Cato Networks GraphQL API Reference
Reference documentation for Cato GraphQL API
Terms of Service
https://support.catonetworks.com/hc/en-us/articles/360014905938-Support-Policy-for-the-Cato-API
API Endpoints
https://api.catonetworks.com/api/v1/graphql2
Further readings
Find detailed examples here: https://support.catonetworks.com/hc/en-us/sections/360004049057-Cato-API
Download latest schema
GraphQL Introspection Query
Use the GraphQL Introspection system to learn more about queries and types with the Cato API schema.
For more information, see the GraphQL Documentation.
API Labeling
EA: These APIs are part of Cato's EA program, if you’re interested in joining, please contact us at ea@catonetworks.com
Rollout: We are gradually rolling out these APIs, and they will be available to all accounts after a few weeks.
Beta: These APIs are fully operational but may undergo schema changes, including potential breaking changes, with limited advance notice—possibly as short as two weeks.
Queries
accountBySubdomain
Response
Returns [AccountDataPayload!]
Arguments
Name | Description |
---|---|
accountID - ID!
|
|
subdomains - [String!]!
|
a list of required subdomains |
Example
Query
query accountBySubdomain($accountID:ID!, $subdomains:[String!]!) {
accountBySubdomain(accountID:$accountID, subdomains:$subdomains) {
id
subdomain
}
}
Variables
{"accountID": "123", "subdomains": ["company"]}
Response
{"data": {"accountBySubdomain": [{"id": "123", "subdomain": "company"}]}}
accountMetrics
Description
The accountMetrics query helps you analyze the state and quality of the connections of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics, statics, and analytics for the account.
Response
Returns an AccountMetrics
Arguments
Name | Description |
---|---|
accountID - ID
|
Unique Identifier of Account. |
timeFrame - TimeFrame!
|
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory. |
groupInterfaces - Boolean
|
When the boolean argument groupInterfaces is set to true, then the data for all the interfaces are aggregated to a single interface. |
groupDevices - Boolean
|
When the boolean argument groupDevices is set to true, then the analytics for all the Sockets (usually two in high availability) are aggregated as one result. For the best results for aggregated Sockets, we recommend that there is consistent names and functionality (for example Destination) for the links on both Sockets. |
Example
Query
query accountMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$groupInterfaces: Boolean,
$groupDevices: Boolean,
$siteIDs: [ID!]
) {
accountMetrics(
accountID:$accountID,
timeFrame: $timeFrame,
groupInterfaces: $groupInterfaces,
groupDevices: $groupDevices
) {
id
from
to
sites(siteIDs:$siteIDs) {
id
metrics {
bytesUpstream
bytesDownstream
}
interfaces {
name
metrics {
bytesUpstream
bytesDownstream
}
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"groupInterfaces": false,
"groupDevices": true,
"siteIDs": ["456", "789"]
}
Response
{
"data": {
"accountMetrics": {
"id": "123",
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"sites": [
{
"id": "456",
"metrics": {"bytesUpstream": 122324400, "bytesDownstream": 8354720},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 122324400,
"bytesDownstream": 8354720
}
}
]
},
{
"id": "789",
"metrics": {"bytesUpstream": 100254955, "bytesDownstream": 3907080},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 100254955,
"bytesDownstream": 3907080
}
}
]
}
]
}
}
}
accountRoles
Response
Returns an AccountRolesResult!
Arguments
Name | Description |
---|---|
accountID - ID!
|
|
accountType - AccountType
|
Example
Query
query accountRoles($accountID:ID!){
accountRoles(accountID: $accountID) {
items {
name
isPredefined
}
total
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountRoles": {
"items": [
{"name": "Editor", "isPredefined": true},
{"name": "Viewer", "isPredefined": true},
{"name": "Network admin", "isPredefined": true},
{"name": "Security Admin", "isPredefined": true},
{"name": "Access Admin", "isPredefined": true}
],
"total": 5
}
}
}
accountSnapshot
Description
Current snapshot-based metrics that show near real‑time data for the account. Provides analytics that are similar to the Topology page for the account.
Response
Returns an AccountSnapshot
Arguments
Name | Description |
---|---|
accountID - ID
|
Unique Identifier of Account. |
Example
Query
query accountSnapshot($accountID:ID!) {
accountSnapshot(accountID:$accountID) {
sites {
connectivityStatus
haStatus{
readiness
wanConnectivity
keepalive
socketVersion
}
operationalStatus
lastConnected
connectedSince
devices {
connected
version
}
}
users {
connectivityStatus
connectedInOffice
name
deviceName
}
timestamp
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountSnapshot": {
"sites": [
{
"connectivityStatus": "connected",
"haStatus": {
"readiness": "ready",
"wanConnectivity": "ok",
"keepalive": "ok",
"socketVersion": "ok"
},
"operationalStatus": "active",
"lastConnected": "2023-02-28T13:21:05Z",
"connectedSince": "2023-02-27T15:10:06Z",
"devices": [
{"connected": true, "version": "17.0.16303"},
{"connected": true, "version": "17.0.16303"}
]
},
{
"connectivityStatus": "disconnected",
"haStatus": null,
"operationalStatus": "active",
"lastConnected": "2020-03-11T13:43:40Z",
"connectedSince": null,
"devices": [{"connected": false, "version": ""}]
}
],
"users": [
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Employee Domywork",
"deviceName": "Employee’s MacBook Pro"
},
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Alice Bobs",
"deviceName": "Alice’s MacBook Pro"
}
],
"timestamp": "2023-02-28T13:22:21Z"
}
}
}
admin
Response
Returns a GetAdminPayload
Example
Query
query admin($accountId:ID!, $adminID:ID!) {
admin(accountId:$accountId, adminID:$adminID) {
id
firstName
lastName
email
creationDate
mfaEnabled
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"admin": {
"id": "456",
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"mfaEnabled": false,
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
admins
Response
Returns an AdminsResult
Example
Query
query admins($accountId:ID!, $limit: Int) {
admins(accountID:$accountId, limit: $limit) {
items {
id
email
managedRoles {
role {
name
}
}
}
total
}
}
Variables
{"accountId": "123", "limit": 2}
Response
{
"data": {
"admins": {
"items": [
{
"id": "1",
"email": "editor@company.org",
"managedRoles": [{"role": {"name": "Editor"}}]
},
{
"id": "2",
"email": "viewer@company.org",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
],
"total": 3
}
}
}
appStats
Description
BETA
Response
Returns an AppStats
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
|
sort - [AppStatsSort!]
|
Example
Query
query appStats(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$dimensions:[Dimension],
$sort:[AppStatsSort!],
$limit:Int,
$from:Int,
) {
appStats(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "app"}],
"sort": [{"fieldName": "traffic", "order": "desc"}],
"measures": [
{"fieldName": "traffic", "aggType": "sum"},
{"fieldName": "application", "aggType": "any"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"app": "zoom",
"application": "Zoom",
"traffic": "95138282696"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "udp",
"application": "UDP",
"traffic": "45401221439"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "Tech",
"application": "Technological apps",
"traffic": "13982474567"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "AppleSoftwareupdate",
"application": "Apple software update",
"traffic": "11624258191"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
}
]
}
}
}
appStatsTimeSeries
Description
BETA
Response
Returns an AppStatsTimeSeries
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
Example
Query
query appStatsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$buckets:Int!
) {
appStatsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "upstream", "aggType": "sum"},
{"fieldName": "downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "upstream"}
},
{
"label": "sum(downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "downstream"}
}
]
}
}
}
auditFeed
Description
Audit Feed for account changes
Response
Returns an AuditFeed
Arguments
Name | Description |
---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
timeFrame - TimeFrame!
|
|
filters - [AuditFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query auditFeed($accountID:ID!, $timeFrame: TimeFrame!){
auditFeed(accountIDs:[$accountID], timeFrame:$timeFrame) {
from
to
fetchedCount
accounts {
id
records{
admin {
name
}
object {
name
}
time
fields {
name
value {
... on Entity {
name
id
type
}
... on StringValue {
string
}
... on DateValue {
date
}
}
}
}
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"auditFeed": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"records": [
{
"time": "2023-02-28T08:48:21Z",
"fields": [
{
"name": "admin",
"value": {
"name": "admin@company.org",
"id": "456",
"type": "admin",
"__typename": "Entity"
}
},
{
"name": "change.Before.description",
"value": {
"string": "Description before change",
"__typename": "StringValue"
}
},
{
"name": "change.After.description",
"value": {
"string": "Description after change",
"__typename": "StringValue"
}
},
{
"name": "model_name",
"value": {"string": "Site name", "__typename": "StringValue"}
},
{
"name": "module",
"value": {
"string": "Configuration",
"__typename": "StringValue"
}
},
{
"name": "change_type",
"value": {"string": "MODIFIED", "__typename": "StringValue"}
},
{
"name": "creation_date",
"value": {
"string": "1677574090000",
"__typename": "DateValue"
}
},
{
"name": "model_type",
"value": {"string": "Site", "__typename": "StringValue"}
},
{
"name": "admin_id",
"value": {"string": "456", "__typename": "StringValue"}
},
{
"name": "insertion_date",
"value": {
"date": "2023-02-28T08:48:21Z",
"__typename": "DateValue"
}
},
{
"name": "account_id",
"value": {"string": "123", "__typename": "StringValue"}
}
]
}
]
}
]
}
}
}
entityLookup
Description
Lookup entities with a specific type, potentially filtered and paged
Response
Returns an EntityLookupResult!
Arguments
Name | Description |
---|---|
accountID - ID!
|
The account ID (or 0 for non-authenticated requests) |
type - EntityType!
|
Type of entity to lookup for |
limit - Int
|
Sets the maximum number of items to retrieve Default
|
from - Int
|
Sets the offset number of items (for paging) Default
|
parent - EntityInput
|
Return items under a parent entity (can be site, vpn user, etc), used to filter for networks that belong to a specific site for example |
search - String
|
Adds additional search parameters for the lookup. Available options: country lookup: "removeExcluded" to return only allowed countries countryState lookup: country code ("US", "CN", etc) to get country's states Default
|
entityIDs - [ID!]
|
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not universally available, and may not be applicable specific Entity types. If used on non applicable entity type, an error will be generated. |
sort - [SortInput]
|
Adds additional sort criteria(s) for the lookup. This option is not universally available, and may not be applicable specific Entity types. |
filters - [LookupFilterInput]
|
Custom filters for entityLookup |
helperFields - [String!]
|
Additional helper fields |
Example
Query
query entityLookup($accountID:ID!, $limit:Int, $type:EntityType!) {
entityLookup(accountID: $accountID, type:$type, limit: $limit) {
items {
entity{
id
name
}
}
total
}
}
Variables
{"accountID": "123", "limit": 2, "type": "site"}
Response
{
"data": {
"entityLookup": {
"items": [
{"entity": {"id": "45040", "name": "azure_test"}},
{"entity": {"id": "75791", "name": "esx_test"}}
],
"total": 5
}
}
}
events
Response
Returns an Events
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
|
sort - [EventsSort!]
|
Example
Query
query events($accountID:ID!, $timeFrame:TimeFrame!, ) {
events(accountID: $accountID, timeFrame:$timeFrame, measures: {fieldName: event_count, aggType: sum}) {
records {
flatFields
fieldsMap
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"events": {
"records": [
{
"flatFields": [["event_count", "2"]],
"fieldsMap": {"event_count": "2"}
}
]
}
}
}
eventsFeed
Description
Event Feed for events paged by a topic partitions offsets marker
Response
Returns an EventsFeedData
Arguments
Name | Description |
---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
filters - [EventFeedFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query eventsFeed(
$accountIDs: [ID!],
$filters: [EventFeedFieldFilterInput!]
) {
eventsFeed(
accountIDs: $accountIDs,
filters: $filters,
) {
marker
fetchedCount
accounts {
id
errorString
records {
fieldsMap
}
}
}
}
Variables
{
"accountIDs": [123],
"filters": [
{
"fieldName": "event_type",
"operator": "is_not",
"values": ["Sockets Management"]
},
{
"fieldName": "event_sub_type",
"operator": "is",
"values": ["Disconnected"]
}
]
}
Response
{
"data": {
"eventsFeed": {
"marker": "W3siVG9waWMiOiIxODIiLCJQYXJ0aXRpb24iOjAsIk9mZnNldCI6MzIxNTM4fV0=",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"errorString": "",
"records": [
{
"fieldsMap": {
"ISP_name": "IP Addresses Are Assigned Statically",
"account_id": "123",
"client_version": "8.0.4127",
"event_count": "1",
"event_sub_type": "Disconnected",
"event_type": "Connectivity",
"internalId": "7r0c7xUYIf",
"link_type": "Cato",
"pop_name": "Amsterdam",
"socket_interface": "WAN1",
"src_country": "Israel",
"src_country_code": "IL",
"src_is_site_or_vpn": "Site",
"src_isp_ip": "1.2.3.4",
"src_site": "native-range",
"time": "1677170467000",
"tunnel_protocol": "DTLS"
}
}
]
}
]
}
}
}
eventsTimeSeries
Response
Returns an EventsTimeSeries
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
Example
Query
query eventsTimeSeries(
$accountID: ID!,
$filters: [EventsFilter!],
$timeFrame: TimeFrame!,
$measures: [EventsMeasure],
$buckets: Int!
) {
eventsTimeSeries(
accountID: $accountID,
filters: $filters,
timeFrame:$timeFrame,
measures: $measures
) {
id
from
to
granularity
timeseries(buckets:$buckets) {
label
data
}
}
}
Variables
{
"accountID": "4125",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [{"fieldName": "event_count", "aggType": "sum"}],
"buckets": 4
}
Response
{
"data": {
"eventsTimeSeries": {
"id": "4125",
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 21600,
"timeseries": [
{
"label": "sum(event_count)",
"data": [
[1677542400000, 5],
[1677564000000, 2],
[1677585600000, 0],
[1677607200000, 5]
]
}
]
}
}
}
subDomains
Description
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
- Regular account - Return only 1 subdomain relating to the regular account
- Reseller account - Return all subdomains including the reseller account subdomain
- Reseller account - Return only the reseller account subdomain
Response
Returns [SubDomain!]!
Example
Query
query subDomains($accountID:ID!, $managedAccount:Boolean) {
subDomains(accountID:$accountID, managedAccount:$managedAccount) {
accountId
accountName
accountType
subDomain
}
}
Variables
{"accountID": "123", "managedAccount": true}
Response
{
"data": {
"subDomains": [
{
"accountId": "123",
"accountName": "Gamma LLC",
"accountType": "Reseller",
"subDomain": "subdomain3"
},
{
"accountId": "1235",
"accountName": "Delta Inc.",
"accountType": "Regular",
"subDomain": "subdomain4"
}
]
}
}
AccountManagementQueries
account
Description
Read the account information
Response
Returns an AccountInfo
Example
Query
query getAccount($accountId:ID!) {
accountManagement(accountId: $accountId) {
account {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456"}
Response
{
"data": {
"accountManagement": {
"account": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AppTenantRestrictionPolicyQueries
policy
Beta
Response
Returns an AppTenantRestrictionPolicy!
Arguments
Name | Description |
---|---|
input - AppTenantRestrictionPolicyInput
|
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "5e38909c-d5f4-4132-98eb-7efd28ca5ca5",
"index": 1,
"name": "App Tenant Restriction Rule 1"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
ContainerQueries
list
Beta
Response
Returns a ContainerSearchPayload!
Arguments
Name | Description |
---|---|
input - ContainerSearchInput!
|
Example
Query
query listContainers($accountId:ID!, $input:ContainerSearchInput!) {
container(accountId: $accountId) {
list(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"refs": [{"by": "NAME", "input": "Some Container"}],
"types": ["FQDN"]
}
}
Response
{
"data": {
"container": {
"list": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
FqdnContainerQueries
downloadFile
Beta
Response
Returns a DownloadFqdnContainerFilePayload!
Arguments
Name | Description |
---|---|
input - DownloadFqdnContainerFileInput!
|
Example
Query
query downloadFqdnFile($accountId:ID!, $input:DownloadFqdnContainerFileInput!) {
container(accountId: $accountId) {
fqdn {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"fqdn": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "MTkwLjIwLjI0LjM2LTE5MC4yMC4yNC4yMzYKMjAuMTAuMTMuMjcKMTgzLjEzLjU0LjIzNA=="
}
}
}
}
}
search
Beta
Response
Returns a FqdnContainerSearchPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:FqdnContainerSearchInput!) {
container(accountId: $accountId) {
fqdn {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"search": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchFqdn
Beta
Response
Returns a FqdnContainerSearchFqdnPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerSearchFqdnInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:FqdnContainerSearchFqdnInput!) {
container(accountId: $accountId) {
fqdn {
searchFqdn(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{"accountId": 12345, "input": {"fqdn": "google.com"}}
Response
{
"data": {
"container": {
"fqdn": {
"searchFqdn": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
IpAddressRangeContainerQueries
downloadFile
Beta
Response
Arguments
Name | Description |
---|---|
input - DownloadIpAddressRangeContainerFileInput!
|
Example
Query
query downloadIpAddressNameFile($accountId:ID!, $input:DownloadIpAddressRangeContainerFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"ipAddressRange": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "ZXhhbXBsZS5jb20KZ29vZ2xlLmNvbQphbWF6b20uY29t"
}
}
}
}
}
search
Beta
Response
Returns an IpAddressRangeContainerSearchPayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:IpAddressRangeContainerSearchInput!) {
container(accountId: $accountId) {
ipAddressRange {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"search": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchIpAddressRange
Beta
Response
Returns an IpAddressRangeContainerSearchIpAddressRangePayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerSearchIpAddressRangeInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:IpAddressRangeContainerSearchIpAddressRangeInput!) {
container(accountId: $accountId) {
ipAddressRange {
searchIpAddressRange(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ipAddressRange": {"from": "190.20.24.36", "to": "190.20.24.236"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"searchIpAddressRange": {
"containers": [
{
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
DynamicIpAllocationPolicyQueries
policy
Beta
Response
Returns a DynamicIpAllocationPolicy!
Arguments
Name | Description |
---|---|
input - DynamicIpAllocationPolicyInput
|
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
policy {
enabled
rules {
properties
rule {
id
index
name
range {
globalIpRange{
id
name
}
}
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc",
"index": 1,
"name": "Rule2",
"range": {
"globalIpRange": {"id": "1927109", "name": "12.22.17.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "eb2d4d79-0149-4839-a5c4-fc167211dbe6",
"index": 2,
"name": "Rule1",
"range": {
"globalIpRange": {"id": "1927108", "name": "12.22.16.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"index": 3,
"name": "Updated rule name",
"range": {
"globalIpRange": {"id": "1927110", "name": "12.22.18.0/24"}
}
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "Updated section new to the new name"
}
},
{
"properties": [],
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
{
"properties": [],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
HardwareManagementQueries
socketInventory
Beta
Description
Retrieve the account socket inventory
Response
Returns a SocketInventoryPayload!
Arguments
Name | Description |
---|---|
input - SocketInventoryInput
|
Example
Query
query socketInventory($accountId: ID!, $input: SocketInventoryInput!) {
hardwareManagement(accountId: $accountId) {
socketInventory(input: $input) {
items {
id
status
serialNumber
socketMac
socketVersion
site {
id
name
}
account {
id
name
}
shippingDate
socketType
trackingUrl
trackingNumber
shippingCompany
deliverySiteName
description
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 25, "from": 0},
"filter": {"freeText": {"search": "search"}},
"sort": {"deliverySiteName": {"direction": "ASC"}}
}
}
Response
{
"data": {
"hardwareManagement": {
"socketInventory": {
"items": [
{
"id": "111111",
"status": "DELIVERED",
"serialNumber": "987654321",
"socketMac": "00-B0-D0-63-C2-26",
"socketVersion": "13.0.11395",
"site": {"id": "010101", "name": "exampleSite"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1500",
"trackingUrl": "https://fedex.com/1111111",
"trackingNumber": "1111111",
"shippingCompany": "fedex",
"deliverySiteName": "exampleWarehouse",
"description": "example description"
},
{
"id": "2222222",
"status": "SHIPPED",
"serialNumber": "123456789",
"socketMac": "00-B0-D0-63-C2-27",
"socketVersion": "13.0.11395",
"site": {"id": "0202", "name": "exampleSite2"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1700",
"trackingUrl": "https://ups.com/2222222",
"trackingNumber": "2222222",
"shippingCompany": "ups",
"deliverySiteName": "exampleWarehouse2",
"description": "example description 2"
}
],
"pageInfo": {"total": 2}
}
}
}
}
InternetFirewallPolicyQueries
policy
Beta
Response
Returns an InternetFirewallPolicy!
Arguments
Name | Description |
---|---|
input - InternetFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": ["SYSTEM"],
"rule": {
"id": "f99c880a-7474-42a7-9da1-828c2d93abe6",
"index": 1,
"name": "Block any P2P"
}
},
{
"properties": [],
"rule": {
"id": "8df22e9d-c5c2-417e-a282-7c9908bfc1f4",
"index": 2,
"name": "Default Block Tor, SMB, SMTP"
}
},
{
"properties": [],
"rule": {
"id": "d42482ef-cbf2-494d-9343-5dc6ca30f815",
"index": 3,
"name": "Default Block for Categories"
}
},
{
"properties": [],
"rule": {
"id": "5d04747f-b31f-4d7c-8c02-831f07df80b8",
"index": 4,
"name": "Default prompt for Categories"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
LicensingQueries
licensingInfo
Beta
Description
BETA
Response
Returns a LicensingInfo
Example
Query
query licensingInfo($accountId: ID!){
licensing(accountId: $accountId) {
licensingInfo {
globalLicenseAllocations {
publicIps {
total
allocated
available
}
ztnaUsers {
total
allocated
available
}
}
licenses {
sku
plan
status
expirationDate
startDate
lastUpdated
... on QuantifiableLicense {
total
}
... on DataLakeLicense {
dpaVersion
}
... on PooledBandwidthLicense {
siteLicenseGroup
siteLicenseType
allocatedBandwidth
sites {
site {
id
name
}
allocatedBandwidth
}
}
... on SiteLicense {
siteLicenseGroup
regionality
siteLicenseType
site {
id
name
}
}
... on ZtnaUsersLicense {
ztnaUsersLicenseGroup
}
}
}
}
}
Variables
{"accountId": "12345"}
Response
{
"data": {
"licensing": {
"licensingInfo": {
"globalLicenseAllocations": {
"publicIps": {"total": 68, "allocated": 0, "available": 68},
"ztnaUsers": {"total": 15, "allocated": 5, "available": 10}
},
"licenses": [
{
"sku": "CATO_CASB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T08:14:29.884Z",
"__typename": "CasbLicense"
},
{
"sku": "CATO_DATALAKE_3M",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-25T10:08:32.586Z",
"total": 1,
"dpaVersion": "DPA_2023_01",
"__typename": "DataLakeLicense"
},
{
"sku": "CATO_IP_ADD",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": null,
"lastUpdated": null,
"total": 68,
"__typename": "IpsLicense"
},
{
"sku": "CATO_MDR",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T08:14:30.294Z",
"__typename": "ManagedXdrLicense"
},
{
"sku": "CATO_PB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2024-07-04T00:00:00.000Z",
"startDate": "2024-03-31T00:00:00.000Z",
"lastUpdated": "2024-03-31T11:26:19.233Z",
"total": 250,
"siteLicenseGroup": "GROUP_2",
"siteLicenseType": "SASE",
"allocatedBandwidth": 50,
"sites": [
{
"site": {"id": "456", "name": "Tokyo"},
"allocatedBandwidth": 20
},
{
"site": {"id": "789", "name": "Sydney"},
"allocatedBandwidth": 30
}
],
"__typename": "PooledBandwidthLicense"
},
{
"sku": "CATO_ZTNA_USERS",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": null,
"lastUpdated": "2024-04-30T10:54:29.294Z",
"total": 21,
"ztnaUsersLicenseGroup": "GENERAL",
"__typename": "ZtnaUsersLicense"
},
{
"sku": "CATO_SITE",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T16:45:10.517Z",
"total": 100,
"siteLicenseGroup": "GROUP_1",
"regionality": null,
"siteLicenseType": "SASE",
"site": {"id": "123", "name": "London"},
"__typename": "SiteLicense"
},
{
"sku": "CATO_THREAT_PREVENTION",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-25T10:08:32.464Z",
"__typename": "ThreatPreventionLicense"
}
]
}
}
}
}
RemotePortFwdPolicyQueries
policy
Beta
Response
Returns a RemotePortFwdPolicy!
Arguments
Name | Description |
---|---|
input - RemotePortFwdPolicyInput
|
Example
Query
query RemotePortFwdPolicy($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
policy {
enabled
rules {
rule {
id
name
index
enabled
section {
id
name
}
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
ipRange {
from
to
}
subnet
globalIpRange {
id
name
}
}
restrictionType
}
}
sections {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"policy": {
"enabled": false,
"rules": [
{
"rule": {
"id": "4b80b0ac-94ea-45b8-9ae0-20d6104607ce",
"name": "new rule",
"index": 1,
"enabled": true,
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
},
"description": "",
"forwardIcmp": false,
"externalIp": {
"id": "26",
"name": "site_test_4 - 192.168.1.16"
},
"externalPortRange": {"from": 75, "to": 75},
"internalIp": "222.222.22.22",
"internalPortRange": {"from": 75, "to": 75},
"remoteIPs": {
"ip": ["192.168.1.1"],
"ipRange": [],
"subnet": [],
"globalIpRange": []
},
"restrictionType": "ALLOW_LIST"
}
}
],
"sections": [
{
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query RemotePortFwd($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
SandboxQueries
Description
Get a list of sandbox reports
Response
Returns a SandboxReportsPayload!
Arguments
Name | Description |
---|---|
input - SandboxReportsInput
|
Example
Query
query Sandbox($accountId: ID!, $input: SandboxReportsInput) {
sandbox(accountId: $accountId) {
reports(input: $input) {
report {
fileName
fileHash
status
verdict
downloadUrl
creationDate
expirationDate
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"filter": {"fileName": {"in": "eicar.zip"}},
"sort": {"reportCreateDate": {"direction": "DESC"}},
"paging": {"limit": 20, "from": 0}
}
}
Response
{
"data": {
"sandbox": {
"reports": {
"report": [
{
"fileName": "eicar.zip",
"fileHash": "FILE_HASH",
"status": "READY",
"verdict": "MALICIOUS",
"downloadUrl": "DOWNLOAD_URL",
"creationDate": "2025-01-12T12:41:30.241Z",
"expirationDate": "2025-02-11T12:42:20.132Z"
}
],
"pageInfo": {"total": 1}
}
}
}
}
SiteQueries
bgpPeer
Beta
Description
Retrieves details of a specific BGP peer by reference.
Response
Returns a BgpPeer
Arguments
Name | Description |
---|---|
input - BgpPeerRefInput!
|
Example
Query
query bgpPeer($accountId: ID!, $input: BgpPeerRefInput!) {
site(accountId: $accountId) {
bgpPeer(input: $input) {
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
Variables
{"accountId": 123, "input": {"input": "example peer", "by": "NAME"}}
Response
{
"data": {
"site": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
bgpPeerList
Beta
Description
Retrieves a list of all BGP peers associated with the specified site.
Response
Returns a BgpPeerListPayload
Arguments
Name | Description |
---|---|
input - BgpPeerListInput!
|
Example
Query
query bgpPeerList($accountId: ID!, $input: BgpPeerListInput!) {
site(accountId: $accountId) {
bgpPeerList(input: $input){
total
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"bgpPeerList": {
"total": 1,
"bgpPeer": [
{
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
]
}
}
}
}
cloudInterconnectConnectionConnectivity
Beta
Description
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
Response
Returns a CloudInterconnectConnectionConnectivity
Arguments
Name | Description |
---|---|
input - CloudInterconnectConnectionConnectivityInput!
|
Example
Query
query cloudInterconnectConnectionConnectivity($accountId: ID!, $input: CloudInterconnectConnectionConnectivityInput!) {
site(accountId : $accountId){
cloudInterconnectConnectionConnectivity(input: $input) {
success
}
}
}
Variables
{"accountId": 128782, "input": {"id": "MzY2MzM0LVBSSU1BUlk="}}
Response
{
"data": {
"site": {"cloudInterconnectConnectionConnectivity": {"success": false}}
}
}
cloudInterconnectPhysicalConnection
Beta
Description
Get details of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnection
Arguments
Name | Description |
---|---|
input - CloudInterconnectPhysicalConnectionInput!
|
Example
Query
query cloudInterconnectPhysicalConnection($accountId: ID!, $input: CloudInterconnectPhysicalConnectionInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnection(input: $input) {
site{
id
name
}
haRole
encapsulationMethod
subnet
privateCatoIp
privateSiteIp
upstreamBwLimit
downstreamBwLimit
popLocation{
id,
name
}
vlan
sVlan
cVlan
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnection": {
"site": {"id": "400957", "name": "cloud_interconnect_test_site"},
"haRole": "PRIMARY",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": 100,
"downstreamBwLimit": 100,
"popLocation": {
"id": "10000",
"name": "Exalt Socket Upgrade Simulator for TestCC2"
},
"vlan": 2713,
"sVlan": 0,
"cVlan": 0
}
}
}
}
cloudInterconnectPhysicalConnectionId
Beta
Description
Get the ID of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnectionId
Arguments
Name | Description |
---|---|
input - CloudInterconnectPhysicalConnectionIdInput!
|
Example
Query
query cloudInterconnectPhysicalConnectionId($accountId: ID!, $input: CloudInterconnectPhysicalConnectionIdInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnectionId(input: $input) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {"site": {"by": "ID", "input": "400957"}, "haRole": "PRIMARY"}
}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnectionId": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
siteBgpStatus
Beta
Description
Provides the BGP status of the specified site, including session and route details.
Response
Returns a SiteBgpStatus
Arguments
Name | Description |
---|---|
input - SiteBgpStatusInput!
|
Example
Query
query siteBgpStatus($accountId: ID!, $input: SiteBgpStatusInput!) {
site(accountId: $accountId) {
siteBgpStatus(input: $input) {
status {
remoteIp
bgpSession
bfdSession
routesFromPeer
routesToPeer
rejectedRoutesFromPeer {
subnet
type
community{
from
to
}
rule
lastPublishAttempt
}
}
rawStatus
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"siteBgpStatus": {
"status": [
{
"remoteIp": "192.168.2.100",
"bgpSession": "Established via outgoing connection",
"bfdSession": null,
"routesFromPeer": ["172.16.32.0/24"],
"routesToPeer": [
"10.41.0.0/16",
"100.1.0.0/16",
"172.17.31.0/24",
"10.254.254.0/24",
"220.220.220.0/24",
"10.254.254.12/32",
"10.254.254.253/32",
"100.1.1.0/24",
"120.120.120.0/24",
"111.1.1.1/32",
"156.88.88.0/24",
"192.168.1.0/24",
"10.254.254.5/32",
"10.254.254.1/32",
"192.168.2.0/24"
],
"rejectedRoutesFromPeer": [
{
"subnet": "200.1.1.0/24",
"type": "IPv4",
"community": [{"from": 5555, "to": 5555}],
"rule": " ( ( bgp_range == 200.1.1.0/24 ) )",
"lastPublishAttempt": null
},
{
"subnet": "200.1.0.0/16",
"type": "IPv4",
"community": [{"from": 6666, "to": 6666}],
"rule": " ( ( bgp_communities ~= 436869642 ) )",
"lastPublishAttempt": null
}
]
}
],
"rawStatus": [
"{\"Exposed_On_Interface\":\"LAN1\",\"Exposed_With_IP\":\"192.168.2.1\",\"Peer\":{\"BGP_Session\":\"Established via outgoing connection\",\"BGP_peer_filter_rule\":{\"default_accept\":true,\"rules\":[{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_range\",\"op\":\"OP_EQ\",\"values\":[{\"str\":\"200.1.1.0/24\",\"type\":\"field_type_ip\"}]}]},\"id\":18258},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"364058035\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18259},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"436869642\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18260}]},\"Incoming_Connection\":{\"State\":\"Idle\",\"Transport\":\"Not set\"},\"Local_ASN\":\"65000\",\"Local_IP\":\"169.254.1.179\",\"Negotiated\":{\"Capabilities\":{\"as4\":\"0\",\"enhanced_route_refresh\":\"1\",\"graceful_restart_always_publish\":false,\"graceful_restart_enabled\":false,\"graceful_restart_present\":false,\"graceful_restart_timeout\":\"0\",\"multiprotocol_ext\":\"1\",\"route_refresh\":\"1\"},\"Hold_Time\":\"60\",\"Keepalive_Period\":\"20\"},\"Outgoing_Connection\":{\"State\":\"Established\",\"Transport\":\"169.254.1.179:43113-192.168.2.100:179\"},\"RIB_out\":[{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.253/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"15\",\"b3\",\"00\",\"37\"],\"communities\":[\"5555:55\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.0.0/16\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"120.120.120.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"0\",\"Communities offset\":\"0\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"172.17.31.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"156.88.88.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"08\",\"ae\",\"08\",\"ae\"],\"communities\":[\"2222:2222\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.1.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"220.220.220.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.2.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.41.0.0/16\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"0d\",\"05\",\"0d\",\"05\"],\"communities\":[\"3333:3333\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"111.1.1.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.12/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.5/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.1.0/24\"}],\"Remote_ASN\":\"7678\",\"Remote_IP\":\"192.168.2.100\",\"Router_ID\":\"192.168.2.1\",\"Router_Weight\":\"100\"},\"accept_default_route\":false,\"advertise_cato\":true,\"advertise_default\":\"never\",\"advertise_summary\":false,\"bfd_peer\":{\"BFD_Session\":\"DOWN\",\"bfd_config\":{\"local_asn\":65000,\"local_ip_no\":\"169.254.1.179\",\"local_port_ho\":0,\"remote_asn\":7678,\"remote_ip_no\":\"192.168.2.100\"},\"bfd_session_info\":{\"active_mode\":false,\"auth_type\":0,\"desired_min_tx_interval_usec\":300000,\"detect_interval_usec\":0,\"detect_mult\":3,\"local_diag\":\"NO_DIAGNOSTIC\",\"my_discriminator\":1394721461,\"next_detect_timestamp_usec\":9223372036854776000,\"next_send_timestamp_usec\":9223372036854776000,\"poll_in_progress\":false,\"remote_demand_mode\":false,\"remote_detect_mult\":0,\"remote_diag\":\"NO_DIAGNOSTIC\",\"remote_discriminator\":0,\"remote_min_echo_interval_usec\":0,\"remote_min_rx_interval_usec\":0,\"remote_min_tx_interval_usec\":0,\"remote_state\":\"DOWN\",\"remote_tx_interval_usec\":0,\"required_min_echo_interval_usec\":0,\"required_min_rx_interval_usec\":300000,\"state\":\"DOWN\",\"tx_interval_usec\":0},\"bfd_timeline\":[{\"event\":{\"func\":\"bfd_peer_init\",\"line\":\"513\",\"msg\":\"initialized BFD session to 192.168.2.100. tx = 300000 usec, rx = 300000 usec, mult = 3 , mode is passive\"},\"time\":\"02/12/24 09:41:03.583\"}],\"enabled\":true},\"custom_ranges_advertise\":\"never\",\"interface_pcap_captured_packets\":\"0\",\"interface_pcap_enabled\":false,\"interface_port_id\":0,\"rejected_routes_from_neighbor\":[{\"Communities\":[\"5555:5555\"],\"Subnet\":\"200.1.1.0/24\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_range == 200.1.1.0/24 ) )\"},{\"Communities\":[\"6666:6666\"],\"Subnet\":\"200.1.0.0/16\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_communities ~= 436869642 ) )\"}],\"routes_count\":\"1\",\"routes_count_limit\":\"1024\",\"routes_count_limit_exceeded\":false,\"routes_from_neighbor\":[{\"Next_Hop\":\"192.168.2.100\",\"Range\":\"172.16.32.0-172.16.32.255\",\"Subnet\":\"172.16.32.0/24\"}],\"routes_to_neighbor\":[{\"Subnet\":\"10.41.0.0/16\"},{\"Subnet\":\"111.1.1.1/32\"},{\"Subnet\":\"100.1.0.0/16\"},{\"Subnet\":\"100.1.1.0/24\"},{\"Subnet\":\"172.17.31.0/24\"},{\"Subnet\":\"120.120.120.0/24\"},{\"Subnet\":\"192.168.1.0/24\"},{\"Subnet\":\"220.220.220.0/24\"},{\"Subnet\":\"192.168.2.0/24\"},{\"Subnet\":\"10.254.254.0/24\"},{\"Subnet\":\"10.254.254.12/32\"},{\"Subnet\":\"10.254.254.253/32\"},{\"Subnet\":\"10.254.254.5/32\"},{\"Subnet\":\"10.254.254.1/32\"},{\"Subnet\":\"156.88.88.0/24\"}]}"
]
}
}
}
}
WanFirewallPolicyQueries
policy
Beta
Response
Returns a WanFirewallPolicy!
Arguments
Name | Description |
---|---|
input - WanFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "16044293",
"index": 1,
"name": "Allow social media"
}
},
{
"properties": [],
"rule": {"id": "16044295", "index": 2, "name": "WAN FW Rule 2"}
}
],
"sections": [
{
"properties": [],
"section": {"id": "363808", "name": "Example Wan Section"}
},
{
"properties": [],
"section": {"id": "363809", "name": "My Wan Section"}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"revisions": {
"revision": [
{"name": "WAN Test Revision", "changes": 0},
{"name": "WAN Test Revision", "changes": 0}
]
}
}
}
}
}
XDR
stories
Beta
Description
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
Response
Returns a StoriesData
Arguments
Name | Description |
---|---|
input - StoryInput!
|
Example
Query
query Stories($accountId: ID!, $from: Int!, $limit: Int!, $sort: [StorySortInput!], $filter: [StoryFilterInput!]!) {
xdr(accountID: $accountId) {
stories(
input: {paging: {from: $from, limit: $limit}, sort: $sort, filter: $filter}
) {
paging {
from
limit
total
__typename
}
items {
...StoryBrief
__typename
}
__typename
}
__typename
}
}
fragment StoryBrief on Story {
id
accountId
accountName
updatedAt
createdAt
analystName
incident {
__typename
id
status
lastSignal
firstSignal
producer
connectionType
indication
queryName
description
criticality
source
ticket
research
vendor
sourceIp
analystFeedback {
severity
__typename
}
... on Threat {
...ThreatIncidentBrief
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentBrief
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentBrief
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentBrief
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentBrief
__typename
}
}
__typename
}
fragment ThreatIncidentBrief on Threat {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment ThreatPreventionIncidentBrief on ThreatPrevention {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment AnomalyStatsIncidentBrief on AnomalyStats {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment AnomalyEventsIncidentBrief on AnomalyEvents {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment NetworkXDRIncidentBrief on NetworkXDRIncident {
__typename
storyDuration
storyType
siteConnectionType
siteConfigLocation
acknowledged
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
}
Variables
{
"accountId": "123",
"from": 0,
"limit": 25,
"filter": [
{
"timeFrame": {"time": "last.P14D", "timeFrameModifier": "StoryUpdate"},
"producer": {
"in": [
"AnomalyEvents",
"AnomalyStats",
"ThreatHunt",
"ThreatPrevention",
"MicrosoftEndpointDefender",
"CatoEndpointAlert"
]
}
}
],
"sort": [{"fieldName": "updatedAt", "order": "desc"}]
}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"stories": {
"paging": {"from": 0, "limit": 25, "total": 5, "__typename": "Paging"},
"items": [
{
"id": "65ba47966e0c8517cf2de805",
"accountId": 123,
"accountName": "account",
"updatedAt": "2024-01-31T13:13:58Z",
"createdAt": "2024-01-31T13:13:58Z",
"analystName": "abc123",
"incident": {
"__typename": "CatoEndpoint",
"id": "29ebcff1",
"status": "PendingMoreInfo",
"lastSignal": "2024-01-18T01:48:25Z",
"firstSignal": "2024-01-18T01:48:25Z",
"producer": "CatoEndpointAlert",
"connectionType": null,
"indication": "Cato Endpoint Alert",
"queryName": null,
"description": null,
"criticality": 5,
"source": "source",
"ticket": null,
"research": false,
"vendor": "CATO",
"sourceIp": null,
"analystFeedback": {
"severity": "Medium",
"__typename": "AnalystFeedback"
}
},
"__typename": "Story"
}
]
}
}
}
}
story
Beta
Description
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
Response
Returns a Story
Arguments
Name | Description |
---|---|
storyId - ID
|
|
producer - StoryProducerEnum
|
|
incidentId - ID
|
Example
Query
query StoryDetails($accountId: ID!, $storyId: ID!) {
xdr(accountID: $accountId) {
... on XDR {
story(storyId: $storyId) {
...StoryDetailed
__typename
}
__typename
}
__typename
}
}
fragment StoryDetailed on Story {
__typename
id
summary
updatedAt
createdAt
playbook
timeline {
...TimelineItem
__typename
}
incident {
__typename
id
status
producer
ticket
connectionType
indication
queryName
criticality
source
research
firstSignal
lastSignal
description
site {
id
name
__typename
}
user {
id
name
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentDetailed
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentDetailed
__typename
}
... on Threat {
...ThreatIncidentDetailed
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentDetailed
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentDetailed
__typename
}
... on MicrosoftEndpoint {
...MicrosoftEndpointIncidentDetailed
__typename
}
... on CatoEndpoint {
...CatoEndpointIncidentDetailed
__typename
}
}
}
fragment TimelineItem on TimelineItem {
createdAt
type
descriptions
additionalInfo
analystInfo {
name
__typename
}
context
category
__typename
}
fragment AnomalyStatsIncidentDetailed on AnomalyStats {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment AnalystFeedback on AnalystFeedback {
verdict
severity
threatType {
name
details
recommendedAction
__typename
}
threatClassification
additionalInfo
__typename
}
fragment AnomalyEventsIncidentDetailed on AnomalyEvents {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatIncidentDetailed on Threat {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
flows {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatPreventionIncidentDetailed on ThreatPrevention {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
threatPreventionsEvents {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referrer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment NetworkXDRIncidentDetailed on NetworkXDRIncident {
__typename
storyDuration
storyType
occurrences
siteConnectionType
siteConfigLocation
acknowledged
description
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
pop
isp
hostIp
ruleName
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
incidentId
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
pop
isp
hostIp
ruleName
tunnelResetCount
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
analystFeedback {
... on AnalystFeedback {
severity
__typename
}
__typename
}
}
fragment MicrosoftEndpointIncidentDetailed on MicrosoftEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
osDetails {
... on OsDetails {
...MicrosoftEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...MicrosoftEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on MicrosoftDefenderEndpointAlert {
...StoryDetailsMicrosoftEndpointAlert
__typename
}
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment MicrosoftEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on MicrosoftEndpointUser {
...MicrosoftEndpointIncidentUserDetails
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentUserDetails on MicrosoftEndpointUser {
name
domainName
__typename
}
fragment StoryDetailsMicrosoftEndpointAlert on MicrosoftDefenderEndpointAlert {
id
title
localIp
destinationIp
destinationUrl
mitreTechnique {
id
name
__typename
}
firstActivityDateTime
lastActivityDateTime
threatName
activities {
...StoryDetailsMicrosoftEndpointActivity
__typename
}
resources {
...StoryDetailsMicrosoftEndpointResource
__typename
}
... on MicrosoftDefenderEndpointAlert {
criticality
msStatus: status
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointActivity on MicrosoftActivity {
id
resourceId
parentResourceId
action
__typename
}
fragment StoryDetailsMicrosoftEndpointResource on MicrosoftEndpointResource {
id
remediationStatus
createdDateTime
verdict
roles
...StoryDetailsMicrosoftEndpointFileResource
...StoryDetailsMicrosoftEndpointProcessResource
...StoryDetailsMicrosoftEndpointRegistryResource
__typename
}
fragment StoryDetailsMicrosoftEndpointFileResource on MicrosoftFileResource {
detectionStatus
fileDetails {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsMicrosoftEndpointProcessResource on MicrosoftProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsMicrosoftEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointUserDetails on EndpointUser {
id
... on MicrosoftEndpointUser {
userSid
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointRegistryResource on MicrosoftRegistryResource {
valueName
valueType
value
key
hive
__typename
}
fragment CatoEndpointIncidentDetailed on CatoEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
macAddress
osDetails {
... on OsDetails {
...CatoEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...CatoEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on CatoEndpointAlert {
...StoryDetailsCatoEndpointAlert
__typename
}
__typename
}
__typename
}
fragment CatoEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment CatoEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on CatoEndpointUser {
...CatoEndpointIncidentUserDetails
__typename
}
__typename
}
fragment CatoEndpointIncidentUserDetails on CatoEndpointUser {
name
__typename
}
fragment StoryDetailsCatoEndpointAlert on CatoEndpointAlert {
id
title
mitreTechnique {
id
name
__typename
}
createdDateTime
threatName
activities {
...StoryDetailsCatoEndpointActivity
__typename
}
resources {
...StoryDetailsCatoEndpointResource
__typename
}
... on CatoEndpointAlert {
criticality
catoStatus: status
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointActivity on CatoActivity {
id
resourceId
parentResourceId
__typename
}
fragment StoryDetailsCatoEndpointResource on CatoResource {
id
createdDateTime
remediationStatus
...StoryDetailsCatoEndpointFileResource
...StoryDetailsCatoEndpointProcessResource
__typename
}
fragment StoryDetailsCatoEndpointFileResource on CatoFileResource {
detectionStatus
fileDetails {
...StoryDetailsCatoEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsCatoEndpointProcessResource on CatoProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsCatoEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsCatoEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointUserDetails on EndpointUser {
id
... on CatoEndpointUser {
name
__typename
}
__typename
}
Variables
{"accountId": "123", "storyId": "abc123"}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"story": {
"playbook": null,
"incident": {
"__typename": "Threat",
"id": "abc123",
"status": "Open",
"producer": "ThreatHunt",
"ticket": null,
"connectionType": "Site",
"indication": "abc123",
"queryName": "abc123",
"criticality": 5,
"source": "abc123",
"research": false,
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T13:00:00Z",
"description": "abc123",
"site": null,
"user": null,
"srcSiteId": "123",
"flowsCardinality": 4,
"storyDuration": 14400,
"os": "OS_WINDOWS",
"deviceName": "abc123",
"macAddress": "aa:aa:11:22:33:44",
"sourceIp": "1.2.3.4",
"logonName": null,
"direction": "OUTBOUND",
"predictedVerdict": null,
"predictedThreatType": null,
"similarStoriesData": [],
"events": [],
"mitres": [],
"timeSeries": [],
"targets": [
{
"type": "domain",
"name": "123",
"analysisScore": 0.75688803,
"infectionSource": true,
"catoPopularity": -1,
"threatFeeds": 2,
"creationTime": "2023-01-10T06:16:40Z",
"categories": "abc123",
"countryOfRegistration": "CZ",
"searchHits": "123",
"engines": null,
"eventData": [],
"__typename": "IncidentTargetRep"
}
],
"flows": [
{
"appName": "http",
"clientClass": null,
"sourceIp": "11.22.33.111",
"sourcePort": 123,
"direction": "INBOUND",
"createdAt": "2024-02-29T09:45:00Z",
"referer": null,
"userAgent": null,
"method": null,
"destinationCountry": "US",
"destinationPort": 123,
"destinationIp": "11.22.33.644",
"destinationGeolocation": "11.1,22.2",
"url": null,
"tunnelGeolocation": "11.1,22.2",
"domain": "abc123",
"target": "abc123",
"httpResponseCode": null,
"dnsResponseIP": null,
"smbFileName": null,
"fileHash": null,
"ja3": null,
"__typename": "IncidentFlow"
}
],
"analystFeedback": {
"verdict": null,
"severity": null,
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null,
"__typename": "AnalystFeedbackThreatType"
},
"threatClassification": null,
"additionalInfo": null,
"__typename": "AnalystFeedback"
}
},
"__typename": "Story",
"id": "abc123",
"summary": "abc123",
"updatedAt": "2024-03-27T08:32:44Z",
"createdAt": "2024-03-27T08:22:51Z",
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"type": "Diff",
"descriptions": ["abc123"],
"additionalInfo": null,
"analystInfo": null,
"context": "Story created",
"category": null,
"__typename": "TimelineItem"
}
]
}
}
}
}
Mutations
AccountManagementMutations
addAccount
Description
Add a new account
Response
Returns an AccountInfo
Arguments
Name | Description |
---|---|
input - AddAccountInput!
|
Example
Query
mutation addAccount($accountId:ID!, $input:AddAccountInput!) {
accountManagement(accountId: $accountId) {
addAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"name": "account_name",
"tenancy": "SINGLE_TENANT",
"type": "CUSTOMER",
"description": "account description",
"timezone": "Australia/ACT"
}
}
Response
{
"data": {
"accountManagement": {
"addAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
removeAccount
Description
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
Response
Returns a RemoveAccountPayload
Arguments
Name | Description |
---|---|
accountId - ID!
|
Example
Query
mutation removeAccount($parentAccountId:ID!, $accountId:ID!) {
accountManagement(accountId: $parentAccountId) {
removeAccount(accountId: $accountId) {
accountInfo {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
}
Variables
{"parentAccountId": "123", "accountId": "456"}
Response
{
"data": {
"accountManagement": {
"removeAccount": {
"accountInfo": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
}
updateAccount
Description
Update existing account attributes
Response
Returns an AccountInfo
Arguments
Name | Description |
---|---|
input - UpdateAccountInput!
|
Example
Query
mutation updateAccount($accountId:ID!, $input:UpdateAccountInput!) {
accountManagement(accountId: $accountId) {
updateAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456", "input": {"description": "new account description"}}
Response
{
"data": {
"accountManagement": {
"updateAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AdminMutations
addAdmin
Response
Returns an AddAdminPayload
Arguments
Name | Description |
---|---|
input - AddAdminInput!
|
Example
Query
mutation addAdmin($accountId:ID!, $input: AddAdminInput!) {
admin(accountId:$accountId) {
addAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"passwordNeverExpires": false,
"mfaEnabled": true,
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addAdmin": {"adminID": "456"}}}}
removeAdmin
Response
Returns a RemoveAdminPayload
Arguments
Name | Description |
---|---|
adminID - ID!
|
Example
Query
mutation removeAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeAdmin": {"adminID": "456"}}}}
updateAdmin
Response
Returns an UpdateAdminPayload
Arguments
Name | Description |
---|---|
adminID - ID!
|
|
input - UpdateAdminInput!
|
Example
Query
mutation updateAdmin($accountId:ID!, $adminID:ID!, $input: UpdateAdminInput!){
admin(accountId:$accountId) {
updateAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"managedRoles": [
{"role": {"id": 1, "name": "Editor"}},
{"role": {"id": 2, "name": "Viewer"}}
]
}
}
Response
{"data": {"admin": {"updateAdmin": {"adminID": "456"}}}}
AppTenantRestrictionPolicyMutations
addRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - AppTenantRestrictionAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
severity: MEDIUM
action: INJECT_HEADERS
application: {
input:"hibob"
by: ID
}
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
headers: [{
name: "headerName"
value: "headerValue"
}]
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addSection": {
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "276f34f3-197d-41ec-8d3d-de34bc703da9",
"createdTime": "2024-12-15T13:25:34.774",
"updatedTime": "2024-12-15T13:25:34.774"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "58dc4161-77bb-4866-a2c8-3eed554158f7"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveSection(input: {
id: "0f61ccb5-1912-4bc0-ade6-06fc684b561f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - AppTenantRestrictionRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - AppTenantRestrictionPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - AppTenantRestrictionUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
}
}
}
}
}
}
ContainerMutations
delete
Beta
Response
Returns a DeleteContainerPayload!
Arguments
Name | Description |
---|---|
input - DeleteContainerInput!
|
Example
Query
mutation removeValuesFqdnContainer($accountId:ID!, $input:DeleteContainerInput!) {
container(accountId: $accountId) {
delete(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"delete": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
FqdnContainerMutations
addValues
Beta
Response
Returns a FqdnContainerAddValuesPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerAddValuesInput!
|
Example
Query
mutation addValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerAddValuesInput!) {
container(accountId: $accountId) {
fqdn {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"addValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Returns a CreateFqdnContainerFromFilePayload!
Arguments
Name | Description |
---|---|
input - CreateFqdnContainerFromFileInput!
|
Example
Query
mutation createFqdnContainerFromFile($accountId:ID!, $input:CreateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns a FqdnContainerRemoveValuesPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerRemoveValuesInput!) {
container(accountId: $accountId) {
fqdn {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"removeValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Returns an UpdateFqdnContainerFromFilePayload!
Arguments
Name | Description |
---|---|
input - UpdateFqdnContainerFromFileInput!
|
Example
Query
mutation updateFqdnContainerFromFile($accountId:ID!, $input:UpdateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
IpAddressRangeContainerMutations
addValues
Beta
Response
Returns an IpAddressRangeContainerAddValuesPayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerAddValuesInput!
|
Example
Query
mutation addValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerAddValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"addValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Arguments
Name | Description |
---|---|
input - CreateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation createIpAddressRangeContainerFromFile($accountId:ID!, $input:CreateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns an IpAddressRangeContainerRemoveValuesPayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerRemoveValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"removeValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Arguments
Name | Description |
---|---|
input - UpdateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromFile($accountId:ID!, $input:UpdateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
DynamicIpAllocationPolicyMutations
addRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - DynamicIpAllocationAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example description"
range: {
globalIpRange:{
by: NAME
input: "12.22.18.0/24"
}
}
}
})
{
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Arguments
Name | Description |
---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "ce815213-ec04-435a-8bf9-3ef5ada025e6",
"createdTime": "2024-09-25T14:31:07.605",
"updatedTime": "2024-09-25T14:31:07.605"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Arguments
Name | Description |
---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveRule(input: {
id: "3c345055-4f14-48dc-ab8c-5b5db9d778fc"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Arguments
Name | Description |
---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
publishPolicyRevision(input: {
name: "IT Group SDP Users Dynamic IP Allocation Example"
description : "Allocate Dynamic IP range for IT group Example"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - DynamicIpAllocationRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeRule(input: {
id: "60ba1383-04ce-4a1f-8c61-5e5a3c2eabb1"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Arguments
Name | Description |
---|---|
input - DynamicIpAllocationPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - DynamicIpAllocationUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateRule(input: {
id: "2c25bae8-f787-4098-b3c2-6057e5fe8537"
rule: {
name: "Updated Rule Name Example"
}
}) {
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Updated rule name",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateSection(input: {
id: "54a367d6-75da-4399-bc03-65170ea97d3f"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "New section"
}
}
}
}
}
}
}
InternetFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
action: ALLOW
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "ALLOW"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSection": {
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create the policy revision. Create a new empty policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "c15811b4-1e43-44ea-a132-6d1a73cb7f8d",
"createdTime": "2024-07-18T21:49:58.116",
"updatedTime": "2024-07-18T21:49:58.116"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "106ee457-4406-4ea4-a163-36aa247de48f"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section with system rules cannot be moved or removed",
"errorCode": "sectionSystemMove"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing rule from the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeSection": {"status": "FAILURE"}}}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
}
}
}
}
}
RemotePortFwdPolicyMutations
addRule
Beta
Description
Add a new port forwarding rule to enable remote access to internal services.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - RemotePortFwdAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addRule(input: {
rule: {
enabled: true,
name: "RPF Rule",
description: "RPF Rule",
forwardIcmp: false,
externalIp: {
by: ID,
input: "26270"
},
externalPortRange: {
from: 8095,
to: 8095
},
internalIp: "1.1.1.1",
internalPortRange: {
from: 8095,
to: 8095
},
remoteIPs: {
ip: [
"8.8.8.8"
]
},
restrictionType: ALLOW_LIST
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
enabled
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"forwardIcmp": false,
"externalIp": {
"id": "26270",
"name": "exaltsimu_test_4 - 198.20.1.16"
},
"externalPortRange": {"from": 8095, "to": 8095},
"internalIp": "1.1.1.1",
"internalPortRange": {"from": 8095, "to": 8095},
"remoteIPs": {"ip": ["8.8.8.8"]}
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addSection": {
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create a new empty policy revision for port forwarding rules.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "b8305755-fe19-4868-9962-dff25687e722",
"createdTime": "2024-11-19T16:11:21.338",
"updatedTime": "2024-11-19T16:11:21.338"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this revision are discarded and the revision is deleted.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the priority/position of an existing port forwarding rule.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "d22ece52-f1cb-46c4-b3d5-367125bebb37"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
publishPolicyRevision(input: {
name: "NA sites"
description : "Allow traffic for North America sites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing port forwarding rule from the policy.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - RemotePortFwdRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"remotePortFwd": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"remotePortFwd": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Description
Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - RemotePortFwdPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing port forwarding rule configuration.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - RemotePortFwdUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
rule: {
internalIp: "10.0.0.1",
}
}) {
status
rule {
rule {
id
name
enabled
description
internalIp
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"internalIp": "10.0.0.1"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId":