStartDate: Date
"""Product Mac address"""
macAddress: String
"""Product model"""
model: String
"""Product order number"""
poNumber: String
"""Product type"""
productType: String
"""Quote ID where the product was purchased"""
quoteId: String
"""Serial number"""
serialNumber: String
"""Shipping details"""
shippingDetail: ShippingDetails
"""Shipping tracking data"""
shippingTracking: ShippingTracking
"""The site’s country"""
siteCountryName: String
"""Validation details"""
validation: HardwareValidation
}
type HardwareValidation {
"""Address validation details"""
addressValidationStatus: AddressValidationStatus
"""Complete item"""
completed: Boolean!
"""Incomplete reason"""
incompleteReason: String
}
enum EventFieldName {
"Identifies system access software or device"
access_method
"Account ID"
account_id
"Firewall, QoS or LAG action"
action
"A list of actions taken, if more than one action was taken as defined by a policy"
actions_taken
"Active Directory name"
ad_name
"A unique identifier of the alert notification"
alert_id
"Always-on Configuration"
always_on_configuration
"Analyst Verdict"
analyst_verdict
"The name of the API, e.g. eventsFeed"
api_name
"Specifies whether the API is a query (read) or a mutation (create/update/delete)"
api_type
"Name of application activity"
app_activity
"SaaS user activities into categories."
app_activity_category
"Activity type"
app_activity_type
"Related Apps"
app_stack
"For Internet firewall, app for this event"
application @deprecated(reason: "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Application ID of the flow"
application_id
"The name of the application associated with the flow"
application_name
"Application risk score"
application_risk
"Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN"
auth_method
"Examples: MFA or password"
authentication_type
"BGP ASN for Cato peer"
bgp_cato_asn
"BGP IP for Cato peer"
bgp_cato_ip
"BGP disconnect error code"
bgp_error_code
"BGP ASN for remote peer"
bgp_peer_asn
"BGP IP for remote peer"
bgp_peer_ip
"CIDR for BGP route"
bgp_route_cidr
"BGP disconnect error message"
bgp_suberror_code
"Always-On Bypass Duration In Seconds"
bypass_duration_sec
"Always-On Bypass Method"
bypass_method
"Always-On Bypass Reason"
bypass_reason
"Cato system category"
categories
"Cato application name"
cato_app
"Activity classification, e.g. FALSE_POSITIVE"
classification
"Expiration date for Client certificate"
client_cert_expires
"Name of Client certificate"
client_cert_name
"Type of process generating this traffic"
client_class
"Socket or SDP Client version"
client_version
"Shows the display name of the target user involved in an activity"
collaborator_name
"For SaaS Security API, email addresses of the users that received the file"
collaborators
"Confidence Level"
confidence_level
"For hosts configured with a static IP in the Cato Management Application, the host name"
configured_host_name
"The algorithm that is used (CUBIC /NewReno / BBR)"
congestion_algorithm
"Connect on boot Enabled/Disabled"
connect_on_boot
"Connection Origin"
connection_origin
"For SaaS Security API, name of the connector"
connector_name
"For SaaS Security API, status of the connector"
connector_status
"For SaaS Security API, SaaS app for the connector"
connector_type
"IoC Container Name"
container_name
"An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories."
correlation_id
"Criticality"
criticality
"Unique Cato ID for the custom category"
custom_categories @deprecated(reason: "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Name for the custom category defined in the Cato Management Application"
custom_category @deprecated(reason: "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Custom category ID"
custom_category_id
"Custom category name"
custom_category_name
"For Internet traffic, country where the destination host is located"
dest_country
"For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)"
dest_country_code
"The unique identifier by the SaaS vendor for the target group in an activity."
dest_group_id
"Identifies the target group involved in an activity"
dest_group_name
"Destination IP address"
dest_ip
"For WAN traffic, destination is site or SDP user"
dest_is_site_or_vpn
"The destination process ID"
dest_pid
"Destination port"
dest_port
"Destination process command line"
dest_process_cmdline
"Destination process parent file path"
dest_process_parent_path
"Destination process parent process ID"
dest_process_parent_pid
"Destination process file path"
dest_process_path
"For WAN traffic, name of destination site or SDP user"
dest_site @deprecated(reason: "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Unique internal Cato ID for the destination site or remote user"
dest_site_id
"The name of the destination site"
dest_site_name
"Short description of the detection"
detection_name
"""
Triggered when malware has been detected EPP Behavioral engines and has been dealt with:
• on_detection: the event is triggered upon malware detection;
• on_end_disinfect: the event is triggered upon detection and followed disinfection;
• on_inject: the event is triggered upon code injection.
"""
detection_stage
"Device Categories"
device_categories
"Device Certificate Validated/Not Validated"
device_certificate
"Unique Cato ID for devices"
device_id
"Device Manufacturer"
device_manufacturer
"Device Model"
device_model
"Name for device related to the event"
device_name
"Device OS Type"
device_os_type
"Device posture profiles"
device_posture_profile
"Device posture profiles"
device_posture_profiles @deprecated(reason: "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Device Type"
device_type
"Host name of Domain Controller that created LDAP event"
directory_host_name
"IP address of Domain Controller that created LDAP event"
directory_ip
"Result of LDAP Domain Controller sync event"
directory_sync_result
"Type of LDAP Domain Controller sync event"
directory_sync_type
"If policy is set to disinfect, return the result of this action"
disinfect_result
"Describes the behavior when the DLP system encounters a failure"
dlp_fail_mode
"DLP profiles related to the event"
dlp_profiles
"Defines the scanning methods used by the DLP system"
dlp_scan_types
"Cato’s DNS Protection type that matched the DNS request"
dns_protection_category
"Domain queried in the DNS request"
dns_query
"Domain name based on the SSL SNI, HTTP host name, or DNS name"
domain_name
"Egress PoP Name"
egress_pop_name
"Egress Site Name for backhauling traffic"
egress_site_name
"Email Subject"
email_subject
"The ID for the endpoint"
endpoint_id
"The Endpoint Protection Engine that detected the malware"
epp_engine_type
"The profile assigned to the endpoint upon detection of the malware"
epp_profile
"Count for events that are repeated multiple times during one minute"
event_count
"Event Id"
event_id
"Cato's description of the event"
event_message
"Sub-type for Routing, Security, Connectivity, System or Sockets Management event"
event_sub_type
"Routing, Security, Connectivity, System or Sockets Management event"
event_type
"Provides details about why a specific action or process failed"
failure_reason
"File hash"
file_hash
"File name"
file_name
"The file operation when this event occurred"
file_operation
"File size"
file_size
"File type"
file_type
"The final status for this object after performing actions as defined by the policy"
final_object_status
"Amount of flows for a given incident"
flows_cardinality
"Full path URL application activity"
full_path_url
"An identifier for a guest user using Cato through a Captive Portal"
guest_user
"IP address of host related to event"
host_ip
"MAC address of host related to event"
host_mac
"HTTP request method (ie. Get, Post)"
http_request_method
"For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)"
incident_aggregation
"Unique Cato ID that identifies this security incident"
incident_id
"Indication"
indication
"Indicator"
indicator
"The initial status of the object, before any policy was applied"
initial_object_status
"Cato Internal-use only"
internalId @deprecated(reason: "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Network protocol for this event"
ip_protocol
"Classifies users based on their permissions."
is_admin
"Indicates whether an activity requires administrative permissions."
is_admin_activity
"Is Compliant"
is_compliant
"Is Managed"
is_managed
"Is the app for this event defined as a sanctioned app? (True/False)"
is_sanctioned_app
"If the events was part of the sinkhole flow"
is_sinkhole
"The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)"
ISP_name
"Name defined for the public API Key in the Cato Management Application"
key_name
"A list of labels providing additional context for the event"
labels
"Data that measures the congestion for a specific link"
link_health_is_congested
"Data that measures the jitter for a specific link"
link_health_jitter
"Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP"
link_health_latency
"Data that measures the packet loss for a specific link"
link_health_pkt_loss
"Link type – Cato, Alt. WAN or LAG"
link_type
"The user logged into this endpoint during this event"
logged_in_user
"Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)"
login_type
"Matched DLP data types related to the event"
matched_data_types
"Mitre attack subtechniques"
mitre_attack_subtechniques
"Mitre attack tactics"
mitre_attack_tactics
"Mitre attack techniques"
mitre_attack_techniques
"Network Access"
network_access
"Matched network rule"
network_rule
"For SaaS Security API, API Error of Apps Security Notification"
notification_api_error
"For SaaS Security API, description of Apps Security Notification"
notification_description
"Unique identifier by the 3rd party App of the object being referenced"
object_id
"The name of the object for this event (for example: file name)"
object_name
"Specifies the type of object being acted upon (e.g., file, folder)"
object_type
"Office mode Enabled/Disabled"
office_mode
"Host OS or tunnel device"
os_type
"OS version for the device (such as 14.3.0)"
os_version
"Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App)"
out_of_band_access
"For SaaS Security API, email address of the file owner"
owner
"Pac File Enabled/Disabled"
pac_file
"For SaaS Security API, parent Microsoft 365 connector"
parent_connector_name
"Name of PoP location"
pop_name
"Precedence"
precedence
"Indicate how many processes are part of this event"
processes_count
"Producer"
producer
"Prompt Page Selected Action"
prompt_action
"Public source IP"
public_ip
"QoS Priority value"
qos_priority
"For QoS, the time that this QoS event started. The event is generated when the QoS event finishes"
qos_reported_time
"Specifies the path to a quarantine folder for isolated files"
quarantine_folder_path
"A Unique ID for the quarantined file"
quarantine_uuid
"Raw Data"
raw_data
"Textual recommendation of the steps to take"
recommended_actions
"The URL that links directly to the object involved in the activity"
reference_url
"Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)"
registration_code
"(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low – ie. adware Medium – ie. network scans High – ie. spyware or worms"
risk_level
"Name of security rule related to the event"
rule @deprecated(reason: "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Unique Cato ID for the security rule related to the event"
rule_id
"Rule name"
rule_name
"Severity defined for the rule"
severity
"Sharing Options for the file (such as SharePoint)"
sharing_scope
"Sign In Types"
sign_in_event_types
"For IPS and SAM, ID of the IPS signature"
signature_id
"Name for Socket interface"
socket_interface
"Socket interface ID"
socket_interface_id
"For Socket upgrades, new version number"
socket_new_version
"For Socket upgrade, previous version number"
socket_old_version
"Type of Socket reset (Hardware/Software)"
socket_reset
"For Socket HA events, indicates if the Socket is primary or secondary"
socket_role
"Socket serial number"
socket_serial
"Socket version number"
socket_version
"Split Tunnel Configuration"
split_tunnel_configuration
"Country in which the source host is located (detected via public IP address)"
src_country
"Country Code of country in which the source host is located (detected via public IP address)"
src_country_code
"IP for host or Cato Client"
src_ip
"Source type: site or remote user"
src_is_site_or_vpn
"IP address provided by ISP to site or Client"
src_isp_ip
"""
Source or destination site or remote user ID.
This field can only be used in filter.
"""
src_or_dest_site_id @deprecated(reason: "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.")
"Source process ID"
src_pid
"Internal port number"
src_port
"Source process command line"
src_process_cmdline
"Source process parent file path"
src_process_parent_path
"Source process parent process ID"
src_process_parent_pid
"Source process file path"
src_process_path
"Name of site or user initiating the connection"
src_site @deprecated(reason: "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.")
"Unique internal Cato ID for the site or remote user"
src_site_id
"Source site or remote user"
src_site_name
"Static host"
static_host
"""
The story status.
Possible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring
"""
status
"Story Id"
story_id
"Name of subnet as defined in Cato Management Application"
subnet_name
"Number of targets (servers) associated with this event"
targets_cardinality
"Shows if traffic was TCP accelerated or not"
tcp_acceleration
"Unique identifier for the tenant within a multi-tenant environment"
tenant_id
"Tenant Name"
tenant_name
"Tenant Restriction Rule Name"
tenant_restriction_rule_name
"""
Contains the detection risk level. Could be one of the following:
• Info - this is information-only event, the activity is not malicious;
• Suspicious - the event is suspicious. It may be malicious, but there is not enough information
• Malware - the event is malicious activity
"""
threat_confidence
"For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked"
threat_name
"Link to external malware reference"
threat_reference
"The higher the score, the more dangerous the event. In range between 1 - 100 inclusive"
threat_score
"Type of malware event"
threat_type
"Result of malware event (clean indicates a safe file)"
threat_verdict
"Time stamp of the event (Linux epoch format)"
time
"Time stamp of the event (Human-readable format)"
time_str
"A short summary of the activity"
title
"TLS Certificate Error"
tls_certificate_error
"TLS Error Description"
tls_error_description
"TLS Error Type"
tls_error_type
"Shows if traffic was TLS inspected or not"
tls_inspection
"TLS Inspection rule name"
tls_rule_name
"TLS Version"
tls_version
"Direction of network traffic for this event, values are inbound or outbound"
traffic_direction
"Translated Client IP"
translated_client_ip
"Translated Server IP"
translated_server_ip
"Trigger"
trigger
"Trust Type"
trust_type
"Trusted networks Enabled/Disabled"
trusted_networks
"Tunnel Protocol TCP/UDP"
tunnel_ip_protocol
"Protocol for the tunnel"
tunnel_protocol
"Socket upgrade end time (Linux epoch format):"
upgrade_end_time
"Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)"
upgrade_initiated_by
"Socket upgrade start time (Linux epoch format)"
upgrade_start_time
"URL associated with the event"
url
"User Agent"
user_agent
"Method used to get identity with User Awareness (such as Identity Agent)"
user_awareness_method
"User ID"
user_id
"User that generated the event"
user_name
"For Block/Prompt page, reference ID to report incorrect category"
user_reference_id
"User risk level category"
user_risk_level
"The vendor that identified the incident, such as Cato or Microsoft"
vendor
"Shows the id of the target user involved in an activity"
vendor_collaborator_id
"Vendor Device Id"
vendor_device_id
"Vendor Device Name"
vendor_device_name
"Vendor Event Id"
vendor_event_id
"Identifies the user in the vendor’s system"
vendor_user_id
"Unique Cato Visible ID for devices"
visible_device_id
"Lan access Allowed / Blocked"
vpn_lan_access
"User’s email address"
vpn_user_email
"For LDAP sync events, name of the AD domain"
windows_domain_name
"XFF HTTP header indicates the original IP address for the connections"
xff
}
type DevicesQueries {
attributesCatalog: DeviceAttributesCatalogQueries! @beta
list(input: DeviceV2Input): DevicesPayload @beta
}
type DeviceV2 {
categories: [DeviceV2Category!]! @deprecated(reason: "Use 'category' instead")
category: String
confidence: DeviceConfidenceLevel
connectionProfile: DeviceConnectionProfile
firstSeen: DateTime
hw: DeviceHw
id: ID!
ip: String
lastSeen: DateTime
name: String
network: DeviceNetwork
networkInfo: DeviceNetworkRef
nic: DeviceNic
os: DeviceOs
riskScore: Int
site: SiteRef
user: UserRef
}
union DeviceNetworkRef = SiteNetworkSubnetRef | GlobalRangeRef
type DeviceNic {
macAddress: MacAddress
vendor: String
}
type DeviceOs {
product: String
vendor: String
version: String
}
type DeviceHw {
manufacturer: String
model: String
type: String
}
type DeviceNetwork {
networkName: String
subnet: String
}
type DeviceConnectionProfile {
destApps: [String!]!
destDomains: [String!]!
destHosts: [String!]!
directions: [String!]!
}
enum DeviceV2Category {
IOT
MOBILE
NETWORKING
OT
PC
SERVER
}
enum DeviceCategory {
IoT
Mobile
Networking
OT
PC
Server
}
enum DeviceConfidenceLevel {
HIGH
LOW
MEDIUM
}
input DeviceV2Input {
filter: [DeviceV2FilterInput!]
paging: PagingInput! = {limit: 100, from: 0}
sort: DeviceSortInput! = {id: {direction: ASC, priority: 1}}
}
type DevicesPayload {
device: [DeviceV2!]!
paging: PageInfo!
}
input DeviceSortInput {
categories: SortOrderInput @deprecated(reason: "Use 'category' instead")
category: SortOrderInput
confidence: SortOrderInput
firstSeen: SortOrderInput
hw: DeviceHwSortOrderInput
id: SortOrderInput
ip: SortOrderInput
lastSeen: SortOrderInput
name: SortOrderInput
network: DeviceNetworkSortOrderInput
nic: DeviceNicSortOrderInput
os: DeviceOsSortOrderInput
riskScore: SortOrderInput
site: DeviceSiteSortOrderInput
user: DeviceUserSortOrderInput
}
input DeviceNicSortOrderInput {
macAddress: SortOrderInput
vendor: SortOrderInput
}
input DeviceSiteSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
input DeviceUserSortOrderInput {
id: SortOrderInput
name: SortOrderInput
}
input DeviceOsSortOrderInput {
product: SortOrderInput
vendor: SortOrderInput
version: SortOrderInput
}
input DeviceHwSortOrderInput {
manufacturer: SortOrderInput
model: SortOrderInput
type: SortOrderInput
}
input DeviceNetworkSortOrderInput {
networkName: SortOrderInput
subnet: SortOrderInput
}
input DeviceV2FilterInput {
categories: [DeviceCategoryFilterInput!] @deprecated(reason: "Use 'category' instead")
category: [StringFilterInput!]
confidence: [DeviceConfidenceLevelFilterInput!]
firstSeen: [DateTimeFilterInput!]
hw: DeviceHwFilterInput
id: [IdFilterInput!]
ip: [StringFilterInput!]
lastSeen: [DateTimeFilterInput!]
name: [StringFilterInput!]
network: DeviceNetworkFilterInput
nic: DeviceNicFilterInput
os: DeviceOsFilterInput
riskScore: [IntFilterInput!]
site: [SiteRefFilterInput!]
user: [UserRefFilterInput!]
}
input DeviceCategoryFilterInput {
eq: DeviceCategory
in: [DeviceCategory!]
neq: DeviceCategory
nin: [DeviceCategory!]
}
input DeviceConfidenceLevelFilterInput {
eq: DeviceConfidenceLevel
in: [DeviceConfidenceLevel!]
neq: DeviceConfidenceLevel
nin: [DeviceConfidenceLevel!]
}
input MacAddressFilterInput {
eq: MacAddress
in: [MacAddress!]
neq: MacAddress
nin: [MacAddress!]
}
input DeviceNicFilterInput {
macAddress: [MacAddressFilterInput!]
vendor: [StringFilterInput!]
}
input DeviceOsFilterInput {
product: [StringFilterInput!]
vendor: [StringFilterInput!]
version: [StringFilterInput!]
}
input DeviceHwFilterInput {
manufacturer: [StringFilterInput!]
model: [StringFilterInput!]
type: [StringFilterInput!]
}
input DeviceNetworkFilterInput {
networkName: [StringFilterInput!]
subnet: [StringFilterInput!]
}
input DeviceAttributeCatalogInput {
filter: StringFilterInput
paging: PagingInput
sort: SortOrderInput
}
type DeviceAttributesCatalogQueries {
category(sort: SortOrderInput): DeviceAttributeCatalogPayload!
manufacturer(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
model(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
os(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
type(input: DeviceAttributeCatalogInput): DeviceAttributeCatalogPayload!
}
type DeviceAttributeCatalogPayload {
items: [String!]!
pageInfo: PageInfo!
}
type CatalogApplicationContentType {
id: ID!
name: String!
}
type CatalogApplicationContentTypeGroup {
contentType: [CatalogApplicationContentType!]!
id: ID!
name: String!
}
input CatalogApplicationContentTypeGroupListInput {
filter: [CatalogApplicationContentTypeGroupFilterInput!]
paging: PagingInput = {limit: 100, from: 0}
sort: CatalogApplicationContentTypeGroupSortInput
}
input CatalogApplicationContentTypeGroupSortInput {
name: SortOrderInput
}
input CatalogApplicationListInput {
filter: [CatalogApplicationFilterInput!]
paging: PagingInput = {limit: 100, from: 0}
sort: CatalogApplicationSortInput
}
input CatalogApplicationContentTypeGroupFilterInput {
contentType: [CatalogApplicationContentTypeFilterInput!]
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CatalogApplicationContentTypeFilterInput {
id: [IdFilterInput!]
name: [StringFilterInput!]
}
input CatalogApplicationFilterInput {
activity: [CatalogApplicationActivityFilterInput!]
capability: [CatalogApplicationCapabilityFilterInput!]
category: [CatalogApplicationCategoryFilterInput!]
id: [IdFilterInput!]
name: [StringFilterInput!]
recentlyAdded: [BooleanFilterInput!]
risk: [IntFilterInput!]
type: [CatalogApplicationTypeFilterInput!]
}
input CatalogApplicationTypeFilterInput {
eq: CatalogApplicationType
in: [CatalogApplicationType!]
neq: CatalogApplicationType
nin: [CatalogApplicationType!]
}
input CatalogApplicationCapabilityFilterInput {
hasAny: [CatalogApplicationCapability!]
}
input CatalogApplicationCategoryFilterInput {
hasAny: [ApplicationCategoryRefInput!]
}
input CatalogApplicationActivityFilterInput {
hasAny: [CatalogApplicationActivityRefInput!]
}
input CatalogApplicationActivityRefInput {
by: ObjectRefBy! = ID
input: String!
}
input CatalogApplicationSortInput {
category: CatalogApplicationCategorySortInput
description: SortOrderInput
name: SortOrderInput
risk: SortOrderInput
type: SortOrderInput
}
input CatalogApplicationCategorySortInput {
name: SortOrderInput
}
enum CatalogApplicationType {
APPLICATION
CLOUD_APPLICATION
SERVICE
}
type CatalogApplicationContentTypeGroupListPayload {
contentTypeGroup: [CatalogApplicationContentTypeGroup!]!
pageInfo: PageInfo!
}
type CatalogApplicationListPayload {
application: [CatalogApplication!]!
pageInfo: PageInfo!
}
type CatalogApplicationActivityField {
id: ID!
name: String!
possibleOperators: [CatalogApplicationActivityFieldOperator!]!
possibleValues: [String!]!
}
enum CatalogApplicationActivityFieldOperator {
CONTAINS
GREATER_THAN
IN
IS
LESS_EQUALS
}
type CatalogApplicationActivity {
fields: [CatalogApplicationActivityField!]!
id: ID!
name: String!
}
enum CatalogApplicationAttribute {
SUPPORTED
UNKNOWN
UNSUPPORTED
}
enum CatalogApplicationCapability {
ANTI_MALWARE_INLINE
APP_CONTROL_API
APP_CONTROL_INLINE
DATA_PROTECTION_API
DATA_PROTECTION_INLINE
FILE_CONTROL_INLINE
FIREWALL_INTLINE
LAN_FIREWALL
}
type CatalogApplicationComplianceAttributes {
hippa: CatalogApplicationAttribute!
isae3402: CatalogApplicationAttribute!
iso27001: CatalogApplicationAttribute!
pciDss: CatalogApplicationAttribute!
soc1: CatalogApplicationAttribute!
soc2: CatalogApplicationAttribute!
soc3: CatalogApplicationAttribute!
sox: CatalogApplicationAttribute!
}
type CatalogApplicationSecurityAttributes {
auditTrail: CatalogApplicationAttribute!
encryptionAtRest: CatalogApplicationAttribute!
httpSecurityHeaders: CatalogApplicationAttribute!
mfa: CatalogApplicationAttribute!
rbac: CatalogApplicationAttribute!
rememberPassword: CatalogApplicationAttribute!
sso: CatalogApplicationAttribute!
tlsEnforcement: CatalogApplicationAttribute!
trustedCertificate: CatalogApplicationAttribute!
}
enum EmployeeRange {
"1-10 employees"
BETWEEN_00001_00010
"11-50 employees"
BETWEEN_00011_00050
"51-100 employees"
BETWEEN_00051_00100
"101-250 employees"
BETWEEN_00101_00250
"251-500 employees"
BETWEEN_00251_00500
"501-1,000 employees"
BETWEEN_00501_01000
"1,001-5,000 employees"
BETWEEN_01001_05000
"5,001-10,000 employees"
BETWEEN_05001_10000
"10,000+ employees"
BETWEEN_10001_MAX
}
type CatalogApplication {
activity: [CatalogApplicationActivity!]!
capability: [CatalogApplicationCapability!]!
category: [ApplicationCategoryRef!]!
city: String
complianceAttributes: CatalogApplicationComplianceAttributes!
description: String
descriptionSummary: String
id: ID!
ipoStatus: String
name: String!
numOfEmployees: EmployeeRange
originCountry: CountryRef
recentlyAdded: Boolean!
region: String
risk: ApplicationRisk
sanctioned: Boolean!
securityAttributes: CatalogApplicationSecurityAttributes!
standardPorts: [CustomService!]!
type: CatalogApplicationType!
website: Url
}