catocli 1.0.18__py3-none-any.whl → 1.0.20__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (102) hide show
  1. catocli/Utils/clidriver.py +6 -0
  2. catocli/__init__.py +1 -1
  3. catocli/parsers/mutation_policy/__init__.py +174 -0
  4. catocli/parsers/mutation_policy_dynamicIpAllocation/README.md +7 -0
  5. catocli/parsers/mutation_policy_dynamicIpAllocation_addRule/README.md +18 -0
  6. catocli/parsers/mutation_policy_dynamicIpAllocation_addSection/README.md +18 -0
  7. catocli/parsers/mutation_policy_dynamicIpAllocation_createPolicyRevision/README.md +18 -0
  8. catocli/parsers/mutation_policy_dynamicIpAllocation_discardPolicyRevision/README.md +18 -0
  9. catocli/parsers/mutation_policy_dynamicIpAllocation_moveRule/README.md +18 -0
  10. catocli/parsers/mutation_policy_dynamicIpAllocation_moveSection/README.md +18 -0
  11. catocli/parsers/mutation_policy_dynamicIpAllocation_publishPolicyRevision/README.md +18 -0
  12. catocli/parsers/mutation_policy_dynamicIpAllocation_removeRule/README.md +18 -0
  13. catocli/parsers/mutation_policy_dynamicIpAllocation_removeSection/README.md +18 -0
  14. catocli/parsers/mutation_policy_dynamicIpAllocation_updatePolicy/README.md +18 -0
  15. catocli/parsers/mutation_policy_dynamicIpAllocation_updateRule/README.md +18 -0
  16. catocli/parsers/mutation_policy_dynamicIpAllocation_updateSection/README.md +18 -0
  17. catocli/parsers/mutation_sandbox/README.md +7 -0
  18. catocli/parsers/mutation_sandbox/__init__.py +37 -0
  19. catocli/parsers/mutation_sandbox_deleteReport/README.md +17 -0
  20. catocli/parsers/mutation_sandbox_uploadFile/README.md +17 -0
  21. catocli/parsers/mutation_site/__init__.py +28 -0
  22. catocli/parsers/mutation_site_addIpsecIkeV2Site/README.md +1 -1
  23. catocli/parsers/mutation_site_addIpsecIkeV2SiteTunnels/README.md +1 -1
  24. catocli/parsers/mutation_site_addSecondaryAwsVSocket/README.md +17 -0
  25. catocli/parsers/mutation_site_addSecondaryAzureVSocket/README.md +17 -0
  26. catocli/parsers/mutation_site_addSocketSite/README.md +1 -1
  27. catocli/parsers/mutation_site_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  28. catocli/parsers/mutation_site_updateSocketInterface/README.md +1 -1
  29. catocli/parsers/mutation_sites/__init__.py +28 -0
  30. catocli/parsers/mutation_sites_addIpsecIkeV2Site/README.md +1 -1
  31. catocli/parsers/mutation_sites_addIpsecIkeV2SiteTunnels/README.md +1 -1
  32. catocli/parsers/mutation_sites_addSecondaryAwsVSocket/README.md +17 -0
  33. catocli/parsers/mutation_sites_addSecondaryAzureVSocket/README.md +17 -0
  34. catocli/parsers/mutation_sites_addSocketSite/README.md +1 -1
  35. catocli/parsers/mutation_sites_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  36. catocli/parsers/mutation_sites_updateSocketInterface/README.md +1 -1
  37. catocli/parsers/mutation_xdr/README.md +7 -0
  38. catocli/parsers/mutation_xdr/__init__.py +51 -0
  39. catocli/parsers/mutation_xdr_addStoryComment/README.md +17 -0
  40. catocli/parsers/mutation_xdr_analystFeedback/README.md +18 -0
  41. catocli/parsers/mutation_xdr_deleteStoryComment/README.md +17 -0
  42. catocli/parsers/parserApiClient.py +6 -6
  43. catocli/parsers/query_accountMetrics/README.md +2 -1
  44. catocli/parsers/query_appStatsTimeSeries/README.md +2 -1
  45. catocli/parsers/query_eventsFeed/README.md +1 -1
  46. catocli/parsers/query_eventsTimeSeries/README.md +2 -1
  47. catocli/parsers/query_policy/README.md +2 -1
  48. catocli/parsers/query_sandbox/README.md +17 -0
  49. catocli/parsers/query_sandbox/__init__.py +17 -0
  50. catocli/parsers/query_siteLocation/README.md +1 -1
  51. catocli/parsers/query_xdr_story/README.md +1 -1
  52. {catocli-1.0.18.dist-info → catocli-1.0.20.dist-info}/METADATA +1 -1
  53. {catocli-1.0.18.dist-info → catocli-1.0.20.dist-info}/RECORD +102 -52
  54. models/mutation.policy.dynamicIpAllocation.addRule.json +3696 -0
  55. models/mutation.policy.dynamicIpAllocation.addSection.json +1358 -0
  56. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +2175 -0
  57. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +2109 -0
  58. models/mutation.policy.dynamicIpAllocation.moveRule.json +1907 -0
  59. models/mutation.policy.dynamicIpAllocation.moveSection.json +1259 -0
  60. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +2166 -0
  61. models/mutation.policy.dynamicIpAllocation.removeRule.json +1555 -0
  62. models/mutation.policy.dynamicIpAllocation.removeSection.json +958 -0
  63. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +2185 -0
  64. models/mutation.policy.dynamicIpAllocation.updateRule.json +3374 -0
  65. models/mutation.policy.dynamicIpAllocation.updateSection.json +1111 -0
  66. models/mutation.sandbox.deleteReport.json +302 -0
  67. models/mutation.sandbox.uploadFile.json +301 -0
  68. models/mutation.site.addIpsecIkeV2Site.json +57 -0
  69. models/mutation.site.addIpsecIkeV2SiteTunnels.json +222 -0
  70. models/mutation.site.addSecondaryAwsVSocket.json +707 -0
  71. models/mutation.site.addSecondaryAzureVSocket.json +647 -0
  72. models/mutation.site.addSocketSite.json +72 -15
  73. models/mutation.site.updateIpsecIkeV2SiteTunnels.json +222 -0
  74. models/mutation.site.updateNetworkRange.json +3 -3
  75. models/mutation.site.updateSocketInterface.json +126 -18
  76. models/mutation.sites.addIpsecIkeV2Site.json +57 -0
  77. models/mutation.sites.addIpsecIkeV2SiteTunnels.json +222 -0
  78. models/mutation.sites.addSecondaryAwsVSocket.json +707 -0
  79. models/mutation.sites.addSecondaryAzureVSocket.json +647 -0
  80. models/mutation.sites.addSocketSite.json +72 -15
  81. models/mutation.sites.updateIpsecIkeV2SiteTunnels.json +222 -0
  82. models/mutation.sites.updateNetworkRange.json +3 -3
  83. models/mutation.sites.updateSocketInterface.json +126 -18
  84. models/mutation.xdr.addStoryComment.json +622 -0
  85. models/mutation.xdr.analystFeedback.json +28820 -0
  86. models/mutation.xdr.deleteStoryComment.json +622 -0
  87. models/query.accountMetrics.json +341 -0
  88. models/query.accountSnapshot.json +120 -0
  89. models/query.appStatsTimeSeries.json +37 -0
  90. models/query.auditFeed.json +292 -52
  91. models/query.events.json +1196 -236
  92. models/query.eventsFeed.json +292 -52
  93. models/query.eventsTimeSeries.json +941 -184
  94. models/query.policy.json +2047 -156
  95. models/query.sandbox.json +2047 -0
  96. models/query.xdr.stories.json +134 -4
  97. models/query.xdr.story.json +116 -4
  98. schema/catolib.py +4 -5
  99. {catocli-1.0.18.dist-info → catocli-1.0.20.dist-info}/LICENSE +0 -0
  100. {catocli-1.0.18.dist-info → catocli-1.0.20.dist-info}/WHEEL +0 -0
  101. {catocli-1.0.18.dist-info → catocli-1.0.20.dist-info}/entry_points.txt +0 -0
  102. {catocli-1.0.18.dist-info → catocli-1.0.20.dist-info}/top_level.txt +0 -0
models/query.auditFeed.json CHANGED
@@ -166,7 +166,7 @@
166
166
  "description": null,
167
167
  "enumValues": [
168
168
  {
169
- "deprecationReason": "use src_site_id/src_site_name instead",
169
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
170
170
  "description": "Name of site or user initiating the connection",
171
171
  "isDeprecated": true,
172
172
  "name": "src_site"
@@ -190,7 +190,7 @@
190
190
  "name": "user_id"
191
191
  },
192
192
  {
193
- "deprecationReason": "use dest_site_id/dest_site_name instead",
193
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
194
194
  "description": "For WAN traffic, name of destination site or SDP user",
195
195
  "isDeprecated": true,
196
196
  "name": "dest_site"
@@ -202,13 +202,13 @@
202
202
  "name": "dest_site_id"
203
203
  },
204
204
  {
205
- "deprecationReason": null,
205
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
206
206
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
207
- "isDeprecated": false,
207
+ "isDeprecated": true,
208
208
  "name": "src_or_dest_site_id"
209
209
  },
210
210
  {
211
- "deprecationReason": "use rule_name instead",
211
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
212
212
  "description": "Name of security rule related to the event",
213
213
  "isDeprecated": true,
214
214
  "name": "rule"
@@ -226,7 +226,7 @@
226
226
  "name": "socket_interface"
227
227
  },
228
228
  {
229
- "deprecationReason": "use custom_category_id/custom_category_name instead",
229
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
230
230
  "description": "Name for the custom category defined in the Cato Management Application",
231
231
  "isDeprecated": true,
232
232
  "name": "custom_category"
@@ -239,7 +239,7 @@
239
239
  },
240
240
  {
241
241
  "deprecationReason": null,
242
- "description": "For Internet traffic, destination host port",
242
+ "description": "Destination port",
243
243
  "isDeprecated": false,
244
244
  "name": "dest_port"
245
245
  },
@@ -299,7 +299,7 @@
299
299
  },
300
300
  {
301
301
  "deprecationReason": null,
302
- "description": "For Internet traffic, destination host IP address",
302
+ "description": "Destination IP address",
303
303
  "isDeprecated": false,
304
304
  "name": "dest_ip"
305
305
  },
@@ -376,7 +376,7 @@
376
376
  "name": "configured_host_name"
377
377
  },
378
378
  {
379
- "deprecationReason": "use event_id instead",
379
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
380
380
  "description": "Cato Internal-use only",
381
381
  "isDeprecated": true,
382
382
  "name": "internalId"
@@ -448,9 +448,9 @@
448
448
  "name": "bgp_error_code"
449
449
  },
450
450
  {
451
- "deprecationReason": null,
451
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
452
452
  "description": "Description from Cato Management Application for BGP peer",
453
- "isDeprecated": false,
453
+ "isDeprecated": true,
454
454
  "name": "bgp_peer_description"
455
455
  },
456
456
  {
@@ -515,7 +515,7 @@
515
515
  },
516
516
  {
517
517
  "deprecationReason": null,
518
- "description": "Data that measures the latency for a specific link",
518
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
519
519
  "isDeprecated": false,
520
520
  "name": "link_health_latency"
521
521
  },
@@ -670,14 +670,14 @@
670
670
  "name": "incident_id"
671
671
  },
672
672
  {
673
- "deprecationReason": "use application_id/application_name instead",
673
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
674
674
  "description": "For Internet firewall, app for this event",
675
675
  "isDeprecated": true,
676
676
  "name": "application"
677
677
  },
678
678
  {
679
679
  "deprecationReason": null,
680
- "description": "Application of the flow",
680
+ "description": "The name of the application associated with the flow",
681
681
  "isDeprecated": false,
682
682
  "name": "application_name"
683
683
  },
@@ -700,7 +700,7 @@
700
700
  "name": "socket_interface_id"
701
701
  },
702
702
  {
703
- "deprecationReason": "use custom_category_id/custom_category_name instead",
703
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
704
704
  "description": "Unique Cato ID for the custom category",
705
705
  "isDeprecated": true,
706
706
  "name": "custom_categories"
@@ -779,7 +779,7 @@
779
779
  },
780
780
  {
781
781
  "deprecationReason": null,
782
- "description": "For Internet traffic, destination host IP address",
782
+ "description": "The name of the destination site",
783
783
  "isDeprecated": false,
784
784
  "name": "dest_site_name"
785
785
  },
@@ -838,7 +838,7 @@
838
838
  "name": "device_posture_profile"
839
839
  },
840
840
  {
841
- "deprecationReason": "use device_posture_profile instead",
841
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
842
842
  "description": "Device posture profiles",
843
843
  "isDeprecated": true,
844
844
  "name": "device_posture_profiles"
@@ -911,7 +911,7 @@
911
911
  },
912
912
  {
913
913
  "deprecationReason": null,
914
- "description": "DLP fail mode",
914
+ "description": "Describes the behavior when the DLP system encounters a failure",
915
915
  "isDeprecated": false,
916
916
  "name": "dlp_fail_mode"
917
917
  },
@@ -969,6 +969,24 @@
969
969
  "isDeprecated": false,
970
970
  "name": "is_sinkhole"
971
971
  },
972
+ {
973
+ "deprecationReason": null,
974
+ "description": "The ID for the endpoint",
975
+ "isDeprecated": false,
976
+ "name": "endpoint_id"
977
+ },
978
+ {
979
+ "deprecationReason": null,
980
+ "description": "The Endpoint Protection Engine that detected the malware",
981
+ "isDeprecated": false,
982
+ "name": "epp_engine_type"
983
+ },
984
+ {
985
+ "deprecationReason": null,
986
+ "description": "The file operation when this event occurred",
987
+ "isDeprecated": false,
988
+ "name": "file_operation"
989
+ },
972
990
  {
973
991
  "deprecationReason": null,
974
992
  "description": null,
@@ -1001,7 +1019,7 @@
1001
1019
  },
1002
1020
  {
1003
1021
  "deprecationReason": null,
1004
- "description": null,
1022
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
1005
1023
  "isDeprecated": false,
1006
1024
  "name": "vendor"
1007
1025
  },
@@ -1042,19 +1060,19 @@
1042
1060
  "name": "recommended_actions"
1043
1061
  },
1044
1062
  {
1045
- "deprecationReason": "use src_pid instead",
1063
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
1046
1064
  "description": null,
1047
1065
  "isDeprecated": true,
1048
1066
  "name": "pid"
1049
1067
  },
1050
1068
  {
1051
- "deprecationReason": "use src_process_parent_pid instead",
1069
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
1052
1070
  "description": null,
1053
1071
  "isDeprecated": true,
1054
1072
  "name": "parent_pid"
1055
1073
  },
1056
1074
  {
1057
- "deprecationReason": "use src_process_path instead",
1075
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
1058
1076
  "description": null,
1059
1077
  "isDeprecated": true,
1060
1078
  "name": "process_path"
@@ -1071,12 +1089,66 @@
1071
1089
  "isDeprecated": false,
1072
1090
  "name": "out_of_band_access"
1073
1091
  },
1092
+ {
1093
+ "deprecationReason": null,
1094
+ "description": "A Unique ID for the quarantined file",
1095
+ "isDeprecated": false,
1096
+ "name": "quarantine_uuid"
1097
+ },
1074
1098
  {
1075
1099
  "deprecationReason": null,
1076
1100
  "description": null,
1077
1101
  "isDeprecated": false,
1078
1102
  "name": "logged_in_user"
1079
1103
  },
1104
+ {
1105
+ "deprecationReason": null,
1106
+ "description": "The profile assigned to the endpoint upon detection of the malware",
1107
+ "isDeprecated": false,
1108
+ "name": "epp_profile"
1109
+ },
1110
+ {
1111
+ "deprecationReason": null,
1112
+ "description": "Source process ID",
1113
+ "isDeprecated": false,
1114
+ "name": "src_pid"
1115
+ },
1116
+ {
1117
+ "deprecationReason": null,
1118
+ "description": "Source process file path",
1119
+ "isDeprecated": false,
1120
+ "name": "src_process_path"
1121
+ },
1122
+ {
1123
+ "deprecationReason": null,
1124
+ "description": "Source process command line",
1125
+ "isDeprecated": false,
1126
+ "name": "src_process_cmdline"
1127
+ },
1128
+ {
1129
+ "deprecationReason": null,
1130
+ "description": "Source process parent process ID",
1131
+ "isDeprecated": false,
1132
+ "name": "src_process_parent_pid"
1133
+ },
1134
+ {
1135
+ "deprecationReason": null,
1136
+ "description": "Source process parent file path",
1137
+ "isDeprecated": false,
1138
+ "name": "src_process_parent_path"
1139
+ },
1140
+ {
1141
+ "deprecationReason": null,
1142
+ "description": "If policy is set to disinfect, return the result of this action",
1143
+ "isDeprecated": false,
1144
+ "name": "disinfect_result"
1145
+ },
1146
+ {
1147
+ "deprecationReason": null,
1148
+ "description": "Indicate how many processes are part of this event",
1149
+ "isDeprecated": false,
1150
+ "name": "processes_count"
1151
+ },
1080
1152
  {
1081
1153
  "deprecationReason": null,
1082
1154
  "description": "HTTP request method (ie. Get, Post)",
@@ -1151,7 +1223,7 @@
1151
1223
  },
1152
1224
  {
1153
1225
  "deprecationReason": null,
1154
- "description": "Cato App",
1226
+ "description": "Cato application name",
1155
1227
  "isDeprecated": false,
1156
1228
  "name": "cato_app"
1157
1229
  },
@@ -1205,7 +1277,7 @@
1205
1277
  },
1206
1278
  {
1207
1279
  "deprecationReason": null,
1208
- "description": "Tenant Id",
1280
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1209
1281
  "isDeprecated": false,
1210
1282
  "name": "tenant_id"
1211
1283
  },
@@ -1265,7 +1337,7 @@
1265
1337
  },
1266
1338
  {
1267
1339
  "deprecationReason": null,
1268
- "description": "Data Classifiers",
1340
+ "description": "Defines the scanning methods used by the DLP system",
1269
1341
  "isDeprecated": false,
1270
1342
  "name": "dlp_scan_types"
1271
1343
  },
@@ -1343,7 +1415,7 @@
1343
1415
  },
1344
1416
  {
1345
1417
  "deprecationReason": null,
1346
- "description": "Used Public IP",
1418
+ "description": "Public source IP",
1347
1419
  "isDeprecated": false,
1348
1420
  "name": "public_ip"
1349
1421
  },
@@ -1514,6 +1586,54 @@
1514
1586
  "description": "Device Type",
1515
1587
  "isDeprecated": false,
1516
1588
  "name": "device_type"
1589
+ },
1590
+ {
1591
+ "deprecationReason": null,
1592
+ "description": "Tenant Restriction Rule Name",
1593
+ "isDeprecated": false,
1594
+ "name": "tenant_restriction_rule_name"
1595
+ },
1596
+ {
1597
+ "deprecationReason": null,
1598
+ "description": "Connection Origin",
1599
+ "isDeprecated": false,
1600
+ "name": "connection_origin"
1601
+ },
1602
+ {
1603
+ "deprecationReason": null,
1604
+ "description": "Translated Server IP",
1605
+ "isDeprecated": false,
1606
+ "name": "translated_server_ip"
1607
+ },
1608
+ {
1609
+ "deprecationReason": null,
1610
+ "description": "Translated Client IP",
1611
+ "isDeprecated": false,
1612
+ "name": "translated_client_ip"
1613
+ },
1614
+ {
1615
+ "deprecationReason": null,
1616
+ "description": "IoC Container Name",
1617
+ "isDeprecated": false,
1618
+ "name": "container_name"
1619
+ },
1620
+ {
1621
+ "deprecationReason": null,
1622
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1623
+ "isDeprecated": false,
1624
+ "name": "correlation_id"
1625
+ },
1626
+ {
1627
+ "deprecationReason": null,
1628
+ "description": "Precedence",
1629
+ "isDeprecated": false,
1630
+ "name": "precedence"
1631
+ },
1632
+ {
1633
+ "deprecationReason": null,
1634
+ "description": "A list of labels providing additional context for the event",
1635
+ "isDeprecated": false,
1636
+ "name": "labels"
1517
1637
  }
1518
1638
  ],
1519
1639
  "fields": null,
@@ -1880,7 +2000,7 @@
1880
2000
  "description": null,
1881
2001
  "enumValues": [
1882
2002
  {
1883
- "deprecationReason": "use src_site_id/src_site_name instead",
2003
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1884
2004
  "description": "Name of site or user initiating the connection",
1885
2005
  "isDeprecated": true,
1886
2006
  "name": "src_site"
@@ -1904,7 +2024,7 @@
1904
2024
  "name": "user_id"
1905
2025
  },
1906
2026
  {
1907
- "deprecationReason": "use dest_site_id/dest_site_name instead",
2027
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1908
2028
  "description": "For WAN traffic, name of destination site or SDP user",
1909
2029
  "isDeprecated": true,
1910
2030
  "name": "dest_site"
@@ -1916,13 +2036,13 @@
1916
2036
  "name": "dest_site_id"
1917
2037
  },
1918
2038
  {
1919
- "deprecationReason": null,
2039
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
1920
2040
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
1921
- "isDeprecated": false,
2041
+ "isDeprecated": true,
1922
2042
  "name": "src_or_dest_site_id"
1923
2043
  },
1924
2044
  {
1925
- "deprecationReason": "use rule_name instead",
2045
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1926
2046
  "description": "Name of security rule related to the event",
1927
2047
  "isDeprecated": true,
1928
2048
  "name": "rule"
@@ -1940,7 +2060,7 @@
1940
2060
  "name": "socket_interface"
1941
2061
  },
1942
2062
  {
1943
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2063
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1944
2064
  "description": "Name for the custom category defined in the Cato Management Application",
1945
2065
  "isDeprecated": true,
1946
2066
  "name": "custom_category"
@@ -1953,7 +2073,7 @@
1953
2073
  },
1954
2074
  {
1955
2075
  "deprecationReason": null,
1956
- "description": "For Internet traffic, destination host port",
2076
+ "description": "Destination port",
1957
2077
  "isDeprecated": false,
1958
2078
  "name": "dest_port"
1959
2079
  },
@@ -2013,7 +2133,7 @@
2013
2133
  },
2014
2134
  {
2015
2135
  "deprecationReason": null,
2016
- "description": "For Internet traffic, destination host IP address",
2136
+ "description": "Destination IP address",
2017
2137
  "isDeprecated": false,
2018
2138
  "name": "dest_ip"
2019
2139
  },
@@ -2090,7 +2210,7 @@
2090
2210
  "name": "configured_host_name"
2091
2211
  },
2092
2212
  {
2093
- "deprecationReason": "use event_id instead",
2213
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
2094
2214
  "description": "Cato Internal-use only",
2095
2215
  "isDeprecated": true,
2096
2216
  "name": "internalId"
@@ -2162,9 +2282,9 @@
2162
2282
  "name": "bgp_error_code"
2163
2283
  },
2164
2284
  {
2165
- "deprecationReason": null,
2285
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
2166
2286
  "description": "Description from Cato Management Application for BGP peer",
2167
- "isDeprecated": false,
2287
+ "isDeprecated": true,
2168
2288
  "name": "bgp_peer_description"
2169
2289
  },
2170
2290
  {
@@ -2229,7 +2349,7 @@
2229
2349
  },
2230
2350
  {
2231
2351
  "deprecationReason": null,
2232
- "description": "Data that measures the latency for a specific link",
2352
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
2233
2353
  "isDeprecated": false,
2234
2354
  "name": "link_health_latency"
2235
2355
  },
@@ -2384,14 +2504,14 @@
2384
2504
  "name": "incident_id"
2385
2505
  },
2386
2506
  {
2387
- "deprecationReason": "use application_id/application_name instead",
2507
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2388
2508
  "description": "For Internet firewall, app for this event",
2389
2509
  "isDeprecated": true,
2390
2510
  "name": "application"
2391
2511
  },
2392
2512
  {
2393
2513
  "deprecationReason": null,
2394
- "description": "Application of the flow",
2514
+ "description": "The name of the application associated with the flow",
2395
2515
  "isDeprecated": false,
2396
2516
  "name": "application_name"
2397
2517
  },
@@ -2414,7 +2534,7 @@
2414
2534
  "name": "socket_interface_id"
2415
2535
  },
2416
2536
  {
2417
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2537
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2418
2538
  "description": "Unique Cato ID for the custom category",
2419
2539
  "isDeprecated": true,
2420
2540
  "name": "custom_categories"
@@ -2493,7 +2613,7 @@
2493
2613
  },
2494
2614
  {
2495
2615
  "deprecationReason": null,
2496
- "description": "For Internet traffic, destination host IP address",
2616
+ "description": "The name of the destination site",
2497
2617
  "isDeprecated": false,
2498
2618
  "name": "dest_site_name"
2499
2619
  },
@@ -2552,7 +2672,7 @@
2552
2672
  "name": "device_posture_profile"
2553
2673
  },
2554
2674
  {
2555
- "deprecationReason": "use device_posture_profile instead",
2675
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2556
2676
  "description": "Device posture profiles",
2557
2677
  "isDeprecated": true,
2558
2678
  "name": "device_posture_profiles"
@@ -2625,7 +2745,7 @@
2625
2745
  },
2626
2746
  {
2627
2747
  "deprecationReason": null,
2628
- "description": "DLP fail mode",
2748
+ "description": "Describes the behavior when the DLP system encounters a failure",
2629
2749
  "isDeprecated": false,
2630
2750
  "name": "dlp_fail_mode"
2631
2751
  },
@@ -2683,6 +2803,24 @@
2683
2803
  "isDeprecated": false,
2684
2804
  "name": "is_sinkhole"
2685
2805
  },
2806
+ {
2807
+ "deprecationReason": null,
2808
+ "description": "The ID for the endpoint",
2809
+ "isDeprecated": false,
2810
+ "name": "endpoint_id"
2811
+ },
2812
+ {
2813
+ "deprecationReason": null,
2814
+ "description": "The Endpoint Protection Engine that detected the malware",
2815
+ "isDeprecated": false,
2816
+ "name": "epp_engine_type"
2817
+ },
2818
+ {
2819
+ "deprecationReason": null,
2820
+ "description": "The file operation when this event occurred",
2821
+ "isDeprecated": false,
2822
+ "name": "file_operation"
2823
+ },
2686
2824
  {
2687
2825
  "deprecationReason": null,
2688
2826
  "description": null,
@@ -2715,7 +2853,7 @@
2715
2853
  },
2716
2854
  {
2717
2855
  "deprecationReason": null,
2718
- "description": null,
2856
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
2719
2857
  "isDeprecated": false,
2720
2858
  "name": "vendor"
2721
2859
  },
@@ -2756,19 +2894,19 @@
2756
2894
  "name": "recommended_actions"
2757
2895
  },
2758
2896
  {
2759
- "deprecationReason": "use src_pid instead",
2897
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2760
2898
  "description": null,
2761
2899
  "isDeprecated": true,
2762
2900
  "name": "pid"
2763
2901
  },
2764
2902
  {
2765
- "deprecationReason": "use src_process_parent_pid instead",
2903
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2766
2904
  "description": null,
2767
2905
  "isDeprecated": true,
2768
2906
  "name": "parent_pid"
2769
2907
  },
2770
2908
  {
2771
- "deprecationReason": "use src_process_path instead",
2909
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2772
2910
  "description": null,
2773
2911
  "isDeprecated": true,
2774
2912
  "name": "process_path"
@@ -2785,12 +2923,66 @@
2785
2923
  "isDeprecated": false,
2786
2924
  "name": "out_of_band_access"
2787
2925
  },
2926
+ {
2927
+ "deprecationReason": null,
2928
+ "description": "A Unique ID for the quarantined file",
2929
+ "isDeprecated": false,
2930
+ "name": "quarantine_uuid"
2931
+ },
2788
2932
  {
2789
2933
  "deprecationReason": null,
2790
2934
  "description": null,
2791
2935
  "isDeprecated": false,
2792
2936
  "name": "logged_in_user"
2793
2937
  },
2938
+ {
2939
+ "deprecationReason": null,
2940
+ "description": "The profile assigned to the endpoint upon detection of the malware",
2941
+ "isDeprecated": false,
2942
+ "name": "epp_profile"
2943
+ },
2944
+ {
2945
+ "deprecationReason": null,
2946
+ "description": "Source process ID",
2947
+ "isDeprecated": false,
2948
+ "name": "src_pid"
2949
+ },
2950
+ {
2951
+ "deprecationReason": null,
2952
+ "description": "Source process file path",
2953
+ "isDeprecated": false,
2954
+ "name": "src_process_path"
2955
+ },
2956
+ {
2957
+ "deprecationReason": null,
2958
+ "description": "Source process command line",
2959
+ "isDeprecated": false,
2960
+ "name": "src_process_cmdline"
2961
+ },
2962
+ {
2963
+ "deprecationReason": null,
2964
+ "description": "Source process parent process ID",
2965
+ "isDeprecated": false,
2966
+ "name": "src_process_parent_pid"
2967
+ },
2968
+ {
2969
+ "deprecationReason": null,
2970
+ "description": "Source process parent file path",
2971
+ "isDeprecated": false,
2972
+ "name": "src_process_parent_path"
2973
+ },
2974
+ {
2975
+ "deprecationReason": null,
2976
+ "description": "If policy is set to disinfect, return the result of this action",
2977
+ "isDeprecated": false,
2978
+ "name": "disinfect_result"
2979
+ },
2980
+ {
2981
+ "deprecationReason": null,
2982
+ "description": "Indicate how many processes are part of this event",
2983
+ "isDeprecated": false,
2984
+ "name": "processes_count"
2985
+ },
2794
2986
  {
2795
2987
  "deprecationReason": null,
2796
2988
  "description": "HTTP request method (ie. Get, Post)",
@@ -2865,7 +3057,7 @@
2865
3057
  },
2866
3058
  {
2867
3059
  "deprecationReason": null,
2868
- "description": "Cato App",
3060
+ "description": "Cato application name",
2869
3061
  "isDeprecated": false,
2870
3062
  "name": "cato_app"
2871
3063
  },
@@ -2919,7 +3111,7 @@
2919
3111
  },
2920
3112
  {
2921
3113
  "deprecationReason": null,
2922
- "description": "Tenant Id",
3114
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
2923
3115
  "isDeprecated": false,
2924
3116
  "name": "tenant_id"
2925
3117
  },
@@ -2979,7 +3171,7 @@
2979
3171
  },
2980
3172
  {
2981
3173
  "deprecationReason": null,
2982
- "description": "Data Classifiers",
3174
+ "description": "Defines the scanning methods used by the DLP system",
2983
3175
  "isDeprecated": false,
2984
3176
  "name": "dlp_scan_types"
2985
3177
  },
@@ -3057,7 +3249,7 @@
3057
3249
  },
3058
3250
  {
3059
3251
  "deprecationReason": null,
3060
- "description": "Used Public IP",
3252
+ "description": "Public source IP",
3061
3253
  "isDeprecated": false,
3062
3254
  "name": "public_ip"
3063
3255
  },
@@ -3228,6 +3420,54 @@
3228
3420
  "description": "Device Type",
3229
3421
  "isDeprecated": false,
3230
3422
  "name": "device_type"
3423
+ },
3424
+ {
3425
+ "deprecationReason": null,
3426
+ "description": "Tenant Restriction Rule Name",
3427
+ "isDeprecated": false,
3428
+ "name": "tenant_restriction_rule_name"
3429
+ },
3430
+ {
3431
+ "deprecationReason": null,
3432
+ "description": "Connection Origin",
3433
+ "isDeprecated": false,
3434
+ "name": "connection_origin"
3435
+ },
3436
+ {
3437
+ "deprecationReason": null,
3438
+ "description": "Translated Server IP",
3439
+ "isDeprecated": false,
3440
+ "name": "translated_server_ip"
3441
+ },
3442
+ {
3443
+ "deprecationReason": null,
3444
+ "description": "Translated Client IP",
3445
+ "isDeprecated": false,
3446
+ "name": "translated_client_ip"
3447
+ },
3448
+ {
3449
+ "deprecationReason": null,
3450
+ "description": "IoC Container Name",
3451
+ "isDeprecated": false,
3452
+ "name": "container_name"
3453
+ },
3454
+ {
3455
+ "deprecationReason": null,
3456
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
3457
+ "isDeprecated": false,
3458
+ "name": "correlation_id"
3459
+ },
3460
+ {
3461
+ "deprecationReason": null,
3462
+ "description": "Precedence",
3463
+ "isDeprecated": false,
3464
+ "name": "precedence"
3465
+ },
3466
+ {
3467
+ "deprecationReason": null,
3468
+ "description": "A list of labels providing additional context for the event",
3469
+ "isDeprecated": false,
3470
+ "name": "labels"
3231
3471
  }
3232
3472
  ],
3233
3473
  "fields": null,