type Query {
admin(accountId: ID!, adminID: ID!): GetAdminPayload
"""BETA"""
appStats(
"""Account ID"""
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
sort: [AppStatsSort!]
): AppStats
"""BETA"""
appStatsTimeSeries(
"""Account ID"""
accountID: ID!
timeFrame: TimeFrame!
measures: [Measure]
dimensions: [Dimension]
filters: [AppStatsFilter!]
): AppStatsTimeSeries
admins(accountID: ID!, limit: Int = 50, from: Int = 0, search: String = "", sort: [SortInput], adminIDs: [ID!]): AdminsResult
"""Lookup entities with a specific type, potentially filtered and paged"""
entityLookup(
"""The account ID (or 0 for non-authenticated requests)"""
accountID: ID!
"""Type of entity to lookup for"""
type: EntityType!
"""Sets the maximum number of items to retrieve"""
limit: Int = 50
"""Sets the offset number of items (for paging)"""
from: Int = 0
"""
Return items under a parent entity (can be site, vpn user, etc),
used to filter for networks that belong to a specific site for example
"""
parent: EntityInput
"""
Adds additional search parameters for the lookup. Available options:
country lookup: "removeExcluded" to return only allowed countries
countryState lookup: country code ("US", "CN", etc) to get country's states
"""
search: String = ""
"""
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not
universally available, and may not be applicable specific Entity types. If used on non applicable entity
type, an error will be generated.
"""
entityIDs: [ID!]
"""
Adds additional sort criteria(s) for the lookup.
This option is not universally available, and may not be applicable specific Entity types.
"""
sort: [SortInput]
"""Custom filters for entityLookup"""
filters: [LookupFilterInput]
"""Additional helper fields"""
helperFields: [String!]
): EntityLookupResult!
accountRoles(accountID: ID!, accountType: AccountType): AccountRolesResult!
accountBySubdomain(
accountID: ID!
"""a list of required subdomains"""
subdomains: [String!]!
): [AccountDataPayload!]
"""
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
1. Regular account - Return only 1 subdomain relating to the regular account
2. Reseller account - Return all subdomains including the reseller account subdomain
3. Reseller account - Return only the reseller account subdomain
"""
subDomains(
"""Unique Identifier of Account"""
accountID: ID!
"""
When the boolean argument managedAccount is set to true (default), then the query returns all subdomains related to the account
"""
managedAccount: Boolean
): [SubDomain!]!
"""Audit Feed for account changes"""
auditFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
ids: [ID!] @deprecated(reason: "by accountIDs")
timeFrame: TimeFrame!
filters: [AuditFieldFilterInput!]
"""Marker to use to get results from"""
marker: String
): AuditFeed
"""BETA"""
events(
"""Account ID"""
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
sort: [EventsSort!]
): Events
"""BETA"""
eventsTimeSeries(
"""Account ID"""
accountID: ID!
timeFrame: TimeFrame!
measures: [EventsMeasure]
dimensions: [EventsDimension]
filters: [EventsFilter!]
): EventsTimeSeries
"""Event Feed for events paged by a topic partitions offsets marker"""
eventsFeed(
"""List of Unique Account Identifiers."""
accountIDs: [ID!]
filters: [EventFeedFieldFilterInput!]
"""Marker to use to get results from"""
marker: String
): EventsFeedData
"""
The accountMetrics query helps you analyze the state and quality of the connections
of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS
tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics,
statics, and analytics for the account.
"""
accountMetrics(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
"""
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory.
"""
timeFrame: TimeFrame!
"""
When the boolean argument groupInterfaces is set to __true__, then the data for all the
interfaces are aggregated to a single interface.
"""
groupInterfaces: Boolean
"""
When the boolean argument groupDevices is set to __true__, then the analytics for all the
Sockets (usually two in high availability) are aggregated as one result.
For the best results for aggregated Sockets, we recommend that there is consistent
names and functionality (for example Destination) for the links on both Sockets.
__Note:__ This argument is mandatory for queries of multiple sites and the only valid value
for groupDevices value is __true__.
"""
groupDevices: Boolean
): AccountMetrics
"""
Current snapshot-based metrics that show near real‑time data for the account.
Provides analytics that are similar to the Topology page for the account.
"""
accountSnapshot(
"""Unique Identifier of Account."""
accountID: ID
id: ID @deprecated(reason: "by accountID")
): AccountSnapshot
xdr(accountID: ID!): XDR!
}
type Mutation {
admin(accountId: ID!): AdminMutations!
site(accountId: ID!): SiteMutations!
}
type AdminMutations {
addAdmin(input: AddAdminInput!): AddAdminPayload
removeAdmin(adminID: ID!): RemoveAdminPayload
updateAdmin(adminID: ID!, input: UpdateAdminInput!): UpdateAdminPayload
}
type GetAdminPayload {
id: ID!
firstName: String!
lastName: String!
email: String!
creationDate: String!
passwordNeverExpires: Boolean!
mfaEnabled: Boolean!
managedRoles: [AdminRole!]
resellerRoles: [AdminRole!]
}
input AddAdminInput {
firstName: String!
lastName: String!
email: String!
passwordNeverExpires: Boolean!
mfaEnabled: Boolean!
managedRoles: [UpdateAdminRoleInput!]
resellerRoles: [UpdateAdminRoleInput!]
}
input UpdateAdminInput {
firstName: String
lastName: String
passwordNeverExpires: Boolean
mfaEnabled: Boolean
managedRoles: [UpdateAdminRoleInput!]
resellerRoles: [UpdateAdminRoleInput!]
}
type AddAdminPayload {
adminID: ID!
}
type RemoveAdminPayload {
adminID: ID!
}
type UpdateAdminPayload {
adminID: ID!
}
enum AppStatsFieldName {
"""the cloud application identifier"""
app
"""the cloud application name"""
application
"""new cloud application identifier"""
new_app
""""""
discovered_app
"""the total sum of upstream and downstream data in bytes"""
traffic
"""data uploaded to cloud applications"""
upstream
"""data downloaded from cloud applications"""
downstream
"""the application risk score assigned by Cato"""
risk_score
""""""
risk_level
"""cloud applications approved for use and managed by the organization"""
sanctioned
"""
the country in which the registered application headquarteres is located
"""
hq_location
"""indicates whether the application is considered cloud app/SaaS app"""
is_cloud_app
"""the cloud application category"""
category
""""""
description
""""""
ip
""""""
subnet
""""""
domain
""""""
dest_ip
""""""
src_site_id
"""Source site or VPN user"""
src_site_name
""""""
site_country
""""""
site_state
""""""
vpn_user_id
""""""
flows_created
"""Destination Site or VPN user ID (proto)"""
dest_site
"""Destination Site or VPN user"""
dest_is_site_or_vpn
"""Destination Site or VPN user ID (DB)"""
dest_site_id
"""Destination Site or VPN user name"""
dest_site_name
"""Traffic direction"""
traffic_direction
"""PC or device name"""
device_name
"""Active Directory name"""
ad_name
"""IP for host or VPN client"""
src_ip
"""Name for Socket interface"""
socket_interface
"""Traffic is site or VPN client"""
src_is_site_or_vpn
}
type AppStats {
id: ID
from: DateTime
to: DateTime
total: Int
totals: Map
records(limit: Int, from: Int): [AppStatsRecord!]
}
type AppStatsRecord {
fields: [AppStatsField!]
fieldsUnitTypes: [UnitType!]
"""fields in map format (see Map scalar)"""
fieldsMap: Map
trends: Map
prevTimeFrame: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
}
type AppStatsTimeSeries {
id: ID
from: DateTime
to: DateTime
granularity: Int
timeseries(buckets: Int!): [Timeseries!]
}
type AppStatsField {
name: AppStatsFieldName!
value: Value!
}
input Measure {
fieldName: AppStatsFieldName!
aggType: AggregationType!
trend: Boolean
}
input Dimension {
fieldName: AppStatsFieldName!
}
input AppStatsFilter {
fieldName: AppStatsFieldName!
operator: FilterOperator!
values: [String!]!
}
input AppStatsSort {
fieldName: AppStatsFieldName!
order: DirectionEnum!
}
interface ObjectRef {
"""Object's unique identifier"""
id: ID!
"""Object's unique name"""
name: String!
}
"""2006-01-02T15:04:05Z07:00 (RFC3339)"""
scalar DateTime
scalar IPAddress
type UserRef implements ObjectRef {
id: ID!
name: String!
}
type SiteRef implements ObjectRef {
id: ID!
name: String!
}
type Entity {
id: ID!
name: String
type: EntityType!
}
input EntityInput {
id: ID!
name: String
type: EntityType!
}
type EntityInfo {
entity: Entity!
description: String!
helperFields: Map!
}
type SubDomain {
accountId: ID!
accountName: String!
accountType: String!
subDomain: String!
}
input UpdateAccountRoleInput {
id: ID!
name: String
}
input UpdateAdminRoleInput {
role: UpdateAccountRoleInput!
allowedEntities: [EntityInput!]
allowedAccounts: [ID!]
}
enum SiteType {
BRANCH
HEADQUARTERS
CLOUD_DC
DATACENTER
}
type AdminsResult {
items: [Admin!]!
total: Int!
}
type EntityLookupResult {
items: [EntityInfo!]!
total: Int
}
"""A CC2 administrator"""
type Admin {
id: ID!
version: String!
role: UserRole
firstName: String
lastName: String
email: String
creationDate: DateTime
modifyDate: DateTime
status: OperationalStatus
passwordNeverExpires: Boolean
mfaEnabled: Boolean
nativeAccountID: ID
allowedItems: [Entity!]
presentUsageAndEvents: Boolean
managedRoles: [AdminRole!]
resellerRoles: [AdminRole!]
}
enum UserRole {
OWNER
VIEWER
PUBLIC_VIEWER
PUBLIC_EDITOR
EDITOR
SUPER_USER
SITES_VIEWER
}
enum AccountType {
SYSTEM
REGULAR
RESELLER
ALL
}
enum ProtoType {
SOCKET_X1500
VSOCKET_VGX
IPSEC_HOST
IPSEC_CLIENT
IPSEC_V2
SOCKET_X1600
SOCKET_X1700
SOCKET_AWS1500
SOCKET_AZ1500
SOCKET_ESX1500
CROSS_CONNECT
SOCKET_X1600_LTE
}
enum SocketPlatform {
X1500
X1500_BR2
X1500B_BR2
X1600
X1700
X1700B
AWS1500
AZ1500
ESX1500
X1600_LTE
}
enum SubnetType {
Routed
Direct
VLAN
Native
SecondaryNative
}
enum DhcpType {
DHCP_RELAY
DHCP_RANGE
ACCOUNT_DEFAULT
DHCP_DISABLED
}
input LookupFilterInput {
filter: LookupFilterType
value: String
}
enum LookupFilterType {
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values:
"SOCKET",
"IPSEC",
"vSOCKET",
"PHYSICAL_SOCKET"
"""
filterByConnectionTypeFamily
"""
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values (there are more values that can supported):
"SOCKET_X1500",
"SOCKET_X1600",
"SOCKET_X1700",
"VSOCKET_VGX_ESX",
"VSOCKET_VGX_AWS"
"VSOCKET_VGX_AZURE"
"SOCKET_X1600_LTE",
"""
filterByConnectionType
"""
Custom filter to be used with Site entityLookup, to get only sites with Alt WAN, possible values:
"true",
"false",
"""
filterByAltWan
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as backhauling gateways, possible values:
"true",
"false",
"""
filterByBackhaulingGW
"""
Custom filter to be used with Site entityLookup, to get only sites that are configured as OffCloudTransportEnabled, possible values:
"true",
"false",
"""
filterByOffCloudTransportEnabled
}
type AccountRolesResult {
items: [RBACRole!]!
total: Int!
}
type AccountDataPayload {
id: ID!
name: String!
subdomain: String!
}
enum SocketInterfaceDestType {
CATO
LAN
VRRP_AND_LAN
INTERFACE_DISABLED
ALTERNATIVE
LAYER_2_WAN
VRRP
LAN_LAG_MASTER_AND_VRRP
LAN_LAG_MASTER
LAN_LAG_MEMBER
LAN_AND_HA
}
enum VrrpType {
VIA_SWITCH
DIRECT_LINK
}
"""
SocketInterface available ids, INT_# stands for 1,2,3...12 supported ids
"""
enum SocketInterfaceIDEnum {
LAN1
LAN2
WAN1
WAN2
USB1
USB2
INT_1
INT_2
INT_3
INT_4
INT_5
INT_6
INT_7
INT_8
INT_9
INT_10
INT_11
INT_12
WLAN
LTE
}
enum SocketInterfaceRole {
wan_1
wan_2
wan_3
wan_4
}
input PagingInput {
limit: Int! = 100
from: Int! = 0
}
input SortInput {
field: String
order: DirectionInput
}
enum DirectionInput {
asc
desc
}
enum EntityType {
"""Geographical and political entity recognized internationally"""
country
"""
Represents a state or territory within a country. It is a sub-division of the country
"""
countryState
"""
Time zone, which is a geographical region where clocks are set to the same time
"""
timezone
"""A reference to a configured Site within Account"""
site
"""A reference to the configured Host within Site"""
host
"""Any entity (matches everything)"""
any
"""A reference to a configured Account under reseller"""
account
"""A reference to the configured Network Interface within Site"""
networkInterface
"""A reference to the configured VPN User within Account"""
vpnUser
"""An account administrator (user in Cato Console)"""
admin
"""A reference to Local Routing Rule within Site"""
localRouting
"""A reference to LAN Firewall Rule within Site"""
lanFirewall
"""An external IP address in a specific PoP reserved for the account"""
allocatedIP
"""union of the globalRange and a Subnet"""
siteRange
"""l4 services for LAN firewall rules"""
simpleService
"""Site licenses available for use"""
availableSiteUsage
"""Pooled licenses available for use"""
availablePooledUsage
"""A reference to DHCP Relay Group within account"""
dhcpRelayGroup
"""Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number"""
portProtocol
groupSubscription
mailingListSubscription
webhookSubscription
}
type AuditFeedAccountRecords {
id: ID
records(fieldNames: [AuditFieldName!]): [AuditRecord!]
}
type AuditFeed {
from: DateTime
to: DateTime
marker: String
fetchedCount: Int!
hasMore: Boolean
accounts: [AuditFeedAccountRecords]
}
"""
Search operators on ElasticSearch. Between operators are applicable only to numeric fields
Note that not operators are slower
"""
enum ElasticOperator {
is
is_not
in
not_in
exists
not_exists
between
not_between
}
"""
FieldName for the different types of FieldName inputs
Use the EventFieldName for events, and AuditFieldName for audit
"""
input FieldNameInput {
EventFieldName: EventFieldName
AuditFieldName: AuditFieldName
}
input AuditFieldFilterInput {
fieldName: FieldNameInput!
"""Use AuditFieldName for audits"""
operator: ElasticOperator!
values: [String!]
}
"""Represents a single event in the audit database"""
type AuditRecord {
admin: Entity
apiKey: Entity
object: Entity
account: EntityInfo
time: DateTime
"""All fields in the audit record (including the admin and object)"""
fields: [AuditField!]
"""fields in map format (see Map scalar)"""
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
}
type StringValue {
string: String
}
type DateValue {
date: DateTime
}
union Value = StringValue | DateValue | Entity
type AuditField {
name: String!
value: Value!
}
enum AuditFieldName {
"""The admin whose action generated the record"""
admin
"""The api key whose action generated the record"""
apiKey
"""The name of the object that was affected, e.g. 'My Site'"""
model_name
"""The ID of the admin whose action generated the record"""
admin_id
"""
Less granular than model_name, a general marker of the modified area: administration, configuration, security
"""
module
audit_creation_type
"""Time the record was committed to storage"""
insertion_date
"""
the nature of the change: `CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED`
"""
change_type
"""Time the record was created"""
creation_date
"""
The type of object that was affected. e.g. Site, Socket, SocketInterface
"""
model_type
"""The name of the account on which the record was created"""
account
"""The id of the account on which the record was created"""
account_id
}
type Events {
id: ID
from: DateTime
to: DateTime
total: Int
totals: Map
records(limit: Int, from: Int): [EventsRecord!]
}
type EventsRecord {
fields: [EventField!]
fieldsUnitTypes: [UnitType!]
"""fields in map format (see Map scalar)"""
fieldsMap: Map
trends: Map
prevTimeFrame: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
}
type EventsTimeSeries {
id: ID
from: DateTime
to: DateTime
granularity: Int
timeseries(buckets: Int!): [Timeseries!]
}
input EventsMeasure {
fieldName: EventFieldName!
aggType: AggregationType!
trend: Boolean
}
input EventsDimension {
fieldName: EventFieldName!
}
input EventsFilter {
fieldName: EventFieldName!
operator: FilterOperator!
values: [String!]!
}
input EventsSort {
fieldName: EventFieldName!
order: DirectionEnum!
}
type EventField {
name: EventFieldName!
value: Value!
}
enum EventFieldName {
"""Site or VPN user initiating the transaction"""
src_site
src_site_id
"""Target Site or VPN user"""
dest_site
"""
Source or destination site or VPN user ID.
This field can only be used in filter.
"""
src_or_dest_site_id
"""Rule ID in security events"""
rule
"""Remote ISP name"""
ISP_name
"""Name for Socket interface"""
socket_interface
custom_category
"""LDAP event, host name"""
directory_host_name
"""Internet traffic, destination server port"""
dest_port
"""BGP ASN for remote peer"""
bgp_peer_asn
"""The reference number of a miscategorization event"""
user_reference_id
"""Internal port number"""
src_port
"""Data that measures the packet loss for a specific link"""
link_health_pkt_loss
"""Name of PoP for event"""
pop_name
""""""
host_ip
"""Cato's description of the event"""
event_message
"""Source site or VPN user"""
src_site_name
"""SSL SNI, HTTPhost name, DNSname"""
domain_name
"""Internet traffic, destination server IP"""
dest_ip
"""Malware event, file hash"""
file_hash
"""ISP IP for site or VPN client"""
src_isp_ip
"""Examples: MFA or password"""
authentication_type
"""Firewall rule name"""
rule_name
"""LDAP event, sync with DC results"""
directory_sync_result
""""""
host_mac
"""Type of malware event"""
threat_type
"""Result of malware event"""
threat_verdict
"""PC or device name"""
device_name
"""Link type – Cato, Alt. WAN or LAG"""
link_type
"""User portal or VPN client (VPN or site traffic)"""
login_type
"""Host name (hosts with static IP)"""
configured_host_name
""""""
internalId
"""LDAP event, sync with DC"""
directory_sync_type
"""User email"""
vpn_user_email
"""Type of process generating this traffic"""
client_class
"""Incident aggregation"""
incident_aggregation
"""Hardware or software Socket reset"""
socket_reset
"""User name"""
user_name
"""Socket or VPN client version"""
client_version
"""Malware event, file size"""
file_size
""""""
registration_code
"""BGP disconnect error message"""
bgp_error_code
"""Description for BGP neighbor"""
bgp_peer_description
"""Name of malware event"""
threat_name
"""Time QoS event started"""
qos_reported_time
"""Network protocol for this event"""
ip_protocol
"""BGP ASN for Cato peer"""
bgp_cato_asn
"""IP for host or VPN client"""
src_ip
"""Link to external malware reference"""
threat_reference
"""Firewall, QoS or LAG action"""
action
""""""
windows_domain_name
"""Malware event, risk level"""
risk_level
"""Socket upgrade, old version number"""
socket_old_version
"""Data that measures the latency for a specific link"""
link_health_latency
"""Protocol for the tunnel"""
tunnel_protocol
"""Socket upgrade, new version number"""
socket_new_version
"""Data that measures the jitter for a specific link """
link_health_jitter
"""Upgrade started at:"""
upgrade_start_time
"""BGP IP for Cato peer"""
bgp_cato_ip
"""Cato Networks Category"""
categories
""""""
rule_id
""""""
socket_role
"""Amount of targets (servers) for a given incident"""
targets_cardinality
"""Upgrade initiated by"""
upgrade_initiated_by
"""Site or VPN user"""
dest_is_site_or_vpn
"""BGP IP for remote peer"""
bgp_peer_ip
"""Traffic is site or VPN client"""
src_is_site_or_vpn
"""Active Directory name"""
ad_name
"""User Awareness Query Method"""
user_awareness_method
"""Data that measures the congestion for a specific link"""
link_health_is_congested
"""Name for subnet"""
subnet_name
"""Version for host OS or tunnel device"""
os_version
"""
Sub-type for Routing, Security, Connectivity, System or Sockets Management event
"""
event_sub_type
"""Host OS or tunnel device"""
os_type
"""Inbound or outbound"""
traffic_direction
"""BGP disconnect error message"""
bgp_suberror_code
"""CIDR for BGP route"""
bgp_route_cidr
"""Incident identifier"""
incident_id
"""App used in Internet Firewall"""
application
"""Upgrade ended at:"""
upgrade_end_time
"""Socket interface ID"""
socket_interface_id
"""Custom category for the account"""
custom_categories
"""Country based on public IP"""
src_country
"""Country code based on public IP"""
src_country_code
"""Count for events often repeated"""
event_count
"""Malware event, file name"""
file_name
"""LDAP event, IP for DC"""
directory_ip
"""Time of event"""
time
"""URL for Internet traffic"""
url
"""Internet traffic, destination server location"""
dest_country
"""Internet traffic, destination server location code"""
dest_country_code
"""Amount of flows for a given incident"""
flows_cardinality
"""Name of site or VPN user"""
dest_site_name
"""Routing, Security, Connectivity, System or Sockets Management event"""
event_type
"""Account ID"""
account_id
"""Signature ID"""
signature_id
"""Client certificate expiration date"""
client_cert_expires
"""Name of client Certificate"""
client_cert_name
"""Is sanctioned app matched"""
is_sanctioned_app
"""Name of application class"""
application_class
"""Name of application activity"""
app_activity
"""Device posture profiles"""
device_posture_profiles
"""Full path URL application activity"""
full_path_url
"""Application risk score"""
application_risk
"""Mitre attack techniques"""
mitre_attack_techniques
"""Mitre attack subtechniques"""
mitre_attack_subtechniques
"""Mitre attack tactics"""
mitre_attack_tactics
"""Indicator"""
indicator
"""Connector Type"""
connector_type
"""Connector Name"""
connector_name
parent_connector_name
file_type
dlp_profiles
matched_data_types
severity
"""Owner"""
owner
"""Collaborators"""
collaborators
"""Email Subject"""
email_subject
"""Sharing Scope"""
sharing_scope
"""DNS Protection Category"""
dns_protection_category
final_object_status
object_name
object_type
alert_id
vendor
vendor_user_id
status
classification
quarantine_folder_path
title
recommended_actions
pid @deprecated(reason: "use src_pid instead")
parent_pid @deprecated(reason: "use src_process_parent_pid instead")
process_path @deprecated(reason: "use src_process_path instead")
failure_reason
out_of_band_access
logged_in_user
http_request_method
xff
"""DNS Query"""
dns_query
key_name
api_type
api_name
"""Related Apps"""
app_stack
"""TLS Certificate Error"""
tls_certificate_error
"""TLS Version"""
tls_version
"""TLS Error Type"""
tls_error_type
"""TLS Error Description"""
tls_error_description
"""Cato App"""
cato_app
"""Prompt Page Selected Action"""
prompt_action
"""Unique Cato ID for devices"""
device_id
"""Unique Cato Visible ID for devices"""
visible_device_id
"""
Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN
"""
auth_method
"""Always-On Bypass Method"""
bypass_method
"""Always-On Bypass Duration In Seconds"""
bypass_duration_sec
"""Always-On Bypass Reason"""
bypass_reason
"""Sign In Types"""
sign_in_event_types
"""Tenant Id"""
tenant_id
"""Tenant Name"""
tenant_name
"""User Agent"""
user_agent
"""Vendor Event Id"""
vendor_event_id
"""Vendor Device Id"""
vendor_device_id
"""Vendor Device Name"""
vendor_device_name
"""Is Compliant"""
is_compliant
"""Is Managed"""
is_managed
"""Trust Type"""
trust_type
"""Trust Level"""
trust_level
"""Data Classifiers"""
dlp_scan_types
"""Network Access"""
network_access
"""Analyst Verdict"""
analyst_verdict
"""Criticality"""
criticality
"""Indication"""
indication
"""Producer"""
producer
"""Story Id"""
story_id
"""Raw Data"""
raw_data
}
type SiteMutations {
addSocketSite(input: AddSocketSiteInput!): AddSocketSitePayload
updateSiteGeneralDetails(siteId: ID!, input: UpdateSiteGeneralDetailsInput!): UpdateSiteGeneralDetailsPayload
removeSite(siteId: ID!): RemoveSitePayload
updateSocketInterface(siteId: ID!, socketInterfaceId: SocketInterfaceIDEnum!, input: UpdateSocketInterfaceInput!): UpdateSocketInterfacePayload
addNetworkRange(lanSocketInterfaceId: ID!, input: AddNetworkRangeInput!): AddNetworkRangePayload
updateNetworkRange(networkRangeId: ID!, input: UpdateNetworkRangeInput!): UpdateNetworkRangePayload
removeNetworkRange(networkRangeId: ID!): RemoveNetworkRangePayload
updateHa(siteId: ID!, input: UpdateHaInput!): UpdateHaPayload
addStaticHost(siteId: ID!, input: AddStaticHostInput!): AddStaticHostPayload
updateStaticHost(hostId: ID!, input: UpdateStaticHostInput!): UpdateStaticHostPayload
removeStaticHost(hostId: ID!): RemoveStaticHostPayload
}
type EventRecord {
time: DateTime
"""fields in map format (see Map scalar)"""
fieldsMap: Map
"""
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ]
"""
flatFields: [[String!]]
}
type EventsFeedAccountRecords {
id: ID
errorString: String
records(fieldNames: [EventFieldName!]): [EventRecord!]
}
type EventsFeedData {
marker: String
fetchedCount: Int!
accounts: [EventsFeedAccountRecords]
}
input EventFeedFieldFilterInput {
fieldName: EventFeedFilterFieldName!
"""Use event_type and event_sub_type for events"""
operator: EventFeedFilterOperator!
values: [String!]
}
"""Search operators on Event Feed"""
enum EventFeedFilterOperator {
is
is_not
in
not_in
}
enum EventFeedFilterFieldName {
"""
Sub-type for Routing, Security, Connectivity, System or Sockets Management event
"""
event_sub_type
"""Routing, Security, Connectivity, System or Sockets Management event"""
event_type
}
type AccountMetrics {
"""Unique Identifier of Account."""
id: ID
"""Starting time"""
from: DateTime
"""Ending time"""
to: DateTime
"""The size of a single time bucket in seconds"""
granularity: Int
"""Site connectivity metrics for the requested sites."""
sites(
"""
A list of unique IDs for each site. If specified, only sites in this list are returned. Otherwise, all sites are returned.
"""
siteIDs: [ID!]
ids: [String!] @deprecated(reason: "by siteIDs")
): [SiteMetrics!]
"""
Connectivity metrics for the requested users connecting remotely with the Client.
Doesn’t include user traffic behind a site.
"""
users(
"""
A list of unique IDs for each user. If specified, only users in this list are returned. Otherwise, no user metrics are returned.
"""
userIDs: [ID!]
): [SiteMetrics!]
timeseries(
labels: [TimeseriesMetricType!]
"""number of buckets, defaults to 10, max 1000"""
buckets: Int
): [Timeseries!]
}
type AccountSnapshot {
"""Unique Identifier of Account"""
id: ID
"""Sites includes information about online as well as offline sites"""
sites(
"""
List of Unique Site Identifiers. If specified, only sites in list will be returned
"""
siteIDs: [ID!]
ids: [Int!] @deprecated(reason: "by siteIDs")
): [SiteSnapshot!]
"""
VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested
"""
users(
"""request specific IDs, regardless of if connected or not"""
userIDs: [ID!]
ids: [Int!] @deprecated(reason: "by userIDs")
): [UserSnapshot!]
timestamp: DateTime
}
"""A general structure to contain IP detailed information"""
type IPInfo {
"""IP address of the link"""
ip: String
"""Geolocation ISO country code"""
countryCode: String
"""Geolocation country name"""
countryName: String
"""Geolocation city"""
city: String
"""Geolocation state"""
state: String
"""ISP Internet provider"""
provider: String
"""Geolocation latitude for the ISP"""
latitude: Float
"""Geolocation longitude for the ISP"""
longitude: Float
}
"""Basic information about socket"""
type SocketInfo {
"""Unique ID for Socket"""
id: String
"""Serial number for the Socket"""
serial: String
"""
For HA configurations, when this boolean value is true, this the primary Socket
"""
isPrimary: Boolean
"""Shows Socket type"""
platform: SocketPlatform
"""Software version number that is currently installed on the Socket"""
version: String
"""Timestamp when the Socket upgraded to the current hardware version"""
versionUpdateTime: DateTime
}
"""Basic IPSec configuration information"""
type IPSecInfo {
"""
For HA configurations, when this boolean value is true, this the primary IPsec firewall or routing device
"""
isPrimary: Boolean
"""The source IP address for the IPsec tunnel in the Cato Cloud"""
catoIP: String
"""The destination IP address for the IPsec tunnel (in the site)"""
remoteIP: String
"""Shows 1 for IKEv1 and 2 for IKEv2"""
ikeVersion: Int
}
"""Basic Socket Interface configuration information"""
type InterfaceInfo {
"""ID for the Socket port in the Socket WebUI Monitor tab"""
id: ID!
"""Name for the port in the Cato Management Application"""
name: String
"""
Maximum allowed bandwidth on this port, for traffic from the site to the Cato Cloud
"""
upstreamBandwidth: Int
"""
Maximum allowed bandwidth for traffic on this port, from the Cato Cloud to the site
"""
downstreamBandwidth: Int
"""The destination type configured to the Socket interface"""
destType: String
}
"""Basic Site configuration information"""
type SiteInfo {
"""Name for the site"""
name: String
"""
Site type in the Cato Management Application, such as branch office or datacenter
"""
type: SiteType
"""User defined description of the site"""
description: String
"""Code for the Country that is the physical location of the site"""
countryCode: String
"""Geographical PoP region that the site is licensed to use"""
region: String
"""Country that is the physical location of the site"""
countryName: String
"""
When this boolean value is true, the site is enabled for high availability
"""
isHA: Boolean
"""
The Connection Type field defines how the site connects to the Cato Cloud, such as X1500 Socket or AWS vSocket (array with nested fields)
"""
connType: ProtoType
"""Timestamp for when the site was created"""
creationTime: DateTime
"""Basic configuration information about the Socket interface"""
interfaces: [InterfaceInfo!]
"""
Data related to Socket and vSocket sites, such as serial number and Socket version (array with nested fields)
"""
sockets: [SocketInfo!]
"""data related to IPsec sites, such as IKE version"""
ipsec: [IPSecInfo!]
}
"""Basic Site Ha readiness information"""
type HaStatus {
readiness: HaReadiness
wanConnectivity: HaSubStatus
keepalive: HaSubStatus
socketVersion: HaSubStatus
}
"""Basic User configuration information"""
type UserInfo {
"""Name of the VPN user"""
name: String
"""Status of the Client as the type STRING"""
status: OperationalStatus
"""Email address of the VPN user"""
email: String
"""Timestamp when the VPN user was created in the account"""
creationTime: DateTime
"""Phone number for the VPN user"""
phoneNumber: String
"""User creation mechanism, current supported REGULAR or LDAP"""
origin: String
"""Additional authentication mechanism, currently MFA or NONE"""
authMethod: String
}
type RecentConnection {
"""The duration of the connection"""
duration: Int
"""Name for the port in the Cato Management Application"""
interfaceName: String
"""Serial number for the Device"""
deviceName: String
"""
The last time this connection was detected (so lastConnected - duration is the start of the connection
"""
lastConnected: DateTime
"""The name of the PoP that the traffic flow was connected to"""
popName: String
"""IP address of the PoP that the link is connected to"""
remoteIP: String
"""
IP address, ISP, and geographical information related to the PoP that the traffic flow was connected to
"""
remoteIPInfo: IPInfo
}
type InterfaceLinkState {
"""The ID for the specific Socket port, for example LAN1 or LAN2"""
id: ID
"""When this boolean value is true, then the link for the port is up"""
up: Boolean
"""
When this boolean value is true, then a cable is connected to the Socket port
"""
mediaIn: Boolean
"""Shows the maximum bandwidth configured for the link"""
linkSpeed: String
"""Shows the duplex mode for the link"""
duplex: String
}
type DeviceSnapshot {
"""Unique internal Cato ID for the Socket"""
id: ID
"""Name of the device"""
name: String
"""Unique identifier for the device"""
identifier: String
"""
A boolean value that indicates if the site is connected to the Cato Cloud
"""
connected: Boolean
"""
Shows if this is the primary or secondary Socket in high availability mode
"""
haRole: String
"""Snapshot data for outbound facing interfaces"""
interfaces: [InterfaceSnapshot!]
"""The last time the device was seen"""
lastConnected: DateTime
"""
The uptime of the last tunnel from this device (or current), in seconds
"""
lastDuration: Int
"""For connected devices (this somewhat overlaps to last duration)"""
connectedSince: DateTime
"""The ID of the PoP that the Socket is connected to"""
lastPopID: Int
"""The PoP name that the Socket is connected to"""
lastPopName: String
"""Data related to the most recent completed traffic flows"""
recentConnections: [RecentConnection!]
"""Shows the Socket model or vSocket type"""
type: String
"""Shows data related to the Socket, such as version and serial number"""
socketInfo: SocketInfo
"""
Information of the link state of various interfaces in the devices. Unlike the `interfacess` field, it contains
all links of the device, not just the outbound facing ones
"""
interfacesLinkState: [InterfaceLinkState!]
"""Operating system of the Device."""
osType: String
"""Version of the Socket operating system"""
osVersion: String
"""Device version"""
version: String
"""Device major version"""
versionNumber: Int
"""Shows the release group for the site"""
releaseGroup: String
"""Shows the amount of time remaining before the MFA token expires"""
mfaExpirationTime: Int
"""The time the mfa cookie (for sdp users) was created"""
mfaCreationTime: Int
"""Device's internal IP in the account's routing table"""
internalIP: String
}
type InterfaceMetrics {
"""Traffic data for the link"""
metrics(
"""Normalize collected metrics as per-second values"""
toRate: Boolean = false
): Metrics
"""Link name in the Cato Management Application"""
name: String
"""
For site metrics, timeseries info field will include: siteID, interfaceName, for last mile metrics it will also
include the destination last mile check
"""
timeseries(buckets: Int, labels: [TimeseriesMetricType!]): [Timeseries!]
"""Time stamp annotation that shows a time increment for a GUI"""
annotations(types: [String!]): [TimeAnnotation!]
"""object that is a specific time duration"""
periods: [TimePeriod!]
"""Data related to the link IP address, such as country code"""
remoteIPInfo: IPInfo
"""IP address of the PoP that the link is connected to"""
remoteIP: String
"""
Data related to Socket and vSocket sites, such as serial number and Socket version. Applicable only for site
"""
socketInfo: SocketInfo
"""
Data related to IPsec sites, such as IKE version . Applicable only for site
"""
ipsecInfo: IPSecInfo
"""
Basic configuration information about the Socket interface . Applicable only for site
"""
interfaceInfo: InterfaceInfo
}
type InterfaceSnapshot {
"""Shows if the WAN link is connected to the PoP"""
connected: Boolean
"""Interface ID for the WAN link"""
id: ID
"""WAN link name in the Cato Management Application"""
name: String
"""Physical WAN port on the Socket"""
physicalPort: Int
"""Interface Natural order for WAN link"""
naturalOrder: Int
"""The name of the PoP that the WAN link is connected to"""
popName: String
"""
The ID of the PoP that the WAN link was connected to before the current one
"""
previousPopID: Int
"""
The name of the PoP that the WAN link was connected to before the current one
"""
previousPopName: String
"""
Reason that the tunnel required a new connection (for example, PoP or Socket restarted)
"""
tunnelConnectionReason: String
"""Number of seconds that the tunnel is connected to a PoP"""
tunnelUptime: Int
"""IP address of the WAN ISP"""
tunnelRemoteIP: String
"""IP address, ISP, and geographical information related to the WAN ISP"""
tunnelRemoteIPInfo: IPInfo
type: String @deprecated
"""
data about the WAN link that is configured in the Socket Configuration window for the site
"""
info: InterfaceInfo
"""Information about cellular (LTE) interface"""
cellularInterfaceInfo: CellularInterface
}
type Metrics {
"""total amount of time for the site data"""
duration: Int
"""duration in seconds for a single metrics bucket"""
granularity: Int
"""total downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream: Float
"""total upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream: Float
"""total traffic for the site"""
bytesTotal: Float
"""number of packets lost for downstream traffic"""
lostDownstream: Float
"""percent of packet loss for downstream traffic"""
lostDownstreamPcnt: Float
"""number of packets lost for upstream traffic"""
lostUpstream: Float
"""percent of packet loss for upstream traffic"""
lostUpstreamPcnt: Float
"""total downstream packets"""
packetsDownstream: Float
"""total upstream packets"""
packetsUpstream: Float
"""
jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream: Float
"""
jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream: Float
"""total packets discarded for downstream traffic"""
packetsDiscardedDownstream: Float
"""total packets discarded for upstream traffic"""
packetsDiscardedUpstream: Float
"""round-trip time from the site to the Cato Cloud"""
rtt: Int
"""
The number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics.
"""
hostCount: Float
"""
The configurable limit of the number of hosts in the tunnel. Relevant only for per site Metrics, ignored in
per-interface metrics.
"""
hostLimit: Float
"""
The number of flows (connections) in the tunnel. Relevant only for per site Metrics, ignored in per-interface
metrics.
"""
flowCount: Float
}
type CellularInterface {
"""2G, 3G, or 4G"""
networkType: CellularNetworkType
"""
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default.
"""
simSlotId: Int
"""
Represents the current status of the modem. Valid values are Error, OK, or Unknown.
"""
modemStatus: CellularModemStatus
"""
Indicates if the cellular modem is currently connected to the internet.
"""
isModemConnected: Boolean!
"""Unique identifier (20-digit number) for the modem."""
iccid: String
"""Unique identifier (15-digit number) for a specific SIM."""
imei: String
"""Displays the operator or carrier name, such as Verizon."""
operatorName: String
"""Indicates if the modem is currently suspended."""
isModemSuspended: Boolean!
"""
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch.
"""
apn: String
"""
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI).
"""
apnSelectionMethod: ApnMethod
"""
Represents the signal strength of the cellular connection, in units of calculation.
"""
signalStrength: String
"""Indicates whether roaming is enabled."""
isRoamingAllowed: Boolean!
"""The phone number associated with the SIM."""
simNumber: String
"""
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out).
"""
disconnectionReason: CellularDisconnectionReason
"""Indicates whether a SIM is detected in the first slot."""
isSimSlot1Detected: Boolean!
"""Indicates whether a SIM is detected in the second slot."""
isSimSlot2Detected: Boolean!
}
enum CellularNetworkType {
TYPE_UNKNOWN
TYPE_2G
TYPE_3G
TYPE_4G
}
enum CellularModemStatus {
STATUS_UNKNOWN
STATUS_OK
STATUS_ERROR
}
enum CellularDisconnectionReason {
REASON_NONE
REASON_TIMEOUT
}
enum ApnMethod {
METHOD_UNKNOWN
METHOD_AUTO
METHOD_MANUAL
}
type SiteMetrics {
"""Site ID"""
id: ID
"""Analytics that are returned for the links for a site"""
interfaces: [InterfaceMetrics!]
"""Traffic metrics and data for sites"""
metrics(
"""Normalize collected metrics as per-second values"""
toRate: Boolean = false
): Metrics
"""Site names"""
name: String
"""
Shows general information about the site (array with nested fields). Applicable only for site
"""
info: SiteInfo
"""
Timeseries with the number of hosts in the site. Applicable only for site
"""
hostCount: Timeseries
"""
Timeseries with the number of flows (connections) in the site. Applicable only for site
"""
flowCount: Timeseries
"""
Timeseries with the configurable limit of the number of hosts in the site. Applicable only for site
"""
hostLimit: Timeseries
samples: Int @deprecated(reason: "internal use")
}
enum HaReadiness {
ready
not_ready
}
enum HaSubStatus {
ok
fail
}
enum ConnectivityStatus {
"""Connected to the Cato Cloud"""
connected
"""Disconnected from the Cato Cloud"""
disconnected
}
enum OperationalStatus {
"""Passing traffic"""
active
"""Disabled in the Cato Management Application"""
disabled
"""License has expired for this site and you can't configure it"""
locked
"""After you create the site before it is connected to the Cato Cloud"""
new
"""For VPN users only"""
pending_user_configuration
"""For VPN users only"""
pending_mfa_configuration
"""For VPN users only"""
pending_code_generation
}
type UserSnapshot {
"""VPN user ID"""
id: ID
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""User name from configuration, same as info.name"""
name: String
"""The host name of the device"""
deviceName: String
"""How long has the user been connected (in seconds)"""
uptime: Int
"""Last time the user was connected (relevant if not currently connected)"""
lastConnected: DateTime
"""VPN client version string"""
version: String
"""VPN client version number"""
versionNumber: Int
"""ID of the PoP that the Client is connected to"""
popID: Int
"""Name of the PoP that the VPN user is connected to"""
popName: String
"""IP address of the Client"""
remoteIP: String
"""IP address, ISP, and geographical information related to the Client"""
remoteIPInfo: IPInfo
"""IP address of the PoP that the Client is connected to"""
internalIP: String
"""Operating system of the device the Client is running on"""
osType: String
"""Version of the operating system for the device"""
osVersion: String
"""Data related to the Client"""
devices: [DeviceSnapshot!]
"""
In this state the client does not create its own connection, but reuses
the Office's socket connection
"""
connectedInOffice: Boolean
"""General information about the VPN user"""
info: UserInfo
"""Data related to the most recent completed VPN connections"""
recentConnections: [RecentConnection!]
}
type SiteSnapshot {
"""site ID"""
id: ID
protoId: ID
"""Connectivity to the Cato Cloud"""
connectivityStatus: ConnectivityStatus
"""Site HA readiness information"""
haStatus: HaStatus
"""Status for a site or VPN user"""
operationalStatus: OperationalStatus
"""
Relevant when the site is disconnected - the last time the device was connected
"""
lastConnected: DateTime
"""For connected sites, since when are they connected"""
connectedSince: DateTime
"""Name of the PoP that the site is connected to"""
popName: String
"""Data related to the Sockets for a site"""
devices: [DeviceSnapshot!]
"""General real-time information about the site"""
info: SiteInfo
"""Number of hosts connected to a site"""
hostCount: Int
"""Alternative WAN connectivity status"""
altWanStatus: String
}
type Timeseries {
"""
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in
milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type)
"""
data(
"""
whether to normalize the data into per second (i.e. divide by granularity)
"""
perSecond: Boolean = true
"""
If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1
"""
withMissingData: Boolean = false
): [[Float!]]
"""Indicates the type of the timeseries"""
label: String!
"""List of dimension values for this timeseries"""
dimensions: [DimensionData!]
"""Timeseries key: measure and dimension values"""
key: TimeseriesKey
"""Summary of the metrics over the given time frame"""
sum: Float
"""
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types
of data to make sense.
"""
units: UnitType
"""
Specific information about the timeseries, used to build its name, title etc
"""
info: [String!]
}
"""An object for marking specific events in time."""
type TimeAnnotation {
"""Timestamp of the event"""
time: Float!
"""Description of the event"""
label: String!
"""Brief description of the event"""
shortLabel: String!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: AnnotationType!
}
"""An object for marking durations!"""
type TimePeriod {
"""
An tuple of two numbers representing start time, end time in ms since epoch, start bucket index, end bucket index
"""
duration: [Float!]!
"""Label that describes the metrics"""
title: String!
"""
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows
charts to attach to it.
"""
type: PeriodType!
}
enum TimeseriesMetricType {
"""Total avg upstream traffic (from the site to the Cato Cloud)"""
bytesUpstream
"""Total avg downstream traffic (from the Cato Cloud to the site)"""
bytesDownstream
"""Total max upstream traffic (from the site to the Cato Cloud)"""
bytesUpstreamMax
"""Total max downstream traffic (from the site to the Cato Cloud)"""
bytesDownstreamMax
"""Total upstream packets"""
packetsUpstream
"""Total downstream packets"""
packetsDownstream
"""Number of packets lost for upstream traffic"""
lostUpstream
"""Number of packets lost for downstream traffic"""
lostDownstream
"""Percent of packet loss for upstream traffic"""
lostUpstreamPcnt
"""Percent of packet loss for downstream traffic"""
lostDownstreamPcnt
"""Total packets discarded for downstream traffic"""
packetsDiscardedDownstream
"""Total packets discarded for upstream traffic"""
packetsDiscardedUpstream
"""Percent packets discarded for upstream traffic"""
packetsDiscardedUpstreamPcnt
"""Percent packets discarded for downstream traffic"""
packetsDiscardedDownstreamPcnt
"""
Jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterUpstream
"""
Jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets)
"""
jitterDownstream
"""Total number of bytes of upstream and downstream traffic"""
bytesTotal
"""Round-trip time from the Socket to the Cato Cloud"""
rtt
"""Health analytics for the site"""
health @deprecated
"""
The age of the physical tunnel in milliseconds (It is zeroed even on transparent reconnect)
"""
tunnelAge
"""
Packet loss from socket directly to a well known global services, not through Cato This is used to measure last
mile provider's performance, independent of the service.
"""
lastMilePacketLoss
"""
Latency from socket directly to a well known global service, not through Cato. This is used to measure last
mile provider's performance, independent of the service.
"""
lastMileLatency
}
enum PeriodType {
"""packet loss connectivity issue"""
packetLoss
"""missing data"""
missingData
"""interface in standby mode"""
passiveLink
"""traffic was seen"""
active
"""some packets were queued"""
overlowed
"""some packets were discarded after queue timeout"""
congested
"""multiple last mile destinations measured packet loss"""
lastmilePacketLoss
"""
multiple last mile destinations measured large latency (greater than 500ms)
"""
lastmileLatency
"""unspecified period type"""
generic
"""period connected to specific pop instance"""
pop
}
enum AnnotationType {
"""The site connects to a different PoP"""
popChange
"""Change for HA status role"""
roleChange
"""The ISP IP address (remote IP) changed"""
remoteIPChange
"""Other events that are included in annotations"""
generic
}
type DimensionData {
"""Type of the dimension"""
label: String!
"""String value of the dimension"""
value: String
}
type TimeseriesKey {
"""Measure field"""
measureFieldName: String!
"""List of dimension key-value pair for this timeseries key"""
dimensions: [DimensionKey!]
}
type DimensionKey {
"""Dimension field"""
fieldName: String!
"""String value of the dimension"""
value: String
}
scalar IPSubnet
"""A from-to range (used for DHCP range, for example)"""
scalar IPRange
"""A key value pairs object { "key1": "value1", "key2": "value2" }"""
scalar Map
"""
Enter the time frame for the data that the query returns.
The argument is in the format \.\ This argument is mandatory.
These are the supported options to define the time frame:
last.\