Cato Networks GraphQL API Reference
Support
Terms of Service
Refer to: Support Policy for Cato API
API Endpoints and Schema
Refer to: What is the Cato API
GraphQL Introspection Query
Use the GraphQL Introspection system to learn more about queries and types with the Cato API schema.
For more information, see the GraphQL Documentation.
API Labeling
EA: These APIs are part of Cato's EA program, if you’re interested in joining, please contact us at ea@catonetworks.com
Rollout: We are gradually rolling out these APIs, and they will be available to all accounts after a few weeks.
Beta: These APIs are fully operational but may undergo schema changes, including potential breaking changes, with limited advance notice—possibly as short as two weeks.
Queries
accountBySubdomain
Response
Returns [AccountDataPayload!]
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
|
subdomains - [String!]!
|
a list of required subdomains |
Example
Query
query accountBySubdomain($accountID:ID!, $subdomains:[String!]!) {
accountBySubdomain(accountID:$accountID, subdomains:$subdomains) {
id
subdomain
}
}
Variables
{"accountID": "123", "subdomains": ["company"]}
Response
{"data": {"accountBySubdomain": [{"id": "123", "subdomain": "company"}]}}
accountMetrics
Description
The accountMetrics query helps you analyze the state and quality of the connections of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics, statics, and analytics for the account.
Response
Returns an AccountMetrics
Arguments
| Name | Description |
|---|---|
accountID - ID
|
Unique Identifier of Account. |
timeFrame - TimeFrame!
|
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory. |
groupInterfaces - Boolean
|
When the boolean argument groupInterfaces is set to true, then the data for all the interfaces are aggregated to a single interface. |
groupDevices - Boolean
|
When the boolean argument groupDevices is set to true, then the analytics for all the Sockets (usually two in high availability) are aggregated as one result. For the best results for aggregated Sockets, we recommend that there is consistent names and functionality (for example Destination) for the links on both Sockets. |
Example
Query
query accountMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$groupInterfaces: Boolean,
$groupDevices: Boolean,
$siteIDs: [ID!]
) {
accountMetrics(
accountID:$accountID,
timeFrame: $timeFrame,
groupInterfaces: $groupInterfaces,
groupDevices: $groupDevices
) {
id
from
to
sites(siteIDs:$siteIDs) {
id
metrics {
bytesUpstream
bytesDownstream
}
interfaces {
name
metrics {
bytesUpstream
bytesDownstream
}
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"groupInterfaces": false,
"groupDevices": true,
"siteIDs": ["456", "789"]
}
Response
{
"data": {
"accountMetrics": {
"id": "123",
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"sites": [
{
"id": "456",
"metrics": {"bytesUpstream": 122324400, "bytesDownstream": 8354720},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 122324400,
"bytesDownstream": 8354720
}
}
]
},
{
"id": "789",
"metrics": {"bytesUpstream": 100254955, "bytesDownstream": 3907080},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 100254955,
"bytesDownstream": 3907080
}
}
]
}
]
}
}
}
accountRoles
Response
Returns an AccountRolesResult!
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
|
accountType - AccountType
|
Example
Query
query accountRoles($accountID:ID!){
accountRoles(accountID: $accountID) {
items {
name
isPredefined
}
total
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountRoles": {
"items": [
{"name": "Editor", "isPredefined": true},
{"name": "Viewer", "isPredefined": true},
{"name": "Network admin", "isPredefined": true},
{"name": "Security Admin", "isPredefined": true},
{"name": "Access Admin", "isPredefined": true}
],
"total": 5
}
}
}
accountSnapshot
Description
Current snapshot-based metrics that show near real‑time data for the account. Provides analytics that are similar to the Topology page for the account.
Response
Returns an AccountSnapshot
Arguments
| Name | Description |
|---|---|
accountID - ID
|
Unique Identifier of Account. |
Example
Query
query accountSnapshot($accountID:ID!) {
accountSnapshot(accountID:$accountID) {
sites {
connectivityStatus
haStatus{
readiness
wanConnectivity
keepalive
socketVersion
}
operationalStatus
lastConnected
connectedSince
devices {
connected
version
}
}
users {
connectivityStatus
connectedInOffice
name
deviceName
}
timestamp
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountSnapshot": {
"sites": [
{
"connectivityStatus": "connected",
"haStatus": {
"readiness": "ready",
"wanConnectivity": "ok",
"keepalive": "ok",
"socketVersion": "ok"
},
"operationalStatus": "active",
"lastConnected": "2023-02-28T13:21:05Z",
"connectedSince": "2023-02-27T15:10:06Z",
"devices": [
{"connected": true, "version": "17.0.16303"},
{"connected": true, "version": "17.0.16303"}
]
},
{
"connectivityStatus": "disconnected",
"haStatus": null,
"operationalStatus": "active",
"lastConnected": "2020-03-11T13:43:40Z",
"connectedSince": null,
"devices": [{"connected": false, "version": ""}]
}
],
"users": [
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Employee Domywork",
"deviceName": "Employee’s MacBook Pro"
},
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Alice Bobs",
"deviceName": "Alice’s MacBook Pro"
}
],
"timestamp": "2023-02-28T13:22:21Z"
}
}
}
admin
Response
Returns a GetAdminPayload
Example
Query
query admin($accountId:ID!, $adminID:ID!) {
admin(accountId:$accountId, adminID:$adminID) {
id
firstName
lastName
email
creationDate
mfaEnabled
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"admin": {
"id": "456",
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"mfaEnabled": false,
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
admins
Response
Returns an AdminsResult
Example
Query
query admins($accountId:ID!, $limit: Int) {
admins(accountID:$accountId, limit: $limit) {
items {
id
email
managedRoles {
role {
name
}
}
}
total
}
}
Variables
{"accountId": "123", "limit": 2}
Response
{
"data": {
"admins": {
"items": [
{
"id": "1",
"email": "editor@company.org",
"managedRoles": [{"role": {"name": "Editor"}}]
},
{
"id": "2",
"email": "viewer@company.org",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
],
"total": 3
}
}
}
appStats
Description
BETA
Response
Returns an AppStats
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
|
postAggFilters - [AppStatsPostAggFilter!]
|
|
sort - [AppStatsSort!]
|
Example
Query
query appStats(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$dimensions:[Dimension],
$sort:[AppStatsSort!],
$limit:Int,
$from:Int,
) {
appStats(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "app"}],
"sort": [{"fieldName": "traffic", "order": "desc"}],
"measures": [
{"fieldName": "traffic", "aggType": "sum"},
{"fieldName": "application", "aggType": "any"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"app": "zoom",
"application": "Zoom",
"traffic": "95138282696"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "udp",
"application": "UDP",
"traffic": "45401221439"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "Tech",
"application": "Technological apps",
"traffic": "13982474567"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "AppleSoftwareupdate",
"application": "Apple software update",
"traffic": "11624258191"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
}
]
}
}
}
appStatsTimeSeries
Description
BETA
Response
Returns an AppStatsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
Example
Query
query appStatsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$buckets:Int!
) {
appStatsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "upstream", "aggType": "sum"},
{"fieldName": "downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "upstream"}
},
{
"label": "sum(downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "downstream"}
}
]
}
}
}
auditFeed
Description
Audit Feed for account changes
Response
Returns an AuditFeed
Arguments
| Name | Description |
|---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
timeFrame - TimeFrame!
|
|
filters - [AuditFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query auditFeed($accountID:ID!, $timeFrame: TimeFrame!){
auditFeed(accountIDs:[$accountID], timeFrame:$timeFrame) {
from
to
fetchedCount
accounts {
id
records{
admin {
name
}
object {
name
}
time
fields {
name
value {
... on Entity {
name
id
type
}
... on StringValue {
string
}
... on DateValue {
date
}
}
}
}
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"auditFeed": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"records": [
{
"time": "2023-02-28T08:48:21Z",
"fields": [
{
"name": "admin",
"value": {
"name": "admin@company.org",
"id": "456",
"type": "admin",
"__typename": "Entity"
}
},
{
"name": "change.Before.description",
"value": {
"string": "Description before change",
"__typename": "StringValue"
}
},
{
"name": "change.After.description",
"value": {
"string": "Description after change",
"__typename": "StringValue"
}
},
{
"name": "model_name",
"value": {"string": "Site name", "__typename": "StringValue"}
},
{
"name": "module",
"value": {
"string": "Configuration",
"__typename": "StringValue"
}
},
{
"name": "change_type",
"value": {"string": "MODIFIED", "__typename": "StringValue"}
},
{
"name": "creation_date",
"value": {
"string": "1677574090000",
"__typename": "DateValue"
}
},
{
"name": "model_type",
"value": {"string": "Site", "__typename": "StringValue"}
},
{
"name": "admin_id",
"value": {"string": "456", "__typename": "StringValue"}
},
{
"name": "insertion_date",
"value": {
"date": "2023-02-28T08:48:21Z",
"__typename": "DateValue"
}
},
{
"name": "account_id",
"value": {"string": "123", "__typename": "StringValue"}
}
]
}
]
}
]
}
}
}
entityLookup
Description
Lookup entities with a specific type, potentially filtered and paged
Response
Returns an EntityLookupResult!
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
The account ID (or 0 for non-authenticated requests) |
type - EntityType!
|
Type of entity to lookup for |
limit - Int
|
Sets the maximum number of items to retrieve Default |
from - Int
|
Sets the offset number of items (for paging) Default |
parent - EntityInput
|
Return items under a parent entity (can be site, vpn user, etc), used to filter for networks that belong to a specific site for example |
search - String
|
Adds additional search parameters for the lookup. Available options: country lookup: "removeExcluded" to return only allowed countries countryState lookup: country code ("US", "CN", etc) to get country's states Default |
entityIDs - [ID!]
|
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not universally available, and may not be applicable specific Entity types. If used on non applicable entity type, an error will be generated. |
sort - [SortInput]
|
Adds additional sort criteria(s) for the lookup. This option is not universally available, and may not be applicable specific Entity types. |
filters - [LookupFilterInput]
|
Custom filters for entityLookup |
helperFields - [String!]
|
Additional helper fields |
Example
Query
query entityLookup($accountID:ID!, $limit:Int, $type:EntityType!) {
entityLookup(accountID: $accountID, type:$type, limit: $limit) {
items {
entity{
id
name
}
}
total
}
}
Variables
{"accountID": "123", "limit": 2, "type": "site"}
Response
{
"data": {
"entityLookup": {
"items": [
{"entity": {"id": "45040", "name": "azure_test"}},
{"entity": {"id": "75791", "name": "esx_test"}}
],
"total": 5
}
}
}
events
Response
Returns an Events
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
|
postAggFilters - [EventsPostAggFilter!]
|
|
sort - [EventsSort!]
|
Example
Query
query events($accountID:ID!, $timeFrame:TimeFrame!, ) {
events(accountID: $accountID, timeFrame:$timeFrame, measures: {fieldName: event_count, aggType: sum}) {
records {
flatFields
fieldsMap
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"events": {
"records": [
{
"flatFields": [["event_count", "2"]],
"fieldsMap": {"event_count": "2"}
}
]
}
}
}
eventsFeed
Description
Event Feed for events paged by a topic partitions offsets marker
Response
Returns an EventsFeedData
Arguments
| Name | Description |
|---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
filters - [EventFeedFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query eventsFeed(
$accountIDs: [ID!],
$filters: [EventFeedFieldFilterInput!]
) {
eventsFeed(
accountIDs: $accountIDs,
filters: $filters,
) {
marker
fetchedCount
accounts {
id
errorString
records {
fieldsMap
}
}
}
}
Variables
{
"accountIDs": [123],
"filters": [
{
"fieldName": "event_type",
"operator": "is_not",
"values": ["Sockets Management"]
},
{
"fieldName": "event_sub_type",
"operator": "is",
"values": ["Disconnected"]
}
]
}
Response
{
"data": {
"eventsFeed": {
"marker": "W3siVG9waWMiOiIxODIiLCJQYXJ0aXRpb24iOjAsIk9mZnNldCI6MzIxNTM4fV0=",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"errorString": "",
"records": [
{
"fieldsMap": {
"ISP_name": "IP Addresses Are Assigned Statically",
"account_id": "123",
"client_version": "8.0.4127",
"event_count": "1",
"event_sub_type": "Disconnected",
"event_type": "Connectivity",
"event_id": "7r0c7xUYIf",
"link_type": "Cato",
"pop_name": "Amsterdam",
"socket_interface": "WAN1",
"src_country": "Israel",
"src_country_code": "IL",
"src_is_site_or_vpn": "Site",
"src_isp_ip": "1.2.3.4",
"src_site": "native-range",
"time": "1677170467000",
"tunnel_protocol": "DTLS"
}
}
]
}
]
}
}
}
eventsTimeSeries
Response
Returns an EventsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
Example
Query
query eventsTimeSeries(
$accountID: ID!,
$filters: [EventsFilter!],
$timeFrame: TimeFrame!,
$measures: [EventsMeasure],
$buckets: Int!
) {
eventsTimeSeries(
accountID: $accountID,
filters: $filters,
timeFrame:$timeFrame,
measures: $measures
) {
id
from
to
granularity
timeseries(buckets:$buckets) {
label
data
}
}
}
Variables
{
"accountID": "4125",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [{"fieldName": "event_count", "aggType": "sum"}],
"buckets": 4
}
Response
{
"data": {
"eventsTimeSeries": {
"id": "4125",
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 21600,
"timeseries": [
{
"label": "sum(event_count)",
"data": [
[1677542400000, 5],
[1677564000000, 2],
[1677585600000, 0],
[1677607200000, 5]
]
}
]
}
}
}
servicePrincipalAdmin
Response
Returns a GetServicePrincipalAdminPayload
Example
Query
query servicePrincipalAdmin($accountId:ID!, $adminID:ID!) {
servicePrincipalAdmin(accountId:$accountId, adminID:$adminID) {
id
name
email
creationDate
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"servicePrincipalAdmin": {
"id": "456",
"name": "Service Principal",
"email": "service.principal@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
socketPortMetrics
Description
Provides historical metrics for physical and logical interfaces on Cato Sockets. This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
Response
Returns a SocketPortMetrics
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [SocketPortMetricsMeasure]
|
|
dimensions - [SocketPortMetricsDimension]
|
|
filters - [SocketPortMetricsFilter!]
|
|
postAggFilters - [SocketPortMetricsPostAggFilter!]
|
|
sort - [SocketPortMetricsSort!]
|
Example
Query
query socketPortMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [SocketPortMetricsMeasure],
$dimensions:[SocketPortMetricsDimension],
$sort:[SocketPortMetricsSort!],
$limit:Int,
$from:Int,
) {
socketPortMetrics(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "site_id"}],
"sort": [{"fieldName": "throughput_upstream", "order": "desc"}],
"measures": [
{"fieldName": "throughput_upstream", "aggType": "max"},
{"fieldName": "throughput_downstream", "aggType": "max"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"site_id": "1",
"throughput_upstream": "40",
"throughput_downstream": "20"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
},
{
"fieldsMap": {
"site_id": "2",
"throughput_upstream": "40",
"throughput_downstream": "20"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
},
{
"fieldsMap": {
"site_id": "3",
"throughput_upstream": "50",
"throughput_downstream": "30"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
},
{
"fieldsMap": {
"site_id": "4",
"throughput_upstream": "40",
"throughput_downstream": "20"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
}
]
}
}
}
socketPortMetricsTimeSeries
Description
Provides historical time series metrics for physical and logical interfaces on Cato Sockets. This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
Response
Returns a SocketPortMetricsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [SocketPortMetricsMeasure]
|
|
dimensions - [SocketPortMetricsDimension]
|
|
filters - [SocketPortMetricsFilter!]
|
Example
Query
query socketPortMetricsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [SocketPortMetricsMeasure],
$buckets:Int!
) {
socketPortMetricsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "throughput_upstream", "aggType": "sum"},
{"fieldName": "throughput_downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(throughput_upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "throughput_upstream"}
},
{
"label": "sum(throughput_downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "throughput_downstream"}
}
]
}
}
}
subDomains
Description
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
- Regular account - Return only 1 subdomain relating to the regular account
- Reseller account - Return all subdomains including the reseller account subdomain
- Reseller account - Return only the reseller account subdomain
Response
Returns [SubDomain!]!
Example
Query
query subDomains($accountID:ID!, $managedAccount:Boolean) {
subDomains(accountID:$accountID, managedAccount:$managedAccount) {
accountId
accountName
accountType
subDomain
}
}
Variables
{"accountID": "123", "managedAccount": true}
Response
{
"data": {
"subDomains": [
{
"accountId": "123",
"accountName": "Gamma LLC",
"accountType": "Reseller",
"subDomain": "subdomain3"
},
{
"accountId": "1235",
"accountName": "Delta Inc.",
"accountType": "Regular",
"subDomain": "subdomain4"
}
]
}
}
AccountManagementQueries
account
Description
Read the account information
Response
Returns an AccountInfo
Example
Query
query getAccount($accountId:ID!) {
accountManagement(accountId: $accountId) {
account {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456"}
Response
{
"data": {
"accountManagement": {
"account": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AntiMalwareFileHashPolicyQueries
policy
Beta
Response
Returns an AntiMalwareFileHashPolicy!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashPolicyInput
|
Example
Query
query AntiMalwareFileHash($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
policy {
enabled
rules {
properties
rule {
id
index
name
fileName
expirationDate
action
sha256
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"policy": {
"enabled": true,
"rules": [
{
"properties": [],
"rule": {
"id": "rule-id-1",
"index": 0,
"name": "Block Malicious File",
"fileName": "malware.exe",
"expirationDate": "2025-12-31T23:59:59Z",
"action": "BLOCK",
"sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
}
}
],
"sections": [
{
"properties": [],
"section": {"id": "section-id-1", "name": "Default Section"}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query AntiMalwareFileHash($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Initial Revision", "changes": 2}
]
}
}
}
}
}
AppTenantRestrictionPolicyQueries
policy
Beta
Response
Returns an AppTenantRestrictionPolicy!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionPolicyInput
|
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "5e38909c-d5f4-4132-98eb-7efd28ca5ca5",
"index": 1,
"name": "App Tenant Restriction Rule 1"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
ApplicationControlPolicyQueries
policy
Beta
Response
Returns an ApplicationControlPolicy!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlPolicyInput
|
Example
Query
query ApplicationControl($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "2131672",
"index": 1,
"name": "Block uploading credit card numbers"
}
},
{
"properties": [],
"rule": {
"id": "2131673",
"index": 2,
"name": "Microsoft - Only allow the tenant catonetworks.com"
}
},
{
"properties": [],
"rule": {
"id": "2131674",
"index": 3,
"name": "Microsoft - Monitor logins for external Microsoft tenants (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131675",
"index": 4,
"name": "OneDrive - Only allow the catonetworks.com tenant"
}
},
{
"properties": [],
"rule": {
"id": "2131676",
"index": 5,
"name": "OneDrive - Monitor logins for external OneDrive tenants (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131677",
"index": 6,
"name": "OneDrive - Monitor personal OneDrive tenants"
}
},
{
"properties": [],
"rule": {
"id": "2131678",
"index": 7,
"name": "Gmail - Monitor Gmail attachments"
}
},
{
"properties": [],
"rule": {
"id": "2131679",
"index": 8,
"name": "Monitor online storage apps: risk higher than 3, or no ISO"
}
},
{
"properties": [],
"rule": {
"id": "2131680",
"index": 9,
"name": "Twitter/X - Block posts with the string “samplekeyword”"
}
},
{
"properties": [],
"rule": {
"id": "2131681",
"index": 10,
"name": "Twitter/X - Monitor posts with long words (more than 8 characters)"
}
},
{
"properties": [],
"rule": {
"id": "2131682",
"index": 11,
"name": "Twitter/X - Monitor all posts"
}
},
{
"properties": [],
"rule": {
"id": "2131683",
"index": 12,
"name": "OpenAI - Restrict logins for allowed users and tenants"
}
},
{
"properties": [],
"rule": {
"id": "2131684",
"index": 13,
"name": "Open AI - Monitor logins for external tenant (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131685",
"index": 14,
"name": "OpenAI - Monitor third-party logins"
}
},
{
"properties": [],
"rule": {
"id": "2131686",
"index": 15,
"name": "Google Drive - Restrict view to allowed folders"
}
},
{
"properties": [],
"rule": {
"id": "2131687",
"index": 16,
"name": "Google Drive - Monitor non-allowed folders (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131688",
"index": 17,
"name": "Test sensitivity labels - edit MIP labels before enabling"
}
},
{
"properties": [],
"rule": {
"id": "2131689",
"index": 18,
"name": "Sanctioned apps - Allow upload without monitoring"
}
},
{
"properties": [],
"rule": {
"id": "2131690",
"index": 19,
"name": "Non-sanctioned apps - Monitor uploads"
}
},
{
"properties": [],
"rule": {
"id": "2131691",
"index": 20,
"name": "Log Any Cloud Application Granular Activities"
}
}
],
"sections": []
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query ApplicationControl($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
CatalogQueries
catalogApplication
Beta
Response
Returns a CatalogApplication
Arguments
| Name | Description |
|---|---|
input - ApplicationRefInput!
|
Example
Query
query ($accountId: ID!, $refInput: ApplicationRefInput!) {
catalogs(accountId: $accountId) {
catalogApplication(input: $refInput) {
__typename
id
name
descriptionSummary
description
category {
id
name
}
securityAttributes {
mfa
encryptionAtRest
auditTrail
rbac
rememberPassword
sso
trustedCertificate
tlsEnforcement
httpSecurityHeaders
}
ipoStatus
website
originCountry {
id
name
}
region
city
risk
numOfEmployees
capability
activity {
id
name
}
type
sanctioned
recentlyAdded
standardPorts {
port
protocol
}
}
}
}
Variables
{"accountId": "123456", "refInput": {"by": "ID", "input": "Facebook"}}
Response
{
"data": {
"catalogs": {
"catalogApplicationList": {
"pageInfo": {"total": 1},
"application": [
{
"__typename": "CatalogApplication",
"id": "Facebook",
"name": "Facebook",
"descriptionSummary": "Facebook is an online social networking service that enables its users to connect with friends and family.",
"description": "Facebook is an online social networking service that allows its users to connect with friends and family as well as make new connections.It provides its users with the ability to create a profile, update information, add images, send friend requests, and accept requests from other users. Its features include status update, photo tagging and sharing, and more. Facebooks profile structure includes a timeline, information related to the user, images of the user, images added by friends of the user, notes, pages, groups, and more. It enables its users to create pages related to entertainment, sports, business, finance, preferences, hobbies, culture, religion, causes, organizations, and a number of other categories. It also enables its users to join or create groups related to a vast number of categories.With millions of more users, [Friendster] attempted to acquire the company for $10 million in mid-2004. Facebook turned down the offer and subsequently received $12.7 million in funding from [Accel Partners] at a valuation of around $100 million. Facebook continued to grow opening up to high school students in September 2005 and adding a photo-sharing feature the next month. The next spring, Facebook received $25 million in funding from [Greylock Partners] and [Meritech Capital] as well as previous investors [Accel Partners] and [Peter Thiel]. The pre-money valuation for this deal was about $525 million. Facebook subsequently opened up to work networks eventually amassing over 20,000 work networks. Finally, in September 2006, Facebook was opened to anyone with an email address.Facebook continued to receive funding most notably in January 2011 receiving $1.5 billion and valuing the company at $50 billion. A year later in February 2012, Facebook announced that it was filing for its long-anticipated initial public offering. The company went public on May 18, 2012 opening in [NASDAQ] with shares trading at $42.05.Facebook announced positive numbers in February 2012 upon filing for its IPO. As of July 2013 over 1.15 billion users have logged into Facebook every month and 669 million users daily. Mobile users now make up half of Facebooks user base with 819 million monthly actives. Facebook is one of the most trafficked sites in the United States. Additionally, Facebook is the top photo-sharing site with 250 million photos uploaded per day.The company has a strategic partnership with AXA Group to develop marketing and commercial collaboration in the digital, social, and mobile sphere.Facebook is currently the owner of many applications and services such as Pagemodo Pagebuilder, [RSS Graffiti], Huddle, and more. It is the worlds largest social network with over 1.32 billion monthly active users.Facebook was founded by Mark Zuckerberg in Menlo Park, California in 2004.",
"category": [{"id": "social", "name": "Social"}],
"complianceAttributes": {
"iso27001": "SUPPORTED",
"sox": "SUPPORTED",
"hippa": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"isae3402": "SUPPORTED",
"pciDss": "SUPPORTED"
},
"securityAttributes": {
"mfa": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"auditTrail": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"trustedCertificate": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED"
},
"ipoStatus": "IPO",
"website": "http://www.facebook.com",
"originCountry": {"id": "US", "name": "United States"},
"region": "California",
"city": "Menlo Park",
"risk": 3,
"numOfEmployees": "BETWEEN_10001_MAX",
"logo": null,
"capability": ["APP_CONTROL_INLINE"],
"activity": [
{"id": "facebook_upload_post", "name": "Post"},
{"id": "facebook_comment", "name": "Comment"},
{"id": "facebook_login", "name": "Login"},
{"id": "full_path_url", "name": "Full Path URL"}
],
"type": "CLOUD_APPLICATION",
"sanctioned": false,
"recentlyAdded": false,
"standardPorts": [{"port": [443], "protocol": "TCP"}]
}
]
}
}
}
}
catalogApplicationList
Beta
Response
Returns a CatalogApplicationListPayload
Arguments
| Name | Description |
|---|---|
input - CatalogApplicationListInput!
|
Example
Query
query ($accountId: ID!, $input: CatalogApplicationListInput!) {
catalogs(accountId: $accountId) {
catalogApplicationList(input: $input) {
pageInfo {
total
}
application {
__typename
id
name
descriptionSummary
description
category {
id
name
}
complianceAttributes {
iso27001
sox
hippa
soc1
soc2
soc3
isae3402
pciDss
}
securityAttributes {
mfa
encryptionAtRest
auditTrail
rbac
rememberPassword
sso
trustedCertificate
tlsEnforcement
httpSecurityHeaders
}
ipoStatus
website
originCountry {
id
name
}
region
city
risk
numOfEmployees
capability
activity {
id
name
}
type
sanctioned
recentlyAdded
standardPorts {
port
protocol
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"sort": {"name": {"direction": "ASC", "priority": 1}},
"filter": {"name": {"eq": "Facebook"}},
"paging": {"limit": 1}
}
}
Response
{
"data": {
"catalogs": {
"catalogApplicationList": {
"pageInfo": {"total": 1},
"application": [
{
"__typename": "CatalogApplication",
"id": "Facebook",
"name": "Facebook",
"descriptionSummary": "Facebook is an online social networking service that enables its users to connect with friends and family.",
"description": "Facebook is an online social networking service that allows its users to connect with friends and family as well as make new connections.It provides its users with the ability to create a profile, update information, add images, send friend requests, and accept requests from other users. Its features include status update, photo tagging and sharing, and more. Facebooks profile structure includes a timeline, information related to the user, images of the user, images added by friends of the user, notes, pages, groups, and more. It enables its users to create pages related to entertainment, sports, business, finance, preferences, hobbies, culture, religion, causes, organizations, and a number of other categories. It also enables its users to join or create groups related to a vast number of categories.With millions of more users, [Friendster] attempted to acquire the company for $10 million in mid-2004. Facebook turned down the offer and subsequently received $12.7 million in funding from [Accel Partners] at a valuation of around $100 million. Facebook continued to grow opening up to high school students in September 2005 and adding a photo-sharing feature the next month. The next spring, Facebook received $25 million in funding from [Greylock Partners] and [Meritech Capital] as well as previous investors [Accel Partners] and [Peter Thiel]. The pre-money valuation for this deal was about $525 million. Facebook subsequently opened up to work networks eventually amassing over 20,000 work networks. Finally, in September 2006, Facebook was opened to anyone with an email address.Facebook continued to receive funding most notably in January 2011 receiving $1.5 billion and valuing the company at $50 billion. A year later in February 2012, Facebook announced that it was filing for its long-anticipated initial public offering. The company went public on May 18, 2012 opening in [NASDAQ] with shares trading at $42.05.Facebook announced positive numbers in February 2012 upon filing for its IPO. As of July 2013 over 1.15 billion users have logged into Facebook every month and 669 million users daily. Mobile users now make up half of Facebooks user base with 819 million monthly actives. Facebook is one of the most trafficked sites in the United States. Additionally, Facebook is the top photo-sharing site with 250 million photos uploaded per day.The company has a strategic partnership with AXA Group to develop marketing and commercial collaboration in the digital, social, and mobile sphere.Facebook is currently the owner of many applications and services such as Pagemodo Pagebuilder, [RSS Graffiti], Huddle, and more. It is the worlds largest social network with over 1.32 billion monthly active users.Facebook was founded by Mark Zuckerberg in Menlo Park, California in 2004.",
"category": [{"id": "social", "name": "Social"}],
"complianceAttributes": {
"iso27001": "SUPPORTED",
"sox": "SUPPORTED",
"hippa": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"isae3402": "SUPPORTED",
"pciDss": "SUPPORTED"
},
"securityAttributes": {
"mfa": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"auditTrail": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"trustedCertificate": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED"
},
"ipoStatus": "IPO",
"website": "http://www.facebook.com",
"originCountry": {"id": "US", "name": "United States"},
"region": "California",
"city": "Menlo Park",
"risk": 3,
"numOfEmployees": "BETWEEN_10001_MAX",
"logo": null,
"capability": ["APP_CONTROL_INLINE"],
"activity": [
{"id": "facebook_upload_post", "name": "Post"},
{"id": "facebook_comment", "name": "Comment"},
{"id": "facebook_login", "name": "Login"},
{"id": "full_path_url", "name": "Full Path URL"}
],
"type": "CLOUD_APPLICATION",
"sanctioned": false,
"recentlyAdded": false,
"standardPorts": [{"port": [443], "protocol": "TCP"}]
}
]
}
}
}
}
contentTypeGroupList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CatalogApplicationContentTypeGroupListInput!
|
Example
Query
query ContentTypeGroups($accountId: ID!, $input: CatalogApplicationContentTypeGroupListInput!) {
catalogs(accountId: $accountId) {
contentTypeGroupList(input: $input) {
pageInfo {
total
}
contentTypeGroup {
id
name
contentType {
id
name
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"sort": {"name": {"direction": "ASC", "priority": 1}},
"filter": [
{"name": {"in": ["Binaries", "disk"]}},
{"contentType": {"id": {"eq": "cab"}}, "id": {"eq": "archive"}}
],
"paging": {"limit": 20}
}
}
Response
{
"data": {
"catalogs": {
"contentTypeGroupList": {
"pageInfo": {"total": 2},
"contentTypeGroup": [
{
"id": "archive",
"name": "Archives",
"contentType": [{"id": "cab", "name": "Windows CABinet"}]
},
{
"id": "bin",
"name": "Binaries",
"contentType": [
{"id": "bin", "name": "Binary files"},
{"id": "elf-dump", "name": "ELF core dump"},
{"id": "elf-obj", "name": "ELF object file"},
{"id": "mat", "name": "MATLAB MAT file"}
]
}
]
}
}
}
}
ClientConnectivityPolicyQueries
policy
Beta
Response
Returns a ClientConnectivityPolicy!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityPolicyInput
|
Example
Query
query ClientConnectivityPolicy($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da",
"index": 1,
"name": "Updated rule name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query ClientConnectivityPolicy($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
ContainerQueries
list
Beta
Response
Returns a ContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - ContainerSearchInput!
|
Example
Query
query listContainers($accountId:ID!, $input:ContainerSearchInput!) {
container(accountId: $accountId) {
list(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"refs": [{"by": "NAME", "input": "Some Container"}],
"types": ["FQDN"]
}
}
Response
{
"data": {
"container": {
"list": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
FqdnContainerQueries
downloadFile
Beta
Response
Returns a DownloadFqdnContainerFilePayload!
Arguments
| Name | Description |
|---|---|
input - DownloadFqdnContainerFileInput!
|
Example
Query
query downloadFqdnFile($accountId:ID!, $input:DownloadFqdnContainerFileInput!) {
container(accountId: $accountId) {
fqdn {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"fqdn": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "MTkwLjIwLjI0LjM2LTE5MC4yMC4yNC4yMzYKMjAuMTAuMTMuMjcKMTgzLjEzLjU0LjIzNA=="
}
}
}
}
}
search
Beta
Response
Returns a FqdnContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:FqdnContainerSearchInput!) {
container(accountId: $accountId) {
fqdn {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"search": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchFqdn
Beta
Response
Returns a FqdnContainerSearchFqdnPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerSearchFqdnInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:FqdnContainerSearchFqdnInput!) {
container(accountId: $accountId) {
fqdn {
searchFqdn(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{"accountId": 12345, "input": {"fqdn": "google.com"}}
Response
{
"data": {
"container": {
"fqdn": {
"searchFqdn": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
testFromURL
Beta
Response
Returns a TestContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - TestContainerFromUrlInput!
|
Example
Query
query testFqdnContainerFromURL($accountId:ID!, $input:TestContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
testFromURL(input: $input) {
sizeValid
topValid
sizeInvalid
topInvalid
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"url": "https://example.com/fqdns.csv", "fileType": "CSV"}
}
Response
{
"data": {
"container": {
"fqdn": {
"testFromURL": {
"sizeValid": 95,
"topValid": ["example.com", "google.com", "github.com"],
"sizeInvalid": 5,
"topInvalid": ["invalid..fqdn", "not-a-valid-fqdn-"]
}
}
}
}
}
IpAddressRangeContainerQueries
downloadFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - DownloadIpAddressRangeContainerFileInput!
|
Example
Query
query downloadIpAddressNameFile($accountId:ID!, $input:DownloadIpAddressRangeContainerFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"ipAddressRange": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "ZXhhbXBsZS5jb20KZ29vZ2xlLmNvbQphbWF6b20uY29t"
}
}
}
}
}
search
Beta
Response
Returns an IpAddressRangeContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:IpAddressRangeContainerSearchInput!) {
container(accountId: $accountId) {
ipAddressRange {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"search": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchIpAddressRange
Beta
Response
Returns an IpAddressRangeContainerSearchIpAddressRangePayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerSearchIpAddressRangeInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:IpAddressRangeContainerSearchIpAddressRangeInput!) {
container(accountId: $accountId) {
ipAddressRange {
searchIpAddressRange(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ipAddressRange": {"from": "190.20.24.36", "to": "190.20.24.236"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"searchIpAddressRange": {
"containers": [
{
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
testFromURL
Beta
Response
Returns a TestContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - TestContainerFromUrlInput!
|
Example
Query
query testIpAddressRangeContainerFromURL($accountId:ID!, $input:TestContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
testFromURL(input: $input) {
sizeValid
topValid
sizeInvalid
topInvalid
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"url": "https://example.com/ip-ranges.csv", "fileType": "CSV"}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"testFromURL": {
"sizeValid": 95,
"topValid": [
"192.168.1.1-192.168.1.10",
"10.0.0.0-10.0.0.255",
"172.16.0.0-172.16.255.255"
],
"sizeInvalid": 5,
"topInvalid": [
"invalid-ip-range",
"999.999.999.999-1000.1000.1000.1000"
]
}
}
}
}
}
DevicesQueries
attributesCatalog
Beta
Response
Returns a DeviceAttributesCatalogQueries!
Example
Query
query DeviceAttributesCatalog(
$accountId: ID!,
$categorySort: SortOrderInput,
$typeInput: DeviceAttributeCatalogInput,
$osInput: DeviceAttributeCatalogInput,
$modelInput: DeviceAttributeCatalogInput,
$manufacturerInput: DeviceAttributeCatalogInput
) {
devices(accountId: $accountId) {
attributesCatalog {
category(sort: $categorySort) {
items
pageInfo {
total
}
}
type(input: $typeInput) {
items
pageInfo {
total
}
}
os(input: $osInput) {
items
pageInfo {
total
}
}
model(input: $modelInput) {
items
pageInfo {
total
}
}
manufacturer(input: $manufacturerInput) {
items
pageInfo {
total
}
}
}
}
}
Variables
{
"accountId": "1",
"categorySort": {"direction": "ASC"},
"typeInput": {"sort": {"direction": "ASC"}, "paging": {"limit": 100000}},
"modelInput": {"sort": {"direction": "ASC"}, "paging": {"limit": 100000}},
"osInput": {"sort": {"direction": "ASC"}, "paging": {"limit": 100000}},
"manufacturerInput": {
"sort": {"direction": "ASC"},
"paging": {"limit": 100000}
}
}
Response
{
"data": {
"devices": {
"attributesCatalog": {
"category": {
"items": ["IoT", "Mobile", "Networking", "OT", "PC", "Server"],
"pageInfo": {"total": 6}
},
"type": {
"items": [
"Desktop",
"Laptop",
"SD-WAN",
"Virtual Machine",
"Workstation"
],
"pageInfo": {"total": 5}
},
"os": {
"items": ["Linux", "Windows", "Windows Workstation", "macOS"],
"pageInfo": {"total": 4}
},
"model": {
"items": [
"",
"X1500",
"vSocket AWS",
"vSocket Azure",
"vSocket ESX",
"vSocket GCP"
],
"pageInfo": {"total": 6}
},
"manufacturer": {
"items": ["Apple", "Cato Networks", "Dell", "Microsoft", "VMware"],
"pageInfo": {"total": 5}
}
}
}
}
}
csvExport
Beta
Response
Returns an ExportJobResponse!
Arguments
| Name | Description |
|---|---|
input - DeviceCsvExportInput
|
Example
Query
query RequestExport($accountId: ID!) {
devices(accountId: $accountId) {
csvExport {
jobId
message
}
}
}
Variables
{"accountId": "11097"}
Response
{
"data": {
"devices": {
"csvExport": {
"jobId": "export-job-12345",
"message": "CSV export job started successfully"
}
}
}
}
csvExportStatus
Beta
Response
Returns an ExportStatusResponse!
Arguments
| Name | Description |
|---|---|
jobId - ID!
|
Example
Query
query GetExportStatus($accountId: ID!, $jobId: ID!) {
devices(accountId: $accountId) {
csvExportStatus(jobId: $jobId) {
jobId
status
progress
message
downloadUrl
expiresAt
}
}
}
Variables
{"accountId": "11097", "jobId": "62514d9c-de95-4e6b-a06d-36bca0f6f1e4"}
Response
{
"data": {
"devices": {
"csvExportStatus": {
"jobId": "62514d9c-de95-4e6b-a06d-36bca0f6f1e4",
"status": "COMPLETED",
"progress": 100,
"message": "Export completed successfully",
"downloadUrl": "https://api.example.com/downloads/devices-export-12345.csv",
"expiresAt": "2023-06-10T15:00:00Z"
}
}
}
}
list
Beta
Response
Returns a DevicesPayload
Arguments
| Name | Description |
|---|---|
input - DeviceV2Input
|
Example
Query
query DevicesTable(
$accountId: ID!
$filter: [DeviceV2FilterInput!]!
$sort: DeviceSortInput!
$paging: PagingInput!
) {
devices(accountId: $accountId) {
list(input: { filter: $filter, sort: $sort, paging: $paging }) {
device {
...DeviceInfo
__typename
}
paging {
total
__typename
}
__typename
}
__typename
}
}
fragment DeviceInfo on DeviceV2 {
id
category
lastSeen
firstSeen
name
ip
site {
id
name
__typename
}
os {
product
version
vendor
__typename
}
nic {
macAddress
__typename
}
hw {
type
manufacturer
model
__typename
}
networkInfo {
__typename
... on SiteNetworkSubnetRef {
name
__typename
}
... on GlobalRangeRef {
name
__typename
}
}
user {
name
__typename
}
__typename
}
Variables
{
"accountId": "000000",
"paging": {"from": 0, "limit": 25},
"filter": [
{
"lastSeen": [
{"between": ["2025-08-30T08:08:47.032Z", "2025-09-01T08:08:47.032Z"]}
]
}
],
"sort": {}
}
Response
{
"data": {
"devices": {
"__typename": "DevicesQueries",
"list": {
"device": [
{
"id": "dev000000000000000000001",
"category": "PC",
"lastSeen": "2025-09-01T07:53:32.000Z",
"firstSeen": "2025-08-05T08:15:53.000Z",
"name": "User-001-LM-IL",
"ip": "10.0.1.1",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:01:01",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000002",
"category": "PC",
"lastSeen": "2025-09-01T07:53:32.000Z",
"firstSeen": "2025-07-24T11:04:47.000Z",
"name": "User-002-LM-IL",
"ip": "10.0.1.2",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:01:02",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000003",
"category": "PC",
"lastSeen": "2025-09-01T07:53:29.000Z",
"firstSeen": "2025-07-23T14:00:46.000Z",
"name": "User-003-LM-IL",
"ip": "10.0.1.3",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:01:03",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000004",
"category": "PC",
"lastSeen": "2025-09-01T07:53:29.000Z",
"firstSeen": "2025-08-05T07:51:57.000Z",
"name": "User-004-LM-CZ",
"ip": "10.0.2.4",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:02:04",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000005",
"category": "PC",
"lastSeen": "2025-09-01T07:53:20.000Z",
"firstSeen": "2025-07-23T13:38:49.000Z",
"name": "User-005-LM-CZ",
"ip": "10.0.2.5",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:02:05",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000006",
"category": "PC",
"lastSeen": "2025-09-01T07:52:39.000Z",
"firstSeen": "2025-07-23T13:59:36.000Z",
"name": "User-006-LM-IL",
"ip": "10.0.3.6",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.7",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:06",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000007",
"category": "PC",
"lastSeen": "2025-09-01T07:52:39.000Z",
"firstSeen": "2025-08-18T14:43:09.000Z",
"name": "User-007-LM-IL",
"ip": "10.0.3.7",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:07",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000008",
"category": "PC",
"lastSeen": "2025-09-01T07:52:35.000Z",
"firstSeen": "2025-07-24T09:47:49.000Z",
"name": "User-008-LM-IL",
"ip": "10.0.3.8",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:08",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000009",
"category": "PC",
"lastSeen": "2025-09-01T07:52:35.000Z",
"firstSeen": "2025-07-25T12:49:50.000Z",
"name": "User-009-LM-UA",
"ip": "10.0.3.9",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.7",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:09",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000010",
"category": "PC",
"lastSeen": "2025-09-01T07:52:33.000Z",
"firstSeen": "2025-07-24T07:38:12.000Z",
"name": "User-010-LM-IL",
"ip": "10.0.4.10",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:04:10",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000011",
"category": "PC",
"lastSeen": "2025-09-01T07:51:16.000Z",
"firstSeen": "2025-08-05T08:00:13.000Z",
"name": "User-011-LM-IL",
"ip": "10.0.4.11",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:04:11",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000012",
"category": "PC",
"lastSeen": "2025-09-01T07:51:16.000Z",
"firstSeen": "2025-07-25T05:56:36.000Z",
"name": "User-012-LM-JP",
"ip": "10.0.4.12",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:04:12",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000013",
"category": "PC",
"lastSeen": "2025-09-01T07:50:42.000Z",
"firstSeen": "2025-07-24T08:00:31.000Z",
"name": "User-013-LM-IL",
"ip": "10.0.5.13",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:05:13",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000014",
"category": "PC",
"lastSeen": "2025-09-01T07:50:41.000Z",
"firstSeen": "2025-07-27T07:19:33.000Z",
"name": "User-014-LM-IL",
"ip": "10.0.5.14",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:05:14",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000015",
"category": "PC",
"lastSeen": "2025-09-01T07:50:16.000Z",
"firstSeen": "2025-07-24T07:22:25.000Z",
"name": "User-015-LM-IL",
"ip": "10.0.5.15",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:05:15",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000016",
"category": "PC",
"lastSeen": "2025-09-01T07:50:06.000Z",
"firstSeen": "2025-07-24T11:22:08.000Z",
"name": "User-016-LM-IL",
"ip": "10.0.6.16",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:06:16",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000017",
"category": "PC",
"lastSeen": "2025-09-01T07:49:52.000Z",
"firstSeen": "2025-07-24T07:38:40.000Z",
"name": "User-017-LM-IL",
"ip": "10.0.6.17",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:06:17",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000018",
"category": "PC",
"lastSeen": "2025-09-01T07:48:51.000Z",
"firstSeen": "2025-07-24T12:34:20.000Z",
"name": "User-018-LM-IL",
"ip": "10.0.6.18",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:06:18",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000019",
"category": "PC",
"lastSeen": "2025-09-01T07:47:53.000Z",
"firstSeen": "2025-07-27T13:47:18.000Z",
"name": "User-019-LM-IL",
"ip": "10.0.7.19",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:07:19",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000020",
"category": "PC",
"lastSeen": "2025-09-01T07:47:48.000Z",
"firstSeen": "2025-07-24T07:35:50.000Z",
"name": "User-020-LM-IL",
"ip": "10.0.7.20",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:07:20",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000021",
"category": "PC",
"lastSeen": "2025-09-01T07:46:56.000Z",
"firstSeen": "2025-07-24T07:31:12.000Z",
"name": "User-021-LM-IL",
"ip": "10.0.7.21",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:07:21",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000022",
"category": "PC",
"lastSeen": "2025-09-01T07:46:48.000Z",
"firstSeen": "2025-07-24T13:43:54.000Z",
"name": "User-022-LM-IL",
"ip": "10.0.8.22",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:22",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000023",
"category": "PC",
"lastSeen": "2025-09-01T07:46:45.000Z",
"firstSeen": "2025-07-27T12:57:17.000Z",
"name": "User-023-LM-IL",
"ip": "10.0.8.23",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:23",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000024",
"category": "PC",
"lastSeen": "2025-09-01T07:46:42.000Z",
"firstSeen": "2025-07-24T13:43:54.000Z",
"name": "User-024-LM-IL",
"ip": "10.0.8.24",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:24",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000025",
"category": "PC",
"lastSeen": "2025-09-01T07:46:42.000Z",
"firstSeen": "2025-07-23T14:55:25.000Z",
"name": "User-025-LM-IL",
"ip": "10.0.8.25",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:25",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
}
],
"paging": {"total": 529, "__typename": "PageInfo"},
"__typename": "DevicesPayload"
}
}
}
}
DynamicIpAllocationPolicyQueries
policy
Beta
Response
Returns a DynamicIpAllocationPolicy!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationPolicyInput
|
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
policy {
enabled
rules {
properties
rule {
id
index
name
range {
globalIpRange{
id
name
}
}
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc",
"index": 1,
"name": "Rule2",
"range": {
"globalIpRange": {"id": "1927109", "name": "12.22.17.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "eb2d4d79-0149-4839-a5c4-fc167211dbe6",
"index": 2,
"name": "Rule1",
"range": {
"globalIpRange": {"id": "1927108", "name": "12.22.16.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"index": 3,
"name": "Updated rule name",
"range": {
"globalIpRange": {"id": "1927110", "name": "12.22.18.0/24"}
}
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "Updated section new to the new name"
}
},
{
"properties": [],
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
{
"properties": [],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
EnterpriseDirectoryQueries
Description
Retrieve the account location items
Response
Returns an EnterpriseDirectoryLocationListPayload!
Arguments
| Name | Description |
|---|---|
input - EnterpriseDirectoryLocationListInput
|
Example
Query
query getEDLocations($accountID:ID!, $input: EnterpriseDirectoryLocationListInput!) {
enterpriseDirectory(accountId:$accountID) {
locationList( input: $input ) {
items {
id
name
type
description
archived
account {
id
}
details{
companyName
postalAddress{
cityName
country {
name
id
}
street
stateName
zipCode
addressValidated
}
vatId
contact{
name
phone
email
}
}
}
pageInfo{
total
}
}
}
}
Variables
{
"accountID": "123456",
"input": {
"filter": {"countryCode": [{"in": ["FR"]}]},
"sort": {"name": {"direction": "ASC", "priority": 0}},
"paging": {"limit": 1, "from": 0}
}
}
Response
{
"data": {
"enterpriseDirectory": {
"locationList": {
"items": [
{
"id": "312be4ca-2b21-4144-99e4-8a0c43dd6cee",
"account": {"id": "123456", "name": ""},
"name": "test",
"type": "BRANCH",
"description": "test",
"archived": false,
"details": {
"companyName": "Angelina",
"postalAddress": {
"cityName": "Paris",
"street": "226 rue de rivoli",
"country": {"id": "fr", "name": "france"},
"stateName": "",
"zipCode": "75009",
"addressValidated": "VALID"
},
"vatId": "",
"contact": {
"name": "Angelina",
"phone": "55422348",
"email": "Angelina@gmail.com"
}
}
}
],
"pageInfo": {"total": 10}
}
}
}
}
GroupsQueries
group
Beta
Description
Get a specific group configuration. The group can be identified by ID or name.
Response
Returns a Group
Arguments
| Name | Description |
|---|---|
input - GroupRefInput!
|
Example
Query
query Group($accountId: ID!, $groupRefInput: GroupRefInput!, $groupMembersListInput: GroupMembersListInput!) {
groups(accountId: $accountId) {
group(input: $groupRefInput) {
id
name
description
membersCount
members(input: $groupMembersListInput) {
items {
id
name
type
}
paging {
total
}
}
membersCountPerType {
type
membersCount
}
}
}
}
Variables
{
"accountId": 12345,
"groupRefInput": {"by": "NAME", "input": "group-1"},
"groupMembersListInput": {"paging": {"limit": 10}}
}
Response
{
"data": {
"groups": {
"group": {
"id": "12345",
"name": "group-1",
"description": "group of sites and hosts",
"membersCount": 2,
"members": {
"items": [
{"id": "67890", "name": "site-1", "type": "SITE"},
{"id": "67891", "name": "host-1", "type": "HOST"}
],
"paging": {"total": 2}
},
"membersCountPerType": [
{"type": "HOST", "membersCount": 1},
{"type": "SITE", "membersCount": 1}
]
}
}
}
}
groupList
Beta
Description
Get a list of groups, with optional filters and sorting. This query only returns basic information for each group (e.g. name, ID). To view full configuration details, including members, use the group query for each result.
Response
Returns a GroupListPayload
Arguments
| Name | Description |
|---|---|
input - GroupListInput
|
Default |
Example
Query
query Group($accountId: ID!, $groupListInput: GroupListInput) {
groups(accountId: $accountId) {
groupList(input: $groupListInput) {
items {
id
name
description
membersCount
membersCountPerType {
type
membersCount
}
audit {
updatedTime
}
},
paging {
total
}
}
}
}
Variables
{
"accountId": 12345,
"groupListInput": {"sort": {"audit": {"updatedTime": {"direction": "DESC"}}}}
}
Response
{
"data": {
"groups": {
"items": [
{
"id": "12345",
"name": "group-1",
"description": "group of sites and hosts",
"membersCount": 2,
"membersCountPerType": [
{"type": "HOST", "membersCount": 1},
{"type": "SITE", "membersCount": 1}
],
"audit": {"updatedTime": "2023-10-01T12:00:00Z"}
}
],
"paging": {"total": 1}
}
}
}
whereUsed
Beta
Description
Check which policies use the group.
Response
Returns a GroupWhereUsedPayload
Arguments
| Name | Description |
|---|---|
input - GroupRefInput!
|
Example
Query
query GroupWhereUsed($accountID: ID!, $input: GroupRefInput!) {
groups(accountId: $accountID) {
whereUsed(input: $input) {
used
invalidMemberTypes {
type
scope {
type
field
}
}
}
}
}
Variables
{"accountID": "12345", "input": {"input": "ABC12345"}}
Response
{
"data": {
"groups": {
"whereUsed": {
"used": true,
"invalidMemberTypes": [],
"usage": [{"type": "internetFirewall", "field": ["source"]}]
}
}
}
}
HardwareManagementQueries
socketInventory
Beta
Description
Retrieve the account socket inventory
Response
Returns a SocketInventoryPayload!
Arguments
| Name | Description |
|---|---|
input - SocketInventoryInput
|
Example
Query
query socketInventory($accountId: ID!, $input: SocketInventoryInput!) {
hardwareManagement(accountId: $accountId) {
socketInventory(input: $input) {
items {
id
status
serialNumber
socketMac
socketVersion
site {
id
name
}
account {
id
name
}
shippingDate
socketType
trackingUrl
trackingNumber
shippingCompany
deliverySiteName
description
hardwareVersion
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 25, "from": 0},
"filter": {"freeText": {"search": "search"}},
"sort": {"deliverySiteName": {"direction": "ASC"}}
}
}
Response
{
"data": {
"hardwareManagement": {
"socketInventory": {
"items": [
{
"id": "111111",
"status": "DELIVERED",
"serialNumber": "987654321",
"socketMac": "00-B0-D0-63-C2-26",
"socketVersion": "13.0.11395",
"site": {"id": "010101", "name": "exampleSite"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1500",
"trackingUrl": "https://fedex.com/1111111",
"trackingNumber": "1111111",
"shippingCompany": "fedex",
"deliverySiteName": "exampleWarehouse",
"description": "example description",
"hardwareVersion": "X1500"
},
{
"id": "2222222",
"status": "SHIPPED",
"serialNumber": "123456789",
"socketMac": "00-B0-D0-63-C2-27",
"socketVersion": "13.0.11395",
"site": {"id": "0202", "name": "exampleSite2"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1700",
"trackingUrl": "https://ups.com/2222222",
"trackingNumber": "2222222",
"shippingCompany": "ups",
"deliverySiteName": "exampleWarehouse2",
"description": "example description 2",
"hardwareVersion": "X1500"
}
],
"pageInfo": {"total": 2}
}
}
}
}
HardwareQueries
countHardwareByStatus
Beta
Description
Count of hardware items by shipping status
Response
Returns a StatusCount
Example
Query
query hardware($accountID:ID!) {
hardware(accountId:$accountID) {
countHardwareByStatus{
PENDING_INFO
CONFIRM_SHIPPING
IN_TRANSIT
DELIVERED
}
}
}
Variables
{"accountID": "26361"}
Response
{
"data": {
"hardware": {
"__typename": "HardwareQueries",
"countHardwareByStatus": {
"PENDING_INFO": 205,
"CONFIRM_SHIPPING": 5,
"IN_TRANSIT": 0,
"DELIVERED": 43,
"__typename": "StatusCount"
}
}
}
}
hardware
Beta
Description
Retrieve the account hardware items
Response
Returns a HardwarePayload
Arguments
| Name | Description |
|---|---|
input - HardwareSearchInput
|
Example
Query
query hardware($accountID:ID!, $input: HardwareSearchInput!) {
hardware(accountId:$accountID) {
hardware( input: $input ) {
items {
id
account {
id
}
shippingDetail{
cityName
countryName
street
powerCable
zipCode
}
validation{
addressValidationStatus
}
}
pageInfo{
total
}
}
}
}
Variables
{
"accountID": "26361",
"input": {
"filter": {"countryName": [{"in": ["France"]}], "product": []},
"sort": {"licenseStartDate": {"direction": "ASC", "priority": 0}}
}
}
Response
{
"data": {
"hardware": {
"hardware": {
"items": [
{
"id": "4179d060-ea44-4c9d-a175-958c2b19d971",
"account": {
"id": "10036494",
"name": "",
"__typename": "AccountRef"
},
"siteCountryName": "Netherlands",
"siteSFId": "a4O08000002SvzB",
"sfId": "a1a0800000z14aQAAQ",
"licenseId": "LIC-BW-7717-000021",
"quoteId": "quote1",
"licenseStartDate": "2023-08-01",
"productType": "Socket",
"serialNumber": "2305100839",
"model": "Cato Socket X1500 (HA)",
"lastModified": "2024-11-21T10:37:21.647Z",
"shippingTracking": {
"trackingNumber": "GE958808541NL",
"trackingUrl": "<a href=\"https://www.tnt.com/express/en_nl/site/shipping-tools/tracking.html?searchType=con&cons=GE958808541NL\" target=\"_blank\">Track HW-045393</a>",
"shippingStatus": "PENDING_INFO",
"shippingDate": "2023-08-10",
"__typename": "ShippingTracking"
},
"shippingDetail": {
"companyName": "",
"street": "",
"cityName": "",
"countryName": "",
"stateName": "",
"zipCode": "",
"incoterms": "",
"instruction": "",
"vatId": "",
"contact": {
"name": "",
"phone": "",
"email": "",
"__typename": "ContactDetails"
},
"comment": "",
"powerCable": "C14",
"__typename": "ShippingDetails"
},
"validation": {
"completed": false,
"incompleteReason": "Missing company name",
"addressValidationStatus": "NA",
"__typename": "HardwareValidation"
},
"__typename": "Hardware"
},
{
"id": "775c6827-b3c1-4921-880b-7c59ed6e0154",
"account": {
"id": "10036494",
"name": "",
"__typename": "AccountRef"
},
"siteCountryName": "Belgium",
"siteSFId": "a4O08000002Svzq",
"sfId": "a1a0800000z14ajAAA",
"licenseId": "LIC-BW-7717-000001",
"quoteId": "quote1",
"licenseStartDate": "2023-11-01",
"productType": "Socket",
"serialNumber": "2324100210",
"model": "Cato Socket X1700 (Main)",
"lastModified": "2024-11-21T10:37:21.750Z",
"shippingTracking": {
"trackingNumber": "10273779",
"trackingUrl": "",
"shippingStatus": "PENDING_INFO",
"shippingDate": "2023-10-31",
"__typename": "ShippingTracking"
},
"shippingDetail": {
"companyName": "",
"street": "",
"cityName": "",
"countryName": "",
"stateName": "",
"zipCode": "",
"incoterms": "",
"instruction": "",
"vatId": "",
"contact": {
"name": "",
"phone": "",
"email": "",
"__typename": "ContactDetails"
},
"comment": "",
"powerCable": "C14",
"__typename": "ShippingDetails"
},
"validation": {
"completed": false,
"incompleteReason": "Missing company name",
"addressValidationStatus": "NA",
"__typename": "HardwareValidation"
},
"__typename": "Hardware"
}
],
"pageInfo": {"total": 10}
}
}
}
}
InternetFirewallPolicyQueries
policy
Beta
Response
Returns an InternetFirewallPolicy!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": ["SYSTEM"],
"rule": {
"id": "f99c880a-7474-42a7-9da1-828c2d93abe6",
"index": 1,
"name": "Block any P2P"
}
},
{
"properties": [],
"rule": {
"id": "8df22e9d-c5c2-417e-a282-7c9908bfc1f4",
"index": 2,
"name": "Default Block Tor, SMB, SMTP"
}
},
{
"properties": [],
"rule": {
"id": "d42482ef-cbf2-494d-9343-5dc6ca30f815",
"index": 3,
"name": "Default Block for Categories"
}
},
{
"properties": [],
"rule": {
"id": "5d04747f-b31f-4d7c-8c02-831f07df80b8",
"index": 4,
"name": "Default prompt for Categories"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
]
}
}
}
}
}
policyList
Beta
Description
Provides a list of all policies of Internet Firewall with filtering, pagination and sorting capabilities
Response
Returns an InternetFirewallPolicyListPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyListInput!
|
Default |
Example
Query
query internetFirewallPolicyByIds($accountId: ID!, $limit: Int!, $filter: InternetFirewallPolicyListFilterInput) {
policy(accountId: $accountId) {
internetFirewall {
policyList(input: {paging: {limit: $limit}, filter: $filter}) {
items {
id
name
description
enabled
policyLevel
}
paging {
total
}
}
}
}
}
Variables
{
"accountId": 12345,
"limit": 1,
"filter": {"id": {"in": ["f07a3670-88ed-48e6-8a31-6f9047e9f584"]}}
}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policyList": {
"items": [
{
"id": "f07a3670-88ed-48e6-8a31-6f9047e9f584",
"name": "Main",
"description": "",
"enabled": true,
"policyLevel": "MAIN"
}
],
"paging": {"total": 1}
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
LicensingQueries
licensingInfo
Beta
Description
BETA
Response
Returns a LicensingInfo
Example
Query
query licensingInfo($accountId: ID!) {
licensing(accountId: $accountId) {
licensingInfo {
atp {
sku
}
dem {
sku
total
__typename
}
casb {
sku
plan
status
expirationDate
__typename
}
dataLake {
sku
total
dpaVersion
__typename
}
pooledBandwidth {
sku
plan
status
expirationDate
startDate
total
siteLicenseGroup
siteLicenseType
allocatedBandwidth
sites {
site {
id
name
}
allocatedBandwidth
}
__typename
}
site {
sku
plan
status
expirationDate
startDate
total
siteLicenseGroup
siteLicenseType
site {
id
name
}
__typename
}
globalLicenseAllocations {
publicIps {
total
allocated
available
__typename
}
ztnaUsers {
total
allocated
available
__typename
}
}
}
}
}
Variables
{"accountId": "123"}
Response
{
"data": {
"licensing": {
"licensingInfo": {
"atp": [],
"dem": [{"sku": "CATO_DEM", "total": 10, "__typename": "DemLicense"}],
"casb": [
{
"sku": "CATO_CASB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2026-02-02T00:00:00.000Z",
"__typename": "CasbLicense"
}
],
"dataLake": [
{
"sku": "CATO_DATALAKE_3M",
"total": 1,
"dpaVersion": "DPA_2023_01",
"__typename": "DataLakeLicense"
}
],
"pooledBandwidth": [
{
"sku": "CATO_PB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2024-07-04T00:00:00.000Z",
"startDate": "2024-03-31T00:00:00.000Z",
"total": 250,
"siteLicenseGroup": "GROUP_2",
"siteLicenseType": "SASE",
"allocatedBandwidth": 50,
"sites": [
{
"site": {"id": "456", "name": "Tokyo"},
"allocatedBandwidth": 20
},
{
"site": {"id": "789", "name": "Sydney"},
"allocatedBandwidth": 30
}
],
"__typename": "PooledBandwidthLicense"
}
],
"site": [
{
"sku": "CATO_SITE",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"total": 100,
"siteLicenseGroup": "GROUP_1",
"siteLicenseType": "SASE",
"site": {"id": "123", "name": "London"},
"__typename": "SiteLicense"
}
],
"globalLicenseAllocations": {
"publicIps": {
"total": 3,
"allocated": 0,
"available": 3,
"__typename": "PublicIpsLicenseAllocations"
},
"ztnaUsers": {
"total": 65,
"allocated": 5,
"available": 60,
"__typename": "ZtnaUsersLicenseAllocations"
}
}
}
}
}
}
PopLocationQueries
popLocationList
Beta
Response
Returns a PopLocationPayload
Arguments
| Name | Description |
|---|---|
input - PopLocationFilterInput
|
Example
Query
query popLocationList($accountId: ID!, $input: PopLocationFilterInput) {
popLocations(accountId: $accountId) {
popLocationList(input: $input) {
items {
id
name
displayName
country {
id
name
}
isPrivate
cloudInterconnect {
taggingMethod
providerName
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {"isPrivate": {"eq": false}, "primary": {"eq": true}}
}
Response
{
"data": {
"popLocations": {
"popLocationList": {
"items": [
{
"id": "456",
"name": "London-1",
"displayName": "London Primary",
"country": {"id": "GB", "name": "United Kingdom"},
"isPrivate": false,
"cloudInterconnect": [
{"taggingMethod": "DOT1Q", "providerName": "Equinix"},
{"taggingMethod": "QINQ", "providerName": "Equinix"}
]
},
{
"id": "lon2",
"name": "London-2",
"displayName": "London Secondary",
"country": {"id": "gb", "name": "United Kingdom"},
"isPrivate": false,
"cloudInterconnect": [
{"taggingMethod": "DOT1Q", "providerName": "Equinix"}
]
}
]
}
}
}
}
RemotePortFwdPolicyQueries
policy
Beta
Response
Returns a RemotePortFwdPolicy!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdPolicyInput
|
Example
Query
query RemotePortFwdPolicy($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
policy {
enabled
rules {
rule {
id
name
index
enabled
section {
id
name
}
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
ipRange {
from
to
}
subnet
globalIpRange {
id
name
}
}
restrictionType
}
}
sections {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"policy": {
"enabled": false,
"rules": [
{
"rule": {
"id": "4b80b0ac-94ea-45b8-9ae0-20d6104607ce",
"name": "new rule",
"index": 1,
"enabled": true,
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
},
"description": "",
"forwardIcmp": false,
"externalIp": {
"id": "26",
"name": "site_test_4 - 192.168.1.16"
},
"externalPortRange": {"from": 75, "to": 75},
"internalIp": "222.222.22.22",
"internalPortRange": {"from": 75, "to": 75},
"remoteIPs": {
"ip": ["192.168.1.1"],
"ipRange": [],
"subnet": [],
"globalIpRange": []
},
"restrictionType": "ALLOW_LIST"
}
}
],
"sections": [
{
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query RemotePortFwd($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
SandboxQueries
Description
Get a list of sandbox reports
Response
Returns a SandboxReportsPayload!
Arguments
| Name | Description |
|---|---|
input - SandboxReportsInput!
|
Example
Query
query Sandbox($accountId: ID!, $input: SandboxReportsInput!) {
sandbox(accountId: $accountId) {
reports(input: $input) {
report {
fileName
fileHash
status
verdict
downloadUrl
creationDate
expirationDate
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"filter": {"fileName": {"in": "eicar.zip"}},
"sort": {"reportCreateDate": {"direction": "DESC"}},
"paging": {"limit": 20, "from": 0}
}
}
Response
{
"data": {
"sandbox": {
"reports": {
"report": [
{
"fileName": "eicar.zip",
"fileHash": "FILE_HASH",
"status": "READY",
"verdict": "MALICIOUS",
"downloadUrl": "DOWNLOAD_URL",
"creationDate": "2025-01-12T12:41:30.241Z",
"expirationDate": "2025-02-11T12:42:20.132Z"
}
],
"pageInfo": {"total": 1}
}
}
}
}
SiteQueries
Description
Retrieves available socket versions for the specified platforms.
Response
Returns an AvailableVersionListPayload
Arguments
| Name | Description |
|---|---|
input - AvailableVersionListInput!
|
Example
Query
query site($accountId: ID!, $input: AvailableVersionListInput!) {
site(accountId: $accountId) {
availableVersionList(input: $input) {
items {
platform
versions
}
}
}
}
Variables
{"accountId": 123, "input": {"platforms": ["X1500", "X1500_BR2", "AZ1500"]}}
Response
{
"data": {
"site": {
"availableVersionList": {
"items": [
{"platform": "X1500", "versions": []},
{"platform": "AZ1500", "versions": ["23.0.19481", "22.0.19284"]},
{
"platform": "X1500_BR2",
"versions": ["23.0.19481", "19.0.33354", "16.0.15740", "15.0.15144"]
}
]
}
}
}
}
bgpPeer
Beta
Description
Retrieves details of a specific BGP peer by reference.
Response
Returns a BgpPeer
Arguments
| Name | Description |
|---|---|
input - BgpPeerRefInput!
|
Example
Query
query bgpPeer($accountId: ID!, $input: BgpPeerRefInput!) {
site(accountId: $accountId) {
bgpPeer(input: $input) {
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
Variables
{"accountId": 123, "input": {"input": "example peer", "by": "NAME"}}
Response
{
"data": {
"site": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
bgpPeerList
Beta
Description
Retrieves a list of all BGP peers associated with the specified site.
Response
Returns a BgpPeerListPayload
Arguments
| Name | Description |
|---|---|
input - BgpPeerListInput!
|
Example
Query
query bgpPeerList($accountId: ID!, $input: BgpPeerListInput!) {
site(accountId: $accountId) {
bgpPeerList(input: $input){
total
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"bgpPeerList": {
"total": 1,
"bgpPeer": [
{
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
]
}
}
}
}
cloudInterconnectConnectionConnectivity
Beta
Description
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
Response
Returns a CloudInterconnectConnectionConnectivity
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectConnectionConnectivityInput!
|
Example
Query
query cloudInterconnectConnectionConnectivity($accountId: ID!, $input: CloudInterconnectConnectionConnectivityInput!) {
site(accountId : $accountId){
cloudInterconnectConnectionConnectivity(input: $input) {
success
}
}
}
Variables
{"accountId": 128782, "input": {"id": "MzY2MzM0LVBSSU1BUlk="}}
Response
{
"data": {
"site": {"cloudInterconnectConnectionConnectivity": {"success": false}}
}
}
cloudInterconnectPhysicalConnection
Beta
Description
Get details of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnection
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectPhysicalConnectionInput!
|
Example
Query
query cloudInterconnectPhysicalConnection($accountId: ID!, $input: CloudInterconnectPhysicalConnectionInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnection(input: $input) {
site{
id
name
}
haRole
encapsulationMethod
subnet
privateCatoIp
privateSiteIp
upstreamBwLimit
downstreamBwLimit
popLocation{
id,
name
}
vlan
sVlan
cVlan
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnection": {
"site": {"id": "400957", "name": "cloud_interconnect_test_site"},
"haRole": "PRIMARY",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": 100,
"downstreamBwLimit": 100,
"popLocation": {
"id": "10000",
"name": "Exalt Socket Upgrade Simulator for TestCC2"
},
"vlan": 2713,
"sVlan": 0,
"cVlan": 0
}
}
}
}
cloudInterconnectPhysicalConnectionId
Beta
Description
Get the ID of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnectionId
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectPhysicalConnectionIdInput!
|
Example
Query
query cloudInterconnectPhysicalConnectionId($accountId: ID!, $input: CloudInterconnectPhysicalConnectionIdInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnectionId(input: $input) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {"site": {"by": "ID", "input": "400957"}, "haRole": "PRIMARY"}
}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnectionId": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
secondaryAwsVSocket
Beta
Description
Retrieves details of a specific secondary AWS vSocket.
Response
Returns a SecondaryAwsVSocket
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
query secondaryAwsVSocket($accountId:ID!, $socketId: ID!){
site(accountId:$accountId) {
secondaryAwsVSocket(socketId: $socketId) {
site {
id
name
}
id
ipAddress
subnet
routeTableId
}
}
}
Variables
{"accountId": "143762", "socketId": 631159}
Response
{
"data": {
"site": {
"secondaryAwsVSocket": {
"site": {"id": "400376", "name": "aws"},
"id": "631159",
"ipAddress": "55.45.45.70",
"subnet": "55.45.45.0/24",
"routeTableId": "888"
}
}
}
}
secondaryAzureVSocket
Beta
Description
Retrieves details of a specific secondary Azure vSocket.
Response
Returns a SecondaryAzureVSocket
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
query secondaryAzureVSocket($accountId:ID!, $socketId: ID!){
site(accountId:$accountId) {
secondaryAzureVSocket(socketId: $socketId) {
site {
id
name
}
id
interfaceIp
floatingIp
}
}
}
Variables
{"accountId": "5018", "socketId": 654376}
Response
{
"data": {
"site": {
"secondaryAzureVSocket": {
"site": {"id": "366082", "name": "azure"},
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
}
}
siteBgpStatus
Beta
Description
Provides the BGP status of the specified site, including session and route details.
Response
Returns a SiteBgpStatus
Arguments
| Name | Description |
|---|---|
input - SiteBgpStatusInput!
|
Example
Query
query siteBgpStatus($accountId: ID!, $input: SiteBgpStatusInput!) {
site(accountId: $accountId) {
siteBgpStatus(input: $input) {
status {
remoteIp
bgpSession
bfdSession
routesFromPeer
routesToPeer
rejectedRoutesFromPeer {
subnet
type
community{
from
to
}
rule
lastPublishAttempt
}
}
rawStatus
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"siteBgpStatus": {
"status": [
{
"remoteIp": "192.168.2.100",
"bgpSession": "Established via outgoing connection",
"bfdSession": null,
"routesFromPeer": ["172.16.32.0/24"],
"routesToPeer": [
"10.41.0.0/16",
"100.1.0.0/16",
"172.17.31.0/24",
"10.254.254.0/24",
"220.220.220.0/24",
"10.254.254.12/32",
"10.254.254.253/32",
"100.1.1.0/24",
"120.120.120.0/24",
"111.1.1.1/32",
"156.88.88.0/24",
"192.168.1.0/24",
"10.254.254.5/32",
"10.254.254.1/32",
"192.168.2.0/24"
],
"rejectedRoutesFromPeer": [
{
"subnet": "200.1.1.0/24",
"type": "IPv4",
"community": [{"from": 5555, "to": 5555}],
"rule": " ( ( bgp_range == 200.1.1.0/24 ) )",
"lastPublishAttempt": null
},
{
"subnet": "200.1.0.0/16",
"type": "IPv4",
"community": [{"from": 6666, "to": 6666}],
"rule": " ( ( bgp_communities ~= 436869642 ) )",
"lastPublishAttempt": null
}
]
}
],
"rawStatus": [
"{\"Exposed_On_Interface\":\"LAN1\",\"Exposed_With_IP\":\"192.168.2.1\",\"Peer\":{\"BGP_Session\":\"Established via outgoing connection\",\"BGP_peer_filter_rule\":{\"default_accept\":true,\"rules\":[{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_range\",\"op\":\"OP_EQ\",\"values\":[{\"str\":\"200.1.1.0/24\",\"type\":\"field_type_ip\"}]}]},\"id\":18258},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"364058035\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18259},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"436869642\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18260}]},\"Incoming_Connection\":{\"State\":\"Idle\",\"Transport\":\"Not set\"},\"Local_ASN\":\"65000\",\"Local_IP\":\"169.254.1.179\",\"Negotiated\":{\"Capabilities\":{\"as4\":\"0\",\"enhanced_route_refresh\":\"1\",\"graceful_restart_always_publish\":false,\"graceful_restart_enabled\":false,\"graceful_restart_present\":false,\"graceful_restart_timeout\":\"0\",\"multiprotocol_ext\":\"1\",\"route_refresh\":\"1\"},\"Hold_Time\":\"60\",\"Keepalive_Period\":\"20\"},\"Outgoing_Connection\":{\"State\":\"Established\",\"Transport\":\"169.254.1.179:43113-192.168.2.100:179\"},\"RIB_out\":[{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.253/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"15\",\"b3\",\"00\",\"37\"],\"communities\":[\"5555:55\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.0.0/16\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"120.120.120.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"0\",\"Communities offset\":\"0\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"172.17.31.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"156.88.88.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"08\",\"ae\",\"08\",\"ae\"],\"communities\":[\"2222:2222\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.1.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"220.220.220.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.2.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.41.0.0/16\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"0d\",\"05\",\"0d\",\"05\"],\"communities\":[\"3333:3333\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"111.1.1.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.12/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.5/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.1.0/24\"}],\"Remote_ASN\":\"7678\",\"Remote_IP\":\"192.168.2.100\",\"Router_ID\":\"192.168.2.1\",\"Router_Weight\":\"100\"},\"accept_default_route\":false,\"advertise_cato\":true,\"advertise_default\":\"never\",\"advertise_summary\":false,\"bfd_peer\":{\"BFD_Session\":\"DOWN\",\"bfd_config\":{\"local_asn\":65000,\"local_ip_no\":\"169.254.1.179\",\"local_port_ho\":0,\"remote_asn\":7678,\"remote_ip_no\":\"192.168.2.100\"},\"bfd_session_info\":{\"active_mode\":false,\"auth_type\":0,\"desired_min_tx_interval_usec\":300000,\"detect_interval_usec\":0,\"detect_mult\":3,\"local_diag\":\"NO_DIAGNOSTIC\",\"my_discriminator\":1394721461,\"next_detect_timestamp_usec\":9223372036854776000,\"next_send_timestamp_usec\":9223372036854776000,\"poll_in_progress\":false,\"remote_demand_mode\":false,\"remote_detect_mult\":0,\"remote_diag\":\"NO_DIAGNOSTIC\",\"remote_discriminator\":0,\"remote_min_echo_interval_usec\":0,\"remote_min_rx_interval_usec\":0,\"remote_min_tx_interval_usec\":0,\"remote_state\":\"DOWN\",\"remote_tx_interval_usec\":0,\"required_min_echo_interval_usec\":0,\"required_min_rx_interval_usec\":300000,\"state\":\"DOWN\",\"tx_interval_usec\":0},\"bfd_timeline\":[{\"event\":{\"func\":\"bfd_peer_init\",\"line\":\"513\",\"msg\":\"initialized BFD session to 192.168.2.100. tx = 300000 usec, rx = 300000 usec, mult = 3 , mode is passive\"},\"time\":\"02/12/24 09:41:03.583\"}],\"enabled\":true},\"custom_ranges_advertise\":\"never\",\"interface_pcap_captured_packets\":\"0\",\"interface_pcap_enabled\":false,\"interface_port_id\":0,\"rejected_routes_from_neighbor\":[{\"Communities\":[\"5555:5555\"],\"Subnet\":\"200.1.1.0/24\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_range == 200.1.1.0/24 ) )\"},{\"Communities\":[\"6666:6666\"],\"Subnet\":\"200.1.0.0/16\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_communities ~= 436869642 ) )\"}],\"routes_count\":\"1\",\"routes_count_limit\":\"1024\",\"routes_count_limit_exceeded\":false,\"routes_from_neighbor\":[{\"Next_Hop\":\"192.168.2.100\",\"Range\":\"172.16.32.0-172.16.32.255\",\"Subnet\":\"172.16.32.0/24\"}],\"routes_to_neighbor\":[{\"Subnet\":\"10.41.0.0/16\"},{\"Subnet\":\"111.1.1.1/32\"},{\"Subnet\":\"100.1.0.0/16\"},{\"Subnet\":\"100.1.1.0/24\"},{\"Subnet\":\"172.17.31.0/24\"},{\"Subnet\":\"120.120.120.0/24\"},{\"Subnet\":\"192.168.1.0/24\"},{\"Subnet\":\"220.220.220.0/24\"},{\"Subnet\":\"192.168.2.0/24\"},{\"Subnet\":\"10.254.254.0/24\"},{\"Subnet\":\"10.254.254.12/32\"},{\"Subnet\":\"10.254.254.253/32\"},{\"Subnet\":\"10.254.254.5/32\"},{\"Subnet\":\"10.254.254.1/32\"},{\"Subnet\":\"156.88.88.0/24\"}]}"
]
}
}
}
}
siteGeneralDetails
Beta
Response
Returns a SiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
site - SiteRefInput!
|
Example
Query
query siteGeneralDetails($accountId: ID!, $site: SiteRefInput!) {
site(accountId: $accountId) {
siteGeneralDetails(site: $site) {
site {
id
name
}
siteType
description
siteLocation {
countryCode
stateCode
cityName
timezone
address
}
preferredPopLocation {
primary {
id
name
}
secondary {
id
name
}
preferredOnly
}
}
}
}
Variables
{"accountId": "123", "site": {"input": "456", "by": "ID"}}
Response
{
"data": {
"site": {
"siteGeneralDetails": {
"site": {"id": "456", "name": "example site"},
"siteType": "BRANCH",
"description": "222",
"siteLocation": {
"countryCode": "IL",
"stateCode": "",
"cityName": "Tel Aviv",
"timezone": "Asia/Jerusalem",
"address": "Iben Gabirol 123"
},
"preferredPopLocation": {
"primary": {"id": "1", "name": "example_location_1"},
"secondary": {"id": "2", "name": "example_location_2"},
"preferredOnly": true
}
}
}
}
}
SocketLanPolicyQueries
policy
Beta
Response
Returns a SocketLanPolicy!
Arguments
| Name | Description |
|---|---|
input - SocketLanPolicyInput
|
Example
Query
query socketLan($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {"policy": {"enabled": false, "rules": [], "sections": []}}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query socketLan($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"revisions": {
"revision": [
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0}
]
}
}
}
}
}
SplitTunnelPolicyQueries
policy
Beta
Response
Returns a SplitTunnelPolicy!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelPolicyInput
|
Example
Query
query SplitTunnelPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "96f3efbc-1e5f-4bdc-93bd-c4777b70dc9b",
"index": 1,
"name": "Second Example Rule"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query SplitTunnelPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"revisions": {
"revision": [
{"name": "Revision Name Example", "changes": 0},
{"name": "Revision Name Example", "changes": 0},
{"name": "Revision Name Example", "changes": 0}
]
}
}
}
}
}
TerminalServerPolicyQueries
policy
Beta
Response
Returns a TerminalServerPolicy!
Arguments
| Name | Description |
|---|---|
input - TerminalServerPolicyInput
|
Example
Query
query TerminalServer($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
policy {
enabled
rules {
properties
rule {
id
name
description
index
enabled
allowedHostIP {
id
name
}
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"policy": {
"enabled": true,
"rules": [
{
"rule": {
"id": "f50fa97b-1f12-4522-a15b-6cddde43c8c8",
"name": "Shared Host in Site A",
"index": 1,
"enabled": true,
"description": "Shared Host in Site A ",
"allowedHostIP": {
"id": "900134247",
"name": "Terminal Server Farm"
}
},
"audit": {
"updatedBy": "John.Doe@catonetworks.com",
"updatedTime": "2025-04-23T14:59:08.012"
},
"properties": []
}
],
"sections": []
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query TerminalServer($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
TlsInspectPolicyQueries
policy
Beta
Response
Returns a TlsInspectPolicy!
Arguments
| Name | Description |
|---|---|
input - TlsInspectPolicyInput
|
Example
Query
query TlsInspect($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "80897ab7-5be5-4979-afde-3969f9d75c8a",
"index": 1,
"name": "Updated Tls Inspect Rule"
}
},
{
"properties": [],
"rule": {
"id": "d9cdb424-0830-4d8c-bfa7-6390bbc9c17b",
"index": 2,
"name": "Updated WAN Rule"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "cab89258-646c-4ce8-8a91-9f13108d1e73",
"name": "updated TLS section name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query TlsInspect($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"revisions": {
"revision": [
{"name": "TLS Test Revision", "changes": 0},
{"name": "TLS Test Revision", "changes": 0}
]
}
}
}
}
}
WanFirewallPolicyQueries
policy
Beta
Response
Returns a WanFirewallPolicy!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "16044293",
"index": 1,
"name": "Allow social media"
}
},
{
"properties": [],
"rule": {"id": "16044295", "index": 2, "name": "WAN FW Rule 2"}
}
],
"sections": [
{
"properties": [],
"section": {"id": "363808", "name": "Example Wan Section"}
},
{
"properties": [],
"section": {"id": "363809", "name": "My Wan Section"}
}
]
}
}
}
}
}
policyList
Beta
Description
Provides a list of all policies of Wan Firewall with filtering, pagination and sorting capabilities
Response
Returns a WanFirewallPolicyListPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyListInput!
|
Default |
Example
Query
query wanFirewallPolicyByIds($accountId: ID!, $limit: Int!, $filter: WanFirewallPolicyListFilterInput) {
policy(accountId: $accountId) {
wanFirewall {
policyList(input: {paging: {limit: $limit}, filter: $filter}) {
items {
id
name
description
enabled
policyLevel
}
paging {
total
}
}
}
}
}
Variables
{
"accountId": 12345,
"limit": 1,
"filter": {"id": {"in": ["f07a3670-88ed-48e6-8a31-6f9047e9f584"]}}
}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policyList": {
"items": [
{
"id": "f07a3670-88ed-48e6-8a31-6f9047e9f584",
"name": "Main",
"description": "",
"enabled": true,
"policyLevel": "MAIN"
}
],
"paging": {"total": 1}
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"revisions": {
"revision": [
{"name": "WAN Test Revision", "changes": 0},
{"name": "WAN Test Revision", "changes": 0}
]
}
}
}
}
}
WanNetworkPolicyQueries
policy
Beta
Response
Returns a WanNetworkPolicy!
Arguments
| Name | Description |
|---|---|
input - WanNetworkPolicyInput
|
Example
Query
query wanNetwork($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "6f5b98bd-3252-4c45-95e1-9eeac9fd88db",
"index": 1,
"name": "my WAN network rule example"
}
},
{
"properties": [],
"rule": {
"id": "2812534",
"index": 2,
"name": "WAN Voice & Video - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812530",
"index": 3,
"name": "Internet Voice & Video - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812532",
"index": 4,
"name": "WAN RDP - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812535",
"index": 5,
"name": "Internet RDP - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812533",
"index": 6,
"name": "WAN SMB - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812536",
"index": 7,
"name": "Internet SMB - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812529",
"index": 8,
"name": "WAN Data - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812531",
"index": 9,
"name": "Internet Traffic - Predefined"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "52bd561b-2877-4941-a3d0-5c7219e8e7b7",
"name": "Wan network example section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query wanNetwork($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"revisions": {
"revision": [
{"name": "WAN network Test Revision", "changes": 0},
{"name": "WAN network Test Revision", "changes": 0},
{"name": "WAN network Test Revision", "changes": 0}
]
}
}
}
}
}
XDR
stories
Beta
Description
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
Response
Returns a StoriesData
Arguments
| Name | Description |
|---|---|
input - StoryInput!
|
Example
Query
query Stories($accountId: ID!, $from: Int!, $limit: Int!, $sort: [StorySortInput!], $filter: [StoryFilterInput!]!) {
xdr(accountID: $accountId) {
stories(
input: {paging: {from: $from, limit: $limit}, sort: $sort, filter: $filter}
) {
paging {
from
limit
total
__typename
}
items {
...StoryBrief
__typename
}
__typename
}
__typename
}
}
fragment StoryBrief on Story {
id
accountId
accountName
updatedAt
createdAt
analystName
incident {
__typename
id
status
lastSignal
firstSignal
producer
connectionType
indication
queryName
description
criticality
source
ticket
research
vendor
sourceIp
analystFeedback {
severity
__typename
}
... on Threat {
...ThreatIncidentBrief
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentBrief
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentBrief
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentBrief
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentBrief
__typename
}
}
__typename
}
fragment ThreatIncidentBrief on Threat {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment ThreatPreventionIncidentBrief on ThreatPrevention {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment AnomalyStatsIncidentBrief on AnomalyStats {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment AnomalyEventsIncidentBrief on AnomalyEvents {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment NetworkXDRIncidentBrief on NetworkXDRIncident {
__typename
storyDuration
storyType
siteConnectionType
siteConfigLocation
acknowledged
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
}
Variables
{
"accountId": "123",
"from": 0,
"limit": 25,
"filter": [
{
"timeFrame": {"time": "last.P14D", "timeFrameModifier": "StoryUpdate"},
"producer": {
"in": [
"AnomalyEvents",
"AnomalyStats",
"ThreatHunt",
"ThreatPrevention",
"MicrosoftEndpointDefender",
"CatoEndpointAlert"
]
}
}
],
"sort": [{"fieldName": "updatedAt", "order": "desc"}]
}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"stories": {
"paging": {"from": 0, "limit": 25, "total": 5, "__typename": "Paging"},
"items": [
{
"id": "65ba47966e0c8517cf2de805",
"accountId": 123,
"accountName": "account",
"updatedAt": "2024-01-31T13:13:58Z",
"createdAt": "2024-01-31T13:13:58Z",
"analystName": "abc123",
"incident": {
"__typename": "CatoEndpoint",
"id": "29ebcff1",
"status": "PendingMoreInfo",
"lastSignal": "2024-01-18T01:48:25Z",
"firstSignal": "2024-01-18T01:48:25Z",
"producer": "CatoEndpointAlert",
"connectionType": null,
"indication": "Cato Endpoint Alert",
"queryName": null,
"description": null,
"criticality": 5,
"source": "source",
"ticket": null,
"research": false,
"vendor": "CATO",
"sourceIp": null,
"analystFeedback": {
"severity": "Medium",
"__typename": "AnalystFeedback"
}
},
"__typename": "Story"
}
]
}
}
}
}
story
Beta
Description
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
Response
Returns a Story
Arguments
| Name | Description |
|---|---|
storyId - ID
|
|
producer - StoryProducerEnum
|
|
incidentId - ID
|
Example
Query
query StoryDetails($accountId: ID!, $storyId: ID!) {
xdr(accountID: $accountId) {
... on XDR {
story(storyId: $storyId) {
...StoryDetailed
__typename
}
__typename
}
__typename
}
}
fragment StoryDetailed on Story {
__typename
id
summary
updatedAt
createdAt
playbook
timeline {
...TimelineItem
__typename
}
incident {
__typename
id
status
producer
ticket
connectionType
indication
queryName
criticality
source
research
firstSignal
lastSignal
description
site {
id
name
__typename
}
user {
id
name
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentDetailed
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentDetailed
__typename
}
... on Threat {
...ThreatIncidentDetailed
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentDetailed
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentDetailed
__typename
}
... on MicrosoftEndpoint {
...MicrosoftEndpointIncidentDetailed
__typename
}
... on CatoEndpoint {
...CatoEndpointIncidentDetailed
__typename
}
}
}
fragment TimelineItem on TimelineItem {
createdAt
type
descriptions
additionalInfo
analystInfo {
name
__typename
}
context
category
__typename
}
fragment AnomalyStatsIncidentDetailed on AnomalyStats {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment AnalystFeedback on AnalystFeedback {
verdict
severity
threatType {
name
details
recommendedAction
__typename
}
threatClassification
additionalInfo
__typename
}
fragment AnomalyEventsIncidentDetailed on AnomalyEvents {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatIncidentDetailed on Threat {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
flows {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatPreventionIncidentDetailed on ThreatPrevention {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
threatPreventionsEvents {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referrer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment NetworkXDRIncidentDetailed on NetworkXDRIncident {
__typename
storyDuration
storyType
occurrences
siteConnectionType
siteConfigLocation
acknowledged
description
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
pop
isp
hostIp
ruleName
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
incidentId
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
pop
isp
hostIp
ruleName
tunnelResetCount
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
analystFeedback {
... on AnalystFeedback {
severity
__typename
}
__typename
}
}
fragment MicrosoftEndpointIncidentDetailed on MicrosoftEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
osDetails {
... on OsDetails {
...MicrosoftEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...MicrosoftEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on MicrosoftDefenderEndpointAlert {
...StoryDetailsMicrosoftEndpointAlert
__typename
}
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment MicrosoftEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on MicrosoftEndpointUser {
...MicrosoftEndpointIncidentUserDetails
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentUserDetails on MicrosoftEndpointUser {
name
domainName
__typename
}
fragment StoryDetailsMicrosoftEndpointAlert on MicrosoftDefenderEndpointAlert {
id
title
localIp
destinationIp
destinationUrl
mitreTechnique {
id
name
__typename
}
firstActivityDateTime
lastActivityDateTime
threatName
activities {
...StoryDetailsMicrosoftEndpointActivity
__typename
}
resources {
...StoryDetailsMicrosoftEndpointResource
__typename
}
... on MicrosoftDefenderEndpointAlert {
criticality
msStatus: status
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointActivity on MicrosoftActivity {
id
resourceId
parentResourceId
action
__typename
}
fragment StoryDetailsMicrosoftEndpointResource on MicrosoftEndpointResource {
id
remediationStatus
createdDateTime
verdict
roles
...StoryDetailsMicrosoftEndpointFileResource
...StoryDetailsMicrosoftEndpointProcessResource
...StoryDetailsMicrosoftEndpointRegistryResource
__typename
}
fragment StoryDetailsMicrosoftEndpointFileResource on MicrosoftFileResource {
detectionStatus
fileDetails {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsMicrosoftEndpointProcessResource on MicrosoftProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsMicrosoftEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointUserDetails on EndpointUser {
id
... on MicrosoftEndpointUser {
userSid
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointRegistryResource on MicrosoftRegistryResource {
valueName
valueType
value
key
hive
__typename
}
fragment CatoEndpointIncidentDetailed on CatoEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
macAddress
osDetails {
... on OsDetails {
...CatoEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...CatoEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on CatoEndpointAlert {
...StoryDetailsCatoEndpointAlert
__typename
}
__typename
}
__typename
}
fragment CatoEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment CatoEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on CatoEndpointUser {
...CatoEndpointIncidentUserDetails
__typename
}
__typename
}
fragment CatoEndpointIncidentUserDetails on CatoEndpointUser {
name
__typename
}
fragment StoryDetailsCatoEndpointAlert on CatoEndpointAlert {
id
title
mitreTechnique {
id
name
__typename
}
createdDateTime
threatName
activities {
...StoryDetailsCatoEndpointActivity
__typename
}
resources {
...StoryDetailsCatoEndpointResource
__typename
}
... on CatoEndpointAlert {
criticality
catoStatus: status
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointActivity on CatoActivity {
id
resourceId
parentResourceId
__typename
}
fragment StoryDetailsCatoEndpointResource on CatoResource {
id
createdDateTime
remediationStatus
...StoryDetailsCatoEndpointFileResource
...StoryDetailsCatoEndpointProcessResource
__typename
}
fragment StoryDetailsCatoEndpointFileResource on CatoFileResource {
detectionStatus
fileDetails {
...StoryDetailsCatoEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsCatoEndpointProcessResource on CatoProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsCatoEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsCatoEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointUserDetails on EndpointUser {
id
... on CatoEndpointUser {
name
__typename
}
__typename
}
Variables
{"accountId": "123", "storyId": "abc123"}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"story": {
"playbook": null,
"incident": {
"__typename": "Threat",
"id": "abc123",
"status": "Open",
"producer": "ThreatHunt",
"ticket": null,
"connectionType": "Site",
"indication": "abc123",
"queryName": "abc123",
"criticality": 5,
"source": "abc123",
"research": false,
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T13:00:00Z",
"description": "abc123",
"site": null,
"user": null,
"srcSiteId": "123",
"flowsCardinality": 4,
"storyDuration": 14400,
"os": "OS_WINDOWS",
"deviceName": "abc123",
"macAddress": "aa:aa:11:22:33:44",
"sourceIp": "1.2.3.4",
"logonName": null,
"direction": "OUTBOUND",
"predictedVerdict": null,
"predictedThreatType": null,
"similarStoriesData": [],
"events": [],
"mitres": [],
"timeSeries": [],
"targets": [
{
"type": "domain",
"name": "123",
"analysisScore": 0.75688803,
"infectionSource": true,
"catoPopularity": -1,
"threatFeeds": 2,
"creationTime": "2023-01-10T06:16:40Z",
"categories": "abc123",
"countryOfRegistration": "CZ",
"searchHits": "123",
"engines": null,
"eventData": [],
"__typename": "IncidentTargetRep"
}
],
"flows": [
{
"appName": "http",
"clientClass": null,
"sourceIp": "11.22.33.111",
"sourcePort": 123,
"direction": "INBOUND",
"createdAt": "2024-02-29T09:45:00Z",
"referer": null,
"userAgent": null,
"method": null,
"destinationCountry": "US",
"destinationPort": 123,
"destinationIp": "11.22.33.644",
"destinationGeolocation": "11.1,22.2",
"url": null,
"tunnelGeolocation": "11.1,22.2",
"domain": "abc123",
"target": "abc123",
"httpResponseCode": null,
"dnsResponseIP": null,
"smbFileName": null,
"fileHash": null,
"ja3": null,
"__typename": "IncidentFlow"
}
],
"analystFeedback": {
"verdict": null,
"severity": null,
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null,
"__typename": "AnalystFeedbackThreatType"
},
"threatClassification": null,
"additionalInfo": null,
"__typename": "AnalystFeedback"
}
},
"__typename": "Story",
"id": "abc123",
"summary": "abc123",
"updatedAt": "2024-03-27T08:32:44Z",
"createdAt": "2024-03-27T08:22:51Z",
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"type": "Diff",
"descriptions": ["abc123"],
"additionalInfo": null,
"analystInfo": null,
"context": "Story created",
"category": null,
"__typename": "TimelineItem"
}
]
}
}
}
}
ZtnaAlwaysOnPolicyQueries
policy
Beta
Response
Returns a ZtnaAlwaysOnPolicy!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnPolicyInput
|
Example
Query
query ztnaAlwaysOn($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "601d474a-9843-4511-8c65-cc3885f9e449",
"index": 1,
"name": "Updated Rule Name Example"
}
},
{
"properties": [],
"rule": {
"id": "ac120fa5-1035-41d2-8f9c-43800048ea0f",
"index": 2,
"name": "Example Rule"
}
},
{
"properties": [],
"rule": {
"id": "dc86486d-1377-4b51-b38f-7911da8f962c",
"index": 3,
"name": "Rule Example "
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query ztnaAlwaysOn($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"revisions": {
"revision": [{"name": "Revision Name Example", "changes": 0}]
}
}
}
}
}
Mutations
AccountManagementMutations
addAccount
Description
Add a new account
Response
Returns an AccountInfo
Arguments
| Name | Description |
|---|---|
input - AddAccountInput!
|
Example
Query
mutation addAccount($accountId:ID!, $input:AddAccountInput!) {
accountManagement(accountId: $accountId) {
addAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"name": "account_name",
"tenancy": "SINGLE_TENANT",
"type": "CUSTOMER",
"description": "account description",
"timezone": "Australia/ACT"
}
}
Response
{
"data": {
"accountManagement": {
"addAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
disableAccount
Beta
Description
Sets the account status to "Disabled" for accounts with plan = "Trial" and status = "Active" or "Locked".
Response
Returns a DisableAccountPayload
Arguments
| Name | Description |
|---|---|
accountId - ID!
|
Example
Query
mutation disableAccount($parentAccountId:ID!, $accountId:ID!) {
accountManagement(accountId: $parentAccountId) {
disableAccount(accountId: $accountId) {
accountInfo {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
plan
status
}
}
}
}
Variables
{"parentAccountId": "123", "accountId": "456"}
Response
{
"data": {
"accountManagement": {
"disableAccount": {
"accountInfo": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
},
"plan": "TRIAL",
"status": "ACTIVE"
}
}
}
}
}
removeAccount
Description
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
Response
Returns a RemoveAccountPayload
Arguments
| Name | Description |
|---|---|
accountId - ID!
|
Example
Query
mutation removeAccount($parentAccountId:ID!, $accountId:ID!) {
accountManagement(accountId: $parentAccountId) {
removeAccount(accountId: $accountId) {
accountInfo {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
}
Variables
{"parentAccountId": "123", "accountId": "456"}
Response
{
"data": {
"accountManagement": {
"removeAccount": {
"accountInfo": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
}
updateAccount
Description
Update existing account attributes
Response
Returns an AccountInfo
Arguments
| Name | Description |
|---|---|
input - UpdateAccountInput!
|
Example
Query
mutation updateAccount($accountId:ID!, $input:UpdateAccountInput!) {
accountManagement(accountId: $accountId) {
updateAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456", "input": {"description": "new account description"}}
Response
{
"data": {
"accountManagement": {
"updateAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AdminMutations
addAdmin
Response
Returns an AddAdminPayload
Arguments
| Name | Description |
|---|---|
input - AddAdminInput!
|
Example
Query
mutation addAdmin($accountId:ID!, $input: AddAdminInput!) {
admin(accountId:$accountId) {
addAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"passwordNeverExpires": false,
"mfaEnabled": true,
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addAdmin": {"adminID": "456"}}}}
addServicePrincipalAdmin
Response
Returns an AddServicePrincipalAdminPayload
Arguments
| Name | Description |
|---|---|
input - AddServicePrincipalAdminInput!
|
Example
Query
mutation addServicePrincipalAdmin($accountId:ID!, $input: AddServicePrincipalAdminInput!) {
admin(accountId:$accountId) {
addServicePrincipalAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"name": "Service Principal",
"email": "service.principal@company.org",
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addServicePrincipalAdmin": {"adminID": "456"}}}}
removeAdmin
Response
Returns a RemoveAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
Example
Query
mutation removeAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeAdmin": {"adminID": "456"}}}}
removeServicePrincipalAdmin
Response
Returns a RemoveServicePrincipalAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
Example
Query
mutation removeServicePrincipalAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeServicePrincipalAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeServicePrincipalAdmin": {"adminID": "456"}}}}
updateAdmin
Response
Returns an UpdateAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
|
input - UpdateAdminInput!
|
Example
Query
mutation updateAdmin($accountId:ID!, $adminID:ID!, $input: UpdateAdminInput!){
admin(accountId:$accountId) {
updateAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"managedRoles": [
{"role": {"id": 1, "name": "Editor"}},
{"role": {"id": 2, "name": "Viewer"}}
]
}
}
Response
{"data": {"admin": {"updateAdmin": {"adminID": "456"}}}}
updateServicePrincipalAdmin
Response
Returns an UpdateServicePrincipalAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
|
input - UpdateServicePrincipalAdminInput!
|
Example
Query
mutation updateServicePrincipalAdmin($accountId:ID!, $adminID:ID!, $input: UpdateServicePrincipalAdminInput!){
admin(accountId:$accountId) {
updateServicePrincipalAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"name": "Service Principal (renamed)",
"managedRoles": [{"role": {"id": 1, "name": "Editor"}}]
}
}
Response
{"data": {"admin": {"updateServicePrincipalAdmin": {"adminID": "456"}}}}
AntiMalwareFileHashPolicyMutations
addRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
addRule(input: {
rule: {
enabled: true
name: "Block Malicious File"
description: "Block file with known malicious hash."
fileName: "malware.exe"
expirationDate: "2025-12-31T23:59:59Z"
action: BLOCK
sha256: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
fileName
expirationDate
action
sha256
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "example-id",
"name": "Block Malicious File",
"description": "Block file with known malicious hash.",
"enabled": true,
"fileName": "malware.exe",
"expirationDate": "2025-12-31T23:59:59Z",
"action": "BLOCK",
"sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"addSection": {
"section": {"section": {"id": "section-id", "name": "New section"}},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "revision-id",
"createdTime": "2025-08-27T12:00:00Z",
"updatedTime": "2025-08-27T12:00:00Z"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
moveRule(input: {
id: "rule-id"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"moveRule": {
"status": "SUCCESS",
"rule": {"rule": {"index": 1, "id": "rule-id"}}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
moveSection(input: {
id: "section-id"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": [],
"section": {"id": "section-id", "name": "Section Name"}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Block malicious file hashes"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
removeRule(input: {
id: "example-id"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"antiMalwareFileHash": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
removeSection(input: {
id: "section-id"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"antiMalwareFileHash": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
updateRule(input: {
id: "example-id"
rule: {
name: "Updated File Hash Rule"
fileName: "updated-malware.exe"
expirationDate: "2026-01-01T00:00:00Z"
action: BYPASS
sha256: "abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd"
}
}) {
status
rule {
rule {
id
name
fileName
expirationDate
action
sha256
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "example-id",
"name": "Updated File Hash Rule",
"fileName": "updated-malware.exe",
"expirationDate": "2026-01-01T00:00:00Z",
"action": "BYPASS",
"sha256": "abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
updateSection(input: {
id: "section-id"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {"id": "section-id", "name": "Updated section name"}
}
}
}
}
}
}
AppTenantRestrictionPolicyMutations
addRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
severity: MEDIUM
action: INJECT_HEADERS
application: {
input:"hibob"
by: ID
}
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
headers: [{
name: "headerName"
value: "headerValue"
}]
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addSection": {
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "276f34f3-197d-41ec-8d3d-de34bc703da9",
"createdTime": "2024-12-15T13:25:34.774",
"updatedTime": "2024-12-15T13:25:34.774"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "58dc4161-77bb-4866-a2c8-3eed554158f7"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveSection(input: {
id: "0f61ccb5-1912-4bc0-ade6-06fc684b561f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
}
}
}
}
}
}
ApplicationControlPolicyMutations
addRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
ruleType: APPLICATION
applicationRule: {
application: {
application: {
input:"hibob"
by: ID
}
}
}
},
at: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorCode
errorMessage
}
rule {
properties
audit {
updatedTime
updatedBy
}
rule {
id
name
description
enabled
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"properties": ["ADDED"],
"audit": {
"updatedTime": "2025-09-14T08:09:19.776",
"updatedBy": "kfir.dadosh@catonetworks.com"
},
"rule": {
"id": "b2b8784e-359c-428e-878b-de53d8730998",
"name": "Example Rule",
"description": "Example description",
"enabled": true
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"addSection": {
"section": {
"section": {
"id": "ba6e65bb-bdd6-432e-9c73-56ceeef599d6",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "6f89b7da-c5fb-44b3-b101-3b541dc20c08",
"createdTime": "2025-09-14T08:09:36.612",
"updatedTime": "2025-09-14T08:09:36.612"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
moveRule(input: {
id: "b2b8784e-359c-428e-878b-de53d8730998"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "b2b8784e-359c-428e-878b-de53d8730998"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
applicationControl {
moveSection(input: {
id: "0f61ccb5-1912-4bc0-ade6-06fc684b561f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section does not exist",
"errorCode": "sectionNotExist"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
applicationControl {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
applicationControl {
removeRule(input: {
id: "b2b8784e-359c-428e-878b-de53d8730998"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"applicationControl": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
removeSection(input: {
id: "ba6e65bb-bdd6-432e-9c73-56ceeef599d6"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"applicationControl": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
updateRule(input: {
id: "b2b8784e-359c-428e-878b-de53d8730998"
rule: {
name: "Updated rule name"
}
}) {
status
rule {
rule {
id
name
description
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "b2b8784e-359c-428e-878b-de53d8730998",
"name": "Updated rule name",
"description": "Example description"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
updateSection(input: {
id: "ba6e65bb-bdd6-432e-9c73-56ceeef599d6"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "ba6e65bb-bdd6-432e-9c73-56ceeef599d6",
"name": "New section"
}
}
}
}
}
}
}
ClientConnectivityPolicyMutations
addRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example Description"
source: {}
platform: [MACOS]
device: []
country: [
{
by: ID
input: "US"
}
]
confidenceLevel: HIGH
connectionOrigin: [REMOTE]
sourceRange: []
action: ALLOW_INTERNET
}
}) {
status
errors {
errorCode
errorMessage
}
rule {
rule {
id
name
description
enabled
platform
country {
id
name
}
confidenceLevel
connectionOrigin
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"rule": {
"id": "90c3207e-6aed-400f-8f7e-48abdf973ed9",
"name": "Example Rule",
"description": "Example Description",
"enabled": true,
"platform": ["MACOS"],
"country": [{"id": "US", "name": "United States"}],
"confidenceLevel": "HIGH",
"connectionOrigin": ["REMOTE"],
"action": "ALLOW_INTERNET"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"addSection": {
"section": {
"section": {
"id": "6cad9bd7-9c7a-462b-91b4-1ce781788a74",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "8a16c79a-3946-47e8-ad68-1b8cb03bb32d",
"createdTime": "2025-11-24T08:36:25.528",
"updatedTime": "2025-11-24T08:36:25.528"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
moveRule(input: {
id: "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
clientConnectivity {
moveSection(input: {
id: "6cad9bd7-9c7a-462b-91b4-1ce781788a74"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "6cad9bd7-9c7a-462b-91b4-1ce781788a74",
"name": "New section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
clientConnectivity {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
clientConnectivity {
removeRule(input: {
id: "90c3207e-6aed-400f-8f7e-48abdf973ed9"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"clientConnectivity": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
removeSection(input: {
id: "6cad9bd7-9c7a-462b-91b4-1ce781788a74"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"clientConnectivity": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
updateRule(input: {
id: "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da"
rule: {
name: "Updated rule name"
platform: [MACOS]
}
}) {
status
rule {
rule {
id
name
description
platform
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da",
"name": "Updated rule name",
"description": "",
"platform": ["MACOS"],
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
updateSection(input: {
id: "6cad9bd7-9c7a-462b-91b4-1ce781788a74"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "6cad9bd7-9c7a-462b-91b4-1ce781788a74",
"name": "New section"
}
}
}
}
}
}
}
ContainerMutations
delete
Beta
Response
Returns a DeleteContainerPayload!
Arguments
| Name | Description |
|---|---|
input - DeleteContainerInput!
|
Example
Query
mutation removeValuesFqdnContainer($accountId:ID!, $input:DeleteContainerInput!) {
container(accountId: $accountId) {
delete(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"delete": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
FqdnContainerMutations
addValues
Beta
Response
Returns a FqdnContainerAddValuesPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerAddValuesInput!
|
Example
Query
mutation addValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerAddValuesInput!) {
container(accountId: $accountId) {
fqdn {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"addValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Returns a CreateFqdnContainerFromFilePayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromFileInput!
|
Example
Query
mutation createFqdnContainerFromFile($accountId:ID!, $input:CreateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromList
Beta
Response
Returns a CreateFqdnContainerFromListPayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromListInput!
|
Example
Query
mutation createFqdnContainerFromListInput($accountId:ID!, $input:CreateFqdnContainerFromListInput!) {
container(accountId: $accountId) {
fqdn {
createFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"values": ["www.example.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromURL
Beta
Response
Returns a CreateFqdnContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromUrlInput!
|
Example
Query
mutation createFqdnContainerFromURL($accountId:ID!, $input:CreateFqdnContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
createFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "FQDN Container from URL",
"description": "Container synced from external URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/fqdns.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"by": "NAME", "input": "All Admins"}]
}
}
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromURL": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "FQDN Container from URL",
"description": "Container synced from external URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/fqdns.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"id": "-100", "name": "All Admins"}]
}
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns a FqdnContainerRemoveValuesPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerRemoveValuesInput!) {
container(accountId: $accountId) {
fqdn {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"removeValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
syncFromURL
Beta
Response
Returns a SyncFqdnContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - SyncFqdnContainerFromUrlInput!
|
Example
Query
mutation syncFqdnContainerFromURL($accountId:ID!, $input:SyncFqdnContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
syncFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
syncDataAudit {
lastSynced
lastSyncAttempt
errorMsg
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "FQDN Container from URL"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"syncFromURL": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "FQDN Container from URL",
"description": "Container synced from external URL",
"size": 150,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T16:00:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/fqdns.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
},
"syncDataAudit": {
"lastSynced": "2024-09-18T16:00:00Z",
"lastSyncAttempt": "2024-09-18T16:00:00Z",
"errorMsg": null
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Returns an UpdateFqdnContainerFromFilePayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromFileInput!
|
Example
Query
mutation updateFqdnContainerFromFile($accountId:ID!, $input:UpdateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromList
Beta
Response
Returns an UpdateFqdnContainerFromListPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromListInput!
|
Example
Query
mutation updateFqdnContainerFromListInput($accountId:ID!, $input:UpdateFqdnContainerFromListInput!) {
container(accountId: $accountId) {
fqdn {
updateFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"values": ["www.example.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromURL
Beta
Response
Returns an UpdateFqdnContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromUrlInput!
|
Example
Query
mutation updateFqdnContainerFromURL($accountId:ID!, $input:UpdateFqdnContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
updateFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "FQDN Container from URL"},
"description": "Updated description for container synced from URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/fqdns-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromURL": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "FQDN Container from URL",
"description": "Updated description for container synced from URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T15:45:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/fqdns-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
}
}
}
}
IpAddressRangeContainerMutations
addValues
Beta
Response
Returns an IpAddressRangeContainerAddValuesPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerAddValuesInput!
|
Example
Query
mutation addValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerAddValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"addValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation createIpAddressRangeContainerFromFile($accountId:ID!, $input:CreateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromListInput!
|
Example
Query
mutation createIpAddressRangeContainerFromList($accountId:ID!, $input:CreateIpAddressRangeContainerFromListInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"values": [{"from": "1.2.3.4", "to": "2.3.4.5"}]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromURL
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromUrlInput!
|
Example
Query
mutation createIpAddressRangeContainerFromURL($accountId:ID!, $input:CreateIpAddressRangeContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "IP Range Container from URL",
"description": "Container synced from external URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/ip-ranges.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"by": "NAME", "input": "All Admins"}]
}
}
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromURL": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "IP Range Container from URL",
"description": "Container synced from external URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/ip-ranges.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"id": "-100", "name": "All Admins"}]
}
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns an IpAddressRangeContainerRemoveValuesPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerRemoveValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"removeValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
syncFromURL
Beta
Response
Arguments
| Name | Description |
|---|---|
input - SyncIpAddressRangeContainerFromUrlInput!
|
Example
Query
mutation syncIpAddressRangeContainerFromURL($accountId:ID!, $input:SyncIpAddressRangeContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
syncFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
syncDataAudit {
lastSynced
lastSyncAttempt
errorMsg
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "IP Range Container from URL"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"syncFromURL": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "IP Range Container from URL",
"description": "Container synced from external URL",
"size": 150,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T16:00:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/ip-ranges.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
},
"syncDataAudit": {
"lastSynced": "2024-09-18T16:00:00Z",
"lastSyncAttempt": "2024-09-18T16:00:00Z",
"errorMsg": null
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromFile($accountId:ID!, $input:UpdateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromListInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromList($accountId:ID!, $input:UpdateIpAddressRangeContainerFromListInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"values": [{"from": "1.2.3.4", "to": "2.3.4.5"}]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromURL
Beta
Response
Returns an UpdateIpAddressRangeContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromUrlInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromURL($accountId:ID!, $input:UpdateIpAddressRangeContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "IP Range Container from URL"},
"description": "Updated description for container synced from URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/ip-ranges-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromURL": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "IP Range Container from URL",
"description": "Updated description for container synced from URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T15:45:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/ip-ranges-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
}
}
}
}
DynamicIpAllocationPolicyMutations
addRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example description"
range: {
globalIpRange:{
by: NAME
input: "12.22.18.0/24"
}
}
}
})
{
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "ce815213-ec04-435a-8bf9-3ef5ada025e6",
"createdTime": "2024-09-25T14:31:07.605",
"updatedTime": "2024-09-25T14:31:07.605"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveRule(input: {
id: "3c345055-4f14-48dc-ab8c-5b5db9d778fc"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
publishPolicyRevision(input: {
name: "IT Group SDP Users Dynamic IP Allocation Example"
description : "Allocate Dynamic IP range for IT group Example"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeRule(input: {
id: "60ba1383-04ce-4a1f-8c61-5e5a3c2eabb1"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateRule(input: {
id: "2c25bae8-f787-4098-b3c2-6057e5fe8537"
rule: {
name: "Updated Rule Name Example"
}
}) {
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Updated rule name",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateSection(input: {
id: "54a367d6-75da-4399-bc03-65170ea97d3f"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "New section"
}
}
}
}
}
}
}
EnterpriseDirectoryMutations
Response
Returns an EnterpriseDirectoryArchiveLocationPayload
Arguments
| Name | Description |
|---|---|
locationId - ID
|
Example
Query
mutation archiveEnterpriseDirectoryLocation($accountID:ID!, $locationID: ID!) {
enterpriseDirectory(accountId:$accountID) {
archiveLocation(locationId: $locationID
){
location{
id
}
}
}
}
Variables
{"accountID": "123456", "locationID": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
Response
{
"data": {
"enterpriseDirectory": {
"archiveLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
Response
Returns an EnterpriseDirectoryCreateLocationPayload
Arguments
| Name | Description |
|---|---|
input - EnterpriseDirectoryCreateLocationInput!
|
Example
Query
mutation createEnterpriseDirectoryLocation($accountID:ID!, $input: EnterpriseDirectoryCreateLocationInput!) {
enterpriseDirectory(accountId:$accountID) {
createLocation(input: $input
){
location{
id
}
}
}
}
Variables
{
"accountID": "123456",
"input": {
"name": "test location",
"type": "BRANCH",
"details": {
"companyName": "",
"postalAddress": {
"street": "226 rue de rivoli",
"cityName": "Paris",
"zipCode": "75019",
"country": {"by": "ID", "input": "FR"}
},
"contact": {
"name": "Angelina",
"phone": "0567476293",
"email": "Angelina@gmail.com"
},
"vatId": ""
}
}
}
Response
{
"data": {
"enterpriseDirectory": {
"createLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
Response
Returns an EnterpriseDirectoryRestoreLocationPayload
Arguments
| Name | Description |
|---|---|
locationId - ID
|
Example
Query
mutation restoreEnterpriseDirectoryLocation($accountID:ID!, $locationID: ID!) {
enterpriseDirectory(accountId:$accountID) {
restoreLocation(locationId: $locationID
){
location{
id
}
}
}
}
Variables
{"accountID": "123456", "locationID": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
Response
{
"data": {
"enterpriseDirectory": {
"restoreLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
Response
Returns an EnterpriseDirectoryUpdateLocationPayload
Arguments
| Name | Description |
|---|---|
input - EnterpriseDirectoryUpdateLocationInput!
|
Example
Query
mutation updateEnterpriseDirectoryLocation($accountID:ID!, $input: EnterpriseDirectoryUpdateLocationInput!) {
enterpriseDirectory(accountId:$accountID) {
updateLocation(input: $input
){
location{
id
}
}
}
}
Variables
{
"accountID": "123456",
"input": {
"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20",
"name": "test location",
"type": "BRANCH",
"details": {
"companyName": "",
"postalAddress": {
"street": "226 rue de rivoli",
"cityName": "Paris",
"zipCode": "75019",
"country": {"by": "ID", "input": "FR"}
},
"contact": {
"name": "Angelina",
"phone": "0567476293",
"email": "Angelina@gmail.com"
},
"vatId": ""
}
}
}
Response
{
"data": {
"enterpriseDirectory": {
"updateLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
GroupsMutations
createGroup
Beta
Description
Create a new group
Response
Returns a CreateGroupPayload
Arguments
| Name | Description |
|---|---|
input - CreateGroupInput!
|
Example
Query
mutation createGroup($accountId: ID!, $input: CreateGroupInput!) {
groups(accountId: $accountId) {
createGroup(input: $input) {
group {
id
name
description
membersCount
members {
items {
name
type
}
paging {
total
}
}
membersCountPerType {
type
membersCount
}
audit {
updatedTime
}
}
}
}
}
Variables
{
"accountId": "12345",
"input": {
"name": "group-2",
"description": "a group of printers",
"members": [{"type": "HOST", "by": "ID", "input": "3579"}]
}
}
Response
{
"data": {
"groups": {
"createGroup": {
"group": {
"id": "54499492-a6eb-4a99-90f2-795da5d942ce",
"name": "group-2",
"description": "a group of printers",
"membersCount": 1,
"members": {
"items": [{"name": "printer-1", "type": "HOST"}],
"paging": {"total": 1}
},
"membersCountPerType": [{"type": "HOST", "membersCount": 1}],
"audit": {"updatedTime": "2023-07-27T11:43:13.889"}
}
}
}
}
}
deleteGroup
Beta
Description
Delete a group
Response
Returns a DeleteGroupPayload
Arguments
| Name | Description |
|---|---|
input - GroupRefInput!
|
Example
Query
mutation deleteGroup($accountId: ID!, $group: GroupRefInput!) {
groups(accountId: $accountId) {
deleteGroup(input: $group) {
group {
id
name
}
}
}
}
Variables
{"accountId": "12345", "group": {"input": "group-2"}}
Response
{
"data": {
"groups": {
"deleteGroup": {
"group": {
"id": "54499492-a6eb-4a99-90f2-795da5d942fb",
"name": "group-2"
}
}
}
}
}
updateGroup
Beta
Description
Update an existing group, including attributes such as name, description, and member items
Response
Returns an UpdateGroupPayload
Arguments
| Name | Description |
|---|---|
input - UpdateGroupInput!
|
Example
Query
mutation updateGroup($accountId: ID!, $input: UpdateGroupInput!) {
groups(accountId: $accountId) {
updateGroup(input: $input) {
group {
id
name
description
membersCount
members {
items {
name
type
}
paging {
total
}
}
membersCountPerType {
type
membersCount
}
audit {
updatedTime
}
}
}
}
}
Variables
{
"accountId": "12345",
"input": {
"group": {"by": "NAME", "input": "group-2"},
"membersToAdd": [{"by": "ID", "input": "2468", "type": "SITE"}],
"membersToRemove": [{"by": "ID", "input": "3579", "type": "SITE"}]
}
}
Response
{
"data": {
"groups": {
"updateGroup": {
"group": {
"id": "54499492-a6eb-4a99-90f2-795da5d942ce",
"name": "grp-2",
"description": "grp-2 description",
"membersCount": 1,
"members": {
"items": [{"name": "s1", "type": "SITE"}],
"paging": {"total": 1}
},
"membersCountPerType": [{"type": "SITE", "membersCount": 1}],
"audit": {"updatedTime": "2023-07-27T11:55:02.717"}
}
}
}
}
}
HardwareMutations
updateHardwareShipping
Beta
Description
Set Shipping details for a list of hardware
Response
Returns a HardwarePayload
Arguments
| Name | Description |
|---|---|
input - UpdateHardwareShippingInput!
|
Example
Query
mutation hardware($accountID:ID!, $input: UpdateHardwareShippingInput!) {
hardware(accountId:$accountID) {
updateHardwareShipping(input: $input
){
items{
id
}
}
}
}
Variables
{
"accountID": "26361",
"input": {
"ids": ["4749add2-b6f4-45cf-8b04-41e83ccaed20"],
"details": {
"powerCable": "US",
"details": {
"address": {
"companyName": "Angelina",
"street": "226 rue de rivoli",
"cityName": "paris",
"countryName": "France",
"zipCode": "75003"
},
"contact": {
"name": "Laith",
"phone": "0567476293",
"email": "laith.abukhaizaran@catonetworks.com"
}
}
}
}
}
Response
{
"data": {
"hardware": {
"updateHardwareShipping": {
"items": [{"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}]
}
}
}
}
InternetFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
action: ALLOW
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "ALLOW"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSection": {
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
addSubPolicy
Beta
Description
Add a new sub-policy to the Internet Firewall policy.
Response
Returns an InternetFirewallAddSubPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallAddSubPolicyInput!
|
Example
Query
mutation AddSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSubPolicy(input: {
scope: {
enabled: true
name: "Sub-policy 1"
description: "Example sub policy"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
},
at: {
position: LAST_IN_POLICY
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
createPolicyRevision
Beta
Description
Create the policy revision. Create a new empty policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "c15811b4-1e43-44ea-a132-6d1a73cb7f8d",
"createdTime": "2024-07-18T21:49:58.116",
"updatedTime": "2024-07-18T21:49:58.116"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "106ee457-4406-4ea4-a163-36aa247de48f"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section with system rules cannot be moved or removed",
"errorCode": "sectionSystemMove"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing rule from the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeSection": {"status": "FAILURE"}}}
}
}
removeSubPolicy
Beta
Description
Remove an existing sub-policy from the Internet Firewall policy.
Response
Arguments
| Name | Description |
|---|---|
input - InternetFirewallRemoveSubPolicyInput!
|
Example
Query
mutation RemoveSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSubPolicy(input: {
ref: {
input: "5b1716a1-95c1-4206-9ffd-a53e34307bb9"
by: ID
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"removeSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
}
}
}
}
}
LicensingMutations
updateCommercialLicense
Beta
Description
BETA
Response
Returns an UpdateCommercialLicensePayload
Arguments
| Name | Description |
|---|---|
input - UpdateCommercialLicenseInput!
|
Example
Query
mutation updateCommercialLicense($accountId: ID!, $updateCommercialLicenseInput: UpdateCommercialLicenseInput!) {
licensing(accountId: $accountId) {
updateCommercialLicense(input: $updateCommercialLicenseInput) {
license {
__typename
id
startDate
}
}
}
}
Variables
{
"accountId": "123",
"updateCommercialLicenseInput": {
"startDate": "2025-10-20T00:00:00.000Z",
"licenseId": "99d9485f-0829-4b7e-8781-6365bd6f8914"
}
}
Response
{
"data": {
"licensing": {
"updateCommercialLicense": {
"license": {
"__typename": "SiteLicense",
"id": "99d9485f-0829-4b7e-8781-6365bd6f8914",
"startDate": "2025-10-20T00:00:00.000Z"
}
}
}
}
}
RemotePortFwdPolicyMutations
addRule
Beta
Description
Add a new port forwarding rule to enable remote access to internal services.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addRule(input: {
rule: {
enabled: true,
name: "RPF Rule",
description: "RPF Rule",
forwardIcmp: false,
externalIp: {
by: ID,
input: "26270"
},
externalPortRange: {
from: 8095,
to: 8095
},
internalIp: "1.1.1.1",
internalPortRange: {
from: 8095,
to: 8095
},
remoteIPs: {
ip: [
"8.8.8.8"
]
},
restrictionType: ALLOW_LIST
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
enabled
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"forwardIcmp": false,
"externalIp": {
"id": "26270",
"name": "exaltsimu_test_4 - 198.20.1.16"
},
"externalPortRange": {"from": 8095, "to": 8095},
"internalIp": "1.1.1.1",
"internalPortRange": {"from": 8095, "to": 8095},
"remoteIPs": {"ip": ["8.8.8.8"]}
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addSection": {
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create a new empty policy revision for port forwarding rules.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "b8305755-fe19-4868-9962-dff25687e722",
"createdTime": "2024-11-19T16:11:21.338",
"updatedTime": "2024-11-19T16:11:21.338"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this revision are discarded and the revision is deleted.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the priority/position of an existing port forwarding rule.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "d22ece52-f1cb-46c4-b3d5-367125bebb37"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
publishPolicyRevision(input: {
name: "NA sites"
description : "Allow traffic for North America sites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing port forwarding rule from the policy.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"remotePortFwd": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"remotePortFwd": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Description
Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing port forwarding rule configuration.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
rule: {
internalIp: "10.0.0.1",
}
}) {
status
rule {
rule {
id
name
enabled
description
internalIp
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"internalIp": "10.0.0.1"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
SandboxMutations
Description
Delete a sandbox report
Response
Returns a DeleteReportPayload!
Arguments
| Name | Description |
|---|---|
input - DeleteReportInput!
|
Example
Query
mutation sandboxReports($accountId: ID!, $input: DeleteReportInput!) {
sandbox(accountId: $accountId) {
deleteReport(input: $input) {
fileHash
}
}
}
Variables
{"accountId": 12345, "input": {"fileHash": "FILE_HASH"}}
Response
{"data": {"sandbox": {"deleteReport": {"fileHash": "FILE_HASH"}}}}
Description
Upload a file for sandbox analysis
Response
Returns an UploadFilePayload!
Arguments
| Name | Description |
|---|---|
input - UploadFileInput!
|
Example
Query
mutation sandboxReports($accountId: ID!, $input: UploadFileInput!) {
sandbox(accountId: $accountId) {
uploadFile(input: $input) {
uploadUrl
}
}
}
Variables
{"accountId": 12345, "input": {"fileName": "eicar.zip"}}
Response
{"data": {"sandbox": {"uploadFile": {"uploadUrl": "UPLOAD_URL"}}}}
SiteMutations
addBgpPeer
Beta
Description
Adds a new BGP peer to the specified site.
Response
Returns an AddBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - AddBgpPeerInput!
|
Example
Query
mutation addBgpPeer($accountId: ID!, $input: AddBgpPeerInput!) {
site(accountId: $accountId) {
addBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"site": {"input": "456", "by": "ID"},
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"tracking": {
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
Response
{
"data": {
"site": {
"addBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3830",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1689",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
addCloudInterconnectPhysicalConnection
Beta
Description
Add a new physical connection to a cloud interconnect site.Either connect to a partner, or a non-supported public provider
Response
Arguments
| Name | Description |
|---|---|
input - AddCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation addCloudInterconnectPhysicalConnection($accountId: ID!, $input: AddCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
addCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {
"site": {"by": "ID", "input": "400957"},
"haRole": "PRIMARY",
"popLocation": {"input": "10000", "by": "ID"},
"serviceProviderName": "Equinix",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": "100",
"downstreamBwLimit": "100"
}
}
Response
{
"data": {
"site": {
"addCloudInterconnectPhysicalConnection": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
addCloudInterconnectSite
Beta
Description
Add a new cloud interconnect site.
Response
Returns an AddCloudInterconnectSitePayload
Arguments
| Name | Description |
|---|---|
input - AddCloudInterconnectSiteInput!
|
Example
Query
mutation addCloudInterconnectSite($accountId: ID!, $input: AddCloudInterconnectSiteInput!){
site(accountId: $accountId) {
addCloudInterconnectSite( input: $input){
siteId
}
}
}
Variables
{
"accountId": 128782,
"input": {
"name": "cloud_interconnect_test_site",
"siteType": "BRANCH",
"description": "test description",
"siteLocation": {
"countryCode": "AF",
"timezone": "Asia/Kabul",
"city": "‘Alāqahdārī Aṯghar"
}
}
}
Response
{"data": {"site": {"addCloudInterconnectSite": {"siteId": "400957"}}}}
addIpsecIkeV2Site
Beta
Response
Returns an AddIpsecIkeV2SitePayload
Arguments
| Name | Description |
|---|---|
input - AddIpsecIkeV2SiteInput!
|
Example
Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
site(accountId:$accountId) {
addIpsecIkeV2Site(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"vlan": 1400,
"siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
}
}
Response
{"data": {"site": {"addIpsecIkeV2Site": {"siteId": "456"}}}}
addIpsecIkeV2SiteTunnels
Beta
Response
Returns an AddIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - AddIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"publicSiteIp": "10.10.10.1",
"privateCatoIp": "1.1.1.12",
"privateSiteIp": "1.1.1.13",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"publicSiteIp": "20.20.20.1",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"site": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
addNetworkRange
Response
Returns an AddNetworkRangePayload
Arguments
| Name | Description |
|---|---|
lanSocketInterfaceId - ID!
|
|
input - AddNetworkRangeInput!
|
Example
Query
mutation addNetworkRange(
$accountId:ID!,
$lanSocketInterfaceId: ID!,
$input:AddNetworkRangeInput!
) {
site(accountId:$accountId){
addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
networkRangeId
}
}
}
Variables
{
"accountId": "123",
"lanSocketInterfaceId": "456",
"input": {
"name": "Printers",
"rangeType": "Routed",
"subnet": "123.0.1.0/30",
"gateway": "123.0.0.2"
}
}
Response
{"data": {"site": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
addSecondaryAwsVSocket
Beta
Description
Add a secondary AWS vSocket to an existing site
Response
Returns an AddSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryAwsVSocketInput!
|
Example
Query
mutation addSecondaryAwsVSocket($accountId:ID!, $input:AddSecondaryAwsVSocketInput!){
site(accountId:$accountId) {
addSecondaryAwsVSocket(input:$input) {
id
}
}
}
Variables
{
"accountId": "143762",
"input": {
"site": {"by": "ID", "input": "400353"},
"eniIpAddress": "11.22.34.50",
"eniIpSubnet": "11.22.34.0/24",
"routeTableId": "123"
}
}
Response
{"data": {"site": {"addSecondaryAwsVSocket": {"id": "NDAwOTU3LVBSSU1BUlk="}}}}
addSecondaryAzureVSocket
Beta
Description
Add a secondary Azure vSocket to an existing site
Response
Returns an AddSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryAzureVSocketInput!
|
Example
Query
mutation addSecondaryAzureVSocket($accountId:ID!, $input:AddSecondaryAzureVSocketInput!){
site(accountId:$accountId) {
addSecondaryAzureVSocket(input:$input) {
id
}
}
}
Variables
{
"accountId": "143762",
"input": {
"site": {"by": "ID", "input": "400353"},
"interfaceIp": "20.0.0.57",
"floatingIp": "20.0.0.17"
}
}
Response
{"data": {"site": {"addSecondaryAzureVSocket": {"id": "627135"}}}}
Response
Returns an AddSocketAddOnCardPayload
Arguments
| Name | Description |
|---|---|
input - AddSocketAddOnCardInput!
|
Example
Query
mutation addSocketAddOnCard($accountId: ID!, $input: AddSocketAddOnCardInput!) {
sites(accountId: $accountId) {
addSocketAddOnCard(input: $input) {
...AddSocketAddOnCardData
__typename
}
__typename
}
}
fragment AddSocketAddOnCardData on AddSocketAddOnCardPayload {
addOns {
expansionSlotNumber
type
__typename
}
__typename
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "456", "by": "ID"},
"addOns": [
{"type": "FOUR_10G_FIBER", "expansionSlotNumber": "SLOT_1"},
{"type": "FOUR_10G_FIBER", "expansionSlotNumber": "SLOT_2"}
]
}
}
Response
{
"data": {
"sites": {
"addSocketAddOnCard": {
"addOns": [
{
"expansionSlotNumber": "SLOT_1",
"type": "FOUR_10G_FIBER",
"__typename": "SocketAddOnCard"
},
{
"expansionSlotNumber": "SLOT_2",
"type": "FOUR_10G_FIBER",
"__typename": "SocketAddOnCard"
}
],
"__typename": "AddSocketAddOnCardPayload"
},
"__typename": "SiteMutations"
}
}
}
addSocketSite
Response
Returns an AddSocketSitePayload
Arguments
| Name | Description |
|---|---|
input - AddSocketSiteInput!
|
Example
Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
site(accountId:$accountId) {
addSocketSite(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"connectionType": "SOCKET_X1700",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"vlan": 1400,
"siteLocation": {
"countryCode": "IL",
"timezone": "Asia/Jerusalem",
"city": "Asheklon"
}
}
}
Response
{"data": {"site": {"addSocketSite": {"siteId": "456"}}}}
addStaticHost
Response
Returns an AddStaticHostPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - AddStaticHostInput!
|
Example
Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
site(accountId:$accountId){
addStaticHost(siteId:$siteId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"site": {"addStaticHost": {"hostId": "789"}}}}
assignSiteBwLicense
Beta
Description
Assign a license to an existing site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns an AssignSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - AssignSiteBwLicenseInput!
|
Example
Query
mutation assignSiteBwLicense($accountId: ID!, $input: AssignSiteBwLicenseInput!) {
sites(accountId: $accountId) {
assignSiteBwLicense(input: $input) {
license {
__typename
id,
sku,
... on SiteLicense {
site {
id
}
total
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "445432"},
"licenseId": "99d9485f-0829-4b7e-8781-6365bd6f8914"
}
}
Response
{
"data": {
"sites": {
"assignSiteBwLicense": {
"license": {
"__typename": "SiteLicense",
"id": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d",
"sku": "CATO_SITE",
"site": {"id": "453087"},
"total": 1000
}
}
}
}
}
removeBgpPeer
Beta
Description
Removes an existing BGP peer configuration from a site.
Response
Returns a RemoveBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - RemoveBgpPeerInput!
|
Example
Query
mutation removeBgpPeer($accountId: ID!, $input: RemoveBgpPeerInput!) {
site(accountId: $accountId) {
removeBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"id": "13372"}}
Response
{
"data": {
"site": {
"removeBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3832",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1691",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
removeCloudInterconnectPhysicalConnection
Beta
Description
Remove a physical connection from a cloud interconnect site.
Response
Arguments
| Name | Description |
|---|---|
input - RemoveCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation removeCloudInterconnectPhysicalConnection($accountId: ID!, $input: RemoveCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
removeCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"removeCloudInterconnectPhysicalConnection": {
"id": "NDAwOTU3LVBSSU1BUlk="
}
}
}
}
removeIpsecIkeV2SiteTunnels
Beta
Response
Returns a RemoveIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - RemoveIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation removeIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: RemoveIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
removeIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"tunnelId": "PRIMARY1"}}
Response
{"data": {"site": {"removeIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
removeNetworkRange
Response
Returns a RemoveNetworkRangePayload
Arguments
| Name | Description |
|---|---|
networkRangeId - ID!
|
Example
Query
mutation removeNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
) {
site(accountId:$accountId){
removeNetworkRange(networkRangeId:$networkRangeId){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"site": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
removeSecondaryAwsVSocket
Beta
Description
Remove the secondary AWS vSocket from an existing site
Response
Returns a RemoveSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
mutation RemoveSecondaryAwsVSocket($accountId: ID!, $socketId: ID!) {
site(accountId: $accountId) {
removeSecondaryAwsVSocket(socketId: $socketId) {
secondaryAwsVSocket {
site {
id
name
}
id
ipAddress
subnet
routeTableId
}
}
}
}
Variables
{"accountId": "5018", "socketId": 648938}
Response
{
"data": {
"site": {
"removeSecondaryAwsVSocket": {
"secondaryAwsVSocket": {
"site": {"id": "360942", "name": "aws"},
"id": "648938",
"ipAddress": "10.20.30.40",
"subnet": "10.20.30.0/24",
"routeTableId": "rtb-123456"
}
}
}
}
}
removeSecondaryAzureVSocket
Beta
Description
Remove the secondary Azure vSocket from an existing site
Response
Returns a RemoveSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
mutation RemoveSecondaryAzureVSocket($accountId: ID!, $socketId: ID!) {
site(accountId: $accountId) {
removeSecondaryAzureVSocket(socketId: $socketId) {
secondaryAzureVSocket {
site {
id
name
}
id
interfaceIp
floatingIp
}
}
}
}
Variables
{"accountId": "5018", "socketId": 654376}
Response
{
"data": {
"site": {
"removeSecondaryAzureVSocket": {
"secondaryAzureVSocket": {
"site": {"id": "366082", "name": "azure"},
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
}
}
}
removeSite
Response
Returns a RemoveSitePayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
Example
Query
mutation removeSite($accountId:ID!, $siteId:ID!){
site(accountId:$accountId) {
removeSite(siteId:$siteId) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"site": {"removeSite": {"siteId": "456"}}}}
removeSiteBwLicense
Beta
Description
Remove a license from a site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns a RemoveSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - RemoveSiteBwLicenseInput!
|
Example
Query
mutation removeSiteBwLicense($accountId: ID!,$input: RemoveSiteBwLicenseInput!) {
sites(accountId: $accountId) {
removeSiteBwLicense(input: $input) {
license {
__typename
id
status
plan
sku
... on SiteLicense {
siteLicenseType
siteLicenseGroup
site {
id
}
total
}
}
}
}
}
Variables
{
"accountId": "228967",
"input": {
"site": {"input": "453087"},
"licenseId": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d"
}
}
Response
{
"data": {
"sites": {
"removeSiteBwLicense": {
"license": {
"__typename": "SiteLicense",
"id": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d",
"status": "ACTIVE",
"plan": "COMMERCIAL",
"sku": "CATO_SITE",
"siteLicenseType": "SASE",
"siteLicenseGroup": "GROUP_1",
"site": null,
"total": 1000
}
}
}
}
}
removeSocketAddOnCard
Beta
Response
Returns a RemoveSocketAddOnCardPayload
Arguments
| Name | Description |
|---|---|
input - RemoveSocketAddOnCardInput!
|
Example
Query
mutation removeSocketAddOnCard($accountId: ID!, $input: RemoveSocketAddOnCardInput!) {
sites(accountId: $accountId) {
removeSocketAddOnCard(input: $input) {
...RemoveSocketAddOnCardData
__typename
}
__typename
}
}
fragment RemoveSocketAddOnCardData on RemoveSocketAddOnCardPayload {
addOns {
expansionSlotNumber
type
__typename
}
__typename
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "456", "by": "ID"},
"expansionSlotNumbers": ["SLOT_2"]
}
}
Response
{
"data": {
"sites": {
"removeSocketAddOnCard": {
"addOns": [
{
"expansionSlotNumber": "SLOT_2",
"type": "FOUR_10G_FIBER",
"__typename": "SocketAddOnCard"
}
],
"__typename": "RemoveSocketAddOnCardPayload"
},
"__typename": "SiteMutations"
}
}
}
removeStaticHost
Response
Returns a RemoveStaticHostPayload
Arguments
| Name | Description |
|---|---|
hostId - ID!
|
Example
Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
site(accountId:$accountId){
removeStaticHost(hostId:$hostId){
hostId
}
}
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"site": {"removeStaticHost": {"hostId": "789"}}}}
replaceSiteBwLicense
Beta
Description
Replace an existing license of a site. This API is used to make sure the site will always have a license to avoid traffic drop for sites without licenses. // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns a ReplaceSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - ReplaceSiteBwLicenseInput!
|
Example
Query
mutation replaceSiteBwLicense($accountId: ID!,$input: ReplaceSiteBwLicenseInput!) {
sites(accountId: $accountId) {
replaceSiteBwLicense(input: $input) {
license {
__typename
id,
sku,
... on SiteLicense {
site {
id
}
total
}
}
}
}
}
Variables
{
"accountId": "228967",
"input": {
"site": {"input": "453087"},
"licenseIdToAdd": "7fe1aca1-59c3-4b6b-bc8c-d2850867e073",
"licenseIdToRemove": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d"
}
}
Response
{
"data": {
"sites": {
"replaceSiteBwLicense": {
"license": {
"__typename": "SiteLicense",
"id": "7fe1aca1-59c3-4b6b-bc8c-d2850867e073",
"sku": "CATO_SITE",
"site": {"id": "453087"},
"total": 1000
}
}
}
}
}
Description
Requests an upgrade for multiple sites to specific versions. Returns the result of the request.
Response
Returns a StartSiteUpgradePayload
Arguments
| Name | Description |
|---|---|
input - StartSiteUpgradeInput!
|
Example
Query
mutation SiteMutation($accountId: ID!, $input: StartSiteUpgradeInput!) {
sites(accountId: $accountId) {
startSiteUpgrade(input: $input) {
results {
site {
id
name
}
targetVersion
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"upgrades": [
{
"site": {"input": "site-name", "by": "NAME"},
"targetVersion": "23.0.19481"
}
]
}
}
Response
{
"data": {
"sites": {
"startSiteUpgrade": {
"results": [
{
"site": {"id": "456", "name": "site-name"},
"targetVersion": "23.0.19481"
}
]
}
}
}
}
updateBgpPeer
Beta
Description
Updates an existing BGP peer configuration.
Response
Returns an UpdateBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - UpdateBgpPeerInput!
|
Example
Query
mutation updateBgpPeer($accountId: ID!, $input: UpdateBgpPeerInput!) {
site(accountId: $accountId) {
updateBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"tracking": {
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
Response
{
"data": {
"site": {
"updateBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3832",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1691",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
updateCloudInterconnectPhysicalConnection
Beta
Description
Update an existing physical connection at a cloud interconnect site.
Response
Arguments
| Name | Description |
|---|---|
input - UpdateCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation updateCloudInterconnectPhysicalConnection($accountId: ID!, $input: UpdateCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
updateCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {
"id": "NDAwOTU3LVBSSU1BUlk=",
"popLocation": {"input": "10005", "by": "ID"},
"serviceProviderName": "QnQPort",
"encapsulationMethod": "QINQ",
"subnet": "186.0.2.0/24",
"privateCatoIp": "186.0.2.19",
"privateSiteIp": "186.0.2.20",
"upstreamBwLimit": "30",
"downstreamBwLimit": "10"
}
}
Response
{
"data": {
"site": {
"updateCloudInterconnectPhysicalConnection": {
"id": "NDAwOTU3LVBSSU1BUlk="
}
}
}
}
updateHa
Response
Returns an UpdateHaPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateHaInput!
|
Example
Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
site(accountId:$accountId){
updateHa(siteId:$siteId, input:$input){
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primaryManagementIp": "123.0.0.231",
"secondaryManagementIp": "123.0.0.232",
"vrid": 123
}
}
Response
{"data": {"site": {"updateHa": {"siteId": "456"}}}}
updateIpsecIkeV2SiteGeneralDetails
Beta
Response
Returns an UpdateIpsecIkeV2SiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
site(accountId: $accountId) {
updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"connectionMode": "RESPONDER_ONLY",
"identificationType": "FQDN",
"initMessage": {
"cipher": "AUTOMATIC",
"dhGroup": "DH_15_MODP3072",
"integrity": "SHA256",
"prf": "SHA256"
},
"authMessage": {
"cipher": "AES_GCM_256",
"dhGroup": "DH_16_MODP4096",
"integrity": "AUTOMATIC"
},
"networkRanges": "Service1:100.100.100.0/24"
}
}
Response
{"data": {"site": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}
updateIpsecIkeV2SiteTunnels
Beta
Response
Returns an UpdateIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"tunnelId": "PRIMARY1",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"tunnelId": "SECONDARY1",
"publicSiteIp": "20.20.20.2",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"site": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
updateNetworkRange
Response
Returns an UpdateNetworkRangePayload
Arguments
| Name | Description |
|---|---|
networkRangeId - ID!
|
|
input - UpdateNetworkRangeInput!
|
Example
Query
mutation updateNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
$input:UpdateNetworkRangeInput!
) {
site(accountId:$accountId){
updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"site": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
updateSecondaryAwsVSocket
Beta
Description
Update the secondary AWS vSocket from in an existing site
Response
Returns an UpdateSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSecondaryAwsVSocketInput!
|
Example
Query
mutation updateSecondaryAwsVSocket($accountId:ID!, $input:UpdateSecondaryAwsVSocketInput!){
site(accountId:$accountId) {
updateSecondaryAwsVSocket(input:$input) {
secondaryAwsVSocket {
site {
id
name
}
id
ipAddress
subnet
routeTableId
}
}
}
}
Variables
{
"accountId": "143762",
"input": {
"id": "631159",
"ipAddress": "55.45.45.76",
"routeTableId": "888",
"subnet": "55.45.45.0/24"
}
}
Response
{
"data": {
"site": {
"updateSecondaryAwsVSocket": {
"secondaryAwsVSocket": {
"site": {"id": 400376, "name": "aws"},
"id": "631159",
"ipAddress": "55.45.45.76",
"subnet": "55.45.45.0/24",
"routeTableId": "888"
}
}
}
}
}
updateSecondaryAzureVSocket
Beta
Description
Update the secondary Azure vSocket in an existing site
Response
Returns an UpdateSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSecondaryAzureVSocketInput!
|
Example
Query
mutation updateSecondaryAzureVSocket($accountId:ID!, $input:UpdateSecondaryAzureVSocketInput!){
site(accountId:$accountId) {
updateSecondaryAzureVSocket(input:$input) {
secondaryAzureVSocket {
site {
id
name
}
id
interfaceIp
floatingIp
}
}
}
}
Variables
{
"accountId": "5018",
"input": {
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
Response
{
"data": {
"site": {
"updateSecondaryAzureVSocket": {
"secondaryAzureVSocket": {
"site": {"id": "366082", "name": "azure"},
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
}
}
}
updateSiteBwLicense
Beta
Description
Update the bandwidth allocation of an assigned pool license of an existing site (does not apply for site license allocation) // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns an UpdateSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - UpdateSiteBwLicenseInput!
|
Example
Query
mutation updateSiteBwLicense($accountId: ID!,$input: UpdateSiteBwLicenseInput!) {
sites(accountId: $accountId) {
updateSiteBwLicense(input: $input) {
license {
__typename
id
status
plan
sku
... on PooledBandwidthLicense {
siteLicenseType
siteLicenseGroup
total
sites {
allocatedBandwidth
site {
id
name
}
}
}
}
}
}
}
Variables
{
"accountId": "200113",
"input": {
"site": {"input": "453090"},
"licenseId": "4f494671-d345-4784-86a9-ac617c935391",
"bw": 60
}
}
Response
{
"data": {
"sites": {
"updateSiteBwLicense": {
"license": {
"__typename": "PooledBandwidthLicense",
"id": "4f494671-d345-4784-86a9-ac617c935391",
"status": "ACTIVE",
"plan": "COMMERCIAL",
"sku": "CATO_PB",
"siteLicenseType": "SASE",
"siteLicenseGroup": "GROUP_2",
"total": 1000,
"sites": [
{"allocatedBandwidth": 60, "site": {"id": "453090", "name": "HQ"}}
]
}
}
}
}
}
updateSiteGeneralDetails
Response
Returns an UpdateSiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateSiteGeneralDetailsInput!
|
Example
Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
sites(accountId: $accountId){
updateSiteGeneralDetails(siteId:$siteId, input:$input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"sites": {"updateSiteGeneralDetails": {"siteId": "456"}}}}
updateSocketInterface
Response
Returns an UpdateSocketInterfacePayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
|
input - UpdateSocketInterfaceInput!
|
Example
Query
mutation updateSocketInterface(
$accountId:ID!,
$siteId: ID!,
$socketInterfaceId: SocketInterfaceIDEnum!,
$input:UpdateSocketInterfaceInput!
) {
site(accountId:$accountId){
updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
siteId
socketInterfaceId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"socketInterfaceId": "INT_1",
"input": {
"destType": "CATO",
"bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
}
}
Response
{
"data": {
"site": {
"updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
}
}
}
updateStaticHost
Response
Returns an UpdateStaticHostPayload
Arguments
| Name | Description |
|---|---|
hostId - ID!
|
|
input - UpdateStaticHostInput!
|
Example
Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
site(accountId:$accountId){
updateStaticHost(hostId:$hostId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"hostId": "789",
"input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"site": {"updateStaticHost": {"hostId": "789"}}}}
SocketLanPolicyMutations
addRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanAddRuleInput!
|
Example
Query
mutation socketLanAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
addRule(input: {
rule: {
name: "My LAN Network Rule Name",
description: "Network Rule Description",
enabled: true,
site: {
site: [],
group: []
},
source: {
vlan: [2],
ip: ["192.0.0.1"]
},
direction: TO,
destination: {},
service: {
simple: [
{
name: FTP
}
],
custom: []
},
nat: {
enabled: false
},
transport: LAN
},
at: {
position: FIRST_IN_POLICY
}
}) {
rule {
rule {
id
name
description
enabled
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"addRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"name": "My LAN Network Rule Name",
"description": "Network Rule Description",
"enabled": true,
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation socketLanAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"addSection": {
"section": {
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateSocketLanRevision($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
createPolicyRevision(input: {
name: "Socket LAN Test Revision",
description: "Testing working with multiple LAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple LAN firewall revisions",
"name": "Socket LAN Test Revision",
"id": "0fa5ab9f-1df2-4fc6-9a4a-1305627f750f",
"createdTime": "2025-02-24T22:05:04.861",
"updatedTime": "2025-02-24T22:05:04.861"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation socketLanDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"socketLan": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation socketLanMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
moveRule(input: {
id: "dc4045a0-d9d2-43e6-b025-474150600465",
to: {
position: FIRST_IN_POLICY
}
}) {
rule {
rule {
id
section {
id
name
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"moveRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation socketLanAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
moveSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa"
to: {
position: LAST_IN_POLICY
}
}) {
section {
properties
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"moveSection": {
"section": {
"properties": ["MOVED"],
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation socketLanPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
publishPolicyRevision(input: {}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"publishPolicyRevision": {"errors": [], "status": "SUCCESS"}
}
}
}
}
removeRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanRemoveRuleInput!
|
Example
Query
mutation socketLanRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
removeRule(input: {
id: "dc4045a0-d9d2-43e6-b025-474150600465"
}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"socketLan": {"removeRule": {"errors": [], "status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation socketLanRemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
removeSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa"
}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {"removeSection": {"errors": [], "status": "SUCCESS"}}
}
}
}
updatePolicy
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanPolicyUpdateInput!
|
Example
Query
mutation UpdateSocketLanPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanUpdateRuleInput!
|
Example
Query
mutation socketLanUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updateRule(input: {
rule: {
name: "LAN Network Rule Name",
description: "LAN Network Rule Description",
enabled: true,
site: {
site: [],
group: []
},
source: {
vlan: [2],
},
direction: BOTH,
destination: {},
service: {
simple: [],
custom: []
},
nat: {
enabled: false
},
transport: LAN
},
id: "dc4045a0-d9d2-43e6-b025-474150600465"
}
) {
rule {
rule {
id
name
description
enabled
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updateRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"name": "LAN Network Rule Name",
"description": "LAN Network Rule Description",
"enabled": true,
"direction": "BOTH"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation socketLanUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updateSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
section: {
name: "My new section name"
}
}) {
section {
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updateSection": {
"section": {
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
SocketLanFirewallPolicyMutations
addRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallAddRuleInput!
|
Example
Query
mutation socketLanFirewallAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
addRule(input: {
rule: {
name: "My Firewall Sub Rule",
description: "My firewall sub rule",
enabled: true,
source: {},
direction: TO,
destination: {},
application: {},
service: {
simple: [
{
name: FTP
}
],
standard: [],
custom: []
},
action: BLOCK,
tracking: {
event: {
enabled: false
},
alert: {
enabled: false,
frequency: HOURLY,
mailingList: [],
subscriptionGroup: [],
webhook: []
}
}
},
at: {
position: LAST_IN_RULE,
ref: "dc4045a0-d9d2-43e6-b025-474150600465"
}
}) {
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"addRule": {
"rule": {
"rule": {
"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
"name": "My Firewall Sub Rule",
"description": "My firewall sub rule",
"enabled": true,
"source": {"ip": [], "subnet": []},
"destination": {"ip": [], "subnet": []},
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
moveRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSubRuleInput!
|
Example
Query
mutation socketLanFirewallMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
moveRule(input: {
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
to: {
position: FIRST_IN_RULE,
ref: "dc4045a0-d9d2-43e6-b025-474150600465"
}
}
) {
rule {
rule {
id
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"moveRule": {
"rule": {"rule": {"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb"}},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
removeRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallRemoveRuleInput!
|
Example
Query
mutation socketLanFirewallRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
removeRule(input: {
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb"
}
) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {"removeRule": {"errors": [], "status": "SUCCESS"}}
}
}
}
}
updateRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallUpdateRuleInput!
|
Example
Query
mutation socketLanFirewallUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
updateRule(input: {
rule: {
name: "Socket LAN Firewall Sub Rule 5",
description: "",
enabled: true,
source: {
vlan: [],
mac: [],
ipRange: [],
group: [],
subnet: [],
site: [],
networkInterface: [],
systemGroup: [],
host: [],
ip: [],
globalIpRange: [],
floatingSubnet: [],
siteNetworkSubnet: []
},
direction: TO,
destination: {
vlan: [],
ipRange: [],
subnet: [],
site: [],
networkInterface: [],
systemGroup: [],
host: [],
ip: [],
globalIpRange: [],
group: [],
floatingSubnet: [],
siteNetworkSubnet: []
},
application: {
application: [],
customApp: [],
fqdn: [],
domain: [],
ipRange: [],
ip: [],
subnet: [],
globalIpRange: []
},
service: {
simple: [],
standard: [],
custom: []
},
action: BLOCK,
tracking: {
event: {
enabled: false
},
alert: {
enabled: false,
frequency: HOURLY,
mailingList: [],
subscriptionGroup: [],
webhook: []
}
}
},
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb"
}) {
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"updateRule": {
"rule": {
"rule": {
"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
"name": "Socket LAN Firewall Sub Rule 5",
"description": "",
"enabled": true,
"source": {"ip": [], "subnet": []},
"destination": {"ip": [], "subnet": []},
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
SplitTunnelPolicyMutations
addRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
addRule(input: {
at: { position: LAST_IN_POLICY }
rule: {
enabled: true
name: "Second Example Rule"
description: "Second Example Description"
action: EXCLUDE
source: { }
platform: [WINDOWS]
country: []
destination: {
application: [{ by: ID, input: "googleApps" }]
}
sourceNetwork: { sourceNetworkType: ANY }
coverage: ALL
dnsExclusion: { domain: ["example.com"] }
routingPriority: TUNNEL
}
}) {
status
errors { errorCode errorMessage }
rule {
rule {
id
name
description
enabled
action
platform
country { id }
destination { application { id } }
sourceNetwork { sourceNetworkType }
coverage
dnsExclusion { domain }
routingPriority
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"rule": {
"id": "96f3efbc-1e5f-4bdc-93bd-c4777b70dc9b",
"name": "Second Example Rule",
"description": "Second Example Description",
"enabled": true,
"action": "EXCLUDE",
"platform": ["WINDOWS"],
"country": [],
"destination": {"application": [{"id": "googleApps"}]},
"sourceNetwork": {"sourceNetworkType": "ANY"},
"coverage": "ALL",
"dnsExclusion": {"domain": ["example.com"]},
"routingPriority": "TUNNEL"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"splitTunnel": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Revision Description Example",
"name": "Revision Name Example",
"id": "b901ec37-b5fb-475e-897c-13bc9a499dd1",
"createdTime": "2025-11-05T12:51:32.142",
"updatedTime": "2025-11-05T12:51:32.142"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation SplitTunnelDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"splitTunnel": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
moveRule(input: { id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3" to: { position: FIRST_IN_POLICY } }) {
status
rule { rule { index id } }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "b0bda711-b998-4c6d-9939-e0730d3d2ba3"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
splitTunnel {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"splitTunnel": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
publishPolicyRevision(input: { name: "IT Group SDP Users Split Tunnel Example" description: "Publish Split Tunnel policy revision Example" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"splitTunnel": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
removeRule(input: { id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"splitTunnel": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"splitTunnel": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
updatePolicy(input: { state: DISABLED }) {
status
policy { enabled }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
updateRule(input: {
id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3"
rule: {
name: "Updated Rule Name Example"
action: INCLUDE
}
}) {
status
rule {
rule {
id
name
description
enabled
action
platform
destination { application { id } }
routingPriority
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {"updateRule": {"status": "FAILURE", "rule": null}}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
updateSection(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"splitTunnel": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "New section"
}
}
}
}
}
}
}
TerminalServerPolicyMutations
addRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example description"
allowedHostIP: {
by: NAME
input: "12.22.18.0/24"
}
}
})
{
status
rule {
rule {
id
name
description
enabled
allowedHostIP {
id
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"allowedHostIP": {"id": "1927110"}
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "ce815213-ec04-435a-8bf9-3ef5ada025e6",
"createdTime": "2024-09-25T14:31:07.605",
"updatedTime": "2024-09-25T14:31:07.605"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
moveRule(input: {
id: "3c345055-4f14-48dc-ab8c-5b5db9d778fc"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
terminalServer {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
terminalServer {
publishPolicyRevision(input: {
name: "Terminal Server Example"
description : "Terminal Server Example"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
terminalServer {
removeRule(input: {
id: "60ba1383-04ce-4a1f-8c61-5e5a3c2eabb1"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"terminalServer": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"terminalServer": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
updateRule(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
rule: {
name: "Updated Rule Name Example"
}
}) {
status
rule {
rule {
id
name
description
enabled
allowedHostIP {
id
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "Updated rule name",
"description": "Example description",
"enabled": true,
"allowedHostIP": {"id": "1927110"}
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
updateSection(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "New section"
}
}
}
}
}
}
}
TlsInspectPolicyMutations
addRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectAddRuleInput!
|
Example
Query
mutation AddTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
addRule(input: {
rule: {
enabled: true,
name: "TLS Example Rule",
description: "TLS Example description",
source: {
ip: ["192.0.2.1", "198.51.100.1"],
subnet: ["10.0.0.0/24"]
},
application: {
ip: ["203.0.113.1"],
domain: ["example.com"]
},
action: INSPECT,
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
"name": "TLS Example Rule",
"description": "TLS Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "INSPECT"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddTlsInspectSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"addSection": {
"section": {
"section": {
"id": "71bfef26-ad7b-460b-b793-dae1fd94b5da",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateTlsInspectRevision($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
createPolicyRevision(input: {
name: "TLS Test Revision",
description: "Testing working with multiple TLS Inspection revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple TLS Inspection revisions",
"name": "TLS Test Revision",
"id": "77df1551-8b46-4530-8f1c-68dfe7b003df",
"createdTime": "2025-09-14T10:09:12.120",
"updatedTime": "2025-09-14T10:09:12.120"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardTlsInspectPolicy($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"tlsInspect": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
moveRule(input: {
id: "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
"section": {
"id": "cab89258-646c-4ce8-8a91-9f13108d1e73",
"name": "updated TLS section name"
}
}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
moveSection(input: {
id: "71bfef26-ad7b-460b-b793-dae1fd94b5da"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "71bfef26-ad7b-460b-b793-dae1fd94b5da",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishTlsInspectPolicy($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update access rules for remote offices"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"tlsInspect": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectRemoveRuleInput!
|
Example
Query
mutation RemoveTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
removeRule(input: {
id: "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"tlsInspect": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveTlsInspectSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
removeSection(input: {
id: "71bfef26-ad7b-460b-b793-dae1fd94b5da"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"tlsInspect": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectPolicyUpdateInput!
|
Example
Query
mutation UpdateTlsInspectPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectUpdateRuleInput!
|
Example
Query
mutation UpdateTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
updateRule(input: {
id: "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
rule: {
enabled: true,
name: "Updated Tls Inspect Rule",
description: "Updated Tls Inspect description",
source: {
ip: ["192.0.2.2"]
},
action: INSPECT
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {"updateRule": {"status": "FAILURE", "rule": null}}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateTlsInspectSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
updateSection(input: {
id: "71bfef26-ad7b-460b-b793-dae1fd94b5da",
section: {
name: "updated TLS section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {"updateSection": {"status": "FAILURE", "section": null}}
}
}
}
WanFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallAddRuleInput!
|
Example
Query
mutation AddWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addRule(input: {
rule: {
enabled: true,
name: "WAN Example Rule",
description: "WAN Example description",
source: {
ip: ["192.0.2.1", "198.51.100.1"],
subnet: ["10.0.0.0/24"]
},
destination: {
ip: ["203.0.113.1"],
subnet: ["172.16.0.0/24"]
},
action: BLOCK,
direction: TO
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "WAN Example Rule",
"description": "WAN Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/24"]
},
"action": "BLOCK",
"direction": "TO"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addSection": {
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
addSubPolicy
Beta
Description
Add a new sub-policy to the Wan Firewall policy.
Response
Returns a WanFirewallAddSubPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallAddSubPolicyInput!
|
Example
Query
mutation AddSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addSubPolicy(input: {
scope: {
enabled: true
name: "Sub-policy 1"
description: "Example sub policy"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
},
direction: BOTH
},
at: {
position: LAST_IN_POLICY
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanFirewallRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
createPolicyRevision(input: {
name: "WAN Test Revision",
description: "Testing working with multiple WAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN firewall revisions",
"name": "WAN Test Revision",
"id": "6a496eda-b7c1-455e-820e-e839a0dcd2c0",
"createdTime": "2024-09-10T09:21:37.208",
"updatedTime": "2024-09-10T09:21:37.208"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"section": {"id": "363808", "name": "Example Wan Section"}
}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# PublishWanFirewallPolicy.graphql
mutation PublishWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update access rules for remote offices"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Description
Remove an existing rule from the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeSection": {"status": "SUCCESS"}}}}}
removeSubPolicy
Beta
Description
Remove an existing sub-policy from the Wan Firewall policy.
Response
Arguments
| Name | Description |
|---|---|
input - WanFirewallRemoveSubPolicyInput!
|
Example
Query
mutation RemoveSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeSubPolicy(input: {
ref: {
input: "5b1716a1-95c1-4206-9ffd-a53e34307bb9"
by: ID
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"removeSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdateWanFirewallPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
rule: {
enabled: true,
name: "Updated WAN Rule",
description: "Updated WAN description",
source: {
ip: ["192.0.2.2"]
},
destination: {
subnet: ["172.16.0.0/16"]
},
action: ALLOW,
direction: BOTH
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "Updated WAN Rule",
"description": "Updated WAN description",
"enabled": true,
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/16"]
},
"action": "ALLOW",
"direction": "BOTH"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781",
section: {
name: "updated WAN section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
WanNetworkPolicyMutations
addRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkAddRuleInput!
|
Example
Query
mutation wanNetworkAddRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
addRule(input: {
rule: {
enabled: true,
name: "my WAN network rule",
description: "my WAN network rule description example",
bandwidthPriority: {
input: "-1",
by: ID
},
ruleType: INTERNET,
configuration: {
primaryTransport: {
transportType: WAN,
primaryInterfaceRole: WAN1,
secondaryInterfaceRole: WAN2
},
activeTcpAcceleration: true,
packetLossMitigation: false,
preserveSourcePort: false
}
},
at: {
position: LAST_IN_POLICY
}
}) {
rule {
rule {
id
enabled
name
description
bandwidthPriority {
id
}
ruleType
configuration {
primaryTransport {
transportType
primaryInterfaceRole
secondaryInterfaceRole
}
activeTcpAcceleration
packetLossMitigation
preserveSourcePort
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"addRule": {
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"enabled": true,
"name": "my WAN network rule",
"description": "my WAN network rule description example",
"bandwidthPriority": {"id": "-1"},
"ruleType": "INTERNET",
"configuration": {
"primaryTransport": {
"transportType": "WAN",
"primaryInterfaceRole": "WAN1",
"secondaryInterfaceRole": "WAN2"
},
"activeTcpAcceleration": true,
"packetLossMitigation": false,
"preserveSourcePort": false
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation wanNetworkAddSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"addSection": {
"section": {
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanNetworkRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
createPolicyRevision(input: {
name: "WAN network Test Revision",
description: "Testing working with multiple WAN network revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN network revisions",
"name": "WAN network Test Revision",
"id": "fa62d870-ccc6-45e1-af66-bf78c29bee68",
"createdTime": "2025-03-03T08:58:52.707",
"updatedTime": "2025-03-03T08:58:52.707"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanNetworkPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanNetwork": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation wanNetworkMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
moveRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"section": {
"id": "52bd561b-2877-4941-a3d0-5c7219e8e7b7",
"name": "Wan network example section"
}
}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation wanNetworkMoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
moveSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# wanNetworkPublishPolicy.graphql
mutation wanNetworkPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update network rules"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanNetwork": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkRemoveRuleInput!
|
Example
Query
mutation wanNetworkRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
removeRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanNetwork": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation wanNetworkDeleteSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
removeSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanNetwork": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkPolicyUpdateInput!
|
Example
Query
mutation UpdateWanNetworkPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkUpdateRuleInput!
|
Example
Query
mutation wanNetworkUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updateRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237",
rule: {
enabled: true,
name: "Update my WAN network rule example",
description: "Updated my WAN network rule description example",
bandwidthPriority: {
input: "1436786",
by: ID
},
ruleType: INTERNET,
configuration: {
primaryTransport: {
transportType: WAN,
primaryInterfaceRole: WAN1,
secondaryInterfaceRole: WAN2
},
activeTcpAcceleration: true,
packetLossMitigation: false,
preserveSourcePort: false
}
}
}) {
rule {
rule {
id
enabled
name
description
bandwidthPriority {
id
}
ruleType
configuration {
primaryTransport {
transportType
primaryInterfaceRole
secondaryInterfaceRole
}
activeTcpAcceleration
packetLossMitigation
preserveSourcePort
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updateRule": {
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"enabled": true,
"name": "Update my WAN network rule example",
"description": "Updated my WAN network rule description example",
"bandwidthPriority": {"id": "1436786"},
"ruleType": "INTERNET",
"configuration": {
"primaryTransport": {
"transportType": "WAN",
"primaryInterfaceRole": "WAN1",
"secondaryInterfaceRole": "WAN2"
},
"activeTcpAcceleration": true,
"packetLossMitigation": false,
"preserveSourcePort": false
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation wanNetworkUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updateSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3",
section: {
name: "updated WAN network section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
}
}
}
}
}
}
XdrMutations
addStoryComment
Beta
Description
Post comments that help track the story investigation
Response
Returns an AddStoryCommentPayload
Arguments
| Name | Description |
|---|---|
input - AddStoryCommentInput!
|
Example
Query
mutation addStoryComment(
$accountId: ID!,
$input: AddStoryCommentInput!) {
xdr(accountId: $accountId) {
addStoryComment(
input: $input) {
comment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {"storyId": "012345678901234567890123", "text": "This is a comment"}
}
Response
{
"data": {
"xdr": {
"addStoryComment": {
"comment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-01-01T00:00:00Z",
"text": "This is a comment",
"actor": {"id": 1, "name": "Actor1", "__typename": "AdminRef"}
}
}
}
}
}
analystFeedback
Beta
Description
Manage Story Actions, such as the story Verdict, Type, and Classification. You can also enter Additional Info that is relevant to the story.
Response
Returns an AnalystFeedbackPayload
Arguments
| Name | Description |
|---|---|
input - AnalystFeedbackInput!
|
Example
Query
mutation analystFeedback(
$accountId: ID!,
$input: AnalystFeedbackInput!) {
xdr(accountId: $accountId) {
analystFeedback(
input: $input) {
story {
id
accountId
analystName
analystEmail
accountName
updatedAt
createdAt
summary
incident {
id
firstSignal
lastSignal
engineType
vendor
producer
producerName
connectionType
indication
queryName
criticality
source
ticket
status
research
storyDuration
description
sourceIp
analystFeedback {
verdict
severity
threatType {
name
recommendedAction
details
}
threatClassification
additionalInfo
}
site {
id
name
}
user {
id
name
}
predictedVerdict
predictedThreatType
}
timeline {
createdAt
description
context
type
descriptions
category
additionalInfo
analystInfo {
name
email
}
}
playbook
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"verdict": "Suspicious",
"severity": "High",
"threatType": {
"name": "threatTypeName",
"recommendedAction": "recommendedAction",
"details": "details"
},
"threatClassification": "threatClassification",
"additionalInfo": "additionalInfo",
"status": "Open"
}
}
Response
{
"data": {
"xdr": {
"analystFeedback": {
"id": "012345678901234567890123",
"accountId": "123",
"analystName": "analystName",
"analystEmail": "analyst@email.com",
"accountName": "accountName",
"updatedAt": "2024-02-29T09:00:00Z",
"createdAt": "2024-02-29T09:00:00Z",
"playbook": null,
"summary": "summary",
"incident": {
"__typename": "Threat",
"id": "id",
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T09:00:00Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyStats",
"producerName": "producerName",
"connectionType": "Site",
"indication": "indication",
"queryName": "queryName",
"criticality": 1,
"source": "source",
"ticket": null,
"status": "Open",
"research": false,
"siteName": "siteName",
"storyDuration": 1000,
"description": "description",
"sourceIp": "1.2.3.4",
"analystFeedback": {
"verdict": "Suspicious",
"severity": "High",
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null
},
"threatClassification": null,
"additionalInfo": null
},
"site": {"id": "id", "name": "name"},
"user": {"id": "id", "name": "name"},
"predictedVerdict": null,
"predictedThreatType": null
},
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"description": "description",
"context": "Story created",
"type": "Diff",
"descriptions": [],
"category": null,
"additionalInfo": null,
"analystInfo": {"name": "name", "email": "email@email.com"}
}
]
}
}
}
}
deleteStoryComment
Beta
Description
Delete a previously posted comment using the comment ID.
Response
Returns a DeleteStoryCommentPayload
Arguments
| Name | Description |
|---|---|
input - DeleteStoryCommentInput!
|
Example
Query
mutation deleteStoryComment(
$accountId: ID!,
$input: DeleteStoryCommentInput!) {
xdr(accountId: $accountId) {
deleteStoryComment(
input: $input) {
comment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"commentId": "01234567-0123-0123-0123-012345678901"
}
}
Response
{
"data": {
"xdr": {
"deleteStoryComment": {
"comment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-01-01T00:00:00Z",
"text": "This is a comment",
"actor": {"id": 1, "name": "Actor1", "__typename": "AdminRef"}
}
}
}
}
}
ZtnaAlwaysOnPolicyMutations
addRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
addRule(input: {
at: { position: LAST_IN_POLICY }
rule: {
enabled: true
name: "Rule Example "
description: "Description Example"
action: ENFORCE
platform: [WINDOWS]
bypassDuration: { time: 15, unit: MINUTES }
antiTamperMode: OFF
allowUserBypass: false
allowFailOpen: true
}
}) {
status
errors { errorCode errorMessage }
rule {
rule {
id
name
description
enabled
action
platform
bypassDuration { time unit }
antiTamperMode
allowUserBypass
allowFailOpen
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"rule": {
"id": "dc86486d-1377-4b51-b38f-7911da8f962c",
"name": "Rule Example ",
"description": "Description Example",
"enabled": true,
"action": "ENFORCE",
"platform": ["WINDOWS"],
"bypassDuration": {"time": 15, "unit": "MINUTES"},
"antiTamperMode": "OFF",
"allowUserBypass": false,
"allowFailOpen": true
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Revision Description Example",
"name": "Revision Name Example",
"id": "89914c1d-3fe5-4398-9488-8373ca619411",
"createdTime": "2025-11-09T12:20:21.100",
"updatedTime": "2025-11-09T12:20:21.100"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation ztnaAlwaysOnDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
discardPolicyRevision {
status
errors {
errorCode
errorMessage
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"discardPolicyRevision": {
"status": "FAILURE",
"errors": [
{
"errorCode": "PolicyRevisionNotFound",
"errorMessage": "Revision was not found"
}
]
}
}
}
}
}
moveRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
moveRule(input: { id: "601d474a-9843-4511-8c65-cc3885f9e449" to: { position: FIRST_IN_POLICY } }) {
status
rule { rule { index id } }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "601d474a-9843-4511-8c65-cc3885f9e449"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
publishPolicyRevision(input: { name: "IT Group SDP Users Always On Example" description: "Publish Always On policy revision Example" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"ztnaAlwaysOn": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
removeRule(input: { id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"ztnaAlwaysOn": {"removeRule": {"status": "FAILURE"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"ztnaAlwaysOn": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
updatePolicy(input: { state: DISABLED }) {
status
policy { enabled }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
updateRule(input: {
id: "601d474a-9843-4511-8c65-cc3885f9e449"
rule: {
name: "Updated Rule Name Example"
platform: [MACOS]
}
}) {
status
rule {
rule {
id
name
platform
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "601d474a-9843-4511-8c65-cc3885f9e449",
"name": "Updated Rule Name Example",
"platform": ["MACOS"]
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
updateSection(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "New section"
}
}
}
}
}
}
}
Types
AccessTokenRef
BetaAccountAuditData
AccountDataPayload
AccountFilter
BetaFields
| Input Field | Description |
|---|---|
accountInclusion - AccountInclusion
|
|
in - [ID!]
|
Example
{"accountInclusion": "ALL_ACCOUNTS", "in": [4]}
AccountIdPredicate
BetaAccountInclusion
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALL_ACCOUNTS"
AccountInfo
Fields
| Field Name | Description |
|---|---|
audit - AccountAuditData!
|
Audit data for the account |
description - String
|
User-defined information as defined by an account admin |
id - ID!
|
The ID of the account |
name - String!
|
The name of the account |
plan - AccountPlan
|
The account plan |
status - AccountStatus!
|
The account status |
tenancy - AccountTenancy!
|
The account tenancy e.g. single-tenant / multi-tenant |
timeZone - TimeZone!
|
The time zone of the account. Default: UTC (GMT + 0). |
type - AccountProfileType!
|
The account type e.g. Partner or Customer |
Example
{
"audit": AccountAuditData,
"description": "xyz789",
"id": 4,
"name": "abc123",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"tenancy": "MULTI_TENANT",
"timeZone": "Etc/UTC",
"type": "CUSTOMER"
}
AccountMetrics
Fields
| Field Name | Description |
|---|---|
from - DateTime
|
Starting time |
granularity - Int
|
The size of a single time bucket in seconds |
id - ID
|
Unique Identifier of Account. |
sites - [SiteMetrics!]
|
Site connectivity metrics for the requested sites. |
Arguments
|
|
timeseries - [Timeseries!]
|
|
Arguments
|
|
to - DateTime
|
Ending time |
users - [SiteMetrics!]
|
Connectivity metrics for the requested users connecting remotely with the Client. Doesn’t include user traffic behind a site. |
Arguments
|
|
Example
{
"from": "2007-12-03T10:15:30Z",
"granularity": 987,
"id": 4,
"sites": [SiteMetrics],
"timeseries": [Timeseries],
"to": "2007-12-03T10:15:30Z",
"users": [SiteMetrics]
}
AccountOperationsIncident
Fields
| Field Name | Description |
|---|---|
incidentTimeline - [AccountOperationsTimelineBase!]!
|
|
metadata - [AccountOperationsMetadata!]!
|
|
playbooks - [AiOperationsPlaybook!]!
|
Example
{
"incidentTimeline": [AccountOperationsTimelineBase],
"metadata": [AccountOperationsMetadata],
"playbooks": [AiOperationsPlaybook]
}
AccountOperationsMetadata
Fields
| Field Name | Description |
|---|---|
key - String!
|
|
type - MetadataType!
|
|
value - String!
|
Example
{
"key": "xyz789",
"type": "TXT",
"value": "xyz789"
}
AccountOperationsTimelineBase
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
created - Time!
|
|
validated - Time!
|
|
description - String!
|
|
type - AccountOperationsTimelineType!
|
Possible Types
| AccountOperationsTimelineBase Types |
|---|
Example
{
"id": "4",
"created": "10:15:30Z",
"validated": "10:15:30Z",
"description": "xyz789",
"type": "Action"
}
AccountOperationsTimelineEvent
Fields
| Field Name | Description |
|---|---|
created - Time!
|
|
description - String!
|
|
eventIds - [String!]!
|
|
id - ID!
|
|
muted - Boolean!
|
|
type - AccountOperationsTimelineType!
|
|
validated - Time!
|
Example
{
"created": "10:15:30Z",
"description": "abc123",
"eventIds": ["xyz789"],
"id": 4,
"muted": false,
"type": "Action",
"validated": "10:15:30Z"
}
AccountOperationsTimelineType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"Action"
AccountPlan
Description
enum that shows account license status
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"COMMERCIAL"
AccountProfileType
Description
enum for account type
Values
| Enum Value | Description |
|---|---|
|
|
A customer account |
|
|
A partner account |
Example
"CUSTOMER"
AccountRef
BetaAccountRolesResult
Fields
| Field Name | Description |
|---|---|
items - [RBACRole!]!
|
|
total - Int!
|
Example
{"items": [RBACRole], "total": 987}
AccountSnapshot
Fields
| Field Name | Description |
|---|---|
id - ID
|
Unique Identifier of Account |
sites - [SiteSnapshot!]
|
Sites includes information about online as well as offline sites |
Arguments
|
|
timestamp - DateTime
|
|
users - [UserSnapshot!]
|
VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested |
Arguments
|
|
Example
{
"id": "4",
"sites": [SiteSnapshot],
"timestamp": "2007-12-03T10:15:30Z",
"users": [UserSnapshot]
}
AccountStatus
Description
enum that shows account license status
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
AccountTenancy
Description
enum for account tenancy
Values
| Enum Value | Description |
|---|---|
|
|
Multi tenant account - default for partner accounts |
|
|
Single tenant account - default for customer accounts |
Example
"MULTI_TENANT"
AccountType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALL"
Activity
Possible Types
| Activity Types |
|---|
Example
{
"id": "4",
"resourceId": "4",
"parentResourceId": "4"
}
ActorRef
BetaActorRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
AddAccountInput
Fields
| Input Field | Description |
|---|---|
description - String
|
User-defined information as defined by an account admin |
name - String!
|
The name of the account |
tenancy - AccountTenancy!
|
The account tenancy (single-tenant / multi-tenant) |
timezone - TimeZone!
|
The time zone of the account. Default: UTC (GMT + 0). |
type - AccountProfileType!
|
The account type (Partner / customer) |
Example
{
"description": "abc123",
"name": "abc123",
"tenancy": "MULTI_TENANT",
"timezone": "Etc/UTC",
"type": "CUSTOMER"
}
AddAdminInput
Fields
| Input Field | Description |
|---|---|
adminType - AdminType
|
|
email - String
|
|
firstName - String!
|
|
lastName - String!
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
passwordNeverExpires - Boolean!
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"adminType": "LOGIN",
"email": "xyz789",
"firstName": "abc123",
"lastName": "xyz789",
"managedRoles": [UpdateAdminRoleInput],
"passwordNeverExpires": false,
"resellerRoles": [UpdateAdminRoleInput]
}
AddAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": 4}
AddBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
advertiseAllRoutes - Boolean!
|
Advertise all routes if true. Default |
advertiseDefaultRoute - Boolean!
|
Advertise the default route (0.0.0.0/0) if true. Default |
advertiseSummaryRoutes - Boolean!
|
Advertise summarized routes if true. Default |
bfdEnabled - Boolean!
|
Enable BFD for session failure detection if true. Default |
bfdSettings - BfdSettingsInput
|
Required BFD configuration if BFD is enabled. |
catoAsn - Asn16!
|
The AS number of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction!
|
Default action for routes not matching filters (ACCEPT or DROP). |
defaultActionExclusion - [BgpFilterRuleInput!]!
|
Excluded rules from the default action. Default |
holdTime - Int!
|
Time (in seconds) before declaring the peer unreachable. Default |
keepaliveInterval - Int!
|
Time (in seconds) between keepalive messages. Default |
md5AuthKey - String
|
MD5 authentication key for secure sessions. |
metric - Int!
|
Route preference metric; lower values are given precedence. Default |
name - String!
|
Name of the BGP configuration entity. |
peerAsn - Asn32!
|
The AS number of the peer BGP endpoint. |
peerIp - IPAddress!
|
IP address of the peer BGP endpoint. |
performNat - Boolean!
|
Perform NAT if true. Default |
site - SiteRefInput!
|
Information about the site where the BGP peer is being added. |
summaryRoute - [BgpSummaryRouteInput!]!
|
Summarized routes to advertise. Default |
tracking - BgpTrackingInput
|
Configuration for tracking the health and status of the BGP peer. |
Example
{
"advertiseAllRoutes": true,
"advertiseDefaultRoute": true,
"advertiseSummaryRoutes": true,
"bfdEnabled": true,
"bfdSettings": BfdSettingsInput,
"catoAsn": Asn16,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRuleInput],
"holdTime": 987,
"keepaliveInterval": 123,
"md5AuthKey": "abc123",
"metric": 123,
"name": "abc123",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": false,
"site": SiteRefInput,
"summaryRoute": [BgpSummaryRouteInput],
"tracking": BgpTrackingInput
}
AddBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The BGP peer that was successfully added. |
Example
{"bgpPeer": BgpPeer}
AddCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for adding a new physical connection to a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
downstreamBwLimit - NetworkBandwidth!
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod!
|
Method of encapsulation.Wither .1Q/QinQ |
haRole - HaRole!
|
High availability role of the connection. |
popLocation - PopLocationRefInput!
|
Identifying data for the POP location. |
privateCatoIp - IPAddress!
|
Private IP address of Cato. |
privateSiteIp - IPAddress!
|
Private IP address of the site. |
serviceProviderName - String!
|
Name of the service provider. Usually a partner, or a fabric service provider. |
site - SiteRefInput!
|
Identifying data for the site. |
subnet - NetworkSubnet!
|
Subnet for the connection, the BGP peering range. /30 CIDR. |
upstreamBwLimit - NetworkBandwidth!
|
Upstream bandwidth limit. |
Example
{
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"haRole": "PRIMARY",
"popLocation": PopLocationRefInput,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"serviceProviderName": "xyz789",
"site": SiteRefInput,
"subnet": NetworkSubnet,
"upstreamBwLimit": NetworkBandwidth
}
AddCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for adding a new physical connection to a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the newly added connection. |
Example
{"id": 4}
AddCloudInterconnectSiteInput
BetaDescription
Input for adding a new cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
description - String
|
Description of the site. |
name - String!
|
Name of the site. |
siteLocation - AddSiteLocationInput!
|
Location details of the site. |
siteType - SiteType!
|
Type of the site. Default |
Example
{
"description": "abc123",
"name": "abc123",
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH"
}
AddCloudInterconnectSitePayload
BetaDescription
Payload for adding a new cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
ID of the newly added site. |
Example
{"siteId": 4}
AddIpsecIkeV2SiteInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default |
vlan - Vlan
|
VLAN ID for native range |
Example
{
"description": "xyz789",
"name": "xyz789",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"vlan": Vlan
}
AddIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [AddIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [AddIpsecIkeV2SiteTunnelPayload]
}
AddIpsecIkeV2SitePayload
BetaFields
| Field Name | Description |
|---|---|
siteId - ID!
|
The ID of the site |
Example
{"siteId": "4"}
AddIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "abc123",
"tunnelId": "PRIMARY1"
}
AddIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
primary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s primary tunnel |
secondary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s secondary tunnel |
Example
{
"primary": AddIpsecIkeV2TunnelsInput,
"secondary": AddIpsecIkeV2TunnelsInput
}
AddIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the primary tunnel |
secondary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the secondary tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": AddIpsecIkeV2SiteMultiTunnelPayload,
"secondary": AddIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
AddIpsecIkeV2TunnelInput
BetaFields
| Input Field | Description |
|---|---|
lastMileBw - LastMileBwInput
|
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below |
name - String
|
Tunnel name |
privateCatoIp - IPAddress
|
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only |
privateSiteIp - IPAddress
|
Site private IP, used for BGP routing. Applicable for sites using BGP only |
psk - String!
|
Pre-shared key. This field is write-only. |
publicSiteIp - IPAddress
|
The public IP address where the IPsec tunnel is initiated |
role - IPSecV2TunnelRole
|
Tunnel role |
Example
{
"lastMileBw": LastMileBwInput,
"name": "xyz789",
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"psk": "abc123",
"publicSiteIp": IPAddress,
"role": "WAN1"
}
AddIpsecIkeV2TunnelsInput
BetaFields
| Input Field | Description |
|---|---|
destinationType - DestinationType
|
The destination type of the IPsec tunnel |
popLocationId - ID
|
The PoP location ID |
publicCatoIpId - ID
|
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud |
tunnels - [AddIpsecIkeV2TunnelInput!]!
|
Example
{
"destinationType": "FQDN",
"popLocationId": 4,
"publicCatoIpId": "4",
"tunnels": [AddIpsecIkeV2TunnelInput]
}
AddNetworkRangeInput
Fields
| Input Field | Description |
|---|---|
azureFloatingIp - IPAddress
|
Only relevant for AZURE HA sites |
dhcpSettings - NetworkDhcpSettingsInput
|
Only relevant for NATIVE, VLAN rangeType |
gateway - IPAddress
|
Only relevant for ROUTED_ROUTE rangeType |
internetOnly - Boolean
|
|
localIp - IPAddress
|
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType |
mdnsReflector - Boolean
|
BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType |
name - String!
|
|
rangeType - SubnetType!
|
|
subnet - IPSubnet!
|
|
translatedSubnet - IPSubnet
|
|
vlan - Int
|
Only relevant for VLAN network rangeType |
Example
{
"azureFloatingIp": IPAddress,
"dhcpSettings": NetworkDhcpSettingsInput,
"gateway": IPAddress,
"internetOnly": true,
"localIp": IPAddress,
"mdnsReflector": false,
"name": "abc123",
"rangeType": "Direct",
"subnet": IPSubnet,
"translatedSubnet": IPSubnet,
"vlan": 987
}
AddNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": 4}
AddSecondaryAwsVSocketInput
BetaFields
| Input Field | Description |
|---|---|
eniIpAddress - IPAddress!
|
The IP address of LAN interface |
eniIpSubnet - NetworkSubnet!
|
The subnet of the LAN interface |
routeTableId - String!
|
The ID of the LAN route table |
site - SiteRefInput!
|
Information about the site where the secondary AWS VSocket is being added. |
Example
{
"eniIpAddress": IPAddress,
"eniIpSubnet": NetworkSubnet,
"routeTableId": "xyz789",
"site": SiteRefInput
}
AddSecondaryAwsVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The secondary socket id |
Example
{"id": "4"}
AddSecondaryAzureVSocketInput
BetaFields
| Input Field | Description |
|---|---|
floatingIp - IPAddress!
|
The floating IP address |
interfaceIp - IPAddress!
|
The IP address of the interface |
site - SiteRefInput!
|
Information about the site where the secondary Azure VSocket is being added. |
Example
{
"floatingIp": IPAddress,
"interfaceIp": IPAddress,
"site": SiteRefInput
}
AddSecondaryAzureVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The secondary socket id |
Example
{"id": "4"}
AddServicePrincipalAdminInput
Fields
| Input Field | Description |
|---|---|
email - String
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
name - String!
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"email": "abc123",
"managedRoles": [UpdateAdminRoleInput],
"name": "abc123",
"resellerRoles": [UpdateAdminRoleInput]
}
AddServicePrincipalAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
AddSiteLocationInput
Example
{
"address": "abc123",
"city": "xyz789",
"countryCode": "xyz789",
"stateCode": "xyz789",
"timezone": "xyz789"
}
Fields
| Input Field | Description |
|---|---|
addOns - [SocketAddOnCardInput!]!
|
|
site - SiteRefInput!
|
Example
{
"addOns": [SocketAddOnCardInput],
"site": SiteRefInput
}
Fields
| Field Name | Description |
|---|---|
addOns - [SocketAddOnCard!]!
|
Example
{"addOns": [SocketAddOnCard]}
AddSocketSiteInput
Fields
| Input Field | Description |
|---|---|
connectionType - SiteConnectionTypeEnum!
|
|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default |
translatedSubnet - IPSubnet
|
|
vlan - Vlan
|
VLAN ID for native range |
Example
{
"connectionType": "SOCKET_AWS1500",
"description": "abc123",
"name": "abc123",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"translatedSubnet": IPSubnet,
"vlan": Vlan
}
AddSocketSitePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": "4"}
AddStaticHostInput
Fields
| Input Field | Description |
|---|---|
ip - IPAddress!
|
|
macAddress - String
|
|
name - String!
|
Example
{
"ip": IPAddress,
"macAddress": "abc123",
"name": "xyz789"
}
AddStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": 4}
AddStoryCommentInput
BetaAddStoryCommentPayload
BetaFields
| Field Name | Description |
|---|---|
comment - StoryComment!
|
Add a new comment to the XDR story |
Example
{"comment": StoryComment}
AddressInput
BetaExample
{
"cityName": "xyz789",
"companyName": "abc123",
"countryName": "abc123",
"stateName": "abc123",
"street": "xyz789",
"zipCode": "abc123"
}
AddressValidationStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"INVALID"
Admin
Description
A CC2 administrator
Fields
| Field Name | Description |
|---|---|
adminType - AdminType
|
|
allowedItems - [Entity!]
|
|
creationDate - DateTime
|
|
email - String
|
|
firstName - String
|
|
id - ID!
|
|
lastName - String
|
|
managedRoles - [AdminRole!]
|
|
mfaEnabled - Boolean
|
|
modifyDate - DateTime
|
|
nativeAccountID - ID
|
|
passwordNeverExpires - Boolean
|
|
presentUsageAndEvents - Boolean
|
|
resellerRoles - [AdminRole!]
|
|
role - UserRole
|
|
status - OperationalStatus
|
|
version - String!
|
Example
{
"adminType": "LOGIN",
"allowedItems": [Entity],
"creationDate": "2007-12-03T10:15:30Z",
"email": "abc123",
"firstName": "abc123",
"id": 4,
"lastName": "xyz789",
"managedRoles": [AdminRole],
"mfaEnabled": true,
"modifyDate": "2007-12-03T10:15:30Z",
"nativeAccountID": "4",
"passwordNeverExpires": false,
"presentUsageAndEvents": false,
"resellerRoles": [AdminRole],
"role": "EDITOR",
"status": "active",
"version": "xyz789"
}
AdminRef
BetaAdminRole
AdminType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"LOGIN"
AdminsResult
AdvancedStringFilterInput
BetaAggregationType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"any"
AiOperationsIncident
BetaFields
| Field Name | Description |
|---|---|
accountOperationIncident - AccountOperationsIncident
|
|
analystFeedback - AnalystFeedback
|
|
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
eventsGraphQuery - EventsGraphQuery
|
|
firstSignal - DateTime!
|
|
flowLastTime - DateTime!
|
use 'lastSignal' instead |
flowStartTime - DateTime!
|
use 'firstSignal' instead |
id - ID!
|
|
indication - String!
|
|
ioa - String!
|
'ioa' is deprecated, use 'indication' instead |
lastSignal - DateTime!
|
|
occurrences - Int
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
riskScore - Int!
|
'riskScore' is deprecated, use 'criticality' instead |
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
tags - [String!]!
|
|
ticket - String
|
|
type - AiOperationsIncidentTypeEnum
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"accountOperationIncident": AccountOperationsIncident,
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"eventsGraphQuery": EventsGraphQuery,
"firstSignal": "2007-12-03T10:15:30Z",
"flowLastTime": "2007-12-03T10:15:30Z",
"flowStartTime": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "abc123",
"ioa": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"occurrences": 987,
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"queryName": "xyz789",
"research": false,
"riskScore": 123,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "xyz789",
"status": "Closed",
"storyDuration": 987,
"tags": ["xyz789"],
"ticket": "abc123",
"type": "Account",
"user": UserRef,
"vendor": "CATO"
}
AiOperationsIncidentTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
Example
"Account"
AiOperationsPlaybook
AiSecurityAttributes
BetaFields
| Field Name | Description |
|---|---|
dataUsagePolicy - AiSecurityDataUsagePolicy
|
|
risk - AiSecurityRisk
|
|
scope - AiSecurityScope
|
Example
{
"dataUsagePolicy": AiSecurityDataUsagePolicy,
"risk": "CRITICAL",
"scope": "EMBEDDED"
}
AiSecurityDataProfileRef
BetaAiSecurityDataUsagePolicy
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
reference - String
|
|
referenceType - String
|
|
referenceUrl - String
|
|
type - AiSecurityDataUsagePolicyType
|
Example
{
"description": "xyz789",
"reference": "xyz789",
"referenceType": "abc123",
"referenceUrl": "xyz789",
"type": "GENERAL_DATA_USAGE"
}
AiSecurityDataUsagePolicyType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"GENERAL_DATA_USAGE"
AiSecurityGuardRef
BetaAiSecurityRisk
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CRITICAL"
AiSecurityScope
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"EMBEDDED"
AlertClassificationEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"FALSE_POSITIVE"
AlertDeterminationEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"APT"
AllocatedIpRef
BetaAllocatedIpRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
AllowlistRuleRef
BetaAnalystFeedback
BetaFields
| Field Name | Description |
|---|---|
additionalInfo - String
|
|
severity - SeverityEnum
|
|
threatClassification - String
|
|
threatType - AnalystFeedbackThreatType
|
|
verdict - StoryVerdictEnum
|
Example
{
"additionalInfo": "abc123",
"severity": "High",
"threatClassification": "abc123",
"threatType": AnalystFeedbackThreatType,
"verdict": "Benign"
}
AnalystFeedbackInput
BetaFields
| Input Field | Description |
|---|---|
additionalInfo - String
|
Free text for the analyst to enter additional information about the XDR story |
severity - SeverityEnum
|
Enum for analyst to assign the severity of a Malicious XDR story |
status - StoryStatusEnum
|
Enum for the current status of the XDR story. |
storyId - ID!
|
The relevant Story |
threatClassification - String
|
More detailed description of the type of threat. For example, the Anonymizer threatType can be assigned the Bitorrent Client threatClassification. |
threatType - StoryThreatType
|
Type of threat for the XDR story that is assigned by the analyst |
verdict - StoryVerdictEnum
|
Enum for analyst to assign the verdict of the XDR story |
Example
{
"additionalInfo": "xyz789",
"severity": "High",
"status": "Closed",
"storyId": 4,
"threatClassification": "abc123",
"threatType": StoryThreatType,
"verdict": "Benign"
}
AnalystFeedbackPayload
BetaFields
| Field Name | Description |
|---|---|
story - Story
|
Data related to the actions and information that an analyst adds to the XDR story |
Example
{"story": Story}
AnalystFeedbackThreatType
BetaAnalystInfo
BetaAnnotationType
Values
| Enum Value | Description |
|---|---|
|
|
Other events that are included in annotations |
|
|
The site connects to a different PoP |
|
|
The ISP IP address (remote IP) changed |
|
|
Change for HA status role |
Example
"generic"
Anomalies
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
|
firstSignal - DateTime!
|
|
lastSignal - DateTime!
|
|
engineType - StoryEngineTypeEnum
|
|
vendor - VendorEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
connectionType - ConnectionTypeEnum
|
|
indication - String!
|
|
queryName - String
|
|
source - String
|
|
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
storyDuration - Int
|
|
description - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
sourceIp - String
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
categories - [IncidentCategory!]!
|
|
entities - [IncidentEntity!]!
|
|
tags - [String!]!
|
|
direction - String
|
Possible Types
| Anomalies Types |
|---|
Example
{
"id": "4",
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"connectionType": "Host",
"indication": "abc123",
"queryName": "abc123",
"source": "abc123",
"criticality": 123,
"ticket": "xyz789",
"status": "Closed",
"research": false,
"siteName": "abc123",
"storyDuration": 987,
"description": "xyz789",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"sourceIp": "abc123",
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "xyz789",
"categories": ["OPERATIONAL"],
"entities": [IncidentEntity],
"tags": ["abc123"],
"direction": "abc123"
}
AnomalyEvents
BetaDescription
The AnomalyEvents object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
categories - [IncidentCategory!]!
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
tags - [String!]!
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "abc123",
"categories": ["OPERATIONAL"],
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"deviceName": "abc123",
"direction": "abc123",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": "4",
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "xyz789",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"os": "abc123",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"queryName": "xyz789",
"research": true,
"rules": ["xyz789"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "xyz789",
"sourceIp": "abc123",
"srcSiteId": "xyz789",
"status": "Closed",
"storyDuration": 123,
"subjectType": "xyz789",
"tags": ["xyz789"],
"targets": [IncidentTargetRep],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
AnomalyStats
BetaDescription
The AnomalyStats object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
categories - [IncidentCategory!]!
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
tags - [String!]!
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "abc123",
"categories": ["OPERATIONAL"],
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 987,
"description": "xyz789",
"deviceName": "xyz789",
"direction": "abc123",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": "4",
"indication": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "xyz789",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"os": "abc123",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"queryName": "xyz789",
"research": true,
"rules": ["abc123"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "abc123",
"sourceIp": "abc123",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 987,
"subjectType": "abc123",
"tags": ["abc123"],
"targets": [IncidentTargetRep],
"ticket": "abc123",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
AntiMalwareFileHashAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
Block file download by filehash action |
|
|
Bypass file download by filehash action |
Example
"BLOCK"
AntiMalwareFileHashAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AntiMalwareFileHashAction!
|
The action when the file hash is matched: [BLOCK | BYPASS] Default |
description - String!
|
|
enabled - Boolean!
|
|
expirationDate - DateTime!
|
The date when the block or bypass action expires |
fileName - String!
|
The name of the file |
name - String!
|
|
sha256 - SHA_256!
|
The file's unique SHA-256 hash identifier |
Example
{
"action": "BLOCK",
"description": "abc123",
"enabled": false,
"expirationDate": "2007-12-03T10:15:30Z",
"fileName": "abc123",
"name": "xyz789",
"sha256": SHA_256
}
AntiMalwareFileHashAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - AntiMalwareFileHashAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": AntiMalwareFileHashAddRuleDataInput
}
AntiMalwareFileHashPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [AntiMalwareFileHashRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [AntiMalwareFileHashRulePayload],
"sections": [PolicySectionPayload]
}
AntiMalwareFileHashPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
AntiMalwareFileHashPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
AntiMalwareFileHashPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - AntiMalwareFileHashPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": AntiMalwareFileHashPolicy,
"status": "FAILURE"
}
AntiMalwareFileHashPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
AntiMalwareFileHashRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
AntiMalwareFileHashRule
BetaFields
| Field Name | Description |
|---|---|
action - AntiMalwareFileHashAction!
|
The action when the file hash is matched: [BLOCK | BYPASS] |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
expirationDate - DateTime!
|
The date when the block or bypass action expires |
fileName - String!
|
The name of the file |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
section - PolicySectionInfo!
|
Policy section where the rule is located |
sha256 - SHA_256!
|
The file's unique SHA-256 hash identifier |
Example
{
"action": "BLOCK",
"description": "abc123",
"enabled": false,
"expirationDate": "2007-12-03T10:15:30Z",
"fileName": "abc123",
"id": "4",
"index": 123,
"name": "abc123",
"section": PolicySectionInfo,
"sha256": SHA_256
}
AntiMalwareFileHashRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - AntiMalwareFileHashRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": AntiMalwareFileHashRulePayload,
"status": "FAILURE"
}
AntiMalwareFileHashRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - AntiMalwareFileHashRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": AntiMalwareFileHashRule
}
AntiMalwareFileHashUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AntiMalwareFileHashAction
|
The action when the file hash is matched: [BLOCK | BYPASS] |
description - String
|
|
enabled - Boolean
|
|
expirationDate - DateTime
|
The date when the block or bypass action expires |
fileName - String
|
The name of the file |
name - String
|
|
sha256 - SHA_256
|
The file's unique SHA-256 hash identifier |
Example
{
"action": "BLOCK",
"description": "abc123",
"enabled": false,
"expirationDate": "2007-12-03T10:15:30Z",
"fileName": "abc123",
"name": "xyz789",
"sha256": SHA_256
}
AntiMalwareFileHashUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - AntiMalwareFileHashUpdateRuleDataInput!
|
Example
{"id": 4, "rule": AntiMalwareFileHashUpdateRuleDataInput}
AntiTamperModeEnum
BetaDescription
Specifies the level of protection against tampering
Values
| Enum Value | Description |
|---|---|
|
|
Tampering attempts are logged, but changes are permitted |
|
|
No protection. Users are allowed to make changes |
|
|
Changes are blocked. Users are not allowed to make modifications |
Example
"MONITOR"
ApiKeyRef
BetaApnMethod
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"METHOD_AUTO"
AppStats
AppStatsField
Fields
| Field Name | Description |
|---|---|
name - AppStatsFieldName!
|
|
value - Value!
|
Example
{"name": "account_id", "value": StringValue}
AppStatsFieldName
Values
| Enum Value | Description |
|---|---|
|
|
The account id |
|
|
The account name |
|
|
Active Directory name |
|
|
The application identifier use application_id instead |
|
|
The application name use application_name instead |
|
|
Application description |
|
|
The application identifier |
|
|
The application name |
|
|
|
|
|
The application risk score assigned by Cato |
|
|
Cato system categories of the application |
|
|
Cato system category of the application use categories instead |
|
|
Type of process generating this traffic |
|
|
Socket or SDP Client version |
|
|
For hosts configured with a static IP in the Cato Management Application, the host name |
|
|
Connection Origin |
|
|
Application description use application_description instead |
|
|
For Internet traffic, country where the destination host is located |
|
|
IP for destination host or Cato Client |
|
|
Destination is site or remote user |
|
|
Destination port |
|
|
Destination site or remote user identifier |
|
|
Destination Site or remote user identifier |
|
|
Destination Site or remote user name |
|
|
Device Categories |
|
|
Unique Cato ID for devices |
|
|
Device Manufacturer |
|
|
Device Model |
|
|
Name for device related to the traffic |
|
|
Device OS Type |
|
|
Device posture profiles |
|
|
Device Type |
|
|
|
|
|
user tld instead |
|
|
data downloaded from cloud applications |
|
|
Egress PoP Name |
|
|
Egress Site Name for backhauling traffic |
|
|
|
|
|
Full path URL application activity |
|
|
IP address of host related to event |
|
|
MAC address of host related to event |
|
|
the country in which the registered application headquarteres is located |
|
|
HTTP request method (ie. Get, Post) |
|
|
use src_ip/dest_ip instead. Planned end-of-life (EoL) date: July 1, 2026. |
|
|
Network protocol for this event |
|
|
indicates whether the application is considered cloud app/SaaS app |
|
|
Is the application defined as sanctioned? |
|
|
The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically) |
|
|
Matched network rule |
|
|
new cloud application identifier |
|
|
OS version for the device (such as 14.3.0) |
|
|
PoP name |
|
|
QoS Priority value |
|
|
use application_risk_level instead |
|
|
the application risk score assigned by Cato use application_risk_score instead |
|
|
Is the application defined as sanctioned? use is_sanctioned_app instead |
|
|
Country in which the source host is located |
|
|
State in which the source host is located |
|
|
Name for Socket interface |
|
|
Country in which the source host is located (detected via public IP address) |
|
|
Country Code of country in which the source host is located (detected via public IP address) |
|
|
IP for source host or Cato Client |
|
|
Source is site or remote user |
|
|
IP address provided by ISP to site or Client |
|
|
Internal port number |
|
|
Site country code alpha2 |
|
|
Source site or remote user identifier |
|
|
Source site or remote user name |
|
|
Site state code |
|
|
Name of subnet as defined in Cato Management Application use subnet_name instead |
|
|
Name of subnet as defined in Cato Management Application |
|
|
Shows if traffic was TCP accelerated or not |
|
|
Top level domain |
|
|
Shows if traffic was TLS inspected or not |
|
|
TLS Inspection rule name |
|
|
the total sum of upstream and downstream data in bytes use upstream or downstream instead |
|
|
Traffic direction |
|
|
Translated Client IP |
|
|
Translated Server IP |
|
|
data uploaded to cloud applications |
|
|
Method used to get identity with User Awareness (such as Identity Agent) |
|
|
User identifier |
|
|
User name |
|
|
User’s email address |
|
|
use user_id instead |
Example
"account_id"
AppStatsFilter
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
|
operator - FilterOperator!
|
|
values - [String!]!
|
Example
{
"fieldName": "account_id",
"operator": "between",
"values": ["xyz789"]
}
AppStatsPostAggFilter
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
filter - AppStatsFilter!
|
Example
{"aggType": "any", "filter": AppStatsFilter}
AppStatsRecord
Fields
| Field Name | Description |
|---|---|
fields - [AppStatsField!]
|
|
fieldsMap - Map
|
fields in map format (see Map scalar) |
fieldsUnitTypes - [UnitType!]
|
|
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
prevTimeFrame - Map
|
|
trends - Map
|
Example
{
"fields": [AppStatsField],
"fieldsMap": Map,
"fieldsUnitTypes": ["bits"],
"flatFields": ["xyz789"],
"prevTimeFrame": Map,
"trends": Map
}
AppStatsSort
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
|
order - DirectionEnum!
|
Example
{"fieldName": "account_id", "order": "asc"}
AppStatsTimeSeries
AppTenantRestrictionActionEnum
BetaDescription
Allowed actions
Values
| Enum Value | Description |
|---|---|
|
|
Do not inject any Headers nor Values for outgoing traffic |
|
|
Inject Headers and Values for outgoing traffic |
Example
"BYPASS"
AppTenantRestrictionAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AppTenantRestrictionActionEnum!
|
The action applied by the App Tenant Restriction if the rule is matched Default |
application - ApplicationRefInput!
|
Applications for the rule (pre-defined) |
description - String!
|
|
enabled - Boolean!
|
|
headers - [AppTenantRestrictionHeaderValueInput!]!
|
Headers and Values to Inject Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
severity - AppTenantRestrictionSeverityEnum!
|
Severity defined for the rule Default |
source - AppTenantRestrictionSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
Example
{
"action": "BYPASS",
"application": ApplicationRefInput,
"description": "xyz789",
"enabled": false,
"headers": [AppTenantRestrictionHeaderValueInput],
"name": "abc123",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": AppTenantRestrictionSourceInput
}
AppTenantRestrictionAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - AppTenantRestrictionAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": AppTenantRestrictionAddRuleDataInput
}
AppTenantRestrictionHeaderValue
BetaDescription
pair of header name and value
Fields
| Field Name | Description |
|---|---|
name - HttpHeaderName!
|
Header to inject |
value - HttpHeaderValue!
|
Value to inject |
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
AppTenantRestrictionHeaderValueInput
BetaDescription
pair of header name and value
Fields
| Input Field | Description |
|---|---|
name - HttpHeaderName!
|
Header to inject |
value - HttpHeaderValue!
|
Value to inject |
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
AppTenantRestrictionPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [AppTenantRestrictionRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [AppTenantRestrictionRulePayload],
"sections": [PolicySectionPayload]
}
AppTenantRestrictionPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
AppTenantRestrictionPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
AppTenantRestrictionPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - AppTenantRestrictionPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": AppTenantRestrictionPolicy,
"status": "FAILURE"
}
AppTenantRestrictionPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
AppTenantRestrictionRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
AppTenantRestrictionRule
BetaFields
| Field Name | Description |
|---|---|
action - AppTenantRestrictionActionEnum!
|
The action applied by the App Tenant Restriction if the rule is matched |
application - ApplicationRef!
|
Applications for the rule (pre-defined) |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
headers - [AppTenantRestrictionHeaderValue!]!
|
Headers and Values to Inject |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
schedule - PolicySchedule!
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
severity - AppTenantRestrictionSeverityEnum!
|
Severity defined for the rule |
source - AppTenantRestrictionSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "BYPASS",
"application": ApplicationRef,
"description": "abc123",
"enabled": true,
"headers": [AppTenantRestrictionHeaderValue],
"id": "4",
"index": 123,
"name": "xyz789",
"schedule": PolicySchedule,
"section": PolicySectionInfo,
"severity": "HIGH",
"source": AppTenantRestrictionSource
}
AppTenantRestrictionRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - AppTenantRestrictionRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": AppTenantRestrictionRulePayload,
"status": "FAILURE"
}
AppTenantRestrictionRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - AppTenantRestrictionRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": AppTenantRestrictionRule
}
AppTenantRestrictionSeverityEnum
BetaDescription
Severity options
Values
| Enum Value | Description |
|---|---|
|
|
High severity |
|
|
Low severity |
|
|
Medium severity |
Example
"HIGH"
AppTenantRestrictionSource
BetaDescription
Returns the settings for Source of an App Tenant Restriction rule
Fields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
Source country traffic matching criteria. |
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"country": [CountryRef],
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
AppTenantRestrictionSourceInput
BetaDescription
Input of the settings for Source of an App Tenant Restriction rule
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Default |
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
AppTenantRestrictionSourceUpdateInput
BetaDescription
Input of the settings for Source of an App Tenant Restriction rule
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
Source country traffic matching criteria. |
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
AppTenantRestrictionUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AppTenantRestrictionActionEnum
|
The action applied by the App Tenant Restriction if the rule is matched |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
description - String
|
|
enabled - Boolean
|
|
headers - [AppTenantRestrictionHeaderValueInput!]
|
Headers and Values to Inject |
name - String
|
|
schedule - PolicyScheduleUpdateInput
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
severity - AppTenantRestrictionSeverityEnum
|
Severity defined for the rule |
source - AppTenantRestrictionSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "BYPASS",
"application": ApplicationRefInput,
"description": "abc123",
"enabled": false,
"headers": [AppTenantRestrictionHeaderValueInput],
"name": "abc123",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": AppTenantRestrictionSourceUpdateInput
}
AppTenantRestrictionUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - AppTenantRestrictionUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": AppTenantRestrictionUpdateRuleDataInput
}
ApplicationCategoryRef
BetaApplicationCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationConnectorCatalogEntityRef
BetaApplicationConnectorCatalogEntityRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - IdFilterInput
|
|
name - StringFilterInput
|
Example
{
"id": IdFilterInput,
"name": StringFilterInput
}
ApplicationConnectorCatalogEntityRefSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
id - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"id": SortOrderInput,
"name": SortOrderInput
}
ApplicationControlAccessMethod
BetaDescription
Access method matching configuration
Fields
| Field Name | Description |
|---|---|
accessMethod - ApplicationControlAccessMethodType!
|
Specifies the access method type |
operator - ApplicationControlOperator!
|
Defines the comparison operator |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRef
|
References a set of values (used only with IN operator) |
Example
{
"accessMethod": "USER_AGENT",
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRef
}
ApplicationControlAccessMethodInput
BetaDescription
Access method matching configuration
Fields
| Input Field | Description |
|---|---|
accessMethod - ApplicationControlAccessMethodType!
|
Specifies the access method type Default |
operator - ApplicationControlOperator!
|
Defines the comparison operator Default |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRefInput
|
References a set of values (used only with IN operator) |
Example
{
"accessMethod": "USER_AGENT",
"operator": "CONTAINS",
"value": "xyz789",
"valueSet": StringValueSetRefInput
}
ApplicationControlAccessMethodType
BetaDescription
Application Control Access Method Type
Values
| Enum Value | Description |
|---|---|
|
|
User agent identification method |
Example
"USER_AGENT"
ApplicationControlAction
BetaDescription
Application Control Action
Values
| Enum Value | Description |
|---|---|
|
|
Permit the action |
|
|
Prevent the action |
|
|
Log the action without enforcement |
Example
"ALLOW"
ApplicationControlActivity
BetaDescription
Activity matching configuration
Fields
| Field Name | Description |
|---|---|
activity - ApplicationControlActivityRef!
|
References the application control activity type |
field - ApplicationControlActivityFieldRef
|
References specific application control activity fields associated with the activity type |
operator - ApplicationControlOperator
|
Defines the operator used for comparisons |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRef
|
References a set of values (used only with IN operator) |
Example
{
"activity": ApplicationControlActivityRef,
"field": ApplicationControlActivityFieldRef,
"operator": "CONTAINS",
"value": "xyz789",
"valueSet": StringValueSetRef
}
ApplicationControlActivityFieldRef
BetaApplicationControlActivityFieldRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
ApplicationControlActivityInput
BetaDescription
Activity matching configuration
Fields
| Input Field | Description |
|---|---|
activity - ApplicationControlActivityRefInput!
|
References the application control activity type |
field - ApplicationControlActivityFieldRefInput
|
References specific application control activity fields associated with the activity type |
operator - ApplicationControlOperator
|
Defines the operator used for comparisons Default |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRefInput
|
References a set of values (used only with IN operator) |
Example
{
"activity": ApplicationControlActivityRefInput,
"field": ApplicationControlActivityFieldRefInput,
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRefInput
}
ApplicationControlActivityRef
BetaApplicationControlActivityRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationControlAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
applicationRule - ApplicationControlApplicationRuleInput
|
Defines application control settings. Must only be used when ruleType is APPLICATION Default |
dataRule - ApplicationControlDataRuleInput
|
Defines data control settings. Must only be used when ruleType is DATA Default |
description - String!
|
|
enabled - Boolean!
|
|
fileRule - ApplicationControlFileRuleInput
|
Defines file control settings. Must only be used when ruleType is FILE Default |
name - String!
|
|
ruleType - ApplicationControlRuleType!
|
Determines which rule configuration to use. When set to APPLICATION, only applicationRule should be used. When set to DATA, only dataRule should be used. When set to FILE, only fileRule should be used Default |
Example
{
"applicationRule": ApplicationControlApplicationRuleInput,
"dataRule": ApplicationControlDataRuleInput,
"description": "abc123",
"enabled": false,
"fileRule": ApplicationControlFileRuleInput,
"name": "abc123",
"ruleType": "APPLICATION"
}
ApplicationControlAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - ApplicationControlAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": ApplicationControlAddRuleDataInput
}
ApplicationControlApplication
BetaDescription
Application matching configuration. Only one of the following fields should be filled - the others must remain empty.
Fields
| Field Name | Description |
|---|---|
appCategory - ApplicationCategoryRef
|
Cato category of applications which are dynamically updated by Cato |
application - ApplicationRef
|
Applications for the rule (pre-defined) |
applicationType - [ApplicationType!]!
|
Application types |
customApp - CustomApplicationRef
|
Custom (user-defined) applications |
customCategory - CustomCategoryRef
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
sanctionedAppsCategory - SanctionedAppsCategoryRef
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
Example
{
"appCategory": ApplicationCategoryRef,
"application": ApplicationRef,
"applicationType": ["APPLICATION"],
"customApp": CustomApplicationRef,
"customCategory": CustomCategoryRef,
"sanctionedAppsCategory": SanctionedAppsCategoryRef
}
ApplicationControlApplicationInput
BetaDescription
Application matching configuration. Only one of the following fields should be filled - the others must remain empty.
Fields
| Input Field | Description |
|---|---|
appCategory - ApplicationCategoryRefInput
|
Cato category of applications which are dynamically updated by Cato |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
applicationType - [ApplicationType!]!
|
Application types Default |
customApp - CustomApplicationRefInput
|
Custom (user-defined) applications |
customCategory - CustomCategoryRefInput
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
sanctionedAppsCategory - SanctionedAppsCategoryRefInput
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
Example
{
"appCategory": ApplicationCategoryRefInput,
"application": ApplicationRefInput,
"applicationType": ["APPLICATION"],
"customApp": CustomApplicationRefInput,
"customCategory": CustomCategoryRefInput,
"sanctionedAppsCategory": SanctionedAppsCategoryRefInput
}
ApplicationControlApplicationRule
BetaDescription
Configuration for application-based control rules
Fields
| Field Name | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethod!]!
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match |
application - ApplicationControlApplication!
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivity!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContext!
|
Defines application context criteria with OR logic within sets and AND between sets |
applicationCriteria - ApplicationControlCriteria!
|
Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets |
applicationCriteriaSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL criteria must match |
device - [DeviceProfileRef!]!
|
Defines device profile criteria with OR logic within sets and AND between sets |
schedule - PolicySchedule!
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level |
source - ApplicationControlSource!
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTracking!
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethod],
"action": "ALLOW",
"application": ApplicationControlApplication,
"applicationActivity": [ApplicationControlActivity],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContext,
"applicationCriteria": ApplicationControlCriteria,
"applicationCriteriaSatisfy": "ALL",
"device": [DeviceProfileRef],
"schedule": PolicySchedule,
"severity": "HIGH",
"source": ApplicationControlSource,
"tracking": PolicyTracking
}
ApplicationControlApplicationRuleInput
BetaDescription
Configuration for application-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]!
|
Defines access method criteria with OR logic within sets and AND between sets Default |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match Default |
application - ApplicationControlApplicationInput!
|
Defines application matching criteria with OR logic within sets and AND between sets Default |
applicationActivity - [ApplicationControlActivityInput!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets Default |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match Default |
applicationContext - ApplicationControlContextInput!
|
Defines application context criteria with OR logic within sets and AND between sets Default |
applicationCriteria - ApplicationControlCriteriaInput!
|
Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets Default |
applicationCriteriaSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL criteria must match Default |
device - [DeviceProfileRefInput!]!
|
Defines device profile criteria with OR logic within sets and AND between sets Default |
schedule - PolicyScheduleInput!
|
Defines time periods when the rule is active Default |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level Default |
source - ApplicationControlSourceInput!
|
Defines source traffic criteria with OR logic within sets and AND between sets Default |
tracking - PolicyTrackingInput!
|
Specifies event logging and notification settings Default |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"application": ApplicationControlApplicationInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextInput,
"applicationCriteria": ApplicationControlCriteriaInput,
"applicationCriteriaSatisfy": "ALL",
"device": [DeviceProfileRefInput],
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": ApplicationControlSourceInput,
"tracking": PolicyTrackingInput
}
ApplicationControlApplicationRuleUpdateInput
BetaDescription
Configuration for application-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction
|
Defines the enforcement action when rule conditions match |
application - ApplicationControlApplicationUpdateInput
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivityInput!]
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContextUpdateInput
|
Defines application context criteria with OR logic within sets and AND between sets |
applicationCriteria - ApplicationControlCriteriaUpdateInput
|
Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets |
applicationCriteriaSatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL criteria must match |
device - [DeviceProfileRefInput!]
|
Defines device profile criteria with OR logic within sets and AND between sets |
schedule - PolicyScheduleUpdateInput
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity
|
Indicates the rule's severity level |
source - ApplicationControlSourceUpdateInput
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTrackingUpdateInput
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"application": ApplicationControlApplicationUpdateInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextUpdateInput,
"applicationCriteria": ApplicationControlCriteriaUpdateInput,
"applicationCriteriaSatisfy": "ALL",
"device": [DeviceProfileRefInput],
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": ApplicationControlSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
ApplicationControlApplicationUpdateInput
BetaDescription
Application matching configuration. Only one of the following fields should be filled - the others must remain empty.
Fields
| Input Field | Description |
|---|---|
appCategory - ApplicationCategoryRefInput
|
Cato category of applications which are dynamically updated by Cato |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
applicationType - [ApplicationType!]
|
Application types |
customApp - CustomApplicationRefInput
|
Custom (user-defined) applications |
customCategory - CustomCategoryRefInput
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
sanctionedAppsCategory - SanctionedAppsCategoryRefInput
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
Example
{
"appCategory": ApplicationCategoryRefInput,
"application": ApplicationRefInput,
"applicationType": ["APPLICATION"],
"customApp": CustomApplicationRefInput,
"customCategory": CustomCategoryRefInput,
"sanctionedAppsCategory": SanctionedAppsCategoryRefInput
}
ApplicationControlAttributeValue
BetaDescription
Attribute Value
Values
| Enum Value | Description |
|---|---|
|
|
Any Value |
|
|
Not Supported |
|
|
Supported |
Example
"ANY"
ApplicationControlAttributes
BetaDescription
Application attributes, such as compliance and security, see the app catalog for details
Fields
| Field Name | Description |
|---|---|
complianceAttributes - ApplicationControlComplianceAttributes!
|
Compliance attributes |
securityAttributes - ApplicationControlSecurityAttributes!
|
Security attributes |
Example
{
"complianceAttributes": ApplicationControlComplianceAttributes,
"securityAttributes": ApplicationControlSecurityAttributes
}
ApplicationControlAttributesInput
BetaDescription
Application attributes, such as compliance and security, see the app catalog for details
Fields
| Input Field | Description |
|---|---|
complianceAttributes - ApplicationControlComplianceAttributesInput!
|
Compliance attributes Default |
securityAttributes - ApplicationControlSecurityAttributesInput!
|
Security attributes Default |
Example
{
"complianceAttributes": ApplicationControlComplianceAttributesInput,
"securityAttributes": ApplicationControlSecurityAttributesInput
}
ApplicationControlAttributesUpdateInput
BetaDescription
Application attributes, such as compliance and security, see the app catalog for details
Fields
| Input Field | Description |
|---|---|
complianceAttributes - ApplicationControlComplianceAttributesUpdateInput
|
Compliance attributes |
securityAttributes - ApplicationControlSecurityAttributesUpdateInput
|
Security attributes |
Example
{
"complianceAttributes": ApplicationControlComplianceAttributesUpdateInput,
"securityAttributes": ApplicationControlSecurityAttributesUpdateInput
}
ApplicationControlComplianceAttributes
BetaDescription
Compliance attributes
Fields
| Field Name | Description |
|---|---|
hippa - ApplicationControlAttributeValue!
|
HIPAA |
isae3402 - ApplicationControlAttributeValue!
|
ISAE 3402 |
iso27001 - ApplicationControlAttributeValue!
|
ISO 27001 |
pciDss - ApplicationControlAttributeValue!
|
PCI DSS |
soc1 - ApplicationControlAttributeValue!
|
SOC 1 |
soc2 - ApplicationControlAttributeValue!
|
SOC 2 |
soc3 - ApplicationControlAttributeValue!
|
SOC 3 |
sox - ApplicationControlAttributeValue!
|
SOX |
Example
{
"hippa": "ANY",
"isae3402": "ANY",
"iso27001": "ANY",
"pciDss": "ANY",
"soc1": "ANY",
"soc2": "ANY",
"soc3": "ANY",
"sox": "ANY"
}
ApplicationControlComplianceAttributesInput
BetaDescription
Compliance attributes
Fields
| Input Field | Description |
|---|---|
hippa - ApplicationControlAttributeValue!
|
HIPAA Default |
isae3402 - ApplicationControlAttributeValue!
|
ISAE 3402 Default |
iso27001 - ApplicationControlAttributeValue!
|
ISO 27001 Default |
pciDss - ApplicationControlAttributeValue!
|
PCI DSS Default |
soc1 - ApplicationControlAttributeValue!
|
SOC 1 Default |
soc2 - ApplicationControlAttributeValue!
|
SOC 2 Default |
soc3 - ApplicationControlAttributeValue!
|
SOC 3 Default |
sox - ApplicationControlAttributeValue!
|
SOX Default |
Example
{
"hippa": "ANY",
"isae3402": "ANY",
"iso27001": "ANY",
"pciDss": "ANY",
"soc1": "ANY",
"soc2": "ANY",
"soc3": "ANY",
"sox": "ANY"
}
ApplicationControlComplianceAttributesUpdateInput
BetaDescription
Compliance attributes
Fields
| Input Field | Description |
|---|---|
hippa - ApplicationControlAttributeValue
|
HIPAA |
isae3402 - ApplicationControlAttributeValue
|
ISAE 3402 |
iso27001 - ApplicationControlAttributeValue
|
ISO 27001 |
pciDss - ApplicationControlAttributeValue
|
PCI DSS |
soc1 - ApplicationControlAttributeValue
|
SOC 1 |
soc2 - ApplicationControlAttributeValue
|
SOC 2 |
soc3 - ApplicationControlAttributeValue
|
SOC 3 |
sox - ApplicationControlAttributeValue
|
SOX |
Example
{
"hippa": "ANY",
"isae3402": "ANY",
"iso27001": "ANY",
"pciDss": "ANY",
"soc1": "ANY",
"soc2": "ANY",
"soc3": "ANY",
"sox": "ANY"
}
ApplicationControlConfig
BetaDescription
Additional attributes for application control
Fields
| Field Name | Description |
|---|---|
dataControlEnabled - PolicyToggleState!
|
Data Control Enabled |
Example
{"dataControlEnabled": "DISABLED"}
ApplicationControlConfigInput
BetaFields
| Input Field | Description |
|---|---|
dataControlEnabled - PolicyToggleState!
|
Data Control Enabled Default |
Example
{"dataControlEnabled": "DISABLED"}
ApplicationControlContentTypeGroupRef
BetaApplicationControlContentTypeGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationControlContentTypeRef
BetaApplicationControlContentTypeRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
ApplicationControlContext
BetaFields
| Field Name | Description |
|---|---|
applicationTenant - [ApplicationControlTenant!]!
|
Defines the name of the application tenant to which the policy rule applies |
Example
{"applicationTenant": [ApplicationControlTenant]}
ApplicationControlContextInput
BetaFields
| Input Field | Description |
|---|---|
applicationTenant - [ApplicationControlTenantInput!]!
|
Defines the name of the application tenant to which the policy rule applies Default |
Example
{"applicationTenant": [ApplicationControlTenantInput]}
ApplicationControlContextUpdateInput
BetaFields
| Input Field | Description |
|---|---|
applicationTenant - [ApplicationControlTenantInput!]
|
Defines the name of the application tenant to which the policy rule applies |
Example
{"applicationTenant": [ApplicationControlTenantInput]}
ApplicationControlCriteria
BetaDescription
Application criteria configuration
Fields
| Field Name | Description |
|---|---|
attributes - ApplicationControlAttributes!
|
Application attributes, such as compliance and security, see the app catalog for details |
originCountry - [CountryRef!]!
|
Application registered country of origin |
risk - [ApplicationControlRiskCriteria!]!
|
Application risk |
Example
{
"attributes": ApplicationControlAttributes,
"originCountry": [CountryRef],
"risk": [ApplicationControlRiskCriteria]
}
ApplicationControlCriteriaInput
BetaDescription
Application criteria configuration
Fields
| Input Field | Description |
|---|---|
attributes - ApplicationControlAttributesInput!
|
Application attributes, such as compliance and security, see the app catalog for details Default |
originCountry - [CountryRefInput!]!
|
Application registered country of origin Default |
risk - [ApplicationControlRiskCriteriaInput!]!
|
Application risk Default |
Example
{
"attributes": ApplicationControlAttributesInput,
"originCountry": [CountryRefInput],
"risk": [ApplicationControlRiskCriteriaInput]
}
ApplicationControlCriteriaUpdateInput
BetaDescription
Application criteria configuration
Fields
| Input Field | Description |
|---|---|
attributes - ApplicationControlAttributesUpdateInput
|
Application attributes, such as compliance and security, see the app catalog for details |
originCountry - [CountryRefInput!]
|
Application registered country of origin |
risk - [ApplicationControlRiskCriteriaInput!]
|
Application risk |
Example
{
"attributes": ApplicationControlAttributesUpdateInput,
"originCountry": [CountryRefInput],
"risk": [ApplicationControlRiskCriteriaInput]
}
ApplicationControlCriterionRef
BetaApplicationControlDataRule
BetaDescription
Configuration for data-based control rules
Fields
| Field Name | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethod!]!
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match |
application - ApplicationControlApplication!
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivity!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContext!
|
Defines application context criteria with OR logic within sets and AND between sets |
device - [DeviceProfileRef!]!
|
Defines device profile criteria with OR logic within sets and AND between sets |
dlpProfile - ApplicationControlDlpProfile!
|
Specifies DLP profile matching criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttribute!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicySchedule!
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level |
source - ApplicationControlSource!
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTracking!
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethod],
"action": "ALLOW",
"application": ApplicationControlApplication,
"applicationActivity": [ApplicationControlActivity],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContext,
"device": [DeviceProfileRef],
"dlpProfile": ApplicationControlDlpProfile,
"fileAttribute": [ApplicationControlFileAttribute],
"fileAttributeSatisfy": "ALL",
"schedule": PolicySchedule,
"severity": "HIGH",
"source": ApplicationControlSource,
"tracking": PolicyTracking
}
ApplicationControlDataRuleInput
BetaDescription
Configuration for data-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]!
|
Defines access method criteria with OR logic within sets and AND between sets Default |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match Default |
application - ApplicationControlApplicationInput!
|
Defines application matching criteria with OR logic within sets and AND between sets Default |
applicationActivity - [ApplicationControlActivityInput!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets Default |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match Default |
applicationContext - ApplicationControlContextInput!
|
Defines application context criteria with OR logic within sets and AND between sets Default |
device - [DeviceProfileRefInput!]!
|
Defines device profile criteria with OR logic within sets and AND between sets Default |
dlpProfile - ApplicationControlDlpProfileInput!
|
Specifies DLP profile matching criteria with OR logic within sets and AND between sets Default |
fileAttribute - [ApplicationControlFileAttributeInput!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets Default |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match Default |
schedule - PolicyScheduleInput!
|
Defines time periods when the rule is active Default |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level Default |
source - ApplicationControlSourceInput!
|
Defines source traffic criteria with OR logic within sets and AND between sets Default |
tracking - PolicyTrackingInput!
|
Specifies event logging and notification settings Default |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"application": ApplicationControlApplicationInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextInput,
"device": [DeviceProfileRefInput],
"dlpProfile": ApplicationControlDlpProfileInput,
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": ApplicationControlSourceInput,
"tracking": PolicyTrackingInput
}
ApplicationControlDataRuleUpdateInput
BetaDescription
Configuration for data-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction
|
Defines the enforcement action when rule conditions match |
application - ApplicationControlApplicationUpdateInput
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivityInput!]
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContextUpdateInput
|
Defines application context criteria with OR logic within sets and AND between sets |
device - [DeviceProfileRefInput!]
|
Defines device profile criteria with OR logic within sets and AND between sets |
dlpProfile - ApplicationControlDlpProfileUpdateInput
|
Specifies DLP profile matching criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttributeInput!]
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicyScheduleUpdateInput
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity
|
Indicates the rule's severity level |
source - ApplicationControlSourceUpdateInput
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTrackingUpdateInput
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"application": ApplicationControlApplicationUpdateInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextUpdateInput,
"device": [DeviceProfileRefInput],
"dlpProfile": ApplicationControlDlpProfileUpdateInput,
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": ApplicationControlSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
ApplicationControlDlpProfile
BetaDescription
DLP profile configuration
Fields
| Field Name | Description |
|---|---|
contentProfile - [DlpContentProfileRef!]!
|
References DLP content matching profiles |
edmProfile - [DlpEdmProfileRef!]!
|
References DLP exact data matching profiles |
Example
{
"contentProfile": [DlpContentProfileRef],
"edmProfile": [DlpEdmProfileRef]
}
ApplicationControlDlpProfileInput
BetaDescription
DLP profile configuration
Fields
| Input Field | Description |
|---|---|
contentProfile - [DlpContentProfileRefInput!]!
|
References DLP content matching profiles Default |
edmProfile - [DlpEdmProfileRefInput!]!
|
References DLP exact data matching profiles Default |
Example
{
"contentProfile": [DlpContentProfileRefInput],
"edmProfile": [DlpEdmProfileRefInput]
}
ApplicationControlDlpProfileUpdateInput
BetaDescription
DLP profile configuration
Fields
| Input Field | Description |
|---|---|
contentProfile - [DlpContentProfileRefInput!]
|
References DLP content matching profiles |
edmProfile - [DlpEdmProfileRefInput!]
|
References DLP exact data matching profiles |
Example
{
"contentProfile": [DlpContentProfileRefInput],
"edmProfile": [DlpEdmProfileRefInput]
}
ApplicationControlFileAttribute
BetaDescription
File attribute matching configuration
Fields
| Field Name | Description |
|---|---|
contentTypeGroupValues - [ApplicationControlContentTypeGroupRef!]!
|
Specifies the content types groups (used only with Content Type attribute) |
contentTypeValues - [ApplicationControlContentTypeRef!]!
|
Specifies the content types (used only with Content Type attribute) |
fileAttribute - ApplicationControlFileAttributeType!
|
Specifies the file attribute type |
operator - ApplicationControlOperator!
|
Defines the comparison operator |
value - String
|
Specifies the comparison value (used with all attributes except Content Type) |
Example
{
"contentTypeGroupValues": [
ApplicationControlContentTypeGroupRef
],
"contentTypeValues": [ApplicationControlContentTypeRef],
"fileAttribute": "CONTENT_IS_ENCRYPTED",
"operator": "CONTAINS",
"value": "xyz789"
}
ApplicationControlFileAttributeInput
BetaDescription
File attribute matching configuration
Fields
| Input Field | Description |
|---|---|
contentTypeGroupValues - [ApplicationControlContentTypeGroupRefInput!]!
|
Specifies the content types groups (used only with Content Type attribute) Default |
contentTypeValues - [ApplicationControlContentTypeRefInput!]!
|
Specifies the content types (used only with Content Type attribute) Default |
fileAttribute - ApplicationControlFileAttributeType!
|
Specifies the file attribute type Default |
operator - ApplicationControlOperator!
|
Defines the comparison operator Default |
value - String
|
Specifies the comparison value (used with all attributes except Content Type) |
Example
{
"contentTypeGroupValues": [
ApplicationControlContentTypeGroupRefInput
],
"contentTypeValues": [
ApplicationControlContentTypeRefInput
],
"fileAttribute": "CONTENT_IS_ENCRYPTED",
"operator": "CONTAINS",
"value": "xyz789"
}
ApplicationControlFileAttributeType
BetaDescription
Application Control File Attribute Type
Values
| Enum Value | Description |
|---|---|
|
|
File encryption status |
|
|
File Size |
|
|
File type classification |
Example
"CONTENT_IS_ENCRYPTED"
ApplicationControlFileRule
BetaDescription
Configuration for file-based control rules
Fields
| Field Name | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethod!]!
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match |
application - ApplicationControlApplication!
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivity!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match |
device - [DeviceProfileRef!]!
|
Defines device profile criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttribute!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicySchedule!
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level |
source - ApplicationControlSource!
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTracking!
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethod],
"action": "ALLOW",
"application": ApplicationControlApplication,
"applicationActivity": [ApplicationControlActivity],
"applicationActivitySatisfy": "ALL",
"device": [DeviceProfileRef],
"fileAttribute": [ApplicationControlFileAttribute],
"fileAttributeSatisfy": "ALL",
"schedule": PolicySchedule,
"severity": "HIGH",
"source": ApplicationControlSource,
"tracking": PolicyTracking
}
ApplicationControlFileRuleInput
BetaDescription
Configuration for file-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]!
|
Defines access method criteria with OR logic within sets and AND between sets Default |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match Default |
application - ApplicationControlApplicationInput!
|
Defines application matching criteria with OR logic within sets and AND between sets Default |
applicationActivity - [ApplicationControlActivityInput!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets Default |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match Default |
device - [DeviceProfileRefInput!]!
|
Defines device profile criteria with OR logic within sets and AND between sets Default |
fileAttribute - [ApplicationControlFileAttributeInput!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets Default |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match Default |
schedule - PolicyScheduleInput!
|
Defines time periods when the rule is active Default |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level Default |
source - ApplicationControlSourceInput!
|
Defines source traffic criteria with OR logic within sets and AND between sets Default |
tracking - PolicyTrackingInput!
|
Specifies event logging and notification settings Default |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"application": ApplicationControlApplicationInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"device": [DeviceProfileRefInput],
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": ApplicationControlSourceInput,
"tracking": PolicyTrackingInput
}
ApplicationControlFileRuleUpdateInput
BetaDescription
Configuration for file-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction
|
Defines the enforcement action when rule conditions match |
application - ApplicationControlApplicationUpdateInput
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivityInput!]
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL activity criteria must match |
device - [DeviceProfileRefInput!]
|
Defines device profile criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttributeInput!]
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicyScheduleUpdateInput
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity
|
Indicates the rule's severity level |
source - ApplicationControlSourceUpdateInput
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTrackingUpdateInput
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"application": ApplicationControlApplicationUpdateInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"device": [DeviceProfileRefInput],
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": ApplicationControlSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
ApplicationControlOperator
BetaDescription
Application Control Operator
Values
| Enum Value | Description |
|---|---|
|
|
Substring match comparison |
|
|
Numerical greater than comparison |
|
|
Set membership comparison |
|
|
Exact match comparison |
|
|
Numerical less than or equal comparison |
Example
"CONTAINS"
ApplicationControlPolicy
BetaFields
| Field Name | Description |
|---|---|
additionalAttributes - ApplicationControlConfig
|
|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [ApplicationControlRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"additionalAttributes": ApplicationControlConfig,
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [ApplicationControlRulePayload],
"sections": [PolicySectionPayload]
}
ApplicationControlPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
ApplicationControlPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
ApplicationControlPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - ApplicationControlPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": ApplicationControlPolicy,
"status": "FAILURE"
}
ApplicationControlPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
additionalAttributes - ApplicationControlConfigInput
|
|
state - PolicyToggleState
|
Example
{
"additionalAttributes": ApplicationControlConfigInput,
"state": "DISABLED"
}
ApplicationControlRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
ApplicationControlRiskCriteria
BetaDescription
Application risk
Fields
| Field Name | Description |
|---|---|
risk - ApplicationRisk!
|
Application risk |
riskOperator - ApplicationControlOperator!
|
Application risk operator |
Example
{"risk": ApplicationRisk, "riskOperator": "CONTAINS"}
ApplicationControlRiskCriteriaInput
BetaDescription
Application risk
Fields
| Input Field | Description |
|---|---|
risk - ApplicationRisk!
|
Application risk |
riskOperator - ApplicationControlOperator!
|
Application risk operator Default |
Example
{"risk": ApplicationRisk, "riskOperator": "CONTAINS"}
ApplicationControlRule
BetaFields
| Field Name | Description |
|---|---|
applicationRule - ApplicationControlApplicationRule
|
Defines application control settings. Must only be used when ruleType is APPLICATION |
dataRule - ApplicationControlDataRule
|
Defines data control settings. Must only be used when ruleType is DATA |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
fileRule - ApplicationControlFileRule
|
Defines file control settings. Must only be used when ruleType is FILE |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
ruleType - ApplicationControlRuleType!
|
Determines which rule configuration to use. When set to APPLICATION, only applicationRule should be used. When set to DATA, only dataRule should be used. When set to FILE, only fileRule should be used |
section - PolicySectionInfo!
|
Policy section where the rule is located |
Example
{
"applicationRule": ApplicationControlApplicationRule,
"dataRule": ApplicationControlDataRule,
"description": "xyz789",
"enabled": false,
"fileRule": ApplicationControlFileRule,
"id": "4",
"index": 987,
"name": "abc123",
"ruleType": "APPLICATION",
"section": PolicySectionInfo
}
ApplicationControlRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - ApplicationControlRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": ApplicationControlRulePayload,
"status": "FAILURE"
}
ApplicationControlRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - ApplicationControlRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": ApplicationControlRule
}
ApplicationControlRuleType
BetaDescription
Application Control Rule Type
Values
| Enum Value | Description |
|---|---|
|
|
Specifies an application control rule |
|
|
Specifies an data control rule |
|
|
Specifies an file control rule |
Example
"APPLICATION"
ApplicationControlSatisfy
BetaDescription
Application Control Satisfy
Values
| Enum Value | Description |
|---|---|
|
|
Match only if all criteria are met |
|
|
Match if any criteria are met |
Example
"ALL"
ApplicationControlSecurityAttributes
BetaDescription
Security attributes
Fields
| Field Name | Description |
|---|---|
auditTrail - ApplicationControlAttributeValue!
|
Audit trail |
encryptionAtRest - ApplicationControlAttributeValue!
|
Encryption at rest |
httpSecurityHeaders - ApplicationControlAttributeValue!
|
Http security headers |
mfa - ApplicationControlAttributeValue!
|
MFA |
rbac - ApplicationControlAttributeValue!
|
RBAC |
rememberPassword - ApplicationControlAttributeValue!
|
Remember password |
sso - ApplicationControlAttributeValue!
|
SSO |
tlsEnforcement - ApplicationControlAttributeValue!
|
TLS enforcement |
trustedCertificate - ApplicationControlAttributeValue!
|
Trusted certificate |
Example
{
"auditTrail": "ANY",
"encryptionAtRest": "ANY",
"httpSecurityHeaders": "ANY",
"mfa": "ANY",
"rbac": "ANY",
"rememberPassword": "ANY",
"sso": "ANY",
"tlsEnforcement": "ANY",
"trustedCertificate": "ANY"
}
ApplicationControlSecurityAttributesInput
BetaDescription
Security attributes
Fields
| Input Field | Description |
|---|---|
auditTrail - ApplicationControlAttributeValue!
|
Audit trail Default |
encryptionAtRest - ApplicationControlAttributeValue!
|
Encryption at rest Default |
httpSecurityHeaders - ApplicationControlAttributeValue!
|
Http security headers Default |
mfa - ApplicationControlAttributeValue!
|
MFA Default |
rbac - ApplicationControlAttributeValue!
|
RBAC Default |
rememberPassword - ApplicationControlAttributeValue!
|
Remember password Default |
sso - ApplicationControlAttributeValue!
|
SSO Default |
tlsEnforcement - ApplicationControlAttributeValue!
|
TLS enforcement Default |
trustedCertificate - ApplicationControlAttributeValue!
|
Trusted certificate Default |
Example
{
"auditTrail": "ANY",
"encryptionAtRest": "ANY",
"httpSecurityHeaders": "ANY",
"mfa": "ANY",
"rbac": "ANY",
"rememberPassword": "ANY",
"sso": "ANY",
"tlsEnforcement": "ANY",
"trustedCertificate": "ANY"
}
ApplicationControlSecurityAttributesUpdateInput
BetaDescription
Security attributes
Fields
| Input Field | Description |
|---|---|
auditTrail - ApplicationControlAttributeValue
|
Audit trail |
encryptionAtRest - ApplicationControlAttributeValue
|
Encryption at rest |
httpSecurityHeaders - ApplicationControlAttributeValue
|
Http security headers |
mfa - ApplicationControlAttributeValue
|
MFA |
rbac - ApplicationControlAttributeValue
|
RBAC |
rememberPassword - ApplicationControlAttributeValue
|
Remember password |
sso - ApplicationControlAttributeValue
|
SSO |
tlsEnforcement - ApplicationControlAttributeValue
|
TLS enforcement |
trustedCertificate - ApplicationControlAttributeValue
|
Trusted certificate |
Example
{
"auditTrail": "ANY",
"encryptionAtRest": "ANY",
"httpSecurityHeaders": "ANY",
"mfa": "ANY",
"rbac": "ANY",
"rememberPassword": "ANY",
"sso": "ANY",
"tlsEnforcement": "ANY",
"trustedCertificate": "ANY"
}
ApplicationControlSeverity
BetaDescription
Severity level
Values
| Enum Value | Description |
|---|---|
|
|
Indicates a high severity level |
|
|
Indicates a low severity level |
|
|
Indicates a medium severity level |
Example
"HIGH"
ApplicationControlSource
BetaDescription
Source traffic matching configuration
Fields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
Country traffic matching criteria |
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"country": [CountryRef],
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
ApplicationControlSourceInput
BetaDescription
Source traffic matching configuration
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
Country traffic matching criteria Default |
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ApplicationControlSourceUpdateInput
BetaDescription
Source traffic matching configuration
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
Country traffic matching criteria |
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ApplicationControlTenant
BetaDescription
Tenant matching configuration
Fields
| Field Name | Description |
|---|---|
operator - ApplicationControlOperator
|
Defines the operator used for comparisons |
value - String
|
Specifies the comparison value |
valueSet - StringValueSetRef
|
References a set of values (used only with IN operator) |
Example
{
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRef
}
ApplicationControlTenantInput
BetaDescription
Tenant matching configuration
Fields
| Input Field | Description |
|---|---|
operator - ApplicationControlOperator
|
Defines the operator used for comparisons Default |
value - String
|
Specifies the comparison value |
valueSet - StringValueSetRefInput
|
References a set of values (used only with IN operator) |
Example
{
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRefInput
}
ApplicationControlUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
applicationRule - ApplicationControlApplicationRuleUpdateInput
|
Defines application control settings. Must only be used when ruleType is APPLICATION |
dataRule - ApplicationControlDataRuleUpdateInput
|
Defines data control settings. Must only be used when ruleType is DATA |
description - String
|
|
enabled - Boolean
|
|
fileRule - ApplicationControlFileRuleUpdateInput
|
Defines file control settings. Must only be used when ruleType is FILE |
name - String
|
|
ruleType - ApplicationControlRuleType
|
Determines which rule configuration to use. When set to APPLICATION, only applicationRule should be used. When set to DATA, only dataRule should be used. When set to FILE, only fileRule should be used |
Example
{
"applicationRule": ApplicationControlApplicationRuleUpdateInput,
"dataRule": ApplicationControlDataRuleUpdateInput,
"description": "xyz789",
"enabled": false,
"fileRule": ApplicationControlFileRuleUpdateInput,
"name": "xyz789",
"ruleType": "APPLICATION"
}
ApplicationControlUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - ApplicationControlUpdateRuleDataInput!
|
Example
{"id": 4, "rule": ApplicationControlUpdateRuleDataInput}
ApplicationRef
BetaApplicationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
ApplicationRisk
BetaDescription
Application Risk
Example
ApplicationRisk
ApplicationType
BetaDescription
Application Type
Values
| Enum Value | Description |
|---|---|
|
|
Application |
|
|
Cloud Application type |
|
|
Service |
Example
"APPLICATION"
Asn16
BetaDescription
16 bit autonomous system number [0-65535]
Example
Asn16
Asn32
BetaDescription
32 bit autonomous system number [0-4294967295]
Example
Asn32
AssignSiteBwLicenseInput
BetaFields
| Input Field | Description |
|---|---|
bw - Int
|
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license. This field should not be used if a site license is used. |
licenseId - ID!
|
The license that is being assigned |
site - SiteRefInput!
|
The site the license is assigned to |
Example
{
"bw": 123,
"licenseId": "4",
"site": SiteRefInput
}
AssignSiteBwLicensePayload
BetaFields
| Field Name | Description |
|---|---|
license - License!
|
Example
{"license": License}
AtpLicense
BetaDescription
Advanced Threat Prevention (ATP) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
AuditFeed
Example
{
"accounts": [AuditFeedAccountRecords],
"fetchedCount": 123,
"from": "2007-12-03T10:15:30Z",
"hasMore": false,
"marker": "xyz789",
"to": "2007-12-03T10:15:30Z"
}
AuditFeedAccountRecords
Fields
| Field Name | Description |
|---|---|
id - ID
|
|
records - [AuditRecord!]
|
|
Arguments
|
|
Example
{"id": 4, "records": [AuditRecord]}
AuditField
AuditFieldFilterInput
Fields
| Input Field | Description |
|---|---|
fieldName - FieldNameInput!
|
|
operator - ElasticOperator!
|
Use AuditFieldName for audits |
values - [String!]
|
Example
{
"fieldName": FieldNameInput,
"operator": "between",
"values": ["abc123"]
}
AuditFieldName
Values
| Enum Value | Description |
|---|---|
|
|
The name of the account on which the record was created |
|
|
The id of the account on which the record was created |
|
|
The admin whose action generated the record |
|
|
The ID of the admin whose action generated the record |
|
|
The api key whose action generated the record |
|
|
|
|
|
the nature of the change: CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED
|
|
|
Time the record was created |
|
|
Time the record was committed to storage |
|
|
The name of the object that was affected, e.g. 'My Site' |
|
|
The type of object that was affected. e.g. Site, Socket, SocketInterface |
|
|
Less granular than model_name, a general marker of the modified area: administration, configuration, security |
Example
"account"
AuditRecord
Description
Represents a single event in the audit database
Fields
| Field Name | Description |
|---|---|
account - EntityInfo
|
|
admin - Entity
|
|
apiKey - Entity
|
|
fields - [AuditField!]
|
All fields in the audit record (including the admin and object) |
fieldsMap - Map
|
fields in map format (see Map scalar) |
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
object - Entity
|
|
time - DateTime
|
Example
{
"account": EntityInfo,
"admin": Entity,
"apiKey": Entity,
"fields": [AuditField],
"fieldsMap": Map,
"flatFields": ["xyz789"],
"object": Entity,
"time": "2007-12-03T10:15:30Z"
}
AuditingMetadata
BetaAuditingMetadataFilterInput
BetaFields
| Input Field | Description |
|---|---|
updatedBy - ActorRefInput
|
|
updatedTime - DateTimeFilterInput
|
Example
{
"updatedBy": ActorRefInput,
"updatedTime": DateTimeFilterInput
}
AuditingMetadataSortInput
BetaFields
| Input Field | Description |
|---|---|
updatedBy - SortOrderInput
|
|
updatedTime - SortOrderInput
|
Example
{
"updatedBy": SortOrderInput,
"updatedTime": SortOrderInput
}
Description
Input parameters for querying available versions.
Fields
| Input Field | Description |
|---|---|
platforms - [String!]!
|
List of platforms to retrieve available versions for. |
Example
{"platforms": ["xyz789"]}
Description
Response payload for available versions query.
Fields
| Field Name | Description |
|---|---|
items - [PlatformVersions!]!
|
List of available versions for each requested platform. |
Example
{"items": [PlatformVersions]}
BGPConnection
BandwidthManagementRef
BetaBandwidthManagementRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
BfdSettings
BetaFields
| Field Name | Description |
|---|---|
multiplier - Int!
|
Number of missed BFD packets before considering the session down. |
receiveInterval - Int!
|
Time interval (in milliseconds) in which this peer expects to receive BFD packets. |
transmitInterval - Int!
|
Time interval (in milliseconds) between BFD packets sent by this peer. |
Example
{"multiplier": 987, "receiveInterval": 987, "transmitInterval": 987}
BfdSettingsInput
BetaFields
| Input Field | Description |
|---|---|
multiplier - Int!
|
Number of missed BFD packets before considering the session down. Default |
receiveInterval - Int!
|
Time interval (in milliseconds) in which this peer expects to receive BFD packets. Default |
transmitInterval - Int!
|
Time interval (in milliseconds) between BFD packets sent by this peer. Default |
Example
{"multiplier": 123, "receiveInterval": 987, "transmitInterval": 123}
BgpCommunity
BetaBgpCommunityFilterPredicate
BetaValues
| Enum Value | Description |
|---|---|
|
|
Matches exactly the specified community value. |
|
|
Matches any community value except the specified one. |
Example
"EQUAL"
BgpCommunityFilterRule
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values to match. |
id - ID!
|
Unique identifier of the community filter rule. |
predicate - BgpCommunityFilterPredicate!
|
Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL). |
Example
{
"community": [BgpCommunity],
"id": 4,
"predicate": "EQUAL"
}
BgpCommunityFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
community - [BgpCommunityInput!]!
|
Community values to match. Default |
predicate - BgpCommunityFilterPredicate
|
Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL). |
Example
{"community": [BgpCommunityInput], "predicate": "EQUAL"}
BgpCommunityInput
BetaBgpDefaultAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
Default action to accept all unmatched routes. |
|
|
Default action to drop all unmatched routes. |
Example
"ACCEPT"
BgpDetailedStatus
BetaFields
| Field Name | Description |
|---|---|
bfdSession - String
|
Status of the BFD session (if applicable). |
bgpSession - String!
|
Status of the BGP session (e.g., established, down). |
rejectedRoutesFromPeer - [BgpRejectedRoutesFromPeer!]!
|
Routes rejected from the peer. |
remoteIp - IPAddress!
|
IP address of the remote BGP peer. |
routesFromPeer - [String!]!
|
Routes received from the peer. |
routesToPeer - [String!]!
|
Routes sent to the peer. |
Example
{
"bfdSession": "xyz789",
"bgpSession": "xyz789",
"rejectedRoutesFromPeer": [BgpRejectedRoutesFromPeer],
"remoteIp": IPAddress,
"routesFromPeer": ["abc123"],
"routesToPeer": ["abc123"]
}
BgpFilterRule
BetaFields
| Field Name | Description |
|---|---|
bgpRouteExactAndInclusiveFilterRule - BgpRouteExactAndInclusiveFilterRule
|
Exact and inclusive filter rule. Please choose only one filter rule type. |
bgpRouteExactFilterRule - BgpRouteExactFilterRule
|
Exact route filter rule. Please choose only one filter rule type. |
communityFilterRule - BgpCommunityFilterRule
|
Community filter rule. Please choose only one filter rule type. |
Example
{
"bgpRouteExactAndInclusiveFilterRule": BgpRouteExactAndInclusiveFilterRule,
"bgpRouteExactFilterRule": BgpRouteExactFilterRule,
"communityFilterRule": BgpCommunityFilterRule
}
BgpFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
bgpRouteExactAndInclusiveFilterRule - BgpRouteExactAndInclusiveFilterRuleInput
|
Input for exact and inclusive filter rule. |
bgpRouteExactFilterRule - BgpRouteExactFilterRuleInput
|
Input for exact route filter rule. |
communityFilterRule - BgpCommunityFilterRuleInput
|
Input for community filter rule. |
Example
{
"bgpRouteExactAndInclusiveFilterRule": BgpRouteExactAndInclusiveFilterRuleInput,
"bgpRouteExactFilterRule": BgpRouteExactFilterRuleInput,
"communityFilterRule": BgpCommunityFilterRuleInput
}
BgpPeer
BetaFields
| Field Name | Description |
|---|---|
advertiseAllRoutes - Boolean!
|
Indicates if all routes are advertised. |
advertiseDefaultRoute - Boolean!
|
Indicates if the default route is advertised. |
advertiseSummaryRoutes - Boolean!
|
Indicates if summarized routes are advertised. |
bfdEnabled - Boolean!
|
Indicates if BFD is enabled for failure detection. |
bfdSettings - BfdSettings
|
BFD configuration. |
catoAsn - Asn16!
|
AS number of Cato's BGP endpoint. |
catoIp - IPAddress!
|
IP address of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction!
|
Default action for routes not matching filters (ACCEPT or DROP). |
defaultActionExclusion - [BgpFilterRule!]!
|
Rules excluded from the default action. |
holdTime - Int!
|
Time before declaring the peer unreachable. |
id - ID!
|
Unique identifier for the BGP peer. |
keepaliveInterval - Int!
|
Interval between keepalive messages. |
md5AuthKey - String
|
MD5 authentication key for secure sessions. |
metric - Int!
|
Metric for route preferences. |
name - String!
|
Name of the BGP configuration entity. |
peerAsn - Asn32!
|
AS number of the peer BGP endpoint. |
peerIp - IPAddress!
|
IP address of the peer BGP endpoint. |
performNat - Boolean!
|
Indicates if NAT is performed on routes. |
site - SiteRef!
|
Site associated with this BGP peer. |
summaryRoute - [BgpSummaryRoute!]!
|
Summarized routes advertised to the peer. |
tracking - BgpTracking
|
Tracking configuration for health and availability. |
Example
{
"advertiseAllRoutes": true,
"advertiseDefaultRoute": true,
"advertiseSummaryRoutes": false,
"bfdEnabled": false,
"bfdSettings": BfdSettings,
"catoAsn": Asn16,
"catoIp": IPAddress,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRule],
"holdTime": 123,
"id": 4,
"keepaliveInterval": 123,
"md5AuthKey": "abc123",
"metric": 987,
"name": "xyz789",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": true,
"site": SiteRef,
"summaryRoute": [BgpSummaryRoute],
"tracking": BgpTracking
}
BgpPeerListInput
BetaFields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
Identifies the site whose BGP peers are listed. |
Example
{"site": SiteRefInput}
BgpPeerListPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - [BgpPeer!]!
|
BGP peers associated with the site. |
total - Int!
|
Total number of BGP peers found. |
Example
{"bgpPeer": [BgpPeer], "total": 123}
BgpPeerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Specifies the method of identification (default is by ID). Default |
input - String!
|
Value used to identify the BGP peer (e.g., ID or name). |
Example
{"by": "ID", "input": "xyz789"}
BgpRejectedRoutesFromPeer
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values associated with the rejected route. |
lastPublishAttempt - DateTime
|
Timestamp of the last attempt to publish the rejected route. |
rule - String
|
Filter rule that caused the rejection. |
subnet - NetworkSubnet
|
Subnet of the rejected route. |
type - String
|
Reason for rejecting the route. |
Example
{
"community": [BgpCommunity],
"lastPublishAttempt": "2007-12-03T10:15:30Z",
"rule": "abc123",
"subnet": NetworkSubnet,
"type": "xyz789"
}
BgpRouteExactAndInclusiveFilterRule
BetaFields
| Field Name | Description |
|---|---|
ge - Int
|
Minimum prefix length for the filter rule. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges to include. |
globalIpRangeException - [GlobalIpRangeRef!]!
|
Global IP ranges to exclude. |
id - ID!
|
Unique identifier of the filter rule. |
le - Int
|
Maximum prefix length for the filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. |
networkSubnetException - [NetworkSubnet!]!
|
Network subnets to exclude. |
Example
{
"ge": 123,
"globalIpRange": [GlobalIpRangeRef],
"globalIpRangeException": [GlobalIpRangeRef],
"id": 4,
"le": 123,
"networkSubnet": [NetworkSubnet],
"networkSubnetException": [NetworkSubnet]
}
BgpRouteExactAndInclusiveFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
ge - Int
|
Minimum prefix length for the filter rule. |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges to include. Default |
globalIpRangeException - [GlobalIpRangeRefInput!]!
|
Global IP ranges to exclude. Default |
le - Int
|
Maximum prefix length for the filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. Default |
networkSubnetException - [NetworkSubnet!]!
|
Network subnets to exclude. Default |
Example
{
"ge": 987,
"globalIpRange": [GlobalIpRangeRefInput],
"globalIpRangeException": [GlobalIpRangeRefInput],
"le": 123,
"networkSubnet": [NetworkSubnet],
"networkSubnetException": [NetworkSubnet]
}
BgpRouteExactFilterRule
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges to include. |
id - ID!
|
Unique identifier of the exact filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. |
Example
{
"globalIpRange": [GlobalIpRangeRef],
"id": 4,
"networkSubnet": [NetworkSubnet]
}
BgpRouteExactFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges to include. Default |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. Default |
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"networkSubnet": [NetworkSubnet]
}
BgpState
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Active"
BgpSummaryRoute
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values associated with the route. |
id - ID!
|
Unique identifier of the summarized route. |
route - NetworkSubnet!
|
Subnet of the summarized route. |
Example
{
"community": [BgpCommunity],
"id": 4,
"route": NetworkSubnet
}
BgpSummaryRouteInput
BetaFields
| Input Field | Description |
|---|---|
community - [BgpCommunityInput!]!
|
Community values to associate with the summarized route. Default |
route - NetworkSubnet!
|
Subnet of the summarized route to be advertised. |
Example
{
"community": [BgpCommunityInput],
"route": NetworkSubnet
}
BgpTracking
BetaFields
| Field Name | Description |
|---|---|
alertFrequency - PolicyRuleTrackingFrequencyEnum!
|
Frequency of health alerts. |
enabled - Boolean!
|
Indicates if tracking is enabled. |
id - ID!
|
Unique identifier for the tracking rule. |
subscriptionId - ID
|
Subscription ID associated with the rule. |
Example
{"alertFrequency": "DAILY", "enabled": true, "id": 4, "subscriptionId": 4}
BgpTrackingInput
BetaFields
| Input Field | Description |
|---|---|
alertFrequency - PolicyRuleTrackingFrequencyEnum!
|
Frequency of health alerts. Default |
enabled - Boolean!
|
Indicates if tracking is enabled. Default |
subscriptionId - ID!
|
Subscription ID associated with this tracking rule. |
Example
{
"alertFrequency": "DAILY",
"enabled": true,
"subscriptionId": "4"
}
Boolean
Description
The Boolean scalar type represents true or false.
Example
true
BooleanFilterInput
BetaBooleanPredicate
BetaFields
| Input Field | Description |
|---|---|
is - String!
|
Example
{"is": "abc123"}
CasbLicense
BetaDescription
Cloud Access Security Broker (CASB) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
CatalogApplication
BetaFields
| Field Name | Description |
|---|---|
activity - [CatalogApplicationActivity!]!
|
|
aiSecurity - AiSecurityAttributes
|
|
capability - [CatalogApplicationCapability!]!
|
|
category - [ApplicationCategoryRef!]!
|
|
city - String
|
|
complianceAttributes - CatalogApplicationComplianceAttributes!
|
|
description - String
|
|
descriptionSummary - String
|
|
id - ID!
|
|
ipoStatus - String
|
|
name - String!
|
|
numOfEmployees - EmployeeRange
|
|
originCountry - CountryRef
|
|
recentlyAdded - Boolean!
|
|
region - String
|
|
risk - ApplicationRisk
|
|
sanctioned - Boolean!
|
|
securityAttributes - CatalogApplicationSecurityAttributes!
|
|
standardPorts - [CustomService!]!
|
|
tenantActivity - [CatalogApplicationActivity!]!
|
|
type - CatalogApplicationType!
|
|
website - Url
|
Example
{
"activity": [CatalogApplicationActivity],
"aiSecurity": AiSecurityAttributes,
"capability": ["AI_SECURITY_API_INTEGRATION"],
"category": [ApplicationCategoryRef],
"city": "xyz789",
"complianceAttributes": CatalogApplicationComplianceAttributes,
"description": "xyz789",
"descriptionSummary": "abc123",
"id": "4",
"ipoStatus": "xyz789",
"name": "abc123",
"numOfEmployees": "BETWEEN_00001_00010",
"originCountry": CountryRef,
"recentlyAdded": true,
"region": "xyz789",
"risk": ApplicationRisk,
"sanctioned": true,
"securityAttributes": CatalogApplicationSecurityAttributes,
"standardPorts": [CustomService],
"tenantActivity": [CatalogApplicationActivity],
"type": "APPLICATION",
"website": Url
}
CatalogApplicationActivity
BetaFields
| Field Name | Description |
|---|---|
fields - [CatalogApplicationActivityField!]!
|
|
id - ID!
|
|
name - String!
|
Example
{
"fields": [CatalogApplicationActivityField],
"id": "4",
"name": "abc123"
}
CatalogApplicationActivityField
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
possibleOperators - [CatalogApplicationActivityFieldOperator!]!
|
|
possibleValues - [String!]!
|
Example
{
"id": 4,
"name": "abc123",
"possibleOperators": ["CONTAINS"],
"possibleValues": ["abc123"]
}
CatalogApplicationActivityFieldOperator
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONTAINS"
CatalogApplicationActivityFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [CatalogApplicationActivityRefInput!]
|
Example
{"hasAny": [CatalogApplicationActivityRefInput]}
CatalogApplicationActivityRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CatalogApplicationAttribute
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"SUPPORTED"
CatalogApplicationCapability
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AI_SECURITY_API_INTEGRATION"
CatalogApplicationCapabilityFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [CatalogApplicationCapability!]
|
Example
{"hasAny": ["AI_SECURITY_API_INTEGRATION"]}
CatalogApplicationCategoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [ApplicationCategoryRefInput!]
|
Example
{"hasAny": [ApplicationCategoryRefInput]}
CatalogApplicationCategorySortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
CatalogApplicationComplianceAttributes
BetaFields
| Field Name | Description |
|---|---|
hippa - CatalogApplicationAttribute!
|
|
isae3402 - CatalogApplicationAttribute!
|
|
iso27001 - CatalogApplicationAttribute!
|
|
pciDss - CatalogApplicationAttribute!
|
|
soc1 - CatalogApplicationAttribute!
|
|
soc2 - CatalogApplicationAttribute!
|
|
soc3 - CatalogApplicationAttribute!
|
|
sox - CatalogApplicationAttribute!
|
Example
{
"hippa": "SUPPORTED",
"isae3402": "SUPPORTED",
"iso27001": "SUPPORTED",
"pciDss": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"sox": "SUPPORTED"
}
CatalogApplicationContentType
BetaCatalogApplicationContentTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"id": [IdFilterInput],
"name": [StringFilterInput]
}
CatalogApplicationContentTypeGroup
BetaFields
| Field Name | Description |
|---|---|
contentType - [CatalogApplicationContentType!]!
|
|
id - ID!
|
|
name - String!
|
Example
{
"contentType": [CatalogApplicationContentType],
"id": "4",
"name": "abc123"
}
CatalogApplicationContentTypeGroupFilterInput
BetaFields
| Input Field | Description |
|---|---|
contentType - [CatalogApplicationContentTypeFilterInput!]
|
|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"contentType": [
CatalogApplicationContentTypeFilterInput
],
"id": [IdFilterInput],
"name": [StringFilterInput]
}
CatalogApplicationContentTypeGroupListInput
BetaFields
| Input Field | Description |
|---|---|
filter - [CatalogApplicationContentTypeGroupFilterInput!]
|
|
paging - PagingInput
|
|
sort - CatalogApplicationContentTypeGroupSortInput
|
Example
{
"filter": [
CatalogApplicationContentTypeGroupFilterInput
],
"paging": PagingInput,
"sort": CatalogApplicationContentTypeGroupSortInput
}
CatalogApplicationContentTypeGroupListPayload
BetaFields
| Field Name | Description |
|---|---|
contentTypeGroup - [CatalogApplicationContentTypeGroup!]!
|
|
pageInfo - PageInfo!
|
Example
{
"contentTypeGroup": [
CatalogApplicationContentTypeGroup
],
"pageInfo": PageInfo
}
CatalogApplicationContentTypeGroupSortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
CatalogApplicationFilterInput
BetaFields
| Input Field | Description |
|---|---|
activity - [CatalogApplicationActivityFilterInput!]
|
|
capability - [CatalogApplicationCapabilityFilterInput!]
|
|
category - [CatalogApplicationCategoryFilterInput!]
|
|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
|
recentlyAdded - [BooleanFilterInput!]
|
|
risk - [IntFilterInput!]
|
|
tenantActivity - [BooleanFilterInput!]
|
|
type - [CatalogApplicationTypeFilterInput!]
|
Example
{
"activity": [CatalogApplicationActivityFilterInput],
"capability": [CatalogApplicationCapabilityFilterInput],
"category": [CatalogApplicationCategoryFilterInput],
"id": [IdFilterInput],
"name": [StringFilterInput],
"recentlyAdded": [BooleanFilterInput],
"risk": [IntFilterInput],
"tenantActivity": [BooleanFilterInput],
"type": [CatalogApplicationTypeFilterInput]
}
CatalogApplicationListInput
BetaFields
| Input Field | Description |
|---|---|
filter - [CatalogApplicationFilterInput!]
|
|
paging - PagingInput
|
|
sort - CatalogApplicationSortInput
|
Example
{
"filter": [CatalogApplicationFilterInput],
"paging": PagingInput,
"sort": CatalogApplicationSortInput
}
CatalogApplicationListPayload
BetaFields
| Field Name | Description |
|---|---|
application - [CatalogApplication!]!
|
|
pageInfo - PageInfo!
|
Example
{
"application": [CatalogApplication],
"pageInfo": PageInfo
}
CatalogApplicationSecurityAttributes
BetaFields
| Field Name | Description |
|---|---|
auditTrail - CatalogApplicationAttribute!
|
|
encryptionAtRest - CatalogApplicationAttribute!
|
|
httpSecurityHeaders - CatalogApplicationAttribute!
|
|
mfa - CatalogApplicationAttribute!
|
|
rbac - CatalogApplicationAttribute!
|
|
rememberPassword - CatalogApplicationAttribute!
|
|
sso - CatalogApplicationAttribute!
|
|
tlsEnforcement - CatalogApplicationAttribute!
|
|
trustedCertificate - CatalogApplicationAttribute!
|
Example
{
"auditTrail": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED",
"mfa": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"trustedCertificate": "SUPPORTED"
}
CatalogApplicationSortInput
BetaFields
| Input Field | Description |
|---|---|
category - CatalogApplicationCategorySortInput
|
|
description - SortOrderInput
|
|
name - SortOrderInput
|
|
risk - SortOrderInput
|
|
type - SortOrderInput
|
Example
{
"category": CatalogApplicationCategorySortInput,
"description": SortOrderInput,
"name": SortOrderInput,
"risk": SortOrderInput,
"type": SortOrderInput
}
CatalogApplicationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"APPLICATION"
CatalogApplicationTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - CatalogApplicationType
|
|
in - [CatalogApplicationType!]
|
|
neq - CatalogApplicationType
|
|
nin - [CatalogApplicationType!]
|
Example
{
"eq": "APPLICATION",
"in": ["APPLICATION"],
"neq": "APPLICATION",
"nin": ["APPLICATION"]
}
CatoActivity
Description
CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.
Example
{"id": 4, "parentResourceId": 4, "resourceId": 4}
CatoEndpoint
BetaDescription
The CatoEndpoint object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.
Fields
| Field Name | Description |
|---|---|
alerts - [CatoEndpointAlert!]!
|
Details for the threat detected by the EPP |
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
enum for the connection for this incident (ie. host, user) |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
device - CatoEndpointDeviceDetails
|
Details for the EPP device (ie. device name, OS, MAC address) |
engineType - StoryEngineTypeEnum
|
enum that shows XDR engine involved with the incident |
entities - [IncidentEntity!]!
|
|
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
id - ID!
|
ID for the Endpoint Protection story |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
enum for the Producer (specific XDR engine or service) involved with the incident |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
queryName - String
|
|
research - Boolean
|
TRUE indicates that the story is currently being researched by Security Analysts |
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
Cato ID and name for the site |
siteName - String
|
Site name related to the story |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
sourceIp - String
|
Source IP address of the device in your network sending or receiving the flow |
status - StoryStatusEnum
|
Enum for the status of this story (ie. Open, Closed, Monitoring) |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
tags - [String!]!
|
|
ticket - String
|
The ticket for this story |
user - UserRef
|
Cato ID and name for the site |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
Example
{
"alerts": [CatoEndpointAlert],
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 987,
"description": "xyz789",
"device": CatoEndpointDeviceDetails,
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"firstSignal": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"queryName": "xyz789",
"research": false,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "xyz789",
"sourceIp": "xyz789",
"status": "Closed",
"storyDuration": 987,
"tags": ["xyz789"],
"ticket": "xyz789",
"user": UserRef,
"vendor": "CATO"
}
CatoEndpointAlert
Description
The CatoEndpointAlert object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.
Fields
| Field Name | Description |
|---|---|
activities - [CatoActivity!]!
|
Unique Cato IDs for the activities related to the alert |
createdDateTime - DateTime
|
Timestamp that the threat was detected and the alert generated |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
endpointProtectionProfile - String
|
EPP profile that is assigned to this device |
engineType - CatoEndpointEngineType
|
Enum for the EPP engine related to this story |
externalIp - String
|
|
id - ID!
|
Unique Cato ID for the Endpoint Protection story |
localIp - String
|
|
mitreSubTechnique - [Mitre!]!
|
MITRE ATT&CK® sub-technique for the threat |
mitreTechnique - [Mitre!]!
|
MITRE ATT&CK® technique for the threat |
resources - [CatoResource!]!
|
Data for the remediation status of the alert |
status - RemediationStatusEnum
|
Enum for the remediation status of the EPP alert |
threatName - String
|
Name of threat detected on the device |
title - String
|
Title of the endpoint alert |
Example
{
"activities": [CatoActivity],
"createdDateTime": "2007-12-03T10:15:30Z",
"criticality": 123,
"description": "xyz789",
"endpointProtectionProfile": "xyz789",
"engineType": "AntiMalware",
"externalIp": "xyz789",
"id": "4",
"localIp": "abc123",
"mitreSubTechnique": [Mitre],
"mitreTechnique": [Mitre],
"resources": [CatoResource],
"status": "BLOCKED",
"threatName": "xyz789",
"title": "abc123"
}
CatoEndpointDeviceDetails
Description
The CatoEndpointDeviceDetails object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.
Fields
| Field Name | Description |
|---|---|
deviceName - String
|
Name of the device |
externalIp - String
|
|
id - ID!
|
Unique Cato ID for this story |
localIp - String
|
|
loggedOnUsers - [EndpointUser!]!
|
Data for one or more users logged in to the device |
macAddress - String
|
MAC address of the device |
osDetails - OsDetails
|
OS data (ie. type, build, version) |
Example
{
"deviceName": "abc123",
"externalIp": "abc123",
"id": "4",
"localIp": "abc123",
"loggedOnUsers": [EndpointUser],
"macAddress": "abc123",
"osDetails": OsDetails
}
CatoEndpointEngineType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"AntiMalware"
CatoEndpointUser
Description
The CatoEndpointUser is a GraphQL object type representing a user, with fields for a unique identifier (id) and a username (name), both of which are required.
Example
{"id": 4, "name": "xyz789"}
CatoFileResource
Description
The CatoFileResource is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
Timestamp that the this file resource was used |
detectionStatus - DetectionStatusEnum
|
Enum for the detection status of this file resource |
fileDetails - FileDetails
|
Details of the file related to this resource |
id - ID!
|
Unique Cato ID for this file resource |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this file resource |
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"detectionStatus": "BLOCKED",
"fileDetails": FileDetails,
"id": "4",
"remediationStatus": "BLOCKED"
}
CatoProcessResource
Description
The CatoProcessResource is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
Timestamp that the this resource was used |
id - ID!
|
Unique Cato ID for this resource |
imageFile - FileDetails
|
Details of the file related to this process |
processCommandLine - String
|
CLI command related to this process |
processId - Int!
|
ID for the process |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this resource |
userAccount - EndpointUser
|
User account related to this process |
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"id": 4,
"imageFile": FileDetails,
"processCommandLine": "xyz789",
"processId": 123,
"remediationStatus": "BLOCKED",
"userAccount": EndpointUser
}
CatoResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for this EPP resource |
createdDateTime - DateTime
|
Timestamp that the this resource was used |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this resource |
Possible Types
| CatoResource Types |
|---|
Example
{
"id": 4,
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED"
}
CellularDisconnectionReason
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"REASON_NONE"
CellularInterface
Fields
| Field Name | Description |
|---|---|
apn - String
|
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch. |
apnSelectionMethod - ApnMethod
|
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI). |
disconnectionReason - CellularDisconnectionReason
|
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out). |
iccid - String
|
Unique identifier (20-digit number) for the modem. |
imei - String
|
Unique identifier (15-digit number) for a specific SIM. |
isModemConnected - Boolean!
|
Indicates if the cellular modem is currently connected to the internet. |
isModemSuspended - Boolean!
|
Indicates if the modem is currently suspended. |
isRoamingAllowed - Boolean!
|
Indicates whether roaming is enabled. |
isSimSlot1Detected - Boolean!
|
Indicates whether a SIM is detected in the first slot. |
isSimSlot2Detected - Boolean!
|
Indicates whether a SIM is detected in the second slot. |
modemStatus - CellularModemStatus
|
Represents the current status of the modem. Valid values are Error, OK, or Unknown. |
networkType - CellularNetworkType
|
2G, 3G, or 4G |
operatorName - String
|
Displays the operator or carrier name, such as Verizon. |
signalStrength - String
|
Represents the signal strength of the cellular connection, in units of calculation. |
simNumber - String
|
The phone number associated with the SIM. |
simSlotId - Int
|
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default. |
Example
{
"apn": "xyz789",
"apnSelectionMethod": "METHOD_AUTO",
"disconnectionReason": "REASON_NONE",
"iccid": "abc123",
"imei": "abc123",
"isModemConnected": false,
"isModemSuspended": false,
"isRoamingAllowed": true,
"isSimSlot1Detected": true,
"isSimSlot2Detected": false,
"modemStatus": "STATUS_ERROR",
"networkType": "TYPE_2G",
"operatorName": "xyz789",
"signalStrength": "abc123",
"simNumber": "abc123",
"simSlotId": 987
}
CellularModemStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"STATUS_ERROR"
CellularNetworkType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"TYPE_2G"
ClientConnectivityActionEnum
BetaDescription
The action applied by the client connectivity if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
Allow WAN and Internet |
|
|
Allow Internet |
|
|
Block |
Example
"ALLOW"
ClientConnectivityAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - ClientConnectivityActionEnum!
|
The action applied by the client connectivity if the rule is matched Default |
confidenceLevel - ClientConnectivityConfidenceLevelEnum!
|
User confidence level Default |
connectionOrigin - [ClientConnectivityOriginEnum!]!
|
Connection origin matching criteria. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. Default |
country - [CountryRefInput!]!
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
description - String!
|
|
device - [DeviceProfileRefInput!]!
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - ClientConnectivitySourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
sourceRange - [ClientConnectivitySourceRangeInput!]!
|
Public ISP IP Range matching criteria. Default |
Example
{
"action": "ALLOW",
"confidenceLevel": "ANY",
"connectionOrigin": ["ANY"],
"country": [CountryRefInput],
"description": "xyz789",
"device": [DeviceProfileRefInput],
"enabled": true,
"name": "xyz789",
"platform": ["ANDROID"],
"source": ClientConnectivitySourceInput,
"sourceRange": [ClientConnectivitySourceRangeInput]
}
ClientConnectivityAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - ClientConnectivityAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": ClientConnectivityAddRuleDataInput
}
ClientConnectivityConfidenceLevelEnum
BetaDescription
Describe how reliable the user's authentication is
Values
| Enum Value | Description |
|---|---|
|
|
The user has authenticated the Client and the Cato token is either valid or expired |
|
|
High Confidence - User authenticated and the token is valid |
|
|
Low Confidence - User authenticated, but the token has expired |
Example
"ANY"
ClientConnectivityOriginEnum
BetaDescription
Defines Origin of the connection
Values
| Enum Value | Description |
|---|---|
|
|
Any connection origin |
|
|
User is connecting from the client |
|
|
User is connecting from the browser extension |
Example
"ANY"
ClientConnectivityPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [ClientConnectivityRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [ClientConnectivityRulePayload],
"sections": [PolicySectionPayload]
}
ClientConnectivityPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
ClientConnectivityPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
ClientConnectivityPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - ClientConnectivityPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": ClientConnectivityPolicy,
"status": "FAILURE"
}
ClientConnectivityPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
ClientConnectivityRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
ClientConnectivityRule
BetaFields
| Field Name | Description |
|---|---|
action - ClientConnectivityActionEnum!
|
The action applied by the client connectivity if the rule is matched |
confidenceLevel - ClientConnectivityConfidenceLevelEnum!
|
User confidence level |
connectionOrigin - [ClientConnectivityOriginEnum!]!
|
Connection origin matching criteria. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
country - [CountryRef!]!
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String!
|
Description for the rule |
device - [DeviceProfileRef!]!
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - ClientConnectivitySource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
sourceRange - [ClientConnectivitySourceRange!]!
|
Public ISP IP Range matching criteria. |
Example
{
"action": "ALLOW",
"confidenceLevel": "ANY",
"connectionOrigin": ["ANY"],
"country": [CountryRef],
"description": "abc123",
"device": [DeviceProfileRef],
"enabled": true,
"id": "4",
"index": 987,
"name": "abc123",
"platform": ["ANDROID"],
"section": PolicySectionInfo,
"source": ClientConnectivitySource,
"sourceRange": [ClientConnectivitySourceRange]
}
ClientConnectivityRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - ClientConnectivityRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": ClientConnectivityRulePayload,
"status": "FAILURE"
}
ClientConnectivityRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - ClientConnectivityRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": ClientConnectivityRule
}
ClientConnectivitySource
BetaDescription
Users or user groups that the policy will apply on
Fields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
ClientConnectivitySourceInput
BetaDescription
Users or user groups that the policy will apply on
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ClientConnectivitySourceRange
BetaDescription
Public ISP IP Range for source matching
Fields
| Field Name | Description |
|---|---|
globalIpRange - GlobalIpRangeRef!
|
Globally defined IP range |
Example
{"globalIpRange": GlobalIpRangeRef}
ClientConnectivitySourceRangeInput
BetaDescription
Public ISP IP Range for source matching
Fields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput!
|
Globally defined IP range |
Example
{"globalIpRange": GlobalIpRangeRefInput}
ClientConnectivitySourceUpdateInput
BetaDescription
Users or user groups that the policy will apply on
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ClientConnectivityUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - ClientConnectivityActionEnum
|
The action applied by the client connectivity if the rule is matched |
confidenceLevel - ClientConnectivityConfidenceLevelEnum
|
User confidence level |
connectionOrigin - [ClientConnectivityOriginEnum!]
|
Connection origin matching criteria. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
country - [CountryRefInput!]
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String
|
|
device - [DeviceProfileRefInput!]
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - ClientConnectivitySourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
sourceRange - [ClientConnectivitySourceRangeInput!]
|
Public ISP IP Range matching criteria. |
Example
{
"action": "ALLOW",
"confidenceLevel": "ANY",
"connectionOrigin": ["ANY"],
"country": [CountryRefInput],
"description": "xyz789",
"device": [DeviceProfileRefInput],
"enabled": true,
"name": "xyz789",
"platform": ["ANDROID"],
"source": ClientConnectivitySourceUpdateInput,
"sourceRange": [ClientConnectivitySourceRangeInput]
}
ClientConnectivityUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - ClientConnectivityUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": ClientConnectivityUpdateRuleDataInput
}
CloudApplicationRef
BetaCloudInterconnectConnectionConnectivity
BetaDescription
Connectivity status of a cloud interconnect connection.
Fields
| Field Name | Description |
|---|---|
success - Boolean!
|
Indicates if the connection is successful. |
Example
{"success": false}
CloudInterconnectConnectionConnectivityInput
BetaDescription
Input for checking the connectivity status of a cloud interconnect connection.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": "4"}
CloudInterconnectPhysicalConnection
BetaDescription
Details of a physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
cVlan - Vlan
|
C-VLAN applicable only for QINQ connections. |
downstreamBwLimit - NetworkBandwidth!
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod!
|
Method of encapsulation. |
haRole - HaRole!
|
High availability role of the connection. Either Primary or Secondary. |
id - ID!
|
ID of the connection. |
popLocation - PopLocationRef!
|
Identifying data for the POP location. |
privateCatoIp - IPAddress!
|
Private IP address of Cato, used for BGP routing. |
privateSiteIp - IPAddress!
|
Private IP address of the site, used for BGP routing. |
serviceProviderName - String!
|
Name of the service provider. |
site - SiteRef!
|
Identifying data for the site. |
subnet - NetworkSubnet!
|
Subnet for the connection. |
sVlan - Vlan
|
S-VLAN applicable only for QINQ connections. |
upstreamBwLimit - NetworkBandwidth!
|
Upstream bandwidth limit. |
vlan - Vlan
|
VLAN applicable only for DOT1Q connections. |
Example
{
"cVlan": Vlan,
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"haRole": "PRIMARY",
"id": 4,
"popLocation": PopLocationRef,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"serviceProviderName": "abc123",
"site": SiteRef,
"subnet": NetworkSubnet,
"sVlan": Vlan,
"upstreamBwLimit": NetworkBandwidth,
"vlan": Vlan
}
CloudInterconnectPhysicalConnectionId
BetaDescription
ID of a physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": 4}
CloudInterconnectPhysicalConnectionIdInput
BetaDescription
Input for getting the ID of a physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
haRole - HaRole!
|
High availability role of the connection. |
site - SiteRefInput!
|
Identifying data for the site. |
Example
{"haRole": "PRIMARY", "site": SiteRefInput}
CloudInterconnectPhysicalConnectionInput
BetaDescription
Input for getting details of a physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": "4"}
ConnectionMode
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BIDIRECTIONAL"
ConnectionOriginEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ANY"
ConnectionTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Host"
ConnectivityStatus
Values
| Enum Value | Description |
|---|---|
|
|
Connected to the Cato Cloud |
|
|
Disconnected from the Cato Cloud |
Example
"connected"
ContactDetails
BetaContactDetailsInput
BetaContainer
BetaDescription
A group with members of a single type of entity (for example: IPAddress, FQDN)
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
description - String
|
Description for the container |
size - Int!
|
Number of items in the container |
audit - ContainerAudit!
|
Audit metadata about the container |
syncData - ContainerSyncData
|
Information about automatic synchronization of the container |
syncDataAudit - ContainerSyncDataAudit
|
Audit information about the last synchronization of the container |
Possible Types
| Container Types |
|---|
Example
{
"id": "4",
"name": "xyz789",
"description": "xyz789",
"size": 987,
"audit": ContainerAudit,
"syncData": ContainerSyncData,
"syncDataAudit": ContainerSyncDataAudit
}
ContainerAudit
BetaDescription
Audit metadata about the container
Example
{
"createdAt": "2007-12-03T10:15:30Z",
"createdBy": "xyz789",
"lastModifiedAt": "2007-12-03T10:15:30Z",
"lastModifiedBy": "abc123"
}
ContainerFileType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"CSV"
ContainerRef
BetaContainerRefInput
BetaDescription
Add a container by ID or name
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "xyz789"}
ContainerSearchInput
BetaDescription
Filtering input to container search
Fields
| Input Field | Description |
|---|---|
refs - [ContainerRefInput!]!
|
Allows filtering container search by container ID or container name Default |
types - [ContainerType!]!
|
Allows filtering container search by specific container types Default |
Example
{"refs": [ContainerRefInput], "types": ["FQDN"]}
ContainerSearchPayload
BetaDescription
Container search result, including all containers that matched input criteria
Fields
| Field Name | Description |
|---|---|
containers - [Container!]!
|
A list of matched containers |
Example
{"containers": [Container]}
ContainerSyncData
BetaDescription
Information about automatic synchronization of the container
Fields
| Field Name | Description |
|---|---|
fileType - ContainerFileType
|
File type that is synchronized |
notifications - ContainerSyncDataNotification!
|
Notifications for sync data |
timeInterval - Int!
|
Interval of time between synchronizations |
timeUnit - ContainerSyncDataTimeUnit!
|
Unit of time for the interval |
url - Url!
|
URL from which the container is synchronized |
Example
{
"fileType": "CSV",
"notifications": ContainerSyncDataNotification,
"timeInterval": 987,
"timeUnit": "DAY",
"url": Url
}
ContainerSyncDataAudit
BetaDescription
Audit information about the last synchronization of the container
Example
{
"errorMsg": "abc123",
"lastSyncAttempt": "2007-12-03T10:15:30Z",
"lastSynced": "2007-12-03T10:15:30Z"
}
ContainerSyncDataNotification
BetaFields
| Field Name | Description |
|---|---|
mailingList - [SubscriptionMailingListRef!]!
|
|
subscriptionGroup - [SubscriptionGroupRef!]!
|
|
webhook - [SubscriptionWebhookRef!]!
|
Example
{
"mailingList": [SubscriptionMailingListRef],
"subscriptionGroup": [SubscriptionGroupRef],
"webhook": [SubscriptionWebhookRef]
}
ContainerSyncDataTimeUnit
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DAY"
ContainerType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FQDN"
CountryRef
BetaCountryRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - CountryRefInput
|
|
in - [CountryRefInput!]
|
|
neq - CountryRefInput
|
|
nin - [CountryRefInput!]
|
Example
{
"eq": CountryRefInput,
"in": [CountryRefInput],
"neq": CountryRefInput,
"nin": [CountryRefInput]
}
CountryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CreateContainerSyncDataInput
BetaDescription
Create synchronization data for a container
Fields
| Input Field | Description |
|---|---|
notifications - CreateContainerSyncDataNotificationInput!
|
|
timeInterval - Int!
|
|
timeUnit - ContainerSyncDataTimeUnit!
|
|
url - Url!
|
Example
{
"notifications": CreateContainerSyncDataNotificationInput,
"timeInterval": 987,
"timeUnit": "DAY",
"url": Url
}
CreateContainerSyncDataNotificationInput
BetaFields
| Input Field | Description |
|---|---|
mailingList - [SubscriptionMailingListRefInput!]!
|
|
subscriptionGroup - [SubscriptionGroupRefInput!]!
|
|
webhook - [SubscriptionWebhookRefInput!]!
|
Example
{
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
CreateFqdnContainerFromFileInput
BetaDescription
Input for creating FQDN typed container from file
Fields
| Input Field | Description |
|---|---|
description - String!
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
name - String!
|
Name for the container |
uploadFile - Upload
|
Multipart file containing FQDNs with fileType delimiter |
Example
{
"description": "xyz789",
"fileType": "CSV",
"name": "xyz789",
"uploadFile": Upload
}
CreateFqdnContainerFromFilePayload
BetaDescription
Payload of CreateFromFile operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
CreateFqdnContainerFromListInput
BetaCreateFqdnContainerFromListPayload
BetaDescription
Payload of CreateFromList operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
CreateFqdnContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
fileType - ContainerFileType!
|
|
name - String!
|
|
syncData - CreateContainerSyncDataInput!
|
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "abc123",
"syncData": CreateContainerSyncDataInput
}
CreateFqdnContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Example
{"container": FqdnContainer}
CreateGroupInput
BetaDescription
Create a new group
Fields
| Input Field | Description |
|---|---|
description - String
|
Optional description for the group |
members - [GroupMemberRefTypedInput!]
|
Initial list of members for the new group. There is a maximum of 500 members per createGroup mutation |
name - String!
|
The name of the new group |
Example
{
"description": "abc123",
"members": [GroupMemberRefTypedInput],
"name": "abc123"
}
CreateGroupPayload
BetaDescription
The created group object.
Fields
| Field Name | Description |
|---|---|
group - Group!
|
Example
{"group": Group}
CreateIpAddressRangeContainerFromFileInput
BetaDescription
Input for creating IPAddressRange typed container from file
Fields
| Input Field | Description |
|---|---|
description - String!
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
name - String!
|
Name for the container |
uploadFile - Upload
|
Multipart file containing IPAddressRanges with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "xyz789",
"uploadFile": Upload
}
CreateIpAddressRangeContainerFromFilePayload
BetaDescription
Payload of CreateFromFile operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
CreateIpAddressRangeContainerFromListInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
name - String!
|
|
values - [IpAddressRangeInput!]!
|
Example
{
"description": "xyz789",
"name": "xyz789",
"values": [IpAddressRangeInput]
}
CreateIpAddressRangeContainerFromListPayload
BetaDescription
Payload of CreateFromList operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
CreateIpAddressRangeContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
fileType - ContainerFileType!
|
|
name - String!
|
|
syncData - CreateContainerSyncDataInput!
|
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "abc123",
"syncData": CreateContainerSyncDataInput
}
CreateIpAddressRangeContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Example
{"container": IpAddressRangeContainer}
Fields
| Input Field | Description |
|---|---|
companyName - String
|
Company name (recipient) |
contact - ContactDetailsInput
|
Delivery contact detail |
postalAddress - PostalAddressInput!
|
Postal location |
vatId - String
|
Vat id (required for Brazil) |
Example
{
"companyName": "abc123",
"contact": ContactDetailsInput,
"postalAddress": PostalAddressInput,
"vatId": "xyz789"
}
CustomApplicationRef
BetaCustomApplicationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
CustomCategoryRef
BetaCustomCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CustomService
BetaDescription
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol
Fields
| Field Name | Description |
|---|---|
port - [Port!]
|
|
portRange - PortRange
|
|
protocol - IpProtocol!
|
Example
{
"port": [41569],
"portRange": PortRange,
"protocol": "ANY"
}
CustomServiceInput
BetaDescription
Add a Custom Service defined by a combination of L4 ports and an IP Protocol
Fields
| Input Field | Description |
|---|---|
port - [Port!]
|
|
portRange - PortRangeInput
|
|
protocol - IpProtocol!
|
Example
{
"port": [41569],
"portRange": PortRangeInput,
"protocol": "ANY"
}
CustomServiceIp
BetaFields
| Field Name | Description |
|---|---|
ip - IPAddress
|
|
ipRange - IpAddressRange
|
|
name - String!
|
Example
{
"ip": IPAddress,
"ipRange": IpAddressRange,
"name": "xyz789"
}
CustomServiceIpInput
BetaFields
| Input Field | Description |
|---|---|
ip - IPAddress
|
|
ipRange - IpAddressRangeInput
|
|
name - String!
|
Example
{
"ip": IPAddress,
"ipRange": IpAddressRangeInput,
"name": "abc123"
}
DataLakeLicense
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
dpaVersion - DpaVersion!
|
The version of the Data Processing Agreement (DPA) that your company signed with Cato. |
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
retentionPeriod - Int
|
Data retention period, in months, during which the account data may remain on the Cato Cloud. After this period the data will be permanently deleted. |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Total number of the Data Storage Units under this license. Each Data Storage Unit increases the allowed ingestion rate (events per hour and total events storage) |
Example
{
"description": "xyz789",
"dpaVersion": "DPA_2019_01",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"retentionPeriod": 987,
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
DataQuery
Fields
| Field Name | Description |
|---|---|
buckets - Int
|
|
dataSource - DataSourceEnum
|
|
filters - [QueryParameter!]!
|
|
measures - [MeasuresParameters!]!
|
Example
{
"buckets": 123,
"dataSource": "AppStats",
"filters": [QueryParameter],
"measures": [MeasuresParameters]
}
DataSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AppStats"
Date
BetaDescription
2006-01-02
Example
"2007-12-03"
DateTime
Description
2006-01-02T15:04:05Z07:00 (RFC3339)
Example
"2007-12-03T10:15:30Z"
DateTimeFilterInput
BetaFields
| Input Field | Description |
|---|---|
between - [DateTime!]
|
|
eq - DateTime
|
|
gt - DateTime
|
|
gte - DateTime
|
|
in - [DateTime!]
|
|
lt - DateTime
|
|
lte - DateTime
|
|
neq - DateTime
|
|
nin - [DateTime!]
|
Example
{
"between": ["2007-12-03T10:15:30Z"],
"eq": "2007-12-03T10:15:30Z",
"gt": "2007-12-03T10:15:30Z",
"gte": "2007-12-03T10:15:30Z",
"in": ["2007-12-03T10:15:30Z"],
"lt": "2007-12-03T10:15:30Z",
"lte": "2007-12-03T10:15:30Z",
"neq": "2007-12-03T10:15:30Z",
"nin": ["2007-12-03T10:15:30Z"]
}
DateValue
Fields
| Field Name | Description |
|---|---|
date - DateTime
|
Example
{"date": "2007-12-03T10:15:30Z"}
DayOfWeek
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"FRIDAY"
DegradedDetail
Fields
| Field Name | Description |
|---|---|
args - DegradedStatusArgs
|
|
reason - DegradedStatusReason!
|
Example
{
"args": DegradedStatusSocketVersionsArgs,
"reason": "ALT_WAN_DISCONNECTED"
}
DegradedStatus
Fields
| Field Name | Description |
|---|---|
degradedDetails - [DegradedDetail!]!
|
|
isDegraded - Boolean!
|
Example
{"degradedDetails": [DegradedDetail], "isDegraded": false}
DegradedStatusArgs
Example
DegradedStatusSocketVersionsArgs
DegradedStatusBasicDataArgs
DegradedStatusLastConnectedArgs
Fields
| Field Name | Description |
|---|---|
lastConnectedDate - DateTime
|
Example
{
"lastConnectedDate": "2007-12-03T10:15:30Z"
}
DegradedStatusMultiTunnelArgs
DegradedStatusReason
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALT_WAN_DISCONNECTED"
DegradedStatusSocketArgs
DegradedStatusSocketVersionsArgs
DeleteContainerInput
BetaDescription
Identification of container for delete operation
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
DeleteContainerPayload
BetaFields
| Field Name | Description |
|---|---|
container - Container!
|
The data of the container before it was deleted |
Example
{"container": Container}
DeleteGroupPayload
BetaDescription
The deleted group object
Fields
| Field Name | Description |
|---|---|
group - Group!
|
The group that was deleted |
Example
{"group": Group}
Description
Delete report input
Fields
| Input Field | Description |
|---|---|
fileHash - String!
|
File hash (SHA-256) to be deleted |
Example
{"fileHash": "xyz789"}
Description
Delete report response
Fields
| Field Name | Description |
|---|---|
fileHash - String!
|
File hash (SHA-256) |
Example
{"fileHash": "xyz789"}
DeleteStoryCommentInput
BetaDeleteStoryCommentPayload
BetaFields
| Field Name | Description |
|---|---|
comment - StoryComment!
|
Delete an existing comment from an XDR story |
Example
{"comment": StoryComment}
DemLicense
BetaDescription
DEM service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
DestinationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FQDN"
DetectionSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANTIVIRUS"
DetectionStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"BLOCKED"
DeviceAttributeCatalogInput
BetaFields
| Input Field | Description |
|---|---|
filter - StringFilterInput
|
|
paging - PagingInput
|
|
sort - SortOrderInput
|
Example
{
"filter": StringFilterInput,
"paging": PagingInput,
"sort": SortOrderInput
}
DeviceAttributeCatalogPayload
BetaFields
| Field Name | Description |
|---|---|
items - [String!]!
|
|
pageInfo - PageInfo!
|
Example
{
"items": ["xyz789"],
"pageInfo": PageInfo
}
DeviceAttributes
BetaFields
| Field Name | Description |
|---|---|
category - [String!]!
|
The category of the firewall device. |
manufacturer - [String!]!
|
The manufacturer of the firewall device. |
model - [String!]!
|
The model of the firewall device. |
os - [String!]!
|
The operating system of the firewall device. |
osVersion - [String!]!
|
The version of the operating system of the firewall device. |
type - [String!]!
|
The type of the firewall device. |
Example
{
"category": ["xyz789"],
"manufacturer": ["abc123"],
"model": ["abc123"],
"os": ["abc123"],
"osVersion": ["abc123"],
"type": ["abc123"]
}
DeviceAttributesCatalogQueries
BetaFields
| Field Name | Description |
|---|---|
category - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
compliance - DeviceComplianceCatalogPayload!
|
|
Arguments
|
|
manufacturer - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
model - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
os - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
type - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
Example
{
"category": DeviceAttributeCatalogPayload,
"compliance": DeviceComplianceCatalogPayload,
"manufacturer": DeviceAttributeCatalogPayload,
"model": DeviceAttributeCatalogPayload,
"os": DeviceAttributeCatalogPayload,
"type": DeviceAttributeCatalogPayload
}
DeviceAttributesInput
BetaFields
| Input Field | Description |
|---|---|
category - [String!]!
|
The category of the firewall device. Default |
manufacturer - [String!]!
|
The manufacturer of the firewall device. Default |
model - [String!]!
|
The model of the firewall device. Default |
os - [String!]!
|
The operating system of the firewall device. Default |
osVersion - [String!]!
|
The version of the operating system of the firewall device. Default |
type - [String!]!
|
The type of the firewall device. Default |
Example
{
"category": ["abc123"],
"manufacturer": ["xyz789"],
"model": ["abc123"],
"os": ["abc123"],
"osVersion": ["abc123"],
"type": ["xyz789"]
}
DeviceAttributesUpdateInput
BetaFields
| Input Field | Description |
|---|---|
category - [String!]
|
The category of the firewall device. |
manufacturer - [String!]
|
The manufacturer of the firewall device. |
model - [String!]
|
The model of the firewall device. |
os - [String!]
|
The operating system of the firewall device. |
osVersion - [String!]
|
The version of the operating system of the firewall device. |
type - [String!]
|
The type of the firewall device. |
Example
{
"category": ["abc123"],
"manufacturer": ["abc123"],
"model": ["xyz789"],
"os": ["abc123"],
"osVersion": ["xyz789"],
"type": ["xyz789"]
}
DeviceAvStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"DISABLED"
DeviceComplianceCatalogInput
BetaFields
| Input Field | Description |
|---|---|
filter - DeviceComplianceFilterInput
|
|
paging - PagingInput
|
|
sort - DeviceComplianceSortInput
|
Example
{
"filter": DeviceComplianceFilterInput,
"paging": PagingInput,
"sort": DeviceComplianceSortInput
}
DeviceComplianceCatalogItem
BetaFields
| Field Name | Description |
|---|---|
applicationConnector - ApplicationConnectorCatalogEntityRef!
|
|
state - String!
|
Example
{
"applicationConnector": ApplicationConnectorCatalogEntityRef,
"state": "xyz789"
}
DeviceComplianceCatalogPayload
BetaFields
| Field Name | Description |
|---|---|
items - [DeviceComplianceCatalogItem!]!
|
|
pageInfo - PageInfo!
|
Example
{
"items": [DeviceComplianceCatalogItem],
"pageInfo": PageInfo
}
DeviceComplianceFilterInput
BetaFields
| Input Field | Description |
|---|---|
applicationConnector - ApplicationConnectorCatalogEntityRefFilterInput
|
|
state - StringFilterInput
|
Example
{
"applicationConnector": ApplicationConnectorCatalogEntityRefFilterInput,
"state": StringFilterInput
}
DeviceComplianceSortInput
BetaFields
| Input Field | Description |
|---|---|
applicationConnector - ApplicationConnectorCatalogEntityRefSortOrderInput
|
|
state - SortOrderInput
|
Example
{
"applicationConnector": ApplicationConnectorCatalogEntityRefSortOrderInput,
"state": SortOrderInput
}
DeviceConfidenceLevel
BetaValues
| Enum Value | Description |
|---|---|
|
|
Device classification is strongly validated by multiple signals |
|
|
Device classification has minimal supporting evidence |
|
|
Device classification has moderate supporting signals |
Example
"HIGH"
DeviceConfidenceLevelFilterInput
BetaDescription
Filter input for device confidence level with equality and inclusion operators
Fields
| Input Field | Description |
|---|---|
eq - DeviceConfidenceLevel
|
Equals - exact confidence level match |
in - [DeviceConfidenceLevel!]
|
In - match any of the specified confidence levels |
neq - DeviceConfidenceLevel
|
Not equals - exclude specific confidence level |
nin - [DeviceConfidenceLevel!]
|
Not in - exclude all specified confidence levels |
Example
{"eq": "HIGH", "in": ["HIGH"], "neq": "HIGH", "nin": ["HIGH"]}
DeviceConfigHaRoleEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIMARY"
DeviceConnectionProfile
BetaFields
| Field Name | Description |
|---|---|
destApps - [String!]!
|
List of applications the device communicates with |
destDomains - [String!]!
|
Domains contacted by the device |
destHosts - [String!]!
|
Destination hosts accessed by the device |
directions - [String!]!
|
Traffic direction indicators (e.g., inbound, outbound) |
Example
{
"destApps": ["xyz789"],
"destDomains": ["xyz789"],
"destHosts": ["abc123"],
"directions": ["abc123"]
}
DeviceCsvExportInput
BetaDescription
Input for CSV export with optional filtering
Fields
| Input Field | Description |
|---|---|
filter - [DeviceV2FilterInput!]
|
Filter devices by various criteria before export |
Example
{"filter": [DeviceV2FilterInput]}
DeviceDetails
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
deviceName - String
|
|
osDetails - OsDetails
|
|
loggedOnUsers - [EndpointUser!]!
|
|
externalIp - String
|
|
localIp - String
|
Possible Types
| DeviceDetails Types |
|---|
Example
{
"id": 4,
"deviceName": "abc123",
"osDetails": OsDetails,
"loggedOnUsers": [EndpointUser],
"externalIp": "xyz789",
"localIp": "abc123"
}
DeviceHaRoleStateEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BACKUP"
DeviceHealthStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
DeviceHw
BetaDeviceHwFilterInput
BetaFields
| Input Field | Description |
|---|---|
manufacturer - [StringFilterInput!]
|
|
model - [StringFilterInput!]
|
|
type - [StringFilterInput!]
|
Example
{
"manufacturer": [StringFilterInput],
"model": [StringFilterInput],
"type": [StringFilterInput]
}
DeviceHwSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
manufacturer - SortOrderInput
|
|
model - SortOrderInput
|
|
type - SortOrderInput
|
Example
{
"manufacturer": SortOrderInput,
"model": SortOrderInput,
"type": SortOrderInput
}
DeviceNetwork
BetaDeviceNetworkFilterInput
BetaFields
| Input Field | Description |
|---|---|
networkName - [StringFilterInput!]
|
|
subnet - [StringFilterInput!]
|
Example
{
"networkName": [StringFilterInput],
"subnet": [StringFilterInput]
}
DeviceNetworkRef
BetaTypes
| Union Types |
|---|
Example
SiteNetworkSubnetRef
DeviceNetworkSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
networkName - SortOrderInput
|
|
subnet - SortOrderInput
|
Example
{
"networkName": SortOrderInput,
"subnet": SortOrderInput
}
DeviceNic
BetaFields
| Field Name | Description |
|---|---|
macAddress - MacAddress
|
The unique MAC address of the device's network interface card |
vendor - String
|
Manufacturer of the network interface (e.g., Intel, Broadcom) |
Example
{
"macAddress": MacAddress,
"vendor": "xyz789"
}
DeviceNicFilterInput
BetaFields
| Input Field | Description |
|---|---|
macAddress - [MacAddressFilterInput!]
|
|
vendor - [StringFilterInput!]
|
Example
{
"macAddress": [MacAddressFilterInput],
"vendor": [StringFilterInput]
}
DeviceNicSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
macAddress - SortOrderInput
|
|
vendor - SortOrderInput
|
Example
{
"macAddress": SortOrderInput,
"vendor": SortOrderInput
}
DeviceOs
BetaExample
{
"product": "xyz789",
"vendor": "xyz789",
"version": "xyz789"
}
DeviceOsFilterInput
BetaFields
| Input Field | Description |
|---|---|
product - [StringFilterInput!]
|
|
vendor - [StringFilterInput!]
|
|
version - [StringFilterInput!]
|
Example
{
"product": [StringFilterInput],
"vendor": [StringFilterInput],
"version": [StringFilterInput]
}
DeviceOsSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
product - SortOrderInput
|
|
vendor - SortOrderInput
|
|
version - SortOrderInput
|
Example
{
"product": SortOrderInput,
"vendor": SortOrderInput,
"version": SortOrderInput
}
DeviceProfileRef
BetaDeviceProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DeviceSiteSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
id - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"id": SortOrderInput,
"name": SortOrderInput
}
DeviceSnapshot
Fields
| Field Name | Description |
|---|---|
connected - Boolean
|
A boolean value that indicates if the site is connected to the Cato Cloud |
connectedSince - DateTime
|
For connected devices (this somewhat overlaps to last duration) |
deviceUptime - Int
|
Indicates the Socket uptime |
haRole - String
|
Shows if this is the primary or secondary Socket in high availability mode |
id - ID
|
Unique internal Cato ID for the Socket |
identifier - String
|
Unique identifier for the device |
interfaces - [InterfaceSnapshot!]
|
Snapshot data for outbound facing interfaces |
interfacesLinkState - [InterfaceLinkState!]
|
Information of the link state of various interfaces in the devices. Unlike the interfacess field, it contains all links of the device, not just the outbound facing ones |
internalIP - String
|
Device's internal IP in the account's routing table |
lastConnected - DateTime
|
The last time the device was seen |
lastDuration - Int
|
The uptime of the last tunnel from this device (or current), in seconds |
lastPopID - Int
|
The ID of the PoP that the Socket is connected to |
lastPopName - String
|
The PoP name that the Socket is connected to |
mfaCreationTime - Int
|
The time the mfa cookie (for sdp users) was created |
mfaExpirationTime - Int
|
Shows the amount of time remaining before the MFA token expires |
name - String
|
Name of the device |
osType - String
|
Operating system of the Device. |
osVersion - String
|
Version of the Socket operating system |
recentConnections - [RecentConnection!]
|
Data related to the most recent completed traffic flows |
releaseGroup - String
|
Shows the release group for the site |
socketInfo - SocketInfo
|
Shows data related to the Socket, such as version and serial number |
type - String
|
Shows the Socket model or vSocket type |
version - String
|
Device version |
versionNumber - Int
|
Device major version |
Example
{
"connected": true,
"connectedSince": "2007-12-03T10:15:30Z",
"deviceUptime": 987,
"haRole": "abc123",
"id": 4,
"identifier": "abc123",
"interfaces": [InterfaceSnapshot],
"interfacesLinkState": [InterfaceLinkState],
"internalIP": "abc123",
"lastConnected": "2007-12-03T10:15:30Z",
"lastDuration": 987,
"lastPopID": 123,
"lastPopName": "xyz789",
"mfaCreationTime": 987,
"mfaExpirationTime": 987,
"name": "xyz789",
"osType": "xyz789",
"osVersion": "xyz789",
"recentConnections": [RecentConnection],
"releaseGroup": "xyz789",
"socketInfo": SocketInfo,
"type": "abc123",
"version": "xyz789",
"versionNumber": 123
}
DeviceSortInput
BetaDescription
Input for sorting devices by various fields
Fields
| Input Field | Description |
|---|---|
category - SortOrderInput
|
Sort by device category |
confidence - SortOrderInput
|
Sort by classification confidence level |
firstSeen - SortOrderInput
|
Sort by first detection timestamp |
hw - DeviceHwSortOrderInput
|
Sort by hardware fields |
id - SortOrderInput
|
Sort by device unique identifier |
ip - SortOrderInput
|
Sort by IP address |
lastSeen - SortOrderInput
|
Sort by last activity timestamp |
name - SortOrderInput
|
Sort by device name |
network - DeviceNetworkSortOrderInput
|
Sort by network fields |
nic - DeviceNicSortOrderInput
|
Sort by network interface fields |
os - DeviceOsSortOrderInput
|
Sort by operating system fields |
riskScore - SortOrderInput
|
Sort by security risk score |
site - DeviceSiteSortOrderInput
|
Sort by site-related fields |
user - DeviceUserSortOrderInput
|
Sort by user-related fields |
Example
{
"category": SortOrderInput,
"confidence": SortOrderInput,
"firstSeen": SortOrderInput,
"hw": DeviceHwSortOrderInput,
"id": SortOrderInput,
"ip": SortOrderInput,
"lastSeen": SortOrderInput,
"name": SortOrderInput,
"network": DeviceNetworkSortOrderInput,
"nic": DeviceNicSortOrderInput,
"os": DeviceOsSortOrderInput,
"riskScore": SortOrderInput,
"site": DeviceSiteSortOrderInput,
"user": DeviceUserSortOrderInput
}
DeviceUserSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
id - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"id": SortOrderInput,
"name": SortOrderInput
}
DeviceV2
BetaFields
| Field Name | Description |
|---|---|
category - String
|
Device category grouping based on role or type |
complianceState - String
|
Compliance posture of the device according to policy/integration checks (e.g., 'compliant', 'noncompliant', 'unknown') |
confidence - DeviceConfidenceLevel
|
Confidence score for device classification accuracy |
connectionProfile - DeviceConnectionProfile
|
Profile describing how the device connects to the network |
firstSeen - DateTime
|
Timestamp of when the device was first detected |
hw - DeviceHw
|
Hardware information for the device |
id - ID!
|
Unique identifier for the device record |
ip - String
|
Beta Use ipAddress instead |
ipAddress - IPAddress
|
Current or last known IP address of the device |
isManaged - Boolean!
|
True/false flag showing whether the device is under admin management |
lastSeen - DateTime
|
Timestamp of the most recent device activity |
name - String
|
Human-readable name of the device |
network - DeviceNetwork
|
Information about the network environment the device connects to |
networkInfo - DeviceNetworkRef
|
Reference to the device's network (Rename to 'network' after fe is aligned) |
nic - DeviceNic
|
Network interface card details for the device |
originTypes - [OriginType!]!
|
The origins (e.g., integrations, data feeds) that detected the device |
os - DeviceOs
|
Operating system details of the device |
riskScore - Int
|
Numerical value representing the device's security risk |
site - SiteRef
|
Reference to the site where the device is located |
user - UserRef
|
Reference to the user linked with this device |
Example
{
"category": "abc123",
"complianceState": "abc123",
"confidence": "HIGH",
"connectionProfile": DeviceConnectionProfile,
"firstSeen": "2007-12-03T10:15:30Z",
"hw": DeviceHw,
"id": "4",
"ip": "abc123",
"ipAddress": IPAddress,
"isManaged": true,
"lastSeen": "2007-12-03T10:15:30Z",
"name": "xyz789",
"network": DeviceNetwork,
"networkInfo": SiteNetworkSubnetRef,
"nic": DeviceNic,
"originTypes": ["Armis"],
"os": DeviceOs,
"riskScore": 123,
"site": SiteRef,
"user": UserRef
}
DeviceV2FilterInput
BetaDescription
Input for filtering devices by various criteria
Fields
| Input Field | Description |
|---|---|
category - [StringFilterInput!]
|
Filter by device category |
complianceState - [StringFilterInput!]
|
Filter by compliance state criteria |
confidence - [DeviceConfidenceLevelFilterInput!]
|
Filter by classification confidence level |
firstSeen - [DateTimeFilterInput!]
|
Filter by first detection timestamp |
hw - DeviceHwFilterInput
|
Filter by hardware criteria |
id - [IdFilterInput!]
|
Filter by device unique identifier |
ipAddress - [IPAddressFilterInput!]
|
Filter by IP address |
isManaged - [BooleanFilterInput!]
|
Filter by management status |
lastSeen - [DateTimeFilterInput!]
|
Filter by last activity timestamp |
name - [StringFilterInput!]
|
Filter by device name |
network - DeviceNetworkFilterInput
|
Filter by network criteria |
nic - DeviceNicFilterInput
|
Filter by network interface criteria |
originTypes - [OriginTypeFilterInput!]
|
|
os - DeviceOsFilterInput
|
Filter by operating system criteria |
riskScore - [IntFilterInput!]
|
Filter by security risk score |
site - [SiteRefFilterInput!]
|
Filter by site reference |
user - [UserRefFilterInput!]
|
Filter by user reference |
Example
{
"category": [StringFilterInput],
"complianceState": [StringFilterInput],
"confidence": [DeviceConfidenceLevelFilterInput],
"firstSeen": [DateTimeFilterInput],
"hw": DeviceHwFilterInput,
"id": [IdFilterInput],
"ipAddress": [IPAddressFilterInput],
"isManaged": [BooleanFilterInput],
"lastSeen": [DateTimeFilterInput],
"name": [StringFilterInput],
"network": DeviceNetworkFilterInput,
"nic": DeviceNicFilterInput,
"originTypes": [OriginTypeFilterInput],
"os": DeviceOsFilterInput,
"riskScore": [IntFilterInput],
"site": [SiteRefFilterInput],
"user": [UserRefFilterInput]
}
DeviceV2Input
BetaFields
| Input Field | Description |
|---|---|
filter - [DeviceV2FilterInput!]
|
List of filter conditions applied to narrow down devices |
paging - PagingInput!
|
Paging input to control results (default limit = 100) Default |
sort - DeviceSortInput!
|
Sorting configuration (default: sort by id descending) Default |
Example
{
"filter": [DeviceV2FilterInput],
"paging": PagingInput,
"sort": DeviceSortInput
}
DevicesPayload
BetaFields
| Field Name | Description |
|---|---|
device - [DeviceV2!]!
|
List of devices returned by the query |
paging - PageInfo!
|
Metadata describing pagination details |
Example
{
"device": [DeviceV2],
"paging": PageInfo
}
DhcpRelayGroupRef
BetaDhcpType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACCOUNT_DEFAULT"
Dimension
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
Example
{"fieldName": "account_id"}
DimensionData
DimensionKey
DirectionEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
DirectionInput
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
DisableAccountPayload
BetaFields
| Field Name | Description |
|---|---|
accountInfo - AccountInfo!
|
General info of the disabled account |
Example
{"accountInfo": AccountInfo}
DlpContentProfileRef
BetaDlpContentProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DlpEdmProfileRef
BetaDlpEdmProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DlpLicense
BetaDescription
Data Loss Prevention (DLP) Service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Domain
BetaDescription
Top level domain is actually second level domain (e.g. example.com) It is recommended to use as a broad way of distinguishing domains, because they frequently use multiple hosts.
Example
Domain
DownloadFqdnContainerFileInput
BetaDescription
Input for searching FQDN typed container to download its content
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
DownloadFqdnContainerFilePayload
BetaDownloadIpAddressRangeContainerFileInput
BetaDescription
Input for searching IPAddressRange typed container to download its content
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DownloadIpAddressRangeContainerFilePayload
BetaDpaVersion
BetaDescription
The DPA agreement, based on your contract with Cato
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"DPA_2019_01"
DynamicIpAllocationAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
|
description - String!
|
|
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
|
range - DynamicIpAllocationRangeInput!
|
|
source - DynamicIpAllocationSourceInput!
|
Example
{
"country": [CountryRefInput],
"description": "abc123",
"enabled": false,
"name": "abc123",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRangeInput,
"source": DynamicIpAllocationSourceInput
}
DynamicIpAllocationAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - DynamicIpAllocationAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": DynamicIpAllocationAddRuleDataInput
}
DynamicIpAllocationPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [DynamicIpAllocationRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [DynamicIpAllocationRulePayload],
"sections": [PolicySectionPayload]
}
DynamicIpAllocationPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
DynamicIpAllocationPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
DynamicIpAllocationPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - DynamicIpAllocationPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": DynamicIpAllocationPolicy,
"status": "FAILURE"
}
DynamicIpAllocationPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
DynamicIpAllocationRange
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - GlobalIpRangeRef!
|
Example
{"globalIpRange": GlobalIpRangeRef}
DynamicIpAllocationRangeInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput!
|
Example
{"globalIpRange": GlobalIpRangeRefInput}
DynamicIpAllocationRangeUpdateInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput
|
Example
{"globalIpRange": GlobalIpRangeRefInput}
DynamicIpAllocationRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
DynamicIpAllocationRule
BetaFields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
|
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
|
range - DynamicIpAllocationRange!
|
|
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - DynamicIpAllocationSource!
|
Example
{
"country": [CountryRef],
"description": "abc123",
"enabled": false,
"id": 4,
"index": 987,
"name": "xyz789",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRange,
"section": PolicySectionInfo,
"source": DynamicIpAllocationSource
}
DynamicIpAllocationRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - DynamicIpAllocationRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": DynamicIpAllocationRulePayload,
"status": "FAILURE"
}
DynamicIpAllocationRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - DynamicIpAllocationRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": DynamicIpAllocationRule
}
DynamicIpAllocationSource
BetaFields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
|
usersGroup - [UsersGroupRef!]!
|
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
DynamicIpAllocationSourceInput
BetaFields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
|
usersGroup - [UsersGroupRefInput!]!
|
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
DynamicIpAllocationSourceUpdateInput
BetaFields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
|
usersGroup - [UsersGroupRefInput!]
|
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
DynamicIpAllocationUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
|
description - String
|
|
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
|
range - DynamicIpAllocationRangeUpdateInput
|
|
source - DynamicIpAllocationSourceUpdateInput
|
Example
{
"country": [CountryRefInput],
"description": "xyz789",
"enabled": true,
"name": "xyz789",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRangeUpdateInput,
"source": DynamicIpAllocationSourceUpdateInput
}
DynamicIpAllocationUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - DynamicIpAllocationUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": DynamicIpAllocationUpdateRuleDataInput
}
ElasticOperator
Description
Search operators on ElasticSearch. Between operators are applicable only to numeric fields Note that not operators are slower
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"between"
Description
Email address. E.g.: user@company.org
Example
Email
EmployeeRange
BetaValues
| Enum Value | Description |
|---|---|
|
|
1-10 employees |
|
|
11-50 employees |
|
|
51-100 employees |
|
|
101-250 employees |
|
|
251-500 employees |
|
|
501-1,000 employees |
|
|
1,001-5,000 employees |
|
|
5,001-10,000 employees |
|
|
10,000+ employees |
Example
"BETWEEN_00001_00010"
Endpoint
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for the story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
producer - StoryProducerEnum!
|
Enum for the Producer (specific XDR engine and service) involved with the incident |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
connectionType - ConnectionTypeEnum
|
Enum for the connection for this incident (ie. site, host, user) |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
queryName - String
|
Category for the indication ID related to the story |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
|
storyDuration - Int
|
|
description - String
|
|
sourceIp - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
categories - [IncidentCategory!]!
|
|
entities - [IncidentEntity!]!
|
|
tags - [String!]!
|
|
device - DeviceDetails
|
|
alerts - [EndpointAlert!]!
|
Possible Types
| Endpoint Types |
|---|
Example
{
"id": "4",
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"connectionType": "Host",
"indication": "xyz789",
"queryName": "abc123",
"source": "xyz789",
"criticality": 123,
"ticket": "xyz789",
"status": "Closed",
"research": true,
"siteName": "abc123",
"storyDuration": 123,
"description": "xyz789",
"sourceIp": "abc123",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "abc123",
"categories": ["OPERATIONAL"],
"entities": [IncidentEntity],
"tags": ["xyz789"],
"device": DeviceDetails,
"alerts": [EndpointAlert]
}
EndpointAlert
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String
|
|
description - String
|
|
threatName - String
|
|
mitreTechnique - [Mitre!]!
|
|
mitreSubTechnique - [Mitre!]!
|
|
createdDateTime - DateTime
|
|
resources - [EndpointResource!]!
|
|
activities - [Activity!]!
|
|
criticality - Int
|
|
externalIp - String
|
|
localIp - String
|
Possible Types
| EndpointAlert Types |
|---|
Example
{
"id": "4",
"title": "abc123",
"description": "xyz789",
"threatName": "abc123",
"mitreTechnique": [Mitre],
"mitreSubTechnique": [Mitre],
"createdDateTime": "2007-12-03T10:15:30Z",
"resources": [EndpointResource],
"activities": [Activity],
"criticality": 123,
"externalIp": "xyz789",
"localIp": "xyz789"
}
EndpointProtectionLicense
BetaDescription
End Point Protection (EPP) license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The maximum number of users that can use this service |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ANTI_MALWARE",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
EndpointResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
Possible Types
| EndpointResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED"
}
EndpointUser
Possible Types
| EndpointUser Types |
|---|
Example
{
"id": "4",
"name": "xyz789"
}
EngineTypePredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryEngineTypeEnum!]
|
|
not_in - [StoryEngineTypeEnum!]
|
Example
{"in": ["ANOMALY"], "not_in": ["ANOMALY"]}
Fields
| Field Name | Description |
|---|---|
location - Location!
|
The archived location |
Example
{"location": Location}
Fields
| Input Field | Description |
|---|---|
businessUnit - String
|
Business unit |
description - String
|
Description |
details - CreateLocationDetailsInput!
|
Location details |
name - String!
|
Location name |
type - LocationType!
|
Location type |
Example
{
"businessUnit": "abc123",
"description": "abc123",
"details": CreateLocationDetailsInput,
"name": "abc123",
"type": "BRANCH"
}
Fields
| Field Name | Description |
|---|---|
location - Location!
|
The created location |
Example
{"location": Location}
Fields
| Input Field | Description |
|---|---|
filter - LocationFilterInput
|
|
paging - PagingInput
|
|
sort - LocationSortInput
|
Example
{
"filter": LocationFilterInput,
"paging": PagingInput,
"sort": LocationSortInput
}
Fields
| Field Name | Description |
|---|---|
items - [Location!]!
|
The results |
pageInfo - PageInfo
|
Pagination details |
Example
{
"items": [Location],
"pageInfo": PageInfo
}
Fields
| Field Name | Description |
|---|---|
location - Location!
|
The restored location |
Example
{"location": Location}
Fields
| Input Field | Description |
|---|---|
businessUnit - String
|
Business unit |
description - String
|
Description |
details - UpdateLocationDetailsInput
|
Location details |
id - ID!
|
Location id |
name - String
|
Location name |
type - LocationType
|
Location type |
Example
{
"businessUnit": "abc123",
"description": "abc123",
"details": UpdateLocationDetailsInput,
"id": "4",
"name": "xyz789",
"type": "BRANCH"
}
Fields
| Field Name | Description |
|---|---|
location - Location!
|
The updated location |
Example
{"location": Location}
Entity
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String
|
|
type - EntityType!
|
Example
{
"id": "4",
"name": "xyz789",
"type": "account"
}
EntityAccess
BetaFields
| Field Name | Description |
|---|---|
action - RBACAction!
|
Example
{"action": "EDIT"}
EntityInfo
EntityInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
name - String
|
|
type - EntityType!
|
Example
{
"id": 4,
"name": "xyz789",
"type": "account"
}
EntityLookupResult
Fields
| Field Name | Description |
|---|---|
items - [EntityInfo!]!
|
|
total - Int
|
Example
{"items": [EntityInfo], "total": 987}
EntityType
Values
| Enum Value | Description |
|---|---|
|
|
A reference to a configured Account under reseller |
|
|
An account administrator (user in Cato Console) |
|
|
An external IP address in a specific PoP reserved for the account |
|
|
Any entity (matches everything) |
|
|
Pooled licenses available for use |
|
|
Site licenses available for use |
|
|
A settlement with over 1K population |
|
|
Geographical and political entity recognized internationally |
|
|
Represents a state or territory within a country. It is a sub-division of the country |
|
|
A reference to DHCP Relay Group within account |
|
|
|
|
|
A reference to the configured Host within Site |
|
|
A reference to LAN Firewall Rule within Site |
|
|
A reference to Local Routing Rule within Site |
|
|
|
|
|
|
|
|
A reference to the configured Network Interface within Site |
|
|
Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number |
|
|
l4 services for LAN firewall rules |
|
|
A reference to a configured Site within Account |
|
|
union of the globalRange and a Subnet |
|
|
Time zone, which is a geographical region where clocks are set to the same time |
|
|
A reference to the configured VPN User within Account |
|
|
Example
"account"
Event
Example
{
"action": "xyz789",
"appId": "abc123",
"appName": "abc123",
"dnsProtectionCategory": "abc123",
"eventType": "xyz789",
"ruleId": "xyz789",
"scanResult": "BYPASS_BY_CONTENT_RULE",
"severity": "abc123",
"signatureId": "xyz789",
"threatName": "abc123",
"threatType": "abc123",
"virusName": "xyz789"
}
EventFeedFieldFilterInput
Fields
| Input Field | Description |
|---|---|
fieldName - EventFeedFilterFieldName!
|
|
operator - EventFeedFilterOperator!
|
Use event_type and event_sub_type for events |
values - [String!]
|
Example
{
"fieldName": "event_sub_type",
"operator": "in",
"values": ["abc123"]
}
EventFeedFilterFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Sub-type for Routing, Security, Connectivity, System or Sockets Management event |
|
|
Routing, Security, Connectivity, System or Sockets Management event |
Example
"event_sub_type"
EventFeedFilterOperator
Description
Search operators on Event Feed
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"in"
EventField
Fields
| Field Name | Description |
|---|---|
name - EventFieldName!
|
|
value - Value!
|
Example
{"name": "access_method", "value": StringValue}
EventFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Identifies system access software or device |
|
|
Account ID |
|
|
Firewall, QoS or LAG action |
|
|
A list of actions taken, if more than one action was taken as defined by a policy |
|
|
The activity resource ID being referenced with resource type. |
|
|
Defines the type of entity performing the action, helping to distinguish between different categories of users. |
|
|
Active Directory name |
|
|
Adaptive rule IDs applied in the event |
|
|
Adaptive rule names applied in the event |
|
|
The scope of the adaptive rule applied in the event |
|
|
Adaptive rule threat categories applied in the event |
|
|
A unique identifier of the alert notification |
|
|
Always-on Configuration |
|
|
Analyst Verdict |
|
|
The name of the API, e.g. eventsFeed |
|
|
Specifies whether the API is a query (read) or a mutation (create/update/delete) |
|
|
Name of application activity |
|
|
SaaS user activities into categories. |
|
|
Activity type |
|
|
Related Apps |
|
|
Application ID of the flow |
|
|
The name of the application associated with the flow |
|
|
Application risk score |
|
|
Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN |
|
|
Examples: MFA or password |
|
|
BGP ASN for Cato peer |
|
|
BGP IP for Cato peer |
|
|
BGP disconnect error code |
|
|
BGP ASN for remote peer |
|
|
BGP IP for remote peer |
|
|
CIDR for BGP route |
|
|
BGP disconnect error message |
|
|
Always-On Bypass Duration In Seconds |
|
|
Always-On Bypass Method |
|
|
Always-On Bypass Reason |
|
|
Cato system category |
|
|
Cato application name |
|
|
Activity classification, e.g. FALSE_POSITIVE |
|
|
Expiration date for Client certificate |
|
|
Name of Client certificate |
|
|
Type of process generating this traffic |
|
|
Admins can configure the Client connection mode to control which types of traffic are routed and protected by Cato. The available options are: All Ports and Protocols – Secures all application traffic across any port or protocol. Web-only (HTTPS) – Secures only browser-based traffic over HTTPS. |
|
|
Socket or SDP Client version |
|
|
Shows the display name of the target user involved in an activity |
|
|
For SaaS Security API, email addresses of the users that received the file |
|
|
Confidence Level |
|
|
For hosts configured with a static IP in the Cato Management Application, the host name |
|
|
The algorithm that is used (CUBIC /NewReno / BBR) |
|
|
Connect on boot Enabled/Disabled |
|
|
Connection Origin |
|
|
For SaaS Security API, unique identifier of the connector |
|
|
For SaaS Security API, name of the connector |
|
|
For SaaS Security API, status of the connector |
|
|
For SaaS Security API, SaaS app for the connector |
|
|
IoC Container Name |
|
|
An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories. |
|
|
Criticality |
|
|
Custom category ID |
|
|
Custom category name |
|
|
For Internet traffic, country where the destination host is located |
|
|
For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2) |
|
|
The unique identifier by the SaaS vendor for the target group in an activity. |
|
|
Identifies the target group involved in an activity |
|
|
Destination IP address |
|
|
For WAN traffic, destination is site or SDP user |
|
|
The destination process ID |
|
|
Destination port |
|
|
Destination process command line |
|
|
Destination process parent file path |
|
|
Destination process parent process ID |
|
|
Destination process file path |
|
|
Unique internal Cato ID for the destination site or remote user |
|
|
The name of the destination site |
|
|
Short description of the detection |
|
|
Triggered when malware has been detected EPP Behavioral engines and has been dealt with: • on_detection: the event is triggered upon malware detection; • on_end_disinfect: the event is triggered upon detection and followed disinfection; • on_inject: the event is triggered upon code injection. |
|
|
Device Categories |
|
|
Device Certificate Validated/Not Validated |
|
|
Unique Cato ID for devices |
|
|
Device Manufacturer |
|
|
Device Model |
|
|
Name for device related to the event |
|
|
Device OS Type |
|
|
Device posture profiles |
|
|
Device Type |
|
|
Host name of Domain Controller that created LDAP event |
|
|
IP address of Domain Controller that created LDAP event |
|
|
Result of LDAP Domain Controller sync event |
|
|
Type of LDAP Domain Controller sync event |
|
|
If policy is set to disinfect, return the result of this action |
|
|
Describes the behavior when the DLP system encounters a failure |
|
|
DLP profiles related to the event |
|
|
Defines the scanning methods used by the DLP system |
|
|
Cato’s DNS Protection type that matched the DNS request |
|
|
Domain queried in the DNS request |
|
|
Type of query (ie. DNS query: A, AAAA, MX, or PTR) |
|
|
Domain name based on the SSL SNI, HTTP host name, or DNS name |
|
|
Duration in milliseconds between the start and end of a transaction or operation. For example, in DNS or HTTP events, this reflects the time between the request and the corresponding response. |
|
|
Egress PoP Name |
|
|
Egress Site Name for backhauling traffic |
|
|
Email Subject |
|
|
The ID for the endpoint |
|
|
The engine type associated with the event |
|
|
The Endpoint Protection Engine that detected the malware use engine_type instead. Planned end-of-life (EoL) date: April 1, 2026. |
|
|
The profile assigned to the endpoint upon detection of the malware |
|
|
Count for events that are repeated multiple times during one minute |
|
|
Event Id |
|
|
Cato's description of the event |
|
|
Sub-type for Routing, Security, Connectivity, System or Sockets Management event |
|
|
Routing, Security, Connectivity, System or Sockets Management event |
|
|
Provides details about why a specific action or process failed |
|
|
File hash |
|
|
File name |
|
|
The file operation when this event occurred |
|
|
File path |
|
|
File size |
|
|
File type |
|
|
The final status for this object after performing actions as defined by the policy |
|
|
Amount of flows for a given incident |
|
|
Full path URL application activity |
|
|
An identifier for a guest user using Cato through a Captive Portal |
|
|
IP address of host related to event |
|
|
MAC address of host related to event |
|
|
HTTP request method (ie. Get, Post) |
|
|
HTTP status code returned (ie. for DNS request, DNS-over-HTTPS (DoH) server when DoH is used). |
|
|
For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false) |
|
|
Unique Cato ID that identifies this security incident |
|
|
Indication |
|
|
Indicator |
|
|
The initial status of the object, before any policy was applied |
|
|
Cato Internal-use only use event_id instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Network protocol for this event |
|
|
Classifies users based on their permissions. |
|
|
Indicates whether an activity requires administrative permissions. |
|
|
Is Compliant |
|
|
Is Managed |
|
|
Is the app for this event defined as a sanctioned app? (True/False) |
|
|
If the events was part of the sinkhole flow |
|
|
The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically) |
|
|
Name defined for the public API Key in the Cato Management Application |
|
|
A list of labels providing additional context for the event |
|
|
Data that measures the congestion for a specific link |
|
|
Data that measures the jitter for a specific link |
|
|
Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP |
|
|
Data that measures the packet loss for a specific link |
|
|
Link type – Cato, Alt. WAN or LAG |
|
|
The user logged into this endpoint during this event |
|
|
Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic) |
|
|
Matched DLP data types related to the event |
|
|
Mitre attack subtechniques |
|
|
Mitre attack tactics |
|
|
Mitre attack techniques |
|
|
Network Access |
|
|
Matched network rule |
|
|
For SaaS Security API, API Error of Apps Security Notification |
|
|
For SaaS Security API, description of Apps Security Notification |
|
|
Unique identifier by the 3rd party App of the object being referenced |
|
|
The name of the object for this event (for example: file name) |
|
|
Specifies the type of object being acted upon (e.g., file, folder) |
|
|
Office mode Enabled/Disabled |
|
|
Host OS or tunnel device |
|
|
OS version for the device (such as 14.3.0) |
|
|
Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App) |
|
|
For SaaS Security API, email address of the file owner |
|
|
Pac File Enabled/Disabled |
|
|
For SaaS Security API, parent Microsoft 365 connector |
|
|
Name of PoP location |
|
|
Precedence |
|
|
Indicate how many processes are part of this event |
|
|
Producer |
|
|
Related project name(s) |
|
|
Prompt Page Selected Action |
|
|
The name of the provider, for example cloud provider - AWS |
|
|
Public source IP |
|
|
QoS Priority value |
|
|
For QoS, the time that this QoS event started. The event is generated when the QoS event finishes |
|
|
Specifies the path to a quarantine folder for isolated files |
|
|
A Unique ID for the quarantined file |
|
|
Raw Data |
|
|
Textual recommendation of the steps to take |
|
|
The URL that links directly to the object involved in the activity |
|
|
Referer URL from the HTTP request header indicating the source of the request. |
|
|
The region of the object |
|
|
Registration code used the first time that a SDP user authenticates (the code is partially obfuscated) |
|
|
Request packet size in bytes (ie. DNS request packet) |
|
|
The ID of the resource in the cloud provider |
|
|
The specific name or identifier of the resource. |
|
|
The type of resource being referenced. |
|
|
Response packet size in bytes (ie. DNS response packet) |
|
|
(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low – ie. adware Medium – ie. network scans High – ie. spyware or worms |
|
|
The time when the rule is no longer in active |
|
|
Unique Cato ID for the security rule related to the event |
|
|
Rule name |
|
|
Indicates the internal vendor service or module that produced the data reported in this event |
|
|
Severity defined for the rule |
|
|
Sharing Options for the file (such as SharePoint) |
|
|
Sign In Types |
|
|
For IPS and SAM, ID of the IPS signature |
|
|
Name for Socket interface |
|
|
Socket interface ID |
|
|
For Socket upgrades, new version number |
|
|
For Socket upgrade, previous version number |
|
|
Type of Socket reset (Hardware/Software) |
|
|
For Socket HA events, indicates if the Socket is primary or secondary |
|
|
Socket serial number |
|
|
Socket version number |
|
|
Split Tunnel Configuration |
|
|
Country in which the source host is located (detected via public IP address) |
|
|
Country Code of country in which the source host is located (detected via public IP address) |
|
|
IP for host or Cato Client |
|
|
Source type: site or remote user |
|
|
IP address provided by ISP to site or Client |
|
|
Source process ID |
|
|
Internal port number |
|
|
Source process command line |
|
|
Source process parent file path |
|
|
Source process parent process ID |
|
|
Source process file path |
|
|
Unique internal Cato ID for the site or remote user |
|
|
Source site or remote user |
|
|
Static host |
|
|
The story status. Possible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring |
|
|
Story Id |
|
|
Name of subnet as defined in Cato Management Application |
|
|
The name of the subscription |
|
|
Number of targets (servers) associated with this event |
|
|
Shows if traffic was TCP accelerated or not |
|
|
Unique identifier for the tenant within a multi-tenant environment |
|
|
Tenant Name |
|
|
Tenant Restriction Rule Name |
|
|
Contains the detection risk level. Could be one of the following: • Info - this is information-only event, the activity is not malicious; • Suspicious - the event is suspicious. It may be malicious, but there is not enough information • Malware - the event is malicious activity |
|
|
For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked |
|
|
Link to external malware reference |
|
|
The higher the score, the more dangerous the event. In range between 1 - 100 inclusive |
|
|
Type of malware event |
|
|
Result of malware event (clean indicates a safe file) |
|
|
Time stamp of the event (Linux epoch format) |
|
|
Time stamp of the event (Human-readable format) |
|
|
A short summary of the activity |
|
|
TLS Certificate Error |
|
|
TLS Error Description |
|
|
TLS Error Type |
|
|
Shows if traffic was TLS inspected or not |
|
|
TLS Inspection rule name |
|
|
TLS Version |
|
|
Direction of network traffic for this event, values are inbound or outbound |
|
|
Total transaction size in bytes, including both the request and response |
|
|
Translated Client IP |
|
|
Translated Server IP |
|
|
Trigger |
|
|
Trust Type |
|
|
Trusted networks Enabled/Disabled |
|
|
Tunnel Protocol TCP/UDP |
|
|
Protocol for the tunnel |
|
|
Socket upgrade end time (Linux epoch format): |
|
|
Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin) |
|
|
Socket upgrade start time (Linux epoch format) |
|
|
URL associated with the event |
|
|
User Agent |
|
|
Method used to get identity with User Awareness (such as Identity Agent) |
|
|
User ID |
|
|
User that generated the event |
|
|
Identifies the origin of the user’s connection. |
|
|
For Block/Prompt page, reference ID to report incorrect category |
|
|
User risk level category |
|
|
The vendor that identified the incident, such as Cato or Microsoft |
|
|
Shows the id of the target user involved in an activity |
|
|
Vendor Device Id |
|
|
Vendor Device Name |
|
|
Vendor Event Id |
|
|
Third party vendor policy description |
|
|
Third party vendor policy ID |
|
|
Third party vendor policy name |
|
|
Identifies the user in the vendor’s system |
|
|
Unique Cato Visible ID for devices use device_id instead. Planned end-of-life (EoL) date: April 1, 2026. |
|
|
Lan access Allowed / Blocked |
|
|
User’s email address |
|
|
WiFi authentication type |
|
|
WiFi channel |
|
|
WiFi description |
|
|
WiFi radio band |
|
|
WiFi signal strength |
|
|
WiFi SSID (Service Set Identifier) |
|
|
For LDAP sync events, name of the AD domain |
|
|
XFF HTTP header indicates the original IP address for the connections |
Example
"access_method"
EventRecord
Example
{
"fieldsMap": Map,
"flatFields": ["xyz789"],
"time": "2007-12-03T10:15:30Z"
}
Events
Fields
| Field Name | Description |
|---|---|
from - DateTime
|