Cato Networks GraphQL API Reference

Reference documentation for Cato GraphQL API

Contact

Cato Networks Support

api@catonetworks.com

API Endpoints
https://api.catonetworks.com/api/v1/graphql2

Further readings

GraphQL Introspection Query

Use the GraphQL Introspection system to learn more about queries and types with the Cato API schema.

For more information, see the GraphQL Documentation.

Queries

accountBySubdomain

Response

Returns [AccountDataPayload!]

Arguments
Name Description
accountID - ID!
subdomains - [String!]! a list of required subdomains

Example

Query
query accountBySubdomain($accountID:ID!, $subdomains:[String!]!) {
  accountBySubdomain(accountID:$accountID, subdomains:$subdomains) {
    id
    subdomain
  }
}
Variables
{"accountID": "123", "subdomains": ["company"]}
Response
{"data": {"accountBySubdomain": [{"id": "123", "subdomain": "company"}]}}

accountMetrics

Description

The accountMetrics query helps you analyze the state and quality of the connections of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics, statics, and analytics for the account.

Response

Returns an AccountMetrics

Arguments
Name Description
accountID - ID Unique Identifier of Account.
timeFrame - TimeFrame! The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory.
groupInterfaces - Boolean When the boolean argument groupInterfaces is set to true, then the data for all the interfaces are aggregated to a single interface.
groupDevices - Boolean

When the boolean argument groupDevices is set to true, then the analytics for all the Sockets (usually two in high availability) are aggregated as one result.

For the best results for aggregated Sockets, we recommend that there is consistent names and functionality (for example Destination) for the links on both Sockets.

Example

Query
query accountMetrics(
  $accountID:ID!,
  $timeFrame:TimeFrame!,
  $groupInterfaces: Boolean,
  $groupDevices: Boolean,
  $siteIDs: [ID!]
) {
  accountMetrics(
    accountID:$accountID,
    timeFrame: $timeFrame,
    groupInterfaces: $groupInterfaces,
    groupDevices: $groupDevices
  ) {
    id
    from
    to
    sites(siteIDs:$siteIDs) {
      id
      metrics {
        bytesUpstream
        bytesDownstream
      }
      interfaces {
        name
        metrics {
          bytesUpstream
          bytesDownstream
        }
      }
    }
  }
}
Variables
{
  "accountID": "123",
  "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
  "groupInterfaces": false,
  "groupDevices": true,
  "siteIDs": ["456", "789"]
}
Response
{
  "data": {
    "accountMetrics": {
      "id": "123",
      "from": "2023-02-28T00:00:00Z",
      "to": "2023-02-28T23:59:59Z",
      "sites": [
        {
          "id": "456",
          "metrics": {"bytesUpstream": 122324400, "bytesDownstream": 8354720},
          "interfaces": [
            {
              "name": "WAN 01",
              "metrics": {
                "bytesUpstream": 122324400,
                "bytesDownstream": 8354720
              }
            }
          ]
        },
        {
          "id": "789",
          "metrics": {"bytesUpstream": 100254955, "bytesDownstream": 3907080},
          "interfaces": [
            {
              "name": "WAN 01",
              "metrics": {
                "bytesUpstream": 100254955,
                "bytesDownstream": 3907080
              }
            }
          ]
        }
      ]
    }
  }
}

accountRoles

Response

Returns an AccountRolesResult!

Arguments
Name Description
accountID - ID!
accountType - AccountType

Example

Query
query accountRoles($accountID:ID!){
  accountRoles(accountID: $accountID) {
    items {
      name
      isPredefined
    }
    total
  }
}
Variables
{"accountID": "123"}
Response
{
  "data": {
    "accountRoles": {
      "items": [
        {"name": "Editor", "isPredefined": true},
        {"name": "Viewer", "isPredefined": true},
        {"name": "Network admin", "isPredefined": true},
        {"name": "Security Admin", "isPredefined": true},
        {"name": "Access Admin", "isPredefined": true}
      ],
      "total": 5
    }
  }
}

accountSnapshot

Description

Current snapshot-based metrics that show near real‑time data for the account. Provides analytics that are similar to the Topology page for the account.

Response

Returns an AccountSnapshot

Arguments
Name Description
accountID - ID Unique Identifier of Account.

Example

Query
query accountSnapshot($accountID:ID!) {
  accountSnapshot(accountID:$accountID) {
    sites {
      connectivityStatus
      haStatus{
        readiness
        wanConnectivity
        keepalive
        socketVersion
      }
      operationalStatus
      lastConnected
      connectedSince
      devices {
        connected
        version
      }
    }
    users {
      connectivityStatus
      connectedInOffice
      name
      deviceName
    }
    timestamp
  }
}
Variables
{"accountID": "123"}
Response
{
  "data": {
    "accountSnapshot": {
      "sites": [
        {
          "connectivityStatus": "connected",
          "haStatus": {
            "readiness": "ready",
            "wanConnectivity": "ok",
            "keepalive": "ok",
            "socketVersion": "ok"
          },
          "operationalStatus": "active",
          "lastConnected": "2023-02-28T13:21:05Z",
          "connectedSince": "2023-02-27T15:10:06Z",
          "devices": [
            {"connected": true, "version": "17.0.16303"},
            {"connected": true, "version": "17.0.16303"}
          ]
        },
        {
          "connectivityStatus": "disconnected",
          "haStatus": null,
          "operationalStatus": "active",
          "lastConnected": "2020-03-11T13:43:40Z",
          "connectedSince": null,
          "devices": [{"connected": false, "version": ""}]
        }
      ],
      "users": [
        {
          "connectivityStatus": "connected",
          "connectedInOffice": false,
          "name": "Employee Domywork",
          "deviceName": "Employee’s MacBook Pro"
        },
        {
          "connectivityStatus": "connected",
          "connectedInOffice": false,
          "name": "Alice Bobs",
          "deviceName": "Alice’s MacBook Pro"
        }
      ],
      "timestamp": "2023-02-28T13:22:21Z"
    }
  }
}

admin

Response

Returns a GetAdminPayload

Arguments
Name Description
accountId - ID!
adminID - ID!

Example

Query
query admin($accountId:ID!, $adminID:ID!) {
  admin(accountId:$accountId, adminID:$adminID) {
    id
    firstName
    lastName
    email
    creationDate
    mfaEnabled
    managedRoles {
      role {
        name
      }
    }
  }
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
  "data": {
    "admin": {
      "id": "456",
      "firstName": "Name",
      "lastName": "Surname",
      "email": "name.surname@company.org",
      "creationDate": "Dec 27, 2020 9:30:34 AM",
      "mfaEnabled": false,
      "managedRoles": [{"role": {"name": "Viewer"}}]
    }
  }
}

admins

Response

Returns an AdminsResult

Arguments
Name Description
accountID - ID!
limit - Int
Default
50
from - Int
Default
0
search - String
Default
""
sort - [SortInput]
adminIDs - [ID!]

Example

Query
query admins($accountId:ID!, $limit: Int) {
  admins(accountID:$accountId, limit: $limit) {
    items {
      id
      email
      managedRoles {
        role {
          name
        }
      }
    }
    total
  }
}
Variables
{"accountId": "123", "limit": 2}
Response
{
  "data": {
    "admins": {
      "items": [
        {
          "id": "1",
          "email": "editor@company.org",
          "managedRoles": [{"role": {"name": "Editor"}}]
        },
        {
          "id": "2",
          "email": "viewer@company.org",
          "managedRoles": [{"role": {"name": "Viewer"}}]
        }
      ],
      "total": 3
    }
  }
}

appStats

Description

BETA

Response

Returns an AppStats

Arguments
Name Description
accountID - ID! Account ID
timeFrame - TimeFrame!
measures - [Measure]
dimensions - [Dimension]
filters - [AppStatsFilter!]
sort - [AppStatsSort!]

Example

Query
query appStats(
  $accountID:ID!, 
  $timeFrame:TimeFrame!,
  $measures: [Measure],
  $dimensions:[Dimension],
  $sort:[AppStatsSort!],
  $limit:Int,
  $from:Int,
) {
  appStats(
    accountID: $accountID,
    timeFrame: $timeFrame,
    measures: $measures,
    dimensions:$dimensions,
    sort:$sort,
  ) {
    from
    to
    records(limit:$limit, from:$from){
      fieldsMap
      fieldsUnitTypes
    }
  }
}
Variables
{
  "accountID": "123",
  "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
  "dimensions": [{"fieldName": "app"}],
  "sort": [{"fieldName": "traffic", "order": "desc"}],
  "measures": [
    {"fieldName": "traffic", "aggType": "sum"},
    {"fieldName": "application", "aggType": "any"}
  ],
  "limit": 5,
  "from": 0
}
Response
{
  "data": {
    "appStats": {
      "from": "2023-02-28T00:00:00Z",
      "to": "2023-03-01T00:00:00Z",
      "records": [
        {
          "fieldsMap": {
            "app": "zoom",
            "application": "Zoom",
            "traffic": "95138282696"
          },
          "fieldsUnitTypes": ["none", "none", "bytes"]
        },
        {
          "fieldsMap": {
            "app": "udp",
            "application": "UDP",
            "traffic": "45401221439"
          },
          "fieldsUnitTypes": ["none", "none", "bytes"]
        },
        {
          "fieldsMap": {
            "app": "Tech",
            "application": "Technological apps",
            "traffic": "13982474567"
          },
          "fieldsUnitTypes": ["none", "none", "bytes"]
        },
        {
          "fieldsMap": {
            "app": "AppleSoftwareupdate",
            "application": "Apple software update",
            "traffic": "11624258191"
          },
          "fieldsUnitTypes": ["none", "none", "bytes"]
        }
      ]
    }
  }
}

appStatsTimeSeries

Description

BETA

Response

Returns an AppStatsTimeSeries

Arguments
Name Description
accountID - ID! Account ID
timeFrame - TimeFrame!
measures - [Measure]
dimensions - [Dimension]
filters - [AppStatsFilter!]

Example

Query
query appStatsTimeSeries(
  $accountID:ID!,
  $timeFrame:TimeFrame!,
  $measures: [Measure],
  $buckets:Int!
) {
  appStatsTimeSeries(
    accountID:$accountID,
    timeFrame:$timeFrame,
    measures: $measures
  ) {
    from
    to
    granularity
    timeseries(buckets:$buckets) {
      label
      data
      key {
        measureFieldName
      }
    }
  }
}
Variables
{
  "accountID": "123",
  "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
  "measures": [
    {"fieldName": "upstream", "aggType": "sum"},
    {"fieldName": "downstream", "aggType": "sum"}
  ],
  "buckets": 5
}
Response
{
  "data": {
    "appStatsTimeSeries": {
      "from": "2023-02-28T00:00:00Z",
      "to": "2023-03-01T00:00:00Z",
      "granularity": 14400,
      "timeseries": [
        {
          "label": "sum(upstream)",
          "data": [
            [1677542400000, 77192],
            [1677556800000, 742410],
            [1677571200000, 5335372],
            [1677585600000, 2239509],
            [1677600000000, 0],
            [1677614400000, 0]
          ],
          "key": {"measureFieldName": "upstream"}
        },
        {
          "label": "sum(downstream)",
          "data": [
            [1677542400000, 209763],
            [1677556800000, 1713925],
            [1677571200000, 7719290],
            [1677585600000, 2573650],
            [1677600000000, 0],
            [1677614400000, 0]
          ],
          "key": {"measureFieldName": "downstream"}
        }
      ]
    }
  }
}

auditFeed

Description

Audit Feed for account changes

Response

Returns an AuditFeed

Arguments
Name Description
accountIDs - [ID!] List of Unique Account Identifiers.
timeFrame - TimeFrame!
filters - [AuditFieldFilterInput!]
marker - String Marker to use to get results from

Example

Query
query auditFeed($accountID:ID!, $timeFrame: TimeFrame!){
  auditFeed(accountIDs:[$accountID], timeFrame:$timeFrame) {
    from
    to
    fetchedCount
    accounts {
      id
      records{
        admin {
          name
        }
        object {
          name
        }
        time
        fields {
          name
          value {
            ... on Entity {
              name
              id
              type
            }
            ... on StringValue {
              string
            }
            ... on DateValue {
              date
            }
          }
        }
      }
    }
  }
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
  "data": {
    "auditFeed": {
      "from": "2023-02-28T00:00:00Z",
      "to": "2023-02-28T23:59:59Z",
      "fetchedCount": 1,
      "accounts": [
        {
          "id": "123",
          "records": [
            {
              "time": "2023-02-28T08:48:21Z",
              "fields": [
                {
                  "name": "admin",
                  "value": {
                    "name": "admin@company.org",
                    "id": "456",
                    "type": "admin",
                    "__typename": "Entity"
                  }
                },
                {
                  "name": "change.Before.description",
                  "value": {
                    "string": "Description before change",
                    "__typename": "StringValue"
                  }
                },
                {
                  "name": "change.After.description",
                  "value": {
                    "string": "Description after change",
                    "__typename": "StringValue"
                  }
                },
                {
                  "name": "model_name",
                  "value": {"string": "Site name", "__typename": "StringValue"}
                },
                {
                  "name": "module",
                  "value": {
                    "string": "Configuration",
                    "__typename": "StringValue"
                  }
                },
                {
                  "name": "change_type",
                  "value": {"string": "MODIFIED", "__typename": "StringValue"}
                },
                {
                  "name": "creation_date",
                  "value": {
                    "string": "1677574090000",
                    "__typename": "DateValue"
                  }
                },
                {
                  "name": "model_type",
                  "value": {"string": "Site", "__typename": "StringValue"}
                },
                {
                  "name": "admin_id",
                  "value": {"string": "456", "__typename": "StringValue"}
                },
                {
                  "name": "insertion_date",
                  "value": {
                    "date": "2023-02-28T08:48:21Z",
                    "__typename": "DateValue"
                  }
                },
                {
                  "name": "account_id",
                  "value": {"string": "123", "__typename": "StringValue"}
                }
              ]
            }
          ]
        }
      ]
    }
  }
}

entityLookup

Description

Lookup entities with a specific type, potentially filtered and paged

Response

Returns an EntityLookupResult!

Arguments
Name Description
accountID - ID! The account ID (or 0 for non-authenticated requests)
type - EntityType! Type of entity to lookup for
limit - Int Sets the maximum number of items to retrieve
Default
50
from - Int Sets the offset number of items (for paging)
Default
0
parent - EntityInput Return items under a parent entity (can be site, vpn user, etc), used to filter for networks that belong to a specific site for example
search - String Adds additional search parameters for the lookup. Available options: country lookup: "removeExcluded" to return only allowed countries countryState lookup: country code ("US", "CN", etc) to get country's states
Default
""
entityIDs - [ID!] Adds additional search criteria to fetch by the selected list of entity IDs. This option is not universally available, and may not be applicable specific Entity types. If used on non applicable entity type, an error will be generated.
sort - [SortInput] Adds additional sort criteria(s) for the lookup. This option is not universally available, and may not be applicable specific Entity types.
filters - [LookupFilterInput] Custom filters for entityLookup
helperFields - [String!] Additional helper fields

Example

Query
query entityLookup($accountID:ID!, $limit:Int, $type:EntityType!) {
  entityLookup(accountID: $accountID, type:$type, limit: $limit) {
    items {
      entity{
        id
        name
      }
    }
    total
  }
}
Variables
{"accountID": "123", "limit": 2, "type": "site"}
Response
{
  "data": {
    "entityLookup": {
      "items": [
        {"entity": {"id": "45040", "name": "azure_test"}},
        {"entity": {"id": "75791", "name": "esx_test"}}
      ],
      "total": 5
    }
  }
}

events

Description

BETA

Response

Returns an Events

Arguments
Name Description
accountID - ID! Account ID
timeFrame - TimeFrame!
measures - [EventsMeasure]
dimensions - [EventsDimension]
filters - [EventsFilter!]
sort - [EventsSort!]

Example

Query
query events($accountID:ID!, $timeFrame:TimeFrame!, ) {
  events(accountID: $accountID, timeFrame:$timeFrame, measures: {fieldName: event_count, aggType: sum}) {
    records {
      flatFields
      fieldsMap
    }
  }
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
  "data": {
    "events": {
      "records": [
        {
          "flatFields": [["event_count", "2"]],
          "fieldsMap": {"event_count": "2"}
        }
      ]
    }
  }
}

eventsFeed

Description

Event Feed for events paged by a topic partitions offsets marker

Response

Returns an EventsFeedData

Arguments
Name Description
accountIDs - [ID!] List of Unique Account Identifiers.
filters - [EventFeedFieldFilterInput!]
marker - String Marker to use to get results from

Example

Query
query eventsFeed(
  $accountIDs: [ID!],
  $filters: [EventFeedFieldFilterInput!]
) {
  eventsFeed(
    accountIDs: $accountIDs,
    filters: $filters,
  ) {
    marker
    fetchedCount
    accounts {
      id
      errorString
      records {
        fieldsMap
      }
    }
  }
}
Variables
{
  "accountIDs": [123],
  "filters": [
    {
      "fieldName": "event_type",
      "operator": "is_not",
      "values": ["Sockets Management"]
    },
    {
      "fieldName": "event_sub_type",
      "operator": "is",
      "values": ["Disconnected"]
    }
  ]
}
Response
{
  "data": {
    "eventsFeed": {
      "marker": "W3siVG9waWMiOiIxODIiLCJQYXJ0aXRpb24iOjAsIk9mZnNldCI6MzIxNTM4fV0=",
      "fetchedCount": 1,
      "accounts": [
        {
          "id": "123",
          "errorString": "",
          "records": [
            {
              "fieldsMap": {
                "ISP_name": "IP Addresses Are Assigned Statically",
                "account_id": "123",
                "client_version": "8.0.4127",
                "event_count": "1",
                "event_sub_type": "Disconnected",
                "event_type": "Connectivity",
                "internalId": "7r0c7xUYIf",
                "link_type": "Cato",
                "pop_name": "Amsterdam",
                "socket_interface": "WAN1",
                "src_country": "Israel",
                "src_country_code": "IL",
                "src_is_site_or_vpn": "Site",
                "src_isp_ip": "1.2.3.4",
                "src_site": "native-range",
                "time": "1677170467000",
                "tunnel_protocol": "DTLS"
              }
            }
          ]
        }
      ]
    }
  }
}

eventsTimeSeries

Description

BETA

Response

Returns an EventsTimeSeries

Arguments
Name Description
accountID - ID! Account ID
timeFrame - TimeFrame!
measures - [EventsMeasure]
dimensions - [EventsDimension]
filters - [EventsFilter!]

Example

Query
query eventsTimeSeries(
  $accountID: ID!,
  $filters: [EventsFilter!],
  $timeFrame: TimeFrame!,
  $measures: [EventsMeasure],
  $buckets: Int!
) {
  eventsTimeSeries(
    accountID: $accountID,
    filters: $filters,
    timeFrame:$timeFrame,
    measures: $measures
  ) {
    id
    from
    to
    granularity
    timeseries(buckets:$buckets) {
      label
      data
    }
  }
}
Variables
{
  "accountID": "4125",
  "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
  "measures": [{"fieldName": "event_count", "aggType": "sum"}],
  "buckets": 4
}
Response
{
  "data": {
    "eventsTimeSeries": {
      "id": "4125",
      "from": "2023-02-28T00:00:00Z",
      "to": "2023-03-01T00:00:00Z",
      "granularity": 21600,
      "timeseries": [
        {
          "label": "sum(event_count)",
          "data": [
            [1677542400000, 5],
            [1677564000000, 2],
            [1677585600000, 0],
            [1677607200000, 5]
          ]
        }
      ]
    }
  }
}

subDomains

Description

The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:

  1. Regular account - Return only 1 subdomain relating to the regular account
  2. Reseller account - Return all subdomains including the reseller account subdomain
  3. Reseller account - Return only the reseller account subdomain
Response

Returns [SubDomain!]!

Arguments
Name Description
accountID - ID! Unique Identifier of Account
managedAccount - Boolean When the boolean argument managedAccount is set to true (default), then the query returns all subdomains related to the account

Example

Query
query subDomains($accountID:ID!, $managedAccount:Boolean) {
  subDomains(accountID:$accountID, managedAccount:$managedAccount) {
      accountId
      accountName
      accountType
      subDomain
  }
}
Variables
{"accountID": "123", "managedAccount": true}
Response
{
  "data": {
    "subDomains": [
      {
        "accountId": "123",
        "accountName": "Gamma LLC",
        "accountType": "Reseller",
        "subDomain": "subdomain3"
      },
      {
        "accountId": "1235",
        "accountName": "Delta Inc.",
        "accountType": "Regular",
        "subDomain": "subdomain4"
      }
    ]
  }
}

ContainerQueries

list

Beta
Response

Returns a ContainerSearchPayload!

Arguments
Name Description
input - ContainerSearchInput!

Example

Query

                        query listContainers($accountId:ID!, $input:ContainerSearchInput!)  {
                            container(accountId: $accountId) {
                                list(input: $input) {
                                    containers {
                                        __typename
                                        id
                                        name
                                        description
                                        size
                                        audit {
                                            createdBy
                                            createdAt
                                            lastModifiedBy
                                            lastModifiedAt
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{
  "accountId": 12345,
  "input": {
    "refs": [{"by": "NAME", "input": "Some Container"}],
    "types": ["FQDN"]
  }
}
Response
{
  "data": {
    "container": {
      "list": {
        "containers": [
          {
            "__typename": "FqdnContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        ]
      }
    }
  }
}

FqdnContainerQueries

downloadFile

Beta
Arguments
Name Description
input - DownloadFqdnContainerFileInput!

Example

Query

                          query downloadFqdnFile($accountId:ID!, $input:DownloadFqdnContainerFileInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      downloadFile(input: $input) {
                                          id
                                          name
                                          encodedFile
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "downloadFile": {
          "id": "1234567890",
          "name": "Some Container",
          "encodedFile": "MTkwLjIwLjI0LjM2LTE5MC4yMC4yNC4yMzYKMjAuMTAuMTMuMjcKMTgzLjEzLjU0LjIzNA=="
        }
      }
    }
  }
}

search

Beta
Response

Returns a FqdnContainerSearchPayload!

Arguments
Name Description
input - FqdnContainerSearchInput!

Example

Query

                          query searchIpContainer($accountId:ID!, $input:FqdnContainerSearchInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      search(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "search": {
          "container": {
            "__typename": "FqdnContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

searchFqdn

Beta
Response

Returns a FqdnContainerSearchFqdnPayload!

Arguments
Name Description
input - FqdnContainerSearchFqdnInput!

Example

Query

                          query searchIpInContainer($accountId:ID!, $input:FqdnContainerSearchFqdnInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      searchFqdn(input: $input) {
                                          containers {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{"accountId": 12345, "input": {"fqdn": "google.com"}}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "searchFqdn": {
          "containers": [
            {
              "__typename": "FqdnContainer",
              "id": "1234567890",
              "name": "Some Container",
              "description": "Description of some container",
              "size": 100,
              "audit": {
                "createdBy": "some.admin@catonetworks.com",
                "createdAt": "2024-09-18T14:31:03Z",
                "lastModifiedBy": "some.admin@catonetworks.com",
                "lastModifiedAt": "2024-09-18T14:31:03Z"
              }
            }
          ]
        }
      }
    }
  }
}

IpAddressRangeContainerQueries

downloadFile

Beta
Arguments
Name Description
input - DownloadIpAddressRangeContainerFileInput!

Example

Query

                          query downloadIpAddressNameFile($accountId:ID!, $input:DownloadIpAddressRangeContainerFileInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      downloadFile(input: $input) {
                                          id
                                          name
                                          encodedFile
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "downloadFile": {
          "id": "1234567890",
          "name": "Some Container",
          "encodedFile": "ZXhhbXBsZS5jb20KZ29vZ2xlLmNvbQphbWF6b20uY29t"
        }
      }
    }
  }
}

search

Beta
Arguments
Name Description
input - IpAddressRangeContainerSearchInput!

Example

Query

                          query searchIpContainer($accountId:ID!, $input:IpAddressRangeContainerSearchInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      search(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "search": {
          "container": {
            "__typename": "IpAddressRangeContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

searchIpAddressRange

Beta

Example

Query

                          query searchIpInContainer($accountId:ID!, $input:IpAddressRangeContainerSearchIpAddressRangeInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      searchIpAddressRange(input: $input) {
                                          containers {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {"ipAddressRange": {"from": "190.20.24.36", "to": "190.20.24.236"}}
}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "searchIpAddressRange": {
          "containers": [
            {
              "__typename": "IpAddressRangeContainer",
              "id": "1234567890",
              "name": "Some Container",
              "description": "Description of some container",
              "size": 100,
              "audit": {
                "createdBy": "some.admin@catonetworks.com",
                "createdAt": "2024-09-18T14:31:03Z",
                "lastModifiedBy": "some.admin@catonetworks.com",
                "lastModifiedAt": "2024-09-18T14:31:03Z"
              }
            }
          ]
        }
      }
    }
  }
}

HardwareManagementQueries

socketInventory

Beta
Description

Retrieve the account socket inventory

Response

Returns a SocketInventoryPayload!

Arguments
Name Description
input - SocketInventoryInput

Example

Query
query socketInventory($accountId: ID!, $input: SocketInventoryInput!) {
    hardwareManagement(accountId: $accountId) {
        socketInventory(input: $input) {
            items {
                id
                status
                serialNumber
                socketMac
                socketVersion
                site {
                    id
                    name
                }
                account {
                    id
                    name
                }
                shippingDate
                socketType
                trackingUrl
                trackingNumber
                shippingCompany
                deliverySiteName
                description
            }
            pageInfo {
        total
      }
        }
    }
}
Variables
{
  "accountId": "123456",
  "input": {
    "paging": {"limit": 25, "from": 0},
    "filter": {"freeText": {"search": "search"}},
    "sort": {"deliverySiteName": {"direction": "ASC"}}
  }
}
Response
{
  "data": {
    "hardwareManagement": {
      "socketInventory": {
        "items": [
          {
            "id": "111111",
            "status": "DELIVERED",
            "serialNumber": "987654321",
            "socketMac": "00-B0-D0-63-C2-26",
            "socketVersion": "13.0.11395",
            "site": {"id": "010101", "name": "exampleSite"},
            "account": {"id": "123456", "name": "exampleAccount"},
            "shippingDate": "2024-05-22T08:36:58Z",
            "socketType": "X1500",
            "trackingUrl": "https://fedex.com/1111111",
            "trackingNumber": "1111111",
            "shippingCompany": "fedex",
            "deliverySiteName": "exampleWarehouse",
            "description": "example description"
          },
          {
            "id": "2222222",
            "status": "SHIPPED",
            "serialNumber": "123456789",
            "socketMac": "00-B0-D0-63-C2-27",
            "socketVersion": "13.0.11395",
            "site": {"id": "0202", "name": "exampleSite2"},
            "account": {"id": "123456", "name": "exampleAccount"},
            "shippingDate": "2024-05-22T08:36:58Z",
            "socketType": "X1700",
            "trackingUrl": "https://ups.com/2222222",
            "trackingNumber": "2222222",
            "shippingCompany": "ups",
            "deliverySiteName": "exampleWarehouse2",
            "description": "example description 2"
          }
        ],
        "pageInfo": {"total": 2}
      }
    }
  }
}

InternetFirewallPolicyQueries

policy

Beta
Response

Returns an InternetFirewallPolicy!

Arguments
Name Description
input - InternetFirewallPolicyInput

Example

Query

                        query InternetFirewall($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    policy {
                                        enabled
                                        rules {
                                            properties
                                            rule {
                                                id
                                                index
                                                name
                                            }
                                        }
                                        sections {
                                            properties
                                            section {
                                                id
                                                name
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "policy": {
          "enabled": false,
          "rules": [
            {
              "properties": ["SYSTEM"],
              "rule": {
                "id": "f99c880a-7474-42a7-9da1-828c2d93abe6",
                "index": 1,
                "name": "Block any P2P"
              }
            },
            {
              "properties": [],
              "rule": {
                "id": "8df22e9d-c5c2-417e-a282-7c9908bfc1f4",
                "index": 2,
                "name": "Default Block Tor, SMB, SMTP"
              }
            },
            {
              "properties": [],
              "rule": {
                "id": "d42482ef-cbf2-494d-9343-5dc6ca30f815",
                "index": 3,
                "name": "Default Block for Categories"
              }
            },
            {
              "properties": [],
              "rule": {
                "id": "5d04747f-b31f-4d7c-8c02-831f07df80b8",
                "index": 4,
                "name": "Default prompt for Categories"
              }
            }
          ],
          "sections": [
            {
              "properties": [],
              "section": {
                "id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
                "name": "Updated section name"
              }
            }
          ]
        }
      }
    }
  }
}

revisions

Beta
Response

Returns a PolicyRevisionsPayload

Example

Query

                        query InternetFirewall($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    revisions {
                                        revision {
                                            name
                                            changes
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
      }
    }
  }
}

LicensingQueries

licensingInfo

Beta
Description

BETA

Response

Returns a LicensingInfo

Example

Query
query licensingInfo($accountId: ID!){
                            licensing(accountId: $accountId) {
                                licensingInfo {
                                    globalLicenseAllocations {
                                        publicIps {
                                            total
                                            allocated
                                            available
                                        }
                                        ztnaUsers {
                                            total
                                            allocated
                                            available
                                        }
                                    }
                                    licenses {
                                        sku
                                        plan
                                        status
                                        expirationDate
                                        startDate
                                        lastUpdated
                                    
                                        ... on QuantifiableLicense {
                                            total
                                        }
                                        ... on DataLakeLicense {
                                            dpaVersion
                                        }
                                        ... on PooledBandwidthLicense {
                                            siteLicenseGroup
                                            siteLicenseType
                                            allocatedBandwidth
                                            sites {
                                                site {
                                                    id
                                                    name
                                                }
                                                allocatedBandwidth
                                            }
                                        }
                                        ... on SiteLicense {
                                            siteLicenseGroup
                                            regionality
                                            siteLicenseType
                                            site {
                                                id
                                                name
                                            }
                                        }
                                        ... on ZtnaUsersLicense {
                                            ztnaUsersLicenseGroup
                                        }
                                    }
                                }
                            }
                        }
                        
Variables
{"accountId": "12345"}
Response
{
  "data": {
    "licensing": {
      "licensingInfo": {
        "globalLicenseAllocations": {
          "publicIps": {"total": 68, "allocated": 0, "available": 68},
          "ztnaUsers": {"total": 15, "allocated": 5, "available": 10}
        },
        "licenses": [
          {
            "sku": "CATO_CASB",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": "2024-04-24T21:00:00.000Z",
            "lastUpdated": "2024-04-30T08:14:29.884Z",
            "__typename": "CasbLicense"
          },
          {
            "sku": "CATO_DATALAKE_3M",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": "2024-04-24T21:00:00.000Z",
            "lastUpdated": "2024-04-25T10:08:32.586Z",
            "total": 1,
            "dpaVersion": "DPA_2023_01",
            "__typename": "DataLakeLicense"
          },
          {
            "sku": "CATO_IP_ADD",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": null,
            "lastUpdated": null,
            "total": 68,
            "__typename": "IpsLicense"
          },
          {
            "sku": "CATO_MDR",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": "2024-04-24T21:00:00.000Z",
            "lastUpdated": "2024-04-30T08:14:30.294Z",
            "__typename": "ManagedXdrLicense"
          },
          {
            "sku": "CATO_PB",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2024-07-04T00:00:00.000Z",
            "startDate": "2024-03-31T00:00:00.000Z",
            "lastUpdated": "2024-03-31T11:26:19.233Z",
            "total": 250,
            "siteLicenseGroup": "GROUP_2",
            "siteLicenseType": "SASE",
            "allocatedBandwidth": 50,
            "sites": [
              {
                "site": {"id": "456", "name": "Tokyo"},
                "allocatedBandwidth": 20
              },
              {
                "site": {"id": "789", "name": "Sydney"},
                "allocatedBandwidth": 30
              }
            ],
            "__typename": "PooledBandwidthLicense"
          },
          {
            "sku": "CATO_ZTNA_USERS",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": null,
            "lastUpdated": "2024-04-30T10:54:29.294Z",
            "total": 21,
            "ztnaUsersLicenseGroup": "GENERAL",
            "__typename": "ZtnaUsersLicense"
          },
          {
            "sku": "CATO_SITE",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": "2024-04-24T21:00:00.000Z",
            "lastUpdated": "2024-04-30T16:45:10.517Z",
            "total": 100,
            "siteLicenseGroup": "GROUP_1",
            "regionality": null,
            "siteLicenseType": "SASE",
            "site": {"id": "123", "name": "London"},
            "__typename": "SiteLicense"
          },
          {
            "sku": "CATO_THREAT_PREVENTION",
            "plan": "COMMERCIAL",
            "status": "ACTIVE",
            "expirationDate": "2025-04-30T00:00:00.000Z",
            "startDate": "2024-04-24T21:00:00.000Z",
            "lastUpdated": "2024-04-25T10:08:32.464Z",
            "__typename": "ThreatPreventionLicense"
          }
        ]
      }
    }
  }
}

WanFirewallPolicyQueries

policy

Beta
Response

Returns a WanFirewallPolicy!

Arguments
Name Description
input - WanFirewallPolicyInput

Example

Query

                        query InternetFirewall($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    policy {
                                        enabled
                                        rules {
                                            properties
                                            rule {
                                                id
                                                index
                                                name
                                            }
                                        }
                                        sections {
                                            properties
                                            section {
                                                id
                                                name
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "policy": {
          "enabled": false,
          "rules": [
            {
              "properties": [],
              "rule": {
                "id": "16044293",
                "index": 1,
                "name": "Allow social media"
              }
            },
            {
              "properties": [],
              "rule": {"id": "16044295", "index": 2, "name": "WAN FW Rule 2"}
            }
          ],
          "sections": [
            {
              "properties": [],
              "section": {"id": "363808", "name": "Example Wan Section"}
            },
            {
              "properties": [],
              "section": {"id": "363809", "name": "My Wan Section"}
            }
          ]
        }
      }
    }
  }
}

revisions

Beta
Response

Returns a PolicyRevisionsPayload

Example

Query

                        query InternetFirewall($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    revisions {
                                        revision {
                                            name
                                            changes
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "revisions": {
          "revision": [
            {"name": "WAN Test Revision", "changes": 0},
            {"name": "WAN Test Revision", "changes": 0}
          ]
        }
      }
    }
  }
}

XDR

stories

Beta
Description

Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query

Response

Returns a StoriesData

Arguments
Name Description
input - StoryInput!

Example

Query
query Stories($accountId: ID!, $from: Int!, $limit: Int!, $sort: [StorySortInput!], $filter: [StoryFilterInput!]!) {
                          xdr(accountID: $accountId) {
                            stories(
                              input: {paging: {from: $from, limit: $limit}, sort: $sort, filter: $filter}
                            ) {
                              paging {
                                from
                                limit
                                total
                                __typename
                              }
                              items {
                                ...StoryBrief
                                __typename
                              }
                              __typename
                            }
                            __typename
                          }
                        }
                        
                        fragment StoryBrief on Story {
                          id
                          accountId
                          accountName
                          updatedAt
                          createdAt
                          analystName
                          incident {
                            __typename
                            id
                            status
                            lastSignal
                            firstSignal
                            producer
                            connectionType
                            indication
                            queryName
                            description
                            criticality
                            source
                            ticket
                            research
                            vendor
                            sourceIp
                            analystFeedback {
                              severity
                              __typename
                            }
                            ... on Threat {
                              ...ThreatIncidentBrief
                              __typename
                            }
                            ... on ThreatPrevention {
                              ...ThreatPreventionIncidentBrief
                              __typename
                            }
                            ... on AnomalyStats {
                              ...AnomalyStatsIncidentBrief
                              __typename
                            }
                            ... on AnomalyEvents {
                              ...AnomalyEventsIncidentBrief
                              __typename
                            }
                            ... on NetworkXDRIncident {
                              ...NetworkXDRIncidentBrief
                              __typename
                            }
                          }
                          __typename
                        }
                        
                        fragment ThreatIncidentBrief on Threat {
                          __typename
                          site {
                            id
                            name
                            __typename
                          }
                          user {
                            id
                            name
                            __typename
                          }
                          direction
                        }
                        
                        fragment ThreatPreventionIncidentBrief on ThreatPrevention {
                          __typename
                          site {
                            id
                            name
                            __typename
                          }
                          user {
                            id
                            name
                            __typename
                          }
                          direction
                        }
                        
                        fragment AnomalyStatsIncidentBrief on AnomalyStats {
                          __typename
                          srcSiteId
                          subjectType
                          drillDownFilter {
                            name
                            value
                            __typename
                          }
                        }
                        
                        fragment AnomalyEventsIncidentBrief on AnomalyEvents {
                          __typename
                          srcSiteId
                          subjectType
                          drillDownFilter {
                            name
                            value
                            __typename
                          }
                        }
                        
                        fragment NetworkXDRIncidentBrief on NetworkXDRIncident {
                          __typename
                          storyDuration
                          storyType
                          siteConnectionType
                          siteConfigLocation
                          acknowledged
                          linkId
                          linkName
                          linkConfigPrecedence
                          deviceConfigHaRole
                          licenseRegion
                          licenseBandwidth
                          isp
                          bgpConnection {
                            connectionName
                            peerIp
                            peerAsn
                            catoIp
                            catoAsn
                            __typename
                          }
                          networkIncidentTimeline {
                            created
                            validated
                            description
                            eventType
                            eventIds
                            acknowledged
                            networkEventSource
                            linkId
                            linkName
                            linkConfigPrecedence
                            linkStatus
                            linkConfigBandwidth
                            deviceConfigHaRole
                            deviceHaRoleState
                            isp
                            bgpConnection {
                              connectionName
                              peerIp
                              peerAsn
                              catoIp
                              catoAsn
                              __typename
                            }
                            linkQualityIssue {
                              issueType
                              direction
                              current
                              threshold
                              __typename
                            }
                            __typename
                          }
                        }
                        
Variables
{
  "accountId": "123",
  "from": 0,
  "limit": 25,
  "filter": [
    {
      "timeFrame": {"time": "last.P14D", "timeFrameModifier": "StoryUpdate"},
      "producer": {
        "in": [
          "AnomalyEvents",
          "AnomalyStats",
          "ThreatHunt",
          "ThreatPrevention",
          "MicrosoftEndpointDefender",
          "CatoEndpointAlert"
        ]
      }
    }
  ],
  "sort": [{"fieldName": "updatedAt", "order": "desc"}]
}
Response
{
  "data": {
    "xdr": {
      "__typename": "XDR",
      "stories": {
        "paging": {"from": 0, "limit": 25, "total": 5, "__typename": "Paging"},
        "items": [
          {
            "id": "65ba47966e0c8517cf2de805",
            "accountId": 123,
            "accountName": "account",
            "updatedAt": "2024-01-31T13:13:58Z",
            "createdAt": "2024-01-31T13:13:58Z",
            "analystName": "abc123",
            "incident": {
              "__typename": "CatoEndpoint",
              "id": "29ebcff1",
              "status": "PendingMoreInfo",
              "lastSignal": "2024-01-18T01:48:25Z",
              "firstSignal": "2024-01-18T01:48:25Z",
              "producer": "CatoEndpointAlert",
              "connectionType": null,
              "indication": "Cato Endpoint Alert",
              "queryName": null,
              "description": null,
              "criticality": 5,
              "source": "source",
              "ticket": null,
              "research": false,
              "vendor": "CATO",
              "sourceIp": null,
              "analystFeedback": {
                "severity": "Medium",
                "__typename": "AnalystFeedback"
              }
            },
            "__typename": "Story"
          }
        ]
      }
    }
  }
}
XDR

story

Beta
Description

Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story

Response

Returns a Story

Arguments
Name Description
storyId - ID
producer - StoryProducerEnum
incidentId - ID

Example

Query
query StoryDetails($accountId: ID!, $storyId: ID!) {
                          xdr(accountID: $accountId) {
                            ... on XDR {
                              story(storyId: $storyId) {
                                ...StoryDetailed
                                __typename
                              }
                              __typename
                            }
                            __typename
                          }
                        }
                        
                        
                        fragment StoryDetailed on Story {
                          __typename
                          id
                          summary
                          updatedAt
                          createdAt
                          playbook
                          timeline {
                            ...TimelineItem
                            __typename
                          }
                          incident {
                            __typename
                            id
                            status
                            producer
                            ticket
                            connectionType
                            indication
                            queryName
                            criticality
                            source
                            research
                            firstSignal
                            lastSignal
                            description
                            site {
                              id
                              name
                              __typename
                            }
                            user {
                              id
                              name
                              __typename
                            }
                            ... on AnomalyStats {
                              ...AnomalyStatsIncidentDetailed
                              __typename
                            }
                            ... on AnomalyEvents {
                              ...AnomalyEventsIncidentDetailed
                              __typename
                            }
                            ... on Threat {
                              ...ThreatIncidentDetailed
                              __typename
                            }
                            ... on ThreatPrevention {
                              ...ThreatPreventionIncidentDetailed
                              __typename
                            }
                        
                            ... on NetworkXDRIncident {
                              ...NetworkXDRIncidentDetailed
                              __typename
                            }
                            ... on MicrosoftEndpoint {
                              ...MicrosoftEndpointIncidentDetailed
                              __typename
                            }
                            ... on CatoEndpoint {
                              ...CatoEndpointIncidentDetailed
                              __typename
                            }
                          }
                        }
                        
                        fragment TimelineItem on TimelineItem {
                          createdAt
                          type
                          descriptions
                          additionalInfo
                          analystInfo {
                            name
                            __typename
                          }
                          context
                          category
                          __typename
                        }
                        
                        fragment AnomalyStatsIncidentDetailed on AnomalyStats {
                          __typename
                          srcSiteId
                          subjectType
                          metric {
                            name
                            value
                            __typename
                          }
                          drillDownFilter {
                            name
                            value
                            __typename
                          }
                          gaussian {
                            n
                            avg
                            __typename
                          }
                          mitres {
                            id
                            name
                            __typename
                          }
                          logonName
                          sourceIp
                          os
                          clientClass
                          deviceName
                          macAddress
                          breakdownField
                          predictedVerdict
                          predictedThreatType
                          similarStoriesData {
                            storyId
                            indication
                            threatTypeName
                            verdict
                            similarityPercentage
                            __typename
                          }
                          targets {
                            name
                            analysisScore
                            infectionSource
                            catoPopularity
                            threatFeeds
                            creationTime
                            categories
                            countryOfRegistration
                            searchHits
                            engines
                            eventData {
                              signatureId
                              eventType
                              threatType
                              threatName
                              severity
                              action
                              __typename
                            }
                            __typename
                          }
                          analystFeedback {
                            ...AnalystFeedback
                            __typename
                          }
                        }
                        
                        fragment AnalystFeedback on AnalystFeedback {
                          verdict
                          severity
                          threatType {
                            name
                            details
                            recommendedAction
                            __typename
                          }
                          threatClassification
                          additionalInfo
                          __typename
                        }
                        
                        fragment AnomalyEventsIncidentDetailed on AnomalyEvents {
                          __typename
                          srcSiteId
                          subjectType
                          metric {
                            name
                            value
                            __typename
                          }
                          drillDownFilter {
                            name
                            value
                            __typename
                          }
                          gaussian {
                            n
                            avg
                            __typename
                          }
                          mitres {
                            id
                            name
                            __typename
                          }
                          logonName
                          sourceIp
                          os
                          clientClass
                          deviceName
                          macAddress
                          breakdownField
                          predictedVerdict
                          predictedThreatType
                          similarStoriesData {
                            storyId
                            indication
                            threatTypeName
                            verdict
                            similarityPercentage
                            __typename
                          }
                          targets {
                            name
                            analysisScore
                            infectionSource
                            catoPopularity
                            threatFeeds
                            creationTime
                            categories
                            countryOfRegistration
                            searchHits
                            engines
                            eventData {
                              signatureId
                              eventType
                              threatType
                              threatName
                              severity
                              action
                              __typename
                            }
                            __typename
                          }
                          analystFeedback {
                            ...AnalystFeedback
                            __typename
                          }
                        }
                        
                        fragment ThreatIncidentDetailed on Threat {
                          __typename
                          srcSiteId
                          flowsCardinality
                          storyDuration
                          os
                          deviceName
                          macAddress
                          sourceIp
                          logonName
                          direction
                          predictedVerdict
                          predictedThreatType
                          similarStoriesData {
                            storyId
                            indication
                            threatTypeName
                            verdict
                            similarityPercentage
                            __typename
                          }
                          queryName
                          events {
                            signatureId
                            eventType
                            threatType
                            threatName
                            severity
                            __typename
                          }
                          mitres {
                            id
                            name
                            __typename
                          }
                          timeSeries {
                            info
                            units
                            label
                            data(perSecond: false)
                            sum
                            key {
                              measureFieldName
                              dimensions {
                                fieldName
                                value
                                __typename
                              }
                              __typename
                            }
                            __typename
                          }
                          targets {
                            type
                            name
                            analysisScore
                            infectionSource
                            catoPopularity
                            threatFeeds
                            creationTime
                            categories
                            countryOfRegistration
                            searchHits
                            engines
                            eventData {
                              signatureId
                              eventType
                              threatType
                              threatName
                              severity
                              action
                              __typename
                            }
                            __typename
                          }
                          flows {
                            appName
                            clientClass
                            sourceIp
                            sourcePort
                            direction
                            createdAt
                            referer
                            userAgent
                            method
                            destinationCountry
                            destinationPort
                            destinationIp
                            destinationGeolocation
                            url
                            tunnelGeolocation
                            domain
                            target
                            httpResponseCode
                            dnsResponseIP
                            smbFileName
                            fileHash
                            ja3
                            __typename
                          }
                          analystFeedback {
                            ...AnalystFeedback
                            __typename
                          }
                        }
                        
                        fragment ThreatPreventionIncidentDetailed on ThreatPrevention {
                          __typename
                          srcSiteId
                          flowsCardinality
                          storyDuration
                          os
                          deviceName
                          macAddress
                          sourceIp
                          logonName
                          direction
                          predictedVerdict
                          predictedThreatType
                          similarStoriesData {
                            storyId
                            indication
                            threatTypeName
                            verdict
                            similarityPercentage
                            __typename
                          }
                          queryName
                          events {
                            signatureId
                            eventType
                            threatType
                            threatName
                            severity
                            __typename
                          }
                          mitres {
                            id
                            name
                            __typename
                          }
                          timeSeries {
                            info
                            units
                            label
                            data(perSecond: false)
                            sum
                            key {
                              measureFieldName
                              dimensions {
                                fieldName
                                value
                                __typename
                              }
                              __typename
                            }
                            __typename
                          }
                          targets {
                            type
                            name
                            analysisScore
                            infectionSource
                            catoPopularity
                            threatFeeds
                            creationTime
                            categories
                            countryOfRegistration
                            searchHits
                            engines
                            eventData {
                              signatureId
                              eventType
                              threatType
                              threatName
                              severity
                              action
                              __typename
                            }
                            __typename
                          }
                          threatPreventionsEvents {
                            appName
                            clientClass
                            sourceIp
                            sourcePort
                            direction
                            createdAt
                            referrer
                            userAgent
                            method
                            destinationCountry
                            destinationPort
                            destinationIp
                            destinationGeolocation
                            url
                            tunnelGeolocation
                            domain
                            target
                            httpResponseCode
                            dnsResponseIP
                            smbFileName
                            fileHash
                            ja3
                            __typename
                          }
                          analystFeedback {
                            ...AnalystFeedback
                            __typename
                          }
                        }
                        
                        fragment NetworkXDRIncidentDetailed on NetworkXDRIncident {
                          __typename
                          storyDuration
                          storyType
                          occurrences
                          siteConnectionType
                          siteConfigLocation
                          acknowledged
                          description
                          linkId
                          linkName
                          linkConfigPrecedence
                          deviceConfigHaRole
                          licenseRegion
                          licenseBandwidth
                          pop
                          isp
                          hostIp
                          ruleName
                          bgpConnection {
                            connectionName
                            peerIp
                            peerAsn
                            catoIp
                            catoAsn
                            __typename
                          }
                          networkIncidentTimeline {
                            created
                            validated
                            description
                            eventType
                            incidentId
                            eventIds
                            acknowledged
                            networkEventSource
                            linkId
                            linkName
                            linkConfigPrecedence
                            linkStatus
                            linkConfigBandwidth
                            deviceConfigHaRole
                            deviceHaRoleState
                            pop
                            isp
                            hostIp
                            ruleName
                            tunnelResetCount
                            bgpConnection {
                              connectionName
                              peerIp
                              peerAsn
                              catoIp
                              catoAsn
                              __typename
                            }
                            linkQualityIssue {
                              issueType
                              direction
                              current
                              threshold
                              __typename
                            }
                            __typename
                          }
                          analystFeedback {
                            ... on AnalystFeedback {
                              severity
                              __typename
                            }
                            __typename
                          }
                        }
                        
                        fragment MicrosoftEndpointIncidentDetailed on MicrosoftEndpoint {
                          storyDuration
                          sourceIp
                          analystFeedback {
                            ...AnalystFeedback
                            __typename
                          }
                          device {
                            deviceName
                            osDetails {
                              ... on OsDetails {
                                ...MicrosoftEndpointIncidentDeviceOsDetails
                                __typename
                              }
                              __typename
                            }
                            loggedOnUsers {
                              ... on EndpointUser {
                                ...MicrosoftEndpointIncidentDeviceLoggedOnUser
                                __typename
                              }
                              __typename
                            }
                            __typename
                          }
                          alerts {
                            ... on MicrosoftDefenderEndpointAlert {
                              ...StoryDetailsMicrosoftEndpointAlert
                              __typename
                            }
                            __typename
                          }
                          __typename
                        }
                        
                        fragment MicrosoftEndpointIncidentDeviceOsDetails on OsDetails {
                          osType
                          osBuild
                          osVersion
                          __typename
                        }
                        
                        fragment MicrosoftEndpointIncidentDeviceLoggedOnUser on EndpointUser {
                          ... on MicrosoftEndpointUser {
                            ...MicrosoftEndpointIncidentUserDetails
                            __typename
                          }
                          __typename
                        }
                        
                        fragment MicrosoftEndpointIncidentUserDetails on MicrosoftEndpointUser {
                          name
                          domainName
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointAlert on MicrosoftDefenderEndpointAlert {
                          id
                          title
                          localIp
                          destinationIp
                          destinationUrl
                          mitreTechnique {
                            id
                            name
                            __typename
                          }
                          firstActivityDateTime
                          lastActivityDateTime
                          threatName
                          activities {
                            ...StoryDetailsMicrosoftEndpointActivity
                            __typename
                          }
                          resources {
                            ...StoryDetailsMicrosoftEndpointResource
                            __typename
                          }
                          ... on MicrosoftDefenderEndpointAlert {
                            criticality
                            msStatus: status
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointActivity on MicrosoftActivity {
                          id
                          resourceId
                          parentResourceId
                          action
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointResource on MicrosoftEndpointResource {
                          id
                          remediationStatus
                          createdDateTime
                          verdict
                          roles
                          ...StoryDetailsMicrosoftEndpointFileResource
                          ...StoryDetailsMicrosoftEndpointProcessResource
                          ...StoryDetailsMicrosoftEndpointRegistryResource
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointFileResource on MicrosoftFileResource {
                          detectionStatus
                          fileDetails {
                            ...StoryDetailsMicrosoftEndpointFileDetails
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointFileDetails on FileDetails {
                          path
                          name
                          size
                          sha1
                          sha256
                          issuer
                          signer
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointProcessResource on MicrosoftProcessResource {
                          processId
                          processCommandLine
                          imageFile {
                            ...StoryDetailsMicrosoftEndpointFileDetails
                            __typename
                          }
                          userAccount {
                            ...StoryDetailsMicrosoftEndpointUserDetails
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointUserDetails on EndpointUser {
                          id
                          ... on MicrosoftEndpointUser {
                            userSid
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsMicrosoftEndpointRegistryResource on MicrosoftRegistryResource {
                          valueName
                          valueType
                          value
                          key
                          hive
                          __typename
                        }
                        
                        fragment CatoEndpointIncidentDetailed on CatoEndpoint {
                          storyDuration
                          sourceIp
                          analystFeedback {
                            ...AnalystFeedback
                            __typename
                          }
                          device {
                            deviceName
                            macAddress
                            osDetails {
                              ... on OsDetails {
                                ...CatoEndpointIncidentDeviceOsDetails
                                __typename
                              }
                              __typename
                            }
                            loggedOnUsers {
                              ... on EndpointUser {
                                ...CatoEndpointIncidentDeviceLoggedOnUser
                                __typename
                              }
                              __typename
                            }
                            __typename
                          }
                          alerts {
                            ... on CatoEndpointAlert {
                              ...StoryDetailsCatoEndpointAlert
                              __typename
                            }
                            __typename
                          }
                          __typename
                        }
                        
                        fragment CatoEndpointIncidentDeviceOsDetails on OsDetails {
                          osType
                          osBuild
                          osVersion
                          __typename
                        }
                        
                        fragment CatoEndpointIncidentDeviceLoggedOnUser on EndpointUser {
                          ... on CatoEndpointUser {
                            ...CatoEndpointIncidentUserDetails
                            __typename
                          }
                          __typename
                        }
                        
                        fragment CatoEndpointIncidentUserDetails on CatoEndpointUser {
                          name
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointAlert on CatoEndpointAlert {
                          id
                          title
                          mitreTechnique {
                            id
                            name
                            __typename
                          }
                          createdDateTime
                          threatName
                          activities {
                            ...StoryDetailsCatoEndpointActivity
                            __typename
                          }
                          resources {
                            ...StoryDetailsCatoEndpointResource
                            __typename
                          }
                          ... on CatoEndpointAlert {
                            criticality
                            catoStatus: status
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointActivity on CatoActivity {
                          id
                          resourceId
                          parentResourceId
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointResource on CatoResource {
                          id
                          createdDateTime
                          remediationStatus
                          ...StoryDetailsCatoEndpointFileResource
                          ...StoryDetailsCatoEndpointProcessResource
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointFileResource on CatoFileResource {
                          detectionStatus
                          fileDetails {
                            ...StoryDetailsCatoEndpointFileDetails
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointFileDetails on FileDetails {
                          path
                          name
                          size
                          sha1
                          sha256
                          issuer
                          signer
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointProcessResource on CatoProcessResource {
                          processId
                          processCommandLine
                          imageFile {
                            ...StoryDetailsCatoEndpointFileDetails
                            __typename
                          }
                          userAccount {
                            ...StoryDetailsCatoEndpointUserDetails
                            __typename
                          }
                          __typename
                        }
                        
                        fragment StoryDetailsCatoEndpointUserDetails on EndpointUser {
                          id
                          ... on CatoEndpointUser {
                            name
                            __typename
                          }
                          __typename
                        }
                        
Variables
{"accountId": "123", "storyId": "abc123"}
Response
{
  "data": {
    "xdr": {
      "__typename": "XDR",
      "story": {
        "playbook": null,
        "incident": {
          "__typename": "Threat",
          "id": "abc123",
          "status": "Open",
          "producer": "ThreatHunt",
          "ticket": null,
          "connectionType": "Site",
          "indication": "abc123",
          "queryName": "abc123",
          "criticality": 5,
          "source": "abc123",
          "research": false,
          "firstSignal": "2024-02-29T09:00:00Z",
          "lastSignal": "2024-02-29T13:00:00Z",
          "description": "abc123",
          "site": null,
          "user": null,
          "srcSiteId": "123",
          "flowsCardinality": 4,
          "storyDuration": 14400,
          "os": "OS_WINDOWS",
          "deviceName": "abc123",
          "macAddress": "aa:aa:11:22:33:44",
          "sourceIp": "1.2.3.4",
          "logonName": null,
          "direction": "OUTBOUND",
          "predictedVerdict": null,
          "predictedThreatType": null,
          "similarStoriesData": [],
          "events": [],
          "mitres": [],
          "timeSeries": [],
          "targets": [
            {
              "type": "domain",
              "name": "123",
              "analysisScore": 0.75688803,
              "infectionSource": true,
              "catoPopularity": -1,
              "threatFeeds": 2,
              "creationTime": "2023-01-10T06:16:40Z",
              "categories": "abc123",
              "countryOfRegistration": "CZ",
              "searchHits": "123",
              "engines": null,
              "eventData": [],
              "__typename": "IncidentTargetRep"
            }
          ],
          "flows": [
            {
              "appName": "http",
              "clientClass": null,
              "sourceIp": "11.22.33.111",
              "sourcePort": 123,
              "direction": "INBOUND",
              "createdAt": "2024-02-29T09:45:00Z",
              "referer": null,
              "userAgent": null,
              "method": null,
              "destinationCountry": "US",
              "destinationPort": 123,
              "destinationIp": "11.22.33.644",
              "destinationGeolocation": "11.1,22.2",
              "url": null,
              "tunnelGeolocation": "11.1,22.2",
              "domain": "abc123",
              "target": "abc123",
              "httpResponseCode": null,
              "dnsResponseIP": null,
              "smbFileName": null,
              "fileHash": null,
              "ja3": null,
              "__typename": "IncidentFlow"
            }
          ],
          "analystFeedback": {
            "verdict": null,
            "severity": null,
            "threatType": {
              "name": "PuP",
              "details": null,
              "recommendedAction": null,
              "__typename": "AnalystFeedbackThreatType"
            },
            "threatClassification": null,
            "additionalInfo": null,
            "__typename": "AnalystFeedback"
          }
        },
        "__typename": "Story",
        "id": "abc123",
        "summary": "abc123",
        "updatedAt": "2024-03-27T08:32:44Z",
        "createdAt": "2024-03-27T08:22:51Z",
        "timeline": [
          {
            "createdAt": "2024-03-27T08:22:51Z",
            "type": "Diff",
            "descriptions": ["abc123"],
            "additionalInfo": null,
            "analystInfo": null,
            "context": "Story created",
            "category": null,
            "__typename": "TimelineItem"
          }
        ]
      }
    }
  }
}

Mutations

AdminMutations

addAdmin

Response

Returns an AddAdminPayload

Arguments
Name Description
input - AddAdminInput!

Example

Query
mutation addAdmin($accountId:ID!, $input: AddAdminInput!) {
  admin(accountId:$accountId) {
    addAdmin(input:$input) {
      adminID
    }
  }
}
Variables
{
  "accountId": "123",
  "input": {
    "firstName": "Name",
    "lastName": "Surname",
    "email": "name.surname@company.org",
    "passwordNeverExpires": false,
    "mfaEnabled": true,
    "managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
  }
}
Response
{"data": {"admin": {"addAdmin": {"adminID": "456"}}}}

removeAdmin

Response

Returns a RemoveAdminPayload

Arguments
Name Description
adminID - ID!

Example

Query
mutation removeAdmin($accountId:ID!, $adminID:ID!){
  admin(accountId:$accountId) {
    removeAdmin(adminID:$adminID) {
      adminID
    }
  }
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeAdmin": {"adminID": "456"}}}}

updateAdmin

Response

Returns an UpdateAdminPayload

Arguments
Name Description
adminID - ID!
input - UpdateAdminInput!

Example

Query
mutation updateAdmin($accountId:ID!, $adminID:ID!, $input: UpdateAdminInput!){
  admin(accountId:$accountId) {
    updateAdmin(adminID:$adminID,input:$input) {
      adminID
    }
  }
}
Variables
{
  "accountId": "123",
  "adminID": "456",
  "input": {
    "managedRoles": [
      {"role": {"id": 1, "name": "Editor"}},
      {"role": {"id": 2, "name": "Viewer"}}
    ]
  }
}
Response
{"data": {"admin": {"updateAdmin": {"adminID": "456"}}}}

ContainerMutations

delete

Beta
Response

Returns a DeleteContainerPayload!

Arguments
Name Description
input - DeleteContainerInput!

Example

Query

                        mutation removeValuesFqdnContainer($accountId:ID!, $input:DeleteContainerInput!) {
                            container(accountId: $accountId) {
                                delete(input: $input) {
                                    container {
                                        __typename
                                        id
                                        name
                                        description
                                        size
                                        audit {
                                            createdBy
                                            createdAt
                                            lastModifiedBy
                                            lastModifiedAt
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{
  "accountId": 12345,
  "input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
  "data": {
    "container": {
      "delete": {
        "container": {
          "__typename": "FqdnContainer",
          "id": "1234567890",
          "name": "Some Container",
          "description": "Description of some container",
          "size": 100,
          "audit": {
            "createdBy": "some.admin@catonetworks.com",
            "createdAt": "2024-09-18T14:31:03Z",
            "lastModifiedBy": "some.admin@catonetworks.com",
            "lastModifiedAt": "2024-09-18T14:31:03Z"
          }
        }
      }
    }
  }
}

FqdnContainerMutations

addValues

Beta
Response

Returns a FqdnContainerAddValuesPayload!

Arguments
Name Description
input - FqdnContainerAddValuesInput!

Example

Query

                          mutation addValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerAddValuesInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      addValues(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "ref": {"by": "NAME", "input": "Some Container"},
    "values": ["google.com", "amazon.com"]
  }
}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "addValues": {
          "container": {
            "__typename": "FqdnContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

createFromFile

Beta
Arguments
Name Description
input - CreateFqdnContainerFromFileInput!

Example

Query

                          mutation createFqdnContainerFromFile($accountId:ID!, $input:CreateFqdnContainerFromFileInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      createFromFile(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "name": "Some Container",
    "description": "Description of some container",
    "uploadFile": "A multipart file containing data"
  }
}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "createFromFile": {
          "container": {
            "__typename": "FqdnContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

removeValues

Beta
Arguments
Name Description
input - FqdnContainerRemoveValuesInput!

Example

Query

                          mutation removeValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerRemoveValuesInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      removeValues(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "ref": {"by": "NAME", "input": "Some Container"},
    "values": ["google.com", "amazon.com"]
  }
}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "removeValues": {
          "container": {
            "__typename": "FqdnContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

updateFromFile

Beta
Arguments
Name Description
input - UpdateFqdnContainerFromFileInput!

Example

Query

                          mutation updateFqdnContainerFromFile($accountId:ID!, $input:UpdateFqdnContainerFromFileInput!)  {
                              container(accountId: $accountId) {
                                  fqdn {
                                      updateFromFile(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "ref": {"by": "NAME", "input": "Some Container"},
    "description": "Description of some container",
    "uploadFile": null
  }
}
Response
{
  "data": {
    "container": {
      "fqdn": {
        "updateFromFile": {
          "container": {
            "__typename": "FqdnContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

IpAddressRangeContainerMutations

addValues

Beta
Arguments
Name Description
input - IpAddressRangeContainerAddValuesInput!

Example

Query

                          mutation addValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerAddValuesInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      addValues(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "ref": {"by": "NAME", "input": "Some Container"},
    "values": [
      {"from": "190.20.24.36", "to": "190.20.24.236"},
      {"from": "190.30.24.36", "to": "190.30.24.236"}
    ]
  }
}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "addValues": {
          "container": {
            "__typename": "IpAddressRangeContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

createFromFile

Beta

Example

Query

                          mutation createIpAddressRangeContainerFromFile($accountId:ID!, $input:CreateIpAddressRangeContainerFromFileInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      createFromFile(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "name": "Some Container",
    "description": "Description of some container",
    "uploadFile": "A multipart file containing data"
  }
}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "createFromFile": {
          "container": {
            "__typename": "IpAddressRangeContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

removeValues

Beta
Arguments
Name Description
input - IpAddressRangeContainerRemoveValuesInput!

Example

Query

                          mutation removeValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerRemoveValuesInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      removeValues(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "ref": {"by": "NAME", "input": "Some Container"},
    "values": [
      {"from": "190.20.24.36", "to": "190.20.24.236"},
      {"from": "190.30.24.36", "to": "190.30.24.236"}
    ]
  }
}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "removeValues": {
          "container": {
            "__typename": "IpAddressRangeContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

updateFromFile

Beta

Example

Query

                          mutation updateIpAddressRangeContainerFromFile($accountId:ID!, $input:UpdateIpAddressRangeContainerFromFileInput!)  {
                              container(accountId: $accountId) {
                                  ipAddressRange {
                                      updateFromFile(input: $input) {
                                          container {
                                              __typename
                                              id
                                              name
                                              description
                                              size
                                              audit {
                                                  createdBy
                                                  createdAt
                                                  lastModifiedBy
                                                  lastModifiedAt
                                              }
                                          }
                                      }
                                  }
                              }
                          }
                          
                          
Variables
{
  "accountId": 12345,
  "input": {
    "ref": {"by": "NAME", "input": "Some Container"},
    "description": "Description of some container",
    "uploadFile": null
  }
}
Response
{
  "data": {
    "container": {
      "ipAddressRange": {
        "updateFromFile": {
          "container": {
            "__typename": "IpAddressRangeContainer",
            "id": "1234567890",
            "name": "Some Container",
            "description": "Description of some container",
            "size": 100,
            "audit": {
              "createdBy": "some.admin@catonetworks.com",
              "createdAt": "2024-09-18T14:31:03Z",
              "lastModifiedBy": "some.admin@catonetworks.com",
              "lastModifiedAt": "2024-09-18T14:31:03Z"
            }
          }
        }
      }
    }
  }
}

InternetFirewallPolicyMutations

addRule

Beta
Description

Add a new rule to the Internet Firewall policy.

Arguments
Name Description
input - InternetFirewallAddRuleInput!

Example

Query

                        mutation AddRule($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    addRule(input: {
                                        rule: {
                                            enabled: true
                                            name: "Example Rule"
                                            description: "Example description"
                                            source: {
                                                ip: ["192.0.2.1", "198.51.100.1"]
                                                subnet: ["10.0.0.0/24"]
                                            }
                                            action: ALLOW
                                        },
                                        at: {
                                            position: LAST_IN_POLICY
                                        }
                                    }) {
                                        status
                                        rule {
                                            rule {
                                                id
                                                name
                                                description
                                                enabled
                                                source {
                                                    ip
                                                    subnet
                                                }
                                                action
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "addRule": {
          "status": "SUCCESS",
          "rule": {
            "rule": {
              "id": "106ee457-4406-4ea4-a163-36aa247de48f",
              "name": "Example Rule",
              "description": "Example description",
              "enabled": true,
              "source": {
                "ip": ["192.0.2.1", "198.51.100.1"],
                "subnet": ["10.0.0.0/24"]
              },
              "action": "ALLOW"
            }
          }
        }
      }
    }
  }
}

addSection

Beta
Description

Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyAddSectionInput!

Example

Query

                        mutation AddSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    addSection(input: {
                                        section: {
                                            name: "New section"
                                        },
                                        at: {
                                            position: LAST_IN_POLICY
                                        }
                                    }) {
                                        section {
                                            section {
                                                id
                                                name
                                            }
                                        }
                                        status
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "addSection": {
          "section": {
            "section": {
              "id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
              "name": "New section"
            }
          },
          "status": "SUCCESS"
        }
      }
    }
  }
}

createPolicyRevision

Beta
Description

Create the policy revision. Create a new empty policy revision.

Arguments
Name Description
input - PolicyCreateRevisionInput!

Example

Query

                        mutation CreatePolicyRevision($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    createPolicyRevision(input: {
                                        name: "Test Revision"
                                        description: "Test working with multiple revisions"
                                    }) {
                                        status
                                        policy {
                                            revision {
                                                description
                                                name
                                                id
                                                createdTime
                                                updatedTime
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "createPolicyRevision": {
          "status": "SUCCESS",
          "policy": {
            "revision": {
              "description": "Test working with multiple revisions",
              "name": "Test Revision",
              "id": "c15811b4-1e43-44ea-a132-6d1a73cb7f8d",
              "createdTime": "2024-07-18T21:49:58.116",
              "updatedTime": "2024-07-18T21:49:58.116"
            }
          }
        }
      }
    }
  }
}

discardPolicyRevision

Beta
Description

Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted.

Arguments
Name Description
input - PolicyDiscardRevisionInput

Example

Query

                        mutation DiscardPolicyRevision($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    discardPolicyRevision {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}
    }
  }
}

moveRule

Beta
Description

Change the relative location of an existing rule within the Internet Firewall policy.

Arguments
Name Description
input - PolicyMoveRuleInput!

Example

Query

                        mutation MoveRule($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    moveRule(input: {
                                        id: "106ee457-4406-4ea4-a163-36aa247de48f"
                                        to: {
                                            position: FIRST_IN_POLICY
                                        }
                                    }) {
                                        status
                                        rule {
                                            rule {
                                                index
                                                id
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "moveRule": {
          "status": "SUCCESS",
          "rule": {
            "rule": {"index": 1, "id": "106ee457-4406-4ea4-a163-36aa247de48f"}
          }
        }
      }
    }
  }
}

moveSection

Beta
Description

Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyMoveSectionInput!

Example

Query

                        mutation MoveSection($accountId:ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    moveSection(input: {
                                        id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
                                        to: {
                                            position: LAST_IN_POLICY
                                        }
                                    }) {
                                        status
                                        errors {
                                            errorMessage
                                            errorCode
                                        }
                                        section {
                                            properties
                                            section {
                                                id
                                                name
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "moveSection": {
          "status": "FAILURE",
          "errors": [
            {
              "errorMessage": "Section with system rules cannot be moved or removed",
              "errorCode": "sectionSystemMove"
            }
          ],
          "section": null
        }
      }
    }
  }
}

publishPolicyRevision

Beta
Description

Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins.

Arguments
Name Description
input - PolicyPublishRevisionInput

Example

Query

                        mutation PublishPolicy($accountId:ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    publishPolicyRevision(input: {
                                        name: "Ticket #1234"
                                        description : "Allow HR access to social websites"
                                    }) {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}
    }
  }
}

removeRule

Beta
Description

Remove an existing rule from the Internet Firewall policy.

Arguments
Name Description
input - InternetFirewallRemoveRuleInput!

Example

Query

                        mutation RemoveRule($accountId:ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    removeRule(input: {
                                        id: "106ee457-4406-4ea4-a163-36aa247de48f"
                                    }) {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {"internetFirewall": {"removeRule": {"status": "SUCCESS"}}}
  }
}

removeSection

Beta
Description

Delete an existing section. The first section in policy cannot be deleted.

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyRemoveSectionInput!

Example

Query

                        mutation RemoveSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    removeSection(input: {
                                        id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
                                    }) {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {"internetFirewall": {"removeSection": {"status": "FAILURE"}}}
  }
}

updatePolicy

Beta
Description

Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.

Arguments
Name Description
input - InternetFirewallPolicyUpdateInput!

Example

Query

                        mutation UpdatePolicyState($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    updatePolicy(input: {
                                        state: DISABLED
                                    }){
                                        status
                                        policy {
                                            enabled
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
      }
    }
  }
}

updateRule

Beta
Description

Update an existing rule of the Internet Firewall policy.

Arguments
Name Description
input - InternetFirewallUpdateRuleInput!

Example

Query

                        mutation UpdateRule($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    updateRule(input: {
                                        id: "106ee457-4406-4ea4-a163-36aa247de48f"
                                        rule: {
                                            name: "Updated rule name"
                                            source: {
                                                ip: ["192.0.2.2"]
                                            }
                                        }
                                    }) {
                                        status
                                        rule {
                                            rule {
                                                id
                                                name
                                                description
                                                source {
                                                    ip
                                                    subnet
                                                }
                                                action
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "updateRule": {
          "status": "SUCCESS",
          "rule": {
            "rule": {
              "id": "106ee457-4406-4ea4-a163-36aa247de48f",
              "name": "Updated rule name",
              "description": "Example description",
              "source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
              "action": "ALLOW"
            }
          }
        }
      }
    }
  }
}

updateSection

Beta
Description

Update policy section attributes

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyUpdateSectionInput!

Example

Query

                        mutation UpdateSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                internetFirewall {
                                    updateSection(input: {
                                        id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
                                        section: {
                                            name: "Updated section name"
                                        }
                                    }) {
                                        status
                                        section {
                                            section {
                                                id
                                                name
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "internetFirewall": {
        "updateSection": {
          "status": "SUCCESS",
          "section": {
            "section": {
              "id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
              "name": "Updated section name"
            }
          }
        }
      }
    }
  }
}

SiteMutations

addIpsecIkeV2Site

Beta
Response

Returns an AddIpsecIkeV2SitePayload

Arguments
Name Description
input - AddIpsecIkeV2SiteInput!

Example

Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
  sites(accountId:$accountId) {
    addIpsecIkeV2Site(input:$input) {
      siteId
    }
  }
}
Variables
{
  "accountId": 123,
  "input": {
    "name": "New Site",
    "siteType": "DATACENTER",
    "description": "Data warehouse",
    "nativeNetworkRange": "123.0.0.0/24",
    "siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
  }
}
Response
{"data": {"sites": {"addIpsecIkeV2Site": {"siteId": "456"}}}}

addIpsecIkeV2SiteTunnels

Beta
Response

Returns an AddIpsecIkeV2SiteTunnelsPayload

Arguments
Name Description
siteId - ID!
input - AddIpsecIkeV2SiteTunnelsInput!

Example

Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
  sites(accountId: $accountId) {
    addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "primary": {
      "destinationType": "IPv4",
      "publicCatoIpId": 1000,
      "tunnels": {
        "publicSiteIp": "10.10.10.1",
        "privateCatoIp": "1.1.1.12",
        "privateSiteIp": "1.1.1.13",
        "lastMileBw": {"downstream": 100, "upstream": 100},
        "psk": "TEst123456789"
      }
    },
    "secondary": {
      "destinationType": "FQDN",
      "tunnels": {
        "publicSiteIp": "20.20.20.1",
        "lastMileBw": {"downstream": 200, "upstream": 200},
        "psk": "TEst123456789"
      }
    }
  }
}
Response
{"data": {"sites": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}

addNetworkRange

Response

Returns an AddNetworkRangePayload

Arguments
Name Description
lanSocketInterfaceId - ID!
input - AddNetworkRangeInput!

Example

Query
mutation addNetworkRange(
  $accountId:ID!,
  $lanSocketInterfaceId: ID!,
  $input:AddNetworkRangeInput!
) {
  sites(accountId:$accountId){
    addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
      networkRangeId
    }
  }
}
Variables
{
  "accountId": "123",
  "lanSocketInterfaceId": "456",
  "input": {
    "name": "Printers",
    "rangeType": "Routed",
    "subnet": "123.0.1.0/30",
    "gateway": "123.0.0.2"
  }
}
Response
{"data": {"sites": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}

addSocketSite

Response

Returns an AddSocketSitePayload

Arguments
Name Description
input - AddSocketSiteInput!

Example

Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
  sites(accountId:$accountId) {
    addSocketSite(input:$input) {
      siteId
    }
  }
}
Variables
{
  "accountId": 123,
  "input": {
    "name": "New Site",
    "connectionType": "SOCKET_X1700",
    "siteType": "DATACENTER",
    "description": "Data warehouse",
    "nativeNetworkRange": "123.0.0.0/24",
    "siteLocation": {
      "countryCode": "IL",
      "timezone": "Asia/Jerusalem",
      "city": "Asheklon"
    }
  }
}
Response
{"data": {"sites": {"addSocketSite": {"siteId": "456"}}}}

addStaticHost

Response

Returns an AddStaticHostPayload

Arguments
Name Description
siteId - ID!
input - AddStaticHostInput!

Example

Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
  sites(accountId:$accountId){
    addStaticHost(siteId:$siteId, input:$input){
      hostId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"sites": {"addStaticHost": {"hostId": "789"}}}}

removeNetworkRange

Response

Returns a RemoveNetworkRangePayload

Arguments
Name Description
networkRangeId - ID!

Example

Query
mutation removeNetworkRange(
  $accountId:ID!,
  $networkRangeId: ID!,
) {
  sites(accountId:$accountId){
    removeNetworkRange(networkRangeId:$networkRangeId){
      networkRangeId
    }
  }
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"sites": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}

removeSite

Response

Returns a RemoveSitePayload

Arguments
Name Description
siteId - ID!

Example

Query
mutation removeSite($accountId:ID!, $siteId:ID!){
  sites(accountId:$accountId) {
    removeSite(siteId:$siteId) {
      siteId
    }
  }
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"sites": {"removeSite": {"siteId": "456"}}}}

removeStaticHost

Response

Returns a RemoveStaticHostPayload

Arguments
Name Description
hostId - ID!

Example

Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
  sites(accountId:$accountId){
    removeStaticHost(hostId:$hostId){
      hostId
    }
  }
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"sites": {"removeStaticHost": {"hostId": "789"}}}}

updateHa

Response

Returns an UpdateHaPayload

Arguments
Name Description
siteId - ID!
input - UpdateHaInput!

Example

Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
  sites(accountId:$accountId){
    updateHa(siteId:$siteId, input:$input){
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "primaryManagementIp": "123.0.0.231",
    "secondaryManagementIp": "123.0.0.232",
    "vrid": 123
  }
}
Response
{"data": {"sites": {"updateHa": {"siteId": "456"}}}}

updateIpsecIkeV2SiteGeneralDetails

Beta
Arguments
Name Description
siteId - ID!
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!

Example

Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
  sites(accountId: $accountId) {
    updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "connectionMode": "RESPONDER_ONLY",
    "identificationType": "FQDN",
    "initMessage": {
      "cipher": "AUTOMATIC",
      "dhGroup": "DH_15_MODP3072",
      "integrity": "SHA256",
      "prf": "SHA256"
    },
    "authMessage": {
      "cipher": "AES_GCM_256",
      "dhGroup": "DH_16_MODP4096",
      "integrity": "AUTOMATIC"
    },
    "networkRanges": "Service1:100.100.100.0/24"
  }
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}

updateIpsecIkeV2SiteTunnels

Beta
Arguments
Name Description
siteId - ID!
input - UpdateIpsecIkeV2SiteTunnelsInput!

Example

Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
  sites(accountId: $accountId) {
    updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "primary": {
      "destinationType": "IPv4",
      "publicCatoIpId": 1000,
      "tunnels": {
        "tunnelId": "PRIMARY1",
        "lastMileBw": {"downstream": 100, "upstream": 100},
        "psk": "TEst123456789"
      }
    },
    "secondary": {
      "destinationType": "FQDN",
      "tunnels": {
        "tunnelId": "SECONDARY1",
        "publicSiteIp": "20.20.20.2",
        "lastMileBw": {"downstream": 200, "upstream": 200},
        "psk": "TEst123456789"
      }
    }
  }
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}

updateNetworkRange

Response

Returns an UpdateNetworkRangePayload

Arguments
Name Description
networkRangeId - ID!
input - UpdateNetworkRangeInput!

Example

Query
mutation updateNetworkRange(
  $accountId:ID!,
  $networkRangeId: ID!,
  $input:UpdateNetworkRangeInput!
) {
  sites(accountId:$accountId){
    updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
      networkRangeId
    }
  }
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"sites": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}

updateSiteGeneralDetails

Response

Returns an UpdateSiteGeneralDetailsPayload

Arguments
Name Description
siteId - ID!
input - UpdateSiteGeneralDetailsInput!

Example

Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
  sites(accountId: $accountId){
    updateSiteGeneralDetails(siteId:$siteId, input:$input) {
      siteId
    }
  }
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"sites": {"updateSiteGeneralDetails": {"siteId": "456"}}}}

updateSocketInterface

Response

Returns an UpdateSocketInterfacePayload

Arguments
Name Description
siteId - ID!
socketInterfaceId - SocketInterfaceIDEnum!
input - UpdateSocketInterfaceInput!

Example

Query
mutation updateSocketInterface(
  $accountId:ID!,
  $siteId: ID!,
  $socketInterfaceId: SocketInterfaceIDEnum!,
  $input:UpdateSocketInterfaceInput!
) {
  sites(accountId:$accountId){
    updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
      siteId
      socketInterfaceId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "socketInterfaceId": "INT_1",
  "input": {
    "destType": "CATO",
    "bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
  }
}
Response
{
  "data": {
    "sites": {
      "updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
    }
  }
}

updateStaticHost

Response

Returns an UpdateStaticHostPayload

Arguments
Name Description
hostId - ID!
input - UpdateStaticHostInput!

Example

Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
  sites(accountId:$accountId){
    updateStaticHost(hostId:$hostId, input:$input){
      hostId
    }
  }
}
Variables
{
  "accountId": "123",
  "hostId": "789",
  "input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"sites": {"updateStaticHost": {"hostId": "789"}}}}

SiteMutations

addIpsecIkeV2Site

Beta
Response

Returns an AddIpsecIkeV2SitePayload

Arguments
Name Description
input - AddIpsecIkeV2SiteInput!

Example

Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
  sites(accountId:$accountId) {
    addIpsecIkeV2Site(input:$input) {
      siteId
    }
  }
}
Variables
{
  "accountId": 123,
  "input": {
    "name": "New Site",
    "siteType": "DATACENTER",
    "description": "Data warehouse",
    "nativeNetworkRange": "123.0.0.0/24",
    "siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
  }
}
Response
{"data": {"sites": {"addIpsecIkeV2Site": {"siteId": "456"}}}}

addIpsecIkeV2SiteTunnels

Beta
Response

Returns an AddIpsecIkeV2SiteTunnelsPayload

Arguments
Name Description
siteId - ID!
input - AddIpsecIkeV2SiteTunnelsInput!

Example

Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
  sites(accountId: $accountId) {
    addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "primary": {
      "destinationType": "IPv4",
      "publicCatoIpId": 1000,
      "tunnels": {
        "publicSiteIp": "10.10.10.1",
        "privateCatoIp": "1.1.1.12",
        "privateSiteIp": "1.1.1.13",
        "lastMileBw": {"downstream": 100, "upstream": 100},
        "psk": "TEst123456789"
      }
    },
    "secondary": {
      "destinationType": "FQDN",
      "tunnels": {
        "publicSiteIp": "20.20.20.1",
        "lastMileBw": {"downstream": 200, "upstream": 200},
        "psk": "TEst123456789"
      }
    }
  }
}
Response
{"data": {"sites": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}

addNetworkRange

Response

Returns an AddNetworkRangePayload

Arguments
Name Description
lanSocketInterfaceId - ID!
input - AddNetworkRangeInput!

Example

Query
mutation addNetworkRange(
  $accountId:ID!,
  $lanSocketInterfaceId: ID!,
  $input:AddNetworkRangeInput!
) {
  sites(accountId:$accountId){
    addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
      networkRangeId
    }
  }
}
Variables
{
  "accountId": "123",
  "lanSocketInterfaceId": "456",
  "input": {
    "name": "Printers",
    "rangeType": "Routed",
    "subnet": "123.0.1.0/30",
    "gateway": "123.0.0.2"
  }
}
Response
{"data": {"sites": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}

addSocketSite

Response

Returns an AddSocketSitePayload

Arguments
Name Description
input - AddSocketSiteInput!

Example

Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
  sites(accountId:$accountId) {
    addSocketSite(input:$input) {
      siteId
    }
  }
}
Variables
{
  "accountId": 123,
  "input": {
    "name": "New Site",
    "connectionType": "SOCKET_X1700",
    "siteType": "DATACENTER",
    "description": "Data warehouse",
    "nativeNetworkRange": "123.0.0.0/24",
    "siteLocation": {
      "countryCode": "IL",
      "timezone": "Asia/Jerusalem",
      "city": "Asheklon"
    }
  }
}
Response
{"data": {"sites": {"addSocketSite": {"siteId": "456"}}}}

addStaticHost

Response

Returns an AddStaticHostPayload

Arguments
Name Description
siteId - ID!
input - AddStaticHostInput!

Example

Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
  sites(accountId:$accountId){
    addStaticHost(siteId:$siteId, input:$input){
      hostId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"sites": {"addStaticHost": {"hostId": "789"}}}}

removeNetworkRange

Response

Returns a RemoveNetworkRangePayload

Arguments
Name Description
networkRangeId - ID!

Example

Query
mutation removeNetworkRange(
  $accountId:ID!,
  $networkRangeId: ID!,
) {
  sites(accountId:$accountId){
    removeNetworkRange(networkRangeId:$networkRangeId){
      networkRangeId
    }
  }
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"sites": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}

removeSite

Response

Returns a RemoveSitePayload

Arguments
Name Description
siteId - ID!

Example

Query
mutation removeSite($accountId:ID!, $siteId:ID!){
  sites(accountId:$accountId) {
    removeSite(siteId:$siteId) {
      siteId
    }
  }
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"sites": {"removeSite": {"siteId": "456"}}}}

removeStaticHost

Response

Returns a RemoveStaticHostPayload

Arguments
Name Description
hostId - ID!

Example

Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
  sites(accountId:$accountId){
    removeStaticHost(hostId:$hostId){
      hostId
    }
  }
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"sites": {"removeStaticHost": {"hostId": "789"}}}}

updateHa

Response

Returns an UpdateHaPayload

Arguments
Name Description
siteId - ID!
input - UpdateHaInput!

Example

Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
  sites(accountId:$accountId){
    updateHa(siteId:$siteId, input:$input){
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "primaryManagementIp": "123.0.0.231",
    "secondaryManagementIp": "123.0.0.232",
    "vrid": 123
  }
}
Response
{"data": {"sites": {"updateHa": {"siteId": "456"}}}}

updateIpsecIkeV2SiteGeneralDetails

Beta
Arguments
Name Description
siteId - ID!
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!

Example

Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
  sites(accountId: $accountId) {
    updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "connectionMode": "RESPONDER_ONLY",
    "identificationType": "FQDN",
    "initMessage": {
      "cipher": "AUTOMATIC",
      "dhGroup": "DH_15_MODP3072",
      "integrity": "SHA256",
      "prf": "SHA256"
    },
    "authMessage": {
      "cipher": "AES_GCM_256",
      "dhGroup": "DH_16_MODP4096",
      "integrity": "AUTOMATIC"
    },
    "networkRanges": "Service1:100.100.100.0/24"
  }
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}

updateIpsecIkeV2SiteTunnels

Beta
Arguments
Name Description
siteId - ID!
input - UpdateIpsecIkeV2SiteTunnelsInput!

Example

Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
  sites(accountId: $accountId) {
    updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
      siteId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "input": {
    "primary": {
      "destinationType": "IPv4",
      "publicCatoIpId": 1000,
      "tunnels": {
        "tunnelId": "PRIMARY1",
        "lastMileBw": {"downstream": 100, "upstream": 100},
        "psk": "TEst123456789"
      }
    },
    "secondary": {
      "destinationType": "FQDN",
      "tunnels": {
        "tunnelId": "SECONDARY1",
        "publicSiteIp": "20.20.20.2",
        "lastMileBw": {"downstream": 200, "upstream": 200},
        "psk": "TEst123456789"
      }
    }
  }
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}

updateNetworkRange

Response

Returns an UpdateNetworkRangePayload

Arguments
Name Description
networkRangeId - ID!
input - UpdateNetworkRangeInput!

Example

Query
mutation updateNetworkRange(
  $accountId:ID!,
  $networkRangeId: ID!,
  $input:UpdateNetworkRangeInput!
) {
  sites(accountId:$accountId){
    updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
      networkRangeId
    }
  }
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"sites": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}

updateSiteGeneralDetails

Response

Returns an UpdateSiteGeneralDetailsPayload

Arguments
Name Description
siteId - ID!
input - UpdateSiteGeneralDetailsInput!

Example

Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
  sites(accountId: $accountId){
    updateSiteGeneralDetails(siteId:$siteId, input:$input) {
      siteId
    }
  }
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"sites": {"updateSiteGeneralDetails": {"siteId": "456"}}}}

updateSocketInterface

Response

Returns an UpdateSocketInterfacePayload

Arguments
Name Description
siteId - ID!
socketInterfaceId - SocketInterfaceIDEnum!
input - UpdateSocketInterfaceInput!

Example

Query
mutation updateSocketInterface(
  $accountId:ID!,
  $siteId: ID!,
  $socketInterfaceId: SocketInterfaceIDEnum!,
  $input:UpdateSocketInterfaceInput!
) {
  sites(accountId:$accountId){
    updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
      siteId
      socketInterfaceId
    }
  }
}
Variables
{
  "accountId": "123",
  "siteId": "456",
  "socketInterfaceId": "INT_1",
  "input": {
    "destType": "CATO",
    "bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
  }
}
Response
{
  "data": {
    "sites": {
      "updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
    }
  }
}

updateStaticHost

Response

Returns an UpdateStaticHostPayload

Arguments
Name Description
hostId - ID!
input - UpdateStaticHostInput!

Example

Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
  sites(accountId:$accountId){
    updateStaticHost(hostId:$hostId, input:$input){
      hostId
    }
  }
}
Variables
{
  "accountId": "123",
  "hostId": "789",
  "input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"sites": {"updateStaticHost": {"hostId": "789"}}}}

WanFirewallPolicyMutations

addRule

Beta
Description

Add a new rule to the Wan Firewall policy.

Response

Returns a WanFirewallRuleMutationPayload!

Arguments
Name Description
input - WanFirewallAddRuleInput!

Example

Query

                            mutation AddWanFirewallRule($accountId: ID!) {
                                policy(accountId: $accountId) {
                                    wanFirewall {
                                        addRule(input: {
                                            rule: {
                                                enabled: true,
                                                name: "WAN Example Rule",
                                                description: "WAN Example description",
                                                source: {
                                                    ip: ["192.0.2.1", "198.51.100.1"],
                                                    subnet: ["10.0.0.0/24"]
                                                },
                                                destination: {
                                                    ip: ["203.0.113.1"],
                                                    subnet: ["172.16.0.0/24"]
                                                },
                                                action: BLOCK,
                                                direction: TO
                                            },
                                            at: {
                                                position: LAST_IN_POLICY
                                            }
                                        }) {
                                            status
                                            rule {
                                                rule {
                                                    id
                                                    name
                                                    description
                                                    enabled
                                                    source {
                                                        ip
                                                        subnet
                                                    }
                                                    destination {
                                                        ip
                                                        subnet
                                                    }
                                                    action
                                                    direction
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "addRule": {
          "status": "SUCCESS",
          "rule": {
            "rule": {
              "id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
              "name": "WAN Example Rule",
              "description": "WAN Example description",
              "enabled": true,
              "source": {
                "ip": ["192.0.2.1", "198.51.100.1"],
                "subnet": ["10.0.0.0/24"]
              },
              "destination": {
                "ip": ["203.0.113.1"],
                "subnet": ["172.16.0.0/24"]
              },
              "action": "BLOCK",
              "direction": "TO"
            }
          }
        }
      }
    }
  }
}

addSection

Beta
Description

Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyAddSectionInput!

Example

Query

                        mutation AddWanFirewallSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    addSection(input: {
                                        section: {
                                            name: "My new section"
                                        },
                                        at: {
                                            position: LAST_IN_POLICY
                                        }
                                    }) {
                                        section {
                                            section {
                                                id
                                                name
                                            }
                                        }
                                        status
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "addSection": {
          "section": {
            "section": {
              "id": "3b01b175-0098-45ea-a503-707463d01781",
              "name": "My new section"
            }
          },
          "status": "SUCCESS"
        }
      }
    }
  }
}

createPolicyRevision

Beta
Arguments
Name Description
input - PolicyCreateRevisionInput!

Example

Query

                        mutation CreateWanFirewallRevision($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    createPolicyRevision(input: {
                                        name: "WAN Test Revision",
                                            description: "Testing working with multiple WAN firewall revisions"
                                    }) {
                                        status
                                        policy {
                                            revision {
                                                description
                                                name
                                                id
                                                createdTime
                                                updatedTime
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "createPolicyRevision": {
          "status": "SUCCESS",
          "policy": {
            "revision": {
              "description": "Testing working with multiple WAN firewall revisions",
              "name": "WAN Test Revision",
              "id": "6a496eda-b7c1-455e-820e-e839a0dcd2c0",
              "createdTime": "2024-09-10T09:21:37.208",
              "updatedTime": "2024-09-10T09:21:37.208"
            }
          }
        }
      }
    }
  }
}

discardPolicyRevision

Beta
Arguments
Name Description
input - PolicyDiscardRevisionInput

Example

Query

                        mutation DiscardWanFirewallPolicy($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    discardPolicyRevision {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {"wanFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}}
  }
}

moveRule

Beta
Description

Change the relative location of an existing rule within the Wan Firewall policy.

Response

Returns a WanFirewallRuleMutationPayload!

Arguments
Name Description
input - PolicyMoveRuleInput!

Example

Query

                        mutation MoveWanFirewallRule($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    moveRule(input: {
                                        id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
                                            to: {
                                            position: FIRST_IN_POLICY
                                        }
                                    }) {
                                        status
                                        rule {
                                            rule {
                                                id
                                                section {
                                                    id
                                                    name
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "moveRule": {
          "status": "SUCCESS",
          "rule": {
            "rule": {
              "id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
              "section": {"id": "363808", "name": "Example Wan Section"}
            }
          }
        }
      }
    }
  }
}

moveSection

Beta
Description

Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyMoveSectionInput!

Example

Query

                        mutation MoveSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    moveSection(input: {
                                        id: "3b01b175-0098-45ea-a503-707463d01781"
                                        to: {
                                            position: LAST_IN_POLICY
                                        }
                                    }) {
                                        status
                                        section {
                                            properties
                                            section {
                                                id
                                                name
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "moveSection": {
          "status": "SUCCESS",
          "section": {
            "properties": ["MOVED"],
            "section": {
              "id": "3b01b175-0098-45ea-a503-707463d01781",
              "name": "My new section"
            }
          }
        }
      }
    }
  }
}

publishPolicyRevision

Beta
Arguments
Name Description
input - PolicyPublishRevisionInput

Example

Query

                        # PublishWanFirewallPolicy.graphql
                        mutation PublishWanFirewallPolicy($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    publishPolicyRevision(input: {
                                        name: "Ticket #456",
                                            description: "Update access rules for remote offices"
                                    }) {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {"wanFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}}
  }
}

removeRule

Beta
Description

Remove an existing rule from the Wan Firewall policy.

Response

Returns a WanFirewallRuleMutationPayload!

Arguments
Name Description
input - WanFirewallRemoveRuleInput!

Example

Query

                        mutation RemoveWanFirewallRule($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    removeRule(input: {
                                        id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe"
                                    }) {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeRule": {"status": "SUCCESS"}}}}}

removeSection

Beta
Description

Delete an existing section. The first section in policy cannot be deleted.

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyRemoveSectionInput!

Example

Query

                        mutation RemoveWanFirewallSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    removeSection(input: {
                                        id: "3b01b175-0098-45ea-a503-707463d01781"
                                    }) {
                                        status
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeSection": {"status": "SUCCESS"}}}}}

updatePolicy

Beta
Description

Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.

Arguments
Name Description
input - WanFirewallPolicyUpdateInput!

Example

Query

                        mutation UpdateWanFirewallPolicyState($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    updatePolicy(input: {
                                        state: DISABLED
                                    }) {
                                        status
                                        policy {
                                            enabled
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
      }
    }
  }
}

updateRule

Beta
Description

Update an existing rule of the Wan Firewall policy.

Response

Returns a WanFirewallRuleMutationPayload!

Arguments
Name Description
input - WanFirewallUpdateRuleInput!

Example

Query

                        mutation UpdateWanFirewallRule($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    updateRule(input: {
                                        id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
                                            rule: {
                                            enabled: true,
                                                name: "Updated WAN Rule",
                                                description: "Updated WAN description",
                                                source: {
                                                ip: ["192.0.2.2"]
                                            },
                                            destination: {
                                                subnet: ["172.16.0.0/16"]
                                            },
                                            action: ALLOW,
                                                direction: BOTH
                                        }
                                    }) {
                                        status
                                        rule {
                                            rule {
                                                id
                                                name
                                                description
                                                enabled
                                                source {
                                                    ip
                                                    subnet
                                                }
                                                destination {
                                                    ip
                                                    subnet
                                                }
                                                action
                                                direction
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "updateRule": {
          "status": "SUCCESS",
          "rule": {
            "rule": {
              "id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
              "name": "Updated WAN Rule",
              "description": "Updated WAN description",
              "enabled": true,
              "source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
              "destination": {
                "ip": ["203.0.113.1"],
                "subnet": ["172.16.0.0/16"]
              },
              "action": "ALLOW",
              "direction": "BOTH"
            }
          }
        }
      }
    }
  }
}

updateSection

Beta
Description

Update policy section attributes

Response

Returns a PolicySectionMutationPayload!

Arguments
Name Description
input - PolicyUpdateSectionInput!

Example

Query

                        mutation UpdateWanFirewallSection($accountId: ID!) {
                            policy(accountId: $accountId) {
                                wanFirewall {
                                    updateSection(input: {
                                        id: "3b01b175-0098-45ea-a503-707463d01781",
                                        section: {
                                            name: "updated WAN section name"
                                        }
                                    }) {
                                        status
                                        section {
                                            section {
                                                id
                                                name
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        
                        
                        
Variables
{"accountId": 12345}
Response
{
  "data": {
    "policy": {
      "wanFirewall": {
        "updateSection": {
          "status": "SUCCESS",
          "section": {
            "section": {
              "id": "3b01b175-0098-45ea-a503-707463d01781",
              "name": "My new section"
            }
          }
        }
      }
    }
  }
}

Types

AccountDataPayload

Fields
Field Name Description
id - ID!
name - String!
subdomain - String!
Example
{
  "id": 4,
  "name": "abc123",
  "subdomain": "xyz789"
}

AccountIdPredicate

Beta
Fields
Input Field Description
in - [ID!]
not_in - [ID!]
Example
{"in": ["4"], "not_in": [4]}

AccountMetrics

Fields
Field Name Description
from - DateTime Starting time
granularity - Int The size of a single time bucket in seconds
id - ID Unique Identifier of Account.
sites - [SiteMetrics!] Site connectivity metrics for the requested sites.
Arguments
siteIDs - [ID!]

A list of unique IDs for each site. If specified, only sites in this list are returned. Otherwise, all sites are returned.

timeseries - [Timeseries!]
Arguments
buckets - Int

number of buckets, defaults to 10, max 1000

to - DateTime Ending time
users - [SiteMetrics!] Connectivity metrics for the requested users connecting remotely with the Client. Doesn’t include user traffic behind a site.
Arguments
userIDs - [ID!]

A list of unique IDs for each user. If specified, only users in this list are returned. Otherwise, no user metrics are returned.

Example
{
  "from": "2007-12-03T10:15:30Z",
  "granularity": 987,
  "id": "4",
  "sites": [SiteMetrics],
  "timeseries": [Timeseries],
  "to": "2007-12-03T10:15:30Z",
  "users": [SiteMetrics]
}

AccountRef

Beta
Fields
Field Name Description
id - ID!
name - String!
Example
{"id": 4, "name": "abc123"}

AccountRolesResult

Fields
Field Name Description
items - [RBACRole!]!
total - Int!
Example
{"items": [RBACRole], "total": 987}

AccountSnapshot

Fields
Field Name Description
id - ID Unique Identifier of Account
sites - [SiteSnapshot!] Sites includes information about online as well as offline sites
Arguments
siteIDs - [ID!]

List of Unique Site Identifiers. If specified, only sites in list will be returned

timestamp - DateTime
users - [UserSnapshot!] VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested
Arguments
userIDs - [ID!]

request specific IDs, regardless of if connected or not

Example
{
  "id": 4,
  "sites": [SiteSnapshot],
  "timestamp": "2007-12-03T10:15:30Z",
  "users": [UserSnapshot]
}

AccountType

Values
Enum Value Description

ALL

REGULAR

RESELLER

SYSTEM

Example
"ALL"

Activity

Fields
Field Name Description
id - ID!
resourceId - ID!
parentResourceId - ID!
Possible Types
Activity Types

MicrosoftActivity

CatoActivity

Example
{"id": 4, "resourceId": 4, "parentResourceId": 4}

AddAdminInput

Fields
Input Field Description
email - String!
firstName - String!
lastName - String!
managedRoles - [UpdateAdminRoleInput!]
mfaEnabled - Boolean!
passwordNeverExpires - Boolean!
resellerRoles - [UpdateAdminRoleInput!]
Example
{
  "email": "xyz789",
  "firstName": "xyz789",
  "lastName": "xyz789",
  "managedRoles": [UpdateAdminRoleInput],
  "mfaEnabled": true,
  "passwordNeverExpires": true,
  "resellerRoles": [UpdateAdminRoleInput]
}

AddAdminPayload

Fields
Field Name Description
adminID - ID!
Example
{"adminID": 4}

AddIpsecIkeV2SiteInput

Beta
Fields
Input Field Description
description - String
name - String! The name of the site
nativeNetworkRange - IPSubnet! The native range of the site
siteLocation - AddSiteLocationInput! The location of the site
siteType - SiteType! Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER.
Default
BRANCH
Example
{
  "description": "xyz789",
  "name": "xyz789",
  "nativeNetworkRange": IPSubnet,
  "siteLocation": AddSiteLocationInput,
  "siteType": "BRANCH"
}

AddIpsecIkeV2SiteMultiTunnelPayload

Beta
Fields
Field Name Description
fqdn - Fqdn Cato’s FQDN for the multi-tunnel
tunnels - [AddIpsecIkeV2SiteTunnelPayload!]!
Example
{
  "fqdn": Fqdn,
  "tunnels": [AddIpsecIkeV2SiteTunnelPayload]
}

AddIpsecIkeV2SitePayload

Beta
Fields
Field Name Description
siteId - ID! The ID of the site
Example
{"siteId": 4}

AddIpsecIkeV2SiteTunnelPayload

Beta
Fields
Field Name Description
localId - String The local ID for the tunnel
tunnelId - IPSecV2InterfaceId The ID of the tunnel
Example
{
  "localId": "abc123",
  "tunnelId": "PRIMARY1"
}

AddIpsecIkeV2SiteTunnelsInput

Beta
Fields
Input Field Description
primary - AddIpsecIkeV2TunnelsInput The configuration of the site’s primary tunnel
secondary - AddIpsecIkeV2TunnelsInput The configuration of the site’s secondary tunnel
Example
{
  "primary": AddIpsecIkeV2TunnelsInput,
  "secondary": AddIpsecIkeV2TunnelsInput
}

AddIpsecIkeV2SiteTunnelsPayload

Beta
Fields
Field Name Description
primary - AddIpsecIkeV2SiteMultiTunnelPayload Cato’s FQDN for the primary tunnel
secondary - AddIpsecIkeV2SiteMultiTunnelPayload Cato’s FQDN for the secondary tunnel
siteId - ID! The ID of the site
Example
{
  "primary": AddIpsecIkeV2SiteMultiTunnelPayload,
  "secondary": AddIpsecIkeV2SiteMultiTunnelPayload,
  "siteId": 4
}

AddIpsecIkeV2TunnelInput

Beta
Fields
Input Field Description
lastMileBw - LastMileBwInput The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below
privateCatoIp - IPAddress Cato’s private IP, used for BGP routing. Applicable for sites using BGP only
privateSiteIp - IPAddress Site private IP, used for BGP routing. Applicable for sites using BGP only
psk - String! Pre-shared key. This field is write-only.
publicSiteIp - IPAddress The public IP address where the IPsec tunnel is initiated
Example
{
  "lastMileBw": LastMileBwInput,
  "privateCatoIp": IPAddress,
  "privateSiteIp": IPAddress,
  "psk": "abc123",
  "publicSiteIp": IPAddress
}

AddIpsecIkeV2TunnelsInput

Beta
Fields
Input Field Description
destinationType - DestinationType The destination type of the IPsec tunnel
popLocationId - ID The PoP location ID
publicCatoIpId - ID The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud
tunnels - [AddIpsecIkeV2TunnelInput!]!
Example
{
  "destinationType": "FQDN",
  "popLocationId": "4",
  "publicCatoIpId": "4",
  "tunnels": [AddIpsecIkeV2TunnelInput]
}

AddNetworkRangeInput

Fields
Input Field Description
azureFloatingIp - IPAddress Only relevant for AZURE HA sites
dhcpSettings - NetworkDhcpSettingsInput Only relevant for NATIVE, VLAN rangeType
gateway - IPAddress Only relevant for ROUTED_ROUTE rangeType
localIp - IPAddress Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType
mdnsReflector - Boolean BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType
name - String!
rangeType - SubnetType!
subnet - IPSubnet!
translatedSubnet - IPSubnet
vlan - Int Only relevant for VLAN network rangeType
Example
{
  "azureFloatingIp": IPAddress,
  "dhcpSettings": NetworkDhcpSettingsInput,
  "gateway": IPAddress,
  "localIp": IPAddress,
  "mdnsReflector": true,
  "name": "abc123",
  "rangeType": "Direct",
  "subnet": IPSubnet,
  "translatedSubnet": IPSubnet,
  "vlan": 987
}

AddNetworkRangePayload

Fields
Field Name Description
networkRangeId - ID!
Example
{"networkRangeId": 4}

AddSiteLocationInput

Fields
Input Field Description
address - String optional address
city - String city name, must belong to the country or country and state
countryCode - String! country code
stateCode - String optional state code
timezone - String! time zone
Example
{
  "address": "xyz789",
  "city": "xyz789",
  "countryCode": "abc123",
  "stateCode": "xyz789",
  "timezone": "xyz789"
}

AddSocketSiteInput

Fields
Input Field Description
connectionType - SiteConnectionTypeEnum!
description - String
name - String!
nativeNetworkRange - IPSubnet!
siteLocation - AddSiteLocationInput!
siteType - SiteType!
translatedSubnet - IPSubnet
Example
{
  "connectionType": "SOCKET_AWS1500",
  "description": "abc123",
  "name": "abc123",
  "nativeNetworkRange": IPSubnet,
  "siteLocation": AddSiteLocationInput,
  "siteType": "BRANCH",
  "translatedSubnet": IPSubnet
}

AddSocketSitePayload

Fields
Field Name Description
siteId - ID!
Example
{"siteId": "4"}

AddStaticHostInput

Fields
Input Field Description
ip - IPAddress!
macAddress - String
name - String!
Example
{
  "ip": IPAddress,
  "macAddress": "xyz789",
  "name": "abc123"
}

AddStaticHostPayload

Fields
Field Name Description
hostId - ID!
Example
{"hostId": 4}

Admin

Description

A CC2 administrator

Fields
Field Name Description
allowedItems - [Entity!]
creationDate - DateTime
email - String
firstName - String
id - ID!
lastName - String
managedRoles - [AdminRole!]
mfaEnabled - Boolean
modifyDate - DateTime
nativeAccountID - ID
passwordNeverExpires - Boolean
presentUsageAndEvents - Boolean
resellerRoles - [AdminRole!]
role - UserRole
status - OperationalStatus
version - String!
Example
{
  "allowedItems": [Entity],
  "creationDate": "2007-12-03T10:15:30Z",
  "email": "xyz789",
  "firstName": "abc123",
  "id": 4,
  "lastName": "abc123",
  "managedRoles": [AdminRole],
  "mfaEnabled": true,
  "modifyDate": "2007-12-03T10:15:30Z",
  "nativeAccountID": "4",
  "passwordNeverExpires": true,
  "presentUsageAndEvents": false,
  "resellerRoles": [AdminRole],
  "role": "EDITOR",
  "status": "active",
  "version": "abc123"
}

AdminRole

Fields
Field Name Description
allowedAccounts - [ID!]
allowedEntities - [Entity!]
role - RBACRole!
Example
{
  "allowedAccounts": [4],
  "allowedEntities": [Entity],
  "role": RBACRole
}

AdminsResult

Fields
Field Name Description
items - [Admin!]!
total - Int!
Example
{"items": [Admin], "total": 987}

AggregationType

Values
Enum Value Description

any

avg

changes

count

count_distinct

distinct

max

min

sum

uniq_set

Example
"any"

AlertClassificationEnum

Values
Enum Value Description

FALSE_POSITIVE

INFORMATIONAL_EXPECTED_ACTIVITY

TRUE_POSITIVE

Example
"FALSE_POSITIVE"

AlertDeterminationEnum

Values
Enum Value Description

APT

COMPROMISED_ACCOUNT

CONFIRMED_ACTIVITY

LINE_OF_BUSINESS_APPLICATION

MALICIOUS_USER_ACTIVITY

MALWARE

MULTI_STAGED_ATTACK

NOT_ENOUGH_DATA_TO_VALIDATE

NOT_MALICIOUS

OTHER

PHISHING

SECURITY_PERSONNEL

SECURITY_TESTING

UNWANTED_SOFTWARE

Example
"APT"

AnalystFeedback

Fields
Field Name Description
additionalInfo - String
severity - SeverityEnum
threatClassification - String
threatType - AnalystFeedbackThreatType
verdict - StoryVerdictEnum
Example
{
  "additionalInfo": "xyz789",
  "severity": "High",
  "threatClassification": "xyz789",
  "threatType": AnalystFeedbackThreatType,
  "verdict": "Benign"
}

AnalystFeedbackThreatType

Fields
Field Name Description
details - String
name - String
recommendedAction - String
Example
{
  "details": "abc123",
  "name": "xyz789",
  "recommendedAction": "abc123"
}

AnalystInfo

Beta
Fields
Field Name Description
email - String Security analyst email address
name - String Security analyst name
Example
{
  "email": "xyz789",
  "name": "xyz789"
}

AnnotationType

Values
Enum Value Description

generic

Other events that are included in annotations

popChange

The site connects to a different PoP

remoteIPChange

The ISP IP address (remote IP) changed

roleChange

Change for HA status role
Example
"generic"

Anomalies

Fields
Field Name Description
id - ID!
firstSignal - DateTime!
lastSignal - DateTime!
engineType - StoryEngineTypeEnum
vendor - VendorEnum
producer - StoryProducerEnum!
producerName - String!
connectionType - ConnectionTypeEnum
indication - String!
queryName - String
source - String
criticality - Int
ticket - String
status - StoryStatusEnum
research - Boolean
siteName - String
storyDuration - Int
description - String
analystFeedback - AnalystFeedback
site - SiteRef
user - UserRef
sourceIp - String
similarStoriesData - [SimilarStoryData!]!
predictedVerdict - StoryVerdictEnum
predictedThreatType - String
direction - String
Possible Types
Anomalies Types

AnomalyStats

AnomalyEvents

Example
{
  "id": 4,
  "firstSignal": "2007-12-03T10:15:30Z",
  "lastSignal": "2007-12-03T10:15:30Z",
  "engineType": "ANOMALY",
  "vendor": "CATO",
  "producer": "AnomalyEvents",
  "producerName": "xyz789",
  "connectionType": "Host",
  "indication": "abc123",
  "queryName": "xyz789",
  "source": "xyz789",
  "criticality": 123,
  "ticket": "abc123",
  "status": "Closed",
  "research": false,
  "siteName": "abc123",
  "storyDuration": 123,
  "description": "xyz789",
  "analystFeedback": AnalystFeedback,
  "site": SiteRef,
  "user": UserRef,
  "sourceIp": "xyz789",
  "similarStoriesData": [SimilarStoryData],
  "predictedVerdict": "Benign",
  "predictedThreatType": "abc123",
  "direction": "abc123"
}

AnomalyEvents

Fields
Field Name Description
analystFeedback - AnalystFeedback
breakdownField - String
clientClass - [String!]!
connectionType - ConnectionTypeEnum
criticality - Int
description - String
deviceName - String
direction - String
drillDownFilter - [StoryDrillDownFilter!]
engineType - StoryEngineTypeEnum
extra - [Extra!]
firstSignal - DateTime!
gaussian - Gaussian
id - ID!
indication - String!
lastSignal - DateTime!
logonName - String
macAddress - String
metric - Metric
metricDetails - MetricDetails
mitres - [Mitre!]
os - String
predictedThreatType - String
predictedVerdict - StoryVerdictEnum
producer - StoryProducerEnum!
producerName - String!
queryName - String
research - Boolean
rules - [String!]
similarStoriesData - [SimilarStoryData!]!
site - SiteRef
siteName - String
source - String
sourceIp - String
srcSiteId - String
status - StoryStatusEnum
storyDuration - Int
subjectType - String
targets - [IncidentTargetRep!]!
ticket - String
timeSeries - [IncidentTimeseries!]
user - UserRef
vendor - VendorEnum
Example
{
  "analystFeedback": AnalystFeedback,
  "breakdownField": "abc123",
  "clientClass": ["xyz789"],
  "connectionType": "Host",
  "criticality": 123,
  "description": "xyz789",
  "deviceName": "abc123",
  "direction": "xyz789",
  "drillDownFilter": [StoryDrillDownFilter],
  "engineType": "ANOMALY",
  "extra": [Extra],
  "firstSignal": "2007-12-03T10:15:30Z",
  "gaussian": Gaussian,
  "id": "4",
  "indication": "abc123",
  "lastSignal": "2007-12-03T10:15:30Z",
  "logonName": "abc123",
  "macAddress": "abc123",
  "metric": Metric,
  "metricDetails": MetricDetails,
  "mitres": [Mitre],
  "os": "abc123",
  "predictedThreatType": "xyz789",
  "predictedVerdict": "Benign",
  "producer": "AnomalyEvents",
  "producerName": "abc123",
  "queryName": "abc123",
  "research": true,
  "rules": ["xyz789"],
  "similarStoriesData": [SimilarStoryData],
  "site": SiteRef,
  "siteName": "abc123",
  "source": "xyz789",
  "sourceIp": "abc123",
  "srcSiteId": "xyz789",
  "status": "Closed",
  "storyDuration": 123,
  "subjectType": "abc123",
  "targets": [IncidentTargetRep],
  "ticket": "abc123",
  "timeSeries": [IncidentTimeseries],
  "user": UserRef,
  "vendor": "CATO"
}

AnomalyStats

Fields
Field Name Description
analystFeedback - AnalystFeedback
breakdownField - String
clientClass - [String!]!
connectionType - ConnectionTypeEnum
criticality - Int
description - String
deviceName - String
direction - String
drillDownFilter - [StoryDrillDownFilter!]