Cato Networks GraphQL API Reference
Support
Terms of Service
Refer to: Support Policy for Cato API
API Endpoints and Schema
Refer to: What is the Cato API
GraphQL Introspection Query
Use the GraphQL Introspection system to learn more about queries and types with the Cato API schema.
For more information, see the GraphQL Documentation.
API Labeling
EA: These APIs are part of Cato's EA program, if you’re interested in joining, please contact us at ea@catonetworks.com
Rollout: We are gradually rolling out these APIs, and they will be available to all accounts after a few weeks.
Beta: These APIs are fully operational but may undergo schema changes, including potential breaking changes, with limited advance notice—possibly as short as two weeks.
Queries
accountBySubdomain
Response
Returns [AccountDataPayload!]
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
|
subdomains - [String!]!
|
a list of required subdomains |
Example
Query
query accountBySubdomain($accountID:ID!, $subdomains:[String!]!) {
accountBySubdomain(accountID:$accountID, subdomains:$subdomains) {
id
subdomain
}
}
Variables
{"accountID": "123", "subdomains": ["company"]}
Response
{"data": {"accountBySubdomain": [{"id": "123", "subdomain": "company"}]}}
accountMetrics
Description
The accountMetrics query helps you analyze the state and quality of the connections of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics, statics, and analytics for the account.
Response
Returns an AccountMetrics
Arguments
| Name | Description |
|---|---|
accountID - ID
|
Unique Identifier of Account. |
timeFrame - TimeFrame!
|
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory. |
groupInterfaces - Boolean
|
When the boolean argument groupInterfaces is set to true, then the data for all the interfaces are aggregated to a single interface. |
groupDevices - Boolean
|
When the boolean argument groupDevices is set to true, then the analytics for all the Sockets (usually two in high availability) are aggregated as one result. For the best results for aggregated Sockets, we recommend that there is consistent names and functionality (for example Destination) for the links on both Sockets. |
Example
Query
query accountMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$groupInterfaces: Boolean,
$groupDevices: Boolean,
$siteIDs: [ID!]
) {
accountMetrics(
accountID:$accountID,
timeFrame: $timeFrame,
groupInterfaces: $groupInterfaces,
groupDevices: $groupDevices
) {
id
from
to
sites(siteIDs:$siteIDs) {
id
metrics {
bytesUpstream
bytesDownstream
}
interfaces {
name
metrics {
bytesUpstream
bytesDownstream
}
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"groupInterfaces": false,
"groupDevices": true,
"siteIDs": ["456", "789"]
}
Response
{
"data": {
"accountMetrics": {
"id": "123",
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"sites": [
{
"id": "456",
"metrics": {"bytesUpstream": 122324400, "bytesDownstream": 8354720},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 122324400,
"bytesDownstream": 8354720
}
}
]
},
{
"id": "789",
"metrics": {"bytesUpstream": 100254955, "bytesDownstream": 3907080},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 100254955,
"bytesDownstream": 3907080
}
}
]
}
]
}
}
}
accountRoles
Response
Returns an AccountRolesResult!
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
|
accountType - AccountType
|
Example
Query
query accountRoles($accountID:ID!){
accountRoles(accountID: $accountID) {
items {
name
isPredefined
}
total
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountRoles": {
"items": [
{"name": "Editor", "isPredefined": true},
{"name": "Viewer", "isPredefined": true},
{"name": "Network admin", "isPredefined": true},
{"name": "Security Admin", "isPredefined": true},
{"name": "Access Admin", "isPredefined": true}
],
"total": 5
}
}
}
accountSnapshot
Description
Current snapshot-based metrics that show near real‑time data for the account. Provides analytics that are similar to the Topology page for the account.
Response
Returns an AccountSnapshot
Arguments
| Name | Description |
|---|---|
accountID - ID
|
Unique Identifier of Account. |
Example
Query
query accountSnapshot($accountID:ID!) {
accountSnapshot(accountID:$accountID) {
sites {
connectivityStatus
haStatus{
readiness
wanConnectivity
keepalive
socketVersion
}
operationalStatus
lastConnected
connectedSince
devices {
connected
version
}
}
users {
connectivityStatus
connectedInOffice
name
deviceName
}
timestamp
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountSnapshot": {
"sites": [
{
"connectivityStatus": "connected",
"haStatus": {
"readiness": "ready",
"wanConnectivity": "ok",
"keepalive": "ok",
"socketVersion": "ok"
},
"operationalStatus": "active",
"lastConnected": "2023-02-28T13:21:05Z",
"connectedSince": "2023-02-27T15:10:06Z",
"devices": [
{"connected": true, "version": "17.0.16303"},
{"connected": true, "version": "17.0.16303"}
]
},
{
"connectivityStatus": "disconnected",
"haStatus": null,
"operationalStatus": "active",
"lastConnected": "2020-03-11T13:43:40Z",
"connectedSince": null,
"devices": [{"connected": false, "version": ""}]
}
],
"users": [
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Employee Domywork",
"deviceName": "Employee’s MacBook Pro"
},
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Alice Bobs",
"deviceName": "Alice’s MacBook Pro"
}
],
"timestamp": "2023-02-28T13:22:21Z"
}
}
}
admin
Response
Returns a GetAdminPayload
Example
Query
query admin($accountId:ID!, $adminID:ID!) {
admin(accountId:$accountId, adminID:$adminID) {
id
firstName
lastName
email
creationDate
mfaEnabled
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"admin": {
"id": "456",
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"mfaEnabled": false,
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
admins
Response
Returns an AdminsResult
Example
Query
query admins($accountId:ID!, $limit: Int) {
admins(accountID:$accountId, limit: $limit) {
items {
id
email
managedRoles {
role {
name
}
}
}
total
}
}
Variables
{"accountId": "123", "limit": 2}
Response
{
"data": {
"admins": {
"items": [
{
"id": "1",
"email": "editor@company.org",
"managedRoles": [{"role": {"name": "Editor"}}]
},
{
"id": "2",
"email": "viewer@company.org",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
],
"total": 3
}
}
}
appStats
Description
BETA
Response
Returns an AppStats
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
|
sort - [AppStatsSort!]
|
Example
Query
query appStats(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$dimensions:[Dimension],
$sort:[AppStatsSort!],
$limit:Int,
$from:Int,
) {
appStats(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "app"}],
"sort": [{"fieldName": "traffic", "order": "desc"}],
"measures": [
{"fieldName": "traffic", "aggType": "sum"},
{"fieldName": "application", "aggType": "any"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"app": "zoom",
"application": "Zoom",
"traffic": "95138282696"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "udp",
"application": "UDP",
"traffic": "45401221439"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "Tech",
"application": "Technological apps",
"traffic": "13982474567"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "AppleSoftwareupdate",
"application": "Apple software update",
"traffic": "11624258191"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
}
]
}
}
}
appStatsTimeSeries
Description
BETA
Response
Returns an AppStatsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
Example
Query
query appStatsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$buckets:Int!
) {
appStatsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "upstream", "aggType": "sum"},
{"fieldName": "downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "upstream"}
},
{
"label": "sum(downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "downstream"}
}
]
}
}
}
auditFeed
Description
Audit Feed for account changes
Response
Returns an AuditFeed
Arguments
| Name | Description |
|---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
timeFrame - TimeFrame!
|
|
filters - [AuditFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query auditFeed($accountID:ID!, $timeFrame: TimeFrame!){
auditFeed(accountIDs:[$accountID], timeFrame:$timeFrame) {
from
to
fetchedCount
accounts {
id
records{
admin {
name
}
object {
name
}
time
fields {
name
value {
... on Entity {
name
id
type
}
... on StringValue {
string
}
... on DateValue {
date
}
}
}
}
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"auditFeed": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"records": [
{
"time": "2023-02-28T08:48:21Z",
"fields": [
{
"name": "admin",
"value": {
"name": "admin@company.org",
"id": "456",
"type": "admin",
"__typename": "Entity"
}
},
{
"name": "change.Before.description",
"value": {
"string": "Description before change",
"__typename": "StringValue"
}
},
{
"name": "change.After.description",
"value": {
"string": "Description after change",
"__typename": "StringValue"
}
},
{
"name": "model_name",
"value": {"string": "Site name", "__typename": "StringValue"}
},
{
"name": "module",
"value": {
"string": "Configuration",
"__typename": "StringValue"
}
},
{
"name": "change_type",
"value": {"string": "MODIFIED", "__typename": "StringValue"}
},
{
"name": "creation_date",
"value": {
"string": "1677574090000",
"__typename": "DateValue"
}
},
{
"name": "model_type",
"value": {"string": "Site", "__typename": "StringValue"}
},
{
"name": "admin_id",
"value": {"string": "456", "__typename": "StringValue"}
},
{
"name": "insertion_date",
"value": {
"date": "2023-02-28T08:48:21Z",
"__typename": "DateValue"
}
},
{
"name": "account_id",
"value": {"string": "123", "__typename": "StringValue"}
}
]
}
]
}
]
}
}
}
entityLookup
Description
Lookup entities with a specific type, potentially filtered and paged
Response
Returns an EntityLookupResult!
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
The account ID (or 0 for non-authenticated requests) |
type - EntityType!
|
Type of entity to lookup for |
limit - Int
|
Sets the maximum number of items to retrieve Default |
from - Int
|
Sets the offset number of items (for paging) Default |
parent - EntityInput
|
Return items under a parent entity (can be site, vpn user, etc), used to filter for networks that belong to a specific site for example |
search - String
|
Adds additional search parameters for the lookup. Available options: country lookup: "removeExcluded" to return only allowed countries countryState lookup: country code ("US", "CN", etc) to get country's states Default |
entityIDs - [ID!]
|
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not universally available, and may not be applicable specific Entity types. If used on non applicable entity type, an error will be generated. |
sort - [SortInput]
|
Adds additional sort criteria(s) for the lookup. This option is not universally available, and may not be applicable specific Entity types. |
filters - [LookupFilterInput]
|
Custom filters for entityLookup |
helperFields - [String!]
|
Additional helper fields |
Example
Query
query entityLookup($accountID:ID!, $limit:Int, $type:EntityType!) {
entityLookup(accountID: $accountID, type:$type, limit: $limit) {
items {
entity{
id
name
}
}
total
}
}
Variables
{"accountID": "123", "limit": 2, "type": "site"}
Response
{
"data": {
"entityLookup": {
"items": [
{"entity": {"id": "45040", "name": "azure_test"}},
{"entity": {"id": "75791", "name": "esx_test"}}
],
"total": 5
}
}
}
events
Response
Returns an Events
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
|
sort - [EventsSort!]
|
Example
Query
query events($accountID:ID!, $timeFrame:TimeFrame!, ) {
events(accountID: $accountID, timeFrame:$timeFrame, measures: {fieldName: event_count, aggType: sum}) {
records {
flatFields
fieldsMap
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"events": {
"records": [
{
"flatFields": [["event_count", "2"]],
"fieldsMap": {"event_count": "2"}
}
]
}
}
}
eventsFeed
Description
Event Feed for events paged by a topic partitions offsets marker
Response
Returns an EventsFeedData
Arguments
| Name | Description |
|---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
filters - [EventFeedFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query eventsFeed(
$accountIDs: [ID!],
$filters: [EventFeedFieldFilterInput!]
) {
eventsFeed(
accountIDs: $accountIDs,
filters: $filters,
) {
marker
fetchedCount
accounts {
id
errorString
records {
fieldsMap
}
}
}
}
Variables
{
"accountIDs": [123],
"filters": [
{
"fieldName": "event_type",
"operator": "is_not",
"values": ["Sockets Management"]
},
{
"fieldName": "event_sub_type",
"operator": "is",
"values": ["Disconnected"]
}
]
}
Response
{
"data": {
"eventsFeed": {
"marker": "W3siVG9waWMiOiIxODIiLCJQYXJ0aXRpb24iOjAsIk9mZnNldCI6MzIxNTM4fV0=",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"errorString": "",
"records": [
{
"fieldsMap": {
"ISP_name": "IP Addresses Are Assigned Statically",
"account_id": "123",
"client_version": "8.0.4127",
"event_count": "1",
"event_sub_type": "Disconnected",
"event_type": "Connectivity",
"internalId": "7r0c7xUYIf",
"link_type": "Cato",
"pop_name": "Amsterdam",
"socket_interface": "WAN1",
"src_country": "Israel",
"src_country_code": "IL",
"src_is_site_or_vpn": "Site",
"src_isp_ip": "1.2.3.4",
"src_site": "native-range",
"time": "1677170467000",
"tunnel_protocol": "DTLS"
}
}
]
}
]
}
}
}
eventsTimeSeries
Response
Returns an EventsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
Example
Query
query eventsTimeSeries(
$accountID: ID!,
$filters: [EventsFilter!],
$timeFrame: TimeFrame!,
$measures: [EventsMeasure],
$buckets: Int!
) {
eventsTimeSeries(
accountID: $accountID,
filters: $filters,
timeFrame:$timeFrame,
measures: $measures
) {
id
from
to
granularity
timeseries(buckets:$buckets) {
label
data
}
}
}
Variables
{
"accountID": "4125",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [{"fieldName": "event_count", "aggType": "sum"}],
"buckets": 4
}
Response
{
"data": {
"eventsTimeSeries": {
"id": "4125",
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 21600,
"timeseries": [
{
"label": "sum(event_count)",
"data": [
[1677542400000, 5],
[1677564000000, 2],
[1677585600000, 0],
[1677607200000, 5]
]
}
]
}
}
}
subDomains
Description
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
- Regular account - Return only 1 subdomain relating to the regular account
- Reseller account - Return all subdomains including the reseller account subdomain
- Reseller account - Return only the reseller account subdomain
Response
Returns [SubDomain!]!
Example
Query
query subDomains($accountID:ID!, $managedAccount:Boolean) {
subDomains(accountID:$accountID, managedAccount:$managedAccount) {
accountId
accountName
accountType
subDomain
}
}
Variables
{"accountID": "123", "managedAccount": true}
Response
{
"data": {
"subDomains": [
{
"accountId": "123",
"accountName": "Gamma LLC",
"accountType": "Reseller",
"subDomain": "subdomain3"
},
{
"accountId": "1235",
"accountName": "Delta Inc.",
"accountType": "Regular",
"subDomain": "subdomain4"
}
]
}
}
AccountManagementQueries
account
Description
Read the account information
Response
Returns an AccountInfo
Example
Query
query getAccount($accountId:ID!) {
accountManagement(accountId: $accountId) {
account {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456"}
Response
{
"data": {
"accountManagement": {
"account": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AppTenantRestrictionPolicyQueries
policy
Beta
Response
Returns an AppTenantRestrictionPolicy!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionPolicyInput
|
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "5e38909c-d5f4-4132-98eb-7efd28ca5ca5",
"index": 1,
"name": "App Tenant Restriction Rule 1"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
CatalogQueries
catalogApplication
Beta
Response
Returns a CatalogApplication
Arguments
| Name | Description |
|---|---|
input - ApplicationRefInput!
|
Example
Query
query ($accountId: ID!, $refInput: ApplicationRefInput!) {
catalogs(accountId: $accountId) {
catalogApplication(input: $refInput) {
__typename
id
name
descriptionSummary
description
category {
id
name
}
securityAttributes {
mfa
encryptionAtRest
auditTrail
rbac
rememberPassword
sso
trustedCertificate
tlsEnforcement
httpSecurityHeaders
}
ipoStatus
website
originCountry {
id
name
}
region
city
risk
numOfEmployees
capability
activity {
id
name
}
type
sanctioned
recentlyAdded
standardPorts {
port
protocol
}
}
}
}
Variables
{"accountId": "123456", "refInput": {"by": "ID", "input": "Facebook"}}
Response
{
"data": {
"catalogs": {
"catalogApplicationList": {
"pageInfo": {"total": 1},
"application": [
{
"__typename": "CatalogApplication",
"id": "Facebook",
"name": "Facebook",
"descriptionSummary": "Facebook is an online social networking service that enables its users to connect with friends and family.",
"description": "Facebook is an online social networking service that allows its users to connect with friends and family as well as make new connections.It provides its users with the ability to create a profile, update information, add images, send friend requests, and accept requests from other users. Its features include status update, photo tagging and sharing, and more. Facebooks profile structure includes a timeline, information related to the user, images of the user, images added by friends of the user, notes, pages, groups, and more. It enables its users to create pages related to entertainment, sports, business, finance, preferences, hobbies, culture, religion, causes, organizations, and a number of other categories. It also enables its users to join or create groups related to a vast number of categories.With millions of more users, [Friendster] attempted to acquire the company for $10 million in mid-2004. Facebook turned down the offer and subsequently received $12.7 million in funding from [Accel Partners] at a valuation of around $100 million. Facebook continued to grow opening up to high school students in September 2005 and adding a photo-sharing feature the next month. The next spring, Facebook received $25 million in funding from [Greylock Partners] and [Meritech Capital] as well as previous investors [Accel Partners] and [Peter Thiel]. The pre-money valuation for this deal was about $525 million. Facebook subsequently opened up to work networks eventually amassing over 20,000 work networks. Finally, in September 2006, Facebook was opened to anyone with an email address.Facebook continued to receive funding most notably in January 2011 receiving $1.5 billion and valuing the company at $50 billion. A year later in February 2012, Facebook announced that it was filing for its long-anticipated initial public offering. The company went public on May 18, 2012 opening in [NASDAQ] with shares trading at $42.05.Facebook announced positive numbers in February 2012 upon filing for its IPO. As of July 2013 over 1.15 billion users have logged into Facebook every month and 669 million users daily. Mobile users now make up half of Facebooks user base with 819 million monthly actives. Facebook is one of the most trafficked sites in the United States. Additionally, Facebook is the top photo-sharing site with 250 million photos uploaded per day.The company has a strategic partnership with AXA Group to develop marketing and commercial collaboration in the digital, social, and mobile sphere.Facebook is currently the owner of many applications and services such as Pagemodo Pagebuilder, [RSS Graffiti], Huddle, and more. It is the worlds largest social network with over 1.32 billion monthly active users.Facebook was founded by Mark Zuckerberg in Menlo Park, California in 2004.",
"category": [{"id": "social", "name": "Social"}],
"complianceAttributes": {
"iso27001": "SUPPORTED",
"sox": "SUPPORTED",
"hippa": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"isae3402": "SUPPORTED",
"pciDss": "SUPPORTED"
},
"securityAttributes": {
"mfa": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"auditTrail": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"trustedCertificate": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED"
},
"ipoStatus": "IPO",
"website": "http://www.facebook.com",
"originCountry": {"id": "US", "name": "United States"},
"region": "California",
"city": "Menlo Park",
"risk": 3,
"numOfEmployees": "BETWEEN_10001_MAX",
"logo": null,
"capability": ["APP_CONTROL_INLINE"],
"activity": [
{"id": "facebook_upload_post", "name": "Post"},
{"id": "facebook_comment", "name": "Comment"},
{"id": "facebook_login", "name": "Login"},
{"id": "full_path_url", "name": "Full Path URL"}
],
"type": "CLOUD_APPLICATION",
"sanctioned": false,
"recentlyAdded": false,
"standardPorts": [{"port": [443], "protocol": "TCP"}]
}
]
}
}
}
}
catalogApplicationList
Beta
Response
Returns a CatalogApplicationListPayload
Arguments
| Name | Description |
|---|---|
input - CatalogApplicationListInput!
|
Example
Query
query ($accountId: ID!, $input: CatalogApplicationListInput!) {
catalogs(accountId: $accountId) {
catalogApplicationList(input: $input) {
pageInfo {
total
}
application {
__typename
id
name
descriptionSummary
description
category {
id
name
}
complianceAttributes {
iso27001
sox
hippa
soc1
soc2
soc3
isae3402
pciDss
}
securityAttributes {
mfa
encryptionAtRest
auditTrail
rbac
rememberPassword
sso
trustedCertificate
tlsEnforcement
httpSecurityHeaders
}
ipoStatus
website
originCountry {
id
name
}
region
city
risk
numOfEmployees
capability
activity {
id
name
}
type
sanctioned
recentlyAdded
standardPorts {
port
protocol
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"sort": {"name": {"direction": "ASC", "priority": 1}},
"filter": {"name": {"eq": "Facebook"}},
"paging": {"limit": 1}
}
}
Response
{
"data": {
"catalogs": {
"catalogApplicationList": {
"pageInfo": {"total": 1},
"application": [
{
"__typename": "CatalogApplication",
"id": "Facebook",
"name": "Facebook",
"descriptionSummary": "Facebook is an online social networking service that enables its users to connect with friends and family.",
"description": "Facebook is an online social networking service that allows its users to connect with friends and family as well as make new connections.It provides its users with the ability to create a profile, update information, add images, send friend requests, and accept requests from other users. Its features include status update, photo tagging and sharing, and more. Facebooks profile structure includes a timeline, information related to the user, images of the user, images added by friends of the user, notes, pages, groups, and more. It enables its users to create pages related to entertainment, sports, business, finance, preferences, hobbies, culture, religion, causes, organizations, and a number of other categories. It also enables its users to join or create groups related to a vast number of categories.With millions of more users, [Friendster] attempted to acquire the company for $10 million in mid-2004. Facebook turned down the offer and subsequently received $12.7 million in funding from [Accel Partners] at a valuation of around $100 million. Facebook continued to grow opening up to high school students in September 2005 and adding a photo-sharing feature the next month. The next spring, Facebook received $25 million in funding from [Greylock Partners] and [Meritech Capital] as well as previous investors [Accel Partners] and [Peter Thiel]. The pre-money valuation for this deal was about $525 million. Facebook subsequently opened up to work networks eventually amassing over 20,000 work networks. Finally, in September 2006, Facebook was opened to anyone with an email address.Facebook continued to receive funding most notably in January 2011 receiving $1.5 billion and valuing the company at $50 billion. A year later in February 2012, Facebook announced that it was filing for its long-anticipated initial public offering. The company went public on May 18, 2012 opening in [NASDAQ] with shares trading at $42.05.Facebook announced positive numbers in February 2012 upon filing for its IPO. As of July 2013 over 1.15 billion users have logged into Facebook every month and 669 million users daily. Mobile users now make up half of Facebooks user base with 819 million monthly actives. Facebook is one of the most trafficked sites in the United States. Additionally, Facebook is the top photo-sharing site with 250 million photos uploaded per day.The company has a strategic partnership with AXA Group to develop marketing and commercial collaboration in the digital, social, and mobile sphere.Facebook is currently the owner of many applications and services such as Pagemodo Pagebuilder, [RSS Graffiti], Huddle, and more. It is the worlds largest social network with over 1.32 billion monthly active users.Facebook was founded by Mark Zuckerberg in Menlo Park, California in 2004.",
"category": [{"id": "social", "name": "Social"}],
"complianceAttributes": {
"iso27001": "SUPPORTED",
"sox": "SUPPORTED",
"hippa": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"isae3402": "SUPPORTED",
"pciDss": "SUPPORTED"
},
"securityAttributes": {
"mfa": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"auditTrail": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"trustedCertificate": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED"
},
"ipoStatus": "IPO",
"website": "http://www.facebook.com",
"originCountry": {"id": "US", "name": "United States"},
"region": "California",
"city": "Menlo Park",
"risk": 3,
"numOfEmployees": "BETWEEN_10001_MAX",
"logo": null,
"capability": ["APP_CONTROL_INLINE"],
"activity": [
{"id": "facebook_upload_post", "name": "Post"},
{"id": "facebook_comment", "name": "Comment"},
{"id": "facebook_login", "name": "Login"},
{"id": "full_path_url", "name": "Full Path URL"}
],
"type": "CLOUD_APPLICATION",
"sanctioned": false,
"recentlyAdded": false,
"standardPorts": [{"port": [443], "protocol": "TCP"}]
}
]
}
}
}
}
contentTypeGroupList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CatalogApplicationContentTypeGroupListInput!
|
Example
Query
query ContentTypeGroups($accountId: ID!, $input: CatalogApplicationContentTypeGroupListInput!) {
catalogs(accountId: $accountId) {
contentTypeGroupList(input: $input) {
pageInfo {
total
}
contentTypeGroup {
id
name
contentType {
id
name
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"sort": {"name": {"direction": "ASC", "priority": 1}},
"filter": [
{"name": {"in": ["Binaries", "disk"]}},
{"contentType": {"id": {"eq": "cab"}}, "id": {"eq": "archive"}}
],
"paging": {"limit": 20}
}
}
Response
{
"data": {
"catalogs": {
"contentTypeGroupList": {
"pageInfo": {"total": 2},
"contentTypeGroup": [
{
"id": "archive",
"name": "Archives",
"contentType": [{"id": "cab", "name": "Windows CABinet"}]
},
{
"id": "bin",
"name": "Binaries",
"contentType": [
{"id": "bin", "name": "Binary files"},
{"id": "elf-dump", "name": "ELF core dump"},
{"id": "elf-obj", "name": "ELF object file"},
{"id": "mat", "name": "MATLAB MAT file"}
]
}
]
}
}
}
}
ContainerQueries
list
Beta
Response
Returns a ContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - ContainerSearchInput!
|
Example
Query
query listContainers($accountId:ID!, $input:ContainerSearchInput!) {
container(accountId: $accountId) {
list(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"refs": [{"by": "NAME", "input": "Some Container"}],
"types": ["FQDN"]
}
}
Response
{
"data": {
"container": {
"list": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
FqdnContainerQueries
downloadFile
Beta
Response
Returns a DownloadFqdnContainerFilePayload!
Arguments
| Name | Description |
|---|---|
input - DownloadFqdnContainerFileInput!
|
Example
Query
query downloadFqdnFile($accountId:ID!, $input:DownloadFqdnContainerFileInput!) {
container(accountId: $accountId) {
fqdn {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"fqdn": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "MTkwLjIwLjI0LjM2LTE5MC4yMC4yNC4yMzYKMjAuMTAuMTMuMjcKMTgzLjEzLjU0LjIzNA=="
}
}
}
}
}
search
Beta
Response
Returns a FqdnContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:FqdnContainerSearchInput!) {
container(accountId: $accountId) {
fqdn {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"search": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchFqdn
Beta
Response
Returns a FqdnContainerSearchFqdnPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerSearchFqdnInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:FqdnContainerSearchFqdnInput!) {
container(accountId: $accountId) {
fqdn {
searchFqdn(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{"accountId": 12345, "input": {"fqdn": "google.com"}}
Response
{
"data": {
"container": {
"fqdn": {
"searchFqdn": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
IpAddressRangeContainerQueries
downloadFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - DownloadIpAddressRangeContainerFileInput!
|
Example
Query
query downloadIpAddressNameFile($accountId:ID!, $input:DownloadIpAddressRangeContainerFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"ipAddressRange": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "ZXhhbXBsZS5jb20KZ29vZ2xlLmNvbQphbWF6b20uY29t"
}
}
}
}
}
search
Beta
Response
Returns an IpAddressRangeContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:IpAddressRangeContainerSearchInput!) {
container(accountId: $accountId) {
ipAddressRange {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"search": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchIpAddressRange
Beta
Response
Returns an IpAddressRangeContainerSearchIpAddressRangePayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerSearchIpAddressRangeInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:IpAddressRangeContainerSearchIpAddressRangeInput!) {
container(accountId: $accountId) {
ipAddressRange {
searchIpAddressRange(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ipAddressRange": {"from": "190.20.24.36", "to": "190.20.24.236"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"searchIpAddressRange": {
"containers": [
{
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
DynamicIpAllocationPolicyQueries
policy
Beta
Response
Returns a DynamicIpAllocationPolicy!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationPolicyInput
|
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
policy {
enabled
rules {
properties
rule {
id
index
name
range {
globalIpRange{
id
name
}
}
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc",
"index": 1,
"name": "Rule2",
"range": {
"globalIpRange": {"id": "1927109", "name": "12.22.17.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "eb2d4d79-0149-4839-a5c4-fc167211dbe6",
"index": 2,
"name": "Rule1",
"range": {
"globalIpRange": {"id": "1927108", "name": "12.22.16.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"index": 3,
"name": "Updated rule name",
"range": {
"globalIpRange": {"id": "1927110", "name": "12.22.18.0/24"}
}
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "Updated section new to the new name"
}
},
{
"properties": [],
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
{
"properties": [],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
HardwareManagementQueries
socketInventory
Beta
Description
Retrieve the account socket inventory
Response
Returns a SocketInventoryPayload!
Arguments
| Name | Description |
|---|---|
input - SocketInventoryInput
|
Example
Query
query socketInventory($accountId: ID!, $input: SocketInventoryInput!) {
hardwareManagement(accountId: $accountId) {
socketInventory(input: $input) {
items {
id
status
serialNumber
socketMac
socketVersion
site {
id
name
}
account {
id
name
}
shippingDate
socketType
trackingUrl
trackingNumber
shippingCompany
deliverySiteName
description
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 25, "from": 0},
"filter": {"freeText": {"search": "search"}},
"sort": {"deliverySiteName": {"direction": "ASC"}}
}
}
Response
{
"data": {
"hardwareManagement": {
"socketInventory": {
"items": [
{
"id": "111111",
"status": "DELIVERED",
"serialNumber": "987654321",
"socketMac": "00-B0-D0-63-C2-26",
"socketVersion": "13.0.11395",
"site": {"id": "010101", "name": "exampleSite"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1500",
"trackingUrl": "https://fedex.com/1111111",
"trackingNumber": "1111111",
"shippingCompany": "fedex",
"deliverySiteName": "exampleWarehouse",
"description": "example description"
},
{
"id": "2222222",
"status": "SHIPPED",
"serialNumber": "123456789",
"socketMac": "00-B0-D0-63-C2-27",
"socketVersion": "13.0.11395",
"site": {"id": "0202", "name": "exampleSite2"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1700",
"trackingUrl": "https://ups.com/2222222",
"trackingNumber": "2222222",
"shippingCompany": "ups",
"deliverySiteName": "exampleWarehouse2",
"description": "example description 2"
}
],
"pageInfo": {"total": 2}
}
}
}
}
HardwareQueries
hardware
Beta
Description
Retrieve the account hardware items
Response
Returns a HardwarePayload
Arguments
| Name | Description |
|---|---|
input - HardwareSearchInput
|
Example
Query
query hardware($accountID:ID!, $input: HardwareSearchInput!) {
hardware(accountId:$accountID) {
hardware( input: $input ) {
items {
id
account {
id
}
shippingDetail{
cityName
countryName
street
powerCable
zipCode
}
validation{
addressValidationStatus
}
}
pageInfo{
total
}
}
}
}
Variables
{
"accountID": "26361",
"input": {
"filter": {"countryName": [{"in": ["France"]}], "product": []},
"sort": {"licenseStartDate": {"direction": "ASC", "priority": 0}}
}
}
Response
{
"data": {
"hardware": {
"hardware": {
"items": [
{
"id": "4179d060-ea44-4c9d-a175-958c2b19d971",
"account": {
"id": "10036494",
"name": "",
"__typename": "AccountRef"
},
"siteCountryName": "Netherlands",
"siteSFId": "a4O08000002SvzB",
"sfId": "a1a0800000z14aQAAQ",
"licenseId": "LIC-BW-7717-000021",
"quoteId": "quote1",
"licenseStartDate": "2023-08-01",
"productType": "Socket",
"serialNumber": "2305100839",
"model": "Cato Socket X1500 (HA)",
"lastModified": "2024-11-21T10:37:21.647Z",
"shippingTracking": {
"trackingNumber": "GE958808541NL",
"trackingUrl": "<a href=\"https://www.tnt.com/express/en_nl/site/shipping-tools/tracking.html?searchType=con&cons=GE958808541NL\" target=\"_blank\">Track HW-045393</a>",
"shippingStatus": "PENDING_INFO",
"shippingDate": "2023-08-10",
"__typename": "ShippingTracking"
},
"shippingDetail": {
"companyName": "",
"street": "",
"cityName": "",
"countryName": "",
"stateName": "",
"zipCode": "",
"incoterms": "",
"instruction": "",
"vatId": "",
"contact": {
"name": "",
"phone": "",
"email": "",
"__typename": "ContactDetails"
},
"comment": "",
"powerCable": "C14",
"__typename": "ShippingDetails"
},
"validation": {
"completed": false,
"incompleteReason": "Missing company name",
"addressValidationStatus": "NA",
"__typename": "HardwareValidation"
},
"__typename": "Hardware"
},
{
"id": "775c6827-b3c1-4921-880b-7c59ed6e0154",
"account": {
"id": "10036494",
"name": "",
"__typename": "AccountRef"
},
"siteCountryName": "Belgium",
"siteSFId": "a4O08000002Svzq",
"sfId": "a1a0800000z14ajAAA",
"licenseId": "LIC-BW-7717-000001",
"quoteId": "quote1",
"licenseStartDate": "2023-11-01",
"productType": "Socket",
"serialNumber": "2324100210",
"model": "Cato Socket X1700 (Main)",
"lastModified": "2024-11-21T10:37:21.750Z",
"shippingTracking": {
"trackingNumber": "10273779",
"trackingUrl": "",
"shippingStatus": "PENDING_INFO",
"shippingDate": "2023-10-31",
"__typename": "ShippingTracking"
},
"shippingDetail": {
"companyName": "",
"street": "",
"cityName": "",
"countryName": "",
"stateName": "",
"zipCode": "",
"incoterms": "",
"instruction": "",
"vatId": "",
"contact": {
"name": "",
"phone": "",
"email": "",
"__typename": "ContactDetails"
},
"comment": "",
"powerCable": "C14",
"__typename": "ShippingDetails"
},
"validation": {
"completed": false,
"incompleteReason": "Missing company name",
"addressValidationStatus": "NA",
"__typename": "HardwareValidation"
},
"__typename": "Hardware"
}
],
"pageInfo": {"total": 10}
}
}
}
}
InternetFirewallPolicyQueries
policy
Beta
Response
Returns an InternetFirewallPolicy!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": ["SYSTEM"],
"rule": {
"id": "f99c880a-7474-42a7-9da1-828c2d93abe6",
"index": 1,
"name": "Block any P2P"
}
},
{
"properties": [],
"rule": {
"id": "8df22e9d-c5c2-417e-a282-7c9908bfc1f4",
"index": 2,
"name": "Default Block Tor, SMB, SMTP"
}
},
{
"properties": [],
"rule": {
"id": "d42482ef-cbf2-494d-9343-5dc6ca30f815",
"index": 3,
"name": "Default Block for Categories"
}
},
{
"properties": [],
"rule": {
"id": "5d04747f-b31f-4d7c-8c02-831f07df80b8",
"index": 4,
"name": "Default prompt for Categories"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
LicensingQueries
licensingInfo
Beta
Description
BETA
Response
Returns a LicensingInfo
Example
Query
query licensingInfo($accountId: ID!){
licensing(accountId: $accountId) {
licensingInfo {
globalLicenseAllocations {
publicIps {
total
allocated
available
}
ztnaUsers {
total
allocated
available
}
}
licenses {
sku
plan
status
expirationDate
startDate
lastUpdated
... on QuantifiableLicense {
total
}
... on DataLakeLicense {
dpaVersion
}
... on PooledBandwidthLicense {
siteLicenseGroup
siteLicenseType
allocatedBandwidth
sites {
site {
id
name
}
allocatedBandwidth
}
}
... on SiteLicense {
siteLicenseGroup
regionality
siteLicenseType
site {
id
name
}
}
... on ZtnaUsersLicense {
ztnaUsersLicenseGroup
}
}
}
}
}
Variables
{"accountId": "12345"}
Response
{
"data": {
"licensing": {
"licensingInfo": {
"globalLicenseAllocations": {
"publicIps": {"total": 68, "allocated": 0, "available": 68},
"ztnaUsers": {"total": 15, "allocated": 5, "available": 10}
},
"licenses": [
{
"sku": "CATO_CASB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T08:14:29.884Z",
"__typename": "CasbLicense"
},
{
"sku": "CATO_DATALAKE_3M",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-25T10:08:32.586Z",
"total": 1,
"dpaVersion": "DPA_2023_01",
"__typename": "DataLakeLicense"
},
{
"sku": "CATO_IP_ADD",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": null,
"lastUpdated": null,
"total": 68,
"__typename": "IpsLicense"
},
{
"sku": "CATO_MDR",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T08:14:30.294Z",
"__typename": "ManagedXdrLicense"
},
{
"sku": "CATO_PB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2024-07-04T00:00:00.000Z",
"startDate": "2024-03-31T00:00:00.000Z",
"lastUpdated": "2024-03-31T11:26:19.233Z",
"total": 250,
"siteLicenseGroup": "GROUP_2",
"siteLicenseType": "SASE",
"allocatedBandwidth": 50,
"sites": [
{
"site": {"id": "456", "name": "Tokyo"},
"allocatedBandwidth": 20
},
{
"site": {"id": "789", "name": "Sydney"},
"allocatedBandwidth": 30
}
],
"__typename": "PooledBandwidthLicense"
},
{
"sku": "CATO_ZTNA_USERS",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": null,
"lastUpdated": "2024-04-30T10:54:29.294Z",
"total": 21,
"ztnaUsersLicenseGroup": "GENERAL",
"__typename": "ZtnaUsersLicense"
},
{
"sku": "CATO_SITE",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T16:45:10.517Z",
"total": 100,
"siteLicenseGroup": "GROUP_1",
"regionality": null,
"siteLicenseType": "SASE",
"site": {"id": "123", "name": "London"},
"__typename": "SiteLicense"
},
{
"sku": "CATO_THREAT_PREVENTION",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-25T10:08:32.464Z",
"__typename": "ThreatPreventionLicense"
}
]
}
}
}
}
RemotePortFwdPolicyQueries
policy
Beta
Response
Returns a RemotePortFwdPolicy!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdPolicyInput
|
Example
Query
query RemotePortFwdPolicy($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
policy {
enabled
rules {
rule {
id
name
index
enabled
section {
id
name
}
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
ipRange {
from
to
}
subnet
globalIpRange {
id
name
}
}
restrictionType
}
}
sections {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"policy": {
"enabled": false,
"rules": [
{
"rule": {
"id": "4b80b0ac-94ea-45b8-9ae0-20d6104607ce",
"name": "new rule",
"index": 1,
"enabled": true,
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
},
"description": "",
"forwardIcmp": false,
"externalIp": {
"id": "26",
"name": "site_test_4 - 192.168.1.16"
},
"externalPortRange": {"from": 75, "to": 75},
"internalIp": "222.222.22.22",
"internalPortRange": {"from": 75, "to": 75},
"remoteIPs": {
"ip": ["192.168.1.1"],
"ipRange": [],
"subnet": [],
"globalIpRange": []
},
"restrictionType": "ALLOW_LIST"
}
}
],
"sections": [
{
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query RemotePortFwd($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
SandboxQueries
Description
Get a list of sandbox reports
Response
Returns a SandboxReportsPayload!
Arguments
| Name | Description |
|---|---|
input - SandboxReportsInput!
|
Example
Query
query Sandbox($accountId: ID!, $input: SandboxReportsInput!) {
sandbox(accountId: $accountId) {
reports(input: $input) {
report {
fileName
fileHash
status
verdict
downloadUrl
creationDate
expirationDate
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"filter": {"fileName": {"in": "eicar.zip"}},
"sort": {"reportCreateDate": {"direction": "DESC"}},
"paging": {"limit": 20, "from": 0}
}
}
Response
{
"data": {
"sandbox": {
"reports": {
"report": [
{
"fileName": "eicar.zip",
"fileHash": "FILE_HASH",
"status": "READY",
"verdict": "MALICIOUS",
"downloadUrl": "DOWNLOAD_URL",
"creationDate": "2025-01-12T12:41:30.241Z",
"expirationDate": "2025-02-11T12:42:20.132Z"
}
],
"pageInfo": {"total": 1}
}
}
}
}
SiteQueries
bgpPeer
Beta
Description
Retrieves details of a specific BGP peer by reference.
Response
Returns a BgpPeer
Arguments
| Name | Description |
|---|---|
input - BgpPeerRefInput!
|
Example
Query
query bgpPeer($accountId: ID!, $input: BgpPeerRefInput!) {
site(accountId: $accountId) {
bgpPeer(input: $input) {
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
Variables
{"accountId": 123, "input": {"input": "example peer", "by": "NAME"}}
Response
{
"data": {
"site": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
bgpPeerList
Beta
Description
Retrieves a list of all BGP peers associated with the specified site.
Response
Returns a BgpPeerListPayload
Arguments
| Name | Description |
|---|---|
input - BgpPeerListInput!
|
Example
Query
query bgpPeerList($accountId: ID!, $input: BgpPeerListInput!) {
site(accountId: $accountId) {
bgpPeerList(input: $input){
total
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"bgpPeerList": {
"total": 1,
"bgpPeer": [
{
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
]
}
}
}
}
cloudInterconnectConnectionConnectivity
Beta
Description
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
Response
Returns a CloudInterconnectConnectionConnectivity
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectConnectionConnectivityInput!
|
Example
Query
query cloudInterconnectConnectionConnectivity($accountId: ID!, $input: CloudInterconnectConnectionConnectivityInput!) {
site(accountId : $accountId){
cloudInterconnectConnectionConnectivity(input: $input) {
success
}
}
}
Variables
{"accountId": 128782, "input": {"id": "MzY2MzM0LVBSSU1BUlk="}}
Response
{
"data": {
"site": {"cloudInterconnectConnectionConnectivity": {"success": false}}
}
}
cloudInterconnectPhysicalConnection
Beta
Description
Get details of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnection
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectPhysicalConnectionInput!
|
Example
Query
query cloudInterconnectPhysicalConnection($accountId: ID!, $input: CloudInterconnectPhysicalConnectionInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnection(input: $input) {
site{
id
name
}
haRole
encapsulationMethod
subnet
privateCatoIp
privateSiteIp
upstreamBwLimit
downstreamBwLimit
popLocation{
id,
name
}
vlan
sVlan
cVlan
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnection": {
"site": {"id": "400957", "name": "cloud_interconnect_test_site"},
"haRole": "PRIMARY",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": 100,
"downstreamBwLimit": 100,
"popLocation": {
"id": "10000",
"name": "Exalt Socket Upgrade Simulator for TestCC2"
},
"vlan": 2713,
"sVlan": 0,
"cVlan": 0
}
}
}
}
cloudInterconnectPhysicalConnectionId
Beta
Description
Get the ID of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnectionId
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectPhysicalConnectionIdInput!
|
Example
Query
query cloudInterconnectPhysicalConnectionId($accountId: ID!, $input: CloudInterconnectPhysicalConnectionIdInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnectionId(input: $input) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {"site": {"by": "ID", "input": "400957"}, "haRole": "PRIMARY"}
}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnectionId": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
siteBgpStatus
Beta
Description
Provides the BGP status of the specified site, including session and route details.
Response
Returns a SiteBgpStatus
Arguments
| Name | Description |
|---|---|
input - SiteBgpStatusInput!
|
Example
Query
query siteBgpStatus($accountId: ID!, $input: SiteBgpStatusInput!) {
site(accountId: $accountId) {
siteBgpStatus(input: $input) {
status {
remoteIp
bgpSession
bfdSession
routesFromPeer
routesToPeer
rejectedRoutesFromPeer {
subnet
type
community{
from
to
}
rule
lastPublishAttempt
}
}
rawStatus
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"siteBgpStatus": {
"status": [
{
"remoteIp": "192.168.2.100",
"bgpSession": "Established via outgoing connection",
"bfdSession": null,
"routesFromPeer": ["172.16.32.0/24"],
"routesToPeer": [
"10.41.0.0/16",
"100.1.0.0/16",
"172.17.31.0/24",
"10.254.254.0/24",
"220.220.220.0/24",
"10.254.254.12/32",
"10.254.254.253/32",
"100.1.1.0/24",
"120.120.120.0/24",
"111.1.1.1/32",
"156.88.88.0/24",
"192.168.1.0/24",
"10.254.254.5/32",
"10.254.254.1/32",
"192.168.2.0/24"
],
"rejectedRoutesFromPeer": [
{
"subnet": "200.1.1.0/24",
"type": "IPv4",
"community": [{"from": 5555, "to": 5555}],
"rule": " ( ( bgp_range == 200.1.1.0/24 ) )",
"lastPublishAttempt": null
},
{
"subnet": "200.1.0.0/16",
"type": "IPv4",
"community": [{"from": 6666, "to": 6666}],
"rule": " ( ( bgp_communities ~= 436869642 ) )",
"lastPublishAttempt": null
}
]
}
],
"rawStatus": [
"{\"Exposed_On_Interface\":\"LAN1\",\"Exposed_With_IP\":\"192.168.2.1\",\"Peer\":{\"BGP_Session\":\"Established via outgoing connection\",\"BGP_peer_filter_rule\":{\"default_accept\":true,\"rules\":[{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_range\",\"op\":\"OP_EQ\",\"values\":[{\"str\":\"200.1.1.0/24\",\"type\":\"field_type_ip\"}]}]},\"id\":18258},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"364058035\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18259},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"436869642\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18260}]},\"Incoming_Connection\":{\"State\":\"Idle\",\"Transport\":\"Not set\"},\"Local_ASN\":\"65000\",\"Local_IP\":\"169.254.1.179\",\"Negotiated\":{\"Capabilities\":{\"as4\":\"0\",\"enhanced_route_refresh\":\"1\",\"graceful_restart_always_publish\":false,\"graceful_restart_enabled\":false,\"graceful_restart_present\":false,\"graceful_restart_timeout\":\"0\",\"multiprotocol_ext\":\"1\",\"route_refresh\":\"1\"},\"Hold_Time\":\"60\",\"Keepalive_Period\":\"20\"},\"Outgoing_Connection\":{\"State\":\"Established\",\"Transport\":\"169.254.1.179:43113-192.168.2.100:179\"},\"RIB_out\":[{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.253/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"15\",\"b3\",\"00\",\"37\"],\"communities\":[\"5555:55\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.0.0/16\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"120.120.120.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"0\",\"Communities offset\":\"0\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"172.17.31.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"156.88.88.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"08\",\"ae\",\"08\",\"ae\"],\"communities\":[\"2222:2222\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.1.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"220.220.220.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.2.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.41.0.0/16\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"0d\",\"05\",\"0d\",\"05\"],\"communities\":[\"3333:3333\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"111.1.1.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.12/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.5/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.1.0/24\"}],\"Remote_ASN\":\"7678\",\"Remote_IP\":\"192.168.2.100\",\"Router_ID\":\"192.168.2.1\",\"Router_Weight\":\"100\"},\"accept_default_route\":false,\"advertise_cato\":true,\"advertise_default\":\"never\",\"advertise_summary\":false,\"bfd_peer\":{\"BFD_Session\":\"DOWN\",\"bfd_config\":{\"local_asn\":65000,\"local_ip_no\":\"169.254.1.179\",\"local_port_ho\":0,\"remote_asn\":7678,\"remote_ip_no\":\"192.168.2.100\"},\"bfd_session_info\":{\"active_mode\":false,\"auth_type\":0,\"desired_min_tx_interval_usec\":300000,\"detect_interval_usec\":0,\"detect_mult\":3,\"local_diag\":\"NO_DIAGNOSTIC\",\"my_discriminator\":1394721461,\"next_detect_timestamp_usec\":9223372036854776000,\"next_send_timestamp_usec\":9223372036854776000,\"poll_in_progress\":false,\"remote_demand_mode\":false,\"remote_detect_mult\":0,\"remote_diag\":\"NO_DIAGNOSTIC\",\"remote_discriminator\":0,\"remote_min_echo_interval_usec\":0,\"remote_min_rx_interval_usec\":0,\"remote_min_tx_interval_usec\":0,\"remote_state\":\"DOWN\",\"remote_tx_interval_usec\":0,\"required_min_echo_interval_usec\":0,\"required_min_rx_interval_usec\":300000,\"state\":\"DOWN\",\"tx_interval_usec\":0},\"bfd_timeline\":[{\"event\":{\"func\":\"bfd_peer_init\",\"line\":\"513\",\"msg\":\"initialized BFD session to 192.168.2.100. tx = 300000 usec, rx = 300000 usec, mult = 3 , mode is passive\"},\"time\":\"02/12/24 09:41:03.583\"}],\"enabled\":true},\"custom_ranges_advertise\":\"never\",\"interface_pcap_captured_packets\":\"0\",\"interface_pcap_enabled\":false,\"interface_port_id\":0,\"rejected_routes_from_neighbor\":[{\"Communities\":[\"5555:5555\"],\"Subnet\":\"200.1.1.0/24\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_range == 200.1.1.0/24 ) )\"},{\"Communities\":[\"6666:6666\"],\"Subnet\":\"200.1.0.0/16\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_communities ~= 436869642 ) )\"}],\"routes_count\":\"1\",\"routes_count_limit\":\"1024\",\"routes_count_limit_exceeded\":false,\"routes_from_neighbor\":[{\"Next_Hop\":\"192.168.2.100\",\"Range\":\"172.16.32.0-172.16.32.255\",\"Subnet\":\"172.16.32.0/24\"}],\"routes_to_neighbor\":[{\"Subnet\":\"10.41.0.0/16\"},{\"Subnet\":\"111.1.1.1/32\"},{\"Subnet\":\"100.1.0.0/16\"},{\"Subnet\":\"100.1.1.0/24\"},{\"Subnet\":\"172.17.31.0/24\"},{\"Subnet\":\"120.120.120.0/24\"},{\"Subnet\":\"192.168.1.0/24\"},{\"Subnet\":\"220.220.220.0/24\"},{\"Subnet\":\"192.168.2.0/24\"},{\"Subnet\":\"10.254.254.0/24\"},{\"Subnet\":\"10.254.254.12/32\"},{\"Subnet\":\"10.254.254.253/32\"},{\"Subnet\":\"10.254.254.5/32\"},{\"Subnet\":\"10.254.254.1/32\"},{\"Subnet\":\"156.88.88.0/24\"}]}"
]
}
}
}
}
SocketLanPolicyQueries
policy
Beta
Response
Returns a SocketLanPolicy!
Arguments
| Name | Description |
|---|---|
input - SocketLanPolicyInput
|
Example
Query
query socketLan($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {"policy": {"enabled": false, "rules": [], "sections": []}}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query socketLan($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"revisions": {
"revision": [
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0}
]
}
}
}
}
}
WanFirewallPolicyQueries
policy
Beta
Response
Returns a WanFirewallPolicy!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "16044293",
"index": 1,
"name": "Allow social media"
}
},
{
"properties": [],
"rule": {"id": "16044295", "index": 2, "name": "WAN FW Rule 2"}
}
],
"sections": [
{
"properties": [],
"section": {"id": "363808", "name": "Example Wan Section"}
},
{
"properties": [],
"section": {"id": "363809", "name": "My Wan Section"}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"revisions": {
"revision": [
{"name": "WAN Test Revision", "changes": 0},
{"name": "WAN Test Revision", "changes": 0}
]
}
}
}
}
}
WanNetworkPolicyQueries
policy
Beta
Response
Returns a WanNetworkPolicy!
Arguments
| Name | Description |
|---|---|
input - WanNetworkPolicyInput
|
Example
Query
query wanNetwork($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "6f5b98bd-3252-4c45-95e1-9eeac9fd88db",
"index": 1,
"name": "my WAN network rule example"
}
},
{
"properties": [],
"rule": {
"id": "2812534",
"index": 2,
"name": "WAN Voice & Video - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812530",
"index": 3,
"name": "Internet Voice & Video - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812532",
"index": 4,
"name": "WAN RDP - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812535",
"index": 5,
"name": "Internet RDP - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812533",
"index": 6,
"name": "WAN SMB - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812536",
"index": 7,
"name": "Internet SMB - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812529",
"index": 8,
"name": "WAN Data - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812531",
"index": 9,
"name": "Internet Traffic - Predefined"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "52bd561b-2877-4941-a3d0-5c7219e8e7b7",
"name": "Wan network example section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query wanNetwork($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"revisions": {
"revision": [
{"name": "WAN network Test Revision", "changes": 0},
{"name": "WAN network Test Revision", "changes": 0},
{"name": "WAN network Test Revision", "changes": 0}
]
}
}
}
}
}
XDR
stories
Beta
Description
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
Response
Returns a StoriesData
Arguments
| Name | Description |
|---|---|
input - StoryInput!
|
Example
Query
query Stories($accountId: ID!, $from: Int!, $limit: Int!, $sort: [StorySortInput!], $filter: [StoryFilterInput!]!) {
xdr(accountID: $accountId) {
stories(
input: {paging: {from: $from, limit: $limit}, sort: $sort, filter: $filter}
) {
paging {
from
limit
total
__typename
}
items {
...StoryBrief
__typename
}
__typename
}
__typename
}
}
fragment StoryBrief on Story {
id
accountId
accountName
updatedAt
createdAt
analystName
incident {
__typename
id
status
lastSignal
firstSignal
producer
connectionType
indication
queryName
description
criticality
source
ticket
research
vendor
sourceIp
analystFeedback {
severity
__typename
}
... on Threat {
...ThreatIncidentBrief
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentBrief
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentBrief
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentBrief
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentBrief
__typename
}
}
__typename
}
fragment ThreatIncidentBrief on Threat {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment ThreatPreventionIncidentBrief on ThreatPrevention {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment AnomalyStatsIncidentBrief on AnomalyStats {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment AnomalyEventsIncidentBrief on AnomalyEvents {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment NetworkXDRIncidentBrief on NetworkXDRIncident {
__typename
storyDuration
storyType
siteConnectionType
siteConfigLocation
acknowledged
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
}
Variables
{
"accountId": "123",
"from": 0,
"limit": 25,
"filter": [
{
"timeFrame": {"time": "last.P14D", "timeFrameModifier": "StoryUpdate"},
"producer": {
"in": [
"AnomalyEvents",
"AnomalyStats",
"ThreatHunt",
"ThreatPrevention",
"MicrosoftEndpointDefender",
"CatoEndpointAlert"
]
}
}
],
"sort": [{"fieldName": "updatedAt", "order": "desc"}]
}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"stories": {
"paging": {"from": 0, "limit": 25, "total": 5, "__typename": "Paging"},
"items": [
{
"id": "65ba47966e0c8517cf2de805",
"accountId": 123,
"accountName": "account",
"updatedAt": "2024-01-31T13:13:58Z",
"createdAt": "2024-01-31T13:13:58Z",
"analystName": "abc123",
"incident": {
"__typename": "CatoEndpoint",
"id": "29ebcff1",
"status": "PendingMoreInfo",
"lastSignal": "2024-01-18T01:48:25Z",
"firstSignal": "2024-01-18T01:48:25Z",
"producer": "CatoEndpointAlert",
"connectionType": null,
"indication": "Cato Endpoint Alert",
"queryName": null,
"description": null,
"criticality": 5,
"source": "source",
"ticket": null,
"research": false,
"vendor": "CATO",
"sourceIp": null,
"analystFeedback": {
"severity": "Medium",
"__typename": "AnalystFeedback"
}
},
"__typename": "Story"
}
]
}
}
}
}
story
Beta
Description
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
Response
Returns a Story
Arguments
| Name | Description |
|---|---|
storyId - ID
|
|
producer - StoryProducerEnum
|
|
incidentId - ID
|
Example
Query
query StoryDetails($accountId: ID!, $storyId: ID!) {
xdr(accountID: $accountId) {
... on XDR {
story(storyId: $storyId) {
...StoryDetailed
__typename
}
__typename
}
__typename
}
}
fragment StoryDetailed on Story {
__typename
id
summary
updatedAt
createdAt
playbook
timeline {
...TimelineItem
__typename
}
incident {
__typename
id
status
producer
ticket
connectionType
indication
queryName
criticality
source
research
firstSignal
lastSignal
description
site {
id
name
__typename
}
user {
id
name
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentDetailed
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentDetailed
__typename
}
... on Threat {
...ThreatIncidentDetailed
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentDetailed
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentDetailed
__typename
}
... on MicrosoftEndpoint {
...MicrosoftEndpointIncidentDetailed
__typename
}
... on CatoEndpoint {
...CatoEndpointIncidentDetailed
__typename
}
}
}
fragment TimelineItem on TimelineItem {
createdAt
type
descriptions
additionalInfo
analystInfo {
name
__typename
}
context
category
__typename
}
fragment AnomalyStatsIncidentDetailed on AnomalyStats {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment AnalystFeedback on AnalystFeedback {
verdict
severity
threatType {
name
details
recommendedAction
__typename
}
threatClassification
additionalInfo
__typename
}
fragment AnomalyEventsIncidentDetailed on AnomalyEvents {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatIncidentDetailed on Threat {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
flows {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatPreventionIncidentDetailed on ThreatPrevention {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
threatPreventionsEvents {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referrer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment NetworkXDRIncidentDetailed on NetworkXDRIncident {
__typename
storyDuration
storyType
occurrences
siteConnectionType
siteConfigLocation
acknowledged
description
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
pop
isp
hostIp
ruleName
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
incidentId
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
pop
isp
hostIp
ruleName
tunnelResetCount
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
analystFeedback {
... on AnalystFeedback {
severity
__typename
}
__typename
}
}
fragment MicrosoftEndpointIncidentDetailed on MicrosoftEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
osDetails {
... on OsDetails {
...MicrosoftEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...MicrosoftEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on MicrosoftDefenderEndpointAlert {
...StoryDetailsMicrosoftEndpointAlert
__typename
}
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment MicrosoftEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on MicrosoftEndpointUser {
...MicrosoftEndpointIncidentUserDetails
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentUserDetails on MicrosoftEndpointUser {
name
domainName
__typename
}
fragment StoryDetailsMicrosoftEndpointAlert on MicrosoftDefenderEndpointAlert {
id
title
localIp
destinationIp
destinationUrl
mitreTechnique {
id
name
__typename
}
firstActivityDateTime
lastActivityDateTime
threatName
activities {
...StoryDetailsMicrosoftEndpointActivity
__typename
}
resources {
...StoryDetailsMicrosoftEndpointResource
__typename
}
... on MicrosoftDefenderEndpointAlert {
criticality
msStatus: status
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointActivity on MicrosoftActivity {
id
resourceId
parentResourceId
action
__typename
}
fragment StoryDetailsMicrosoftEndpointResource on MicrosoftEndpointResource {
id
remediationStatus
createdDateTime
verdict
roles
...StoryDetailsMicrosoftEndpointFileResource
...StoryDetailsMicrosoftEndpointProcessResource
...StoryDetailsMicrosoftEndpointRegistryResource
__typename
}
fragment StoryDetailsMicrosoftEndpointFileResource on MicrosoftFileResource {
detectionStatus
fileDetails {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsMicrosoftEndpointProcessResource on MicrosoftProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsMicrosoftEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointUserDetails on EndpointUser {
id
... on MicrosoftEndpointUser {
userSid
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointRegistryResource on MicrosoftRegistryResource {
valueName
valueType
value
key
hive
__typename
}
fragment CatoEndpointIncidentDetailed on CatoEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
macAddress
osDetails {
... on OsDetails {
...CatoEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...CatoEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on CatoEndpointAlert {
...StoryDetailsCatoEndpointAlert
__typename
}
__typename
}
__typename
}
fragment CatoEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment CatoEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on CatoEndpointUser {
...CatoEndpointIncidentUserDetails
__typename
}
__typename
}
fragment CatoEndpointIncidentUserDetails on CatoEndpointUser {
name
__typename
}
fragment StoryDetailsCatoEndpointAlert on CatoEndpointAlert {
id
title
mitreTechnique {
id
name
__typename
}
createdDateTime
threatName
activities {
...StoryDetailsCatoEndpointActivity
__typename
}
resources {
...StoryDetailsCatoEndpointResource
__typename
}
... on CatoEndpointAlert {
criticality
catoStatus: status
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointActivity on CatoActivity {
id
resourceId
parentResourceId
__typename
}
fragment StoryDetailsCatoEndpointResource on CatoResource {
id
createdDateTime
remediationStatus
...StoryDetailsCatoEndpointFileResource
...StoryDetailsCatoEndpointProcessResource
__typename
}
fragment StoryDetailsCatoEndpointFileResource on CatoFileResource {
detectionStatus
fileDetails {
...StoryDetailsCatoEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsCatoEndpointProcessResource on CatoProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsCatoEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsCatoEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointUserDetails on EndpointUser {
id
... on CatoEndpointUser {
name
__typename
}
__typename
}
Variables
{"accountId": "123", "storyId": "abc123"}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"story": {
"playbook": null,
"incident": {
"__typename": "Threat",
"id": "abc123",
"status": "Open",
"producer": "ThreatHunt",
"ticket": null,
"connectionType": "Site",
"indication": "abc123",
"queryName": "abc123",
"criticality": 5,
"source": "abc123",
"research": false,
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T13:00:00Z",
"description": "abc123",
"site": null,
"user": null,
"srcSiteId": "123",
"flowsCardinality": 4,
"storyDuration": 14400,
"os": "OS_WINDOWS",
"deviceName": "abc123",
"macAddress": "aa:aa:11:22:33:44",
"sourceIp": "1.2.3.4",
"logonName": null,
"direction": "OUTBOUND",
"predictedVerdict": null,
"predictedThreatType": null,
"similarStoriesData": [],
"events": [],
"mitres": [],
"timeSeries": [],
"targets": [
{
"type": "domain",
"name": "123",
"analysisScore": 0.75688803,
"infectionSource": true,
"catoPopularity": -1,
"threatFeeds": 2,
"creationTime": "2023-01-10T06:16:40Z",
"categories": "abc123",
"countryOfRegistration": "CZ",
"searchHits": "123",
"engines": null,
"eventData": [],
"__typename": "IncidentTargetRep"
}
],
"flows": [
{
"appName": "http",
"clientClass": null,
"sourceIp": "11.22.33.111",
"sourcePort": 123,
"direction": "INBOUND",
"createdAt": "2024-02-29T09:45:00Z",
"referer": null,
"userAgent": null,
"method": null,
"destinationCountry": "US",
"destinationPort": 123,
"destinationIp": "11.22.33.644",
"destinationGeolocation": "11.1,22.2",
"url": null,
"tunnelGeolocation": "11.1,22.2",
"domain": "abc123",
"target": "abc123",
"httpResponseCode": null,
"dnsResponseIP": null,
"smbFileName": null,
"fileHash": null,
"ja3": null,
"__typename": "IncidentFlow"
}
],
"analystFeedback": {
"verdict": null,
"severity": null,
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null,
"__typename": "AnalystFeedbackThreatType"
},
"threatClassification": null,
"additionalInfo": null,
"__typename": "AnalystFeedback"
}
},
"__typename": "Story",
"id": "abc123",
"summary": "abc123",
"updatedAt": "2024-03-27T08:32:44Z",
"createdAt": "2024-03-27T08:22:51Z",
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"type": "Diff",
"descriptions": ["abc123"],
"additionalInfo": null,
"analystInfo": null,
"context": "Story created",
"category": null,
"__typename": "TimelineItem"
}
]
}
}
}
}
Mutations
AccountManagementMutations
addAccount
Description
Add a new account
Response
Returns an AccountInfo
Arguments
| Name | Description |
|---|---|
input - AddAccountInput!
|
Example
Query
mutation addAccount($accountId:ID!, $input:AddAccountInput!) {
accountManagement(accountId: $accountId) {
addAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"name": "account_name",
"tenancy": "SINGLE_TENANT",
"type": "CUSTOMER",
"description": "account description",
"timezone": "Australia/ACT"
}
}
Response
{
"data": {
"accountManagement": {
"addAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
removeAccount
Description
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
Response
Returns a RemoveAccountPayload
Arguments
| Name | Description |
|---|---|
accountId - ID!
|
Example
Query
mutation removeAccount($parentAccountId:ID!, $accountId:ID!) {
accountManagement(accountId: $parentAccountId) {
removeAccount(accountId: $accountId) {
accountInfo {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
}
Variables
{"parentAccountId": "123", "accountId": "456"}
Response
{
"data": {
"accountManagement": {
"removeAccount": {
"accountInfo": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
}
updateAccount
Description
Update existing account attributes
Response
Returns an AccountInfo
Arguments
| Name | Description |
|---|---|
input - UpdateAccountInput!
|
Example
Query
mutation updateAccount($accountId:ID!, $input:UpdateAccountInput!) {
accountManagement(accountId: $accountId) {
updateAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456", "input": {"description": "new account description"}}
Response
{
"data": {
"accountManagement": {
"updateAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AdminMutations
addAdmin
Response
Returns an AddAdminPayload
Arguments
| Name | Description |
|---|---|
input - AddAdminInput!
|
Example
Query
mutation addAdmin($accountId:ID!, $input: AddAdminInput!) {
admin(accountId:$accountId) {
addAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"passwordNeverExpires": false,
"mfaEnabled": true,
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addAdmin": {"adminID": "456"}}}}
removeAdmin
Response
Returns a RemoveAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
Example
Query
mutation removeAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeAdmin": {"adminID": "456"}}}}
updateAdmin
Response
Returns an UpdateAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
|
input - UpdateAdminInput!
|
Example
Query
mutation updateAdmin($accountId:ID!, $adminID:ID!, $input: UpdateAdminInput!){
admin(accountId:$accountId) {
updateAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"managedRoles": [
{"role": {"id": 1, "name": "Editor"}},
{"role": {"id": 2, "name": "Viewer"}}
]
}
}
Response
{"data": {"admin": {"updateAdmin": {"adminID": "456"}}}}
AppTenantRestrictionPolicyMutations
addRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
severity: MEDIUM
action: INJECT_HEADERS
application: {
input:"hibob"
by: ID
}
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
headers: [{
name: "headerName"
value: "headerValue"
}]
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addSection": {
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "276f34f3-197d-41ec-8d3d-de34bc703da9",
"createdTime": "2024-12-15T13:25:34.774",
"updatedTime": "2024-12-15T13:25:34.774"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "58dc4161-77bb-4866-a2c8-3eed554158f7"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveSection(input: {
id: "0f61ccb5-1912-4bc0-ade6-06fc684b561f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
}
}
}
}
}
}
ContainerMutations
delete
Beta
Response
Returns a DeleteContainerPayload!
Arguments
| Name | Description |
|---|---|
input - DeleteContainerInput!
|
Example
Query
mutation removeValuesFqdnContainer($accountId:ID!, $input:DeleteContainerInput!) {
container(accountId: $accountId) {
delete(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"delete": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
FqdnContainerMutations
addValues
Beta
Response
Returns a FqdnContainerAddValuesPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerAddValuesInput!
|
Example
Query
mutation addValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerAddValuesInput!) {
container(accountId: $accountId) {
fqdn {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"addValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Returns a CreateFqdnContainerFromFilePayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromFileInput!
|
Example
Query
mutation createFqdnContainerFromFile($accountId:ID!, $input:CreateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns a FqdnContainerRemoveValuesPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerRemoveValuesInput!) {
container(accountId: $accountId) {
fqdn {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"removeValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Returns an UpdateFqdnContainerFromFilePayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromFileInput!
|
Example
Query
mutation updateFqdnContainerFromFile($accountId:ID!, $input:UpdateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
IpAddressRangeContainerMutations
addValues
Beta
Response
Returns an IpAddressRangeContainerAddValuesPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerAddValuesInput!
|
Example
Query
mutation addValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerAddValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"addValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation createIpAddressRangeContainerFromFile($accountId:ID!, $input:CreateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns an IpAddressRangeContainerRemoveValuesPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerRemoveValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"removeValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromFile($accountId:ID!, $input:UpdateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
DynamicIpAllocationPolicyMutations
addRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example description"
range: {
globalIpRange:{
by: NAME
input: "12.22.18.0/24"
}
}
}
})
{
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "ce815213-ec04-435a-8bf9-3ef5ada025e6",
"createdTime": "2024-09-25T14:31:07.605",
"updatedTime": "2024-09-25T14:31:07.605"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveRule(input: {
id: "3c345055-4f14-48dc-ab8c-5b5db9d778fc"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
publishPolicyRevision(input: {
name: "IT Group SDP Users Dynamic IP Allocation Example"
description : "Allocate Dynamic IP range for IT group Example"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeRule(input: {
id: "60ba1383-04ce-4a1f-8c61-5e5a3c2eabb1"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateRule(input: {
id: "2c25bae8-f787-4098-b3c2-6057e5fe8537"
rule: {
name: "Updated Rule Name Example"
}
}) {
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Updated rule name",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateSection(input: {
id: "54a367d6-75da-4399-bc03-65170ea97d3f"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "New section"
}
}
}
}
}
}
}
HardwareMutations
updateHardwareShipping
Beta
Description
Set Shipping details for a list of hardware
Response
Returns a HardwarePayload
Arguments
| Name | Description |
|---|---|
input - UpdateHardwareShippingInput!
|
Example
Query
mutation hardware($accountID:ID!, $input: UpdateHardwareShippingInput!) {
hardware(accountId:$accountID) {
updateHardwareShipping(input: $input
){
items{
id
}
}
}
}
Variables
{
"accountID": "26361",
"input": {
"ids": ["4749add2-b6f4-45cf-8b04-41e83ccaed20"],
"details": {
"powerCable": "US",
"details": {
"address": {
"companyName": "Angelina",
"street": "226 rue de rivoli",
"cityName": "paris",
"countryName": "France",
"zipCode": "75003"
},
"contact": {
"name": "Laith",
"phone": "0567476293",
"email": "laith.abukhaizaran@catonetworks.com"
}
}
}
}
}
Response
{
"data": {
"hardware": {
"updateHardwareShipping": {
"items": [{"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}]
}
}
}
}
InternetFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
action: ALLOW
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "ALLOW"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSection": {
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create the policy revision. Create a new empty policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "c15811b4-1e43-44ea-a132-6d1a73cb7f8d",
"createdTime": "2024-07-18T21:49:58.116",
"updatedTime": "2024-07-18T21:49:58.116"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "106ee457-4406-4ea4-a163-36aa247de48f"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section with system rules cannot be moved or removed",
"errorCode": "sectionSystemMove"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing rule from the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeSection": {"status": "FAILURE"}}}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
}
}
}
}
}
RemotePortFwdPolicyMutations
addRule
Beta
Description
Add a new port forwarding rule to enable remote access to internal services.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addRule(input: {
rule: {
enabled: true,
name: "RPF Rule",
description: "RPF Rule",
forwardIcmp: false,
externalIp: {
by: ID,
input: "26270"
},
externalPortRange: {
from: 8095,
to: 8095
},
internalIp: "1.1.1.1",
internalPortRange: {
from: 8095,
to: 8095
},
remoteIPs: {
ip: [
"8.8.8.8"
]
},
restrictionType: ALLOW_LIST
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
enabled
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"forwardIcmp": false,
"externalIp": {
"id": "26270",
"name": "exaltsimu_test_4 - 198.20.1.16"
},
"externalPortRange": {"from": 8095, "to": 8095},
"internalIp": "1.1.1.1",
"internalPortRange": {"from": 8095, "to": 8095},
"remoteIPs": {"ip": ["8.8.8.8"]}
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addSection": {
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create a new empty policy revision for port forwarding rules.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "b8305755-fe19-4868-9962-dff25687e722",
"createdTime": "2024-11-19T16:11:21.338",
"updatedTime": "2024-11-19T16:11:21.338"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this revision are discarded and the revision is deleted.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the priority/position of an existing port forwarding rule.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "d22ece52-f1cb-46c4-b3d5-367125bebb37"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
publishPolicyRevision(input: {
name: "NA sites"
description : "Allow traffic for North America sites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing port forwarding rule from the policy.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"remotePortFwd": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"remotePortFwd": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Description
Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing port forwarding rule configuration.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
rule: {
internalIp: "10.0.0.1",
}
}) {
status
rule {
rule {
id
name
enabled
description
internalIp
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"internalIp": "10.0.0.1"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
SandboxMutations
Description
Delete a sandbox report
Response
Returns a DeleteReportPayload!
Arguments
| Name | Description |
|---|---|
input - DeleteReportInput!
|
Example
Query
mutation sandboxReports($accountId: ID!, $input: DeleteReportInput!) {
sandbox(accountId: $accountId) {
deleteReport(input: $input) {
fileHash
}
}
}
Variables
{"accountId": 12345, "input": {"fileHash": "FILE_HASH"}}
Response
{"data": {"sandbox": {"deleteReport": {"fileHash": "FILE_HASH"}}}}
Description
Upload a file for sandbox analysis
Response
Returns an UploadFilePayload!
Arguments
| Name | Description |
|---|---|
input - UploadFileInput!
|
Example
Query
mutation sandboxReports($accountId: ID!, $input: UploadFileInput!) {
sandbox(accountId: $accountId) {
uploadFile(input: $input) {
uploadUrl
}
}
}
Variables
{"accountId": 12345, "input": {"fileName": "eicar.zip"}}
Response
{"data": {"sandbox": {"uploadFile": {"uploadUrl": "UPLOAD_URL"}}}}
SiteMutations
addBgpPeer
Beta
Description
Adds a new BGP peer to the specified site.
Response
Returns an AddBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - AddBgpPeerInput!
|
Example
Query
mutation addBgpPeer($accountId: ID!, $input: AddBgpPeerInput!) {
site(accountId: $accountId) {
addBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"site": {"input": "456", "by": "ID"},
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"tracking": {
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
Response
{
"data": {
"site": {
"addBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3830",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1689",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
addCloudInterconnectPhysicalConnection
Beta
Description
Add a new physical connection to a cloud interconnect site.Either connect to a partner, or a non-supported public provider
Response
Arguments
| Name | Description |
|---|---|
input - AddCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation addCloudInterconnectPhysicalConnection($accountId: ID!, $input: AddCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
addCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {
"site": {"by": "ID", "input": "400957"},
"haRole": "PRIMARY",
"popLocation": {"input": "10000", "by": "ID"},
"serviceProviderName": "Equinix",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": "100",
"downstreamBwLimit": "100"
}
}
Response
{
"data": {
"site": {
"addCloudInterconnectPhysicalConnection": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
addCloudInterconnectSite
Beta
Description
Add a new cloud interconnect site.
Response
Returns an AddCloudInterconnectSitePayload
Arguments
| Name | Description |
|---|---|
input - AddCloudInterconnectSiteInput!
|
Example
Query
mutation addCloudInterconnectSite($accountId: ID!, $input: AddCloudInterconnectSiteInput!){
site(accountId: $accountId) {
addCloudInterconnectSite( input: $input){
siteId
}
}
}
Variables
{
"accountId": 128782,
"input": {
"name": "cloud_interconnect_test_site",
"siteType": "BRANCH",
"description": "test description",
"siteLocation": {
"countryCode": "AF",
"timezone": "Asia/Kabul",
"city": "‘Alāqahdārī Aṯghar"
}
}
}
Response
{"data": {"site": {"addCloudInterconnectSite": {"siteId": "400957"}}}}
addIpsecIkeV2Site
Beta
Response
Returns an AddIpsecIkeV2SitePayload
Arguments
| Name | Description |
|---|---|
input - AddIpsecIkeV2SiteInput!
|
Example
Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
site(accountId:$accountId) {
addIpsecIkeV2Site(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"vlan": 1400,
"siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
}
}
Response
{"data": {"site": {"addIpsecIkeV2Site": {"siteId": "456"}}}}
addIpsecIkeV2SiteTunnels
Beta
Response
Returns an AddIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - AddIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"publicSiteIp": "10.10.10.1",
"privateCatoIp": "1.1.1.12",
"privateSiteIp": "1.1.1.13",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"publicSiteIp": "20.20.20.1",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"site": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
addNetworkRange
Response
Returns an AddNetworkRangePayload
Arguments
| Name | Description |
|---|---|
lanSocketInterfaceId - ID!
|
|
input - AddNetworkRangeInput!
|
Example
Query
mutation addNetworkRange(
$accountId:ID!,
$lanSocketInterfaceId: ID!,
$input:AddNetworkRangeInput!
) {
site(accountId:$accountId){
addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
networkRangeId
}
}
}
Variables
{
"accountId": "123",
"lanSocketInterfaceId": "456",
"input": {
"name": "Printers",
"rangeType": "Routed",
"subnet": "123.0.1.0/30",
"gateway": "123.0.0.2"
}
}
Response
{"data": {"site": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
addSecondaryAwsVSocket
Beta
Description
Add a secondary AWS vSocket to an existing site
Response
Returns an AddSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryAwsVSocketInput!
|
Example
Query
mutation addSecondaryAwsVSocket($accountId:ID!, $input:AddSecondaryAwsVSocketInput!){
site(accountId:$accountId) {
addSecondaryAwsVSocket(input:$input) {
id
}
}
}
Variables
{
"accountId": "143762",
"input": {
"site": {"by": "ID", "input": "400353"},
"eniIpAddress": "11.22.34.50",
"eniIpSubnet": "11.22.34.0/24",
"routeTableId": "123"
}
}
Response
{"data": {"site": {"addSecondaryAwsVSocket": {"id": "NDAwOTU3LVBSSU1BUlk="}}}}
addSecondaryAzureVSocket
Beta
Description
Add a secondary Azure vSocket to an existing site
Response
Returns an AddSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryAzureVSocketInput!
|
Example
Query
mutation addSecondaryAzureVSocket($accountId:ID!, $input:AddSecondaryAzureVSocketInput!){
site(accountId:$accountId) {
addSecondaryAzureVSocket(input:$input) {
id
}
}
}
Variables
{
"accountId": "143762",
"input": {
"site": {"by": "ID", "input": "400353"},
"interfaceIp": "20.0.0.57",
"floatingIp": "20.0.0.17"
}
}
Response
{"data": {"site": {"addSecondaryAzureVSocket": {"id": "627135"}}}}
addSocketSite
Response
Returns an AddSocketSitePayload
Arguments
| Name | Description |
|---|---|
input - AddSocketSiteInput!
|
Example
Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
site(accountId:$accountId) {
addSocketSite(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"connectionType": "SOCKET_X1700",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"vlan": 1400,
"siteLocation": {
"countryCode": "IL",
"timezone": "Asia/Jerusalem",
"city": "Asheklon"
}
}
}
Response
{"data": {"site": {"addSocketSite": {"siteId": "456"}}}}
addStaticHost
Response
Returns an AddStaticHostPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - AddStaticHostInput!
|
Example
Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
site(accountId:$accountId){
addStaticHost(siteId:$siteId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"site": {"addStaticHost": {"hostId": "789"}}}}
removeBgpPeer
Beta
Description
Removes an existing BGP peer configuration from a site.
Response
Returns a RemoveBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - RemoveBgpPeerInput!
|
Example
Query
mutation removeBgpPeer($accountId: ID!, $input: RemoveBgpPeerInput!) {
site(accountId: $accountId) {
removeBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"id": "13372"}}
Response
{
"data": {
"site": {
"removeBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3832",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1691",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
removeCloudInterconnectPhysicalConnection
Beta
Description
Remove a physical connection from a cloud interconnect site.
Response
Arguments
| Name | Description |
|---|---|
input - RemoveCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation removeCloudInterconnectPhysicalConnection($accountId: ID!, $input: RemoveCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
removeCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"removeCloudInterconnectPhysicalConnection": {
"id": "NDAwOTU3LVBSSU1BUlk="
}
}
}
}
removeIpsecIkeV2SiteTunnels
Beta
Response
Returns a RemoveIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - RemoveIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation removeIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: RemoveIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
removeIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"tunnelId": "PRIMARY1"}}
Response
{"data": {"site": {"removeIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
removeNetworkRange
Response
Returns a RemoveNetworkRangePayload
Arguments
| Name | Description |
|---|---|
networkRangeId - ID!
|
Example
Query
mutation removeNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
) {
site(accountId:$accountId){
removeNetworkRange(networkRangeId:$networkRangeId){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"site": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
removeSite
Response
Returns a RemoveSitePayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
Example
Query
mutation removeSite($accountId:ID!, $siteId:ID!){
site(accountId:$accountId) {
removeSite(siteId:$siteId) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"site": {"removeSite": {"siteId": "456"}}}}
removeStaticHost
Response
Returns a RemoveStaticHostPayload
Arguments
| Name | Description |
|---|---|
hostId - ID!
|
Example
Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
site(accountId:$accountId){
removeStaticHost(hostId:$hostId){
hostId
}
}
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"site": {"removeStaticHost": {"hostId": "789"}}}}
updateBgpPeer
Beta
Description
Updates an existing BGP peer configuration.
Response
Returns an UpdateBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - UpdateBgpPeerInput!
|
Example
Query
mutation updateBgpPeer($accountId: ID!, $input: UpdateBgpPeerInput!) {
site(accountId: $accountId) {
updateBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"tracking": {
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
Response
{
"data": {
"site": {
"updateBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3832",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1691",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
updateCloudInterconnectPhysicalConnection
Beta
Description
Update an existing physical connection at a cloud interconnect site.
Response
Arguments
| Name | Description |
|---|---|
input - UpdateCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation updateCloudInterconnectPhysicalConnection($accountId: ID!, $input: UpdateCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
updateCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {
"id": "NDAwOTU3LVBSSU1BUlk=",
"popLocation": {"input": "10005", "by": "ID"},
"serviceProviderName": "QnQPort",
"encapsulationMethod": "QINQ",
"subnet": "186.0.2.0/24",
"privateCatoIp": "186.0.2.19",
"privateSiteIp": "186.0.2.20",
"upstreamBwLimit": "30",
"downstreamBwLimit": "10"
}
}
Response
{
"data": {
"site": {
"updateCloudInterconnectPhysicalConnection": {
"id": "NDAwOTU3LVBSSU1BUlk="
}
}
}
}
updateHa
Response
Returns an UpdateHaPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateHaInput!
|
Example
Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
site(accountId:$accountId){
updateHa(siteId:$siteId, input:$input){
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primaryManagementIp": "123.0.0.231",
"secondaryManagementIp": "123.0.0.232",
"vrid": 123
}
}
Response
{"data": {"site": {"updateHa": {"siteId": "456"}}}}
updateIpsecIkeV2SiteGeneralDetails
Beta
Response
Returns an UpdateIpsecIkeV2SiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
site(accountId: $accountId) {
updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"connectionMode": "RESPONDER_ONLY",
"identificationType": "FQDN",
"initMessage": {
"cipher": "AUTOMATIC",
"dhGroup": "DH_15_MODP3072",
"integrity": "SHA256",
"prf": "SHA256"
},
"authMessage": {
"cipher": "AES_GCM_256",
"dhGroup": "DH_16_MODP4096",
"integrity": "AUTOMATIC"
},
"networkRanges": "Service1:100.100.100.0/24"
}
}
Response
{"data": {"site": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}
updateIpsecIkeV2SiteTunnels
Beta
Response
Returns an UpdateIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"tunnelId": "PRIMARY1",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"tunnelId": "SECONDARY1",
"publicSiteIp": "20.20.20.2",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"site": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
updateNetworkRange
Response
Returns an UpdateNetworkRangePayload
Arguments
| Name | Description |
|---|---|
networkRangeId - ID!
|
|
input - UpdateNetworkRangeInput!
|
Example
Query
mutation updateNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
$input:UpdateNetworkRangeInput!
) {
site(accountId:$accountId){
updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"site": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
updateSiteGeneralDetails
Response
Returns an UpdateSiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateSiteGeneralDetailsInput!
|
Example
Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
site(accountId: $accountId){
updateSiteGeneralDetails(siteId:$siteId, input:$input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"site": {"updateSiteGeneralDetails": {"siteId": "456"}}}}
updateSocketInterface
Response
Returns an UpdateSocketInterfacePayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
|
input - UpdateSocketInterfaceInput!
|
Example
Query
mutation updateSocketInterface(
$accountId:ID!,
$siteId: ID!,
$socketInterfaceId: SocketInterfaceIDEnum!,
$input:UpdateSocketInterfaceInput!
) {
site(accountId:$accountId){
updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
siteId
socketInterfaceId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"socketInterfaceId": "INT_1",
"input": {
"destType": "CATO",
"bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
}
}
Response
{
"data": {
"site": {
"updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
}
}
}
updateStaticHost
Response
Returns an UpdateStaticHostPayload
Arguments
| Name | Description |
|---|---|
hostId - ID!
|
|
input - UpdateStaticHostInput!
|
Example
Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
site(accountId:$accountId){
updateStaticHost(hostId:$hostId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"hostId": "789",
"input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"site": {"updateStaticHost": {"hostId": "789"}}}}
SocketLanPolicyMutations
addRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanAddRuleInput!
|
Example
Query
mutation socketLanAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
addRule(input: {
rule: {
name: "My LAN Network Rule Name",
description: "Network Rule Description",
enabled: true,
site: {
site: [],
group: []
},
source: {
vlan: [2],
ip: ["192.0.0.1"]
},
direction: TO,
destination: {},
service: {
simple: [
{
name: FTP
}
],
custom: []
},
nat: {
enabled: false
},
transport: LAN
},
at: {
position: FIRST_IN_POLICY
}
}) {
rule {
rule {
id
name
description
enabled
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"addRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"name": "My LAN Network Rule Name",
"description": "Network Rule Description",
"enabled": true,
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation socketLanAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"addSection": {
"section": {
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateSocketLanRevision($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
createPolicyRevision(input: {
name: "Socket LAN Test Revision",
description: "Testing working with multiple LAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple LAN firewall revisions",
"name": "Socket LAN Test Revision",
"id": "0fa5ab9f-1df2-4fc6-9a4a-1305627f750f",
"createdTime": "2025-02-24T22:05:04.861",
"updatedTime": "2025-02-24T22:05:04.861"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation socketLanDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"socketLan": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation socketLanMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
moveRule(input: {
id: "dc4045a0-d9d2-43e6-b025-474150600465",
to: {
position: FIRST_IN_POLICY
}
}) {
rule {
rule {
id
section {
id
name
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"moveRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation socketLanAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
moveSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa"
to: {
position: LAST_IN_POLICY
}
}) {
section {
properties
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"moveSection": {
"section": {
"properties": ["MOVED"],
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation socketLanPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
publishPolicyRevision(input: {}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"publishPolicyRevision": {"errors": [], "status": "SUCCESS"}
}
}
}
}
removeRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanRemoveRuleInput!
|
Example
Query
mutation socketLanRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
removeRule(input: {
id: "dc4045a0-d9d2-43e6-b025-474150600465"
}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"socketLan": {"removeRule": {"errors": [], "status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation socketLanRemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
removeSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa"
}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {"removeSection": {"errors": [], "status": "SUCCESS"}}
}
}
}
updatePolicy
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanPolicyUpdateInput!
|
Example
Query
mutation UpdateSocketLanPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanUpdateRuleInput!
|
Example
Query
mutation socketLanUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updateRule(input: {
rule: {
name: "LAN Network Rule Name",
description: "LAN Network Rule Description",
enabled: true,
site: {
site: [],
group: []
},
source: {
vlan: [2],
},
direction: BOTH,
destination: {},
service: {
simple: [],
custom: []
},
nat: {
enabled: false
},
transport: LAN
},
id: "dc4045a0-d9d2-43e6-b025-474150600465"
}
) {
rule {
rule {
id
name
description
enabled
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updateRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"name": "LAN Network Rule Name",
"description": "LAN Network Rule Description",
"enabled": true,
"direction": "BOTH"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation socketLanUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updateSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
section: {
name: "My new section name"
}
}) {
section {
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updateSection": {
"section": {
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
SocketLanFirewallPolicyMutations
addRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallAddRuleInput!
|
Example
Query
mutation socketLanFirewallAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
addRule(input: {
rule: {
name: "My Firewall Sub Rule",
description: "My firewall sub rule",
enabled: true,
source: {},
direction: TO,
destination: {},
application: {},
service: {
simple: [
{
name: FTP
}
],
standard: [],
custom: []
},
action: BLOCK,
tracking: {
event: {
enabled: false
},
alert: {
enabled: false,
frequency: HOURLY,
mailingList: [],
subscriptionGroup: [],
webhook: []
}
}
},
at: {
position: LAST_IN_RULE,
ref: "dc4045a0-d9d2-43e6-b025-474150600465"
}
}) {
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"addRule": {
"rule": {
"rule": {
"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
"name": "My Firewall Sub Rule",
"description": "My firewall sub rule",
"enabled": true,
"source": {"ip": [], "subnet": []},
"destination": {"ip": [], "subnet": []},
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
moveRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSubRuleInput!
|
Example
Query
mutation socketLanFirewallMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
moveRule(input: {
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
to: {
position: FIRST_IN_RULE,
ref: "dc4045a0-d9d2-43e6-b025-474150600465"
}
}
) {
rule {
rule {
id
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"moveRule": {
"rule": {"rule": {"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb"}},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
removeRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallRemoveRuleInput!
|
Example
Query
mutation socketLanFirewallRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
removeRule(input: {
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb"
}
) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {"removeRule": {"errors": [], "status": "SUCCESS"}}
}
}
}
}
updateRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallUpdateRuleInput!
|
Example
Query
mutation socketLanFirewallUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
updateRule(input: {
rule: {
name: "Socket LAN Firewall Sub Rule 5",
description: "",
enabled: true,
source: {
vlan: [],
mac: [],
ipRange: [],
group: [],
subnet: [],
site: [],
networkInterface: [],
systemGroup: [],
host: [],
ip: [],
globalIpRange: [],
floatingSubnet: [],
siteNetworkSubnet: []
},
direction: TO,
destination: {
vlan: [],
ipRange: [],
subnet: [],
site: [],
networkInterface: [],
systemGroup: [],
host: [],
ip: [],
globalIpRange: [],
group: [],
floatingSubnet: [],
siteNetworkSubnet: []
},
application: {
application: [],
customApp: [],
fqdn: [],
domain: [],
ipRange: [],
ip: [],
subnet: [],
globalIpRange: []
},
service: {
simple: [],
standard: [],
custom: []
},
action: BLOCK,
tracking: {
event: {
enabled: false
},
alert: {
enabled: false,
frequency: HOURLY,
mailingList: [],
subscriptionGroup: [],
webhook: []
}
}
},
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb"
}) {
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"updateRule": {
"rule": {
"rule": {
"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
"name": "Socket LAN Firewall Sub Rule 5",
"description": "",
"enabled": true,
"source": {"ip": [], "subnet": []},
"destination": {"ip": [], "subnet": []},
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
WanFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallAddRuleInput!
|
Example
Query
mutation AddWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addRule(input: {
rule: {
enabled: true,
name: "WAN Example Rule",
description: "WAN Example description",
source: {
ip: ["192.0.2.1", "198.51.100.1"],
subnet: ["10.0.0.0/24"]
},
destination: {
ip: ["203.0.113.1"],
subnet: ["172.16.0.0/24"]
},
action: BLOCK,
direction: TO
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "WAN Example Rule",
"description": "WAN Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/24"]
},
"action": "BLOCK",
"direction": "TO"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addSection": {
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanFirewallRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
createPolicyRevision(input: {
name: "WAN Test Revision",
description: "Testing working with multiple WAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN firewall revisions",
"name": "WAN Test Revision",
"id": "6a496eda-b7c1-455e-820e-e839a0dcd2c0",
"createdTime": "2024-09-10T09:21:37.208",
"updatedTime": "2024-09-10T09:21:37.208"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"section": {"id": "363808", "name": "Example Wan Section"}
}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# PublishWanFirewallPolicy.graphql
mutation PublishWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update access rules for remote offices"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Description
Remove an existing rule from the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdateWanFirewallPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
rule: {
enabled: true,
name: "Updated WAN Rule",
description: "Updated WAN description",
source: {
ip: ["192.0.2.2"]
},
destination: {
subnet: ["172.16.0.0/16"]
},
action: ALLOW,
direction: BOTH
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "Updated WAN Rule",
"description": "Updated WAN description",
"enabled": true,
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/16"]
},
"action": "ALLOW",
"direction": "BOTH"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781",
section: {
name: "updated WAN section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
WanNetworkPolicyMutations
addRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkAddRuleInput!
|
Example
Query
mutation wanNetworkAddRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
addRule(input: {
rule: {
enabled: true,
name: "my WAN network rule",
description: "my WAN network rule description example",
bandwidthPriority: {
input: "-1",
by: ID
},
ruleType: INTERNET,
configuration: {
primaryTransport: {
transportType: WAN,
primaryInterfaceRole: WAN1,
secondaryInterfaceRole: WAN2
},
activeTcpAcceleration: true,
packetLossMitigation: false,
preserveSourcePort: false
}
},
at: {
position: LAST_IN_POLICY
}
}) {
rule {
rule {
id
enabled
name
description
bandwidthPriority {
id
}
ruleType
configuration {
primaryTransport {
transportType
primaryInterfaceRole
secondaryInterfaceRole
}
activeTcpAcceleration
packetLossMitigation
preserveSourcePort
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"addRule": {
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"enabled": true,
"name": "my WAN network rule",
"description": "my WAN network rule description example",
"bandwidthPriority": {"id": "-1"},
"ruleType": "INTERNET",
"configuration": {
"primaryTransport": {
"transportType": "WAN",
"primaryInterfaceRole": "WAN1",
"secondaryInterfaceRole": "WAN2"
},
"activeTcpAcceleration": true,
"packetLossMitigation": false,
"preserveSourcePort": false
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation wanNetworkAddSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"addSection": {
"section": {
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanNetworkRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
createPolicyRevision(input: {
name: "WAN network Test Revision",
description: "Testing working with multiple WAN network revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN network revisions",
"name": "WAN network Test Revision",
"id": "fa62d870-ccc6-45e1-af66-bf78c29bee68",
"createdTime": "2025-03-03T08:58:52.707",
"updatedTime": "2025-03-03T08:58:52.707"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanNetworkPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanNetwork": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation wanNetworkMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
moveRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"section": {
"id": "52bd561b-2877-4941-a3d0-5c7219e8e7b7",
"name": "Wan network example section"
}
}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation wanNetworkMoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
moveSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# wanNetworkPublishPolicy.graphql
mutation wanNetworkPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update network rules"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanNetwork": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkRemoveRuleInput!
|
Example
Query
mutation wanNetworkRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
removeRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanNetwork": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation wanNetworkDeleteSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
removeSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanNetwork": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkPolicyUpdateInput!
|
Example
Query
mutation UpdateWanNetworkPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkUpdateRuleInput!
|
Example
Query
mutation wanNetworkUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updateRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237",
rule: {
enabled: true,
name: "Update my WAN network rule example",
description: "Updated my WAN network rule description example",
bandwidthPriority: {
input: "1436786",
by: ID
},
ruleType: INTERNET,
configuration: {
primaryTransport: {
transportType: WAN,
primaryInterfaceRole: WAN1,
secondaryInterfaceRole: WAN2
},
activeTcpAcceleration: true,
packetLossMitigation: false,
preserveSourcePort: false
}
}
}) {
rule {
rule {
id
enabled
name
description
bandwidthPriority {
id
}
ruleType
configuration {
primaryTransport {
transportType
primaryInterfaceRole
secondaryInterfaceRole
}
activeTcpAcceleration
packetLossMitigation
preserveSourcePort
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updateRule": {
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"enabled": true,
"name": "Update my WAN network rule example",
"description": "Updated my WAN network rule description example",
"bandwidthPriority": {"id": "1436786"},
"ruleType": "INTERNET",
"configuration": {
"primaryTransport": {
"transportType": "WAN",
"primaryInterfaceRole": "WAN1",
"secondaryInterfaceRole": "WAN2"
},
"activeTcpAcceleration": true,
"packetLossMitigation": false,
"preserveSourcePort": false
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation wanNetworkUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updateSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3",
section: {
name: "updated WAN network section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
}
}
}
}
}
}
XdrMutations
addStoryComment
Beta
Description
Post comments that help track the story investigation
Response
Returns an AddStoryCommentPayload
Arguments
| Name | Description |
|---|---|
input - AddStoryCommentInput!
|
Example
Query
mutation addStoryComment(
$accountId: ID!,
$input: AddStoryCommentInput!) {
xdr(accountId: $accountId) {
addStoryComment(
input: $input) {
comment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {"storyId": "012345678901234567890123", "text": "This is a comment"}
}
Response
{
"data": {
"xdr": {
"addStoryComment": {
"comment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-01-01T00:00:00Z",
"text": "This is a comment",
"actor": {"id": 1, "name": "Actor1", "__typename": "AdminRef"}
}
}
}
}
}
analystFeedback
Beta
Description
Manage Story Actions, such as the story Verdict, Type, and Classification. You can also enter Additional Info that is relevant to the story.
Response
Returns an AnalystFeedbackPayload
Arguments
| Name | Description |
|---|---|
input - AnalystFeedbackInput!
|
Example
Query
mutation analystFeedback(
$accountId: ID!,
$input: AnalystFeedbackInput!) {
xdr(accountId: $accountId) {
analystFeedback(
input: $input) {
story {
id
accountId
analystName
analystEmail
accountName
updatedAt
createdAt
summary
incident {
id
firstSignal
lastSignal
engineType
vendor
producer
producerName
connectionType
indication
queryName
criticality
source
ticket
status
research
storyDuration
description
sourceIp
analystFeedback {
verdict
severity
threatType {
name
recommendedAction
details
}
threatClassification
additionalInfo
}
site {
id
name
}
user {
id
name
}
predictedVerdict
predictedThreatType
}
timeline {
createdAt
description
context
type
descriptions
category
additionalInfo
analystInfo {
name
email
}
}
playbook
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"verdict": "Suspicious",
"severity": "High",
"threatType": {
"name": "threatTypeName",
"recommendedAction": "recommendedAction",
"details": "details"
},
"threatClassification": "threatClassification",
"additionalInfo": "additionalInfo",
"status": "Open"
}
}
Response
{
"data": {
"xdr": {
"analystFeedback": {
"id": "012345678901234567890123",
"accountId": "123",
"analystName": "analystName",
"analystEmail": "analyst@email.com",
"accountName": "accountName",
"updatedAt": "2024-02-29T09:00:00Z",
"createdAt": "2024-02-29T09:00:00Z",
"playbook": null,
"summary": "summary",
"incident": {
"__typename": "Threat",
"id": "id",
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T09:00:00Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyStats",
"producerName": "producerName",
"connectionType": "Site",
"indication": "indication",
"queryName": "queryName",
"criticality": 1,
"source": "source",
"ticket": null,
"status": "Open",
"research": false,
"siteName": "siteName",
"storyDuration": 1000,
"description": "description",
"sourceIp": "1.2.3.4",
"analystFeedback": {
"verdict": "Suspicious",
"severity": "High",
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null
},
"threatClassification": null,
"additionalInfo": null
},
"site": {"id": "id", "name": "name"},
"user": {"id": "id", "name": "name"},
"predictedVerdict": null,
"predictedThreatType": null
},
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"description": "description",
"context": "Story created",
"type": "Diff",
"descriptions": [],
"category": null,
"additionalInfo": null,
"analystInfo": {"name": "name", "email": "email@email.com"}
}
]
}
}
}
}
deleteStoryComment
Beta
Description
Delete a previously posted comment using the comment ID.
Response
Returns a DeleteStoryCommentPayload
Arguments
| Name | Description |
|---|---|
input - DeleteStoryCommentInput!
|
Example
Query
mutation deleteStoryComment(
$accountId: ID!,
$input: DeleteStoryCommentInput!) {
xdr(accountId: $accountId) {
deleteStoryComment(
input: $input) {
comment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"commentId": "01234567-0123-0123-0123-012345678901"
}
}
Response
{
"data": {
"xdr": {
"deleteStoryComment": {
"comment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-01-01T00:00:00Z",
"text": "This is a comment",
"actor": {"id": 1, "name": "Actor1", "__typename": "AdminRef"}
}
}
}
}
}
Types
AccountAuditData
AccountDataPayload
AccountFilter
BetaFields
| Input Field | Description |
|---|---|
accountInclusion - AccountInclusion
|
|
in - [ID!]
|
Example
{"accountInclusion": "ALL_ACCOUNTS", "in": [4]}
AccountIdPredicate
BetaAccountInclusion
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALL_ACCOUNTS"
AccountInfo
Fields
| Field Name | Description |
|---|---|
audit - AccountAuditData!
|
Audit data for the account |
description - String
|
User-defined information as defined by an account admin |
id - ID!
|
The ID of the account |
name - String!
|
The name of the account |
tenancy - AccountTenancy!
|
The account tenancy e.g. single-tenant / multi-tenant |
timeZone - TimeZone!
|
The time zone of the account. Default: UTC (GMT + 0). |
type - AccountProfileType!
|
The account type e.g. Partner or Customer |
Example
{
"audit": AccountAuditData,
"description": "xyz789",
"id": "4",
"name": "abc123",
"tenancy": "MULTI_TENANT",
"timeZone": "Etc/UTC",
"type": "CUSTOMER"
}
AccountMetrics
Fields
| Field Name | Description |
|---|---|
from - DateTime
|
Starting time |
granularity - Int
|
The size of a single time bucket in seconds |
id - ID
|
Unique Identifier of Account. |
sites - [SiteMetrics!]
|
Site connectivity metrics for the requested sites. |
Arguments
|
|
timeseries - [Timeseries!]
|
|
Arguments
|
|
to - DateTime
|
Ending time |
users - [SiteMetrics!]
|
Connectivity metrics for the requested users connecting remotely with the Client. Doesn’t include user traffic behind a site. |
Arguments
|
|
Example
{
"from": "2007-12-03T10:15:30Z",
"granularity": 987,
"id": 4,
"sites": [SiteMetrics],
"timeseries": [Timeseries],
"to": "2007-12-03T10:15:30Z",
"users": [SiteMetrics]
}
AccountProfileType
Description
enum for account type
Values
| Enum Value | Description |
|---|---|
|
|
A customer account |
|
|
A partner account |
Example
"CUSTOMER"
AccountRef
BetaAccountRolesResult
Fields
| Field Name | Description |
|---|---|
items - [RBACRole!]!
|
|
total - Int!
|
Example
{"items": [RBACRole], "total": 123}
AccountSnapshot
Fields
| Field Name | Description |
|---|---|
id - ID
|
Unique Identifier of Account |
sites - [SiteSnapshot!]
|
Sites includes information about online as well as offline sites |
Arguments
|
|
timestamp - DateTime
|
|
users - [UserSnapshot!]
|
VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested |
Arguments
|
|
Example
{
"id": "4",
"sites": [SiteSnapshot],
"timestamp": "2007-12-03T10:15:30Z",
"users": [UserSnapshot]
}
AccountTenancy
Description
enum for account tenancy
Values
| Enum Value | Description |
|---|---|
|
|
Multi tenant account - default for partner accounts |
|
|
Single tenant account - default for customer accounts |
Example
"MULTI_TENANT"
AccountType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALL"
Activity
Possible Types
| Activity Types |
|---|
Example
{"id": 4, "resourceId": 4, "parentResourceId": 4}
ActorRef
BetaAddAccountInput
Fields
| Input Field | Description |
|---|---|
description - String
|
User-defined information as defined by an account admin |
name - String!
|
The name of the account |
tenancy - AccountTenancy!
|
The account tenancy (single-tenant / multi-tenant) |
timezone - TimeZone!
|
The time zone of the account. Default: UTC (GMT + 0). |
type - AccountProfileType!
|
The account type (Partner / customer) |
Example
{
"description": "abc123",
"name": "abc123",
"tenancy": "MULTI_TENANT",
"timezone": "Etc/UTC",
"type": "CUSTOMER"
}
AddAdminInput
Fields
| Input Field | Description |
|---|---|
email - String!
|
|
firstName - String!
|
|
lastName - String!
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
passwordNeverExpires - Boolean!
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"email": "abc123",
"firstName": "xyz789",
"lastName": "xyz789",
"managedRoles": [UpdateAdminRoleInput],
"passwordNeverExpires": true,
"resellerRoles": [UpdateAdminRoleInput]
}
AddAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": 4}
AddBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
advertiseAllRoutes - Boolean!
|
Advertise all routes if true. Default |
advertiseDefaultRoute - Boolean!
|
Advertise the default route (0.0.0.0/0) if true. Default |
advertiseSummaryRoutes - Boolean!
|
Advertise summarized routes if true. Default |
bfdEnabled - Boolean!
|
Enable BFD for session failure detection if true. Default |
bfdSettings - BfdSettingsInput
|
Required BFD configuration if BFD is enabled. |
catoAsn - Asn16!
|
The AS number of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction!
|
Default action for routes not matching filters (ACCEPT or DROP). |
defaultActionExclusion - [BgpFilterRuleInput!]!
|
Excluded rules from the default action. Default |
holdTime - Int!
|
Time (in seconds) before declaring the peer unreachable. Default |
keepaliveInterval - Int!
|
Time (in seconds) between keepalive messages. Default |
md5AuthKey - String
|
MD5 authentication key for secure sessions. |
metric - Int!
|
Route preference metric; lower values are given precedence. Default |
name - String!
|
Name of the BGP configuration entity. |
peerAsn - Asn32!
|
The AS number of the peer BGP endpoint. |
peerIp - IPAddress!
|
IP address of the peer BGP endpoint. |
performNat - Boolean!
|
Perform NAT if true. Default |
site - SiteRefInput!
|
Information about the site where the BGP peer is being added. |
summaryRoute - [BgpSummaryRouteInput!]!
|
Summarized routes to advertise. Default |
tracking - BgpTrackingInput
|
Configuration for tracking the health and status of the BGP peer. |
Example
{
"advertiseAllRoutes": false,
"advertiseDefaultRoute": false,
"advertiseSummaryRoutes": false,
"bfdEnabled": false,
"bfdSettings": BfdSettingsInput,
"catoAsn": Asn16,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRuleInput],
"holdTime": 123,
"keepaliveInterval": 123,
"md5AuthKey": "xyz789",
"metric": 987,
"name": "abc123",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": false,
"site": SiteRefInput,
"summaryRoute": [BgpSummaryRouteInput],
"tracking": BgpTrackingInput
}
AddBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The BGP peer that was successfully added. |
Example
{"bgpPeer": BgpPeer}
AddCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for adding a new physical connection to a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
downstreamBwLimit - NetworkBandwidth!
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod!
|
Method of encapsulation.Wither .1Q/QinQ |
haRole - HaRole!
|
High availability role of the connection. |
popLocation - PopLocationRefInput!
|
Identifying data for the POP location. |
privateCatoIp - IPAddress!
|
Private IP address of Cato. |
privateSiteIp - IPAddress!
|
Private IP address of the site. |
serviceProviderName - String!
|
Name of the service provider. Usually a partner, or a fabric service provider. |
site - SiteRefInput!
|
Identifying data for the site. |
subnet - NetworkSubnet!
|
Subnet for the connection, the BGP peering range. /30 CIDR. |
upstreamBwLimit - NetworkBandwidth!
|
Upstream bandwidth limit. |
Example
{
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"haRole": "PRIMARY",
"popLocation": PopLocationRefInput,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"serviceProviderName": "abc123",
"site": SiteRefInput,
"subnet": NetworkSubnet,
"upstreamBwLimit": NetworkBandwidth
}
AddCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for adding a new physical connection to a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the newly added connection. |
Example
{"id": "4"}
AddCloudInterconnectSiteInput
BetaDescription
Input for adding a new cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
description - String
|
Description of the site. |
name - String!
|
Name of the site. |
siteLocation - AddSiteLocationInput!
|
Location details of the site. |
siteType - SiteType!
|
Type of the site. Default |
Example
{
"description": "xyz789",
"name": "abc123",
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH"
}
AddCloudInterconnectSitePayload
BetaDescription
Payload for adding a new cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
ID of the newly added site. |
Example
{"siteId": 4}
AddIpsecIkeV2SiteInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default |
vlan - Vlan
|
VLAN ID for native range |
Example
{
"description": "abc123",
"name": "abc123",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"vlan": Vlan
}
AddIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [AddIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [AddIpsecIkeV2SiteTunnelPayload]
}
AddIpsecIkeV2SitePayload
BetaFields
| Field Name | Description |
|---|---|
siteId - ID!
|
The ID of the site |
Example
{"siteId": 4}
AddIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "xyz789",
"tunnelId": "PRIMARY1"
}
AddIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
primary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s primary tunnel |
secondary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s secondary tunnel |
Example
{
"primary": AddIpsecIkeV2TunnelsInput,
"secondary": AddIpsecIkeV2TunnelsInput
}
AddIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the primary tunnel |
secondary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the secondary tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": AddIpsecIkeV2SiteMultiTunnelPayload,
"secondary": AddIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
AddIpsecIkeV2TunnelInput
BetaFields
| Input Field | Description |
|---|---|
lastMileBw - LastMileBwInput
|
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below |
name - String
|
Tunnel name |
privateCatoIp - IPAddress
|
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only |
privateSiteIp - IPAddress
|
Site private IP, used for BGP routing. Applicable for sites using BGP only |
psk - String!
|
Pre-shared key. This field is write-only. |
publicSiteIp - IPAddress
|
The public IP address where the IPsec tunnel is initiated |
role - IPSecV2TunnelRole
|
Tunnel role |
Example
{
"lastMileBw": LastMileBwInput,
"name": "abc123",
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"psk": "xyz789",
"publicSiteIp": IPAddress,
"role": "WAN1"
}
AddIpsecIkeV2TunnelsInput
BetaFields
| Input Field | Description |
|---|---|
destinationType - DestinationType
|
The destination type of the IPsec tunnel |
popLocationId - ID
|
The PoP location ID |
publicCatoIpId - ID
|
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud |
tunnels - [AddIpsecIkeV2TunnelInput!]!
|
Example
{
"destinationType": "FQDN",
"popLocationId": "4",
"publicCatoIpId": 4,
"tunnels": [AddIpsecIkeV2TunnelInput]
}
AddNetworkRangeInput
Fields
| Input Field | Description |
|---|---|
azureFloatingIp - IPAddress
|
Only relevant for AZURE HA sites |
dhcpSettings - NetworkDhcpSettingsInput
|
Only relevant for NATIVE, VLAN rangeType |
gateway - IPAddress
|
Only relevant for ROUTED_ROUTE rangeType |
localIp - IPAddress
|
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType |
mdnsReflector - Boolean
|
BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType |
name - String!
|
|
rangeType - SubnetType!
|
|
subnet - IPSubnet!
|
|
translatedSubnet - IPSubnet
|
|
vlan - Int
|
Only relevant for VLAN network rangeType |
Example
{
"azureFloatingIp": IPAddress,
"dhcpSettings": NetworkDhcpSettingsInput,
"gateway": IPAddress,
"localIp": IPAddress,
"mdnsReflector": false,
"name": "xyz789",
"rangeType": "Direct",
"subnet": IPSubnet,
"translatedSubnet": IPSubnet,
"vlan": 987
}
AddNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": 4}
AddSecondaryAwsVSocketInput
BetaFields
| Input Field | Description |
|---|---|
eniIpAddress - IPAddress!
|
The IP address of LAN interface |
eniIpSubnet - NetworkSubnet!
|
The subnet of the LAN interface |
routeTableId - String!
|
The ID of the LAN route table |
site - SiteRefInput!
|
Information about the site where the secondary AWS VSocket is being added. |
Example
{
"eniIpAddress": IPAddress,
"eniIpSubnet": NetworkSubnet,
"routeTableId": "xyz789",
"site": SiteRefInput
}
AddSecondaryAwsVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The secondary socket id |
Example
{"id": 4}
AddSecondaryAzureVSocketInput
BetaFields
| Input Field | Description |
|---|---|
floatingIp - IPAddress!
|
The floating IP address |
interfaceIp - IPAddress!
|
The IP address of the interface |
site - SiteRefInput!
|
Information about the site where the secondary Azure VSocket is being added. |
Example
{
"floatingIp": IPAddress,
"interfaceIp": IPAddress,
"site": SiteRefInput
}
AddSecondaryAzureVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The secondary socket id |
Example
{"id": 4}
AddSiteLocationInput
Example
{
"address": "abc123",
"city": "abc123",
"countryCode": "xyz789",
"stateCode": "xyz789",
"timezone": "xyz789"
}
AddSocketSiteInput
Fields
| Input Field | Description |
|---|---|
connectionType - SiteConnectionTypeEnum!
|
|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default |
translatedSubnet - IPSubnet
|
|
vlan - Vlan
|
VLAN ID for native range |
Example
{
"connectionType": "SOCKET_AWS1500",
"description": "xyz789",
"name": "abc123",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"translatedSubnet": IPSubnet,
"vlan": Vlan
}
AddSocketSitePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": 4}
AddStaticHostInput
Fields
| Input Field | Description |
|---|---|
ip - IPAddress!
|
|
macAddress - String
|
|
name - String!
|
Example
{
"ip": IPAddress,
"macAddress": "abc123",
"name": "abc123"
}
AddStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": "4"}
AddStoryCommentInput
BetaAddStoryCommentPayload
BetaFields
| Field Name | Description |
|---|---|
comment - StoryComment!
|
Add a new comment to the XDR story |
Example
{"comment": StoryComment}
AddressInput
BetaExample
{
"cityName": "xyz789",
"companyName": "xyz789",
"countryName": "abc123",
"stateName": "abc123",
"street": "xyz789",
"zipCode": "abc123"
}
AddressValidationStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"INVALID"
Admin
Description
A CC2 administrator
Fields
| Field Name | Description |
|---|---|
allowedItems - [Entity!]
|
|
creationDate - DateTime
|
|
email - String
|
|
firstName - String
|
|
id - ID!
|
|
lastName - String
|
|
managedRoles - [AdminRole!]
|
|
mfaEnabled - Boolean
|
|
modifyDate - DateTime
|
|
nativeAccountID - ID
|
|
passwordNeverExpires - Boolean
|
|
presentUsageAndEvents - Boolean
|
|
resellerRoles - [AdminRole!]
|
|
role - UserRole
|
|
status - OperationalStatus
|
|
version - String!
|
Example
{
"allowedItems": [Entity],
"creationDate": "2007-12-03T10:15:30Z",
"email": "xyz789",
"firstName": "xyz789",
"id": "4",
"lastName": "xyz789",
"managedRoles": [AdminRole],
"mfaEnabled": true,
"modifyDate": "2007-12-03T10:15:30Z",
"nativeAccountID": "4",
"passwordNeverExpires": true,
"presentUsageAndEvents": false,
"resellerRoles": [AdminRole],
"role": "EDITOR",
"status": "active",
"version": "xyz789"
}
AdminRef
BetaAdminRole
AdminsResult
AggregationType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"any"
AlertClassificationEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"FALSE_POSITIVE"
AlertDeterminationEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"APT"
AllocatedIpRef
BetaAllocatedIpRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
AnalystFeedback
BetaFields
| Field Name | Description |
|---|---|
additionalInfo - String
|
|
severity - SeverityEnum
|
|
threatClassification - String
|
|
threatType - AnalystFeedbackThreatType
|
|
verdict - StoryVerdictEnum
|
Example
{
"additionalInfo": "abc123",
"severity": "High",
"threatClassification": "xyz789",
"threatType": AnalystFeedbackThreatType,
"verdict": "Benign"
}
AnalystFeedbackInput
BetaFields
| Input Field | Description |
|---|---|
additionalInfo - String
|
Free text for the analyst to enter additional information about the XDR story |
severity - SeverityEnum
|
Enum for analyst to assign the severity of a Malicious XDR story |
status - StoryStatusEnum
|
Enum for the current status of the XDR story. |
storyId - ID!
|
The relevant Story |
threatClassification - String
|
More detailed description of the type of threat. For example, the Anonymizer threatType can be assigned the Bitorrent Client threatClassification. |
threatType - StoryThreatType
|
Type of threat for the XDR story that is assigned by the analyst |
verdict - StoryVerdictEnum
|
Enum for analyst to assign the verdict of the XDR story |
Example
{
"additionalInfo": "xyz789",
"severity": "High",
"status": "Closed",
"storyId": "4",
"threatClassification": "abc123",
"threatType": StoryThreatType,
"verdict": "Benign"
}
AnalystFeedbackPayload
BetaFields
| Field Name | Description |
|---|---|
story - Story
|
Data related to the actions and information that an analyst adds to the XDR story |
Example
{"story": Story}
AnalystFeedbackThreatType
BetaAnalystInfo
BetaAnnotationType
Values
| Enum Value | Description |
|---|---|
|
|
Other events that are included in annotations |
|
|
The site connects to a different PoP |
|
|
The ISP IP address (remote IP) changed |
|
|
Change for HA status role |
Example
"generic"
Anomalies
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
|
firstSignal - DateTime!
|
|
lastSignal - DateTime!
|
|
engineType - StoryEngineTypeEnum
|
|
vendor - VendorEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
connectionType - ConnectionTypeEnum
|
|
indication - String!
|
|
queryName - String
|
|
source - String
|
|
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
storyDuration - Int
|
|
description - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
sourceIp - String
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
direction - String
|
Possible Types
| Anomalies Types |
|---|
Example
{
"id": "4",
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerName": "abc123",
"connectionType": "Host",
"indication": "xyz789",
"queryName": "xyz789",
"source": "xyz789",
"criticality": 123,
"ticket": "abc123",
"status": "Closed",
"research": false,
"siteName": "abc123",
"storyDuration": 987,
"description": "xyz789",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"sourceIp": "xyz789",
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "abc123",
"direction": "abc123"
}
AnomalyEvents
BetaDescription
The AnomalyEvents object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "abc123",
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 987,
"description": "xyz789",
"deviceName": "abc123",
"direction": "xyz789",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": "4",
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "xyz789",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"os": "abc123",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"queryName": "xyz789",
"research": false,
"rules": ["abc123"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "abc123",
"sourceIp": "xyz789",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 987,
"subjectType": "abc123",
"targets": [IncidentTargetRep],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
AnomalyStats
BetaDescription
The AnomalyStats object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "abc123",
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 123,
"description": "xyz789",
"deviceName": "abc123",
"direction": "xyz789",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": 4,
"indication": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "xyz789",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"os": "xyz789",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"queryName": "xyz789",
"research": true,
"rules": ["xyz789"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "xyz789",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 987,
"subjectType": "xyz789",
"targets": [IncidentTargetRep],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
ApiKeyRef
BetaApnMethod
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"METHOD_AUTO"
AppStats
AppStatsField
Fields
| Field Name | Description |
|---|---|
name - AppStatsFieldName!
|
|
value - Value!
|
Example
{"name": "ad_name", "value": StringValue}
AppStatsFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Active Directory name |
|
|
The application identifier |
|
|
The application name |
|
|
Cato system category of the application |
|
|
Application description |
|
|
IP for destination host or Cato Client |
|
|
Destination is site or remote user |
|
|
Destination site or remote user identifier |
|
|
Destination Site or remote user identifier |
|
|
Destination Site or remote user name |
|
|
Name for device related to the traffic |
|
|
|
|
|
|
|
|
data downloaded from cloud applications |
|
|
|
|
|
the country in which the registered application headquarteres is located |
|
|
|
|
|
indicates whether the application is considered cloud app/SaaS app |
|
|
new cloud application identifier |
|
|
|
|
|
the application risk score assigned by Cato |
|
|
Is the application defined as sanctioned? |
|
|
Country in which the source host is located |
|
|
State in which the source host is located |
|
|
Name for Socket interface |
|
|
IP for source host or Cato Client |
|
|
Source is site or remote user |
|
|
Source site or remote user identifier |
|
|
Source site or remote user name |
|
|
Name of subnet as defined in Cato Management Application |
|
|
the total sum of upstream and downstream data in bytes |
|
|
Traffic direction |
|
|
data uploaded to cloud applications |
|
|
User identifier |
|
|
User name |
|
|
use user_id instead |
Example
"ad_name"
AppStatsFilter
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
|
operator - FilterOperator!
|
|
values - [String!]!
|
Example
{
"fieldName": "ad_name",
"operator": "between",
"values": ["xyz789"]
}
AppStatsRecord
Fields
| Field Name | Description |
|---|---|
fields - [AppStatsField!]
|
|
fieldsMap - Map
|
fields in map format (see Map scalar) |
fieldsUnitTypes - [UnitType!]
|
|
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
prevTimeFrame - Map
|
|
trends - Map
|
Example
{
"fields": [AppStatsField],
"fieldsMap": Map,
"fieldsUnitTypes": ["bits"],
"flatFields": ["abc123"],
"prevTimeFrame": Map,
"trends": Map
}
AppStatsSort
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
|
order - DirectionEnum!
|
Example
{"fieldName": "ad_name", "order": "asc"}
AppStatsTimeSeries
AppTenantRestrictionActionEnum
BetaDescription
Allowed actions
Values
| Enum Value | Description |
|---|---|
|
|
Do not inject any Headers nor Values for outgoing traffic |
|
|
Inject Headers and Values for outgoing traffic |
Example
"BYPASS"
AppTenantRestrictionAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AppTenantRestrictionActionEnum!
|
The action applied by the App Tenant Restriction if the rule is matched Default |
application - ApplicationRefInput!
|
Applications for the rule (pre-defined) |
description - String!
|
|
enabled - Boolean!
|
|
headers - [AppTenantRestrictionHeaderValueInput!]!
|
Headers and Values to Inject Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
severity - AppTenantRestrictionSeverityEnum!
|
Severity defined for the rule Default |
source - AppTenantRestrictionSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
Example
{
"action": "BYPASS",
"application": ApplicationRefInput,
"description": "xyz789",
"enabled": true,
"headers": [AppTenantRestrictionHeaderValueInput],
"name": "xyz789",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": AppTenantRestrictionSourceInput
}
AppTenantRestrictionAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - AppTenantRestrictionAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": AppTenantRestrictionAddRuleDataInput
}
AppTenantRestrictionHeaderValue
BetaDescription
pair of header name and value
Fields
| Field Name | Description |
|---|---|
name - HttpHeaderName!
|
Header to inject |
value - HttpHeaderValue!
|
Value to inject |
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
AppTenantRestrictionHeaderValueInput
BetaDescription
pair of header name and value
Fields
| Input Field | Description |
|---|---|
name - HttpHeaderName!
|
Header to inject |
value - HttpHeaderValue!
|
Value to inject |
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
AppTenantRestrictionPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [AppTenantRestrictionRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [AppTenantRestrictionRulePayload],
"sections": [PolicySectionPayload]
}
AppTenantRestrictionPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
AppTenantRestrictionPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
AppTenantRestrictionPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - AppTenantRestrictionPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": AppTenantRestrictionPolicy,
"status": "FAILURE"
}
AppTenantRestrictionPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
AppTenantRestrictionRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
AppTenantRestrictionRule
BetaFields
| Field Name | Description |
|---|---|
action - AppTenantRestrictionActionEnum!
|
The action applied by the App Tenant Restriction if the rule is matched |
application - ApplicationRef!
|
Applications for the rule (pre-defined) |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
headers - [AppTenantRestrictionHeaderValue!]!
|
Headers and Values to Inject |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
schedule - PolicySchedule!
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
severity - AppTenantRestrictionSeverityEnum!
|
Severity defined for the rule |
source - AppTenantRestrictionSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "BYPASS",
"application": ApplicationRef,
"description": "abc123",
"enabled": false,
"headers": [AppTenantRestrictionHeaderValue],
"id": "4",
"index": 123,
"name": "abc123",
"schedule": PolicySchedule,
"section": PolicySectionInfo,
"severity": "HIGH",
"source": AppTenantRestrictionSource
}
AppTenantRestrictionRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - AppTenantRestrictionRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": AppTenantRestrictionRulePayload,
"status": "FAILURE"
}
AppTenantRestrictionRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - AppTenantRestrictionRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": AppTenantRestrictionRule
}
AppTenantRestrictionSeverityEnum
BetaDescription
Severity options
Values
| Enum Value | Description |
|---|---|
|
|
High severity |
|
|
Low severity |
|
|
Medium severity |
Example
"HIGH"
AppTenantRestrictionSource
BetaDescription
Returns the settings for Source of an App Tenant Restriction rule
Fields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
Source country traffic matching criteria. |
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"country": [CountryRef],
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
AppTenantRestrictionSourceInput
BetaDescription
Input of the settings for Source of an App Tenant Restriction rule
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Default |
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
AppTenantRestrictionSourceUpdateInput
BetaDescription
Input of the settings for Source of an App Tenant Restriction rule
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
Source country traffic matching criteria. |
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
AppTenantRestrictionUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AppTenantRestrictionActionEnum
|
The action applied by the App Tenant Restriction if the rule is matched |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
description - String
|
|
enabled - Boolean
|
|
headers - [AppTenantRestrictionHeaderValueInput!]
|
Headers and Values to Inject |
name - String
|
|
schedule - PolicyScheduleUpdateInput
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
severity - AppTenantRestrictionSeverityEnum
|
Severity defined for the rule |
source - AppTenantRestrictionSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "BYPASS",
"application": ApplicationRefInput,
"description": "abc123",
"enabled": true,
"headers": [AppTenantRestrictionHeaderValueInput],
"name": "xyz789",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": AppTenantRestrictionSourceUpdateInput
}
AppTenantRestrictionUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - AppTenantRestrictionUpdateRuleDataInput!
|
Example
{"id": 4, "rule": AppTenantRestrictionUpdateRuleDataInput}
ApplicationCategoryRef
BetaApplicationCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationRef
BetaApplicationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
ApplicationRisk
BetaDescription
Application Risk
Example
ApplicationRisk
Asn16
BetaDescription
16 bit autonomous system number [0-65535]
Example
Asn16
Asn32
BetaDescription
32 bit autonomous system number [0-4294967295]
Example
Asn32
AtpLicense
BetaDescription
Advanced Threat Prevention (ATP) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
AuditFeed
Example
{
"accounts": [AuditFeedAccountRecords],
"fetchedCount": 123,
"from": "2007-12-03T10:15:30Z",
"hasMore": false,
"marker": "abc123",
"to": "2007-12-03T10:15:30Z"
}
AuditFeedAccountRecords
Fields
| Field Name | Description |
|---|---|
id - ID
|
|
records - [AuditRecord!]
|
|
Arguments
|
|
Example
{"id": 4, "records": [AuditRecord]}
AuditField
AuditFieldFilterInput
Fields
| Input Field | Description |
|---|---|
fieldName - FieldNameInput!
|
|
operator - ElasticOperator!
|
Use AuditFieldName for audits |
values - [String!]
|
Example
{
"fieldName": FieldNameInput,
"operator": "between",
"values": ["abc123"]
}
AuditFieldName
Values
| Enum Value | Description |
|---|---|
|
|
The name of the account on which the record was created |
|
|
The id of the account on which the record was created |
|
|
The admin whose action generated the record |
|
|
The ID of the admin whose action generated the record |
|
|
The api key whose action generated the record |
|
|
|
|
|
the nature of the change: CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED
|
|
|
Time the record was created |
|
|
Time the record was committed to storage |
|
|
The name of the object that was affected, e.g. 'My Site' |
|
|
The type of object that was affected. e.g. Site, Socket, SocketInterface |
|
|
Less granular than model_name, a general marker of the modified area: administration, configuration, security |
Example
"account"
AuditRecord
Description
Represents a single event in the audit database
Fields
| Field Name | Description |
|---|---|
account - EntityInfo
|
|
admin - Entity
|
|
apiKey - Entity
|
|
fields - [AuditField!]
|
All fields in the audit record (including the admin and object) |
fieldsMap - Map
|
fields in map format (see Map scalar) |
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
object - Entity
|
|
time - DateTime
|
Example
{
"account": EntityInfo,
"admin": Entity,
"apiKey": Entity,
"fields": [AuditField],
"fieldsMap": Map,
"flatFields": ["xyz789"],
"object": Entity,
"time": "2007-12-03T10:15:30Z"
}
BGPConnection
BandwidthManagementRef
BetaBandwidthManagementRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
BfdSettings
BetaFields
| Field Name | Description |
|---|---|
multiplier - Int!
|
Number of missed BFD packets before considering the session down. |
receiveInterval - Int!
|
Time interval (in milliseconds) in which this peer expects to receive BFD packets. |
transmitInterval - Int!
|
Time interval (in milliseconds) between BFD packets sent by this peer. |
Example
{"multiplier": 123, "receiveInterval": 987, "transmitInterval": 987}
BfdSettingsInput
BetaFields
| Input Field | Description |
|---|---|
multiplier - Int!
|
Number of missed BFD packets before considering the session down. Default |
receiveInterval - Int!
|
Time interval (in milliseconds) in which this peer expects to receive BFD packets. Default |
transmitInterval - Int!
|
Time interval (in milliseconds) between BFD packets sent by this peer. Default |
Example
{"multiplier": 123, "receiveInterval": 987, "transmitInterval": 123}
BgpCommunity
BetaBgpCommunityFilterPredicate
BetaValues
| Enum Value | Description |
|---|---|
|
|
Matches exactly the specified community value. |
|
|
Matches any community value except the specified one. |
Example
"EQUAL"
BgpCommunityFilterRule
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values to match. |
id - ID!
|
Unique identifier of the community filter rule. |
predicate - BgpCommunityFilterPredicate!
|
Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL). |
Example
{
"community": [BgpCommunity],
"id": "4",
"predicate": "EQUAL"
}
BgpCommunityFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
community - [BgpCommunityInput!]!
|
Community values to match. Default |
predicate - BgpCommunityFilterPredicate
|
Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL). |
Example
{"community": [BgpCommunityInput], "predicate": "EQUAL"}
BgpCommunityInput
BetaBgpDefaultAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
Default action to accept all unmatched routes. |
|
|
Default action to drop all unmatched routes. |
Example
"ACCEPT"
BgpDetailedStatus
BetaFields
| Field Name | Description |
|---|---|
bfdSession - String
|
Status of the BFD session (if applicable). |
bgpSession - String!
|
Status of the BGP session (e.g., established, down). |
rejectedRoutesFromPeer - [BgpRejectedRoutesFromPeer!]!
|
Routes rejected from the peer. |
remoteIp - IPAddress!
|
IP address of the remote BGP peer. |
routesFromPeer - [String!]!
|
Routes received from the peer. |
routesToPeer - [String!]!
|
Routes sent to the peer. |
Example
{
"bfdSession": "xyz789",
"bgpSession": "abc123",
"rejectedRoutesFromPeer": [BgpRejectedRoutesFromPeer],
"remoteIp": IPAddress,
"routesFromPeer": ["abc123"],
"routesToPeer": ["xyz789"]
}
BgpFilterRule
BetaFields
| Field Name | Description |
|---|---|
bgpRouteExactAndInclusiveFilterRule - BgpRouteExactAndInclusiveFilterRule
|
Exact and inclusive filter rule. Please choose only one filter rule type. |
bgpRouteExactFilterRule - BgpRouteExactFilterRule
|
Exact route filter rule. Please choose only one filter rule type. |
communityFilterRule - BgpCommunityFilterRule
|
Community filter rule. Please choose only one filter rule type. |
Example
{
"bgpRouteExactAndInclusiveFilterRule": BgpRouteExactAndInclusiveFilterRule,
"bgpRouteExactFilterRule": BgpRouteExactFilterRule,
"communityFilterRule": BgpCommunityFilterRule
}
BgpFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
bgpRouteExactAndInclusiveFilterRule - BgpRouteExactAndInclusiveFilterRuleInput
|
Input for exact and inclusive filter rule. |
bgpRouteExactFilterRule - BgpRouteExactFilterRuleInput
|
Input for exact route filter rule. |
communityFilterRule - BgpCommunityFilterRuleInput
|
Input for community filter rule. |
Example
{
"bgpRouteExactAndInclusiveFilterRule": BgpRouteExactAndInclusiveFilterRuleInput,
"bgpRouteExactFilterRule": BgpRouteExactFilterRuleInput,
"communityFilterRule": BgpCommunityFilterRuleInput
}
BgpPeer
BetaFields
| Field Name | Description |
|---|---|
advertiseAllRoutes - Boolean!
|
Indicates if all routes are advertised. |
advertiseDefaultRoute - Boolean!
|
Indicates if the default route is advertised. |
advertiseSummaryRoutes - Boolean!
|
Indicates if summarized routes are advertised. |
bfdEnabled - Boolean!
|
Indicates if BFD is enabled for failure detection. |
bfdSettings - BfdSettings
|
BFD configuration. |
catoAsn - Asn16!
|
AS number of Cato's BGP endpoint. |
catoIp - IPAddress!
|
IP address of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction!
|
Default action for routes not matching filters (ACCEPT or DROP). |
defaultActionExclusion - [BgpFilterRule!]!
|
Rules excluded from the default action. |
holdTime - Int!
|
Time before declaring the peer unreachable. |
id - ID!
|
Unique identifier for the BGP peer. |
keepaliveInterval - Int!
|
Interval between keepalive messages. |
md5AuthKey - String
|
MD5 authentication key for secure sessions. |
metric - Int!
|
Metric for route preferences. |
name - String!
|
Name of the BGP configuration entity. |
peerAsn - Asn32!
|
AS number of the peer BGP endpoint. |
peerIp - IPAddress!
|
IP address of the peer BGP endpoint. |
performNat - Boolean!
|
Indicates if NAT is performed on routes. |
site - SiteRef!
|
Site associated with this BGP peer. |
summaryRoute - [BgpSummaryRoute!]!
|
Summarized routes advertised to the peer. |
tracking - BgpTracking
|
Tracking configuration for health and availability. |
Example
{
"advertiseAllRoutes": false,
"advertiseDefaultRoute": true,
"advertiseSummaryRoutes": false,
"bfdEnabled": true,
"bfdSettings": BfdSettings,
"catoAsn": Asn16,
"catoIp": IPAddress,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRule],
"holdTime": 123,
"id": "4",
"keepaliveInterval": 987,
"md5AuthKey": "xyz789",
"metric": 123,
"name": "xyz789",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": true,
"site": SiteRef,
"summaryRoute": [BgpSummaryRoute],
"tracking": BgpTracking
}
BgpPeerListInput
BetaFields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
Identifies the site whose BGP peers are listed. |
Example
{"site": SiteRefInput}
BgpPeerListPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - [BgpPeer!]!
|
BGP peers associated with the site. |
total - Int!
|
Total number of BGP peers found. |
Example
{"bgpPeer": [BgpPeer], "total": 123}
BgpPeerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Specifies the method of identification (default is by ID). Default |
input - String!
|
Value used to identify the BGP peer (e.g., ID or name). |
Example
{"by": "ID", "input": "abc123"}
BgpRejectedRoutesFromPeer
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values associated with the rejected route. |
lastPublishAttempt - DateTime
|
Timestamp of the last attempt to publish the rejected route. |
rule - String
|
Filter rule that caused the rejection. |
subnet - NetworkSubnet
|
Subnet of the rejected route. |
type - String
|
Reason for rejecting the route. |
Example
{
"community": [BgpCommunity],
"lastPublishAttempt": "2007-12-03T10:15:30Z",
"rule": "abc123",
"subnet": NetworkSubnet,
"type": "abc123"
}
BgpRouteExactAndInclusiveFilterRule
BetaFields
| Field Name | Description |
|---|---|
ge - Int
|
Minimum prefix length for the filter rule. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges to include. |
globalIpRangeException - [GlobalIpRangeRef!]!
|
Global IP ranges to exclude. |
id - ID!
|
Unique identifier of the filter rule. |
le - Int
|
Maximum prefix length for the filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. |
networkSubnetException - [NetworkSubnet!]!
|
Network subnets to exclude. |
Example
{
"ge": 987,
"globalIpRange": [GlobalIpRangeRef],
"globalIpRangeException": [GlobalIpRangeRef],
"id": "4",
"le": 123,
"networkSubnet": [NetworkSubnet],
"networkSubnetException": [NetworkSubnet]
}
BgpRouteExactAndInclusiveFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
ge - Int
|
Minimum prefix length for the filter rule. |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges to include. Default |
globalIpRangeException - [GlobalIpRangeRefInput!]!
|
Global IP ranges to exclude. Default |
le - Int
|
Maximum prefix length for the filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. Default |
networkSubnetException - [NetworkSubnet!]!
|
Network subnets to exclude. Default |
Example
{
"ge": 987,
"globalIpRange": [GlobalIpRangeRefInput],
"globalIpRangeException": [GlobalIpRangeRefInput],
"le": 987,
"networkSubnet": [NetworkSubnet],
"networkSubnetException": [NetworkSubnet]
}
BgpRouteExactFilterRule
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges to include. |
id - ID!
|
Unique identifier of the exact filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. |
Example
{
"globalIpRange": [GlobalIpRangeRef],
"id": "4",
"networkSubnet": [NetworkSubnet]
}
BgpRouteExactFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges to include. Default |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. Default |
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"networkSubnet": [NetworkSubnet]
}
BgpSummaryRoute
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values associated with the route. |
id - ID!
|
Unique identifier of the summarized route. |
route - NetworkSubnet!
|
Subnet of the summarized route. |
Example
{
"community": [BgpCommunity],
"id": 4,
"route": NetworkSubnet
}
BgpSummaryRouteInput
BetaFields
| Input Field | Description |
|---|---|
community - [BgpCommunityInput!]!
|
Community values to associate with the summarized route. Default |
route - NetworkSubnet!
|
Subnet of the summarized route to be advertised. |
Example
{
"community": [BgpCommunityInput],
"route": NetworkSubnet
}
BgpTracking
BetaFields
| Field Name | Description |
|---|---|
alertFrequency - PolicyRuleTrackingFrequencyEnum!
|
Frequency of health alerts. |
enabled - Boolean!
|
Indicates if tracking is enabled. |
id - ID!
|
Unique identifier for the tracking rule. |
subscriptionId - ID
|
Subscription ID associated with the rule. |
Example
{
"alertFrequency": "DAILY",
"enabled": true,
"id": "4",
"subscriptionId": "4"
}
BgpTrackingInput
BetaFields
| Input Field | Description |
|---|---|
alertFrequency - PolicyRuleTrackingFrequencyEnum!
|
Frequency of health alerts. Default |
enabled - Boolean!
|
Indicates if tracking is enabled. Default |
subscriptionId - ID!
|
Subscription ID associated with this tracking rule. |
Example
{
"alertFrequency": "DAILY",
"enabled": false,
"subscriptionId": "4"
}
Boolean
Description
The Boolean scalar type represents true or false.
BooleanFilterInput
BetaBooleanPredicate
BetaFields
| Input Field | Description |
|---|---|
is - String!
|
Example
{"is": "xyz789"}
CasbLicense
BetaDescription
Cloud Access Security Broker (CASB) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
CatalogApplication
BetaFields
| Field Name | Description |
|---|---|
activity - [CatalogApplicationActivity!]!
|
|
capability - [CatalogApplicationCapability!]!
|
|
category - [ApplicationCategoryRef!]!
|
|
city - String
|
|
complianceAttributes - CatalogApplicationComplianceAttributes!
|
|
description - String
|
|
descriptionSummary - String
|
|
id - ID!
|
|
ipoStatus - String
|
|
name - String!
|
|
numOfEmployees - EmployeeRange
|
|
originCountry - CountryRef
|
|
recentlyAdded - Boolean!
|
|
region - String
|
|
risk - ApplicationRisk
|
|
sanctioned - Boolean!
|
|
securityAttributes - CatalogApplicationSecurityAttributes!
|
|
standardPorts - [CustomService!]!
|
|
type - CatalogApplicationType!
|
|
website - Url
|
Example
{
"activity": [CatalogApplicationActivity],
"capability": ["ANTI_MALWARE_INLINE"],
"category": [ApplicationCategoryRef],
"city": "abc123",
"complianceAttributes": CatalogApplicationComplianceAttributes,
"description": "abc123",
"descriptionSummary": "abc123",
"id": 4,
"ipoStatus": "xyz789",
"name": "abc123",
"numOfEmployees": "BETWEEN_00001_00010",
"originCountry": CountryRef,
"recentlyAdded": false,
"region": "xyz789",
"risk": ApplicationRisk,
"sanctioned": false,
"securityAttributes": CatalogApplicationSecurityAttributes,
"standardPorts": [CustomService],
"type": "APPLICATION",
"website": Url
}
CatalogApplicationActivity
BetaFields
| Field Name | Description |
|---|---|
fields - [CatalogApplicationActivityField!]!
|
|
id - ID!
|
|
name - String!
|
Example
{
"fields": [CatalogApplicationActivityField],
"id": 4,
"name": "xyz789"
}
CatalogApplicationActivityField
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
possibleOperators - [CatalogApplicationActivityFieldOperator!]!
|
|
possibleValues - [String!]!
|
Example
{
"id": "4",
"name": "xyz789",
"possibleOperators": ["CONTAINS"],
"possibleValues": ["xyz789"]
}
CatalogApplicationActivityFieldOperator
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONTAINS"
CatalogApplicationActivityFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [CatalogApplicationActivityRefInput!]
|
Example
{"hasAny": [CatalogApplicationActivityRefInput]}
CatalogApplicationActivityRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
CatalogApplicationAttribute
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"SUPPORTED"
CatalogApplicationCapability
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANTI_MALWARE_INLINE"
CatalogApplicationCapabilityFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [CatalogApplicationCapability!]
|
Example
{"hasAny": ["ANTI_MALWARE_INLINE"]}
CatalogApplicationCategoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [ApplicationCategoryRefInput!]
|
Example
{"hasAny": [ApplicationCategoryRefInput]}
CatalogApplicationCategorySortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
CatalogApplicationComplianceAttributes
BetaFields
| Field Name | Description |
|---|---|
hippa - CatalogApplicationAttribute!
|
|
isae3402 - CatalogApplicationAttribute!
|
|
iso27001 - CatalogApplicationAttribute!
|
|
pciDss - CatalogApplicationAttribute!
|
|
soc1 - CatalogApplicationAttribute!
|
|
soc2 - CatalogApplicationAttribute!
|
|
soc3 - CatalogApplicationAttribute!
|
|
sox - CatalogApplicationAttribute!
|
Example
{
"hippa": "SUPPORTED",
"isae3402": "SUPPORTED",
"iso27001": "SUPPORTED",
"pciDss": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"sox": "SUPPORTED"
}
CatalogApplicationContentType
BetaCatalogApplicationContentTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"id": [IdFilterInput],
"name": [StringFilterInput]
}
CatalogApplicationContentTypeGroup
BetaFields
| Field Name | Description |
|---|---|
contentType - [CatalogApplicationContentType!]!
|
|
id - ID!
|
|
name - String!
|
Example
{
"contentType": [CatalogApplicationContentType],
"id": "4",
"name": "xyz789"
}
CatalogApplicationContentTypeGroupFilterInput
BetaFields
| Input Field | Description |
|---|---|
contentType - [CatalogApplicationContentTypeFilterInput!]
|
|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"contentType": [
CatalogApplicationContentTypeFilterInput
],
"id": [IdFilterInput],
"name": [StringFilterInput]
}
CatalogApplicationContentTypeGroupListInput
BetaFields
| Input Field | Description |
|---|---|
filter - [CatalogApplicationContentTypeGroupFilterInput!]
|
|
paging - PagingInput
|
|
sort - CatalogApplicationContentTypeGroupSortInput
|
Example
{
"filter": [
CatalogApplicationContentTypeGroupFilterInput
],
"paging": PagingInput,
"sort": CatalogApplicationContentTypeGroupSortInput
}
CatalogApplicationContentTypeGroupListPayload
BetaFields
| Field Name | Description |
|---|---|
contentTypeGroup - [CatalogApplicationContentTypeGroup!]!
|
|
pageInfo - PageInfo!
|
Example
{
"contentTypeGroup": [
CatalogApplicationContentTypeGroup
],
"pageInfo": PageInfo
}
CatalogApplicationContentTypeGroupSortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
CatalogApplicationFilterInput
BetaFields
| Input Field | Description |
|---|---|
activity - [CatalogApplicationActivityFilterInput!]
|
|
capability - [CatalogApplicationCapabilityFilterInput!]
|
|
category - [CatalogApplicationCategoryFilterInput!]
|
|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
|
recentlyAdded - [BooleanFilterInput!]
|
|
risk - [IntFilterInput!]
|
|
type - [CatalogApplicationTypeFilterInput!]
|
Example
{
"activity": [CatalogApplicationActivityFilterInput],
"capability": [CatalogApplicationCapabilityFilterInput],
"category": [CatalogApplicationCategoryFilterInput],
"id": [IdFilterInput],
"name": [StringFilterInput],
"recentlyAdded": [BooleanFilterInput],
"risk": [IntFilterInput],
"type": [CatalogApplicationTypeFilterInput]
}
CatalogApplicationListInput
BetaFields
| Input Field | Description |
|---|---|
filter - [CatalogApplicationFilterInput!]
|
|
paging - PagingInput
|
|
sort - CatalogApplicationSortInput
|
Example
{
"filter": [CatalogApplicationFilterInput],
"paging": PagingInput,
"sort": CatalogApplicationSortInput
}
CatalogApplicationListPayload
BetaFields
| Field Name | Description |
|---|---|
application - [CatalogApplication!]!
|
|
pageInfo - PageInfo!
|
Example
{
"application": [CatalogApplication],
"pageInfo": PageInfo
}
CatalogApplicationSecurityAttributes
BetaFields
| Field Name | Description |
|---|---|
auditTrail - CatalogApplicationAttribute!
|
|
encryptionAtRest - CatalogApplicationAttribute!
|
|
httpSecurityHeaders - CatalogApplicationAttribute!
|
|
mfa - CatalogApplicationAttribute!
|
|
rbac - CatalogApplicationAttribute!
|
|
rememberPassword - CatalogApplicationAttribute!
|
|
sso - CatalogApplicationAttribute!
|
|
tlsEnforcement - CatalogApplicationAttribute!
|
|
trustedCertificate - CatalogApplicationAttribute!
|
Example
{
"auditTrail": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED",
"mfa": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"trustedCertificate": "SUPPORTED"
}
CatalogApplicationSortInput
BetaFields
| Input Field | Description |
|---|---|
category - CatalogApplicationCategorySortInput
|
|
description - SortOrderInput
|
|
name - SortOrderInput
|
|
risk - SortOrderInput
|
|
type - SortOrderInput
|
Example
{
"category": CatalogApplicationCategorySortInput,
"description": SortOrderInput,
"name": SortOrderInput,
"risk": SortOrderInput,
"type": SortOrderInput
}
CatalogApplicationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"APPLICATION"
CatalogApplicationTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - CatalogApplicationType
|
|
in - [CatalogApplicationType!]
|
|
neq - CatalogApplicationType
|
|
nin - [CatalogApplicationType!]
|
Example
{
"eq": "APPLICATION",
"in": ["APPLICATION"],
"neq": "APPLICATION",
"nin": ["APPLICATION"]
}
CatoActivity
Description
CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.
Example
{
"id": "4",
"parentResourceId": "4",
"resourceId": 4
}
CatoEndpoint
BetaDescription
The CatoEndpoint object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.
Fields
| Field Name | Description |
|---|---|
alerts - [CatoEndpointAlert!]!
|
Details for the threat detected by the EPP |
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
connectionType - ConnectionTypeEnum
|
enum for the connection for this incident (ie. host, user) |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
device - CatoEndpointDeviceDetails
|
Details for the EPP device (ie. device name, OS, MAC address) |
engineType - StoryEngineTypeEnum
|
enum that shows XDR engine involved with the incident |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
id - ID!
|
ID for the Endpoint Protection story |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
enum for the Producer (specific XDR engine or service) involved with the incident |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
queryName - String
|
|
research - Boolean
|
TRUE indicates that the story is currently being researched by Security Analysts |
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
Cato ID and name for the site |
siteName - String
|
Site name related to the story |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
sourceIp - String
|
Source IP address of the device in your network sending or receiving the flow |
status - StoryStatusEnum
|
Enum for the status of this story (ie. Open, Closed, Monitoring) |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
ticket - String
|
The ticket for this story |
user - UserRef
|
Cato ID and name for the site |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
Example
{
"alerts": [CatoEndpointAlert],
"analystFeedback": AnalystFeedback,
"connectionType": "Host",
"criticality": 123,
"description": "abc123",
"device": CatoEndpointDeviceDetails,
"engineType": "ANOMALY",
"firstSignal": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"queryName": "abc123",
"research": true,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "xyz789",
"sourceIp": "xyz789",
"status": "Closed",
"storyDuration": 987,
"ticket": "xyz789",
"user": UserRef,
"vendor": "CATO"
}
CatoEndpointAlert
Description
The CatoEndpointAlert object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.
Fields
| Field Name | Description |
|---|---|
activities - [CatoActivity!]!
|
Unique Cato IDs for the activities related to the alert |
createdDateTime - DateTime
|
Timestamp that the threat was detected and the alert generated |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
endpointProtectionProfile - String
|
EPP profile that is assigned to this device |
engineType - CatoEndpointEngineType
|
Enum for the EPP engine related to this story |
id - ID!
|
Unique Cato ID for the Endpoint Protection story |
mitreSubTechnique - [Mitre!]!
|
MITRE ATT&CK® sub-technique for the threat |
mitreTechnique - [Mitre!]!
|
MITRE ATT&CK® technique for the threat |
resources - [CatoResource!]!
|
Data for the remediation status of the alert |
status - RemediationStatusEnum
|
Enum for the remediation status of the EPP alert |
threatName - String
|
Name of threat detected on the device |
title - String
|
Title of the endpoint alert |
Example
{
"activities": [CatoActivity],
"createdDateTime": "2007-12-03T10:15:30Z",
"criticality": 987,
"description": "xyz789",
"endpointProtectionProfile": "abc123",
"engineType": "AntiMalware",
"id": 4,
"mitreSubTechnique": [Mitre],
"mitreTechnique": [Mitre],
"resources": [CatoResource],
"status": "BLOCKED",
"threatName": "abc123",
"title": "xyz789"
}
CatoEndpointDeviceDetails
Description
The CatoEndpointDeviceDetails object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.
Fields
| Field Name | Description |
|---|---|
deviceName - String
|
Name of the device |
id - ID!
|
Unique Cato ID for this story |
loggedOnUsers - [EndpointUser!]!
|
Data for one or more users logged in to the device |
macAddress - String
|
MAC address of the device |
osDetails - OsDetails
|
OS data (ie. type, build, version) |
Example
{
"deviceName": "abc123",
"id": "4",
"loggedOnUsers": [EndpointUser],
"macAddress": "abc123",
"osDetails": OsDetails
}
CatoEndpointEngineType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"AntiMalware"
CatoEndpointUser
Description
The CatoEndpointUser is a GraphQL object type representing a user, with fields for a unique identifier (id) and a username (name), both of which are required.
Example
{
"id": "4",
"name": "xyz789"
}
CatoFileResource
Description
The CatoFileResource is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
Timestamp that the this file resource was used |
detectionStatus - DetectionStatusEnum
|
Enum for the detection status of this file resource |
fileDetails - FileDetails
|
Details of the file related to this resource |
id - ID!
|
Unique Cato ID for this file resource |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this file resource |
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"detectionStatus": "BLOCKED",
"fileDetails": FileDetails,
"id": "4",
"remediationStatus": "BLOCKED"
}
CatoProcessResource
Description
The CatoProcessResource is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
Timestamp that the this resource was used |
id - ID!
|
Unique Cato ID for this resource |
imageFile - FileDetails
|
Details of the file related to this process |
processCommandLine - String
|
CLI command related to this process |
processId - Int!
|
ID for the process |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this resource |
userAccount - EndpointUser
|
User account related to this process |
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"id": 4,
"imageFile": FileDetails,
"processCommandLine": "xyz789",
"processId": 123,
"remediationStatus": "BLOCKED",
"userAccount": EndpointUser
}
CatoResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for this EPP resource |
createdDateTime - DateTime
|
Timestamp that the this resource was used |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this resource |
Possible Types
| CatoResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED"
}
CellularDisconnectionReason
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"REASON_NONE"
CellularInterface
Fields
| Field Name | Description |
|---|---|
apn - String
|
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch. |
apnSelectionMethod - ApnMethod
|
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI). |
disconnectionReason - CellularDisconnectionReason
|
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out). |
iccid - String
|
Unique identifier (20-digit number) for the modem. |
imei - String
|
Unique identifier (15-digit number) for a specific SIM. |
isModemConnected - Boolean!
|
Indicates if the cellular modem is currently connected to the internet. |
isModemSuspended - Boolean!
|
Indicates if the modem is currently suspended. |
isRoamingAllowed - Boolean!
|
Indicates whether roaming is enabled. |
isSimSlot1Detected - Boolean!
|
Indicates whether a SIM is detected in the first slot. |
isSimSlot2Detected - Boolean!
|
Indicates whether a SIM is detected in the second slot. |
modemStatus - CellularModemStatus
|
Represents the current status of the modem. Valid values are Error, OK, or Unknown. |
networkType - CellularNetworkType
|
2G, 3G, or 4G |
operatorName - String
|
Displays the operator or carrier name, such as Verizon. |
signalStrength - String
|
Represents the signal strength of the cellular connection, in units of calculation. |
simNumber - String
|
The phone number associated with the SIM. |
simSlotId - Int
|
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default. |
Example
{
"apn": "xyz789",
"apnSelectionMethod": "METHOD_AUTO",
"disconnectionReason": "REASON_NONE",
"iccid": "abc123",
"imei": "abc123",
"isModemConnected": false,
"isModemSuspended": false,
"isRoamingAllowed": false,
"isSimSlot1Detected": false,
"isSimSlot2Detected": false,
"modemStatus": "STATUS_ERROR",
"networkType": "TYPE_2G",
"operatorName": "abc123",
"signalStrength": "abc123",
"simNumber": "abc123",
"simSlotId": 987
}
CellularModemStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"STATUS_ERROR"
CellularNetworkType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"TYPE_2G"
CloudInterconnectConnectionConnectivity
BetaDescription
Connectivity status of a cloud interconnect connection.
Fields
| Field Name | Description |
|---|---|
success - Boolean!
|
Indicates if the connection is successful. |
Example
{"success": false}
CloudInterconnectConnectionConnectivityInput
BetaDescription
Input for checking the connectivity status of a cloud interconnect connection.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": "4"}
CloudInterconnectPhysicalConnection
BetaDescription
Details of a physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
cVlan - Vlan
|
C-VLAN applicable only for QINQ connections. |
downstreamBwLimit - NetworkBandwidth!
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod!
|
Method of encapsulation. |
haRole - HaRole!
|
High availability role of the connection. Either Primary or Secondary. |
id - ID!
|
ID of the connection. |
popLocation - PopLocationRef!
|
Identifying data for the POP location. |
privateCatoIp - IPAddress!
|
Private IP address of Cato, used for BGP routing. |
privateSiteIp - IPAddress!
|
Private IP address of the site, used for BGP routing. |
serviceProviderName - String!
|
Name of the service provider. |
site - SiteRef!
|
Identifying data for the site. |
subnet - NetworkSubnet!
|
Subnet for the connection. |
sVlan - Vlan
|
S-VLAN applicable only for QINQ connections. |
upstreamBwLimit - NetworkBandwidth!
|
Upstream bandwidth limit. |
vlan - Vlan
|
VLAN applicable only for DOT1Q connections. |
Example
{
"cVlan": Vlan,
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"haRole": "PRIMARY",
"id": "4",
"popLocation": PopLocationRef,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"serviceProviderName": "abc123",
"site": SiteRef,
"subnet": NetworkSubnet,
"sVlan": Vlan,
"upstreamBwLimit": NetworkBandwidth,
"vlan": Vlan
}
CloudInterconnectPhysicalConnectionId
BetaDescription
ID of a physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": 4}
CloudInterconnectPhysicalConnectionIdInput
BetaDescription
Input for getting the ID of a physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
haRole - HaRole!
|
High availability role of the connection. |
site - SiteRefInput!
|
Identifying data for the site. |
Example
{"haRole": "PRIMARY", "site": SiteRefInput}
CloudInterconnectPhysicalConnectionInput
BetaDescription
Input for getting details of a physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": 4}
ConnectionMode
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BIDIRECTIONAL"
ConnectionOriginEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ANY"
ConnectionTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Host"
ConnectivityStatus
Values
| Enum Value | Description |
|---|---|
|
|
Connected to the Cato Cloud |
|
|
Disconnected from the Cato Cloud |
Example
"connected"
ContactDetails
BetaContactDetailsInput
BetaContainer
BetaDescription
A group with members of a single type of entity (for example: IPAddress, FQDN)
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
description - String
|
Description for the container |
size - Int!
|
Number of items in the container |
audit - ContainerAudit!
|
Audit metadata about the container |
Possible Types
| Container Types |
|---|
Example
{
"id": 4,
"name": "abc123",
"description": "xyz789",
"size": 123,
"audit": ContainerAudit
}
ContainerAudit
BetaDescription
Audit metadata about the container
Example
{
"createdAt": "2007-12-03T10:15:30Z",
"createdBy": "abc123",
"lastModifiedAt": "2007-12-03T10:15:30Z",
"lastModifiedBy": "abc123"
}
ContainerFileType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"CSV"
ContainerRefInput
BetaDescription
Add a container by ID or name
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "abc123"}
ContainerSearchInput
BetaDescription
Filtering input to container search
Fields
| Input Field | Description |
|---|---|
refs - [ContainerRefInput!]!
|
Allows filtering container search by container ID or container name Default |
types - [ContainerType!]!
|
Allows filtering container search by specific container types Default |
Example
{"refs": [ContainerRefInput], "types": ["FQDN"]}
ContainerSearchPayload
BetaDescription
Container search result, including all containers that matched input criteria
Fields
| Field Name | Description |
|---|---|
containers - [Container!]!
|
A list of matched containers |
Example
{"containers": [Container]}
ContainerType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FQDN"
CountryRef
BetaCountryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CreateFqdnContainerFromFileInput
BetaDescription
Input for creating FQDN typed container from file
Fields
| Input Field | Description |
|---|---|
description - String!
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
name - String!
|
Name for the container |
uploadFile - Upload
|
Multipart file containing FQDNs with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "abc123",
"uploadFile": Upload
}
CreateFqdnContainerFromFilePayload
BetaDescription
Payload of CreateFromFile operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
CreateIpAddressRangeContainerFromFileInput
BetaDescription
Input for creating IPAddressRange typed container from file
Fields
| Input Field | Description |
|---|---|
description - String!
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
name - String!
|
Name for the container |
uploadFile - Upload
|
Multipart file containing IPAddressRanges with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "abc123",
"uploadFile": Upload
}
CreateIpAddressRangeContainerFromFilePayload
BetaDescription
Payload of CreateFromFile operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
CustomApplicationRef
BetaCustomApplicationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CustomCategoryRef
BetaCustomCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CustomService
BetaDescription
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol
Fields
| Field Name | Description |
|---|---|
port - [Port!]
|
|
portRange - PortRange
|
|
protocol - IpProtocol!
|
Example
{
"port": [62148],
"portRange": PortRange,
"protocol": "ANY"
}
CustomServiceInput
BetaDescription
Add a Custom Service defined by a combination of L4 ports and an IP Protocol
Fields
| Input Field | Description |
|---|---|
port - [Port!]
|
|
portRange - PortRangeInput
|
|
protocol - IpProtocol!
|
Example
{
"port": [62148],
"portRange": PortRangeInput,
"protocol": "ANY"
}
CustomServiceIp
BetaFields
| Field Name | Description |
|---|---|
ip - IPAddress
|
|
ipRange - IpAddressRange
|
|
name - String!
|
Example
{
"ip": IPAddress,
"ipRange": IpAddressRange,
"name": "xyz789"
}
CustomServiceIpInput
BetaFields
| Input Field | Description |
|---|---|
ip - IPAddress
|
|
ipRange - IpAddressRangeInput
|
|
name - String!
|
Example
{
"ip": IPAddress,
"ipRange": IpAddressRangeInput,
"name": "xyz789"
}
DataLakeLicense
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
dpaVersion - DpaVersion!
|
The version of the Data Processing Agreement (DPA) that your company signed with Cato. |
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
retentionPeriod - Int
|
Data retention period, in months, during which the account data may remain on the Cato Cloud. After this period the data will be permanently deleted. |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Total number of the Data Storage Units under this license. Each Data Storage Unit increases the allowed ingestion rate (events per hour and total events storage) |
Example
{
"description": "abc123",
"dpaVersion": "DPA_2019_01",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"retentionPeriod": 987,
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
Date
BetaDescription
2006-01-02
Example
"2007-12-03"
DateTime
Description
2006-01-02T15:04:05Z07:00 (RFC3339)
Example
"2007-12-03T10:15:30Z"
DateTimeFilterInput
BetaFields
| Input Field | Description |
|---|---|
between - [DateTime!]
|
|
eq - DateTime
|
|
gt - DateTime
|
|
gte - DateTime
|
|
in - [DateTime!]
|
|
lt - DateTime
|
|
lte - DateTime
|
|
neq - DateTime
|
|
nin - [DateTime!]
|
Example
{
"between": ["2007-12-03T10:15:30Z"],
"eq": "2007-12-03T10:15:30Z",
"gt": "2007-12-03T10:15:30Z",
"gte": "2007-12-03T10:15:30Z",
"in": ["2007-12-03T10:15:30Z"],
"lt": "2007-12-03T10:15:30Z",
"lte": "2007-12-03T10:15:30Z",
"neq": "2007-12-03T10:15:30Z",
"nin": ["2007-12-03T10:15:30Z"]
}
DateValue
Fields
| Field Name | Description |
|---|---|
date - DateTime
|
Example
{"date": "2007-12-03T10:15:30Z"}
DayOfWeek
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"FRIDAY"
DeleteContainerInput
BetaDescription
Identification of container for delete operation
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
DeleteContainerPayload
BetaFields
| Field Name | Description |
|---|---|
container - Container!
|
The data of the container before it was deleted |
Example
{"container": Container}
Description
Delete report input
Fields
| Input Field | Description |
|---|---|
fileHash - String!
|
File hash (SHA-256) to be deleted |
Example
{"fileHash": "abc123"}
Description
Delete report response
Fields
| Field Name | Description |
|---|---|
fileHash - String!
|
File hash (SHA-256) |
Example
{"fileHash": "xyz789"}
DeleteStoryCommentInput
BetaDeleteStoryCommentPayload
BetaFields
| Field Name | Description |
|---|---|
comment - StoryComment!
|
Delete an existing comment from an XDR story |
Example
{"comment": StoryComment}
DemLicense
BetaDescription
DEM service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
DestinationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FQDN"
DetectionSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANTIVIRUS"
DetectionStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"BLOCKED"
DeviceAttributes
BetaFields
| Field Name | Description |
|---|---|
category - [String!]!
|
The category of the firewall device. |
manufacturer - [String!]!
|
The manufacturer of the firewall device. |
model - [String!]!
|
The model of the firewall device. |
os - [String!]!
|
The operating system of the firewall device. |
osVersion - [String!]!
|
The version of the operating system of the firewall device. |
type - [String!]!
|
The type of the firewall device. |
Example
{
"category": ["abc123"],
"manufacturer": ["abc123"],
"model": ["abc123"],
"os": ["abc123"],
"osVersion": ["xyz789"],
"type": ["abc123"]
}
DeviceAttributesInput
BetaFields
| Input Field | Description |
|---|---|
category - [String!]!
|
The category of the firewall device. Default |
manufacturer - [String!]!
|
The manufacturer of the firewall device. Default |
model - [String!]!
|
The model of the firewall device. Default |
os - [String!]!
|
The operating system of the firewall device. Default |
osVersion - [String!]!
|
The version of the operating system of the firewall device. Default |
type - [String!]!
|
The type of the firewall device. Default |
Example
{
"category": ["abc123"],
"manufacturer": ["abc123"],
"model": ["xyz789"],
"os": ["abc123"],
"osVersion": ["xyz789"],
"type": ["abc123"]
}
DeviceAttributesUpdateInput
BetaFields
| Input Field | Description |
|---|---|
category - [String!]
|
The category of the firewall device. |
manufacturer - [String!]
|
The manufacturer of the firewall device. |
model - [String!]
|
The model of the firewall device. |
os - [String!]
|
The operating system of the firewall device. |
osVersion - [String!]
|
The version of the operating system of the firewall device. |
type - [String!]
|
The type of the firewall device. |
Example
{
"category": ["abc123"],
"manufacturer": ["abc123"],
"model": ["abc123"],
"os": ["abc123"],
"osVersion": ["abc123"],
"type": ["xyz789"]
}
DeviceAvStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"DISABLED"
DeviceConfigHaRoleEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIMARY"
DeviceDetails
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
deviceName - String
|
|
osDetails - OsDetails
|
|
loggedOnUsers - [EndpointUser!]!
|
Possible Types
| DeviceDetails Types |
|---|
Example
{
"id": "4",
"deviceName": "abc123",
"osDetails": OsDetails,
"loggedOnUsers": [EndpointUser]
}
DeviceHaRoleStateEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BACKUP"
DeviceHealthStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
DeviceProfileRef
BetaDeviceProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
DeviceSnapshot
Fields
| Field Name | Description |
|---|---|
connected - Boolean
|
A boolean value that indicates if the site is connected to the Cato Cloud |
connectedSince - DateTime
|
For connected devices (this somewhat overlaps to last duration) |
deviceUptime - Int
|
Indicates the Socket uptime |
haRole - String
|
Shows if this is the primary or secondary Socket in high availability mode |
id - ID
|
Unique internal Cato ID for the Socket |
identifier - String
|
Unique identifier for the device |
interfaces - [InterfaceSnapshot!]
|
Snapshot data for outbound facing interfaces |
interfacesLinkState - [InterfaceLinkState!]
|
Information of the link state of various interfaces in the devices. Unlike the interfacess field, it contains all links of the device, not just the outbound facing ones |
internalIP - String
|
Device's internal IP in the account's routing table |
lastConnected - DateTime
|
The last time the device was seen |
lastDuration - Int
|
The uptime of the last tunnel from this device (or current), in seconds |
lastPopID - Int
|
The ID of the PoP that the Socket is connected to |
lastPopName - String
|
The PoP name that the Socket is connected to |
mfaCreationTime - Int
|
The time the mfa cookie (for sdp users) was created |
mfaExpirationTime - Int
|
Shows the amount of time remaining before the MFA token expires |
name - String
|
Name of the device |
osType - String
|
Operating system of the Device. |
osVersion - String
|
Version of the Socket operating system |
recentConnections - [RecentConnection!]
|
Data related to the most recent completed traffic flows |
releaseGroup - String
|
Shows the release group for the site |
socketInfo - SocketInfo
|
Shows data related to the Socket, such as version and serial number |
type - String
|
Shows the Socket model or vSocket type |
version - String
|
Device version |
versionNumber - Int
|
Device major version |
Example
{
"connected": true,
"connectedSince": "2007-12-03T10:15:30Z",
"deviceUptime": 123,
"haRole": "xyz789",
"id": "4",
"identifier": "abc123",
"interfaces": [InterfaceSnapshot],
"interfacesLinkState": [InterfaceLinkState],
"internalIP": "abc123",
"lastConnected": "2007-12-03T10:15:30Z",
"lastDuration": 987,
"lastPopID": 987,
"lastPopName": "abc123",
"mfaCreationTime": 987,
"mfaExpirationTime": 987,
"name": "abc123",
"osType": "xyz789",
"osVersion": "abc123",
"recentConnections": [RecentConnection],
"releaseGroup": "abc123",
"socketInfo": SocketInfo,
"type": "abc123",
"version": "abc123",
"versionNumber": 987
}
DhcpType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACCOUNT_DEFAULT"
Dimension
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
Example
{"fieldName": "ad_name"}
DimensionData
DimensionKey
DirectionEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
DirectionInput
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
DlpLicense
BetaDescription
Data Loss Prevention (DLP) Service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Domain
BetaDescription
Top level domain is actually second level domain (e.g. example.com) It is recommended to use as a broad way of distinguishing domains, because they frequently use multiple hosts.
Example
Domain
DownloadFqdnContainerFileInput
BetaDescription
Input for searching FQDN typed container to download its content
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
DownloadFqdnContainerFilePayload
BetaDownloadIpAddressRangeContainerFileInput
BetaDescription
Input for searching IPAddressRange typed container to download its content
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
DownloadIpAddressRangeContainerFilePayload
BetaDpaVersion
Description
The DPA agreement, based on your contract with Cato
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"DPA_2019_01"
DynamicIpAllocationAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
|
description - String!
|
|
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
|
range - DynamicIpAllocationRangeInput!
|
|
source - DynamicIpAllocationSourceInput!
|
Example
{
"country": [CountryRefInput],
"description": "xyz789",
"enabled": false,
"name": "abc123",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRangeInput,
"source": DynamicIpAllocationSourceInput
}
DynamicIpAllocationAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - DynamicIpAllocationAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": DynamicIpAllocationAddRuleDataInput
}
DynamicIpAllocationPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [DynamicIpAllocationRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [DynamicIpAllocationRulePayload],
"sections": [PolicySectionPayload]
}
DynamicIpAllocationPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
DynamicIpAllocationPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
DynamicIpAllocationPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - DynamicIpAllocationPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": DynamicIpAllocationPolicy,
"status": "FAILURE"
}
DynamicIpAllocationPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
DynamicIpAllocationRange
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - GlobalIpRangeRef!
|
Example
{"globalIpRange": GlobalIpRangeRef}
DynamicIpAllocationRangeInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput!
|
Example
{"globalIpRange": GlobalIpRangeRefInput}
DynamicIpAllocationRangeUpdateInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput
|
Example
{"globalIpRange": GlobalIpRangeRefInput}
DynamicIpAllocationRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
DynamicIpAllocationRule
BetaFields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
|
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
|
range - DynamicIpAllocationRange!
|
|
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - DynamicIpAllocationSource!
|
Example
{
"country": [CountryRef],
"description": "xyz789",
"enabled": false,
"id": 4,
"index": 987,
"name": "abc123",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRange,
"section": PolicySectionInfo,
"source": DynamicIpAllocationSource
}
DynamicIpAllocationRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - DynamicIpAllocationRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": DynamicIpAllocationRulePayload,
"status": "FAILURE"
}
DynamicIpAllocationRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - DynamicIpAllocationRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": DynamicIpAllocationRule
}
DynamicIpAllocationSource
BetaFields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
|
usersGroup - [UsersGroupRef!]!
|
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
DynamicIpAllocationSourceInput
BetaFields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
|
usersGroup - [UsersGroupRefInput!]!
|
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
DynamicIpAllocationSourceUpdateInput
BetaFields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
|
usersGroup - [UsersGroupRefInput!]
|
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
DynamicIpAllocationUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
|
description - String
|
|
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
|
range - DynamicIpAllocationRangeUpdateInput
|
|
source - DynamicIpAllocationSourceUpdateInput
|
Example
{
"country": [CountryRefInput],
"description": "abc123",
"enabled": true,
"name": "abc123",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRangeUpdateInput,
"source": DynamicIpAllocationSourceUpdateInput
}
DynamicIpAllocationUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - DynamicIpAllocationUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": DynamicIpAllocationUpdateRuleDataInput
}
ElasticOperator
Description
Search operators on ElasticSearch. Between operators are applicable only to numeric fields Note that not operators are slower
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"between"
Description
Email address. E.g.: user@company.org
Example
Email
EmployeeRange
BetaValues
| Enum Value | Description |
|---|---|
|
|
1-10 employees |
|
|
11-50 employees |
|
|
51-100 employees |
|
|
101-250 employees |
|
|
251-500 employees |
|
|
501-1,000 employees |
|
|
1,001-5,000 employees |
|
|
5,001-10,000 employees |
|
|
10,000+ employees |
Example
"BETWEEN_00001_00010"
Endpoint
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for the story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
producer - StoryProducerEnum!
|
Enum for the Producer (specific XDR engine and service) involved with the incident |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
connectionType - ConnectionTypeEnum
|
Enum for the connection for this incident (ie. site, host, user) |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
queryName - String
|
Category for the indication ID related to the story |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
|
storyDuration - Int
|
|
description - String
|
|
sourceIp - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
device - DeviceDetails
|
|
alerts - [EndpointAlert!]!
|
Possible Types
| Endpoint Types |
|---|
Example
{
"id": "4",
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerName": "abc123",
"connectionType": "Host",
"indication": "abc123",
"queryName": "abc123",
"source": "xyz789",
"criticality": 123,
"ticket": "xyz789",
"status": "Closed",
"research": false,
"siteName": "abc123",
"storyDuration": 123,
"description": "xyz789",
"sourceIp": "abc123",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "xyz789",
"device": DeviceDetails,
"alerts": [EndpointAlert]
}
EndpointAlert
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String
|
|
description - String
|
|
threatName - String
|
|
mitreTechnique - [Mitre!]!
|
|
mitreSubTechnique - [Mitre!]!
|
|
createdDateTime - DateTime
|
|
resources - [EndpointResource!]!
|
|
activities - [Activity!]!
|
|
criticality - Int
|
Possible Types
| EndpointAlert Types |
|---|
Example
{
"id": "4",
"title": "xyz789",
"description": "abc123",
"threatName": "xyz789",
"mitreTechnique": [Mitre],
"mitreSubTechnique": [Mitre],
"createdDateTime": "2007-12-03T10:15:30Z",
"resources": [EndpointResource],
"activities": [Activity],
"criticality": 123
}
EndpointProtectionLicense
BetaDescription
End Point Protection (EPP) license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The maximum number of users that can use this service |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
EndpointResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
Possible Types
| EndpointResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED"
}
EndpointUser
Possible Types
| EndpointUser Types |
|---|
Example
{
"id": "4",
"name": "xyz789"
}
EngineTypePredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryEngineTypeEnum!]
|
|
not_in - [StoryEngineTypeEnum!]
|
Example
{"in": ["ANOMALY"], "not_in": ["ANOMALY"]}
Entity
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String
|
|
type - EntityType!
|
Example
{
"id": "4",
"name": "abc123",
"type": "account"
}
EntityInfo
EntityInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
name - String
|
|
type - EntityType!
|
Example
{
"id": 4,
"name": "abc123",
"type": "account"
}
EntityLookupResult
Fields
| Field Name | Description |
|---|---|
items - [EntityInfo!]!
|
|
total - Int
|
Example
{"items": [EntityInfo], "total": 123}
EntityType
Values
| Enum Value | Description |
|---|---|
|
|
A reference to a configured Account under reseller |
|
|
An account administrator (user in Cato Console) |
|
|
An external IP address in a specific PoP reserved for the account |
|
|
Any entity (matches everything) |
|
|
Pooled licenses available for use |
|
|
Site licenses available for use |
|
|
A settlement with over 1K population |
|
|
Geographical and political entity recognized internationally |
|
|
Represents a state or territory within a country. It is a sub-division of the country |
|
|
A reference to DHCP Relay Group within account |
|
|
|
|
|
A reference to the configured Host within Site |
|
|
A reference to LAN Firewall Rule within Site |
|
|
A reference to Local Routing Rule within Site |
|
|
|
|
|
|
|
|
A reference to the configured Network Interface within Site |
|
|
Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number |
|
|
l4 services for LAN firewall rules |
|
|
A reference to a configured Site within Account |
|
|
union of the globalRange and a Subnet |
|
|
Time zone, which is a geographical region where clocks are set to the same time |
|
|
A reference to the configured VPN User within Account |
|
|
Example
"account"
Event
Example
{
"action": "xyz789",
"appId": "abc123",
"appName": "xyz789",
"dnsProtectionCategory": "xyz789",
"eventType": "xyz789",
"ruleId": "abc123",
"scanResult": "BYPASS_BY_CONTENT_RULE",
"severity": "abc123",
"signatureId": "xyz789",
"threatName": "abc123",
"threatType": "abc123",
"virusName": "abc123"
}
EventFeedFieldFilterInput
Fields
| Input Field | Description |
|---|---|
fieldName - EventFeedFilterFieldName!
|
|
operator - EventFeedFilterOperator!
|
Use event_type and event_sub_type for events |
values - [String!]
|
Example
{
"fieldName": "event_sub_type",
"operator": "in",
"values": ["xyz789"]
}
EventFeedFilterFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Sub-type for Routing, Security, Connectivity, System or Sockets Management event |
|
|
Routing, Security, Connectivity, System or Sockets Management event |
Example
"event_sub_type"
EventFeedFilterOperator
Description
Search operators on Event Feed
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"in"
EventField
Fields
| Field Name | Description |
|---|---|
name - EventFieldName!
|
|
value - Value!
|
Example
{"name": "access_method", "value": StringValue}
EventFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Identifies system access software or device |
|
|
Account ID |
|
|
Firewall, QoS or LAG action |
|
|
A list of actions taken, if more than one action was taken as defined by a policy |
|
|
Active Directory name |
|
|
A unique identifier of the alert notification |
|
|
Always-on Configuration |
|
|
Analyst Verdict |
|
|
The name of the API, e.g. eventsFeed |
|
|
Specifies whether the API is a query (read) or a mutation (create/update/delete) |
|
|
Name of application activity |
|
|
SaaS user activities into categories. |
|
|
Activity type |
|
|
Related Apps |
|
|
For Internet firewall, app for this event use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Application ID of the flow |
|
|
The name of the application associated with the flow |
|
|
Application risk score |
|
|
Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN |
|
|
Examples: MFA or password |
|
|
BGP ASN for Cato peer |
|
|
BGP IP for Cato peer |
|
|
BGP disconnect error code |
|
|
BGP ASN for remote peer |
|
|
BGP IP for remote peer |
|
|
CIDR for BGP route |
|
|
BGP disconnect error message |
|
|
Always-On Bypass Duration In Seconds |
|
|
Always-On Bypass Method |
|
|
Always-On Bypass Reason |
|
|
Cato system category |
|
|
Cato application name |
|
|
Activity classification, e.g. FALSE_POSITIVE |
|
|
Expiration date for Client certificate |
|
|
Name of Client certificate |
|
|
Type of process generating this traffic |
|
|
Socket or SDP Client version |
|
|
Shows the display name of the target user involved in an activity |
|
|
For SaaS Security API, email addresses of the users that received the file |
|
|
Confidence Level |
|
|
For hosts configured with a static IP in the Cato Management Application, the host name |
|
|
The algorithm that is used (CUBIC /NewReno / BBR) |
|
|
Connect on boot Enabled/Disabled |
|
|
Connection Origin |
|
|
For SaaS Security API, name of the connector |
|
|
For SaaS Security API, status of the connector |
|
|
For SaaS Security API, SaaS app for the connector |
|
|
IoC Container Name |
|
|
An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories. |
|
|
Criticality |
|
|
Unique Cato ID for the custom category use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Name for the custom category defined in the Cato Management Application use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Custom category ID |
|
|
Custom category name |
|
|
For Internet traffic, country where the destination host is located |
|
|
For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2) |
|
|
The unique identifier by the SaaS vendor for the target group in an activity. |
|
|
Identifies the target group involved in an activity |
|
|
Destination IP address |
|
|
For WAN traffic, destination is site or SDP user |
|
|
The destination process ID |
|
|
Destination port |
|
|
Destination process command line |
|
|
Destination process parent file path |
|
|
Destination process parent process ID |
|
|
Destination process file path |
|
|
For WAN traffic, name of destination site or SDP user use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Unique internal Cato ID for the destination site or remote user |
|
|
The name of the destination site |
|
|
Short description of the detection |
|
|
Triggered when malware has been detected EPP Behavioral engines and has been dealt with: • on_detection: the event is triggered upon malware detection; • on_end_disinfect: the event is triggered upon detection and followed disinfection; • on_inject: the event is triggered upon code injection. |
|
|
Device Categories |
|
|
Device Certificate Validated/Not Validated |
|
|
Unique Cato ID for devices |
|
|
Device Manufacturer |
|
|
Device Model |
|
|
Name for device related to the event |
|
|
Device OS Type |
|
|
Device posture profiles |
|
|
Device posture profiles use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Device Type |
|
|
Host name of Domain Controller that created LDAP event |
|
|
IP address of Domain Controller that created LDAP event |
|
|
Result of LDAP Domain Controller sync event |
|
|
Type of LDAP Domain Controller sync event |
|
|
If policy is set to disinfect, return the result of this action |
|
|
Describes the behavior when the DLP system encounters a failure |
|
|
DLP profiles related to the event |
|
|
Defines the scanning methods used by the DLP system |
|
|
Cato’s DNS Protection type that matched the DNS request |
|
|
Domain queried in the DNS request |
|
|
Domain name based on the SSL SNI, HTTP host name, or DNS name |
|
|
Egress PoP Name |
|
|
Egress Site Name for backhauling traffic |
|
|
Email Subject |
|
|
The ID for the endpoint |
|
|
The Endpoint Protection Engine that detected the malware |
|
|
The profile assigned to the endpoint upon detection of the malware |
|
|
Count for events that are repeated multiple times during one minute |
|
|
Event Id |
|
|
Cato's description of the event |
|
|
Sub-type for Routing, Security, Connectivity, System or Sockets Management event |
|
|
Routing, Security, Connectivity, System or Sockets Management event |
|
|
Provides details about why a specific action or process failed |
|
|
File hash |
|
|
File name |
|
|
The file operation when this event occurred |
|
|
File size |
|
|
File type |
|
|
The final status for this object after performing actions as defined by the policy |
|
|
Amount of flows for a given incident |
|
|
Full path URL application activity |
|
|
An identifier for a guest user using Cato through a Captive Portal |
|
|
IP address of host related to event |
|
|
MAC address of host related to event |
|
|
HTTP request method (ie. Get, Post) |
|
|
For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false) |
|
|
Unique Cato ID that identifies this security incident |
|
|
Indication |
|
|
Indicator |
|
|
The initial status of the object, before any policy was applied |
|
|
Cato Internal-use only use event_id instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Network protocol for this event |
|
|
Classifies users based on their permissions. |
|
|
Indicates whether an activity requires administrative permissions. |
|
|
Is Compliant |
|
|
Is Managed |
|
|
Is the app for this event defined as a sanctioned app? (True/False) |
|
|
If the events was part of the sinkhole flow |
|
|
The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically) |
|
|
Name defined for the public API Key in the Cato Management Application |
|
|
A list of labels providing additional context for the event |
|
|
Data that measures the congestion for a specific link |
|
|
Data that measures the jitter for a specific link |
|
|
Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP |
|
|
Data that measures the packet loss for a specific link |
|
|
Link type – Cato, Alt. WAN or LAG |
|
|
The user logged into this endpoint during this event |
|
|
Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic) |
|
|
Matched DLP data types related to the event |
|
|
Mitre attack subtechniques |
|
|
Mitre attack tactics |
|
|
Mitre attack techniques |
|
|
Network Access |
|
|
Matched network rule |
|
|
For SaaS Security API, API Error of Apps Security Notification |
|
|
For SaaS Security API, description of Apps Security Notification |
|
|
Unique identifier by the 3rd party App of the object being referenced |
|
|
The name of the object for this event (for example: file name) |
|
|
Specifies the type of object being acted upon (e.g., file, folder) |
|
|
Office mode Enabled/Disabled |
|
|
Host OS or tunnel device |
|
|
OS version for the device (such as 14.3.0) |
|
|
Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App) |
|
|
For SaaS Security API, email address of the file owner |
|
|
Pac File Enabled/Disabled |
|
|
For SaaS Security API, parent Microsoft 365 connector |
|
|
Name of PoP location |
|
|
Precedence |
|
|
Indicate how many processes are part of this event |
|
|
Producer |
|
|
Prompt Page Selected Action |
|
|
Public source IP |
|
|
QoS Priority value |
|
|
For QoS, the time that this QoS event started. The event is generated when the QoS event finishes |
|
|
Specifies the path to a quarantine folder for isolated files |
|
|
A Unique ID for the quarantined file |
|
|
Raw Data |
|
|
Textual recommendation of the steps to take |
|
|
The URL that links directly to the object involved in the activity |
|
|
Registration code used the first time that a SDP user authenticates (the code is partially obfuscated) |
|
|
(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low – ie. adware Medium – ie. network scans High – ie. spyware or worms |
|
|
Name of security rule related to the event use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Unique Cato ID for the security rule related to the event |
|
|
Rule name |
|
|
Severity defined for the rule |
|
|
Sharing Options for the file (such as SharePoint) |
|
|
Sign In Types |
|
|
For IPS and SAM, ID of the IPS signature |
|
|
Name for Socket interface |
|
|
Socket interface ID |
|
|
For Socket upgrades, new version number |
|
|
For Socket upgrade, previous version number |
|
|
Type of Socket reset (Hardware/Software) |
|
|
For Socket HA events, indicates if the Socket is primary or secondary |
|
|
Socket version number |
|
|
Split Tunnel Configuration |
|
|
Country in which the source host is located (detected via public IP address) |
|
|
Country Code of country in which the source host is located (detected via public IP address) |
|
|
IP for host or Cato Client |
|
|
Source type: site or remote user |
|
|
IP address provided by ISP to site or Client |
|
|
Source or destination site or remote user ID. This field can only be used in filter. please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025. |
|
|
Source process ID |
|
|
Internal port number |
|
|
Source process command line |
|
|
Source process parent file path |
|
|
Source process parent process ID |
|
|
Source process file path |
|
|
Name of site or user initiating the connection use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Unique internal Cato ID for the site or remote user |
|
|
Source site or remote user |
|
|
Static host |
|
|
The story status. Possible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring |
|
|
Story Id |
|
|
Name of subnet as defined in Cato Management Application |
|
|
Number of targets (servers) associated with this event |
|
|
Shows if traffic was TCP accelerated or not |
|
|
Unique identifier for the tenant within a multi-tenant environment |
|
|
Tenant Name |
|
|
Tenant Restriction Rule Name |
|
|
Contains the detection risk level. Could be one of the following: • Info - this is information-only event, the activity is not malicious; • Suspicious - the event is suspicious. It may be malicious, but there is not enough information • Malware - the event is malicious activity |
|
|
For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked |
|
|
Link to external malware reference |
|
|
The higher the score, the more dangerous the event. In range between 1 - 100 inclusive |
|
|
Type of malware event |
|
|
Result of malware event (clean indicates a safe file) |
|
|
Time stamp of the event (Linux epoch format) |
|
|
Time stamp of the event (Human-readable format) |
|
|
A short summary of the activity |
|
|
TLS Certificate Error |
|
|
TLS Error Description |
|
|
TLS Error Type |
|
|
Shows if traffic was TLS inspected or not |
|
|
TLS Inspection rule name |
|
|
TLS Version |
|
|
Direction of network traffic for this event, values are inbound or outbound |
|
|
Translated Client IP |
|
|
Translated Server IP |
|
|
Trigger |
|
|
Trust Type |
|
|
Trusted networks Enabled/Disabled |
|
|
Tunnel Protocol TCP/UDP |
|
|
Protocol for the tunnel |
|
|
Socket upgrade end time (Linux epoch format): |
|
|
Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin) |
|
|
Socket upgrade start time (Linux epoch format) |
|
|
URL associated with the event |
|
|
User Agent |
|
|
Method used to get identity with User Awareness (such as Identity Agent) |
|
|
User ID |
|
|
User that generated the event |
|
|
For Block/Prompt page, reference ID to report incorrect category |
|
|
User risk level category |
|
|
The vendor that identified the incident, such as Cato or Microsoft |
|
|
Shows the id of the target user involved in an activity |
|
|
Vendor Device Id |
|
|
Vendor Device Name |
|
|
Vendor Event Id |
|
|
Identifies the user in the vendor’s system |
|
|
Unique Cato Visible ID for devices |
|
|
Lan access Allowed / Blocked |
|
|
User’s email address |
|
|
For LDAP sync events, name of the AD domain |
|
|
XFF HTTP header indicates the original IP address for the connections |
Example
"access_method"
EventRecord
Example
{
"fieldsMap": Map,
"flatFields": ["xyz789"],
"time": "2007-12-03T10:15:30Z"
}
Events
EventsDimension
Fields
| Input Field | Description |
|---|---|
fieldName - EventFieldName!
|
Example
{"fieldName": "access_method"}
EventsFeedAccountRecords
Fields
| Field Name | Description |
|---|---|
errorString - String
|
|
id - ID
|
|
records - [EventRecord!]
|
|
Arguments
|
|
Example
{
"errorString": "xyz789",
"id": "4",
"records": [EventRecord]
}
EventsFeedData
Fields
| Field Name | Description |
|---|---|
accounts - [EventsFeedAccountRecords]
|
|
fetchedCount - Int!
|
|
marker - String
|
Example
{
"accounts": [EventsFeedAccountRecords],
"fetchedCount": 987,
"marker": "xyz789"
}
EventsFilter
Fields
| Input Field | Description |
|---|---|
fieldName - EventFieldName!
|
|
operator - FilterOperator!
|
|
values - [String!]!
|
Example
{
"fieldName": "access_method",
"operator": "between",
"values": ["xyz789"]
}
EventsMeasure
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
fieldName - EventFieldName!
|
|
trend - Boolean
|
Example
{"aggType": "any", "fieldName": "access_method", "trend": true}
EventsRecord
Fields
| Field Name | Description |
|---|---|
fields - [EventField!]
|
|
fieldsMap - Map
|
fields in map format (see Map scalar) |
fieldsUnitTypes - [UnitType!]
|
|
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
prevTimeFrame - Map
|
|
trends - Map
|
Example
{
"fields": [EventField],
"fieldsMap": Map,
"fieldsUnitTypes": ["bits"],
"flatFields": ["abc123"],
"prevTimeFrame": Map,
"trends": Map
}
EventsSort
Fields
| Input Field | Description |
|---|---|
fieldName - EventFieldName!
|
|
order - DirectionEnum!
|
Example
{"fieldName": "access_method", "order": "asc"}
EventsTimeSeries
Extra
FieldNameInput
Description
FieldName for the different types of FieldName inputs Use the EventFieldName for events, and AuditFieldName for audit
Fields
| Input Field | Description |
|---|---|
AuditFieldName - AuditFieldName
|
|
EventFieldName - EventFieldName
|
Example
{"AuditFieldName": "account", "EventFieldName": "access_method"}
FileDetails
Example
{
"issuer": "abc123",
"md5": "xyz789",
"name": "abc123",
"path": "xyz789",
"publisher": "abc123",
"sha1": "xyz789",
"sha256": "xyz789",
"signer": "xyz789",
"size": 123
}
FileResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
fileDetails - FileDetails
|
|
detectionStatus - DetectionStatusEnum
|
Possible Types
| FileResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"fileDetails": FileDetails,
"detectionStatus": "BLOCKED"
}
FilterOperator
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"between"
Float
Description
The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
Example
987.65
FloatingSubnetRef
BetaDescription
Returns data for the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP.
Example
{
"id": "4",
"name": "abc123"
}
FloatingSubnetRefInput
BetaDescription
Defines the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP.
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "abc123"}
Fqdn
BetaDescription
Fully Qualified Domain Name: An exact host name (e.g. www.example.com)
Example
Fqdn
FqdnContainer
BetaDescription
A group with members of FQDN type
Fields
| Field Name | Description |
|---|---|
audit - ContainerAudit!
|
Audit metadata about the container |
description - String
|
Description for the container |
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
size - Int!
|
Number of items in the container |
Example
{
"audit": ContainerAudit,
"description": "abc123",
"id": 4,
"name": "xyz789",
"size": 987
}
FqdnContainerAddValuesInput
BetaDescription
Input for adding values to existing FQDN typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [Fqdn!]!
|
Example
{
"ref": ContainerRefInput,
"values": [Fqdn]
}
FqdnContainerAddValuesPayload
BetaDescription
Payload of AddValues operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
FqdnContainerRef
BetaFqdnContainerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "xyz789"}
FqdnContainerRemoveValuesInput
BetaDescription
Input for removing values from existing FQDN typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [Fqdn!]!
|
Example
{
"ref": ContainerRefInput,
"values": [Fqdn]
}
FqdnContainerRemoveValuesPayload
BetaDescription
Payload of RemoveValues operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
FqdnContainerSearchFqdnInput
BetaDescription
Input for searching FQDN typed containers that contain a specific FQDN
Fields
| Input Field | Description |
|---|---|
fqdn - Fqdn!
|
Example
{"fqdn": Fqdn}
FqdnContainerSearchFqdnPayload
BetaDescription
Payload of FQDN search query
Fields
| Field Name | Description |
|---|---|
containers - [FqdnContainer!]!
|
List of containers with members of type FQDN |
Example
{"containers": [FqdnContainer]}
FqdnContainerSearchInput
BetaDescription
Input for searching FQDN typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
FqdnContainerSearchPayload
BetaDescription
Payload of FQDN container search
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
FreeTextFilterInput
BetaFields
| Input Field | Description |
|---|---|
search - String!
|
Example
{"search": "xyz789"}
Gaussian
GetAdminPayload
Fields
| Field Name | Description |
|---|---|
creationDate - String!
|
|
email - String!
|
|
firstName - String!
|
|
id - ID!
|
|
lastName - String!
|
|
managedRoles - [AdminRole!]
|
|
mfaEnabled - Boolean!
|
|
passwordNeverExpires - Boolean!
|
|
resellerRoles - [AdminRole!]
|
Example
{
"creationDate": "abc123",
"email": "xyz789",
"firstName": "abc123",
"id": 4,
"lastName": "xyz789",
"managedRoles": [AdminRole],
"mfaEnabled": false,
"passwordNeverExpires": false,
"resellerRoles": [AdminRole]
}
GlobalIpRangeRef
BetaGlobalIpRangeRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
GlobalLicenseAllocations
BetaDescription
License usage and allocation across all accounts
Fields
| Field Name | Description |
|---|---|
publicIps - PublicIpsLicenseAllocations
|
Public IP addresses usage across the accounts |
ztnaUsers - ZtnaUsersLicenseAllocations
|
ZTNA license allocation across the accounts |
Example
{
"publicIps": PublicIpsLicenseAllocations,
"ztnaUsers": ZtnaUsersLicenseAllocations
}
GroupRef
BetaGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
HaReadiness
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"not_ready"
HaRole
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIMARY"
HaStatus
Description
Basic Site Ha readiness information
Fields
| Field Name | Description |
|---|---|
keepalive - HaSubStatus
|
|
readiness - HaReadiness
|
|
socketVersion - HaSubStatus
|
|
wanConnectivity - HaSubStatus
|
Example
{
"keepalive": "fail",
"readiness": "not_ready",
"socketVersion": "fail",
"wanConnectivity": "fail"
}
HaSubStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"fail"
Hardware
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef
|
Cma account |
id - ID!
|
Id |
lastModified - DateTime
|
Last modified |
licenseId - ID
|
Crm License Id |
licenseStartDate - Date
|
License start date |
macAddress - String
|
Product Mac address |
model - String
|
Product model |
poNumber - String
|
Product order number |
productType - String
|
Product type |
quoteId - String
|
Quote ID where the product was purchased |
serialNumber - String
|
Serial number |
shippingDetail - ShippingDetails
|
Shipping details |
shippingTracking - ShippingTracking
|
Shipping tracking data |
siteCountryName - String
|
The site’s country |
validation - HardwareValidation
|
Validation details |
Example
{
"account": AccountRef,
"id": 4,
"lastModified": "2007-12-03T10:15:30Z",
"licenseId": 4,
"licenseStartDate": "2007-12-03",
"macAddress": "xyz789",
"model": "abc123",
"poNumber": "abc123",
"productType": "abc123",
"quoteId": "xyz789",
"serialNumber": "xyz789",
"shippingDetail": ShippingDetails,
"shippingTracking": ShippingTracking,
"siteCountryName": "xyz789",
"validation": HardwareValidation
}
HardwareFilterInput
BetaFields
| Input Field | Description |
|---|---|
account - [AccountFilter!]
|
|
countryName - [StringFilterInput!]
|
|
freeText - FreeTextFilterInput
|
Will run contains operation for the provided text on the following fields productType, sfId, quoteId, model, zipCode, country, city, state, street, companyName, contactName, trackingUrl, trackingNumber and comment with OR between them |
id - [IdFilterInput!]
|
|
licenseStartDate - [DateTimeFilterInput!]
|
|
product - [StringFilterInput!]
|
|
serialNumber - [StringFilterInput!]
|
|
shippingStatus - [ShippingStatusFilterInput!]
|
|
validAddress - BooleanFilterInput
|
Example
{
"account": [AccountFilter],
"countryName": [StringFilterInput],
"freeText": FreeTextFilterInput,
"id": [IdFilterInput],
"licenseStartDate": [DateTimeFilterInput],
"product": [StringFilterInput],
"serialNumber": [StringFilterInput],
"shippingStatus": [ShippingStatusFilterInput],
"validAddress": BooleanFilterInput
}
HardwarePayload
BetaFields
| Field Name | Description |
|---|---|
items - [Hardware!]!
|
The results |
pageInfo - PageInfo
|
Pagination details |
Example
{
"items": [Hardware],
"pageInfo": PageInfo
}
HardwareSearchInput
BetaFields
| Input Field | Description |
|---|---|
filter - HardwareFilterInput
|
|
paging - PagingInput
|
|
sort - HardwareSortInput
|
Example
{
"filter": HardwareFilterInput,
"paging": PagingInput,
"sort": HardwareSortInput
}
HardwareShippingDetailsInput
BetaFields
| Input Field | Description |
|---|---|
details - ShippingDetailsInput!
|
The shipping details |
powerCable - String
|
Power cable type (for sockets only) |
Example
{
"details": ShippingDetailsInput,
"powerCable": "abc123"
}
HardwareSortInput
BetaFields
| Input Field | Description |
|---|---|
accountName - SortOrderInput
|
|
country - SortOrderInput
|
|
incoterms - SortOrderInput
|
|
licenseId - SortOrderInput
|
|
licenseStartDate - SortOrderInput
|
Default sort field |
productType - SortOrderInput
|
|
quoteId - SortOrderInput
|
|
shippingDate - SortOrderInput
|
|
shippingStatus - SortOrderInput
|
|
siteName - SortOrderInput
|
Example
{
"accountName": SortOrderInput,
"country": SortOrderInput,
"incoterms": SortOrderInput,
"licenseId": SortOrderInput,
"licenseStartDate": SortOrderInput,
"productType": SortOrderInput,
"quoteId": SortOrderInput,
"shippingDate": SortOrderInput,
"shippingStatus": SortOrderInput,
"siteName": SortOrderInput
}
HardwareValidation
BetaFields
| Field Name | Description |
|---|---|
addressValidationStatus - AddressValidationStatus
|
Address validation details |
completed - Boolean!
|
Complete item |
incompleteReason - String
|
Incomplete reason |
Example
{
"addressValidationStatus": "INVALID",
"completed": false,
"incompleteReason": "abc123"
}
HostRef
BetaHostRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
HttpHeaderName
BetaDescription
Http header name
Example
HttpHeaderName
HttpHeaderValue
BetaDescription
Http header value
Example
HttpHeaderValue
IContainerRef
Possible Types
| IContainerRef Types |
|---|
Example
{"id": 4, "name": "abc123"}
ID
Description
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
4
IPAddress
Description
An IPv4 IP address
Example
IPAddress
IPInfo
Description
A general structure to contain IP detailed information
Fields
| Field Name | Description |
|---|---|
city - String
|
Geolocation city |
countryCode - String
|
Geolocation ISO country code |
countryName - String
|
Geolocation country name |
ip - String
|
IP address of the link |
latitude - Float
|
Geolocation latitude for the ISP |
longitude - Float
|
Geolocation longitude for the ISP |
provider - String
|
ISP Internet provider |
state - String
|
Geolocation state |
Example
{
"city": "xyz789",
"countryCode": "xyz789",
"countryName": "abc123",
"ip": "xyz789",
"latitude": 987.65,
"longitude": 123.45,
"provider": "abc123",
"state": "abc123"
}
IPRange
Description
A from-to range (used for DHCP range, for example)
Example
IPRange
IPSecInfo
Description
Basic IPSec configuration information
Fields
| Field Name | Description |
|---|---|
catoIP - String
|
The source IP address for the IPsec tunnel in the Cato Cloud |
ikeVersion - Int
|
Shows 1 for IKEv1 and 2 for IKEv2 |
isPrimary - Boolean
|
For HA configurations, when this boolean value is true, this the primary IPsec firewall or routing device |
remoteIP - String
|
The destination IP address for the IPsec tunnel (in the site) |
Example
{
"catoIP": "xyz789",
"ikeVersion": 123,
"isPrimary": false,
"remoteIP": "abc123"
}
IPSecV2InterfaceId
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"PRIMARY1"
IPSecV2TunnelRole
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"WAN1"
IPSubnet
Example
IPSubnet
IPolicy
Description
Shared interface for any policy
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
TRUE = Policy is enabled, FALSE = Policy is disabled |
rules - [IPolicyRulePayload!]!
|
Return list of rules in the policy |
sections - [PolicySectionPayload!]!
|
Return sections in the policy |
audit - PolicyAudit
|
Audit data for the policy |
revision - PolicyRevision
|
Return data for the Policy revision |
Possible Types
| IPolicy Types |
|---|
Example
{
"enabled": true,
"rules": [IPolicyRulePayload],
"sections": [PolicySectionPayload],
"audit": PolicyAudit,
"revision": PolicyRevision
}
IPolicyMutationPayload
Description
Results of policy change
Fields
| Field Name | Description |
|---|---|
policy - IPolicy
|
Data for the policy |
status - PolicyMutationStatus!
|
Enum for the status of the policy change |
errors - [PolicyMutationError!]!
|
List of errors related to the policy change |
Example
{
"policy": IPolicy,
"status": "FAILURE",
"errors": [PolicyMutationError]
}
IPolicyRule
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Rule ID |
name - String!
|
Name of the rule |
description - String
|
Description for the rule |
index - Int!
|
Position / priority of rule |
enabled - Boolean!
|
TRUE = Rule is enabled, FALSE = Rule is disabled |
section - PolicySectionInfo
|
Policy section where the rule is located |
Possible Types
| IPolicyRule Types |
|---|
Example
{
"id": "4",
"name": "abc123",
"description": "xyz789",
"index": 123,
"enabled": true,
"section": PolicySectionInfo
}
IPolicyRuleMutationPayload
Description
Results of rule change
Fields
| Field Name | Description |
|---|---|
rule - IPolicyRulePayload
|
Returns settings for the rule |
status - PolicyMutationStatus!
|
Enum for the status of the policy change |
errors - [PolicyMutationError!]!
|
List of errors related to the policy change |
Possible Types
| IPolicyRuleMutationPayload Types |
|---|
Example
{
"rule": IPolicyRulePayload,
"status": "FAILURE",
"errors": [PolicyMutationError]
}
IPolicyRulePayload
Description
Results of changes to the rule
Fields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
rule - IPolicyRule!
|
Rule that was changed |
properties - [PolicyElementPropertiesEnum!]!
|
Summary of rule change, (ie. ADDED, UPDATED) |
Example
{
"audit": PolicyElementAudit,
"rule": IPolicyRule,
"properties": ["ADDED"]
}
IdFilterInput
BetaIdentificationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"EMAIL"
IlmmContact
IlmmDetails
Fields
| Field Name | Description |
|---|---|
contacts - [IlmmContact!]
|
|
ispDetails - IlmmIspDetails
|
|
linkDetails - IlmmLinkDetails
|
Example
{
"contacts": [IlmmContact],
"ispDetails": IlmmIspDetails,
"linkDetails": IlmmLinkDetails
}
IlmmIspDetails
Example
{
"countryCode": "xyz789",
"description": "xyz789",
"ispAccountId": "xyz789",
"loaFile": IspLoaFile,
"name": "xyz789",
"supportEmail": "abc123",
"supportPhone": "xyz789"
}
IlmmLicense
BetaDescription
Intelligent Last Mile Monitoring (ILMM) License details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The total amount of ILMM licenses. |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
IlmmLinkDetails
Example
{
"activeLicense": false,
"comments": "abc123",
"description": "xyz789",
"ispLinkId": "abc123",
"linkId": "abc123",
"onboardingStatus": "COMPLETE"
}
IlmmOnboardingStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"COMPLETE"
IncidentFlow
Fields
| Field Name | Description |
|---|---|
appName - String
|
|
clientClass - String
|
|
createdAt - DateTime
|
|
destinationCountry - String
|
|
destinationGeolocation - String
|
|
destinationIp - String
|
|
destinationPort - Int
|
|
direction - String
|
|
dnsResponseIP - String
|
|
domain - String
|
|
fileHash - String
|
|
httpResponseCode - Int
|
|
ja3 - String
|
|
method - String
|
|
referer - String
|
|
smbFileName - String
|
|
sourceGeolocation - String
|
|
sourceIp - String
|
|
sourcePort - Int
|
|
target - String
|
|
tunnelGeolocation - String
|
|
url - String
|
|
user - String
|
|
userAgent - String
|
Example
{
"appName": "abc123",
"clientClass": "xyz789",
"createdAt": "2007-12-03T10:15:30Z",
"destinationCountry": "abc123",
"destinationGeolocation": "abc123",
"destinationIp": "xyz789",
"destinationPort": 987,
"direction": "xyz789",
"dnsResponseIP": "xyz789",
"domain": "abc123",
"fileHash": "abc123",
"httpResponseCode": 123,
"ja3": "abc123",
"method": "abc123",
"referer": "xyz789",
"smbFileName": "abc123",
"sourceGeolocation": "abc123",
"sourceIp": "abc123",
"sourcePort": 987,
"target": "xyz789",
"tunnelGeolocation": "abc123",
"url": "xyz789",
"user": "abc123",
"userAgent": "abc123"
}
IncidentTargetRep
Fields
| Field Name | Description |
|---|---|
analysisScore - Float
|
|
categories - String
|
|
catoPopularity - Int
|
|
countryOfRegistration - String
|
|
creationTime - DateTime
|
|
engines - Int
|
|
eventData - [Event!]!
|
|
infectionSource - Boolean
|
|
name - String
|
|
searchHits - String
|
|
threatFeeds - Int
|
|
threatReference - String
|
|
type - TargetType
|
Example
{
"analysisScore": 987.65,
"categories": "xyz789",
"catoPopularity": 987,
"countryOfRegistration": "abc123",
"creationTime": "2007-12-03T10:15:30Z",
"engines": 987,
"eventData": [Event],
"infectionSource": false,
"name": "xyz789",
"searchHits": "xyz789",
"threatFeeds": 123,
"threatReference": "abc123",
"type": "domain"
}
IncidentTimeseries
Fields
| Field Name | Description |
|---|---|
data - [Float!]
|
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type) |
Arguments
|
|
info - [String!]
|
Specific information about the timeseries, used to build its name, title etc |
key - TimeseriesKey
|
|
label - String!
|
Indicates the type of the timeseries |
sum - Float
|
|
units - UnitType
|
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types of data to make sense. |
Example
{
"data": [987.65],
"info": ["abc123"],
"key": TimeseriesKey,
"label": "abc123",
"sum": 123.45,
"units": "bits"
}
Int
Description
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
987
IntFilterInput
BetaIntPredicate
BetaInterfaceInfo
Description
Basic Socket Interface configuration information
Fields
| Field Name | Description |
|---|---|
destType - String
|
The destination type configured to the Socket interface |
downstreamBandwidth - Int
|
Maximum allowed bandwidth for traffic on this port, from the Cato Cloud to the site |
downstreamBandwidthMbpsPrecision - Float
|
Maximum allowed bandwidth for traffic on this port in MBPS with single decimal point, from the Cato Cloud to the site Beta |
id - ID!
|
ID for the Socket port in the Socket WebUI Monitor tab |
name - String
|
Name for the port in the Cato Management Application |
upstreamBandwidth - Int
|
Maximum allowed bandwidth on this port, for traffic from the site to the Cato Cloud |
upstreamBandwidthMbpsPrecision - Float
|
Maximum allowed bandwidth on this port in MBPS with single decimal point, for traffic from the site to the Cato Cloud Beta |
wanRole - SocketInterfaceWanRole
|
Role for the WAN interface Beta |
Example
{
"destType": "xyz789",
"downstreamBandwidth": 987,
"downstreamBandwidthMbpsPrecision": 987.7,
"id": 4,
"name": "abc123",
"upstreamBandwidth": 123,
"upstreamBandwidthMbpsPrecision": 987.7,
"wanRole": "NONE"
}
InterfaceLinkState
Fields
| Field Name | Description |
|---|---|
duplex - String
|
Shows the duplex mode for the link |
hasAddress - Boolean
|
Indicates if the WAN interface has an IP address |
hasInternet - Boolean
|
Indicates if the interface is connected to the Internet |
hasTunnel - Boolean
|
Indicates if a connection has been established with the Cato Cloud |
id - ID
|
The ID for the specific Socket port, for example LAN1 or LAN2 |
linkSpeed - String
|
Shows the maximum bandwidth configured for the link |
mediaIn - Boolean
|
Indicates if there is a physical connection to the port |
up - Boolean
|
When this boolean value is true, then the link for the port is up |
Example
{
"duplex": "abc123",
"hasAddress": false,
"hasInternet": true,
"hasTunnel": false,
"id": "4",
"linkSpeed": "abc123",
"mediaIn": true,
"up": true
}
InterfaceMetrics
Fields
| Field Name | Description |
|---|---|
annotations - [TimeAnnotation!]
|
Time stamp annotation that shows a time increment for a GUI |
Arguments
|
|
interfaceInfo - InterfaceInfo
|
Basic configuration information about the Socket interface . Applicable only for site |
ipsecInfo - IPSecInfo
|
Data related to IPsec sites, such as IKE version . Applicable only for site |
metrics - Metrics
|
Traffic data for the link |
Arguments
|
|
name - String
|
Link name in the Cato Management Application |
periods - [TimePeriod!]
|
object that is a specific time duration |
remoteIP - String
|
IP address the ISP allocates to the WAN link |
remoteIPInfo - IPInfo
|
Data related to the link IP address, such as country code |
socketInfo - SocketInfo
|
Data related to Socket and vSocket sites, such as serial number and Socket version. Applicable only for site |
timeseries - [Timeseries!]
|
For site metrics, timeseries info field will include: siteID, interfaceName, for last mile metrics it will also include the destination last mile check |
Arguments
|
|
Example
{
"annotations": [TimeAnnotation],
"interfaceInfo": InterfaceInfo,
"ipsecInfo": IPSecInfo,
"metrics": Metrics,
"name": "abc123",
"periods": [TimePeriod],
"remoteIP": "xyz789",
"remoteIPInfo": IPInfo,
"socketInfo": SocketInfo,
"timeseries": [Timeseries]
}
InterfaceSnapshot
Fields
| Field Name | Description |
|---|---|
cellularInterfaceInfo - CellularInterface
|
Information about cellular (LTE) interface |
connected - Boolean
|
Shows if the WAN link is connected to the PoP |
id - ID
|
Interface ID for the WAN link |
info - InterfaceInfo
|
data about the WAN link that is configured in the Socket Configuration window for the site |
name - String
|
WAN link name in the Cato Management Application |
naturalOrder - Int
|
Interface Natural order for WAN link |
physicalPort - Int
|
Physical WAN port on the Socket |
popName - String
|
The name of the PoP that the WAN link is connected to |
previousPopID - Int
|
The ID of the PoP that the WAN link was connected to before the current one |
previousPopName - String
|
The name of the PoP that the WAN link was connected to before the current one |
tunnelConnectionReason - String
|
Reason that the tunnel required a new connection (for example, PoP or Socket restarted) |
tunnelRemoteIP - String
|
IP address of the WAN ISP |
tunnelRemoteIPInfo - IPInfo
|
IP address, ISP, and geographical information related to the WAN ISP |
tunnelUptime - Int
|
Number of seconds that the tunnel is connected to a PoP |
type - String
|
No longer supported |
Example
{
"cellularInterfaceInfo": CellularInterface,
"connected": true,
"id": "4",
"info": InterfaceInfo,
"name": "abc123",
"naturalOrder": 123,
"physicalPort": 123,
"popName": "abc123",
"previousPopID": 123,
"previousPopName": "abc123",
"tunnelConnectionReason": "xyz789",
"tunnelRemoteIP": "abc123",
"tunnelRemoteIPInfo": IPInfo,
"tunnelUptime": 987,
"type": "abc123"
}
InternetFirewallActionEnum
BetaDescription
The action applied by the Internet Firewall if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
Allow the network traffic to pass through the firewall. |
|
|
Deny the network traffic from passing through the firewall. |
|
|
Requests user confirmation to allow or block network traffic. |
|
|
Apply Remote Browser Isolation (RBI) to the network traffic |
Example
"ALLOW"
InternetFirewallAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - InternetFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched Default |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic Default |
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
description - String!
|
|
destination - InternetFirewallDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
deviceAttributes - DeviceAttributesInput!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. Default |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
enabled - Boolean!
|
|
exceptions - [InternetFirewallRuleExceptionInput!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
service - InternetFirewallServiceTypeInput!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - InternetFirewallSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
tracking - PolicyTrackingInput!
|
Tracking information when the rule is matched, such as events and notifications Default |
Example
{
"action": "ALLOW",
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "abc123",
"destination": InternetFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"enabled": true,
"exceptions": [InternetFirewallRuleExceptionInput],
"name": "abc123",
"schedule": PolicyScheduleInput,
"service": InternetFirewallServiceTypeInput,
"source": InternetFirewallSourceInput,
"tracking": PolicyTrackingInput
}
InternetFirewallAddRuleInput
BetaDescription
Rule parameters and relevant position
Fields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - InternetFirewallAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": InternetFirewallAddRuleDataInput
}
InternetFirewallContainer
BetaFields
| Field Name | Description |
|---|---|
fqdnContainer - [FqdnContainerRef!]!
|
|
ipAddressRangeContainer - [IpAddressRangeContainerRef!]!
|
Example
{
"fqdnContainer": [FqdnContainerRef],
"ipAddressRangeContainer": [IpAddressRangeContainerRef]
}
InternetFirewallContainerInput
BetaFields
| Input Field | Description |
|---|---|
fqdnContainer - [FqdnContainerRefInput!]!
|
|
ipAddressRangeContainer - [IpAddressRangeContainerRefInput!]!
|
Example
{
"fqdnContainer": [FqdnContainerRefInput],
"ipAddressRangeContainer": [
IpAddressRangeContainerRefInput
]
}
InternetFirewallContainerUpdateInput
BetaFields
| Input Field | Description |
|---|---|
fqdnContainer - [FqdnContainerRefInput!]
|
|
ipAddressRangeContainer - [IpAddressRangeContainerRefInput!]
|
Example
{
"fqdnContainer": [FqdnContainerRefInput],
"ipAddressRangeContainer": [
IpAddressRangeContainerRefInput
]
}
InternetFirewallDestination
BetaDescription
Returns the settings for Destination of an Internet Firewall rule
Fields
| Field Name | Description |
|---|---|
appCategory - [ApplicationCategoryRef!]!
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRef!]!
|
Applications for the rule (pre-defined) |
containers - InternetFirewallContainer!
|
|
country - [CountryRef!]!
|
Countries |
customApp - [CustomApplicationRef!]!
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRef!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]!
|
IPv4 addresses |
ipRange - [IpAddressRange!]!
|
A range of IPs. Every IP within the range will be matched |
remoteAsn - [Asn32!]!
|
Remote Autonomous System Number (ASN) |
sanctionedAppsCategory - [SanctionedAppsCategoryRef!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]!
|
Network subnets in CIDR notation |
Example
{
"appCategory": [ApplicationCategoryRef],
"application": [ApplicationRef],
"containers": InternetFirewallContainer,
"country": [CountryRef],
"customApp": [CustomApplicationRef],
"customCategory": [CustomCategoryRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"remoteAsn": [Asn32],
"sanctionedAppsCategory": [SanctionedAppsCategoryRef],
"subnet": [NetworkSubnet]
}
InternetFirewallDestinationInput
BetaDescription
Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]!
|
Cato category of applications which are dynamically updated by Cato Default |
application - [ApplicationRefInput!]!
|
Applications for the rule (pre-defined) Default |
containers - InternetFirewallContainerInput!
|
|
country - [CountryRefInput!]!
|
Countries Default |
customApp - [CustomApplicationRefInput!]!
|
Custom (user-defined) applications Default |
customCategory - [CustomCategoryRefInput!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. Default |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. Default |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
ip - [IPAddress!]!
|
IPv4 addresses Default |
ipRange - [IpAddressRangeInput!]!
|
A range of IPs. Every IP within the range will be matched Default |
remoteAsn - [Asn32!]!
|
Remote Autonomous System Number (ASN) Default |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. Default |
subnet - [NetworkSubnet!]!
|
Network subnets in CIDR notation Default |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"containers": InternetFirewallContainerInput,
"country": [CountryRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"remoteAsn": [Asn32],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
InternetFirewallDestinationUpdateInput
BetaDescription
Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRefInput!]
|
Applications for the rule (pre-defined) |
containers - InternetFirewallContainerUpdateInput
|
|
country - [CountryRefInput!]
|
Countries |
customApp - [CustomApplicationRefInput!]
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRefInput!]
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]
|
IPv4 addresses |
ipRange - [IpAddressRangeInput!]
|
A range of IPs. Every IP within the range will be matched |
remoteAsn - [Asn32!]
|
Remote Autonomous System Number (ASN) |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]
|
Network subnets in CIDR notation |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"containers": InternetFirewallContainerUpdateInput,
"country": [CountryRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"remoteAsn": [Asn32],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
InternetFirewallPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [InternetFirewallRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [InternetFirewallRulePayload],
"sections": [PolicySectionPayload]
}
InternetFirewallPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
InternetFirewallPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
InternetFirewallPolicyMutationPayload
BetaDescription
Internet Firewall policy information provided in the API response
Fields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - InternetFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": InternetFirewallPolicy,
"status": "FAILURE"
}
InternetFirewallPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
InternetFirewallRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
InternetFirewallRule
BetaFields
| Field Name | Description |
|---|---|
action - InternetFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic |
country - [CountryRef!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String!
|
Description for the rule |
destination - InternetFirewallDestination!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
device - [DeviceProfileRef!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
deviceAttributes - DeviceAttributes!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
exceptions - [InternetFirewallRuleException!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
schedule - PolicySchedule!
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - InternetFirewallServiceType!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - InternetFirewallSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
tracking - PolicyTracking!
|
Tracking information when the rule is matched, such as events and notifications |
Example
{
"action": "ALLOW",
"connectionOrigin": "ANY",
"country": [CountryRef],
"description": "xyz789",
"destination": InternetFirewallDestination,
"device": [DeviceProfileRef],
"deviceAttributes": DeviceAttributes,
"deviceOS": ["ANDROID"],
"enabled": false,
"exceptions": [InternetFirewallRuleException],
"id": "4",
"index": 123,
"name": "xyz789",
"schedule": PolicySchedule,
"section": PolicySectionInfo,
"service": InternetFirewallServiceType,
"source": InternetFirewallSource,
"tracking": PolicyTracking
}
InternetFirewallRuleException
BetaDescription
Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules.
Fields
| Field Name | Description |
|---|---|
connectionOrigin - ConnectionOriginEnum!
|
Connection origin matching criteria for the exception. |
country - [CountryRef!]!
|
Source country matching criteria for the exception. |
destination - InternetFirewallDestination!
|
Destination matching criteria for the exception. |
device - [DeviceProfileRef!]!
|
Source Device Profile matching criteria for the exception. |
deviceAttributes - DeviceAttributes!
|
Source Device Attributes matching criteria for the exception. |
deviceOS - [OperatingSystem!]!
|
Source device OS matching criteria for the exception. |
name - String!
|
A unique name of the rule exception. |
service - InternetFirewallServiceType!
|
Destination service matching criteria for the exception. |
source - InternetFirewallSource!
|
Source traffic matching criteria for the exception. |
Example
{
"connectionOrigin": "ANY",
"country": [CountryRef],
"destination": InternetFirewallDestination,
"device": [DeviceProfileRef],
"deviceAttributes": DeviceAttributes,
"deviceOS": ["ANDROID"],
"name": "abc123",
"service": InternetFirewallServiceType,
"source": InternetFirewallSource
}
InternetFirewallRuleExceptionInput
BetaDescription
Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules.
Fields
| Input Field | Description |
|---|---|
connectionOrigin - ConnectionOriginEnum!
|
Connection origin matching criteria for the exception. Default |
country - [CountryRefInput!]!
|
Source country matching criteria for the exception. Default |
destination - InternetFirewallDestinationInput!
|
Destination matching criteria for the exception. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile matching criteria for the exception. Default |
deviceAttributes - DeviceAttributesInput!
|
Source Device Attributes matching criteria for the exception. Default |
deviceOS - [OperatingSystem!]!
|
Source device OS matching criteria for the exception. Default |
name - String!
|
A unique name of the rule exception. |
service - InternetFirewallServiceTypeInput!
|
Destination service matching criteria for the exception. Default |
source - InternetFirewallSourceInput!
|
Source traffic matching criteria for the exception. Default |
Example
{
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"destination": InternetFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"name": "xyz789",
"service": InternetFirewallServiceTypeInput,
"source": InternetFirewallSourceInput
}
InternetFirewallRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - InternetFirewallRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": InternetFirewallRulePayload,
"status": "FAILURE"
}
InternetFirewallRulePayload
BetaDescription
Internet Firewall policy information for a specific revision
Fields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - InternetFirewallRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": InternetFirewallRule
}
InternetFirewallServiceType
BetaDescription
Returns the Service Type to which this Internet Firewall rule applies
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
|
standard - [ServiceRef!]!
|
Example
{
"custom": [CustomService],
"standard": [ServiceRef]
}
InternetFirewallServiceTypeInput
BetaDescription
Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
|
standard - [ServiceRefInput!]!
|
Example
{
"custom": [CustomServiceInput],
"standard": [ServiceRefInput]
}
InternetFirewallServiceTypeUpdateInput
BetaDescription
Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
|
standard - [ServiceRefInput!]
|
Example
{
"custom": [CustomServiceInput],
"standard": [ServiceRefInput]
}
InternetFirewallSource
BetaDescription
Returns the settings for Source of an Internet Firewall rule
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
InternetFirewallSourceInput
BetaDescription
Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
InternetFirewallSourceUpdateInput
BetaDescription
Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
InternetFirewallUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - InternetFirewallActionEnum
|
The action applied by the Internet Firewall if the rule is matched |
connectionOrigin - ConnectionOriginEnum
|
Connection origin of the traffic |
country - [CountryRefInput!]
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String
|
|
destination - InternetFirewallDestinationUpdateInput
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
device - [DeviceProfileRefInput!]
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
deviceAttributes - DeviceAttributesUpdateInput
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
deviceOS - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean
|
|
exceptions - [InternetFirewallRuleExceptionInput!]
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. |
name - String
|
|
schedule - PolicyScheduleUpdateInput
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
service - InternetFirewallServiceTypeUpdateInput
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - InternetFirewallSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
tracking - PolicyTrackingUpdateInput
|
Tracking information when the rule is matched, such as events and notifications |
Example
{
"action": "ALLOW",
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "abc123",
"destination": InternetFirewallDestinationUpdateInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesUpdateInput,
"deviceOS": ["ANDROID"],
"enabled": false,
"exceptions": [InternetFirewallRuleExceptionInput],
"name": "abc123",
"schedule": PolicyScheduleUpdateInput,
"service": InternetFirewallServiceTypeUpdateInput,
"source": InternetFirewallSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
InternetFirewallUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - InternetFirewallUpdateRuleDataInput!
|
Example
{"id": 4, "rule": InternetFirewallUpdateRuleDataInput}
IotOtLicense
BetaDescription
IoT/OT Security service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
IpAddressRange
BetaDescription
Inclusive range of IPs
Fields
| Field Name | Description |
|---|---|
from - IPAddress!
|
|
to - IPAddress!
|
Example
{"from": IPAddress, "to": IPAddress}
IpAddressRangeContainer
BetaDescription
A group with members of IPAddressRange type
Fields
| Field Name | Description |
|---|---|
audit - ContainerAudit!
|
Audit metadata about the container |
description - String
|
Description for the container |
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
size - Int!
|
Number of items in the container |
Example
{
"audit": ContainerAudit,
"description": "xyz789",
"id": 4,
"name": "xyz789",
"size": 987
}
IpAddressRangeContainerAddValuesInput
BetaDescription
Input for adding values to existing IPAddressRange typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [IpAddressRangeInput!]!
|
Example
{
"ref": ContainerRefInput,
"values": [IpAddressRangeInput]
}
IpAddressRangeContainerAddValuesPayload
BetaDescription
Payload of AddValues operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
IpAddressRangeContainerRef
BetaIpAddressRangeContainerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "abc123"}
IpAddressRangeContainerRemoveValuesInput
BetaDescription
Input for removing values from existing IPAddressRange typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [IpAddressRangeInput!]!
|
Example
{
"ref": ContainerRefInput,
"values": [IpAddressRangeInput]
}
IpAddressRangeContainerRemoveValuesPayload
BetaDescription
Payload of AddValues operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
IpAddressRangeContainerSearchInput
BetaDescription
Filtering input to IPAddressRange container search
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
IpAddressRangeContainerSearchIpAddressRangeInput
BetaDescription
Input for searching IPAddressRange typed containers that contain a specific IPAddressRange
Fields
| Input Field | Description |
|---|---|
ipAddressRange - IpAddressRangeInput!
|
Example
{"ipAddressRange": IpAddressRangeInput}
IpAddressRangeContainerSearchIpAddressRangePayload
BetaDescription
Payload of IPAddressRange search query
Fields
| Field Name | Description |
|---|---|
containers - [IpAddressRangeContainer!]!
|
List of containers with members of type IPAddressRange |
Example
{"containers": [IpAddressRangeContainer]}
IpAddressRangeContainerSearchPayload
BetaDescription
Payload of IPAddressRange container search
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
IpAddressRangeInput
BetaDescription
Inclusive range of IPs
Fields
| Input Field | Description |
|---|---|
from - IPAddress!
|
|
to - IPAddress!
|
Example
{"from": IPAddress, "to": IPAddress}
IpProtocol
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
TCP or UDP |
|
|
Example
"ANY"
IpSecCipher
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AES_CBC_128"
IpSecDHGroup
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AUTOMATIC"
IpSecHash
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AUTOMATIC"
IpsLicense
BetaDescription
Intrusion Prevention System (IPS) service license (Legacy license, replaced by TP)
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
IpsecIkeV2MessageInput
BetaFields
| Input Field | Description |
|---|---|
cipher - IpSecCipher
|
The SA tunnel encryption method. Note: For situations where GCM isn’t supported for the INIT phase, we recommend that you use the CBC algorithm for the INIT phase, and GCM for AUTH |
dhGroup - IpSecDHGroup
|
The Diffie-Hellman Group. The first number is the DH-group number, and the second number is the corresponding prime modulus size in bits |
integrity - IpSecHash
|
The algorithm used to verify the integrity and authenticity of IPsec packets |
prf - IpSecHash
|
The Pseudo-random function (PRF) used to derive the cryptographic keys used in the SA establishment process |
Example
{
"cipher": "AES_CBC_128",
"dhGroup": "AUTOMATIC",
"integrity": "AUTOMATIC",
"prf": "AUTOMATIC"
}
IspLoaFile
LastMileBwInput
BetaFields
| Input Field | Description |
|---|---|
downstream - Int
|
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth. |
downstreamMbpsPrecision - Float
|
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps with single decimal precision. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth. |
upstream - Int
|
The maximum upstream bandwidth, in Mbps. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud. |
upstreamMbpsPrecision - Float
|
The maximum upstream bandwidth, in Mbps with single decimal precision. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud. |
Example
{
"downstream": 123,
"downstreamMbpsPrecision": 987.7,
"upstream": 987,
"upstreamMbpsPrecision": 987.7
}
License
BetaDescription
An interface containing properties that are common to all license types
Fields
| Field Name | Description |
|---|---|
description - String
|
|
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
status - LicenseStatus!
|
License activation status |
startDate - DateTime
|
License start date |
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
Possible Types
| License Types |
|---|
Example
{
"description": "abc123",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"status": "ACTIVE",
"startDate": "2007-12-03T10:15:30Z",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z"
}
LicensePlan
BetaDescription
enum for license plan type (site license, service license, etc...)
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"COMMERCIAL"
LicenseSku
BetaValues
| Enum Value | Description |
|---|---|
|
|
Cato Anti Malware (legacy) service SKU |
|
|
Cato Anti Malware Next Generation (legacy) service SKU |
|
|
Cato CASB service SKU |
|
|
Cato datalake Group SKU |
|
|
12 months data retention SKU |
|
|
3 months data retention SKU |
|
|
6 months data retention SKU |
|
|
Cato DEM service SKU |
|
|
Cato DLP service SKU |
|
|
Cato EPP service SKU |
|
|
Cato ILMM service SKU |
|
|
Cato IoT/OT Security service SKU |
|
|
Public IPs SKU |
|
|
Cato IPS (legacy) service SKU |
|
|
Cato Managed XDR service SKU |
|
|
Cato MDR (XDR Pro) service SKU |
|
|
Cato NOCaaS service SKU |
|
|
Site pooled bandwidth SASE SKU |
|
|
Site pooled bandwidth SSE SKU |
|
|
Cato Remote Browser Isolation (RBI) service SKU |
|
|
Cato SAAS Group SKU |
|
|
|
|
|
Cato SAAS Security API with more than two Applications integration (legacy) service SKU |
|
|
Cato SAAS Security API with one application integration (legacy) service SKU |
|
|
Cato SAAS Security API with two applications integration (legacy) service SKU |
|
|
Site bandwidth SASE SKU |
|
|
Site bandwidth SSE SKU |
|
|
Cato Threat Prevention (legacy) service SKU |
|
|
Cato Advanced Threat Prevention service SKU |
|
|
Cato XDR service SKU |
|
|
ZTNA remote users SKU |
|
|
ZTNA remote users SKU replaced with CATO_ZTNA_USERS |
Example
"CATO_ANTI_MALWARE"
LicenseStatus
BetaDescription
enum for account plan status – the current license status within the license lifecycle
Values
| Enum Value | Description |
|---|---|
|
|
A license that is currently active |
|
|
An expired license is no longer active |
|
|
A license in a grace period |
|
|
An existing license with a future start date that is not currently active |
|
|
A license that is active before its start date, for partners and customers to verify the relevant configurations |
Example
"ACTIVE"
LicensingInfo
BetaDescription
Public license API
Fields
| Field Name | Description |
|---|---|
globalLicenseAllocations - GlobalLicenseAllocations!
|
License usage and allocation across the managed accounts |
licenses - [License!]!
|
License inventory |
Example
{
"globalLicenseAllocations": GlobalLicenseAllocations,
"licenses": [License]
}
LinkConfigPrecedenceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
LinkQualityIssue
Fields
| Field Name | Description |
|---|---|
current - Int
|
|
direction - TrafficDirectionEnum
|
|
issueType - LinkQualityIssueTypeEnum
|
|
threshold - Int
|
Example
{
"current": 123,
"direction": "DOWNSTREAM",
"issueType": "CONGESTION",
"threshold": 987
}
LinkQualityIssueTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONGESTION"
LinkStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ACTIVE"
LookupFilterInput
Fields
| Input Field | Description |
|---|---|
filter - LookupFilterType
|
|
value - String
|
Example
{"filter": "country", "value": "xyz789"}
LookupFilterType
Values
| Enum Value | Description |
|---|---|
|
|
Custom filter for country, used by city and state entityLookup |
|
|
Custom filter to be used with Site entityLookup, to get only sites with Alt WAN, possible values: "true", "false", |
|
|
Custom filter to be used with Site entityLookup, to get only sites that are configured as backhauling gateways, possible values: "true", "false", |
|
|
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values (there are more values that can supported): "SOCKET_X1500", "SOCKET_X1600", "SOCKET_X1700", "VSOCKET_VGX_ESX", "VSOCKET_VGX_AWS" "VSOCKET_VGX_AZURE" "SOCKET_X1600_LTE", |
|
|
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values: "SOCKET", "IPSEC", "vSOCKET", "PHYSICAL_SOCKET" |
|
|
Custom filter to be used with Site entityLookup, to get only sites that are configured as OffCloudTransportEnabled, possible values: "true", "false", |
|
|
Custom filter for state used by city entityLookup |
Example
"country"
MacAddress
BetaDescription
FF:FF:FF:FF OR FF-FF-FF-FF
Example
MacAddress
MalwareProtectionLicense
BetaDescription
Anti-Malware service license details (Legacy license, replaced by TP)
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
ManagedXdrLicense
BetaDescription
Managed XDR service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Map
Description
A key value pairs object { "key1": "value1", "key2": "value2" }
Example
Map
Measure
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
fieldName - AppStatsFieldName!
|
|
trend - Boolean
|
Example
{"aggType": "any", "fieldName": "ad_name", "trend": true}
MergedIncident
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for each story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
producer - StoryProducerEnum!
|
Producer (specific XDR engine and service) involved with the incident |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
connectionType - ConnectionTypeEnum
|
Connection for the incident |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
queryName - String
|
Category for the indication ID related to the story |
criticality - Int
|
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact) For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
source - String
|
For Network stories - The site where the network issue is occurring For Security stories - IP address, name of device, or SDP user on your network involved in the story |
ticket - String
|
The ticket an analyst created for this story |
status - StoryStatusEnum
|
Status for the story |
research - Boolean
|
The value is TRUE when the story is currently being researched by Security Analysts |
siteName - String
|
Site name related to the story Beta 'siteName' is deprecated, use 'site.name' instead |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
description - String
|
For Security stories, description of the threat |
sourceIp - String
|
The source IP address of the device in your network sending or receiving the flow |
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
site - SiteRef
|
Cato ID and name for the site |
user - UserRef
|
Cato ID and name for the user |
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
Possible Types
| MergedIncident Types |
|---|
Example
{
"id": 4,
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"connectionType": "Host",
"indication": "xyz789",
"queryName": "abc123",
"criticality": 987,
"source": "abc123",
"ticket": "abc123",
"status": "Closed",
"research": true,
"siteName": "abc123",
"storyDuration": 123,
"description": "xyz789",
"sourceIp": "xyz789",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"predictedVerdict": "Benign",
"predictedThreatType": "xyz789"
}
Metric
MetricDetails
Metrics
Fields
| Field Name | Description |
|---|---|
bytesDownstream - Float
|
total downstream traffic (from the Cato Cloud to the site) |
bytesTotal - Float
|
total traffic for the site |
bytesUpstream - Float
|
total upstream traffic (from the site to the Cato Cloud) |
duration - Int
|
total amount of time for the site data |
flowCount - Float
|
The number of flows (connections) in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics. |
granularity - Int
|
duration in seconds for a single metrics bucket |
hostCount - Float
|
The number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics. |
hostLimit - Float
|
The configurable limit of the number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics. |
jitterDownstream - Float
|
jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets) |
jitterUpstream - Float
|
jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets) |
lostDownstream - Float
|
number of packets lost for downstream traffic |
lostDownstreamPcnt - Float
|
percent of packet loss for downstream traffic |
lostUpstream - Float
|
number of packets lost for upstream traffic |
lostUpstreamPcnt - Float
|
percent of packet loss for upstream traffic |
packetsDiscardedDownstream - Float
|
total packets discarded for downstream traffic |
packetsDiscardedUpstream - Float
|
total packets discarded for upstream traffic |
packetsDownstream - Float
|
total downstream packets |
packetsUpstream - Float
|
total upstream packets |
rtt - Int
|
round-trip time from the site to the Cato Cloud |
Example
{
"bytesDownstream": 123.45,
"bytesTotal": 123.45,
"bytesUpstream": 123.45,
"duration": 123,
"flowCount": 123.45,
"granularity": 987,
"hostCount": 123.45,
"hostLimit": 987.65,
"jitterDownstream": 987.65,
"jitterUpstream": 123.45,
"lostDownstream": 123.45,
"lostDownstreamPcnt": 987.65,
"lostUpstream": 987.65,
"lostUpstreamPcnt": 987.65,
"packetsDiscardedDownstream": 123.45,
"packetsDiscardedUpstream": 123.45,
"packetsDownstream": 123.45,
"packetsUpstream": 987.65,
"rtt": 987
}
MicrosoftActivity
Description
The MicrosoftActivity object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.
Example
{
"action": "xyz789",
"firstActivityDateTime": "2007-12-03T10:15:30Z",
"id": "4",
"lastActivityDateTime": "2007-12-03T10:15:30Z",
"parentResourceId": "4",
"resourceId": 4
}
MicrosoftDefenderEndpointAlert
Description
The MicrosoftDefenderEndpointAlert object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.
Fields
| Field Name | Description |
|---|---|
activities - [MicrosoftActivity!]!
|
|
alertWebUrl - String
|
|
category - String
|
|
classification - AlertClassificationEnum
|
|
comments - [String!]!
|
|
createdDateTime - DateTime
|
|
criticality - Int
|
|
description - String
|
|
destinationIp - String
|
|
destinationUrl - String
|
|
detectionSource - DetectionSourceEnum
|
|
determination - AlertDeterminationEnum
|
|
firstActivityDateTime - DateTime
|
|
id - ID!
|
|
lastActivityDateTime - DateTime
|
|
lastUpdateDateTime - DateTime
|
|
localIp - String
|
|
mitreSubTechnique - [Mitre!]!
|
|
mitreTechnique - [Mitre!]!
|
|
ownerName - String
|
|
providerAlertId - String
|
|
recommendedActions - String
|
|
resolvedDateTime - DateTime
|
|
resources - [MicrosoftEndpointResource!]!
|
|
status - MsAlertStatus
|
|
threatFamilyName - String
|
|
threatName - String
|
|
threatType - String
|
|
title - String
|
Example
{
"activities": [MicrosoftActivity],
"alertWebUrl": "abc123",
"category": "xyz789",
"classification": "FALSE_POSITIVE",
"comments": ["xyz789"],
"createdDateTime": "2007-12-03T10:15:30Z",
"criticality": 987,
"description": "abc123",
"destinationIp": "xyz789",
"destinationUrl": "xyz789",
"detectionSource": "ANTIVIRUS",
"determination": "APT",
"firstActivityDateTime": "2007-12-03T10:15:30Z",
"id": "4",
"lastActivityDateTime": "2007-12-03T10:15:30Z",
"lastUpdateDateTime": "2007-12-03T10:15:30Z",
"localIp": "xyz789",
"mitreSubTechnique": [Mitre],
"mitreTechnique": [Mitre],
"ownerName": "abc123",
"providerAlertId": "xyz789",
"recommendedActions": "abc123",
"resolvedDateTime": "2007-12-03T10:15:30Z",
"resources": [MicrosoftEndpointResource],
"status": "IN_PROGRESS",
"threatFamilyName": "abc123",
"threatName": "abc123",
"threatType": "abc123",
"title": "xyz789"
}
MicrosoftDeviceDetails
Description
The MicrosoftDeviceDetails object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.
Fields
| Field Name | Description |
|---|---|
avStatus - DeviceAvStatusEnum
|
|
azureAdDeviceId - String
|
|
deviceName - String
|
|
firstSeenDateTime - DateTime
|
|
healthStatus - DeviceHealthStatusEnum
|
|
id - ID!
|
|
ipInterfaces - [String!]!
|
|
loggedOnUsers - [EndpointUser!]!
|
|
onboardingStatus - OnboardingStatusEnum
|
|
osDetails - OsDetails
|
|
rbacGroup - RbacGroup
|
Example
{
"avStatus": "DISABLED",
"azureAdDeviceId": "xyz789",
"deviceName": "abc123",
"firstSeenDateTime": "2007-12-03T10:15:30Z",
"healthStatus": "ACTIVE",
"id": 4,
"ipInterfaces": ["abc123"],
"loggedOnUsers": [EndpointUser],
"onboardingStatus": "CAN_BE_ONBOARDED",
"osDetails": OsDetails,
"rbacGroup": RbacGroup
}
MicrosoftEndpoint
BetaDescription
The MicrosoftEndpoint object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.
Fields
| Field Name | Description |
|---|---|
alerts - [MicrosoftDefenderEndpointAlert!]!
|
|
analystFeedback - AnalystFeedback
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
device - MicrosoftDeviceDetails
|
|
engineType - StoryEngineTypeEnum
|
|
firstSignal - DateTime!
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
|
source - String
|
|
sourceIp - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
ticket - String
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"alerts": [MicrosoftDefenderEndpointAlert],
"analystFeedback": AnalystFeedback,
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"device": MicrosoftDeviceDetails,
"engineType": "ANOMALY",
"firstSignal": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"queryName": "xyz789",
"research": true,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "abc123",
"sourceIp": "abc123",
"status": "Closed",
"storyDuration": 987,
"ticket": "abc123",
"user": UserRef,
"vendor": "CATO"
}
MicrosoftEndpointResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
tags - [String!]!
|
|
roles - [ResourceRoleEnum!]!
|
|
verdict - MsResourceVerdictEnum
|
Possible Types
| MicrosoftEndpointResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "xyz789",
"tags": ["abc123"],
"roles": ["ADDED"],
"verdict": "Benign"
}
MicrosoftEndpointUser
Description
The MicrosoftEndpointUser object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.
Example
{
"accountName": "xyz789",
"domainName": "xyz789",
"id": 4,
"name": "xyz789",
"principalName": "abc123",
"userSid": "xyz789"
}
MicrosoftFileResource
Description
The MicrosoftFileResource object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
|
detectionStatus - DetectionStatusEnum
|
|
fileDetails - FileDetails
|
|
id - ID!
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
tags - [String!]!
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"detectionStatus": "BLOCKED",
"fileDetails": FileDetails,
"id": 4,
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "abc123",
"roles": ["ADDED"],
"tags": ["xyz789"],
"verdict": "Benign"
}
MicrosoftProcessResource
Description
The MicrosoftProcessResource object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
|
id - ID!
|
|
imageFile - FileDetails
|
|
processCommandLine - String
|
|
processId - Int!
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
tags - [String!]!
|
|
userAccount - EndpointUser
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"id": "4",
"imageFile": FileDetails,
"processCommandLine": "abc123",
"processId": 123,
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "xyz789",
"roles": ["ADDED"],
"tags": ["abc123"],
"userAccount": EndpointUser,
"verdict": "Benign"
}
MicrosoftRegistryResource
Description
The MicrosoftRegistryResource object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
|
hive - String
|
|
id - ID!
|
|
key - String
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
tags - [String!]!
|
|
value - String
|
|
valueName - String
|
|
valueType - String
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"hive": "xyz789",
"id": "4",
"key": "abc123",
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "xyz789",
"roles": ["ADDED"],
"tags": ["abc123"],
"value": "abc123",
"valueName": "xyz789",
"valueType": "abc123",
"verdict": "Benign"
}
Mitre
MsAlertStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"IN_PROGRESS"
MsResourceVerdictEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"Benign"
NOCaaSLicense
BetaDescription
NOC as a Service (NOCaaS) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
NetworkBandwidth
BetaExample
NetworkBandwidth
NetworkDhcpSettingsInput
NetworkEventSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BGP_SESSION"
NetworkInterfaceRef
BetaNetworkInterfaceRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
NetworkSubnet
BetaDescription
Subnet in CIDR notation E.g.: 10.0.0.0/24
Example
NetworkSubnet
NetworkTimelineEvent
Fields
| Field Name | Description |
|---|---|
acknowledged - Boolean
|
|
bgpConnection - BGPConnection
|
|
created - DateTime!
|
|
description - String
|
|
deviceConfigHaRole - DeviceConfigHaRoleEnum
|
|
deviceHaRoleState - DeviceHaRoleStateEnum
|
|
eventIds - [String!]!
|
|
eventType - NetworkXDREventTypeEnum
|
|
hostIp - String
|
|
incidentId - String
|
|
isp - String
|
|
linkConfigBandwidth - String
|
|
linkConfigPrecedence - LinkConfigPrecedenceEnum
|
|
linkId - String
|
|
linkName - String
|
|
linkQualityIssue - LinkQualityIssue
|
|
linkStatus - LinkStatusEnum
|
|
muted - Boolean
|
|
networkEventSource - NetworkEventSourceEnum
|
|
pop - String
|
|
ruleName - String
|
|
socketSerialId - String
|
|
tunnelResetCount - Int
|
|
validated - DateTime!
|
Example
{
"acknowledged": true,
"bgpConnection": BGPConnection,
"created": "2007-12-03T10:15:30Z",
"description": "xyz789",
"deviceConfigHaRole": "PRIMARY",
"deviceHaRoleState": "BACKUP",
"eventIds": ["xyz789"],
"eventType": "DEGRADED",
"hostIp": "xyz789",
"incidentId": "xyz789",
"isp": "xyz789",
"linkConfigBandwidth": "abc123",
"linkConfigPrecedence": "ACTIVE",
"linkId": "xyz789",
"linkName": "abc123",
"linkQualityIssue": LinkQualityIssue,
"linkStatus": "ACTIVE",
"muted": false,
"networkEventSource": "BGP_SESSION",
"pop": "abc123",
"ruleName": "xyz789",
"socketSerialId": "xyz789",
"tunnelResetCount": 987,
"validated": "2007-12-03T10:15:30Z"
}
NetworkXDREventTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"DEGRADED"
NetworkXDRIncident
BetaDescription
The NetworkXDRIncident object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.
Fields
| Field Name | Description |
|---|---|
acknowledged - Boolean
|
|
analystFeedback - AnalystFeedback
|
|
bgpConnection - BGPConnection
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceConfigHaRole - DeviceConfigHaRoleEnum
|
|
engineType - StoryEngineTypeEnum
|
|
firstSignal - DateTime!
|
|
hostIp - String
|
|
id - ID!
|
|
ilmmDetails - IlmmDetails
|
|
indication - String!
|
|
isp - String
|
|
lastSignal - DateTime!
|
|
licenseBandwidth - String
|
|
licenseRegion - String
|
|
linkConfigPrecedence - LinkConfigPrecedenceEnum
|
|
linkId - String
|
|
linkName - String
|
|
muted - Boolean
|
|
networkIncidentTimeline - [NetworkTimelineEvent!]!
|
|
occurrences - Int
|
|
pop - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
ruleName - String
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteConfigLocation - String
|
|
siteConnectionType - String
|
|
siteName - String!
|
|
source - String
|
|
sourceIp - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
storyType - String!
|
|
ticket - String
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"acknowledged": false,
"analystFeedback": AnalystFeedback,
"bgpConnection": BGPConnection,
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"deviceConfigHaRole": "PRIMARY",
"engineType": "ANOMALY",
"firstSignal": "2007-12-03T10:15:30Z",
"hostIp": "abc123",
"id": "4",
"ilmmDetails": IlmmDetails,
"indication": "abc123",
"isp": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"licenseBandwidth": "abc123",
"licenseRegion": "xyz789",
"linkConfigPrecedence": "ACTIVE",
"linkId": "abc123",
"linkName": "xyz789",
"muted": false,
"networkIncidentTimeline": [NetworkTimelineEvent],
"occurrences": 123,
"pop": "xyz789",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"queryName": "xyz789",
"research": false,
"ruleName": "abc123",
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteConfigLocation": "xyz789",
"siteConnectionType": "abc123",
"siteName": "abc123",
"source": "abc123",
"sourceIp": "abc123",
"status": "Closed",
"storyDuration": 987,
"storyType": "xyz789",
"ticket": "xyz789",
"user": UserRef,
"vendor": "CATO"
}
NextGenMalwareProtectionLicense
BetaDescription
NG Anti-Malware service license details (Legacy license, replaced by TP)
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
ObjectRef
ObjectRefBy
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ID"
OnboardingStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"CAN_BE_ONBOARDED"
OperatingSystem
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANDROID"
OperationalStatus
Values
| Enum Value | Description |
|---|---|
|
|
Passing traffic |
|
|
Disabled in the Cato Management Application |
|
|
License has expired for this site and you can't configure it |
|
|
After you create the site before it is connected to the Cato Cloud |
|
|
For VPN users only |
|
|
For VPN users only |
|
|
For VPN users only |
Example
"active"
OsDetails
PageInfo
BetaFields
| Field Name | Description |
|---|---|
total - Int!
|
Example
{"total": 123}
Paging
BetaFields
| Field Name | Description |
|---|---|
from - Int!
|
Based on the filter and sort parameters, the first story that is returned |
limit - Int!
|
Based on the filter and sort parameters, the number of stories returned after the from. For example, the argument {from: 10, limit: 10} returns stories 10-20. |
total - Int!
|
Total number of stories returned |
Example
{"from": 123, "limit": 987, "total": 987}
PagingInput
BetaPartnerPooledBandwidthLicenseAccount
Fields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Identifying data for the account |
allocatedBandwidth - Int!
|
Allocated bandwidth for this account |
Example
{"account": AccountRef, "allocatedBandwidth": 123}
PeriodType
Values
| Enum Value | Description |
|---|---|
|
|
traffic was seen |
|
|
some packets were discarded after queue timeout |
|
|
unspecified period type |
|
|
multiple last mile destinations measured large latency (greater than 500ms) |
|
|
multiple last mile destinations measured packet loss |
|
|
missing data |
|
|
some packets were queued |
|
|
packet loss connectivity issue |
|
|
interface in standby mode |
|
|
period connected to specific pop instance |
Example
"active"
PolicyActiveOnEnum
BetaDescription
Enum for the type of time range a rule is active
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALWAYS"
PolicyAddSectionInfoInput
BetaDescription
Input for adding section info to a policy
Fields
| Input Field | Description |
|---|---|
name - String!
|
Example
{"name": "xyz789"}
PolicyAddSectionInput
BetaDescription
Input for adding a section to a policy
Fields
| Input Field | Description |
|---|---|
at - PolicySectionPositionInput!
|
|
section - PolicyAddSectionInfoInput!
|
Example
{
"at": PolicySectionPositionInput,
"section": PolicyAddSectionInfoInput
}
PolicyAudit
BetaPolicyCreateRevisionInput
BetaPolicyCustomRecurring
BetaDescription
Returns data for a custom recurring time range that a rule is active
Fields
| Field Name | Description |
|---|---|
days - [DayOfWeek!]!
|
|
from - Time!
|
|
to - Time!
|
Example
{
"days": ["FRIDAY"],
"from": "10:15:30Z",
"to": "10:15:30Z"
}
PolicyCustomRecurringInput
BetaDescription
Input of data for a custom recurring time range that a rule is active
Fields
| Input Field | Description |
|---|---|
days - [DayOfWeek!]!
|
|
from - Time!
|
|
to - Time!
|
Example
{
"days": ["FRIDAY"],
"from": "10:15:30Z",
"to": "10:15:30Z"
}
PolicyCustomRecurringUpdateInput
BetaDescription
Input of data for a custom recurring time range that a rule is active
Fields
| Input Field | Description |
|---|---|
days - [DayOfWeek!]
|
|
from - Time
|
|
to - Time
|
Example
{
"days": ["FRIDAY"],
"from": "10:15:30Z",
"to": "10:15:30Z"
}
PolicyCustomTimeframe
BetaPolicyCustomTimeframeInput
BetaPolicyCustomTimeframeUpdateInput
BetaPolicyDiscardRevisionInput
BetaDescription
Discards unpublished revision for the policy and reverts to the settings for the published policy.
Fields
| Input Field | Description |
|---|---|
id - ID
|
Example
{"id": "4"}
PolicyElementAudit
BetaPolicyElementPropertiesEnum
BetaDescription
Attributes describing the rule state or type
Values
| Enum Value | Description |
|---|---|
|
|
New (added) rule |
|
|
An object can not be moved, or referenced when moving other objects. However its properties and content can be modified. |
|
|
A rule locked for changes by other admins |
|
|
A rule moved to a different position |
|
|
Removed (deleted) rule |
|
|
A pre-defined (system) rule that cannot be modified or removed |
|
|
Updated (modified) existing rule |
Example
"ADDED"
PolicyMoveRuleInput
BetaDescription
Move the rule to a different position in the policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
to - PolicyRulePositionInput
|
Example
{"id": 4, "to": PolicyRulePositionInput}
PolicyMoveSectionInput
BetaDescription
Input for moving a section within a policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
to - PolicySectionPositionInput
|
Example
{"id": 4, "to": PolicySectionPositionInput}
PolicyMoveSubRuleInput
BetaDescription
Move the sub rule to a different position in the policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
to - PolicySubRulePositionInput!
|
Example
{"id": 4, "to": PolicySubRulePositionInput}
PolicyMutationError
BetaDescription
The PolicyMutationError enum defines various error messages related to policy publishing in the policy platform service.
Policy Errors
ConcurrentPolicyPublish
- Error Message: "Another policy is currently publishing"
PolicyRevisionMismatch
- Error Message: "Revision is not owned by the admin"
PolicyRevisionNotFound
- Error Message: "Revision was not found"
PolicyInvalidEntity
- Error Message: "Invalid entity"
DuplicateRuleName
- Error Message: "Rule with the same name already exists"
DuplicateSectionName
- Error Message: "Section with the same name already exists"
PolicyFailure
- Error Message: "Can’t publish policy due to an internal error. Please try again in a few minutes"
Rule Errors
ruleIsLocked
- Error Message: "Rule is locked by another revision"
ruleWasRemoved
- Error Message: "Rule was already removed"
ruleNotExist
- Error Message: "Rule does not exist"
ruleSectionNotExist
- Error Message: "Section does not exist"
ruleSectionIsLocked
- Error Message: "Section is locked by another revision"
rulePositionInvalid
- Error Message: "Rule position is invalid"
ruleNameIsEmpty
- Error Message: "Rule name can't be empty"
ruleNameAlreadyExists
- Error Message: "Rule with the same name already exists"
ruleSystemModification
- Error Message: "Can't modify a system rule"
ruleSystemMove
- Error Message: "Can't add a rule above the system rules"
ruleHasInvalidEntity
- Error Message: "Rule has an invalid entity"
failedValidatingRule
- Error Message: "Something went wrong, couldn't validate rule"
Section Errors
sectionIsLocked
- Error Message: "Section is locked by another revision"
sectionSystemMove
- Error Message: "Section with system rules cannot be moved or removed"
sectionNotExist
- Error Message: "Section does not exist"
sectionPositionInvalid
- Error Message: "Section position is invalid"
Example
{
"errorCode": "xyz789",
"errorMessage": "abc123"
}
PolicyMutationRevisionInput
Fields
| Input Field | Description |
|---|---|
id - ID
|
Example
{"id": "4"}
PolicyMutationStatus
BetaDescription
Enum for the status of a policy mutation
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FAILURE"
PolicyPublishRevisionInput
BetaDescription
Published revision is the active policy applied on the traffic. In addition, when a policy is published, revision changes become visible to other admins, and rules locked by the revision become unlocked
Example
{
"description": "abc123",
"name": "xyz789"
}
PolicyRemoveSectionInput
BetaDescription
Input for removing a section from a policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
PolicyRevision
BetaDescription
Returns data about the policy revision, such as when the change was made, how many rules were changed, etc.
Example
{
"changes": 123,
"createdTime": "2007-12-03T10:15:30Z",
"description": "abc123",
"id": "4",
"name": "xyz789",
"updatedTime": "2007-12-03T10:15:30Z"
}
PolicyRevisionInput
BetaDescription
Input for specifying a policy revision
Fields
| Input Field | Description |
|---|---|
id - ID
|
|
type - PolicyRevisionType
|
Example
{"id": 4, "type": "PRIVATE"}
PolicyRevisionType
BetaDescription
Enum for the type of a policy revision
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIVATE"
PolicyRevisionsPayload
BetaDescription
Returns data for publishing the policy
Fields
| Field Name | Description |
|---|---|
revision - [PolicyRevision!]!
|
Example
{"revision": [PolicyRevision]}
PolicyRulePositionEnum
BetaDescription
Enum for the position of a rule within a policy
Values
| Enum Value | Description |
|---|---|
|
|
The rule position is after the pre-existing specified rule |
|
|
The rule position is before the pre-existing specified rule |
|
|
The rule position is immediately after the system rules (first non-system rule) |
|
|
The rule position is first in the specified section |
|
|
The rule position is last in the policy |
|
|
The rule position is last in the specified section |
Example
"AFTER_RULE"
PolicyRulePositionInput
BetaDescription
Parameters required to define the rule position
Fields
| Input Field | Description |
|---|---|
position - PolicyRulePositionEnum
|
Position relative to a policy, a section or another rule |
ref - ID
|
The identifier of the object (e.g. a rule, a section) relative to which the position of the added rule is defined |
Example
{"position": "AFTER_RULE", "ref": 4}
PolicyRuleTrackingAlert
BetaDescription
Returns data for the alert settings for the rule
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched |
frequency - PolicyRuleTrackingFrequencyEnum!
|
Returns data for the alert frequency |
mailingList - [SubscriptionMailingListRef!]!
|
Returns data for the Mailing List that receives the alert |
subscriptionGroup - [SubscriptionGroupRef!]!
|
Returns data for the Subscription Group that receives the alert |
webhook - [SubscriptionWebhookRef!]!
|
Returns data for the Webhook that receives the alert |
Example
{
"enabled": false,
"frequency": "DAILY",
"mailingList": [SubscriptionMailingListRef],
"subscriptionGroup": [SubscriptionGroupRef],
"webhook": [SubscriptionWebhookRef]
}
PolicyRuleTrackingAlertInput
BetaDescription
Input of data for the alert settings for the rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean!
|
TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched Default |
frequency - PolicyRuleTrackingFrequencyEnum!
|
Returns data for the alert frequency Default |
mailingList - [SubscriptionMailingListRefInput!]!
|
Returns data for the Mailing List that receives the alert Default |
subscriptionGroup - [SubscriptionGroupRefInput!]!
|
Returns data for the Subscription Group that receives the alert Default |
webhook - [SubscriptionWebhookRefInput!]!
|
Returns data for the Webhook that receives the alert Default |
Example
{
"enabled": false,
"frequency": "DAILY",
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
PolicyRuleTrackingAlertUpdateInput
BetaDescription
Input of data for the alert settings for the rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean
|
TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched |
frequency - PolicyRuleTrackingFrequencyEnum
|
Returns data for the alert frequency |
mailingList - [SubscriptionMailingListRefInput!]
|
Returns data for the Mailing List that receives the alert |
subscriptionGroup - [SubscriptionGroupRefInput!]
|
Returns data for the Subscription Group that receives the alert |
webhook - [SubscriptionWebhookRefInput!]
|
Returns data for the Webhook that receives the alert |
Example
{
"enabled": false,
"frequency": "DAILY",
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
PolicyRuleTrackingEvent
BetaDescription
Returns data if an alert is sent for a rule
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
Example
{"enabled": true}
PolicyRuleTrackingEventInput
BetaDescription
Input of data if an alert is sent for a rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean!
|
Example
{"enabled": false}
PolicyRuleTrackingEventUpdateInput
BetaDescription
Input of data if an alert is sent for a rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean
|
Example
{"enabled": false}
PolicyRuleTrackingFrequencyEnum
BetaDescription
Enum for the frequency of an alert event for a rule
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"DAILY"
PolicySchedule
BetaFields
| Field Name | Description |
|---|---|
activeOn - PolicyActiveOnEnum!
|
|
customRecurring - PolicyCustomRecurring
|
|
customTimeframe - PolicyCustomTimeframe
|
Example
{
"activeOn": "ALWAYS",
"customRecurring": PolicyCustomRecurring,
"customTimeframe": PolicyCustomTimeframe
}
PolicyScheduleInput
BetaFields
| Input Field | Description |
|---|---|
activeOn - PolicyActiveOnEnum!
|
|
customRecurring - PolicyCustomRecurringInput
|
|
customTimeframe - PolicyCustomTimeframeInput
|
Example
{
"activeOn": "ALWAYS",
"customRecurring": PolicyCustomRecurringInput,
"customTimeframe": PolicyCustomTimeframeInput
}
PolicyScheduleUpdateInput
BetaFields
| Input Field | Description |
|---|---|
activeOn - PolicyActiveOnEnum
|
|
customRecurring - PolicyCustomRecurringUpdateInput
|
|
customTimeframe - PolicyCustomTimeframeUpdateInput
|
Example
{
"activeOn": "ALWAYS",
"customRecurring": PolicyCustomRecurringUpdateInput,
"customTimeframe": PolicyCustomTimeframeUpdateInput
}
PolicySectionInfo
BetaPolicySectionMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
section - PolicySectionPayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"section": PolicySectionPayload,
"status": "FAILURE"
}
PolicySectionPayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
section - PolicySectionInfo!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"section": PolicySectionInfo
}
PolicySectionPositionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"AFTER_SECTION"
PolicySectionPositionInput
BetaFields
| Input Field | Description |
|---|---|
position - PolicySectionPositionEnum!
|
|
ref - ID
|
Example
{"position": "AFTER_SECTION", "ref": "4"}
PolicySubRulePositionEnum
BetaDescription
Enum for the position of a rule within a policy
Values
| Enum Value | Description |
|---|---|
|
|
The rule position is after the pre-existing specified rule |
|
|
The rule position is before the pre-existing specified rule |
|
|
The rule position is first in the specified rule |
|
|
The rule position is last in the specified rule |
Example
"AFTER_SUB_RULE"
PolicySubRulePositionInput
BetaDescription
Parameters required to define the rule position
Fields
| Input Field | Description |
|---|---|
position - PolicySubRulePositionEnum!
|
Position relative to a policy, a section or another rule |
ref - ID!
|
The identifier of the sub-rule relative to which the position of the added rule is defined |
Example
{"position": "AFTER_SUB_RULE", "ref": 4}
PolicyToggleState
BetaDescription
Enum for the state of a policy
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DISABLED"
PolicyTracking
BetaFields
| Field Name | Description |
|---|---|
alert - PolicyRuleTrackingAlert!
|
|
event - PolicyRuleTrackingEvent!
|
Example
{
"alert": PolicyRuleTrackingAlert,
"event": PolicyRuleTrackingEvent
}
PolicyTrackingInput
BetaFields
| Input Field | Description |
|---|---|
alert - PolicyRuleTrackingAlertInput!
|
|
event - PolicyRuleTrackingEventInput!
|
Example
{
"alert": PolicyRuleTrackingAlertInput,
"event": PolicyRuleTrackingEventInput
}
PolicyTrackingUpdateInput
BetaFields
| Input Field | Description |
|---|---|
alert - PolicyRuleTrackingAlertUpdateInput
|
|
event - PolicyRuleTrackingEventUpdateInput
|
Example
{
"alert": PolicyRuleTrackingAlertUpdateInput,
"event": PolicyRuleTrackingEventUpdateInput
}
PolicyUpdateSectionInfoInput
BetaFields
| Input Field | Description |
|---|---|
name - String
|
Example
{"name": "xyz789"}
PolicyUpdateSectionInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
section - PolicyUpdateSectionInfoInput!
|
Example
{"id": 4, "section": PolicyUpdateSectionInfoInput}
PooledBandwidthLicense
BetaFields
| Field Name | Description |
|---|---|
accounts - [PartnerPooledBandwidthLicenseAccount!]!
|
Accounts that this license is assigned to (and the license usage within each account) |
allocatedBandwidth - Int!
|
allocated bandwidth, in Mbps, for all the sites assigned to this license. |
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
siteLicenseGroup - SiteLicenseGroup!
|
Regional license group |
siteLicenseType - SiteLicenseType!
|
The selected service type, e.g SASE or SSE. |
sites - [PooledBandwidthLicenseSite!]!
|
Sites that this license is assigned to (and the license usage within each site) |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Maximum available bandwidth, in Mbps, for all the sites under this license. This constitutes the bandwidth pool that is allocated to different sites. |
Example
{
"accounts": [PartnerPooledBandwidthLicenseAccount],
"allocatedBandwidth": 123,
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"siteLicenseGroup": "AFRICA",
"siteLicenseType": "SASE",
"sites": [PooledBandwidthLicenseSite],
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
PooledBandwidthLicenseSite
PopLocationRef
BetaPopLocationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
Port
BetaDescription
Network port number. Must be in range [0-65535] E.g.: 433, 8080, 80, etc..
Example
62148
PortRange
BetaPortRangeInput
BetaPortRangeUpdateInput
BetaProcessResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
processId - Int!
|
|
processCommandLine - String
|
|
imageFile - FileDetails
|
|
userAccount - EndpointUser
|
Possible Types
| ProcessResource Types |
|---|
Example
{
"id": 4,
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"processId": 123,
"processCommandLine": "abc123",
"imageFile": FileDetails,
"userAccount": EndpointUser
}
ProtoType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CROSS_CONNECT"
PublicIpsLicense
BetaDescription
Public IP address license
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The number of public IPs available in the licenses |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
PublicIpsLicenseAllocations
BetaQuantifiableLicense
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
status - LicenseStatus!
|
License activation status |
startDate - DateTime
|
License initiation date |
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
total - Int!
|
license quantity |
Possible Types
| QuantifiableLicense Types |
|---|
Example
{
"description": "abc123",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"status": "ACTIVE",
"startDate": "2007-12-03T10:15:30Z",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"total": 123
}
RBACRole
RbacGroup
RbiLicense
BetaDescription
Remote Browser Isolation (RBI) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
RecentConnection
Fields
| Field Name | Description |
|---|---|
deviceName - String
|
Serial number for the Device |
duration - Int
|
The duration of the connection |
interfaceName - String
|
Name for the port in the Cato Management Application |
lastConnected - DateTime
|
The last time this connection was detected (so lastConnected - duration is the start of the connection |
popName - String
|
The name of the PoP that the traffic flow was connected to |
remoteIP - String
|
IP address the ISP allocates to the WAN link |
remoteIPInfo - IPInfo
|
IP address, ISP, and geographical information related to the PoP that the traffic flow was connected to |
Example
{
"deviceName": "xyz789",
"duration": 123,
"interfaceName": "xyz789",
"lastConnected": "2007-12-03T10:15:30Z",
"popName": "abc123",
"remoteIP": "abc123",
"remoteIPInfo": IPInfo
}
Regionality
Description
REGIONAL and GLOBAL licenses for MOROCCO, CHINA, and VIETNAM group values
Values
| Enum Value | Description |
|---|---|
|
|
Global traffic going outside of the region |
|
|
Site traffic within the region |
Example
"GLOBAL"
RegistryResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
hive - String
|
|
key - String
|
|
value - String
|
|
valueName - String
|
|
valueType - String
|
Possible Types
| RegistryResource Types |
|---|
Example
{
"id": 4,
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"hive": "abc123",
"key": "xyz789",
"value": "abc123",
"valueName": "xyz789",
"valueType": "xyz789"
}
RemediationStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BLOCKED"
RemotePortFwdAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
enabled - Boolean!
|
|
externalIp - AllocatedIpRefInput!
|
|
externalPortRange - PortRangeInput!
|
|
forwardIcmp - Boolean!
|
|
internalIp - IPAddress!
|
|
internalPortRange - PortRangeInput!
|
|
name - String!
|
|
remoteIPs - RemotePortFwdRemoteIpsInput!
|
|
restrictionType - RemotePortFwdRestrictionType!
|
|
tracking - PolicyRuleTrackingAlertInput!
|
Example
{
"description": "xyz789",
"enabled": true,
"externalIp": AllocatedIpRefInput,
"externalPortRange": PortRangeInput,
"forwardIcmp": false,
"internalIp": IPAddress,
"internalPortRange": PortRangeInput,
"name": "xyz789",
"remoteIPs": RemotePortFwdRemoteIpsInput,
"restrictionType": "ALLOW_LIST",
"tracking": PolicyRuleTrackingAlertInput
}
RemotePortFwdAddRuleInput
BetaDescription
Rule parameters and relevant position
Fields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - RemotePortFwdAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": RemotePortFwdAddRuleDataInput
}
RemotePortFwdPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [RemotePortFwdRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [RemotePortFwdRulePayload],
"sections": [PolicySectionPayload]
}
RemotePortFwdPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
RemotePortFwdPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
RemotePortFwdPolicyMutationPayload
BetaDescription
Remote port forwarding policy information provided in the API response
Fields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - RemotePortFwdPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": RemotePortFwdPolicy,
"status": "FAILURE"
}
RemotePortFwdPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
RemotePortFwdRemoteIps
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - [GlobalIpRangeRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"subnet": [NetworkSubnet]
}
RemotePortFwdRemoteIpsInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
RemotePortFwdRemoteIpsUpdateInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
subnet - [NetworkSubnet!]
|
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
RemotePortFwdRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
RemotePortFwdRestrictionType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALLOW_LIST"
RemotePortFwdRule
BetaFields
| Field Name | Description |
|---|---|
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
externalIp - AllocatedIpRef!
|
|
externalPortRange - PortRange!
|
|
forwardIcmp - Boolean!
|
|
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
internalIp - IPAddress!
|
|
internalPortRange - PortRange!
|
|
name - String!
|
Name of the rule |
remoteIPs - RemotePortFwdRemoteIps!
|
|
restrictionType - RemotePortFwdRestrictionType!
|
|
section - PolicySectionInfo!
|
Policy section where the rule is located |
tracking - PolicyRuleTrackingAlert!
|
Example
{
"description": "xyz789",
"enabled": true,
"externalIp": AllocatedIpRef,
"externalPortRange": PortRange,
"forwardIcmp": true,
"id": "4",
"index": 987,
"internalIp": IPAddress,
"internalPortRange": PortRange,
"name": "xyz789",
"remoteIPs": RemotePortFwdRemoteIps,
"restrictionType": "ALLOW_LIST",
"section": PolicySectionInfo,
"tracking": PolicyRuleTrackingAlert
}
RemotePortFwdRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - RemotePortFwdRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": RemotePortFwdRulePayload,
"status": "FAILURE"
}
RemotePortFwdRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - RemotePortFwdRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": RemotePortFwdRule
}
RemotePortFwdUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
enabled - Boolean
|
|
externalIp - AllocatedIpRefInput
|
|
externalPortRange - PortRangeUpdateInput
|
|
forwardIcmp - Boolean
|
|
internalIp - IPAddress
|
|
internalPortRange - PortRangeUpdateInput
|
|
name - String
|
|
remoteIPs - RemotePortFwdRemoteIpsUpdateInput
|
|
restrictionType - RemotePortFwdRestrictionType
|
|
tracking - PolicyRuleTrackingAlertUpdateInput
|
Example
{
"description": "abc123",
"enabled": false,
"externalIp": AllocatedIpRefInput,
"externalPortRange": PortRangeUpdateInput,
"forwardIcmp": true,
"internalIp": IPAddress,
"internalPortRange": PortRangeUpdateInput,
"name": "abc123",
"remoteIPs": RemotePortFwdRemoteIpsUpdateInput,
"restrictionType": "ALLOW_LIST",
"tracking": PolicyRuleTrackingAlertUpdateInput
}
RemotePortFwdUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - RemotePortFwdUpdateRuleDataInput!
|
Example
{"id": 4, "rule": RemotePortFwdUpdateRuleDataInput}
RemoveAccountPayload
Fields
| Field Name | Description |
|---|---|
accountInfo - AccountInfo!
|
General info of the removed account |
Example
{"accountInfo": AccountInfo}
RemoveAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": 4}
RemoveBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Unique identifier of the BGP peer to be removed. |
Example
{"id": 4}
RemoveBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The BGP peer that was successfully removed. |
Example
{"bgpPeer": BgpPeer}
RemoveCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for removing a physical connection from a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection to be removed. |
Example
{"id": "4"}
RemoveCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for removing a physical connection from a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the removed connection. |
Example
{"id": "4"}
RemoveIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [RemoveIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [RemoveIpsecIkeV2SiteTunnelPayload]
}
RemoveIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "abc123",
"tunnelId": "PRIMARY1"
}
RemoveIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
tunnelId - [IPSecV2InterfaceId!]!
|
The IDs of the tunnels |
Example
{"tunnelId": ["PRIMARY1"]}
RemoveIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - RemoveIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the primary tunnel |
secondary - RemoveIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the secondary tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": RemoveIpsecIkeV2SiteMultiTunnelPayload,
"secondary": RemoveIpsecIkeV2SiteMultiTunnelPayload,
"siteId": "4"
}
RemoveNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": 4}
RemoveSitePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": "4"}
RemoveStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": "4"}
ResourceRoleEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ADDED"
RiskLevelEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Benign"
SaasSecurityApiLicense
BetaDescription
SaaS Security API service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
license quantity |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
SanctionedAppsCategoryRef
BetaSanctionedAppsCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
Description
Sandbox analysis failure reason
Values
| Enum Value | Description |
|---|---|
|
|
Failed to fetch report from sandbox service after 10 minutes |
|
|
Internal server error |
|
|
Invalid file size (0 or too large) |
|
|
Failed to submit file for sandbox analysis |
|
|
Unsupported file type |
Example
"ANALYSIS_TIMEOUT"
Description
Sandbox report meta-data
Fields
| Field Name | Description |
|---|---|
creationDate - DateTime!
|
Report creation date |
downloadUrl - Url
|
Report download URL (if ready) |
expirationDate - DateTime
|
Report expiration date |
failureReason - SandboxFailureReason
|
Sandbox analysis failure reason (if any) |
fileHash - String!
|
File hash (SHA-256) |
fileName - String
|
File name |
status - SandboxStatus!
|
Sandbox analysis status |
verdict - SandboxVerdict
|
Sandbox verdict |
Example
{
"creationDate": "2007-12-03T10:15:30Z",
"downloadUrl": Url,
"expirationDate": "2007-12-03T10:15:30Z",
"failureReason": "ANALYSIS_TIMEOUT",
"fileHash": "abc123",
"fileName": "abc123",
"status": "EXPIRED",
"verdict": "BENIGN"
}
Description
Sandbox reports query filter
Fields
| Input Field | Description |
|---|---|
fileHash - [StringFilterInput!]
|
File hash filter |
fileName - [StringFilterInput!]
|
File name filter |
reportCreateDate - [DateTimeFilterInput!]
|
Report creation date filter |
Example
{
"fileHash": [StringFilterInput],
"fileName": [StringFilterInput],
"reportCreateDate": [DateTimeFilterInput]
}
Description
Sandbox reports query input
Fields
| Input Field | Description |
|---|---|
filter - SandboxReportsFilterInput
|
Query filter criteria |
paging - PagingInput!
|
Query pagination criteria Default |
sort - SandboxReportsSortInput!
|
Query sorting criteria Default |
Example
{
"filter": SandboxReportsFilterInput,
"paging": PagingInput,
"sort": SandboxReportsSortInput
}
Description
Output of sandbox reports query
Fields
| Field Name | Description |
|---|---|
pageInfo - PageInfo!
|
Pagination information |
report - [SandboxReport!]!
|
List of sandbox reports |
Example
{
"pageInfo": PageInfo,
"report": [SandboxReport]
}
Description
Sandbox reports query sorting
Fields
| Input Field | Description |
|---|---|
fileName - SortOrderInput
|
Sort by file name |
reportCreateDate - SortOrderInput
|
Sort by report creation date |
Example
{
"fileName": SortOrderInput,
"reportCreateDate": SortOrderInput
}
Description
Sandbox analysis status
Values
| Enum Value | Description |
|---|---|
|
|
Report has expired |
|
|
Analysis has failed |
|
|
File is being analyzed |
|
|
File is pending analysis |
|
|
Analysis is complete - report is ready |
Example
"EXPIRED"
Description
Sandbox analysis verdict
Values
| Enum Value | Description |
|---|---|
|
|
File is clean |
|
|
File is malicious |
|
|
File is suspicious |
Example
"BENIGN"
ScanResult
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BYPASS_BY_CONTENT_RULE"
ServiceRef
BetaServiceRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SeverityEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"High"
ShippingDetails
BetaFields
| Field Name | Description |
|---|---|
cityName - String
|
City |
comment - String
|
Comment |
companyName - String
|
Company name (recipient) |
contact - ContactDetails
|
Delivery contact detail |
countryName - String
|
Country |
incoterms - String
|
Shipping method |
instruction - String
|
Delivery instruction (required for EXW incoterms) |
powerCable - String
|
Power cable type (for sockets only) |
stateName - String
|
State (only for USA and Canada) |
street - String
|
Street name and number |
vatId - String
|
Vat id (required for Brazil) |
zipCode - String
|
Zip Code |
Example
{
"cityName": "abc123",
"comment": "abc123",
"companyName": "xyz789",
"contact": ContactDetails,
"countryName": "xyz789",
"incoterms": "abc123",
"instruction": "xyz789",
"powerCable": "xyz789",
"stateName": "abc123",
"street": "abc123",
"vatId": "xyz789",
"zipCode": "abc123"
}
ShippingDetailsInput
BetaFields
| Input Field | Description |
|---|---|
address - AddressInput
|
Address for delivery |
comment - String
|
Comment |
contact - ContactDetailsInput
|
Delivery contact detail |
incoterms - String
|
Shipping method |
instruction - String
|
Delivery instruction (required for EXW incoterms) |
vatId - String
|
Vat id (required for Brazil) |
Example
{
"address": AddressInput,
"comment": "xyz789",
"contact": ContactDetailsInput,
"incoterms": "abc123",
"instruction": "abc123",
"vatId": "xyz789"
}
ShippingStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONFIRM_SHIPPING"
ShippingStatusFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - ShippingStatus
|
|
in - [ShippingStatus!]
|
|
neq - ShippingStatus
|
|
nin - [ShippingStatus!]
|
Example
{
"eq": "CONFIRM_SHIPPING",
"in": ["CONFIRM_SHIPPING"],
"neq": "CONFIRM_SHIPPING",
"nin": ["CONFIRM_SHIPPING"]
}
ShippingTracking
BetaFields
| Field Name | Description |
|---|---|
carrier - String
|
Carrier (shipping company) |
shippingDate - Date
|
Shipping date |
shippingStatus - ShippingStatus
|
Shipping status |
trackingNumber - String
|
Tracking number |
trackingUrl - Url
|
Tracking url |
Example
{
"carrier": "abc123",
"shippingDate": "2007-12-03",
"shippingStatus": "CONFIRM_SHIPPING",
"trackingNumber": "abc123",
"trackingUrl": Url
}
SimilarStoryData
Example
{
"indication": "xyz789",
"similarityPercentage": 123.45,
"storyId": "abc123",
"threatClassification": "abc123",
"threatTypeName": "abc123",
"verdict": "abc123"
}
SimpleService
BetaFields
| Field Name | Description |
|---|---|
name - SimpleServiceType!
|
Example
{"name": "DNS_TCP"}
SimpleServiceInput
BetaFields
| Input Field | Description |
|---|---|
name - SimpleServiceType!
|
Example
{"name": "DNS_TCP"}
SimpleServiceType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"DNS_TCP"
SiteBgpStatus
BetaFields
| Field Name | Description |
|---|---|
rawStatus - [String!]!
|
Raw BGP status information. |
status - [BgpDetailedStatus!]!
|
Detailed BGP status, including session and route details. |
Example
{
"rawStatus": ["abc123"],
"status": [BgpDetailedStatus]
}
SiteBgpStatusInput
BetaFields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
Identifying data for the site whose BGP status is being queried. |
Example
{"site": SiteRefInput}
SiteConnectionTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"SOCKET_AWS1500"
SiteInfo
Description
Basic Site configuration information
Fields
| Field Name | Description |
|---|---|
address - String
|
Address of the physical site location |
cityName - String
|
City of the physical site location |
connType - ProtoType
|
The Connection Type field defines how the site connects to the Cato Cloud, such as X1500 Socket or AWS vSocket (array with nested fields) |
countryCode - String
|
Code for the Country that is the physical location of the site |
countryName - String
|
Country that is the physical location of the site |
countryStateName - String
|
State of the country that is the physical site location |
creationTime - DateTime
|
Timestamp for when the site was created |
description - String
|
User defined description of the site |
interfaces - [InterfaceInfo!]
|
Basic configuration information about the Socket interface |
ipsec - [IPSecInfo!]
|
data related to IPsec sites, such as IKE version |
isHA - Boolean
|
When this boolean value is true, the site is enabled for high availability |
name - String
|
Name for the site |
region - String
|
Geographical PoP region that the site is licensed to use |
sockets - [SocketInfo!]
|
Data related to Socket and vSocket sites, such as serial number and Socket version (array with nested fields) |
type - SiteType
|
Site type in the Cato Management Application, such as branch office or datacenter |
Example
{
"address": "abc123",
"cityName": "abc123",
"connType": "CROSS_CONNECT",
"countryCode": "xyz789",
"countryName": "abc123",
"countryStateName": "xyz789",
"creationTime": "2007-12-03T10:15:30Z",
"description": "xyz789",
"interfaces": [InterfaceInfo],
"ipsec": [IPSecInfo],
"isHA": false,
"name": "abc123",
"region": "xyz789",
"sockets": [SocketInfo],
"type": "BRANCH"
}
SiteLicense
BetaDescription
Site bandwidth license
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
regionality - Regionality
|
For the relevant license groups, indicates whether this is a global or regional license. For other regions, the value is set to ‘NA’ (not applicable). |
site - SiteRef
|
Identifying data for the site the license is assigned to |
siteLicenseGroup - SiteLicenseGroup!
|
The license group. |
siteLicenseType - SiteLicenseType!
|
The selected service type, e.g SASE or SSE. |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Maximum available bandwidth for the site, in Mbps |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"regionality": "GLOBAL",
"site": SiteRef,
"siteLicenseGroup": "AFRICA",
"siteLicenseType": "SASE",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
SiteLicenseGroup
Values
| Enum Value | Description |
|---|---|
|
|
legacy license group |
|
|
legacy license group |
|
|
legacy license group |
|
|
Country with stand-alone licenses (not part of a group) |
|
|
legacy license group |
|
|
legacy license group |
|
|
|
|
|
|
|
|
legacy license group |
|
|
legacy license group |
|
|
Country with stand-alone licenses (not part of a group) |
|
|
legacy license group |
|
|
Country with stand-alone licenses (not part of a group) |
Example
"AFRICA"
SiteLicenseType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"SASE"
SiteMetrics
Fields
| Field Name | Description |
|---|---|
flowCount - Timeseries
|
Timeseries with the number of flows (connections) in the site. Applicable only for site |
hostCount - Timeseries
|
Timeseries with the number of hosts in the site. Applicable only for site |
hostLimit - Timeseries
|
Timeseries with the configurable limit of the number of hosts in the site. Applicable only for site |
id - ID
|
Site ID |
info - SiteInfo
|
Shows general information about the site (array with nested fields). Applicable only for site |
interfaces - [InterfaceMetrics!]
|
Analytics that are returned for the links for a site |
metrics - Metrics
|
Traffic metrics and data for sites |
Arguments
|
|
name - String
|
Site names |
samples - Int
|
internal use |
Example
{
"flowCount": Timeseries,
"hostCount": Timeseries,
"hostLimit": Timeseries,
"id": "4",
"info": SiteInfo,
"interfaces": [InterfaceMetrics],
"metrics": Metrics,
"name": "xyz789",
"samples": 123
}
SiteNetworkSubnetRef
BetaSiteNetworkSubnetRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
SiteRef
BetaSiteRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SiteSnapshot
Fields
| Field Name | Description |
|---|---|
altWanStatus - String
|
Alternative WAN connectivity status |
connectedSince - DateTime
|
For connected sites, since when are they connected |
connectivityStatus - ConnectivityStatus
|
Connectivity to the Cato Cloud |
devices - [DeviceSnapshot!]
|
Data related to the Sockets for a site |
haStatus - HaStatus
|
Site HA readiness information |
hostCount - Int
|
Number of hosts connected to a site |
id - ID
|
site ID |
info - SiteInfo
|
General real-time information about the site |
lastConnected - DateTime
|
Relevant when the site is disconnected - the last time the device was connected |
operationalStatus - OperationalStatus
|
Status for a site or VPN user |
popName - String
|
Name of the PoP that the site is connected to |
protoId - ID
|
Example
{
"altWanStatus": "abc123",
"connectedSince": "2007-12-03T10:15:30Z",
"connectivityStatus": "connected",
"devices": [DeviceSnapshot],
"haStatus": HaStatus,
"hostCount": 123,
"id": 4,
"info": SiteInfo,
"lastConnected": "2007-12-03T10:15:30Z",
"operationalStatus": "active",
"popName": "xyz789",
"protoId": "4"
}
SiteType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"BRANCH"
SocketInfo
Description
Basic information about socket
Fields
| Field Name | Description |
|---|---|
id - String
|
Unique ID for Socket |
isPrimary - Boolean
|
For HA configurations, when this boolean value is true, this the primary Socket |
platform - SocketPlatform
|
Shows Socket type |
serial - String
|
Serial number for the Socket |
version - String
|
Software version number that is currently installed on the Socket |
versionUpdateTime - DateTime
|
Timestamp when the Socket upgraded to the current hardware version |
Example
{
"id": "xyz789",
"isPrimary": true,
"platform": "AWS1500",
"serial": "xyz789",
"version": "abc123",
"versionUpdateTime": "2007-12-03T10:15:30Z"
}
SocketInterfaceAltWanInput
Fields
| Input Field | Description |
|---|---|
privateGatewayIp - IPAddress!
|
|
privateInterfaceIp - IPAddress!
|
|
privateNetwork - IPSubnet!
|
|
privateVlanTag - Int
|
|
publicGatewayIp - IPAddress
|
|
publicInterfaceIp - IPAddress
|
|
publicNetwork - IPSubnet
|
|
publicVlanTag - Int
|
Example
{
"privateGatewayIp": IPAddress,
"privateInterfaceIp": IPAddress,
"privateNetwork": IPSubnet,
"privateVlanTag": 123,
"publicGatewayIp": IPAddress,
"publicInterfaceIp": IPAddress,
"publicNetwork": IPSubnet,
"publicVlanTag": 987
}
SocketInterfaceBandwidthInput
Example
{
"downstreamBandwidth": 123,
"downstreamBandwidthMbpsPrecision": 987.7,
"upstreamBandwidth": 123,
"upstreamBandwidthMbpsPrecision": 987.7
}
SocketInterfaceDestType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALTERNATIVE"
SocketInterfaceIDEnum
Description
SocketInterface available ids, INT_# stands for 1,2,3...12 supported ids
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"INT_1"
SocketInterfaceLagInput
Fields
| Input Field | Description |
|---|---|
minLinks - Int!
|
Example
{"minLinks": 987}
SocketInterfaceLanInput
Fields
| Input Field | Description |
|---|---|
localIp - IPAddress!
|
|
subnet - IPSubnet!
|
|
translatedSubnet - IPSubnet
|
Example
{
"localIp": IPAddress,
"subnet": IPSubnet,
"translatedSubnet": IPSubnet
}
SocketInterfaceOffCloudInput
SocketInterfacePrecedenceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
SocketInterfaceRole
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"wan_1"
SocketInterfaceVrrpInput
Fields
| Input Field | Description |
|---|---|
vrrpType - VrrpType
|
Example
{"vrrpType": "DIRECT_LINK"}
SocketInterfaceWanInput
Fields
| Input Field | Description |
|---|---|
precedence - SocketInterfacePrecedenceEnum!
|
|
role - SocketInterfaceRole!
|
Example
{"precedence": "ACTIVE", "role": "wan_1"}
SocketInterfaceWanRole
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"NONE"
SocketInventoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
freeText - FreeTextFilterInput
|
Will run contains operation for the provided text on the following fields serialNumber,socketMac,socketVersion,installedSite, shippingCompany,trackingNumber,deliverySiteName,description with OR between them |
Example
{"freeText": FreeTextFilterInput}
SocketInventoryInput
BetaFields
| Input Field | Description |
|---|---|
filter - SocketInventoryFilterInput
|
|
paging - PagingInput
|
|
sort - SocketInventoryOrderInput
|
Example
{
"filter": SocketInventoryFilterInput,
"paging": PagingInput,
"sort": SocketInventoryOrderInput
}
SocketInventoryItem
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Socket account |
availableUpgradeVersions - [String!]!
|
Available upgrade versions |
deliverySiteName - String
|
Name of the delivery site |
description - String
|
Description |
id - ID!
|
ID |
isPrimary - Boolean!
|
Is primary socket |
registrationStatus - SocketRegistrationStatus
|
Registration status |
serialNumber - String
|
Serial number (unique) |
shippingCompany - String
|
Shipping company |
shippingDate - DateTime
|
Shipping date |
site - SiteRef
|
Socket's site |
socketMac - MacAddress
|
Mac address |
socketType - SocketPlatform
|
Socket Type |
socketVersion - String
|
Socket version |
status - SocketInventoryItemStatus
|
Socket status (see SocketInventoryItemStatus) |
trackingNumber - String
|
tracking number from the shipping company |
trackingUrl - Url
|
tracking url from the shipping company |
upgradesPaused - Boolean!
|
Are automatic upgrade paused |
upgradeStatus - SocketUpgradeStatus
|
Upgrade status |
Example
{
"account": AccountRef,
"availableUpgradeVersions": ["abc123"],
"deliverySiteName": "abc123",
"description": "abc123",
"id": 4,
"isPrimary": false,
"registrationStatus": "ASSIGNED_SITE",
"serialNumber": "xyz789",
"shippingCompany": "abc123",
"shippingDate": "2007-12-03T10:15:30Z",
"site": SiteRef,
"socketMac": MacAddress,
"socketType": "AWS1500",
"socketVersion": "abc123",
"status": "CONNECTED",
"trackingNumber": "xyz789",
"trackingUrl": Url,
"upgradesPaused": true,
"upgradeStatus": "CANCEL"
}
SocketInventoryItemStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONNECTED"
SocketInventoryOrderInput
BetaFields
| Input Field | Description |
|---|---|
accountName - SortOrderInput
|
|
deliverySiteName - SortOrderInput
|
|
description - SortOrderInput
|
|
installedSite - SortOrderInput
|
|
serialNumber - SortOrderInput
|
|
shippingCompany - SortOrderInput
|
|
shippingDate - SortOrderInput
|
|
socketType - SortOrderInput
|
|
status - SortOrderInput
|
Default sort field |
Example
{
"accountName": SortOrderInput,
"deliverySiteName": SortOrderInput,
"description": SortOrderInput,
"installedSite": SortOrderInput,
"serialNumber": SortOrderInput,
"shippingCompany": SortOrderInput,
"shippingDate": SortOrderInput,
"socketType": SortOrderInput,
"status": SortOrderInput
}
SocketInventoryPayload
BetaFields
| Field Name | Description |
|---|---|
items - [SocketInventoryItem!]!
|
|
pageInfo - PageInfo!
|
Example
{
"items": [SocketInventoryItem],
"pageInfo": PageInfo
}
SocketLanAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
destination - SocketLanDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
direction - SocketLanDirection!
|
Direction of the traffic initiator matching criteria. Default |
enabled - Boolean!
|
|
name - String!
|
|
nat - SocketLanNatSettingsInput!
|
Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP. Default |
service - SocketLanServiceInput!
|
Destination service matching criteria for the rule. Port/Protocol based. Default |
site - SocketLanSiteInput!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. Default |
source - SocketLanSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
transport - SocketLanTransportType!
|
The transport of the matching traffic. Either govern traffic to be routed locally (LAN), or to the PoP(WAN). Traffic is send to the WAN by default. Traffic routed in the LAN, enforced by the LAN Firewall rules. Default |
Example
{
"description": "xyz789",
"destination": SocketLanDestinationInput,
"direction": "BOTH",
"enabled": false,
"name": "abc123",
"nat": SocketLanNatSettingsInput,
"service": SocketLanServiceInput,
"site": SocketLanSiteInput,
"source": SocketLanSourceInput,
"transport": "LAN"
}
SocketLanAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - SocketLanAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": SocketLanAddRuleDataInput
}
SocketLanDestination
BetaDescription
Returns the settings for Destination of a Wan Firewall rule.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
|
group - [GroupRef!]!
|
|
host - [HostRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
networkInterface - [NetworkInterfaceRef!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRef!]!
|
|
vlan - [Vlan!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanDestinationInput
BetaDescription
Input of the settings for Destination of a Wan Firewall rule.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
group - [GroupRefInput!]!
|
|
host - [HostRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
networkInterface - [NetworkInterfaceRefInput!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRefInput!]!
|
|
vlan - [Vlan!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanDestinationUpdateInput
BetaDescription
Input of the settings for Destination of a Wan Firewall rule.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
group - [GroupRefInput!]
|
|
host - [HostRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
networkInterface - [NetworkInterfaceRefInput!]
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
|
subnet - [NetworkSubnet!]
|
|
systemGroup - [SystemGroupRefInput!]
|
|
vlan - [Vlan!]
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanDirection
BetaValues
| Enum Value | Description |
|---|---|
|
|
Specifies two-way direction. |
|
|
Specifies one-way direction. |
Example
"BOTH"
SocketLanFirewallAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALLOW"
SocketLanFirewallAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SocketLanFirewallAction!
|
Action to take when the rule is matched (ALLOW or BLOCK). Default |
application - SocketLanFirewallApplicationInput!
|
Application traffic matching criteria. Default |
description - String!
|
|
destination - SocketLanFirewallDestinationInput!
|
Defines destinations for the socket LAN firewall. Also, inherited by Network Rule above. Default |
direction - SocketLanFirewallDirection!
|
Direction of the traffic (TO or BOTH). Default |
enabled - Boolean!
|
|
name - String!
|
|
service - SocketLanFirewallServiceTypeInput!
|
Service traffic matching criteria. Default |
source - SocketLanFirewallSourceInput!
|
Defines sources for the socket LAN firewall. Also, inherited by Network Rule above. Default |
tracking - PolicyTrackingInput!
|
Tracking information when the rule is matched, such as events and notifications. Default |
Example
{
"action": "ALLOW",
"application": SocketLanFirewallApplicationInput,
"description": "abc123",
"destination": SocketLanFirewallDestinationInput,
"direction": "BOTH",
"enabled": false,
"name": "xyz789",
"service": SocketLanFirewallServiceTypeInput,
"source": SocketLanFirewallSourceInput,
"tracking": PolicyTrackingInput
}
SocketLanFirewallAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicySubRulePositionInput
|
Position of the rule in the policy |
rule - SocketLanFirewallAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicySubRulePositionInput,
"rule": SocketLanFirewallAddRuleDataInput
}
SocketLanFirewallApplication
BetaDescription
Defines applications for the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
application - [ApplicationRef!]!
|
Applications matching criteria for this rule. |
customApp - [CustomApplicationRef!]!
|
Custom applications that can be matched by |
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"application": [ApplicationRef],
"customApp": [CustomApplicationRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"subnet": [NetworkSubnet]
}
SocketLanFirewallApplicationInput
BetaDescription
Defines applications for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]!
|
Applications matching criteria for this rule. Default |
customApp - [CustomApplicationRefInput!]!
|
Custom applications that can be matched by Default |
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
SocketLanFirewallApplicationUpdateInput
BetaDescription
Defines applications for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]
|
Applications matching criteria for this rule. |
customApp - [CustomApplicationRefInput!]
|
Custom applications that can be matched by |
domain - [Domain!]
|
|
fqdn - [Fqdn!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
subnet - [NetworkSubnet!]
|
Example
{
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
SocketLanFirewallDestination
BetaDescription
Defines destinations for the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges defined for your account. |
group - [GroupRef!]!
|
Groups defined for your account. |
host - [HostRef!]!
|
Hosts and servers defined for your account. |
ip - [IPAddress!]!
|
IPv4 addresses. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRef!]!
|
Network interfaces defined for your site. |
site - [SiteRef!]!
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]!
|
Subnets to which traffic is directed. |
systemGroup - [SystemGroupRef!]!
|
Predefined system groups in your account. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanFirewallDestinationInput
BetaDescription
Defines destinations for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating subnets used to identify traffic based on specific criteria. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges defined for your account. Default |
group - [GroupRefInput!]!
|
Groups defined for your account. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account. Default |
ip - [IPAddress!]!
|
IPv4 addresses. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network interfaces defined for your site. Default |
site - [SiteRefInput!]!
|
Sites defined for your account. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
Subnets specific to a site defined for your account. Default |
subnet - [NetworkSubnet!]!
|
Subnets to which traffic is directed. Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined system groups in your account. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallDestinationUpdateInput
BetaDescription
Defines destinations for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Global IP ranges defined for your account. |
group - [GroupRefInput!]
|
Groups defined for your account. |
host - [HostRefInput!]
|
Hosts and servers defined for your account. |
ip - [IPAddress!]
|
IPv4 addresses. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network interfaces defined for your site. |
site - [SiteRefInput!]
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]
|
Subnets to which traffic is directed. |
systemGroup - [SystemGroupRefInput!]
|
Predefined system groups in your account. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallDirection
BetaValues
| Enum Value | Description |
|---|---|
|
|
Specifies two-way direction. |
|
|
Specifies one-way direction. |
Example
"BOTH"
SocketLanFirewallRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
SocketLanFirewallRule
BetaFields
| Field Name | Description |
|---|---|
action - SocketLanFirewallAction!
|
Action to take when the rule is matched (ALLOW or BLOCK). |
application - SocketLanFirewallApplication!
|
Application traffic matching criteria. |
description - String!
|
Description for the rule |
destination - SocketLanFirewallDestination!
|
Defines destinations for the socket LAN firewall. Also, inherited by Network Rule above. |
direction - SocketLanFirewallDirection!
|
Direction of the traffic (TO or BOTH). |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - SocketLanFirewallServiceType!
|
Service traffic matching criteria. |
source - SocketLanFirewallSource!
|
Defines sources for the socket LAN firewall. Also, inherited by Network Rule above. |
tracking - PolicyTracking!
|
Tracking information when the rule is matched, such as events and notifications. |
Example
{
"action": "ALLOW",
"application": SocketLanFirewallApplication,
"description": "abc123",
"destination": SocketLanFirewallDestination,
"direction": "BOTH",
"enabled": true,
"id": "4",
"index": 123,
"name": "xyz789",
"section": PolicySectionInfo,
"service": SocketLanFirewallServiceType,
"source": SocketLanFirewallSource,
"tracking": PolicyTracking
}
SocketLanFirewallRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - SocketLanFirewallRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": SocketLanFirewallRulePayload,
"status": "FAILURE"
}
SocketLanFirewallRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - SocketLanFirewallRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": SocketLanFirewallRule
}
SocketLanFirewallServiceType
BetaDescription
Defines services used in the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
Custom services defined for this rule. |
simple - [SimpleService!]!
|
Simple services allowed by the firewall rule. |
standard - [ServiceRef!]!
|
Standard services allowed by the firewall rule. |
Example
{
"custom": [CustomService],
"simple": [SimpleService],
"standard": [ServiceRef]
}
SocketLanFirewallServiceTypeInput
BetaDescription
Defines services used in the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
Custom services defined for this rule. Default |
simple - [SimpleServiceInput!]!
|
Simple services allowed by the firewall rule. Default |
standard - [ServiceRefInput!]!
|
Standard services allowed by the firewall rule. Default |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput],
"standard": [ServiceRefInput]
}
SocketLanFirewallServiceTypeUpdateInput
BetaDescription
Defines services used in the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
Custom services defined for this rule. |
simple - [SimpleServiceInput!]
|
Simple services allowed by the firewall rule. |
standard - [ServiceRefInput!]
|
Standard services allowed by the firewall rule. |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput],
"standard": [ServiceRefInput]
}
SocketLanFirewallSource
BetaDescription
Defines sources for the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges defined for your account. |
group - [GroupRef!]!
|
Groups defined for your account. |
host - [HostRef!]!
|
Hosts and servers defined for your account. |
ip - [IPAddress!]!
|
IPv4 addresses. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
mac - [MacAddress!]!
|
MAC addresses of devices matching criteria. |
networkInterface - [NetworkInterfaceRef!]!
|
Network interfaces defined for your site. |
site - [SiteRef!]!
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. |
systemGroup - [SystemGroupRef!]!
|
Predefined system groups in your account. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"mac": [MacAddress],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanFirewallSourceInput
BetaDescription
Defines sources for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating subnets used to identify traffic based on specific criteria. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges defined for your account. Default |
group - [GroupRefInput!]!
|
Groups defined for your account. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account. Default |
ip - [IPAddress!]!
|
IPv4 addresses. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
mac - [MacAddress!]!
|
MAC addresses of devices matching criteria. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network interfaces defined for your site. Default |
site - [SiteRefInput!]!
|
Sites defined for your account. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
Subnets specific to a site defined for your account. Default |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined system groups in your account. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"mac": [MacAddress],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallSourceUpdateInput
BetaDescription
Defines sources for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Global IP ranges defined for your account. |
group - [GroupRefInput!]
|
Groups defined for your account. |
host - [HostRefInput!]
|
Hosts and servers defined for your account. |
ip - [IPAddress!]
|
IPv4 addresses. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
mac - [MacAddress!]
|
MAC addresses of devices matching criteria. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network interfaces defined for your site. |
site - [SiteRefInput!]
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]
|
Subnets from which traffic originates. |
systemGroup - [SystemGroupRefInput!]
|
Predefined system groups in your account. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"mac": [MacAddress],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SocketLanFirewallAction
|
Action to take when the rule is matched (ALLOW or BLOCK). |
application - SocketLanFirewallApplicationUpdateInput
|
Application traffic matching criteria. |
description - String
|
|
destination - SocketLanFirewallDestinationUpdateInput
|
Defines destinations for the socket LAN firewall. Also, inherited by Network Rule above. |
direction - SocketLanFirewallDirection
|
Direction of the traffic (TO or BOTH). |
enabled - Boolean
|
|
name - String
|
|
service - SocketLanFirewallServiceTypeUpdateInput
|
Service traffic matching criteria. |
source - SocketLanFirewallSourceUpdateInput
|
Defines sources for the socket LAN firewall. Also, inherited by Network Rule above. |
tracking - PolicyTrackingUpdateInput
|
Tracking information when the rule is matched, such as events and notifications. |
Example
{
"action": "ALLOW",
"application": SocketLanFirewallApplicationUpdateInput,
"description": "xyz789",
"destination": SocketLanFirewallDestinationUpdateInput,
"direction": "BOTH",
"enabled": false,
"name": "abc123",
"service": SocketLanFirewallServiceTypeUpdateInput,
"source": SocketLanFirewallSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
SocketLanFirewallUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - SocketLanFirewallUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": SocketLanFirewallUpdateRuleDataInput
}
SocketLanNatSettings
BetaDescription
Defines NAT settings for the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
Indicates if NAT is enabled. |
natType - SocketLanNatType!
|
Example
{"enabled": true, "natType": "DYNAMIC_PAT"}
SocketLanNatSettingsInput
BetaDescription
Defines NAT settings for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
enabled - Boolean!
|
Indicates if NAT is enabled. Default |
natType - SocketLanNatType!
|
Example
{"enabled": true, "natType": "DYNAMIC_PAT"}
SocketLanNatSettingsUpdateInput
BetaDescription
Defines NAT settings for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
enabled - Boolean
|
Indicates if NAT is enabled. |
natType - SocketLanNatType
|
Example
{"enabled": true, "natType": "DYNAMIC_PAT"}
SocketLanNatType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Example
"DYNAMIC_PAT"
SocketLanPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [SocketLanRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [SocketLanRulePayload],
"sections": [PolicySectionPayload]
}
SocketLanPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
SocketLanPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
SocketLanPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - SocketLanPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": SocketLanPolicy,
"status": "FAILURE"
}
SocketLanPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
SocketLanRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
SocketLanRule
BetaFields
| Field Name | Description |
|---|---|
description - String!
|
Description for the rule |
destination - SocketLanDestination!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
direction - SocketLanDirection!
|
Direction of the traffic initiator matching criteria. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
firewall - [SocketLanFirewallRulePayload!]!
|
|
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
nat - SocketLanNatSettings!
|
Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - SocketLanService!
|
Destination service matching criteria for the rule. Port/Protocol based. |
site - SocketLanSite!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
source - SocketLanSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
transport - SocketLanTransportType!
|
The transport of the matching traffic. Either govern traffic to be routed locally (LAN), or to the PoP(WAN). Traffic is send to the WAN by default. Traffic routed in the LAN, enforced by the LAN Firewall rules. |
Example
{
"description": "abc123",
"destination": SocketLanDestination,
"direction": "BOTH",
"enabled": true,
"firewall": [SocketLanFirewallRulePayload],
"id": "4",
"index": 123,
"name": "xyz789",
"nat": SocketLanNatSettings,
"section": PolicySectionInfo,
"service": SocketLanService,
"site": SocketLanSite,
"source": SocketLanSource,
"transport": "LAN"
}
SocketLanRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - SocketLanRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": SocketLanRulePayload,
"status": "FAILURE"
}
SocketLanRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - SocketLanRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": SocketLanRule
}
SocketLanService
BetaDescription
Defines services used in the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
Custom Port/Protocol service. |
simple - [SimpleService!]!
|
List of L4 based services. |
Example
{
"custom": [CustomService],
"simple": [SimpleService]
}
SocketLanServiceInput
BetaDescription
Defines services used in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
Custom Port/Protocol service. Default |
simple - [SimpleServiceInput!]!
|
List of L4 based services. Default |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput]
}
SocketLanServiceUpdateInput
BetaDescription
Defines services used in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
Custom Port/Protocol service. |
simple - [SimpleServiceInput!]
|
List of L4 based services. |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput]
}
SocketLanSite
BetaDescription
Represents the site configurations in the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
group - [GroupRef!]!
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
site - [SiteRef!]!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
Example
{
"group": [GroupRef],
"site": [SiteRef]
}
SocketLanSiteInput
BetaDescription
Represents the site configurations in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
group - [GroupRefInput!]!
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. Default |
site - [SiteRefInput!]!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. Default |
Example
{
"group": [GroupRefInput],
"site": [SiteRefInput]
}
SocketLanSiteUpdateInput
BetaDescription
Represents the site configurations in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
group - [GroupRefInput!]
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
site - [SiteRefInput!]
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
Example
{
"group": [GroupRefInput],
"site": [SiteRefInput]
}
SocketLanSource
BetaDescription
Defines sources for the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects. |
group - [GroupRef!]!
|
Predefined Cato groups, Socket sites/objects only. |
host - [HostRef!]!
|
Hosts and servers defined for your under Socket sites. |
ip - [IPAddress!]!
|
IP address. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site. |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanSourceInput
BetaDescription
Defines sources for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects. Default |
group - [GroupRefInput!]!
|
Predefined Cato groups, Socket sites/objects only. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your under Socket sites. Default |
ip - [IPAddress!]!
|
IP address. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site. Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanSourceUpdateInput
BetaDescription
Defines sources for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects. |
group - [GroupRefInput!]
|
Predefined Cato groups, Socket sites/objects only. |
host - [HostRefInput!]
|
Hosts and servers defined for your under Socket sites. |
ip - [IPAddress!]
|
IP address. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site. |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanTransportType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Specifies LAN transport type, routed locally for inspection of LAN Firewall. |
|
|
Specifies WAN transport type, send to the PoP for inspection of WAN Firewall. |
Example
"LAN"
SocketLanUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
destination - SocketLanDestinationUpdateInput
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
direction - SocketLanDirection
|
Direction of the traffic initiator matching criteria. |
enabled - Boolean
|
|
name - String
|
|
nat - SocketLanNatSettingsUpdateInput
|
Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP. |
service - SocketLanServiceUpdateInput
|
Destination service matching criteria for the rule. Port/Protocol based. |
site - SocketLanSiteUpdateInput
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
source - SocketLanSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
transport - SocketLanTransportType
|
The transport of the matching traffic. Either govern traffic to be routed locally (LAN), or to the PoP(WAN). Traffic is send to the WAN by default. Traffic routed in the LAN, enforced by the LAN Firewall rules. |
Example
{
"description": "xyz789",
"destination": SocketLanDestinationUpdateInput,
"direction": "BOTH",
"enabled": false,
"name": "xyz789",
"nat": SocketLanNatSettingsUpdateInput,
"service": SocketLanServiceUpdateInput,
"site": SocketLanSiteUpdateInput,
"source": SocketLanSourceUpdateInput,
"transport": "LAN"
}
SocketLanUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - SocketLanUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": SocketLanUpdateRuleDataInput
}
SocketPlatform
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AWS1500"
SocketRegistrationStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ASSIGNED_SITE"
SocketUpgradeStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CANCEL"
SortDirectionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
SortInput
Fields
| Input Field | Description |
|---|---|
field - String
|
|
order - DirectionInput
|
Example
{"field": "abc123", "order": "asc"}
SortOrder
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ASC"
SortOrderInput
BetaFields
| Input Field | Description |
|---|---|
direction - SortOrder!
|
|
priority - Int!
|
Example
{"direction": "ASC", "priority": 123}
StoriesData
BetaStory
BetaFields
| Field Name | Description |
|---|---|
accountId - Int!
|
ID for your Cato account |
accountName - String
|
Name of the account in the Cato Management Application |
analystEmail - String
|
Email address of the analyst working on the story |
analystName - String
|
Name of analyst working on the story |
createdAt - DateTime!
|
Timestamp when the story was created |
id - ID!
|
Unique Cato ID for each story |
incident - MergedIncident!
|
Data related to the fields and incidents that were merged to create or update the story |
playbook - String
|
URL for the playbook in the Knowledge Base to help troubleshoot the story |
summary - String
|
Summary of the story |
timeline - [TimelineItem!]!
|
Data for the story timeline |
updatedAt - DateTime!
|
Timestamp when the story was most recently updated |
Example
{
"accountId": 987,
"accountName": "xyz789",
"analystEmail": "xyz789",
"analystName": "abc123",
"createdAt": "2007-12-03T10:15:30Z",
"id": 4,
"incident": MergedIncident,
"playbook": "abc123",
"summary": "abc123",
"timeline": [TimelineItem],
"updatedAt": "2007-12-03T10:15:30Z"
}
StoryComment
BetaStoryDrillDownFilter
Fields
| Field Name | Description |
|---|---|
name - String!
|
|
value - String!
|
No longer supported |
values - [String!]!
|
Example
{
"name": "abc123",
"value": "xyz789",
"values": ["xyz789"]
}
StoryEngineTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANOMALY"
StoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
accountId - AccountIdPredicate
|
|
criticality - IntPredicate
|
|
engineType - EngineTypePredicate
|
|
incidentId - StringPredicate
|
|
ioa - StringPredicate
|
|
muted - BooleanPredicate
|
|
producer - StoryProducerPredicate
|
|
queryName - StringPredicate
|
|
severity - StorySeverityPredicate
|
|
source - StringPredicate
|
|
sourceIp - StringPredicate
|
|
status - StoryStatusPredicate
|
|
storyId - StoryIdPredicate
|
|
timeFrame - TimeFramePredicate!
|
|
vendor - VendorPredicate
|
|
verdict - StoryVerdictPredicate
|
Example
{
"accountId": AccountIdPredicate,
"criticality": IntPredicate,
"engineType": EngineTypePredicate,
"incidentId": StringPredicate,
"ioa": StringPredicate,
"muted": BooleanPredicate,
"producer": StoryProducerPredicate,
"queryName": StringPredicate,
"severity": StorySeverityPredicate,
"source": StringPredicate,
"sourceIp": StringPredicate,
"status": StoryStatusPredicate,
"storyId": StoryIdPredicate,
"timeFrame": TimeFramePredicate,
"vendor": VendorPredicate,
"verdict": StoryVerdictPredicate
}
StoryIdPredicate
BetaStoryInput
BetaFields
| Input Field | Description |
|---|---|
filter - [StoryFilterInput!]!
|
|
paging - PagingInput!
|
|
sort - [StorySortInput!]
|
Example
{
"filter": [StoryFilterInput],
"paging": PagingInput,
"sort": [StorySortInput]
}
StoryProducerEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AnomalyEvents"
StoryProducerPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryProducerEnum!]
|
|
not_in - [StoryProducerEnum!]
|
Example
{"in": ["AnomalyEvents"], "not_in": ["AnomalyEvents"]}
StorySeverityPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [SeverityEnum!]
|
|
not_in - [SeverityEnum!]
|
Example
{"in": ["High"], "not_in": ["High"]}
StorySortFieldName
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"accountName"
StorySortInput
BetaFields
| Input Field | Description |
|---|---|
fieldName - StorySortFieldName!
|
|
order - SortDirectionEnum
|
Example
{"fieldName": "accountName", "order": "asc"}
StoryStatusEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Closed"
StoryStatusPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryStatusEnum!]
|
|
not_in - [StoryStatusEnum!]
|
Example
{"in": ["Closed"], "not_in": ["Closed"]}
StoryThreatType
BetaStoryVerdictEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"Benign"
StoryVerdictPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryVerdictEnum!]
|
|
not_in - [StoryVerdictEnum!]
|
Example
{"in": ["Benign"], "not_in": ["Benign"]}
String
Description
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Example
"xyz789"
StringFilterInput
BetaStringPredicate
BetaStringValue
Fields
| Field Name | Description |
|---|---|
string - String
|
Example
{"string": "abc123"}
SubDomain
SubnetType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Direct"
SubscriptionGroupRef
BetaSubscriptionGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SubscriptionMailingListRef
BetaSubscriptionMailingListRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
SubscriptionWebhookRef
BetaSubscriptionWebhookRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SystemGroupRef
BetaSystemGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
TaggingMethod
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DOT1Q"
TargetType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"domain"
Threat
BetaDescription
The "Threat" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
clientClass - [String!]!
|
Client Class for the traffic flow |
connectionType - ConnectionTypeEnum
|
Connection for this incident |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
deviceName - String
|
Name of the device |
direction - String
|
Traffic direction for the threat |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
events - [Event!]
|
Data for the Cato event for this story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
flows - [IncidentFlow!]
|
Data about the traffic flow for the threat |
flowsCardinality - Int
|
Cardinality of traffic flows for the threat |
id - ID!
|
Unique Cato ID for this threat |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
lastSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
logonName - String
|
Username for the device |
macAddress - String
|
MAC address of the device |
mitres - [Mitre!]
|
Mitre data for the story (ie. ID, name) |
os - String
|
OS for device or host that is the threat target |
predictedThreatType - String
|
Predicted threat type for the story based on Cato algorithm |
predictedVerdict - StoryVerdictEnum
|
Predicted verdict of the story based on Cato algorithm |
producer - StoryProducerEnum!
|
Producer (specific XDR engine and service) involved with the incident |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
queryName - String
|
Category for the indication ID related to the story |
research - Boolean
|
The value is TRUE when the story is currently being researched by Security Analysts |
riskLevel - RiskLevelEnum
|
The estimated risk level of the threat (ie. Malicious, High, Low) |
similarStoriesData - [SimilarStoryData!]!
|
Data for stories that are similar |
site - SiteRef
|
Cato ID and name for the site |
siteName - String
|
Site name related to the story 'siteName' is deprecated, use 'site.name' instead |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
sourceIp - String
|
The source IP address of the device in your network sending or receiving the flow |
srcSiteId - String
|
Cato ID for the site that is the source of the threat |
status - StoryStatusEnum
|
Status of this story |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
targets - [IncidentTargetRep!]!
|
Data about the target of the threat |
ticket - String
|
The ticket an analyst created for this story |
timeSeries - [IncidentTimeseries!]
|
Timeseries data for the incident |
user - UserRef
|
Cato ID and name for the user |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
Example
{
"analystFeedback": AnalystFeedback,
"clientClass": ["abc123"],
"connectionType": "Host",
"criticality": 123,
"description": "abc123",
"deviceName": "abc123",
"direction": "abc123",
"engineType": "ANOMALY",
"events": [Event],
"firstSignal": "2007-12-03T10:15:30Z",
"flows": [IncidentFlow],
"flowsCardinality": 987,
"id": "4",
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "xyz789",
"macAddress": "xyz789",
"mitres": [Mitre],
"os": "xyz789",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"queryName": "xyz789",
"research": false,
"riskLevel": "Benign",
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "xyz789",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 987,
"targets": [IncidentTargetRep],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
ThreatPrevention
BetaDescription
The ThreatPrevention object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
engineType - StoryEngineTypeEnum
|
|
events - [Event!]
|
|
firstSignal - DateTime!
|
|
flowsCardinality - Int
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
mitres - [Mitre!]
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
riskLevel - RiskLevelEnum
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
targets - [IncidentTargetRep!]!
|
|
threatPreventionsEvents - [ThreatPreventionEvents!]
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"clientClass": ["abc123"],
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"deviceName": "abc123",
"direction": "xyz789",
"engineType": "ANOMALY",
"events": [Event],
"firstSignal": "2007-12-03T10:15:30Z",
"flowsCardinality": 987,
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "abc123",
"mitres": [Mitre],
"os": "xyz789",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"queryName": "abc123",
"research": true,
"riskLevel": "Benign",
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "xyz789",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 987,
"targets": [IncidentTargetRep],
"threatPreventionsEvents": [ThreatPreventionEvents],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
ThreatPreventionEvents
Fields
| Field Name | Description |
|---|---|
appName - String
|
|
clientClass - String
|
|
createdAt - DateTime
|
|
destinationCountry - String
|
|
destinationGeolocation - String
|
|
destinationIp - String
|
|
destinationPort - Int
|
|
direction - String
|
|
dnsResponseIP - String
|
|
domain - String
|
|
fileHash - String
|
|
httpResponseCode - Int
|
|
ja3 - String
|
|
method - String
|
|
referrer - String
|
|
smbFileName - String
|
|
sourceGeolocation - String
|
|
sourceIp - String
|
|
sourcePort - Int
|
|
target - String
|
|
tunnelGeolocation - String
|
|
url - String
|
|
user - String
|
|
userAgent - String
|
Example
{
"appName": "abc123",
"clientClass": "xyz789",
"createdAt": "2007-12-03T10:15:30Z",
"destinationCountry": "xyz789",
"destinationGeolocation": "xyz789",
"destinationIp": "xyz789",
"destinationPort": 987,
"direction": "xyz789",
"dnsResponseIP": "abc123",
"domain": "xyz789",
"fileHash": "abc123",
"httpResponseCode": 987,
"ja3": "abc123",
"method": "xyz789",
"referrer": "xyz789",
"smbFileName": "xyz789",
"sourceGeolocation": "xyz789",
"sourceIp": "abc123",
"sourcePort": 123,
"target": "xyz789",
"tunnelGeolocation": "abc123",
"url": "xyz789",
"user": "xyz789",
"userAgent": "abc123"
}
ThreatPreventionLicense
BetaDescription
Threat Prevention (TP) license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Time
BetaDescription
Wall time. E.g.: 12:34:56 or 12:34
Example
"10:15:30Z"
TimeAnnotation
Description
An object for marking specific events in time.
Fields
| Field Name | Description |
|---|---|
label - String!
|
Description of the event |
shortLabel - String!
|
Brief description of the event |
time - Float!
|
Timestamp of the event |
type - AnnotationType!
|
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows charts to attach to it. |
Example
{
"label": "xyz789",
"shortLabel": "abc123",
"time": 123.45,
"type": "generic"
}
TimeFrame
Description
Enter the time frame for the data that the query returns. The argument is in the format <type>.<time value> This argument is mandatory.
These are the supported options to define the time frame:
last.<time duration> - The
- timeFrame = last.PT5M shows the previous 5 minutes
- timeFrame = last.PT2H shows the previous 2 hours
- timeFrame = last.P1D shows the previous 1 day
- timeFrame = last.P3M shows the previous 3 months
- timeFrame = last.P1Y shows the previous 1 year
utc.<short-time-frame-spec> - The time frame combines a start and end date in the format YY-MM-DD/hh:mm:ss according to the specified time zone. You must enter all the date and time values for the argument. For example:
- timeFrame = utc.2020-02-{11/04:50:00--21/04:50:00} shows 10 days of analytics data from February 11, 2020 4:50:00 am to February 21, 2020 4:50:00 am
- timeFrame = utc.2020-02-11/{04:50:15--16:50:15} shows 12 hours of analytics data on February 11, 2020, from 4:50:15 am to 16:50:15 pm
- timeFrame = utc.2020-{02-11/04:50:00--04-11/04:50:00} shows 2 months of analytics data from February 11, 2020 4:50:00 am to April 11 4:50:00 am
- timeFrame = utc.{2019-10-01/04:50:00--2020/02-01/04:50:00} shows 4 months of analytics data from October 1, 2019 4:50:00 am to February 11 4:50:00 am
This format lets you configure a time frame the includes more than one calendar year
Example
TimeFrame
TimeFrameModifier
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"AnalystUpdate"
TimeFramePredicate
BetaFields
| Input Field | Description |
|---|---|
time - TimeFrame!
|
|
timeFrameModifier - TimeFrameModifier
|
Example
{"time": TimeFrame, "timeFrameModifier": "AnalystUpdate"}
TimePeriod
Description
An object for marking durations!
Fields
| Field Name | Description |
|---|---|
duration - [Float!]!
|
An tuple of two numbers representing start time, end time in ms since epoch, start bucket index, end bucket index |
title - String!
|
Label that describes the metrics |
type - PeriodType!
|
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows charts to attach to it. |
Example
{
"duration": [123.45],
"title": "xyz789",
"type": "active"
}
TimeZone
Description
Time zone identifier E.g.: America/New_York
Example
"Etc/UTC"
TimelineItem
BetaDescription
For XDR stories, items that happened during the lifetime of the story
Fields
| Field Name | Description |
|---|---|
additionalInfo - String
|
Additional information about this timeline item |
analystInfo - AnalystInfo
|
Data about the analyst for this timeline item (ie. name, email) |
category - TimelineItemCategoryEnum
|
Icon for the timeline item |
context - String!
|
Brief summary of action related to the timeline item (ie. Story created, Status update to) |
createdAt - DateTime!
|
Timestamp the timeline item was created |
description - String!
|
Description of the timeline item Beta use 'descriptions' instead |
descriptions - [String!]!
|
Description of the timeline item |
type - TimelineTypeEnum!
|
Type of threat assigned by the analyst |
Example
{
"additionalInfo": "abc123",
"analystInfo": AnalystInfo,
"category": "Error",
"context": "abc123",
"createdAt": "2007-12-03T10:15:30Z",
"description": "xyz789",
"descriptions": ["xyz789"],
"type": "Action"
}
TimelineItemCategoryEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Error"
TimelineTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Action"
Timeseries
Fields
| Field Name | Description |
|---|---|
data - [Float!]
|
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type) |
Arguments
|
|
dimensions - [DimensionData!]
|
List of dimension values for this timeseries |
info - [String!]
|
Specific information about the timeseries, used to build its name, title etc |
key - TimeseriesKey
|
Timeseries key: measure and dimension values |
label - String!
|
Indicates the type of the timeseries |
sum - Float
|
Summary of the metrics over the given time frame |
units - UnitType
|
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types of data to make sense. |
Example
{
"data": [987.65],
"dimensions": [DimensionData],
"info": ["xyz789"],
"key": TimeseriesKey,
"label": "abc123",
"sum": 987.65,
"units": "bits"
}
TimeseriesKey
Fields
| Field Name | Description |
|---|---|
dimensions - [DimensionKey!]
|
List of dimension key-value pair for this timeseries key |
measureFieldName - String!
|
Measure field |
Example
{
"dimensions": [DimensionKey],
"measureFieldName": "abc123"
}
TimeseriesMetricType
Values
| Enum Value | Description |
|---|---|
|
|
Total avg downstream traffic (from the Cato Cloud to the site) |
|
|
Total max downstream traffic (from the site to the Cato Cloud) |
|
|
Total number of bytes of upstream and downstream traffic |
|
|
Total avg upstream traffic (from the site to the Cato Cloud) |
|
|
Total max upstream traffic (from the site to the Cato Cloud) |
|
|
Health analytics for the site No longer supported |
|
|
Jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets) |
|
|
Jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets) |
|
|
Latency from socket directly to a well known global service, not through Cato. This is used to measure last mile provider's performance, independent of the service. |
|
|
Packet loss from socket directly to a well known global services, not through Cato This is used to measure last mile provider's performance, independent of the service. |
|
|
Number of packets lost for downstream traffic |
|
|
Percent of packet loss for downstream traffic |
|
|
Number of packets lost for upstream traffic |
|
|
Percent of packet loss for upstream traffic |
|
|
Total packets discarded for downstream traffic |
|
|
Percent packets discarded for downstream traffic |
|
|
Total packets discarded for upstream traffic |
|
|
Percent packets discarded for upstream traffic |
|
|
Total downstream packets |
|
|
Total upstream packets |
|
|
Round-trip time from the Socket to the Cato Cloud |
|
|
The age of the physical tunnel in milliseconds (It is zeroed even on transparent reconnect) |
Example
"bytesDownstream"
TrafficDirectionEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DOWNSTREAM"
UnitType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Bits per second |
|
|
|
|
|
Bytes per second |
|
|
The number of occurrences for this unit |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
health analytics for the site |
|
|
For metrics that are measured in seconds, such as tunnelAge, the number of seconds |
Example
"bits"
UpdateAccountInput
Fields
| Input Field | Description |
|---|---|
description - String
|
Account description |
Example
{"description": "abc123"}
UpdateAccountRoleInput
UpdateAdminInput
Fields
| Input Field | Description |
|---|---|
firstName - String
|
|
lastName - String
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
passwordNeverExpires - Boolean
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"firstName": "xyz789",
"lastName": "abc123",
"managedRoles": [UpdateAdminRoleInput],
"passwordNeverExpires": false,
"resellerRoles": [UpdateAdminRoleInput]
}
UpdateAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
UpdateAdminRoleInput
Fields
| Input Field | Description |
|---|---|
allowedAccounts - [ID!]
|
|
allowedEntities - [EntityInput!]
|
|
role - UpdateAccountRoleInput!
|
Example
{
"allowedAccounts": ["4"],
"allowedEntities": [EntityInput],
"role": UpdateAccountRoleInput
}
UpdateBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
advertiseAllRoutes - Boolean
|
Update for all route advertisements. |
advertiseDefaultRoute - Boolean
|
Update for default route advertisement. |
advertiseSummaryRoutes - Boolean
|
Update for summary route advertisement. |
bfdEnabled - Boolean
|
Update to enable or disable BFD. |
bfdSettings - BfdSettingsInput
|
Updated BFD settings. |
catoAsn - Asn16
|
Updated AS number of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction
|
Update for the default action on unmatched routes. |
defaultActionExclusion - [BgpFilterRuleInput!]
|
Updated rules excluded from the default action. |
holdTime - Int
|
Updated hold time for the BGP session. |
id - ID!
|
Unique identifier of the BGP peer to be updated. |
keepaliveInterval - Int
|
Updated keepalive interval for the BGP session. |
md5AuthKey - String
|
Updated MD5 authentication key. |
metric - Int
|
Updated metric value for route preferences. |
name - String
|
Updated name of the BGP configuration entity. |
peerAsn - Asn32
|
Updated AS number of the peer BGP endpoint. |
peerIp - IPAddress
|
Updated IP address of the peer BGP endpoint. |
performNat - Boolean
|
Update for NAT configuration. |
summaryRoute - [BgpSummaryRouteInput!]
|
Updated summarized routes to advertise. |
tracking - BgpTrackingInput
|
Updated tracking configuration for the BGP peer. |
Example
{
"advertiseAllRoutes": true,
"advertiseDefaultRoute": false,
"advertiseSummaryRoutes": true,
"bfdEnabled": true,
"bfdSettings": BfdSettingsInput,
"catoAsn": Asn16,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRuleInput],
"holdTime": 123,
"id": "4",
"keepaliveInterval": 987,
"md5AuthKey": "abc123",
"metric": 123,
"name": "xyz789",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": true,
"summaryRoute": [BgpSummaryRouteInput],
"tracking": BgpTrackingInput
}
UpdateBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The updated BGP peer object. |
Example
{"bgpPeer": BgpPeer}
UpdateCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for updating an existing physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
downstreamBwLimit - NetworkBandwidth
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod
|
Method of encapsulation. |
id - ID!
|
ID of the connection to be updated. |
popLocation - PopLocationRefInput
|
Identifying data for the POP location. |
privateCatoIp - IPAddress
|
Private IP address of Cato. |
privateSiteIp - IPAddress
|
Private IP address of the site. |
serviceProviderName - String
|
Name of the service provider. |
subnet - NetworkSubnet
|
Subnet for the connection. |
upstreamBwLimit - NetworkBandwidth
|
Upstream bandwidth limit. |
Example
{
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"id": "4",
"popLocation": PopLocationRefInput,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"serviceProviderName": "xyz789",
"subnet": NetworkSubnet,
"upstreamBwLimit": NetworkBandwidth
}
UpdateCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for updating an existing physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the updated connection. |
Example
{"id": "4"}
UpdateFqdnContainerFromFileInput
BetaDescription
Input for updating FQDN typed container from file
Fields
| Input Field | Description |
|---|---|
description - String
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
uploadFile - Upload
|
Multipart file containing FQDNs with fileType delimiter |
Example
{
"description": "xyz789",
"fileType": "CSV",
"ref": ContainerRefInput,
"uploadFile": Upload
}
UpdateFqdnContainerFromFilePayload
BetaDescription
Payload of UpdateFromFile operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
UpdateHaInput
UpdateHaPayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": "4"}
UpdateHardwareShippingInput
BetaFields
| Input Field | Description |
|---|---|
details - HardwareShippingDetailsInput!
|
The shipping details to update |
ids - [ID!]!
|
The ids of items to update |
Example
{"details": HardwareShippingDetailsInput, "ids": [4]}
UpdateIpAddressRangeContainerFromFileInput
BetaDescription
Input for updating existing IPAddressRange typed container from file
Fields
| Input Field | Description |
|---|---|
description - String
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
uploadFile - Upload
|
Multipart file containing IPAddressRanges with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"ref": ContainerRefInput,
"uploadFile": Upload
}
UpdateIpAddressRangeContainerFromFilePayload
BetaDescription
Payload of UpdateFromFile operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
UpdateIpsecIkeV2SiteGeneralDetailsInput
BetaFields
| Input Field | Description |
|---|---|
authMessage - IpsecIkeV2MessageInput
|
The auth message parameters. |
connectionMode - ConnectionMode
|
Determines the protocol for establishing the Security Association (SA) Tunnel. Valid values are: Responder-Only Mode: Cato Cloud only responds to incoming requests by the initiator (e.g. a Firewall device) to establish a security association. Bidirectional Mode: Both Cato Cloud and the peer device on customer site can initiate the IPSec SA establishment. |
identificationType - IdentificationType
|
The authentication identification type used for SA authentication. When using “BIDIRECTIONAL”, it is set to “IPv4” by default. Other methods are available in Responder mode only. |
initMessage - IpsecIkeV2MessageInput
|
The init message parameters |
networkRanges - [IPSubnet]
|
The local IP ranges for the SAs |
Example
{
"authMessage": IpsecIkeV2MessageInput,
"connectionMode": "BIDIRECTIONAL",
"identificationType": "EMAIL",
"initMessage": IpsecIkeV2MessageInput,
"networkRanges": [IPSubnet]
}
UpdateIpsecIkeV2SiteGeneralDetailsPayload
BetaUpdateIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [UpdateIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [UpdateIpsecIkeV2SiteTunnelPayload]
}
UpdateIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "xyz789",
"tunnelId": "PRIMARY1"
}
UpdateIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
primary - UpdateIpsecIkeV2TunnelsInput
|
The configuration of the site’s primary tunnel |
secondary - UpdateIpsecIkeV2TunnelsInput
|
The configuration of the site’s secondary tunnel |
Example
{
"primary": UpdateIpsecIkeV2TunnelsInput,
"secondary": UpdateIpsecIkeV2TunnelsInput
}
UpdateIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - UpdateIpsecIkeV2SiteMultiTunnelPayload
|
The primary multi-tunnel |
secondary - UpdateIpsecIkeV2SiteMultiTunnelPayload
|
The secondary multi-tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": UpdateIpsecIkeV2SiteMultiTunnelPayload,
"secondary": UpdateIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
UpdateIpsecIkeV2TunnelInput
BetaFields
| Input Field | Description |
|---|---|
lastMileBw - LastMileBwInput
|
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below |
name - String
|
Tunnel name |
privateCatoIp - IPAddress
|
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only |
privateSiteIp - IPAddress
|
Site private IP, used for BGP routing. Applicable for sites using BGP only |
psk - String
|
Pre-shared key. This field is write-only. |
publicSiteIp - IPAddress
|
The public IP address where the IPsec tunnel is initiated |
role - IPSecV2TunnelRole
|
Tunnel role |
tunnelId - IPSecV2InterfaceId!
|
The ID of the tunnel |
Example
{
"lastMileBw": LastMileBwInput,
"name": "xyz789",
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"psk": "xyz789",
"publicSiteIp": IPAddress,
"role": "WAN1",
"tunnelId": "PRIMARY1"
}
UpdateIpsecIkeV2TunnelsInput
BetaFields
| Input Field | Description |
|---|---|
destinationType - DestinationType
|
The destination type of the IPsec tunnel |
popLocationId - ID
|
The PoP location ID |
publicCatoIpId - ID
|
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud |
tunnels - [UpdateIpsecIkeV2TunnelInput!]!
|
Example
{
"destinationType": "FQDN",
"popLocationId": 4,
"publicCatoIpId": "4",
"tunnels": [UpdateIpsecIkeV2TunnelInput]
}
UpdateNetworkRangeInput
Fields
| Input Field | Description |
|---|---|
azureFloatingIp - IPAddress
|
Only relevant for AZURE HA sites |
dhcpSettings - NetworkDhcpSettingsInput
|
Only relevant for NATIVE, VLAN rangeType |
gateway - IPAddress
|
Only relevant for ROUTED_ROUTE rangeType |
localIp - IPAddress
|
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType |
mdnsReflector - Boolean
|
BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType |
name - String
|
|
rangeType - SubnetType
|
|
subnet - IPSubnet
|
|
translatedSubnet - IPSubnet
|
|
vlan - Int
|
Only relevant for NATIVE and VLAN network rangeType |
Example
{
"azureFloatingIp": IPAddress,
"dhcpSettings": NetworkDhcpSettingsInput,
"gateway": IPAddress,
"localIp": IPAddress,
"mdnsReflector": true,
"name": "xyz789",
"rangeType": "Direct",
"subnet": IPSubnet,
"translatedSubnet": IPSubnet,
"vlan": 987
}
UpdateNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": 4}
UpdateSiteGeneralDetailsInput
Fields
| Input Field | Description |
|---|---|
description - String
|
|
name - String
|
|
siteLocation - UpdateSiteLocationInput
|
|
siteType - SiteType
|
Example
{
"description": "abc123",
"name": "abc123",
"siteLocation": UpdateSiteLocationInput,
"siteType": "BRANCH"
}
UpdateSiteGeneralDetailsPayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": "4"}
UpdateSiteLocationInput
UpdateSocketInterfaceInput
Fields
| Input Field | Description |
|---|---|
altWan - SocketInterfaceAltWanInput
|
Only relevant for ALTERNATIVE, LAYER_2_WAN |
bandwidth - SocketInterfaceBandwidthInput
|
Only relevant for CATO, ALTERNATIVE, LAYER_2_WAN |
destType - SocketInterfaceDestType!
|
|
lag - SocketInterfaceLagInput
|
Only relevant for LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP |
lan - SocketInterfaceLanInput
|
Only relevant for LAN, VRRP_AND_LAN, LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP |
name - String
|
|
offCloud - SocketInterfaceOffCloudInput
|
Only relevant for CATO |
vrrp - SocketInterfaceVrrpInput
|
Only relevant for VRRP |
wan - SocketInterfaceWanInput
|
Only relevant for CATO |
Example
{
"altWan": SocketInterfaceAltWanInput,
"bandwidth": SocketInterfaceBandwidthInput,
"destType": "ALTERNATIVE",
"lag": SocketInterfaceLagInput,
"lan": SocketInterfaceLanInput,
"name": "xyz789",
"offCloud": SocketInterfaceOffCloudInput,
"vrrp": SocketInterfaceVrrpInput,
"wan": SocketInterfaceWanInput
}
UpdateSocketInterfacePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
Example
{"siteId": 4, "socketInterfaceId": "INT_1"}
UpdateStaticHostInput
UpdateStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": "4"}
Upload
BetaDescription
File upload - https://gqlgen.com/reference/file-upload/
Example
Upload
Description
Upload file input
Fields
| Input Field | Description |
|---|---|
fileName - String!
|
Uploaded file name |
Example
{"fileName": "abc123"}
Description
Upload file response
Fields
| Field Name | Description |
|---|---|
uploadUrl - Url
|
Upload URL (HTTP PUT) |
Example
{"uploadUrl": Url}
Url
BetaDescription
A Uniform Resource Locator, colloquially known as an address on the Web. E.g.: http://www.example.com/page/
Example
Url
UserInfo
Description
Basic User configuration information
Fields
| Field Name | Description |
|---|---|
authMethod - String
|
Additional authentication mechanism, currently MFA or NONE |
creationTime - DateTime
|
Timestamp when the VPN user was created in the account |
email - String
|
Email address of the VPN user |
name - String
|
Name of the VPN user |
origin - String
|
User creation mechanism, current supported REGULAR or LDAP |
phoneNumber - String
|
Phone number for the VPN user |
status - OperationalStatus
|
Status of the Client as the type STRING |
Example
{
"authMethod": "xyz789",
"creationTime": "2007-12-03T10:15:30Z",
"email": "abc123",
"name": "abc123",
"origin": "abc123",
"phoneNumber": "xyz789",
"status": "active"
}
UserRef
BetaUserRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
UserRole
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"EDITOR"
UserSnapshot
Fields
| Field Name | Description |
|---|---|
connectedInOffice - Boolean
|
In this state the client does not create its own connection, but reuses the Office's socket connection |
connectivityStatus - ConnectivityStatus
|
Connectivity to the Cato Cloud |
deviceName - String
|
The host name of the device |
devices - [DeviceSnapshot!]
|
Data related to the Client |
id - ID
|
VPN user ID |
info - UserInfo
|
General information about the VPN user |
internalIP - String
|
IP address of the PoP that the Client is connected to |
lastConnected - DateTime
|
Last time the user was connected (relevant if not currently connected) |
name - String
|
User name from configuration, same as info.name |
operationalStatus - OperationalStatus
|
Status for a site or VPN user |
osType - String
|
Operating system of the device the Client is running on |
osVersion - String
|
Version of the operating system for the device |
popID - Int
|
ID of the PoP that the Client is connected to |
popName - String
|
Name of the PoP that the VPN user is connected to |
recentConnections - [RecentConnection!]
|
Data related to the most recent completed VPN connections |
remoteIP - String
|
IP address of the Client |
remoteIPInfo - IPInfo
|
IP address, ISP, and geographical information related to the Client |
uptime - Int
|
How long has the user been connected (in seconds) |
version - String
|
VPN client version string |
versionNumber - Int
|
VPN client version number |
Example
{
"connectedInOffice": false,
"connectivityStatus": "connected",
"deviceName": "abc123",
"devices": [DeviceSnapshot],
"id": 4,
"info": UserInfo,
"internalIP": "xyz789",
"lastConnected": "2007-12-03T10:15:30Z",
"name": "abc123",
"operationalStatus": "active",
"osType": "xyz789",
"osVersion": "abc123",
"popID": 987,
"popName": "abc123",
"recentConnections": [RecentConnection],
"remoteIP": "abc123",
"remoteIPInfo": IPInfo,
"uptime": 987,
"version": "xyz789",
"versionNumber": 987
}
UsersGroupRef
BetaUsersGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
Value
Types
| Union Types |
|---|
Example
StringValue
VendorEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"CATO"
VendorPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [VendorEnum!]
|
|
not_in - [VendorEnum!]
|
Example
{"in": ["CATO"], "not_in": ["CATO"]}
Vlan
Description
VLAN Identifier
Example
Vlan
VrrpType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DIRECT_LINK"
WanFirewallActionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
Allow the network traffic to pass through the firewall. |
|
|
Deny the network traffic from passing through the firewall. |
|
|
Requests user confirmation to allow or block network traffic. |
Example
"ALLOW"
WanFirewallAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - WanFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched Default |
application - WanFirewallApplicationInput!
|
Application traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic Default |
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
description - String!
|
|
destination - WanFirewallDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
deviceAttributes - DeviceAttributesInput!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. Default |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
direction - WanFirewallDirectionEnum!
|
|
enabled - Boolean!
|
|
exceptions - [WanFirewallRuleExceptionInput!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
service - WanFirewallServiceTypeInput!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - WanFirewallSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
tracking - PolicyTrackingInput!
|
Tracking information when the rule is matched, such as events and notifications Default |
Example
{
"action": "ALLOW",
"application": WanFirewallApplicationInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "abc123",
"destination": WanFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"direction": "BOTH",
"enabled": false,
"exceptions": [WanFirewallRuleExceptionInput],
"name": "abc123",
"schedule": PolicyScheduleInput,
"service": WanFirewallServiceTypeInput,
"source": WanFirewallSourceInput,
"tracking": PolicyTrackingInput
}
WanFirewallAddRuleInput
BetaDescription
Rule parameters and relevant position
Fields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - WanFirewallAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": WanFirewallAddRuleDataInput
}
WanFirewallApplication
BetaDescription
Application match criteria set
Fields
| Field Name | Description |
|---|---|
appCategory - [ApplicationCategoryRef!]!
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRef!]!
|
Applications for the rule (pre-defined) |
customApp - [CustomApplicationRef!]!
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRef!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]!
|
IPv4 addresses |
ipRange - [IpAddressRange!]!
|
A range of IPs. Every IP within the range will be matched |
sanctionedAppsCategory - [SanctionedAppsCategoryRef!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
Example
{
"appCategory": [ApplicationCategoryRef],
"application": [ApplicationRef],
"customApp": [CustomApplicationRef],
"customCategory": [CustomCategoryRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"sanctionedAppsCategory": [SanctionedAppsCategoryRef],
"subnet": [NetworkSubnet]
}
WanFirewallApplicationInput
BetaDescription
Application match criteria set
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]!
|
Cato category of applications which are dynamically updated by Cato Default |
application - [ApplicationRefInput!]!
|
Applications for the rule (pre-defined) Default |
customApp - [CustomApplicationRefInput!]!
|
Custom (user-defined) applications Default |
customCategory - [CustomCategoryRefInput!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. Default |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. Default |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
ip - [IPAddress!]!
|
IPv4 addresses Default |
ipRange - [IpAddressRangeInput!]!
|
A range of IPs. Every IP within the range will be matched Default |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
WanFirewallApplicationUpdateInput
BetaDescription
Application match criteria set
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRefInput!]
|
Applications for the rule (pre-defined) |
customApp - [CustomApplicationRefInput!]
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRefInput!]
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]
|
IPv4 addresses |
ipRange - [IpAddressRangeInput!]
|
A range of IPs. Every IP within the range will be matched |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
WanFirewallDestination
BetaDescription
Returns the settings for Destination of a Wan Firewall rule
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|