Cato Networks GraphQL API Reference
Reference documentation for Cato GraphQL API
Terms of Service
https://support.catonetworks.com/hc/en-us/articles/360014905938-Support-Policy-for-the-Cato-API
API Endpoints
https://api.catonetworks.com/api/v1/graphql2
Further readings
Find detailed examples here: https://support.catonetworks.com/hc/en-us/sections/360004049057-Cato-API
Download latest schema
GraphQL Introspection Query
Use the GraphQL Introspection system to learn more about queries and types with the Cato API schema.
For more information, see the GraphQL Documentation.
Queries
accountBySubdomain
Response
Returns [AccountDataPayload!]
Arguments
Name | Description |
---|---|
accountID - ID!
|
|
subdomains - [String!]!
|
a list of required subdomains |
Example
Query
query accountBySubdomain($accountID:ID!, $subdomains:[String!]!) {
accountBySubdomain(accountID:$accountID, subdomains:$subdomains) {
id
subdomain
}
}
Variables
{"accountID": "123", "subdomains": ["company"]}
Response
{"data": {"accountBySubdomain": [{"id": "123", "subdomain": "company"}]}}
accountMetrics
Description
The accountMetrics query helps you analyze the state and quality of the connections of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics, statics, and analytics for the account.
Response
Returns an AccountMetrics
Arguments
Name | Description |
---|---|
accountID - ID
|
Unique Identifier of Account. |
timeFrame - TimeFrame!
|
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory. |
groupInterfaces - Boolean
|
When the boolean argument groupInterfaces is set to true, then the data for all the interfaces are aggregated to a single interface. |
groupDevices - Boolean
|
When the boolean argument groupDevices is set to true, then the analytics for all the Sockets (usually two in high availability) are aggregated as one result. For the best results for aggregated Sockets, we recommend that there is consistent names and functionality (for example Destination) for the links on both Sockets. |
Example
Query
query accountMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$groupInterfaces: Boolean,
$groupDevices: Boolean,
$siteIDs: [ID!]
) {
accountMetrics(
accountID:$accountID,
timeFrame: $timeFrame,
groupInterfaces: $groupInterfaces,
groupDevices: $groupDevices
) {
id
from
to
sites(siteIDs:$siteIDs) {
id
metrics {
bytesUpstream
bytesDownstream
}
interfaces {
name
metrics {
bytesUpstream
bytesDownstream
}
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"groupInterfaces": false,
"groupDevices": true,
"siteIDs": ["456", "789"]
}
Response
{
"data": {
"accountMetrics": {
"id": "123",
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"sites": [
{
"id": "456",
"metrics": {"bytesUpstream": 122324400, "bytesDownstream": 8354720},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 122324400,
"bytesDownstream": 8354720
}
}
]
},
{
"id": "789",
"metrics": {"bytesUpstream": 100254955, "bytesDownstream": 3907080},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 100254955,
"bytesDownstream": 3907080
}
}
]
}
]
}
}
}
accountRoles
Response
Returns an AccountRolesResult!
Arguments
Name | Description |
---|---|
accountID - ID!
|
|
accountType - AccountType
|
Example
Query
query accountRoles($accountID:ID!){
accountRoles(accountID: $accountID) {
items {
name
isPredefined
}
total
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountRoles": {
"items": [
{"name": "Editor", "isPredefined": true},
{"name": "Viewer", "isPredefined": true},
{"name": "Network admin", "isPredefined": true},
{"name": "Security Admin", "isPredefined": true},
{"name": "Access Admin", "isPredefined": true}
],
"total": 5
}
}
}
accountSnapshot
Description
Current snapshot-based metrics that show near real‑time data for the account. Provides analytics that are similar to the Topology page for the account.
Response
Returns an AccountSnapshot
Arguments
Name | Description |
---|---|
accountID - ID
|
Unique Identifier of Account. |
Example
Query
query accountSnapshot($accountID:ID!) {
accountSnapshot(accountID:$accountID) {
sites {
connectivityStatus
haStatus{
readiness
wanConnectivity
keepalive
socketVersion
}
operationalStatus
lastConnected
connectedSince
devices {
connected
version
}
}
users {
connectivityStatus
connectedInOffice
name
deviceName
}
timestamp
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountSnapshot": {
"sites": [
{
"connectivityStatus": "connected",
"haStatus": {
"readiness": "ready",
"wanConnectivity": "ok",
"keepalive": "ok",
"socketVersion": "ok"
},
"operationalStatus": "active",
"lastConnected": "2023-02-28T13:21:05Z",
"connectedSince": "2023-02-27T15:10:06Z",
"devices": [
{"connected": true, "version": "17.0.16303"},
{"connected": true, "version": "17.0.16303"}
]
},
{
"connectivityStatus": "disconnected",
"haStatus": null,
"operationalStatus": "active",
"lastConnected": "2020-03-11T13:43:40Z",
"connectedSince": null,
"devices": [{"connected": false, "version": ""}]
}
],
"users": [
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Employee Domywork",
"deviceName": "Employee’s MacBook Pro"
},
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Alice Bobs",
"deviceName": "Alice’s MacBook Pro"
}
],
"timestamp": "2023-02-28T13:22:21Z"
}
}
}
admin
Response
Returns a GetAdminPayload
Example
Query
query admin($accountId:ID!, $adminID:ID!) {
admin(accountId:$accountId, adminID:$adminID) {
id
firstName
lastName
email
creationDate
mfaEnabled
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"admin": {
"id": "456",
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"mfaEnabled": false,
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
admins
Response
Returns an AdminsResult
Example
Query
query admins($accountId:ID!, $limit: Int) {
admins(accountID:$accountId, limit: $limit) {
items {
id
email
managedRoles {
role {
name
}
}
}
total
}
}
Variables
{"accountId": "123", "limit": 2}
Response
{
"data": {
"admins": {
"items": [
{
"id": "1",
"email": "editor@company.org",
"managedRoles": [{"role": {"name": "Editor"}}]
},
{
"id": "2",
"email": "viewer@company.org",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
],
"total": 3
}
}
}
appStats
Description
BETA
Response
Returns an AppStats
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
|
sort - [AppStatsSort!]
|
Example
Query
query appStats(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$dimensions:[Dimension],
$sort:[AppStatsSort!],
$limit:Int,
$from:Int,
) {
appStats(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "app"}],
"sort": [{"fieldName": "traffic", "order": "desc"}],
"measures": [
{"fieldName": "traffic", "aggType": "sum"},
{"fieldName": "application", "aggType": "any"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"app": "zoom",
"application": "Zoom",
"traffic": "95138282696"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "udp",
"application": "UDP",
"traffic": "45401221439"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "Tech",
"application": "Technological apps",
"traffic": "13982474567"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"app": "AppleSoftwareupdate",
"application": "Apple software update",
"traffic": "11624258191"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
}
]
}
}
}
appStatsTimeSeries
Description
BETA
Response
Returns an AppStatsTimeSeries
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
Example
Query
query appStatsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$buckets:Int!
) {
appStatsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "upstream", "aggType": "sum"},
{"fieldName": "downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "upstream"}
},
{
"label": "sum(downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "downstream"}
}
]
}
}
}
auditFeed
Description
Audit Feed for account changes
Response
Returns an AuditFeed
Arguments
Name | Description |
---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
timeFrame - TimeFrame!
|
|
filters - [AuditFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query auditFeed($accountID:ID!, $timeFrame: TimeFrame!){
auditFeed(accountIDs:[$accountID], timeFrame:$timeFrame) {
from
to
fetchedCount
accounts {
id
records{
admin {
name
}
object {
name
}
time
fields {
name
value {
... on Entity {
name
id
type
}
... on StringValue {
string
}
... on DateValue {
date
}
}
}
}
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"auditFeed": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"records": [
{
"time": "2023-02-28T08:48:21Z",
"fields": [
{
"name": "admin",
"value": {
"name": "admin@company.org",
"id": "456",
"type": "admin",
"__typename": "Entity"
}
},
{
"name": "change.Before.description",
"value": {
"string": "Description before change",
"__typename": "StringValue"
}
},
{
"name": "change.After.description",
"value": {
"string": "Description after change",
"__typename": "StringValue"
}
},
{
"name": "model_name",
"value": {"string": "Site name", "__typename": "StringValue"}
},
{
"name": "module",
"value": {
"string": "Configuration",
"__typename": "StringValue"
}
},
{
"name": "change_type",
"value": {"string": "MODIFIED", "__typename": "StringValue"}
},
{
"name": "creation_date",
"value": {
"string": "1677574090000",
"__typename": "DateValue"
}
},
{
"name": "model_type",
"value": {"string": "Site", "__typename": "StringValue"}
},
{
"name": "admin_id",
"value": {"string": "456", "__typename": "StringValue"}
},
{
"name": "insertion_date",
"value": {
"date": "2023-02-28T08:48:21Z",
"__typename": "DateValue"
}
},
{
"name": "account_id",
"value": {"string": "123", "__typename": "StringValue"}
}
]
}
]
}
]
}
}
}
entityLookup
Description
Lookup entities with a specific type, potentially filtered and paged
Response
Returns an EntityLookupResult!
Arguments
Name | Description |
---|---|
accountID - ID!
|
The account ID (or 0 for non-authenticated requests) |
type - EntityType!
|
Type of entity to lookup for |
limit - Int
|
Sets the maximum number of items to retrieve Default
|
from - Int
|
Sets the offset number of items (for paging) Default
|
parent - EntityInput
|
Return items under a parent entity (can be site, vpn user, etc), used to filter for networks that belong to a specific site for example |
search - String
|
Adds additional search parameters for the lookup. Available options: country lookup: "removeExcluded" to return only allowed countries countryState lookup: country code ("US", "CN", etc) to get country's states Default
|
entityIDs - [ID!]
|
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not universally available, and may not be applicable specific Entity types. If used on non applicable entity type, an error will be generated. |
sort - [SortInput]
|
Adds additional sort criteria(s) for the lookup. This option is not universally available, and may not be applicable specific Entity types. |
filters - [LookupFilterInput]
|
Custom filters for entityLookup |
helperFields - [String!]
|
Additional helper fields |
Example
Query
query entityLookup($accountID:ID!, $limit:Int, $type:EntityType!) {
entityLookup(accountID: $accountID, type:$type, limit: $limit) {
items {
entity{
id
name
}
}
total
}
}
Variables
{"accountID": "123", "limit": 2, "type": "site"}
Response
{
"data": {
"entityLookup": {
"items": [
{"entity": {"id": "45040", "name": "azure_test"}},
{"entity": {"id": "75791", "name": "esx_test"}}
],
"total": 5
}
}
}
events
Description
BETA
Response
Returns an Events
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
|
sort - [EventsSort!]
|
Example
Query
query events($accountID:ID!, $timeFrame:TimeFrame!, ) {
events(accountID: $accountID, timeFrame:$timeFrame, measures: {fieldName: event_count, aggType: sum}) {
records {
flatFields
fieldsMap
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"events": {
"records": [
{
"flatFields": [["event_count", "2"]],
"fieldsMap": {"event_count": "2"}
}
]
}
}
}
eventsFeed
Description
Event Feed for events paged by a topic partitions offsets marker
Response
Returns an EventsFeedData
Arguments
Name | Description |
---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
filters - [EventFeedFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query eventsFeed(
$accountIDs: [ID!],
$filters: [EventFeedFieldFilterInput!]
) {
eventsFeed(
accountIDs: $accountIDs,
filters: $filters,
) {
marker
fetchedCount
accounts {
id
errorString
records {
fieldsMap
}
}
}
}
Variables
{
"accountIDs": [123],
"filters": [
{
"fieldName": "event_type",
"operator": "is_not",
"values": ["Sockets Management"]
},
{
"fieldName": "event_sub_type",
"operator": "is",
"values": ["Disconnected"]
}
]
}
Response
{
"data": {
"eventsFeed": {
"marker": "W3siVG9waWMiOiIxODIiLCJQYXJ0aXRpb24iOjAsIk9mZnNldCI6MzIxNTM4fV0=",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"errorString": "",
"records": [
{
"fieldsMap": {
"ISP_name": "IP Addresses Are Assigned Statically",
"account_id": "123",
"client_version": "8.0.4127",
"event_count": "1",
"event_sub_type": "Disconnected",
"event_type": "Connectivity",
"internalId": "7r0c7xUYIf",
"link_type": "Cato",
"pop_name": "Amsterdam",
"socket_interface": "WAN1",
"src_country": "Israel",
"src_country_code": "IL",
"src_is_site_or_vpn": "Site",
"src_isp_ip": "1.2.3.4",
"src_site": "native-range",
"time": "1677170467000",
"tunnel_protocol": "DTLS"
}
}
]
}
]
}
}
}
eventsTimeSeries
Description
BETA
Response
Returns an EventsTimeSeries
Arguments
Name | Description |
---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
Example
Query
query eventsTimeSeries(
$accountID: ID!,
$filters: [EventsFilter!],
$timeFrame: TimeFrame!,
$measures: [EventsMeasure],
$buckets: Int!
) {
eventsTimeSeries(
accountID: $accountID,
filters: $filters,
timeFrame:$timeFrame,
measures: $measures
) {
id
from
to
granularity
timeseries(buckets:$buckets) {
label
data
}
}
}
Variables
{
"accountID": "4125",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [{"fieldName": "event_count", "aggType": "sum"}],
"buckets": 4
}
Response
{
"data": {
"eventsTimeSeries": {
"id": "4125",
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 21600,
"timeseries": [
{
"label": "sum(event_count)",
"data": [
[1677542400000, 5],
[1677564000000, 2],
[1677585600000, 0],
[1677607200000, 5]
]
}
]
}
}
}
subDomains
Description
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
- Regular account - Return only 1 subdomain relating to the regular account
- Reseller account - Return all subdomains including the reseller account subdomain
- Reseller account - Return only the reseller account subdomain
Response
Returns [SubDomain!]!
Example
Query
query subDomains($accountID:ID!, $managedAccount:Boolean) {
subDomains(accountID:$accountID, managedAccount:$managedAccount) {
accountId
accountName
accountType
subDomain
}
}
Variables
{"accountID": "123", "managedAccount": true}
Response
{
"data": {
"subDomains": [
{
"accountId": "123",
"accountName": "Gamma LLC",
"accountType": "Reseller",
"subDomain": "subdomain3"
},
{
"accountId": "1235",
"accountName": "Delta Inc.",
"accountType": "Regular",
"subDomain": "subdomain4"
}
]
}
}
ContainerQueries
list
Beta
Response
Returns a ContainerSearchPayload!
Arguments
Name | Description |
---|---|
input - ContainerSearchInput!
|
Example
Query
query listContainers($accountId:ID!, $input:ContainerSearchInput!) {
container(accountId: $accountId) {
list(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"refs": [{"by": "NAME", "input": "Some Container"}],
"types": ["FQDN"]
}
}
Response
{
"data": {
"container": {
"list": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
FqdnContainerQueries
downloadFile
Beta
Response
Returns a DownloadFqdnContainerFilePayload!
Arguments
Name | Description |
---|---|
input - DownloadFqdnContainerFileInput!
|
Example
Query
query downloadFqdnFile($accountId:ID!, $input:DownloadFqdnContainerFileInput!) {
container(accountId: $accountId) {
fqdn {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"fqdn": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "MTkwLjIwLjI0LjM2LTE5MC4yMC4yNC4yMzYKMjAuMTAuMTMuMjcKMTgzLjEzLjU0LjIzNA=="
}
}
}
}
}
search
Beta
Response
Returns a FqdnContainerSearchPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:FqdnContainerSearchInput!) {
container(accountId: $accountId) {
fqdn {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"search": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchFqdn
Beta
Response
Returns a FqdnContainerSearchFqdnPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerSearchFqdnInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:FqdnContainerSearchFqdnInput!) {
container(accountId: $accountId) {
fqdn {
searchFqdn(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{"accountId": 12345, "input": {"fqdn": "google.com"}}
Response
{
"data": {
"container": {
"fqdn": {
"searchFqdn": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
IpAddressRangeContainerQueries
downloadFile
Beta
Response
Arguments
Name | Description |
---|---|
input - DownloadIpAddressRangeContainerFileInput!
|
Example
Query
query downloadIpAddressNameFile($accountId:ID!, $input:DownloadIpAddressRangeContainerFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"ipAddressRange": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "ZXhhbXBsZS5jb20KZ29vZ2xlLmNvbQphbWF6b20uY29t"
}
}
}
}
}
search
Beta
Response
Returns an IpAddressRangeContainerSearchPayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:IpAddressRangeContainerSearchInput!) {
container(accountId: $accountId) {
ipAddressRange {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"search": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchIpAddressRange
Beta
Response
Returns an IpAddressRangeContainerSearchIpAddressRangePayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerSearchIpAddressRangeInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:IpAddressRangeContainerSearchIpAddressRangeInput!) {
container(accountId: $accountId) {
ipAddressRange {
searchIpAddressRange(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ipAddressRange": {"from": "190.20.24.36", "to": "190.20.24.236"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"searchIpAddressRange": {
"containers": [
{
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
HardwareManagementQueries
socketInventory
Beta
Description
Retrieve the account socket inventory
Response
Returns a SocketInventoryPayload!
Arguments
Name | Description |
---|---|
input - SocketInventoryInput
|
Example
Query
query socketInventory($accountId: ID!, $input: SocketInventoryInput!) {
hardwareManagement(accountId: $accountId) {
socketInventory(input: $input) {
items {
id
status
serialNumber
socketMac
socketVersion
site {
id
name
}
account {
id
name
}
shippingDate
socketType
trackingUrl
trackingNumber
shippingCompany
deliverySiteName
description
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 25, "from": 0},
"filter": {"freeText": {"search": "search"}},
"sort": {"deliverySiteName": {"direction": "ASC"}}
}
}
Response
{
"data": {
"hardwareManagement": {
"socketInventory": {
"items": [
{
"id": "111111",
"status": "DELIVERED",
"serialNumber": "987654321",
"socketMac": "00-B0-D0-63-C2-26",
"socketVersion": "13.0.11395",
"site": {"id": "010101", "name": "exampleSite"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1500",
"trackingUrl": "https://fedex.com/1111111",
"trackingNumber": "1111111",
"shippingCompany": "fedex",
"deliverySiteName": "exampleWarehouse",
"description": "example description"
},
{
"id": "2222222",
"status": "SHIPPED",
"serialNumber": "123456789",
"socketMac": "00-B0-D0-63-C2-27",
"socketVersion": "13.0.11395",
"site": {"id": "0202", "name": "exampleSite2"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1700",
"trackingUrl": "https://ups.com/2222222",
"trackingNumber": "2222222",
"shippingCompany": "ups",
"deliverySiteName": "exampleWarehouse2",
"description": "example description 2"
}
],
"pageInfo": {"total": 2}
}
}
}
}
InternetFirewallPolicyQueries
policy
Beta
Response
Returns an InternetFirewallPolicy!
Arguments
Name | Description |
---|---|
input - InternetFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": ["SYSTEM"],
"rule": {
"id": "f99c880a-7474-42a7-9da1-828c2d93abe6",
"index": 1,
"name": "Block any P2P"
}
},
{
"properties": [],
"rule": {
"id": "8df22e9d-c5c2-417e-a282-7c9908bfc1f4",
"index": 2,
"name": "Default Block Tor, SMB, SMTP"
}
},
{
"properties": [],
"rule": {
"id": "d42482ef-cbf2-494d-9343-5dc6ca30f815",
"index": 3,
"name": "Default Block for Categories"
}
},
{
"properties": [],
"rule": {
"id": "5d04747f-b31f-4d7c-8c02-831f07df80b8",
"index": 4,
"name": "Default prompt for Categories"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
LicensingQueries
licensingInfo
Beta
Description
BETA
Response
Returns a LicensingInfo
Example
Query
query licensingInfo($accountId: ID!){
licensing(accountId: $accountId) {
licensingInfo {
globalLicenseAllocations {
publicIps {
total
allocated
available
}
ztnaUsers {
total
allocated
available
}
}
licenses {
sku
plan
status
expirationDate
startDate
lastUpdated
... on QuantifiableLicense {
total
}
... on DataLakeLicense {
dpaVersion
}
... on PooledBandwidthLicense {
siteLicenseGroup
siteLicenseType
allocatedBandwidth
sites {
site {
id
name
}
allocatedBandwidth
}
}
... on SiteLicense {
siteLicenseGroup
regionality
siteLicenseType
site {
id
name
}
}
... on ZtnaUsersLicense {
ztnaUsersLicenseGroup
}
}
}
}
}
Variables
{"accountId": "12345"}
Response
{
"data": {
"licensing": {
"licensingInfo": {
"globalLicenseAllocations": {
"publicIps": {"total": 68, "allocated": 0, "available": 68},
"ztnaUsers": {"total": 15, "allocated": 5, "available": 10}
},
"licenses": [
{
"sku": "CATO_CASB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T08:14:29.884Z",
"__typename": "CasbLicense"
},
{
"sku": "CATO_DATALAKE_3M",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-25T10:08:32.586Z",
"total": 1,
"dpaVersion": "DPA_2023_01",
"__typename": "DataLakeLicense"
},
{
"sku": "CATO_IP_ADD",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": null,
"lastUpdated": null,
"total": 68,
"__typename": "IpsLicense"
},
{
"sku": "CATO_MDR",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T08:14:30.294Z",
"__typename": "ManagedXdrLicense"
},
{
"sku": "CATO_PB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2024-07-04T00:00:00.000Z",
"startDate": "2024-03-31T00:00:00.000Z",
"lastUpdated": "2024-03-31T11:26:19.233Z",
"total": 250,
"siteLicenseGroup": "GROUP_2",
"siteLicenseType": "SASE",
"allocatedBandwidth": 50,
"sites": [
{
"site": {"id": "456", "name": "Tokyo"},
"allocatedBandwidth": 20
},
{
"site": {"id": "789", "name": "Sydney"},
"allocatedBandwidth": 30
}
],
"__typename": "PooledBandwidthLicense"
},
{
"sku": "CATO_ZTNA_USERS",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": null,
"lastUpdated": "2024-04-30T10:54:29.294Z",
"total": 21,
"ztnaUsersLicenseGroup": "GENERAL",
"__typename": "ZtnaUsersLicense"
},
{
"sku": "CATO_SITE",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-30T16:45:10.517Z",
"total": 100,
"siteLicenseGroup": "GROUP_1",
"regionality": null,
"siteLicenseType": "SASE",
"site": {"id": "123", "name": "London"},
"__typename": "SiteLicense"
},
{
"sku": "CATO_THREAT_PREVENTION",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"lastUpdated": "2024-04-25T10:08:32.464Z",
"__typename": "ThreatPreventionLicense"
}
]
}
}
}
}
WanFirewallPolicyQueries
policy
Beta
Response
Returns a WanFirewallPolicy!
Arguments
Name | Description |
---|---|
input - WanFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "16044293",
"index": 1,
"name": "Allow social media"
}
},
{
"properties": [],
"rule": {"id": "16044295", "index": 2, "name": "WAN FW Rule 2"}
}
],
"sections": [
{
"properties": [],
"section": {"id": "363808", "name": "Example Wan Section"}
},
{
"properties": [],
"section": {"id": "363809", "name": "My Wan Section"}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"revisions": {
"revision": [
{"name": "WAN Test Revision", "changes": 0},
{"name": "WAN Test Revision", "changes": 0}
]
}
}
}
}
}
XDR
stories
Beta
Description
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
Response
Returns a StoriesData
Arguments
Name | Description |
---|---|
input - StoryInput!
|
Example
Query
query Stories($accountId: ID!, $from: Int!, $limit: Int!, $sort: [StorySortInput!], $filter: [StoryFilterInput!]!) {
xdr(accountID: $accountId) {
stories(
input: {paging: {from: $from, limit: $limit}, sort: $sort, filter: $filter}
) {
paging {
from
limit
total
__typename
}
items {
...StoryBrief
__typename
}
__typename
}
__typename
}
}
fragment StoryBrief on Story {
id
accountId
accountName
updatedAt
createdAt
analystName
incident {
__typename
id
status
lastSignal
firstSignal
producer
connectionType
indication
queryName
description
criticality
source
ticket
research
vendor
sourceIp
analystFeedback {
severity
__typename
}
... on Threat {
...ThreatIncidentBrief
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentBrief
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentBrief
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentBrief
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentBrief
__typename
}
}
__typename
}
fragment ThreatIncidentBrief on Threat {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment ThreatPreventionIncidentBrief on ThreatPrevention {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment AnomalyStatsIncidentBrief on AnomalyStats {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment AnomalyEventsIncidentBrief on AnomalyEvents {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment NetworkXDRIncidentBrief on NetworkXDRIncident {
__typename
storyDuration
storyType
siteConnectionType
siteConfigLocation
acknowledged
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
}
Variables
{
"accountId": "123",
"from": 0,
"limit": 25,
"filter": [
{
"timeFrame": {"time": "last.P14D", "timeFrameModifier": "StoryUpdate"},
"producer": {
"in": [
"AnomalyEvents",
"AnomalyStats",
"ThreatHunt",
"ThreatPrevention",
"MicrosoftEndpointDefender",
"CatoEndpointAlert"
]
}
}
],
"sort": [{"fieldName": "updatedAt", "order": "desc"}]
}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"stories": {
"paging": {"from": 0, "limit": 25, "total": 5, "__typename": "Paging"},
"items": [
{
"id": "65ba47966e0c8517cf2de805",
"accountId": 123,
"accountName": "account",
"updatedAt": "2024-01-31T13:13:58Z",
"createdAt": "2024-01-31T13:13:58Z",
"analystName": "abc123",
"incident": {
"__typename": "CatoEndpoint",
"id": "29ebcff1",
"status": "PendingMoreInfo",
"lastSignal": "2024-01-18T01:48:25Z",
"firstSignal": "2024-01-18T01:48:25Z",
"producer": "CatoEndpointAlert",
"connectionType": null,
"indication": "Cato Endpoint Alert",
"queryName": null,
"description": null,
"criticality": 5,
"source": "source",
"ticket": null,
"research": false,
"vendor": "CATO",
"sourceIp": null,
"analystFeedback": {
"severity": "Medium",
"__typename": "AnalystFeedback"
}
},
"__typename": "Story"
}
]
}
}
}
}
story
Beta
Description
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
Response
Returns a Story
Arguments
Name | Description |
---|---|
storyId - ID
|
|
producer - StoryProducerEnum
|
|
incidentId - ID
|
Example
Query
query StoryDetails($accountId: ID!, $storyId: ID!) {
xdr(accountID: $accountId) {
... on XDR {
story(storyId: $storyId) {
...StoryDetailed
__typename
}
__typename
}
__typename
}
}
fragment StoryDetailed on Story {
__typename
id
summary
updatedAt
createdAt
playbook
timeline {
...TimelineItem
__typename
}
incident {
__typename
id
status
producer
ticket
connectionType
indication
queryName
criticality
source
research
firstSignal
lastSignal
description
site {
id
name
__typename
}
user {
id
name
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentDetailed
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentDetailed
__typename
}
... on Threat {
...ThreatIncidentDetailed
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentDetailed
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentDetailed
__typename
}
... on MicrosoftEndpoint {
...MicrosoftEndpointIncidentDetailed
__typename
}
... on CatoEndpoint {
...CatoEndpointIncidentDetailed
__typename
}
}
}
fragment TimelineItem on TimelineItem {
createdAt
type
descriptions
additionalInfo
analystInfo {
name
__typename
}
context
category
__typename
}
fragment AnomalyStatsIncidentDetailed on AnomalyStats {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment AnalystFeedback on AnalystFeedback {
verdict
severity
threatType {
name
details
recommendedAction
__typename
}
threatClassification
additionalInfo
__typename
}
fragment AnomalyEventsIncidentDetailed on AnomalyEvents {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatIncidentDetailed on Threat {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
flows {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatPreventionIncidentDetailed on ThreatPrevention {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
threatPreventionsEvents {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referrer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment NetworkXDRIncidentDetailed on NetworkXDRIncident {
__typename
storyDuration
storyType
occurrences
siteConnectionType
siteConfigLocation
acknowledged
description
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
pop
isp
hostIp
ruleName
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
incidentId
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
pop
isp
hostIp
ruleName
tunnelResetCount
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
analystFeedback {
... on AnalystFeedback {
severity
__typename
}
__typename
}
}
fragment MicrosoftEndpointIncidentDetailed on MicrosoftEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
osDetails {
... on OsDetails {
...MicrosoftEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...MicrosoftEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on MicrosoftDefenderEndpointAlert {
...StoryDetailsMicrosoftEndpointAlert
__typename
}
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment MicrosoftEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on MicrosoftEndpointUser {
...MicrosoftEndpointIncidentUserDetails
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentUserDetails on MicrosoftEndpointUser {
name
domainName
__typename
}
fragment StoryDetailsMicrosoftEndpointAlert on MicrosoftDefenderEndpointAlert {
id
title
localIp
destinationIp
destinationUrl
mitreTechnique {
id
name
__typename
}
firstActivityDateTime
lastActivityDateTime
threatName
activities {
...StoryDetailsMicrosoftEndpointActivity
__typename
}
resources {
...StoryDetailsMicrosoftEndpointResource
__typename
}
... on MicrosoftDefenderEndpointAlert {
criticality
msStatus: status
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointActivity on MicrosoftActivity {
id
resourceId
parentResourceId
action
__typename
}
fragment StoryDetailsMicrosoftEndpointResource on MicrosoftEndpointResource {
id
remediationStatus
createdDateTime
verdict
roles
...StoryDetailsMicrosoftEndpointFileResource
...StoryDetailsMicrosoftEndpointProcessResource
...StoryDetailsMicrosoftEndpointRegistryResource
__typename
}
fragment StoryDetailsMicrosoftEndpointFileResource on MicrosoftFileResource {
detectionStatus
fileDetails {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsMicrosoftEndpointProcessResource on MicrosoftProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsMicrosoftEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointUserDetails on EndpointUser {
id
... on MicrosoftEndpointUser {
userSid
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointRegistryResource on MicrosoftRegistryResource {
valueName
valueType
value
key
hive
__typename
}
fragment CatoEndpointIncidentDetailed on CatoEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
macAddress
osDetails {
... on OsDetails {
...CatoEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...CatoEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on CatoEndpointAlert {
...StoryDetailsCatoEndpointAlert
__typename
}
__typename
}
__typename
}
fragment CatoEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment CatoEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on CatoEndpointUser {
...CatoEndpointIncidentUserDetails
__typename
}
__typename
}
fragment CatoEndpointIncidentUserDetails on CatoEndpointUser {
name
__typename
}
fragment StoryDetailsCatoEndpointAlert on CatoEndpointAlert {
id
title
mitreTechnique {
id
name
__typename
}
createdDateTime
threatName
activities {
...StoryDetailsCatoEndpointActivity
__typename
}
resources {
...StoryDetailsCatoEndpointResource
__typename
}
... on CatoEndpointAlert {
criticality
catoStatus: status
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointActivity on CatoActivity {
id
resourceId
parentResourceId
__typename
}
fragment StoryDetailsCatoEndpointResource on CatoResource {
id
createdDateTime
remediationStatus
...StoryDetailsCatoEndpointFileResource
...StoryDetailsCatoEndpointProcessResource
__typename
}
fragment StoryDetailsCatoEndpointFileResource on CatoFileResource {
detectionStatus
fileDetails {
...StoryDetailsCatoEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsCatoEndpointProcessResource on CatoProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsCatoEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsCatoEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointUserDetails on EndpointUser {
id
... on CatoEndpointUser {
name
__typename
}
__typename
}
Variables
{"accountId": "123", "storyId": "abc123"}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"story": {
"playbook": null,
"incident": {
"__typename": "Threat",
"id": "abc123",
"status": "Open",
"producer": "ThreatHunt",
"ticket": null,
"connectionType": "Site",
"indication": "abc123",
"queryName": "abc123",
"criticality": 5,
"source": "abc123",
"research": false,
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T13:00:00Z",
"description": "abc123",
"site": null,
"user": null,
"srcSiteId": "123",
"flowsCardinality": 4,
"storyDuration": 14400,
"os": "OS_WINDOWS",
"deviceName": "abc123",
"macAddress": "aa:aa:11:22:33:44",
"sourceIp": "1.2.3.4",
"logonName": null,
"direction": "OUTBOUND",
"predictedVerdict": null,
"predictedThreatType": null,
"similarStoriesData": [],
"events": [],
"mitres": [],
"timeSeries": [],
"targets": [
{
"type": "domain",
"name": "123",
"analysisScore": 0.75688803,
"infectionSource": true,
"catoPopularity": -1,
"threatFeeds": 2,
"creationTime": "2023-01-10T06:16:40Z",
"categories": "abc123",
"countryOfRegistration": "CZ",
"searchHits": "123",
"engines": null,
"eventData": [],
"__typename": "IncidentTargetRep"
}
],
"flows": [
{
"appName": "http",
"clientClass": null,
"sourceIp": "11.22.33.111",
"sourcePort": 123,
"direction": "INBOUND",
"createdAt": "2024-02-29T09:45:00Z",
"referer": null,
"userAgent": null,
"method": null,
"destinationCountry": "US",
"destinationPort": 123,
"destinationIp": "11.22.33.644",
"destinationGeolocation": "11.1,22.2",
"url": null,
"tunnelGeolocation": "11.1,22.2",
"domain": "abc123",
"target": "abc123",
"httpResponseCode": null,
"dnsResponseIP": null,
"smbFileName": null,
"fileHash": null,
"ja3": null,
"__typename": "IncidentFlow"
}
],
"analystFeedback": {
"verdict": null,
"severity": null,
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null,
"__typename": "AnalystFeedbackThreatType"
},
"threatClassification": null,
"additionalInfo": null,
"__typename": "AnalystFeedback"
}
},
"__typename": "Story",
"id": "abc123",
"summary": "abc123",
"updatedAt": "2024-03-27T08:32:44Z",
"createdAt": "2024-03-27T08:22:51Z",
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"type": "Diff",
"descriptions": ["abc123"],
"additionalInfo": null,
"analystInfo": null,
"context": "Story created",
"category": null,
"__typename": "TimelineItem"
}
]
}
}
}
}
Mutations
AdminMutations
addAdmin
Response
Returns an AddAdminPayload
Arguments
Name | Description |
---|---|
input - AddAdminInput!
|
Example
Query
mutation addAdmin($accountId:ID!, $input: AddAdminInput!) {
admin(accountId:$accountId) {
addAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"passwordNeverExpires": false,
"mfaEnabled": true,
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addAdmin": {"adminID": "456"}}}}
removeAdmin
Response
Returns a RemoveAdminPayload
Arguments
Name | Description |
---|---|
adminID - ID!
|
Example
Query
mutation removeAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeAdmin": {"adminID": "456"}}}}
updateAdmin
Response
Returns an UpdateAdminPayload
Arguments
Name | Description |
---|---|
adminID - ID!
|
|
input - UpdateAdminInput!
|
Example
Query
mutation updateAdmin($accountId:ID!, $adminID:ID!, $input: UpdateAdminInput!){
admin(accountId:$accountId) {
updateAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"managedRoles": [
{"role": {"id": 1, "name": "Editor"}},
{"role": {"id": 2, "name": "Viewer"}}
]
}
}
Response
{"data": {"admin": {"updateAdmin": {"adminID": "456"}}}}
ContainerMutations
delete
Beta
Response
Returns a DeleteContainerPayload!
Arguments
Name | Description |
---|---|
input - DeleteContainerInput!
|
Example
Query
mutation removeValuesFqdnContainer($accountId:ID!, $input:DeleteContainerInput!) {
container(accountId: $accountId) {
delete(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"delete": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
FqdnContainerMutations
addValues
Beta
Response
Returns a FqdnContainerAddValuesPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerAddValuesInput!
|
Example
Query
mutation addValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerAddValuesInput!) {
container(accountId: $accountId) {
fqdn {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"addValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Returns a CreateFqdnContainerFromFilePayload!
Arguments
Name | Description |
---|---|
input - CreateFqdnContainerFromFileInput!
|
Example
Query
mutation createFqdnContainerFromFile($accountId:ID!, $input:CreateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns a FqdnContainerRemoveValuesPayload!
Arguments
Name | Description |
---|---|
input - FqdnContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerRemoveValuesInput!) {
container(accountId: $accountId) {
fqdn {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"removeValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Returns an UpdateFqdnContainerFromFilePayload!
Arguments
Name | Description |
---|---|
input - UpdateFqdnContainerFromFileInput!
|
Example
Query
mutation updateFqdnContainerFromFile($accountId:ID!, $input:UpdateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
IpAddressRangeContainerMutations
addValues
Beta
Response
Returns an IpAddressRangeContainerAddValuesPayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerAddValuesInput!
|
Example
Query
mutation addValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerAddValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"addValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Arguments
Name | Description |
---|---|
input - CreateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation createIpAddressRangeContainerFromFile($accountId:ID!, $input:CreateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns an IpAddressRangeContainerRemoveValuesPayload!
Arguments
Name | Description |
---|---|
input - IpAddressRangeContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerRemoveValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"removeValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Arguments
Name | Description |
---|---|
input - UpdateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromFile($accountId:ID!, $input:UpdateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
InternetFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
action: ALLOW
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "ALLOW"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSection": {
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create the policy revision. Create a new empty policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "c15811b4-1e43-44ea-a132-6d1a73cb7f8d",
"createdTime": "2024-07-18T21:49:58.116",
"updatedTime": "2024-07-18T21:49:58.116"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "106ee457-4406-4ea4-a163-36aa247de48f"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section with system rules cannot be moved or removed",
"errorCode": "sectionSystemMove"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing rule from the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeSection": {"status": "FAILURE"}}}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - InternetFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
}
}
}
}
}
SiteMutations
addIpsecIkeV2Site
Beta
Response
Returns an AddIpsecIkeV2SitePayload
Arguments
Name | Description |
---|---|
input - AddIpsecIkeV2SiteInput!
|
Example
Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
sites(accountId:$accountId) {
addIpsecIkeV2Site(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
}
}
Response
{"data": {"sites": {"addIpsecIkeV2Site": {"siteId": "456"}}}}
addIpsecIkeV2SiteTunnels
Beta
Response
Returns an AddIpsecIkeV2SiteTunnelsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - AddIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
sites(accountId: $accountId) {
addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"publicSiteIp": "10.10.10.1",
"privateCatoIp": "1.1.1.12",
"privateSiteIp": "1.1.1.13",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"publicSiteIp": "20.20.20.1",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"sites": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
addNetworkRange
Response
Returns an AddNetworkRangePayload
Arguments
Name | Description |
---|---|
lanSocketInterfaceId - ID!
|
|
input - AddNetworkRangeInput!
|
Example
Query
mutation addNetworkRange(
$accountId:ID!,
$lanSocketInterfaceId: ID!,
$input:AddNetworkRangeInput!
) {
sites(accountId:$accountId){
addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
networkRangeId
}
}
}
Variables
{
"accountId": "123",
"lanSocketInterfaceId": "456",
"input": {
"name": "Printers",
"rangeType": "Routed",
"subnet": "123.0.1.0/30",
"gateway": "123.0.0.2"
}
}
Response
{"data": {"sites": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
addSocketSite
Response
Returns an AddSocketSitePayload
Arguments
Name | Description |
---|---|
input - AddSocketSiteInput!
|
Example
Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
sites(accountId:$accountId) {
addSocketSite(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"connectionType": "SOCKET_X1700",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"siteLocation": {
"countryCode": "IL",
"timezone": "Asia/Jerusalem",
"city": "Asheklon"
}
}
}
Response
{"data": {"sites": {"addSocketSite": {"siteId": "456"}}}}
addStaticHost
Response
Returns an AddStaticHostPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - AddStaticHostInput!
|
Example
Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
sites(accountId:$accountId){
addStaticHost(siteId:$siteId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"sites": {"addStaticHost": {"hostId": "789"}}}}
removeNetworkRange
Response
Returns a RemoveNetworkRangePayload
Arguments
Name | Description |
---|---|
networkRangeId - ID!
|
Example
Query
mutation removeNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
) {
sites(accountId:$accountId){
removeNetworkRange(networkRangeId:$networkRangeId){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"sites": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
removeSite
Response
Returns a RemoveSitePayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
Example
Query
mutation removeSite($accountId:ID!, $siteId:ID!){
sites(accountId:$accountId) {
removeSite(siteId:$siteId) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"sites": {"removeSite": {"siteId": "456"}}}}
removeStaticHost
Response
Returns a RemoveStaticHostPayload
Arguments
Name | Description |
---|---|
hostId - ID!
|
Example
Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
sites(accountId:$accountId){
removeStaticHost(hostId:$hostId){
hostId
}
}
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"sites": {"removeStaticHost": {"hostId": "789"}}}}
updateHa
Response
Returns an UpdateHaPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateHaInput!
|
Example
Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
sites(accountId:$accountId){
updateHa(siteId:$siteId, input:$input){
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primaryManagementIp": "123.0.0.231",
"secondaryManagementIp": "123.0.0.232",
"vrid": 123
}
}
Response
{"data": {"sites": {"updateHa": {"siteId": "456"}}}}
updateIpsecIkeV2SiteGeneralDetails
Beta
Response
Returns an UpdateIpsecIkeV2SiteGeneralDetailsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
sites(accountId: $accountId) {
updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"connectionMode": "RESPONDER_ONLY",
"identificationType": "FQDN",
"initMessage": {
"cipher": "AUTOMATIC",
"dhGroup": "DH_15_MODP3072",
"integrity": "SHA256",
"prf": "SHA256"
},
"authMessage": {
"cipher": "AES_GCM_256",
"dhGroup": "DH_16_MODP4096",
"integrity": "AUTOMATIC"
},
"networkRanges": "Service1:100.100.100.0/24"
}
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}
updateIpsecIkeV2SiteTunnels
Beta
Response
Returns an UpdateIpsecIkeV2SiteTunnelsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
sites(accountId: $accountId) {
updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"tunnelId": "PRIMARY1",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"tunnelId": "SECONDARY1",
"publicSiteIp": "20.20.20.2",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
updateNetworkRange
Response
Returns an UpdateNetworkRangePayload
Arguments
Name | Description |
---|---|
networkRangeId - ID!
|
|
input - UpdateNetworkRangeInput!
|
Example
Query
mutation updateNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
$input:UpdateNetworkRangeInput!
) {
sites(accountId:$accountId){
updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"sites": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
updateSiteGeneralDetails
Response
Returns an UpdateSiteGeneralDetailsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateSiteGeneralDetailsInput!
|
Example
Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
sites(accountId: $accountId){
updateSiteGeneralDetails(siteId:$siteId, input:$input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"sites": {"updateSiteGeneralDetails": {"siteId": "456"}}}}
updateSocketInterface
Response
Returns an UpdateSocketInterfacePayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
|
input - UpdateSocketInterfaceInput!
|
Example
Query
mutation updateSocketInterface(
$accountId:ID!,
$siteId: ID!,
$socketInterfaceId: SocketInterfaceIDEnum!,
$input:UpdateSocketInterfaceInput!
) {
sites(accountId:$accountId){
updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
siteId
socketInterfaceId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"socketInterfaceId": "INT_1",
"input": {
"destType": "CATO",
"bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
}
}
Response
{
"data": {
"sites": {
"updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
}
}
}
updateStaticHost
Response
Returns an UpdateStaticHostPayload
Arguments
Name | Description |
---|---|
hostId - ID!
|
|
input - UpdateStaticHostInput!
|
Example
Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
sites(accountId:$accountId){
updateStaticHost(hostId:$hostId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"hostId": "789",
"input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"sites": {"updateStaticHost": {"hostId": "789"}}}}
SiteMutations
addIpsecIkeV2Site
Beta
Response
Returns an AddIpsecIkeV2SitePayload
Arguments
Name | Description |
---|---|
input - AddIpsecIkeV2SiteInput!
|
Example
Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
sites(accountId:$accountId) {
addIpsecIkeV2Site(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
}
}
Response
{"data": {"sites": {"addIpsecIkeV2Site": {"siteId": "456"}}}}
addIpsecIkeV2SiteTunnels
Beta
Response
Returns an AddIpsecIkeV2SiteTunnelsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - AddIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
sites(accountId: $accountId) {
addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"publicSiteIp": "10.10.10.1",
"privateCatoIp": "1.1.1.12",
"privateSiteIp": "1.1.1.13",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"publicSiteIp": "20.20.20.1",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"sites": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
addNetworkRange
Response
Returns an AddNetworkRangePayload
Arguments
Name | Description |
---|---|
lanSocketInterfaceId - ID!
|
|
input - AddNetworkRangeInput!
|
Example
Query
mutation addNetworkRange(
$accountId:ID!,
$lanSocketInterfaceId: ID!,
$input:AddNetworkRangeInput!
) {
sites(accountId:$accountId){
addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
networkRangeId
}
}
}
Variables
{
"accountId": "123",
"lanSocketInterfaceId": "456",
"input": {
"name": "Printers",
"rangeType": "Routed",
"subnet": "123.0.1.0/30",
"gateway": "123.0.0.2"
}
}
Response
{"data": {"sites": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
addSocketSite
Response
Returns an AddSocketSitePayload
Arguments
Name | Description |
---|---|
input - AddSocketSiteInput!
|
Example
Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
sites(accountId:$accountId) {
addSocketSite(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"connectionType": "SOCKET_X1700",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"siteLocation": {
"countryCode": "IL",
"timezone": "Asia/Jerusalem",
"city": "Asheklon"
}
}
}
Response
{"data": {"sites": {"addSocketSite": {"siteId": "456"}}}}
addStaticHost
Response
Returns an AddStaticHostPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - AddStaticHostInput!
|
Example
Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
sites(accountId:$accountId){
addStaticHost(siteId:$siteId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"sites": {"addStaticHost": {"hostId": "789"}}}}
removeNetworkRange
Response
Returns a RemoveNetworkRangePayload
Arguments
Name | Description |
---|---|
networkRangeId - ID!
|
Example
Query
mutation removeNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
) {
sites(accountId:$accountId){
removeNetworkRange(networkRangeId:$networkRangeId){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"sites": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
removeSite
Response
Returns a RemoveSitePayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
Example
Query
mutation removeSite($accountId:ID!, $siteId:ID!){
sites(accountId:$accountId) {
removeSite(siteId:$siteId) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"sites": {"removeSite": {"siteId": "456"}}}}
removeStaticHost
Response
Returns a RemoveStaticHostPayload
Arguments
Name | Description |
---|---|
hostId - ID!
|
Example
Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
sites(accountId:$accountId){
removeStaticHost(hostId:$hostId){
hostId
}
}
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"sites": {"removeStaticHost": {"hostId": "789"}}}}
updateHa
Response
Returns an UpdateHaPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateHaInput!
|
Example
Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
sites(accountId:$accountId){
updateHa(siteId:$siteId, input:$input){
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primaryManagementIp": "123.0.0.231",
"secondaryManagementIp": "123.0.0.232",
"vrid": 123
}
}
Response
{"data": {"sites": {"updateHa": {"siteId": "456"}}}}
updateIpsecIkeV2SiteGeneralDetails
Beta
Response
Returns an UpdateIpsecIkeV2SiteGeneralDetailsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
sites(accountId: $accountId) {
updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"connectionMode": "RESPONDER_ONLY",
"identificationType": "FQDN",
"initMessage": {
"cipher": "AUTOMATIC",
"dhGroup": "DH_15_MODP3072",
"integrity": "SHA256",
"prf": "SHA256"
},
"authMessage": {
"cipher": "AES_GCM_256",
"dhGroup": "DH_16_MODP4096",
"integrity": "AUTOMATIC"
},
"networkRanges": "Service1:100.100.100.0/24"
}
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}
updateIpsecIkeV2SiteTunnels
Beta
Response
Returns an UpdateIpsecIkeV2SiteTunnelsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
sites(accountId: $accountId) {
updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"tunnelId": "PRIMARY1",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"tunnelId": "SECONDARY1",
"publicSiteIp": "20.20.20.2",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"sites": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
updateNetworkRange
Response
Returns an UpdateNetworkRangePayload
Arguments
Name | Description |
---|---|
networkRangeId - ID!
|
|
input - UpdateNetworkRangeInput!
|
Example
Query
mutation updateNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
$input:UpdateNetworkRangeInput!
) {
sites(accountId:$accountId){
updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"sites": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
updateSiteGeneralDetails
Response
Returns an UpdateSiteGeneralDetailsPayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
input - UpdateSiteGeneralDetailsInput!
|
Example
Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
sites(accountId: $accountId){
updateSiteGeneralDetails(siteId:$siteId, input:$input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"sites": {"updateSiteGeneralDetails": {"siteId": "456"}}}}
updateSocketInterface
Response
Returns an UpdateSocketInterfacePayload
Arguments
Name | Description |
---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
|
input - UpdateSocketInterfaceInput!
|
Example
Query
mutation updateSocketInterface(
$accountId:ID!,
$siteId: ID!,
$socketInterfaceId: SocketInterfaceIDEnum!,
$input:UpdateSocketInterfaceInput!
) {
sites(accountId:$accountId){
updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
siteId
socketInterfaceId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"socketInterfaceId": "INT_1",
"input": {
"destType": "CATO",
"bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
}
}
Response
{
"data": {
"sites": {
"updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
}
}
}
updateStaticHost
Response
Returns an UpdateStaticHostPayload
Arguments
Name | Description |
---|---|
hostId - ID!
|
|
input - UpdateStaticHostInput!
|
Example
Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
sites(accountId:$accountId){
updateStaticHost(hostId:$hostId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"hostId": "789",
"input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"sites": {"updateStaticHost": {"hostId": "789"}}}}
WanFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - WanFirewallAddRuleInput!
|
Example
Query
mutation AddWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addRule(input: {
rule: {
enabled: true,
name: "WAN Example Rule",
description: "WAN Example description",
source: {
ip: ["192.0.2.1", "198.51.100.1"],
subnet: ["10.0.0.0/24"]
},
destination: {
ip: ["203.0.113.1"],
subnet: ["172.16.0.0/24"]
},
action: BLOCK,
direction: TO
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "WAN Example Rule",
"description": "WAN Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/24"]
},
"action": "BLOCK",
"direction": "TO"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addSection": {
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanFirewallRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
createPolicyRevision(input: {
name: "WAN Test Revision",
description: "Testing working with multiple WAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN firewall revisions",
"name": "WAN Test Revision",
"id": "6a496eda-b7c1-455e-820e-e839a0dcd2c0",
"createdTime": "2024-09-10T09:21:37.208",
"updatedTime": "2024-09-10T09:21:37.208"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"section": {"id": "363808", "name": "Example Wan Section"}
}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# PublishWanFirewallPolicy.graphql
mutation PublishWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update access rules for remote offices"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Description
Remove an existing rule from the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - WanFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
Name | Description |
---|---|
input - WanFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdateWanFirewallPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
Name | Description |
---|---|
input - WanFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
rule: {
enabled: true,
name: "Updated WAN Rule",
description: "Updated WAN description",
source: {
ip: ["192.0.2.2"]
},
destination: {
subnet: ["172.16.0.0/16"]
},
action: ALLOW,
direction: BOTH
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "Updated WAN Rule",
"description": "Updated WAN description",
"enabled": true,
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/16"]
},
"action": "ALLOW",
"direction": "BOTH"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
Name | Description |
---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781",
section: {
name: "updated WAN section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
Types
AccountDataPayload
AccountIdPredicate
BetaAccountMetrics
Fields
Field Name | Description |
---|---|
from - DateTime
|
Starting time |
granularity - Int
|
The size of a single time bucket in seconds |
id - ID
|
Unique Identifier of Account. |
sites - [SiteMetrics!]
|
Site connectivity metrics for the requested sites. |
Arguments
|
|
timeseries - [Timeseries!]
|
|
Arguments
|
|
to - DateTime
|
Ending time |
users - [SiteMetrics!]
|
Connectivity metrics for the requested users connecting remotely with the Client. Doesn’t include user traffic behind a site. |
Arguments
|
Example
{
"from": "2007-12-03T10:15:30Z",
"granularity": 987,
"id": "4",
"sites": [SiteMetrics],
"timeseries": [Timeseries],
"to": "2007-12-03T10:15:30Z",
"users": [SiteMetrics]
}
AccountRef
BetaAccountRolesResult
Fields
Field Name | Description |
---|---|
items - [RBACRole!]!
|
|
total - Int!
|
Example
{"items": [RBACRole], "total": 987}
AccountSnapshot
Fields
Field Name | Description |
---|---|
id - ID
|
Unique Identifier of Account |
sites - [SiteSnapshot!]
|
Sites includes information about online as well as offline sites |
Arguments
|
|
timestamp - DateTime
|
|
users - [UserSnapshot!]
|
VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested |
Arguments
|
Example
{
"id": 4,
"sites": [SiteSnapshot],
"timestamp": "2007-12-03T10:15:30Z",
"users": [UserSnapshot]
}
AccountType
Values
Enum Value | Description |
---|---|
|
|
|
|
|
|
|
Example
"ALL"
Activity
Possible Types
Activity Types |
---|
Example
{"id": 4, "resourceId": 4, "parentResourceId": 4}
AddAdminInput
Fields
Input Field | Description |
---|---|
email - String!
|
|
firstName - String!
|
|
lastName - String!
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
mfaEnabled - Boolean!
|
|
passwordNeverExpires - Boolean!
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"email": "xyz789",
"firstName": "xyz789",
"lastName": "xyz789",
"managedRoles": [UpdateAdminRoleInput],
"mfaEnabled": true,
"passwordNeverExpires": true,
"resellerRoles": [UpdateAdminRoleInput]
}
AddAdminPayload
Fields
Field Name | Description |
---|---|
adminID - ID!
|
Example
{"adminID": 4}
AddIpsecIkeV2SiteInput
BetaFields
Input Field | Description |
---|---|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default
|
Example
{
"description": "xyz789",
"name": "xyz789",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH"
}
AddIpsecIkeV2SiteMultiTunnelPayload
BetaFields
Field Name | Description |
---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [AddIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [AddIpsecIkeV2SiteTunnelPayload]
}
AddIpsecIkeV2SitePayload
BetaFields
Field Name | Description |
---|---|
siteId - ID!
|
The ID of the site |
Example
{"siteId": 4}
AddIpsecIkeV2SiteTunnelPayload
BetaFields
Field Name | Description |
---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "abc123",
"tunnelId": "PRIMARY1"
}
AddIpsecIkeV2SiteTunnelsInput
BetaFields
Input Field | Description |
---|---|
primary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s primary tunnel |
secondary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s secondary tunnel |
Example
{
"primary": AddIpsecIkeV2TunnelsInput,
"secondary": AddIpsecIkeV2TunnelsInput
}
AddIpsecIkeV2SiteTunnelsPayload
BetaFields
Field Name | Description |
---|---|
primary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the primary tunnel |
secondary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the secondary tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": AddIpsecIkeV2SiteMultiTunnelPayload,
"secondary": AddIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
AddIpsecIkeV2TunnelInput
BetaFields
Input Field | Description |
---|---|
lastMileBw - LastMileBwInput
|
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below |
privateCatoIp - IPAddress
|
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only |
privateSiteIp - IPAddress
|
Site private IP, used for BGP routing. Applicable for sites using BGP only |
psk - String!
|
Pre-shared key. This field is write-only. |
publicSiteIp - IPAddress
|
The public IP address where the IPsec tunnel is initiated |
Example
{
"lastMileBw": LastMileBwInput,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"psk": "abc123",
"publicSiteIp": IPAddress
}
AddIpsecIkeV2TunnelsInput
BetaFields
Input Field | Description |
---|---|
destinationType - DestinationType
|
The destination type of the IPsec tunnel |
popLocationId - ID
|
The PoP location ID |
publicCatoIpId - ID
|
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud |
tunnels - [AddIpsecIkeV2TunnelInput!]!
|
Example
{
"destinationType": "FQDN",
"popLocationId": "4",
"publicCatoIpId": "4",
"tunnels": [AddIpsecIkeV2TunnelInput]
}
AddNetworkRangeInput
Fields
Input Field | Description |
---|---|
azureFloatingIp - IPAddress
|
Only relevant for AZURE HA sites |
dhcpSettings - NetworkDhcpSettingsInput
|
Only relevant for NATIVE, VLAN rangeType |
gateway - IPAddress
|
Only relevant for ROUTED_ROUTE rangeType |
localIp - IPAddress
|
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType |
mdnsReflector - Boolean
|
BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType |
name - String!
|
|
rangeType - SubnetType!
|
|
subnet - IPSubnet!
|
|
translatedSubnet - IPSubnet
|
|
vlan - Int
|
Only relevant for VLAN network rangeType |
Example
{
"azureFloatingIp": IPAddress,
"dhcpSettings": NetworkDhcpSettingsInput,
"gateway": IPAddress,
"localIp": IPAddress,
"mdnsReflector": true,
"name": "abc123",
"rangeType": "Direct",
"subnet": IPSubnet,
"translatedSubnet": IPSubnet,
"vlan": 987
}
AddNetworkRangePayload
Fields
Field Name | Description |
---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": 4}
AddSiteLocationInput
Example
{
"address": "xyz789",
"city": "xyz789",
"countryCode": "abc123",
"stateCode": "xyz789",
"timezone": "xyz789"
}
AddSocketSiteInput
Fields
Input Field | Description |
---|---|
connectionType - SiteConnectionTypeEnum!
|
|
description - String
|
|
name - String!
|
|
nativeNetworkRange - IPSubnet!
|
|
siteLocation - AddSiteLocationInput!
|
|
siteType - SiteType!
|
|
translatedSubnet - IPSubnet
|
Example
{
"connectionType": "SOCKET_AWS1500",
"description": "abc123",
"name": "abc123",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"translatedSubnet": IPSubnet
}
AddSocketSitePayload
Fields
Field Name | Description |
---|---|
siteId - ID!
|
Example
{"siteId": "4"}
AddStaticHostInput
Fields
Input Field | Description |
---|---|
ip - IPAddress!
|
|
macAddress - String
|
|
name - String!
|
Example
{
"ip": IPAddress,
"macAddress": "xyz789",
"name": "abc123"
}
AddStaticHostPayload
Fields
Field Name | Description |
---|---|
hostId - ID!
|
Example
{"hostId": 4}
Admin
Description
A CC2 administrator
Fields
Field Name | Description |
---|---|
allowedItems - [Entity!]
|
|
creationDate - DateTime
|
|
email - String
|
|
firstName - String
|
|
id - ID!
|
|
lastName - String
|
|
managedRoles - [AdminRole!]
|
|
mfaEnabled - Boolean
|
|
modifyDate - DateTime
|
|
nativeAccountID - ID
|
|
passwordNeverExpires - Boolean
|
|
presentUsageAndEvents - Boolean
|
|
resellerRoles - [AdminRole!]
|
|
role - UserRole
|
|
status - OperationalStatus
|
|
version - String!
|
Example
{
"allowedItems": [Entity],
"creationDate": "2007-12-03T10:15:30Z",
"email": "xyz789",
"firstName": "abc123",
"id": 4,
"lastName": "abc123",
"managedRoles": [AdminRole],
"mfaEnabled": true,
"modifyDate": "2007-12-03T10:15:30Z",
"nativeAccountID": "4",
"passwordNeverExpires": true,
"presentUsageAndEvents": false,
"resellerRoles": [AdminRole],
"role": "EDITOR",
"status": "active",
"version": "abc123"
}
AdminRole
AdminsResult
AggregationType
Values
Enum Value | Description |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"any"
AlertClassificationEnum
Values
Enum Value | Description |
---|---|
|
|
|
|
|
Example
"FALSE_POSITIVE"
AlertDeterminationEnum
Values
Enum Value | Description |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"APT"
AnalystFeedback
Fields
Field Name | Description |
---|---|
additionalInfo - String
|
|
severity - SeverityEnum
|
|
threatClassification - String
|
|
threatType - AnalystFeedbackThreatType
|
|
verdict - StoryVerdictEnum
|
Example
{
"additionalInfo": "xyz789",
"severity": "High",
"threatClassification": "xyz789",
"threatType": AnalystFeedbackThreatType,
"verdict": "Benign"
}
AnalystFeedbackThreatType
AnalystInfo
BetaAnnotationType
Values
Enum Value | Description |
---|---|
|
Other events that are included in annotations |
|
The site connects to a different PoP |
|
The ISP IP address (remote IP) changed |
|
Change for HA status role |
Example
"generic"
Anomalies
Fields
Field Name | Description |
---|---|
id - ID!
|
|
firstSignal - DateTime!
|
|
lastSignal - DateTime!
|
|
engineType - StoryEngineTypeEnum
|
|
vendor - VendorEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
connectionType - ConnectionTypeEnum
|
|
indication - String!
|
|
queryName - String
|
|
source - String
|
|
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
|
storyDuration - Int
|
|
description - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
sourceIp - String
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
direction - String
|
Possible Types
Anomalies Types |
---|
Example
{
"id": 4,
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"connectionType": "Host",
"indication": "abc123",
"queryName": "xyz789",
"source": "xyz789",
"criticality": 123,
"ticket": "abc123",
"status": "Closed",
"research": false,
"siteName": "abc123",
"storyDuration": 123,
"description": "xyz789",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"sourceIp": "xyz789",
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "abc123",
"direction": "abc123"
}
AnomalyEvents
Fields
Field Name | Description |
---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
|
producerName - String!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
|
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "abc123",
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 123,
"description": "xyz789",
"deviceName": "abc123",
"direction": "xyz789",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": "4",
"indication": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "abc123",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"os": "abc123",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"queryName": "abc123",
"research": true,
"rules": ["xyz789"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "xyz789",
"sourceIp": "abc123",
"srcSiteId": "xyz789",
"status": "Closed",
"storyDuration": 123,
"subjectType": "abc123",
"targets": [IncidentTargetRep],
"ticket": "abc123",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
AnomalyStats
Fields
Field Name | Description |
---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|