catocli 1.0.19__py3-none-any.whl → 1.0.20__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (100) hide show
  1. catocli/Utils/clidriver.py +6 -0
  2. catocli/__init__.py +1 -1
  3. catocli/parsers/mutation_policy/__init__.py +174 -0
  4. catocli/parsers/mutation_policy_dynamicIpAllocation/README.md +7 -0
  5. catocli/parsers/mutation_policy_dynamicIpAllocation_addRule/README.md +18 -0
  6. catocli/parsers/mutation_policy_dynamicIpAllocation_addSection/README.md +18 -0
  7. catocli/parsers/mutation_policy_dynamicIpAllocation_createPolicyRevision/README.md +18 -0
  8. catocli/parsers/mutation_policy_dynamicIpAllocation_discardPolicyRevision/README.md +18 -0
  9. catocli/parsers/mutation_policy_dynamicIpAllocation_moveRule/README.md +18 -0
  10. catocli/parsers/mutation_policy_dynamicIpAllocation_moveSection/README.md +18 -0
  11. catocli/parsers/mutation_policy_dynamicIpAllocation_publishPolicyRevision/README.md +18 -0
  12. catocli/parsers/mutation_policy_dynamicIpAllocation_removeRule/README.md +18 -0
  13. catocli/parsers/mutation_policy_dynamicIpAllocation_removeSection/README.md +18 -0
  14. catocli/parsers/mutation_policy_dynamicIpAllocation_updatePolicy/README.md +18 -0
  15. catocli/parsers/mutation_policy_dynamicIpAllocation_updateRule/README.md +18 -0
  16. catocli/parsers/mutation_policy_dynamicIpAllocation_updateSection/README.md +18 -0
  17. catocli/parsers/mutation_sandbox/README.md +7 -0
  18. catocli/parsers/mutation_sandbox/__init__.py +37 -0
  19. catocli/parsers/mutation_sandbox_deleteReport/README.md +17 -0
  20. catocli/parsers/mutation_sandbox_uploadFile/README.md +17 -0
  21. catocli/parsers/mutation_site/__init__.py +28 -0
  22. catocli/parsers/mutation_site_addIpsecIkeV2Site/README.md +1 -1
  23. catocli/parsers/mutation_site_addIpsecIkeV2SiteTunnels/README.md +1 -1
  24. catocli/parsers/mutation_site_addSecondaryAwsVSocket/README.md +17 -0
  25. catocli/parsers/mutation_site_addSecondaryAzureVSocket/README.md +17 -0
  26. catocli/parsers/mutation_site_addSocketSite/README.md +1 -1
  27. catocli/parsers/mutation_site_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  28. catocli/parsers/mutation_site_updateSocketInterface/README.md +1 -1
  29. catocli/parsers/mutation_sites/__init__.py +28 -0
  30. catocli/parsers/mutation_sites_addIpsecIkeV2Site/README.md +1 -1
  31. catocli/parsers/mutation_sites_addIpsecIkeV2SiteTunnels/README.md +1 -1
  32. catocli/parsers/mutation_sites_addSecondaryAwsVSocket/README.md +17 -0
  33. catocli/parsers/mutation_sites_addSecondaryAzureVSocket/README.md +17 -0
  34. catocli/parsers/mutation_sites_addSocketSite/README.md +1 -1
  35. catocli/parsers/mutation_sites_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  36. catocli/parsers/mutation_sites_updateSocketInterface/README.md +1 -1
  37. catocli/parsers/mutation_xdr/README.md +7 -0
  38. catocli/parsers/mutation_xdr/__init__.py +51 -0
  39. catocli/parsers/mutation_xdr_addStoryComment/README.md +17 -0
  40. catocli/parsers/mutation_xdr_analystFeedback/README.md +18 -0
  41. catocli/parsers/mutation_xdr_deleteStoryComment/README.md +17 -0
  42. catocli/parsers/query_accountMetrics/README.md +2 -1
  43. catocli/parsers/query_appStatsTimeSeries/README.md +2 -1
  44. catocli/parsers/query_eventsFeed/README.md +1 -1
  45. catocli/parsers/query_eventsTimeSeries/README.md +2 -1
  46. catocli/parsers/query_policy/README.md +2 -1
  47. catocli/parsers/query_sandbox/README.md +17 -0
  48. catocli/parsers/query_sandbox/__init__.py +17 -0
  49. catocli/parsers/query_xdr_story/README.md +1 -1
  50. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/METADATA +1 -1
  51. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/RECORD +100 -50
  52. models/mutation.policy.dynamicIpAllocation.addRule.json +3696 -0
  53. models/mutation.policy.dynamicIpAllocation.addSection.json +1358 -0
  54. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +2175 -0
  55. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +2109 -0
  56. models/mutation.policy.dynamicIpAllocation.moveRule.json +1907 -0
  57. models/mutation.policy.dynamicIpAllocation.moveSection.json +1259 -0
  58. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +2166 -0
  59. models/mutation.policy.dynamicIpAllocation.removeRule.json +1555 -0
  60. models/mutation.policy.dynamicIpAllocation.removeSection.json +958 -0
  61. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +2185 -0
  62. models/mutation.policy.dynamicIpAllocation.updateRule.json +3374 -0
  63. models/mutation.policy.dynamicIpAllocation.updateSection.json +1111 -0
  64. models/mutation.sandbox.deleteReport.json +302 -0
  65. models/mutation.sandbox.uploadFile.json +301 -0
  66. models/mutation.site.addIpsecIkeV2Site.json +57 -0
  67. models/mutation.site.addIpsecIkeV2SiteTunnels.json +222 -0
  68. models/mutation.site.addSecondaryAwsVSocket.json +707 -0
  69. models/mutation.site.addSecondaryAzureVSocket.json +647 -0
  70. models/mutation.site.addSocketSite.json +72 -15
  71. models/mutation.site.updateIpsecIkeV2SiteTunnels.json +222 -0
  72. models/mutation.site.updateNetworkRange.json +3 -3
  73. models/mutation.site.updateSocketInterface.json +126 -18
  74. models/mutation.sites.addIpsecIkeV2Site.json +57 -0
  75. models/mutation.sites.addIpsecIkeV2SiteTunnels.json +222 -0
  76. models/mutation.sites.addSecondaryAwsVSocket.json +707 -0
  77. models/mutation.sites.addSecondaryAzureVSocket.json +647 -0
  78. models/mutation.sites.addSocketSite.json +72 -15
  79. models/mutation.sites.updateIpsecIkeV2SiteTunnels.json +222 -0
  80. models/mutation.sites.updateNetworkRange.json +3 -3
  81. models/mutation.sites.updateSocketInterface.json +126 -18
  82. models/mutation.xdr.addStoryComment.json +622 -0
  83. models/mutation.xdr.analystFeedback.json +28820 -0
  84. models/mutation.xdr.deleteStoryComment.json +622 -0
  85. models/query.accountMetrics.json +341 -0
  86. models/query.accountSnapshot.json +120 -0
  87. models/query.appStatsTimeSeries.json +37 -0
  88. models/query.auditFeed.json +292 -52
  89. models/query.events.json +1196 -236
  90. models/query.eventsFeed.json +292 -52
  91. models/query.eventsTimeSeries.json +941 -184
  92. models/query.policy.json +2047 -156
  93. models/query.sandbox.json +2047 -0
  94. models/query.xdr.stories.json +134 -4
  95. models/query.xdr.story.json +116 -4
  96. schema/catolib.py +3 -4
  97. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/LICENSE +0 -0
  98. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/WHEEL +0 -0
  99. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/entry_points.txt +0 -0
  100. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/top_level.txt +0 -0
models/query.events.json CHANGED
@@ -48,7 +48,7 @@
48
48
  "description": null,
49
49
  "enumValues": [
50
50
  {
51
- "deprecationReason": "use src_site_id/src_site_name instead",
51
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
52
52
  "description": "Name of site or user initiating the connection",
53
53
  "isDeprecated": true,
54
54
  "name": "src_site"
@@ -72,7 +72,7 @@
72
72
  "name": "user_id"
73
73
  },
74
74
  {
75
- "deprecationReason": "use dest_site_id/dest_site_name instead",
75
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
76
76
  "description": "For WAN traffic, name of destination site or SDP user",
77
77
  "isDeprecated": true,
78
78
  "name": "dest_site"
@@ -84,13 +84,13 @@
84
84
  "name": "dest_site_id"
85
85
  },
86
86
  {
87
- "deprecationReason": null,
87
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
88
88
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
89
- "isDeprecated": false,
89
+ "isDeprecated": true,
90
90
  "name": "src_or_dest_site_id"
91
91
  },
92
92
  {
93
- "deprecationReason": "use rule_name instead",
93
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
94
94
  "description": "Name of security rule related to the event",
95
95
  "isDeprecated": true,
96
96
  "name": "rule"
@@ -108,7 +108,7 @@
108
108
  "name": "socket_interface"
109
109
  },
110
110
  {
111
- "deprecationReason": "use custom_category_id/custom_category_name instead",
111
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
112
112
  "description": "Name for the custom category defined in the Cato Management Application",
113
113
  "isDeprecated": true,
114
114
  "name": "custom_category"
@@ -121,7 +121,7 @@
121
121
  },
122
122
  {
123
123
  "deprecationReason": null,
124
- "description": "For Internet traffic, destination host port",
124
+ "description": "Destination port",
125
125
  "isDeprecated": false,
126
126
  "name": "dest_port"
127
127
  },
@@ -181,7 +181,7 @@
181
181
  },
182
182
  {
183
183
  "deprecationReason": null,
184
- "description": "For Internet traffic, destination host IP address",
184
+ "description": "Destination IP address",
185
185
  "isDeprecated": false,
186
186
  "name": "dest_ip"
187
187
  },
@@ -258,7 +258,7 @@
258
258
  "name": "configured_host_name"
259
259
  },
260
260
  {
261
- "deprecationReason": "use event_id instead",
261
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
262
262
  "description": "Cato Internal-use only",
263
263
  "isDeprecated": true,
264
264
  "name": "internalId"
@@ -330,9 +330,9 @@
330
330
  "name": "bgp_error_code"
331
331
  },
332
332
  {
333
- "deprecationReason": null,
333
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
334
334
  "description": "Description from Cato Management Application for BGP peer",
335
- "isDeprecated": false,
335
+ "isDeprecated": true,
336
336
  "name": "bgp_peer_description"
337
337
  },
338
338
  {
@@ -397,7 +397,7 @@
397
397
  },
398
398
  {
399
399
  "deprecationReason": null,
400
- "description": "Data that measures the latency for a specific link",
400
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
401
401
  "isDeprecated": false,
402
402
  "name": "link_health_latency"
403
403
  },
@@ -552,14 +552,14 @@
552
552
  "name": "incident_id"
553
553
  },
554
554
  {
555
- "deprecationReason": "use application_id/application_name instead",
555
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
556
556
  "description": "For Internet firewall, app for this event",
557
557
  "isDeprecated": true,
558
558
  "name": "application"
559
559
  },
560
560
  {
561
561
  "deprecationReason": null,
562
- "description": "Application of the flow",
562
+ "description": "The name of the application associated with the flow",
563
563
  "isDeprecated": false,
564
564
  "name": "application_name"
565
565
  },
@@ -582,7 +582,7 @@
582
582
  "name": "socket_interface_id"
583
583
  },
584
584
  {
585
- "deprecationReason": "use custom_category_id/custom_category_name instead",
585
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
586
586
  "description": "Unique Cato ID for the custom category",
587
587
  "isDeprecated": true,
588
588
  "name": "custom_categories"
@@ -661,7 +661,7 @@
661
661
  },
662
662
  {
663
663
  "deprecationReason": null,
664
- "description": "For Internet traffic, destination host IP address",
664
+ "description": "The name of the destination site",
665
665
  "isDeprecated": false,
666
666
  "name": "dest_site_name"
667
667
  },
@@ -720,7 +720,7 @@
720
720
  "name": "device_posture_profile"
721
721
  },
722
722
  {
723
- "deprecationReason": "use device_posture_profile instead",
723
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
724
724
  "description": "Device posture profiles",
725
725
  "isDeprecated": true,
726
726
  "name": "device_posture_profiles"
@@ -793,7 +793,7 @@
793
793
  },
794
794
  {
795
795
  "deprecationReason": null,
796
- "description": "DLP fail mode",
796
+ "description": "Describes the behavior when the DLP system encounters a failure",
797
797
  "isDeprecated": false,
798
798
  "name": "dlp_fail_mode"
799
799
  },
@@ -851,6 +851,24 @@
851
851
  "isDeprecated": false,
852
852
  "name": "is_sinkhole"
853
853
  },
854
+ {
855
+ "deprecationReason": null,
856
+ "description": "The ID for the endpoint",
857
+ "isDeprecated": false,
858
+ "name": "endpoint_id"
859
+ },
860
+ {
861
+ "deprecationReason": null,
862
+ "description": "The Endpoint Protection Engine that detected the malware",
863
+ "isDeprecated": false,
864
+ "name": "epp_engine_type"
865
+ },
866
+ {
867
+ "deprecationReason": null,
868
+ "description": "The file operation when this event occurred",
869
+ "isDeprecated": false,
870
+ "name": "file_operation"
871
+ },
854
872
  {
855
873
  "deprecationReason": null,
856
874
  "description": null,
@@ -883,7 +901,7 @@
883
901
  },
884
902
  {
885
903
  "deprecationReason": null,
886
- "description": null,
904
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
887
905
  "isDeprecated": false,
888
906
  "name": "vendor"
889
907
  },
@@ -924,19 +942,19 @@
924
942
  "name": "recommended_actions"
925
943
  },
926
944
  {
927
- "deprecationReason": "use src_pid instead",
945
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
928
946
  "description": null,
929
947
  "isDeprecated": true,
930
948
  "name": "pid"
931
949
  },
932
950
  {
933
- "deprecationReason": "use src_process_parent_pid instead",
951
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
934
952
  "description": null,
935
953
  "isDeprecated": true,
936
954
  "name": "parent_pid"
937
955
  },
938
956
  {
939
- "deprecationReason": "use src_process_path instead",
957
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
940
958
  "description": null,
941
959
  "isDeprecated": true,
942
960
  "name": "process_path"
@@ -953,12 +971,66 @@
953
971
  "isDeprecated": false,
954
972
  "name": "out_of_band_access"
955
973
  },
974
+ {
975
+ "deprecationReason": null,
976
+ "description": "A Unique ID for the quarantined file",
977
+ "isDeprecated": false,
978
+ "name": "quarantine_uuid"
979
+ },
956
980
  {
957
981
  "deprecationReason": null,
958
982
  "description": null,
959
983
  "isDeprecated": false,
960
984
  "name": "logged_in_user"
961
985
  },
986
+ {
987
+ "deprecationReason": null,
988
+ "description": "The profile assigned to the endpoint upon detection of the malware",
989
+ "isDeprecated": false,
990
+ "name": "epp_profile"
991
+ },
992
+ {
993
+ "deprecationReason": null,
994
+ "description": "Source process ID",
995
+ "isDeprecated": false,
996
+ "name": "src_pid"
997
+ },
998
+ {
999
+ "deprecationReason": null,
1000
+ "description": "Source process file path",
1001
+ "isDeprecated": false,
1002
+ "name": "src_process_path"
1003
+ },
1004
+ {
1005
+ "deprecationReason": null,
1006
+ "description": "Source process command line",
1007
+ "isDeprecated": false,
1008
+ "name": "src_process_cmdline"
1009
+ },
1010
+ {
1011
+ "deprecationReason": null,
1012
+ "description": "Source process parent process ID",
1013
+ "isDeprecated": false,
1014
+ "name": "src_process_parent_pid"
1015
+ },
1016
+ {
1017
+ "deprecationReason": null,
1018
+ "description": "Source process parent file path",
1019
+ "isDeprecated": false,
1020
+ "name": "src_process_parent_path"
1021
+ },
1022
+ {
1023
+ "deprecationReason": null,
1024
+ "description": "If policy is set to disinfect, return the result of this action",
1025
+ "isDeprecated": false,
1026
+ "name": "disinfect_result"
1027
+ },
1028
+ {
1029
+ "deprecationReason": null,
1030
+ "description": "Indicate how many processes are part of this event",
1031
+ "isDeprecated": false,
1032
+ "name": "processes_count"
1033
+ },
962
1034
  {
963
1035
  "deprecationReason": null,
964
1036
  "description": "HTTP request method (ie. Get, Post)",
@@ -1033,7 +1105,7 @@
1033
1105
  },
1034
1106
  {
1035
1107
  "deprecationReason": null,
1036
- "description": "Cato App",
1108
+ "description": "Cato application name",
1037
1109
  "isDeprecated": false,
1038
1110
  "name": "cato_app"
1039
1111
  },
@@ -1087,7 +1159,7 @@
1087
1159
  },
1088
1160
  {
1089
1161
  "deprecationReason": null,
1090
- "description": "Tenant Id",
1162
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1091
1163
  "isDeprecated": false,
1092
1164
  "name": "tenant_id"
1093
1165
  },
@@ -1147,7 +1219,7 @@
1147
1219
  },
1148
1220
  {
1149
1221
  "deprecationReason": null,
1150
- "description": "Data Classifiers",
1222
+ "description": "Defines the scanning methods used by the DLP system",
1151
1223
  "isDeprecated": false,
1152
1224
  "name": "dlp_scan_types"
1153
1225
  },
@@ -1225,7 +1297,7 @@
1225
1297
  },
1226
1298
  {
1227
1299
  "deprecationReason": null,
1228
- "description": "Used Public IP",
1300
+ "description": "Public source IP",
1229
1301
  "isDeprecated": false,
1230
1302
  "name": "public_ip"
1231
1303
  },
@@ -1396,6 +1468,54 @@
1396
1468
  "description": "Device Type",
1397
1469
  "isDeprecated": false,
1398
1470
  "name": "device_type"
1471
+ },
1472
+ {
1473
+ "deprecationReason": null,
1474
+ "description": "Tenant Restriction Rule Name",
1475
+ "isDeprecated": false,
1476
+ "name": "tenant_restriction_rule_name"
1477
+ },
1478
+ {
1479
+ "deprecationReason": null,
1480
+ "description": "Connection Origin",
1481
+ "isDeprecated": false,
1482
+ "name": "connection_origin"
1483
+ },
1484
+ {
1485
+ "deprecationReason": null,
1486
+ "description": "Translated Server IP",
1487
+ "isDeprecated": false,
1488
+ "name": "translated_server_ip"
1489
+ },
1490
+ {
1491
+ "deprecationReason": null,
1492
+ "description": "Translated Client IP",
1493
+ "isDeprecated": false,
1494
+ "name": "translated_client_ip"
1495
+ },
1496
+ {
1497
+ "deprecationReason": null,
1498
+ "description": "IoC Container Name",
1499
+ "isDeprecated": false,
1500
+ "name": "container_name"
1501
+ },
1502
+ {
1503
+ "deprecationReason": null,
1504
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1505
+ "isDeprecated": false,
1506
+ "name": "correlation_id"
1507
+ },
1508
+ {
1509
+ "deprecationReason": null,
1510
+ "description": "Precedence",
1511
+ "isDeprecated": false,
1512
+ "name": "precedence"
1513
+ },
1514
+ {
1515
+ "deprecationReason": null,
1516
+ "description": "A list of labels providing additional context for the event",
1517
+ "isDeprecated": false,
1518
+ "name": "labels"
1399
1519
  }
1400
1520
  ],
1401
1521
  "fields": null,
@@ -1460,7 +1580,7 @@
1460
1580
  "description": null,
1461
1581
  "enumValues": [
1462
1582
  {
1463
- "deprecationReason": "use src_site_id/src_site_name instead",
1583
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1464
1584
  "description": "Name of site or user initiating the connection",
1465
1585
  "isDeprecated": true,
1466
1586
  "name": "src_site"
@@ -1484,7 +1604,7 @@
1484
1604
  "name": "user_id"
1485
1605
  },
1486
1606
  {
1487
- "deprecationReason": "use dest_site_id/dest_site_name instead",
1607
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1488
1608
  "description": "For WAN traffic, name of destination site or SDP user",
1489
1609
  "isDeprecated": true,
1490
1610
  "name": "dest_site"
@@ -1496,13 +1616,13 @@
1496
1616
  "name": "dest_site_id"
1497
1617
  },
1498
1618
  {
1499
- "deprecationReason": null,
1619
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
1500
1620
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
1501
- "isDeprecated": false,
1621
+ "isDeprecated": true,
1502
1622
  "name": "src_or_dest_site_id"
1503
1623
  },
1504
1624
  {
1505
- "deprecationReason": "use rule_name instead",
1625
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1506
1626
  "description": "Name of security rule related to the event",
1507
1627
  "isDeprecated": true,
1508
1628
  "name": "rule"
@@ -1520,7 +1640,7 @@
1520
1640
  "name": "socket_interface"
1521
1641
  },
1522
1642
  {
1523
- "deprecationReason": "use custom_category_id/custom_category_name instead",
1643
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1524
1644
  "description": "Name for the custom category defined in the Cato Management Application",
1525
1645
  "isDeprecated": true,
1526
1646
  "name": "custom_category"
@@ -1533,7 +1653,7 @@
1533
1653
  },
1534
1654
  {
1535
1655
  "deprecationReason": null,
1536
- "description": "For Internet traffic, destination host port",
1656
+ "description": "Destination port",
1537
1657
  "isDeprecated": false,
1538
1658
  "name": "dest_port"
1539
1659
  },
@@ -1593,7 +1713,7 @@
1593
1713
  },
1594
1714
  {
1595
1715
  "deprecationReason": null,
1596
- "description": "For Internet traffic, destination host IP address",
1716
+ "description": "Destination IP address",
1597
1717
  "isDeprecated": false,
1598
1718
  "name": "dest_ip"
1599
1719
  },
@@ -1670,7 +1790,7 @@
1670
1790
  "name": "configured_host_name"
1671
1791
  },
1672
1792
  {
1673
- "deprecationReason": "use event_id instead",
1793
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
1674
1794
  "description": "Cato Internal-use only",
1675
1795
  "isDeprecated": true,
1676
1796
  "name": "internalId"
@@ -1742,9 +1862,9 @@
1742
1862
  "name": "bgp_error_code"
1743
1863
  },
1744
1864
  {
1745
- "deprecationReason": null,
1865
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
1746
1866
  "description": "Description from Cato Management Application for BGP peer",
1747
- "isDeprecated": false,
1867
+ "isDeprecated": true,
1748
1868
  "name": "bgp_peer_description"
1749
1869
  },
1750
1870
  {
@@ -1809,7 +1929,7 @@
1809
1929
  },
1810
1930
  {
1811
1931
  "deprecationReason": null,
1812
- "description": "Data that measures the latency for a specific link",
1932
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
1813
1933
  "isDeprecated": false,
1814
1934
  "name": "link_health_latency"
1815
1935
  },
@@ -1964,14 +2084,14 @@
1964
2084
  "name": "incident_id"
1965
2085
  },
1966
2086
  {
1967
- "deprecationReason": "use application_id/application_name instead",
2087
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1968
2088
  "description": "For Internet firewall, app for this event",
1969
2089
  "isDeprecated": true,
1970
2090
  "name": "application"
1971
2091
  },
1972
2092
  {
1973
2093
  "deprecationReason": null,
1974
- "description": "Application of the flow",
2094
+ "description": "The name of the application associated with the flow",
1975
2095
  "isDeprecated": false,
1976
2096
  "name": "application_name"
1977
2097
  },
@@ -1994,7 +2114,7 @@
1994
2114
  "name": "socket_interface_id"
1995
2115
  },
1996
2116
  {
1997
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2117
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1998
2118
  "description": "Unique Cato ID for the custom category",
1999
2119
  "isDeprecated": true,
2000
2120
  "name": "custom_categories"
@@ -2073,7 +2193,7 @@
2073
2193
  },
2074
2194
  {
2075
2195
  "deprecationReason": null,
2076
- "description": "For Internet traffic, destination host IP address",
2196
+ "description": "The name of the destination site",
2077
2197
  "isDeprecated": false,
2078
2198
  "name": "dest_site_name"
2079
2199
  },
@@ -2132,7 +2252,7 @@
2132
2252
  "name": "device_posture_profile"
2133
2253
  },
2134
2254
  {
2135
- "deprecationReason": "use device_posture_profile instead",
2255
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2136
2256
  "description": "Device posture profiles",
2137
2257
  "isDeprecated": true,
2138
2258
  "name": "device_posture_profiles"
@@ -2205,7 +2325,7 @@
2205
2325
  },
2206
2326
  {
2207
2327
  "deprecationReason": null,
2208
- "description": "DLP fail mode",
2328
+ "description": "Describes the behavior when the DLP system encounters a failure",
2209
2329
  "isDeprecated": false,
2210
2330
  "name": "dlp_fail_mode"
2211
2331
  },
@@ -2263,6 +2383,24 @@
2263
2383
  "isDeprecated": false,
2264
2384
  "name": "is_sinkhole"
2265
2385
  },
2386
+ {
2387
+ "deprecationReason": null,
2388
+ "description": "The ID for the endpoint",
2389
+ "isDeprecated": false,
2390
+ "name": "endpoint_id"
2391
+ },
2392
+ {
2393
+ "deprecationReason": null,
2394
+ "description": "The Endpoint Protection Engine that detected the malware",
2395
+ "isDeprecated": false,
2396
+ "name": "epp_engine_type"
2397
+ },
2398
+ {
2399
+ "deprecationReason": null,
2400
+ "description": "The file operation when this event occurred",
2401
+ "isDeprecated": false,
2402
+ "name": "file_operation"
2403
+ },
2266
2404
  {
2267
2405
  "deprecationReason": null,
2268
2406
  "description": null,
@@ -2295,7 +2433,7 @@
2295
2433
  },
2296
2434
  {
2297
2435
  "deprecationReason": null,
2298
- "description": null,
2436
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
2299
2437
  "isDeprecated": false,
2300
2438
  "name": "vendor"
2301
2439
  },
@@ -2336,19 +2474,19 @@
2336
2474
  "name": "recommended_actions"
2337
2475
  },
2338
2476
  {
2339
- "deprecationReason": "use src_pid instead",
2477
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2340
2478
  "description": null,
2341
2479
  "isDeprecated": true,
2342
2480
  "name": "pid"
2343
2481
  },
2344
2482
  {
2345
- "deprecationReason": "use src_process_parent_pid instead",
2483
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2346
2484
  "description": null,
2347
2485
  "isDeprecated": true,
2348
2486
  "name": "parent_pid"
2349
2487
  },
2350
2488
  {
2351
- "deprecationReason": "use src_process_path instead",
2489
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2352
2490
  "description": null,
2353
2491
  "isDeprecated": true,
2354
2492
  "name": "process_path"
@@ -2365,12 +2503,66 @@
2365
2503
  "isDeprecated": false,
2366
2504
  "name": "out_of_band_access"
2367
2505
  },
2506
+ {
2507
+ "deprecationReason": null,
2508
+ "description": "A Unique ID for the quarantined file",
2509
+ "isDeprecated": false,
2510
+ "name": "quarantine_uuid"
2511
+ },
2368
2512
  {
2369
2513
  "deprecationReason": null,
2370
2514
  "description": null,
2371
2515
  "isDeprecated": false,
2372
2516
  "name": "logged_in_user"
2373
2517
  },
2518
+ {
2519
+ "deprecationReason": null,
2520
+ "description": "The profile assigned to the endpoint upon detection of the malware",
2521
+ "isDeprecated": false,
2522
+ "name": "epp_profile"
2523
+ },
2524
+ {
2525
+ "deprecationReason": null,
2526
+ "description": "Source process ID",
2527
+ "isDeprecated": false,
2528
+ "name": "src_pid"
2529
+ },
2530
+ {
2531
+ "deprecationReason": null,
2532
+ "description": "Source process file path",
2533
+ "isDeprecated": false,
2534
+ "name": "src_process_path"
2535
+ },
2536
+ {
2537
+ "deprecationReason": null,
2538
+ "description": "Source process command line",
2539
+ "isDeprecated": false,
2540
+ "name": "src_process_cmdline"
2541
+ },
2542
+ {
2543
+ "deprecationReason": null,
2544
+ "description": "Source process parent process ID",
2545
+ "isDeprecated": false,
2546
+ "name": "src_process_parent_pid"
2547
+ },
2548
+ {
2549
+ "deprecationReason": null,
2550
+ "description": "Source process parent file path",
2551
+ "isDeprecated": false,
2552
+ "name": "src_process_parent_path"
2553
+ },
2554
+ {
2555
+ "deprecationReason": null,
2556
+ "description": "If policy is set to disinfect, return the result of this action",
2557
+ "isDeprecated": false,
2558
+ "name": "disinfect_result"
2559
+ },
2560
+ {
2561
+ "deprecationReason": null,
2562
+ "description": "Indicate how many processes are part of this event",
2563
+ "isDeprecated": false,
2564
+ "name": "processes_count"
2565
+ },
2374
2566
  {
2375
2567
  "deprecationReason": null,
2376
2568
  "description": "HTTP request method (ie. Get, Post)",
@@ -2445,7 +2637,7 @@
2445
2637
  },
2446
2638
  {
2447
2639
  "deprecationReason": null,
2448
- "description": "Cato App",
2640
+ "description": "Cato application name",
2449
2641
  "isDeprecated": false,
2450
2642
  "name": "cato_app"
2451
2643
  },
@@ -2499,7 +2691,7 @@
2499
2691
  },
2500
2692
  {
2501
2693
  "deprecationReason": null,
2502
- "description": "Tenant Id",
2694
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
2503
2695
  "isDeprecated": false,
2504
2696
  "name": "tenant_id"
2505
2697
  },
@@ -2559,7 +2751,7 @@
2559
2751
  },
2560
2752
  {
2561
2753
  "deprecationReason": null,
2562
- "description": "Data Classifiers",
2754
+ "description": "Defines the scanning methods used by the DLP system",
2563
2755
  "isDeprecated": false,
2564
2756
  "name": "dlp_scan_types"
2565
2757
  },
@@ -2637,7 +2829,7 @@
2637
2829
  },
2638
2830
  {
2639
2831
  "deprecationReason": null,
2640
- "description": "Used Public IP",
2832
+ "description": "Public source IP",
2641
2833
  "isDeprecated": false,
2642
2834
  "name": "public_ip"
2643
2835
  },
@@ -2808,6 +3000,54 @@
2808
3000
  "description": "Device Type",
2809
3001
  "isDeprecated": false,
2810
3002
  "name": "device_type"
3003
+ },
3004
+ {
3005
+ "deprecationReason": null,
3006
+ "description": "Tenant Restriction Rule Name",
3007
+ "isDeprecated": false,
3008
+ "name": "tenant_restriction_rule_name"
3009
+ },
3010
+ {
3011
+ "deprecationReason": null,
3012
+ "description": "Connection Origin",
3013
+ "isDeprecated": false,
3014
+ "name": "connection_origin"
3015
+ },
3016
+ {
3017
+ "deprecationReason": null,
3018
+ "description": "Translated Server IP",
3019
+ "isDeprecated": false,
3020
+ "name": "translated_server_ip"
3021
+ },
3022
+ {
3023
+ "deprecationReason": null,
3024
+ "description": "Translated Client IP",
3025
+ "isDeprecated": false,
3026
+ "name": "translated_client_ip"
3027
+ },
3028
+ {
3029
+ "deprecationReason": null,
3030
+ "description": "IoC Container Name",
3031
+ "isDeprecated": false,
3032
+ "name": "container_name"
3033
+ },
3034
+ {
3035
+ "deprecationReason": null,
3036
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
3037
+ "isDeprecated": false,
3038
+ "name": "correlation_id"
3039
+ },
3040
+ {
3041
+ "deprecationReason": null,
3042
+ "description": "Precedence",
3043
+ "isDeprecated": false,
3044
+ "name": "precedence"
3045
+ },
3046
+ {
3047
+ "deprecationReason": null,
3048
+ "description": "A list of labels providing additional context for the event",
3049
+ "isDeprecated": false,
3050
+ "name": "labels"
2811
3051
  }
2812
3052
  ],
2813
3053
  "fields": null,
@@ -3088,7 +3328,7 @@
3088
3328
  "description": null,
3089
3329
  "enumValues": [
3090
3330
  {
3091
- "deprecationReason": "use src_site_id/src_site_name instead",
3331
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3092
3332
  "description": "Name of site or user initiating the connection",
3093
3333
  "isDeprecated": true,
3094
3334
  "name": "src_site"
@@ -3112,7 +3352,7 @@
3112
3352
  "name": "user_id"
3113
3353
  },
3114
3354
  {
3115
- "deprecationReason": "use dest_site_id/dest_site_name instead",
3355
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3116
3356
  "description": "For WAN traffic, name of destination site or SDP user",
3117
3357
  "isDeprecated": true,
3118
3358
  "name": "dest_site"
@@ -3124,13 +3364,13 @@
3124
3364
  "name": "dest_site_id"
3125
3365
  },
3126
3366
  {
3127
- "deprecationReason": null,
3367
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
3128
3368
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
3129
- "isDeprecated": false,
3369
+ "isDeprecated": true,
3130
3370
  "name": "src_or_dest_site_id"
3131
3371
  },
3132
3372
  {
3133
- "deprecationReason": "use rule_name instead",
3373
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3134
3374
  "description": "Name of security rule related to the event",
3135
3375
  "isDeprecated": true,
3136
3376
  "name": "rule"
@@ -3148,7 +3388,7 @@
3148
3388
  "name": "socket_interface"
3149
3389
  },
3150
3390
  {
3151
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3391
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3152
3392
  "description": "Name for the custom category defined in the Cato Management Application",
3153
3393
  "isDeprecated": true,
3154
3394
  "name": "custom_category"
@@ -3161,7 +3401,7 @@
3161
3401
  },
3162
3402
  {
3163
3403
  "deprecationReason": null,
3164
- "description": "For Internet traffic, destination host port",
3404
+ "description": "Destination port",
3165
3405
  "isDeprecated": false,
3166
3406
  "name": "dest_port"
3167
3407
  },
@@ -3221,7 +3461,7 @@
3221
3461
  },
3222
3462
  {
3223
3463
  "deprecationReason": null,
3224
- "description": "For Internet traffic, destination host IP address",
3464
+ "description": "Destination IP address",
3225
3465
  "isDeprecated": false,
3226
3466
  "name": "dest_ip"
3227
3467
  },
@@ -3298,7 +3538,7 @@
3298
3538
  "name": "configured_host_name"
3299
3539
  },
3300
3540
  {
3301
- "deprecationReason": "use event_id instead",
3541
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
3302
3542
  "description": "Cato Internal-use only",
3303
3543
  "isDeprecated": true,
3304
3544
  "name": "internalId"
@@ -3370,9 +3610,9 @@
3370
3610
  "name": "bgp_error_code"
3371
3611
  },
3372
3612
  {
3373
- "deprecationReason": null,
3613
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
3374
3614
  "description": "Description from Cato Management Application for BGP peer",
3375
- "isDeprecated": false,
3615
+ "isDeprecated": true,
3376
3616
  "name": "bgp_peer_description"
3377
3617
  },
3378
3618
  {
@@ -3437,7 +3677,7 @@
3437
3677
  },
3438
3678
  {
3439
3679
  "deprecationReason": null,
3440
- "description": "Data that measures the latency for a specific link",
3680
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
3441
3681
  "isDeprecated": false,
3442
3682
  "name": "link_health_latency"
3443
3683
  },
@@ -3592,14 +3832,14 @@
3592
3832
  "name": "incident_id"
3593
3833
  },
3594
3834
  {
3595
- "deprecationReason": "use application_id/application_name instead",
3835
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3596
3836
  "description": "For Internet firewall, app for this event",
3597
3837
  "isDeprecated": true,
3598
3838
  "name": "application"
3599
3839
  },
3600
3840
  {
3601
3841
  "deprecationReason": null,
3602
- "description": "Application of the flow",
3842
+ "description": "The name of the application associated with the flow",
3603
3843
  "isDeprecated": false,
3604
3844
  "name": "application_name"
3605
3845
  },
@@ -3622,7 +3862,7 @@
3622
3862
  "name": "socket_interface_id"
3623
3863
  },
3624
3864
  {
3625
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3865
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3626
3866
  "description": "Unique Cato ID for the custom category",
3627
3867
  "isDeprecated": true,
3628
3868
  "name": "custom_categories"
@@ -3701,7 +3941,7 @@
3701
3941
  },
3702
3942
  {
3703
3943
  "deprecationReason": null,
3704
- "description": "For Internet traffic, destination host IP address",
3944
+ "description": "The name of the destination site",
3705
3945
  "isDeprecated": false,
3706
3946
  "name": "dest_site_name"
3707
3947
  },
@@ -3760,7 +4000,7 @@
3760
4000
  "name": "device_posture_profile"
3761
4001
  },
3762
4002
  {
3763
- "deprecationReason": "use device_posture_profile instead",
4003
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
3764
4004
  "description": "Device posture profiles",
3765
4005
  "isDeprecated": true,
3766
4006
  "name": "device_posture_profiles"
@@ -3833,7 +4073,7 @@
3833
4073
  },
3834
4074
  {
3835
4075
  "deprecationReason": null,
3836
- "description": "DLP fail mode",
4076
+ "description": "Describes the behavior when the DLP system encounters a failure",
3837
4077
  "isDeprecated": false,
3838
4078
  "name": "dlp_fail_mode"
3839
4079
  },
@@ -3891,6 +4131,24 @@
3891
4131
  "isDeprecated": false,
3892
4132
  "name": "is_sinkhole"
3893
4133
  },
4134
+ {
4135
+ "deprecationReason": null,
4136
+ "description": "The ID for the endpoint",
4137
+ "isDeprecated": false,
4138
+ "name": "endpoint_id"
4139
+ },
4140
+ {
4141
+ "deprecationReason": null,
4142
+ "description": "The Endpoint Protection Engine that detected the malware",
4143
+ "isDeprecated": false,
4144
+ "name": "epp_engine_type"
4145
+ },
4146
+ {
4147
+ "deprecationReason": null,
4148
+ "description": "The file operation when this event occurred",
4149
+ "isDeprecated": false,
4150
+ "name": "file_operation"
4151
+ },
3894
4152
  {
3895
4153
  "deprecationReason": null,
3896
4154
  "description": null,
@@ -3923,7 +4181,7 @@
3923
4181
  },
3924
4182
  {
3925
4183
  "deprecationReason": null,
3926
- "description": null,
4184
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
3927
4185
  "isDeprecated": false,
3928
4186
  "name": "vendor"
3929
4187
  },
@@ -3964,19 +4222,19 @@
3964
4222
  "name": "recommended_actions"
3965
4223
  },
3966
4224
  {
3967
- "deprecationReason": "use src_pid instead",
4225
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3968
4226
  "description": null,
3969
4227
  "isDeprecated": true,
3970
4228
  "name": "pid"
3971
4229
  },
3972
4230
  {
3973
- "deprecationReason": "use src_process_parent_pid instead",
4231
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3974
4232
  "description": null,
3975
4233
  "isDeprecated": true,
3976
4234
  "name": "parent_pid"
3977
4235
  },
3978
4236
  {
3979
- "deprecationReason": "use src_process_path instead",
4237
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
3980
4238
  "description": null,
3981
4239
  "isDeprecated": true,
3982
4240
  "name": "process_path"
@@ -3993,12 +4251,66 @@
3993
4251
  "isDeprecated": false,
3994
4252
  "name": "out_of_band_access"
3995
4253
  },
4254
+ {
4255
+ "deprecationReason": null,
4256
+ "description": "A Unique ID for the quarantined file",
4257
+ "isDeprecated": false,
4258
+ "name": "quarantine_uuid"
4259
+ },
3996
4260
  {
3997
4261
  "deprecationReason": null,
3998
4262
  "description": null,
3999
4263
  "isDeprecated": false,
4000
4264
  "name": "logged_in_user"
4001
4265
  },
4266
+ {
4267
+ "deprecationReason": null,
4268
+ "description": "The profile assigned to the endpoint upon detection of the malware",
4269
+ "isDeprecated": false,
4270
+ "name": "epp_profile"
4271
+ },
4272
+ {
4273
+ "deprecationReason": null,
4274
+ "description": "Source process ID",
4275
+ "isDeprecated": false,
4276
+ "name": "src_pid"
4277
+ },
4278
+ {
4279
+ "deprecationReason": null,
4280
+ "description": "Source process file path",
4281
+ "isDeprecated": false,
4282
+ "name": "src_process_path"
4283
+ },
4284
+ {
4285
+ "deprecationReason": null,
4286
+ "description": "Source process command line",
4287
+ "isDeprecated": false,
4288
+ "name": "src_process_cmdline"
4289
+ },
4290
+ {
4291
+ "deprecationReason": null,
4292
+ "description": "Source process parent process ID",
4293
+ "isDeprecated": false,
4294
+ "name": "src_process_parent_pid"
4295
+ },
4296
+ {
4297
+ "deprecationReason": null,
4298
+ "description": "Source process parent file path",
4299
+ "isDeprecated": false,
4300
+ "name": "src_process_parent_path"
4301
+ },
4302
+ {
4303
+ "deprecationReason": null,
4304
+ "description": "If policy is set to disinfect, return the result of this action",
4305
+ "isDeprecated": false,
4306
+ "name": "disinfect_result"
4307
+ },
4308
+ {
4309
+ "deprecationReason": null,
4310
+ "description": "Indicate how many processes are part of this event",
4311
+ "isDeprecated": false,
4312
+ "name": "processes_count"
4313
+ },
4002
4314
  {
4003
4315
  "deprecationReason": null,
4004
4316
  "description": "HTTP request method (ie. Get, Post)",
@@ -4073,7 +4385,7 @@
4073
4385
  },
4074
4386
  {
4075
4387
  "deprecationReason": null,
4076
- "description": "Cato App",
4388
+ "description": "Cato application name",
4077
4389
  "isDeprecated": false,
4078
4390
  "name": "cato_app"
4079
4391
  },
@@ -4127,7 +4439,7 @@
4127
4439
  },
4128
4440
  {
4129
4441
  "deprecationReason": null,
4130
- "description": "Tenant Id",
4442
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
4131
4443
  "isDeprecated": false,
4132
4444
  "name": "tenant_id"
4133
4445
  },
@@ -4187,7 +4499,7 @@
4187
4499
  },
4188
4500
  {
4189
4501
  "deprecationReason": null,
4190
- "description": "Data Classifiers",
4502
+ "description": "Defines the scanning methods used by the DLP system",
4191
4503
  "isDeprecated": false,
4192
4504
  "name": "dlp_scan_types"
4193
4505
  },
@@ -4265,7 +4577,7 @@
4265
4577
  },
4266
4578
  {
4267
4579
  "deprecationReason": null,
4268
- "description": "Used Public IP",
4580
+ "description": "Public source IP",
4269
4581
  "isDeprecated": false,
4270
4582
  "name": "public_ip"
4271
4583
  },
@@ -4436,33 +4748,81 @@
4436
4748
  "description": "Device Type",
4437
4749
  "isDeprecated": false,
4438
4750
  "name": "device_type"
4439
- }
4440
- ],
4441
- "fields": null,
4442
- "inputFields": null,
4443
- "interfaces": null,
4444
- "kind": "ENUM",
4445
- "name": "EventFieldName",
4446
- "possibleTypes": null
4447
- },
4448
- "indexType": "enum",
4449
- "kind": [
4450
- "NON_NULL",
4451
- "ENUM"
4452
- ],
4453
- "name": "EventFieldName",
4454
- "non_null": false
4455
- },
4456
- "varName": "fieldName"
4457
- },
4458
- "trend": {
4459
- "defaultValue": null,
4460
- "description": null,
4461
- "id_str": "measures___trend",
4462
- "name": "trend",
4463
- "path": "measures.trend",
4464
- "requestStr": "$trend:Boolean ",
4465
- "required": false,
4751
+ },
4752
+ {
4753
+ "deprecationReason": null,
4754
+ "description": "Tenant Restriction Rule Name",
4755
+ "isDeprecated": false,
4756
+ "name": "tenant_restriction_rule_name"
4757
+ },
4758
+ {
4759
+ "deprecationReason": null,
4760
+ "description": "Connection Origin",
4761
+ "isDeprecated": false,
4762
+ "name": "connection_origin"
4763
+ },
4764
+ {
4765
+ "deprecationReason": null,
4766
+ "description": "Translated Server IP",
4767
+ "isDeprecated": false,
4768
+ "name": "translated_server_ip"
4769
+ },
4770
+ {
4771
+ "deprecationReason": null,
4772
+ "description": "Translated Client IP",
4773
+ "isDeprecated": false,
4774
+ "name": "translated_client_ip"
4775
+ },
4776
+ {
4777
+ "deprecationReason": null,
4778
+ "description": "IoC Container Name",
4779
+ "isDeprecated": false,
4780
+ "name": "container_name"
4781
+ },
4782
+ {
4783
+ "deprecationReason": null,
4784
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
4785
+ "isDeprecated": false,
4786
+ "name": "correlation_id"
4787
+ },
4788
+ {
4789
+ "deprecationReason": null,
4790
+ "description": "Precedence",
4791
+ "isDeprecated": false,
4792
+ "name": "precedence"
4793
+ },
4794
+ {
4795
+ "deprecationReason": null,
4796
+ "description": "A list of labels providing additional context for the event",
4797
+ "isDeprecated": false,
4798
+ "name": "labels"
4799
+ }
4800
+ ],
4801
+ "fields": null,
4802
+ "inputFields": null,
4803
+ "interfaces": null,
4804
+ "kind": "ENUM",
4805
+ "name": "EventFieldName",
4806
+ "possibleTypes": null
4807
+ },
4808
+ "indexType": "enum",
4809
+ "kind": [
4810
+ "NON_NULL",
4811
+ "ENUM"
4812
+ ],
4813
+ "name": "EventFieldName",
4814
+ "non_null": false
4815
+ },
4816
+ "varName": "fieldName"
4817
+ },
4818
+ "trend": {
4819
+ "defaultValue": null,
4820
+ "description": null,
4821
+ "id_str": "measures___trend",
4822
+ "name": "trend",
4823
+ "path": "measures.trend",
4824
+ "requestStr": "$trend:Boolean ",
4825
+ "required": false,
4466
4826
  "responseStr": "trend:$trend ",
4467
4827
  "type": {
4468
4828
  "kind": [
@@ -4518,7 +4878,7 @@
4518
4878
  "description": null,
4519
4879
  "enumValues": [
4520
4880
  {
4521
- "deprecationReason": "use src_site_id/src_site_name instead",
4881
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4522
4882
  "description": "Name of site or user initiating the connection",
4523
4883
  "isDeprecated": true,
4524
4884
  "name": "src_site"
@@ -4542,7 +4902,7 @@
4542
4902
  "name": "user_id"
4543
4903
  },
4544
4904
  {
4545
- "deprecationReason": "use dest_site_id/dest_site_name instead",
4905
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4546
4906
  "description": "For WAN traffic, name of destination site or SDP user",
4547
4907
  "isDeprecated": true,
4548
4908
  "name": "dest_site"
@@ -4554,13 +4914,13 @@
4554
4914
  "name": "dest_site_id"
4555
4915
  },
4556
4916
  {
4557
- "deprecationReason": null,
4917
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
4558
4918
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
4559
- "isDeprecated": false,
4919
+ "isDeprecated": true,
4560
4920
  "name": "src_or_dest_site_id"
4561
4921
  },
4562
4922
  {
4563
- "deprecationReason": "use rule_name instead",
4923
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4564
4924
  "description": "Name of security rule related to the event",
4565
4925
  "isDeprecated": true,
4566
4926
  "name": "rule"
@@ -4578,7 +4938,7 @@
4578
4938
  "name": "socket_interface"
4579
4939
  },
4580
4940
  {
4581
- "deprecationReason": "use custom_category_id/custom_category_name instead",
4941
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4582
4942
  "description": "Name for the custom category defined in the Cato Management Application",
4583
4943
  "isDeprecated": true,
4584
4944
  "name": "custom_category"
@@ -4591,7 +4951,7 @@
4591
4951
  },
4592
4952
  {
4593
4953
  "deprecationReason": null,
4594
- "description": "For Internet traffic, destination host port",
4954
+ "description": "Destination port",
4595
4955
  "isDeprecated": false,
4596
4956
  "name": "dest_port"
4597
4957
  },
@@ -4651,7 +5011,7 @@
4651
5011
  },
4652
5012
  {
4653
5013
  "deprecationReason": null,
4654
- "description": "For Internet traffic, destination host IP address",
5014
+ "description": "Destination IP address",
4655
5015
  "isDeprecated": false,
4656
5016
  "name": "dest_ip"
4657
5017
  },
@@ -4728,7 +5088,7 @@
4728
5088
  "name": "configured_host_name"
4729
5089
  },
4730
5090
  {
4731
- "deprecationReason": "use event_id instead",
5091
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
4732
5092
  "description": "Cato Internal-use only",
4733
5093
  "isDeprecated": true,
4734
5094
  "name": "internalId"
@@ -4800,9 +5160,9 @@
4800
5160
  "name": "bgp_error_code"
4801
5161
  },
4802
5162
  {
4803
- "deprecationReason": null,
5163
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
4804
5164
  "description": "Description from Cato Management Application for BGP peer",
4805
- "isDeprecated": false,
5165
+ "isDeprecated": true,
4806
5166
  "name": "bgp_peer_description"
4807
5167
  },
4808
5168
  {
@@ -4867,7 +5227,7 @@
4867
5227
  },
4868
5228
  {
4869
5229
  "deprecationReason": null,
4870
- "description": "Data that measures the latency for a specific link",
5230
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
4871
5231
  "isDeprecated": false,
4872
5232
  "name": "link_health_latency"
4873
5233
  },
@@ -5022,14 +5382,14 @@
5022
5382
  "name": "incident_id"
5023
5383
  },
5024
5384
  {
5025
- "deprecationReason": "use application_id/application_name instead",
5385
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5026
5386
  "description": "For Internet firewall, app for this event",
5027
5387
  "isDeprecated": true,
5028
5388
  "name": "application"
5029
5389
  },
5030
5390
  {
5031
5391
  "deprecationReason": null,
5032
- "description": "Application of the flow",
5392
+ "description": "The name of the application associated with the flow",
5033
5393
  "isDeprecated": false,
5034
5394
  "name": "application_name"
5035
5395
  },
@@ -5052,7 +5412,7 @@
5052
5412
  "name": "socket_interface_id"
5053
5413
  },
5054
5414
  {
5055
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5415
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5056
5416
  "description": "Unique Cato ID for the custom category",
5057
5417
  "isDeprecated": true,
5058
5418
  "name": "custom_categories"
@@ -5131,7 +5491,7 @@
5131
5491
  },
5132
5492
  {
5133
5493
  "deprecationReason": null,
5134
- "description": "For Internet traffic, destination host IP address",
5494
+ "description": "The name of the destination site",
5135
5495
  "isDeprecated": false,
5136
5496
  "name": "dest_site_name"
5137
5497
  },
@@ -5190,7 +5550,7 @@
5190
5550
  "name": "device_posture_profile"
5191
5551
  },
5192
5552
  {
5193
- "deprecationReason": "use device_posture_profile instead",
5553
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
5194
5554
  "description": "Device posture profiles",
5195
5555
  "isDeprecated": true,
5196
5556
  "name": "device_posture_profiles"
@@ -5263,7 +5623,7 @@
5263
5623
  },
5264
5624
  {
5265
5625
  "deprecationReason": null,
5266
- "description": "DLP fail mode",
5626
+ "description": "Describes the behavior when the DLP system encounters a failure",
5267
5627
  "isDeprecated": false,
5268
5628
  "name": "dlp_fail_mode"
5269
5629
  },
@@ -5321,6 +5681,24 @@
5321
5681
  "isDeprecated": false,
5322
5682
  "name": "is_sinkhole"
5323
5683
  },
5684
+ {
5685
+ "deprecationReason": null,
5686
+ "description": "The ID for the endpoint",
5687
+ "isDeprecated": false,
5688
+ "name": "endpoint_id"
5689
+ },
5690
+ {
5691
+ "deprecationReason": null,
5692
+ "description": "The Endpoint Protection Engine that detected the malware",
5693
+ "isDeprecated": false,
5694
+ "name": "epp_engine_type"
5695
+ },
5696
+ {
5697
+ "deprecationReason": null,
5698
+ "description": "The file operation when this event occurred",
5699
+ "isDeprecated": false,
5700
+ "name": "file_operation"
5701
+ },
5324
5702
  {
5325
5703
  "deprecationReason": null,
5326
5704
  "description": null,
@@ -5353,7 +5731,7 @@
5353
5731
  },
5354
5732
  {
5355
5733
  "deprecationReason": null,
5356
- "description": null,
5734
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
5357
5735
  "isDeprecated": false,
5358
5736
  "name": "vendor"
5359
5737
  },
@@ -5394,19 +5772,19 @@
5394
5772
  "name": "recommended_actions"
5395
5773
  },
5396
5774
  {
5397
- "deprecationReason": "use src_pid instead",
5775
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5398
5776
  "description": null,
5399
5777
  "isDeprecated": true,
5400
5778
  "name": "pid"
5401
5779
  },
5402
5780
  {
5403
- "deprecationReason": "use src_process_parent_pid instead",
5781
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5404
5782
  "description": null,
5405
5783
  "isDeprecated": true,
5406
5784
  "name": "parent_pid"
5407
5785
  },
5408
5786
  {
5409
- "deprecationReason": "use src_process_path instead",
5787
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
5410
5788
  "description": null,
5411
5789
  "isDeprecated": true,
5412
5790
  "name": "process_path"
@@ -5423,12 +5801,66 @@
5423
5801
  "isDeprecated": false,
5424
5802
  "name": "out_of_band_access"
5425
5803
  },
5804
+ {
5805
+ "deprecationReason": null,
5806
+ "description": "A Unique ID for the quarantined file",
5807
+ "isDeprecated": false,
5808
+ "name": "quarantine_uuid"
5809
+ },
5426
5810
  {
5427
5811
  "deprecationReason": null,
5428
5812
  "description": null,
5429
5813
  "isDeprecated": false,
5430
5814
  "name": "logged_in_user"
5431
5815
  },
5816
+ {
5817
+ "deprecationReason": null,
5818
+ "description": "The profile assigned to the endpoint upon detection of the malware",
5819
+ "isDeprecated": false,
5820
+ "name": "epp_profile"
5821
+ },
5822
+ {
5823
+ "deprecationReason": null,
5824
+ "description": "Source process ID",
5825
+ "isDeprecated": false,
5826
+ "name": "src_pid"
5827
+ },
5828
+ {
5829
+ "deprecationReason": null,
5830
+ "description": "Source process file path",
5831
+ "isDeprecated": false,
5832
+ "name": "src_process_path"
5833
+ },
5834
+ {
5835
+ "deprecationReason": null,
5836
+ "description": "Source process command line",
5837
+ "isDeprecated": false,
5838
+ "name": "src_process_cmdline"
5839
+ },
5840
+ {
5841
+ "deprecationReason": null,
5842
+ "description": "Source process parent process ID",
5843
+ "isDeprecated": false,
5844
+ "name": "src_process_parent_pid"
5845
+ },
5846
+ {
5847
+ "deprecationReason": null,
5848
+ "description": "Source process parent file path",
5849
+ "isDeprecated": false,
5850
+ "name": "src_process_parent_path"
5851
+ },
5852
+ {
5853
+ "deprecationReason": null,
5854
+ "description": "If policy is set to disinfect, return the result of this action",
5855
+ "isDeprecated": false,
5856
+ "name": "disinfect_result"
5857
+ },
5858
+ {
5859
+ "deprecationReason": null,
5860
+ "description": "Indicate how many processes are part of this event",
5861
+ "isDeprecated": false,
5862
+ "name": "processes_count"
5863
+ },
5432
5864
  {
5433
5865
  "deprecationReason": null,
5434
5866
  "description": "HTTP request method (ie. Get, Post)",
@@ -5503,7 +5935,7 @@
5503
5935
  },
5504
5936
  {
5505
5937
  "deprecationReason": null,
5506
- "description": "Cato App",
5938
+ "description": "Cato application name",
5507
5939
  "isDeprecated": false,
5508
5940
  "name": "cato_app"
5509
5941
  },
@@ -5557,7 +5989,7 @@
5557
5989
  },
5558
5990
  {
5559
5991
  "deprecationReason": null,
5560
- "description": "Tenant Id",
5992
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
5561
5993
  "isDeprecated": false,
5562
5994
  "name": "tenant_id"
5563
5995
  },
@@ -5617,7 +6049,7 @@
5617
6049
  },
5618
6050
  {
5619
6051
  "deprecationReason": null,
5620
- "description": "Data Classifiers",
6052
+ "description": "Defines the scanning methods used by the DLP system",
5621
6053
  "isDeprecated": false,
5622
6054
  "name": "dlp_scan_types"
5623
6055
  },
@@ -5695,7 +6127,7 @@
5695
6127
  },
5696
6128
  {
5697
6129
  "deprecationReason": null,
5698
- "description": "Used Public IP",
6130
+ "description": "Public source IP",
5699
6131
  "isDeprecated": false,
5700
6132
  "name": "public_ip"
5701
6133
  },
@@ -5866,6 +6298,54 @@
5866
6298
  "description": "Device Type",
5867
6299
  "isDeprecated": false,
5868
6300
  "name": "device_type"
6301
+ },
6302
+ {
6303
+ "deprecationReason": null,
6304
+ "description": "Tenant Restriction Rule Name",
6305
+ "isDeprecated": false,
6306
+ "name": "tenant_restriction_rule_name"
6307
+ },
6308
+ {
6309
+ "deprecationReason": null,
6310
+ "description": "Connection Origin",
6311
+ "isDeprecated": false,
6312
+ "name": "connection_origin"
6313
+ },
6314
+ {
6315
+ "deprecationReason": null,
6316
+ "description": "Translated Server IP",
6317
+ "isDeprecated": false,
6318
+ "name": "translated_server_ip"
6319
+ },
6320
+ {
6321
+ "deprecationReason": null,
6322
+ "description": "Translated Client IP",
6323
+ "isDeprecated": false,
6324
+ "name": "translated_client_ip"
6325
+ },
6326
+ {
6327
+ "deprecationReason": null,
6328
+ "description": "IoC Container Name",
6329
+ "isDeprecated": false,
6330
+ "name": "container_name"
6331
+ },
6332
+ {
6333
+ "deprecationReason": null,
6334
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
6335
+ "isDeprecated": false,
6336
+ "name": "correlation_id"
6337
+ },
6338
+ {
6339
+ "deprecationReason": null,
6340
+ "description": "Precedence",
6341
+ "isDeprecated": false,
6342
+ "name": "precedence"
6343
+ },
6344
+ {
6345
+ "deprecationReason": null,
6346
+ "description": "A list of labels providing additional context for the event",
6347
+ "isDeprecated": false,
6348
+ "name": "labels"
5869
6349
  }
5870
6350
  ],
5871
6351
  "fields": null,
@@ -5966,7 +6446,7 @@
5966
6446
  }
5967
6447
  },
5968
6448
  "deprecationReason": null,
5969
- "description": "BETA",
6449
+ "description": null,
5970
6450
  "fieldTypes": {
5971
6451
  "EventsRecord": true
5972
6452
  },
@@ -6021,7 +6501,7 @@
6021
6501
  "description": null,
6022
6502
  "enumValues": [
6023
6503
  {
6024
- "deprecationReason": "use src_site_id/src_site_name instead",
6504
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6025
6505
  "description": "Name of site or user initiating the connection",
6026
6506
  "isDeprecated": true,
6027
6507
  "name": "src_site"
@@ -6045,7 +6525,7 @@
6045
6525
  "name": "user_id"
6046
6526
  },
6047
6527
  {
6048
- "deprecationReason": "use dest_site_id/dest_site_name instead",
6528
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6049
6529
  "description": "For WAN traffic, name of destination site or SDP user",
6050
6530
  "isDeprecated": true,
6051
6531
  "name": "dest_site"
@@ -6057,13 +6537,13 @@
6057
6537
  "name": "dest_site_id"
6058
6538
  },
6059
6539
  {
6060
- "deprecationReason": null,
6540
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
6061
6541
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
6062
- "isDeprecated": false,
6542
+ "isDeprecated": true,
6063
6543
  "name": "src_or_dest_site_id"
6064
6544
  },
6065
6545
  {
6066
- "deprecationReason": "use rule_name instead",
6546
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6067
6547
  "description": "Name of security rule related to the event",
6068
6548
  "isDeprecated": true,
6069
6549
  "name": "rule"
@@ -6081,7 +6561,7 @@
6081
6561
  "name": "socket_interface"
6082
6562
  },
6083
6563
  {
6084
- "deprecationReason": "use custom_category_id/custom_category_name instead",
6564
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6085
6565
  "description": "Name for the custom category defined in the Cato Management Application",
6086
6566
  "isDeprecated": true,
6087
6567
  "name": "custom_category"
@@ -6094,7 +6574,7 @@
6094
6574
  },
6095
6575
  {
6096
6576
  "deprecationReason": null,
6097
- "description": "For Internet traffic, destination host port",
6577
+ "description": "Destination port",
6098
6578
  "isDeprecated": false,
6099
6579
  "name": "dest_port"
6100
6580
  },
@@ -6154,7 +6634,7 @@
6154
6634
  },
6155
6635
  {
6156
6636
  "deprecationReason": null,
6157
- "description": "For Internet traffic, destination host IP address",
6637
+ "description": "Destination IP address",
6158
6638
  "isDeprecated": false,
6159
6639
  "name": "dest_ip"
6160
6640
  },
@@ -6231,7 +6711,7 @@
6231
6711
  "name": "configured_host_name"
6232
6712
  },
6233
6713
  {
6234
- "deprecationReason": "use event_id instead",
6714
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
6235
6715
  "description": "Cato Internal-use only",
6236
6716
  "isDeprecated": true,
6237
6717
  "name": "internalId"
@@ -6303,9 +6783,9 @@
6303
6783
  "name": "bgp_error_code"
6304
6784
  },
6305
6785
  {
6306
- "deprecationReason": null,
6786
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
6307
6787
  "description": "Description from Cato Management Application for BGP peer",
6308
- "isDeprecated": false,
6788
+ "isDeprecated": true,
6309
6789
  "name": "bgp_peer_description"
6310
6790
  },
6311
6791
  {
@@ -6370,7 +6850,7 @@
6370
6850
  },
6371
6851
  {
6372
6852
  "deprecationReason": null,
6373
- "description": "Data that measures the latency for a specific link",
6853
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
6374
6854
  "isDeprecated": false,
6375
6855
  "name": "link_health_latency"
6376
6856
  },
@@ -6525,14 +7005,14 @@
6525
7005
  "name": "incident_id"
6526
7006
  },
6527
7007
  {
6528
- "deprecationReason": "use application_id/application_name instead",
7008
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6529
7009
  "description": "For Internet firewall, app for this event",
6530
7010
  "isDeprecated": true,
6531
7011
  "name": "application"
6532
7012
  },
6533
7013
  {
6534
7014
  "deprecationReason": null,
6535
- "description": "Application of the flow",
7015
+ "description": "The name of the application associated with the flow",
6536
7016
  "isDeprecated": false,
6537
7017
  "name": "application_name"
6538
7018
  },
@@ -6555,7 +7035,7 @@
6555
7035
  "name": "socket_interface_id"
6556
7036
  },
6557
7037
  {
6558
- "deprecationReason": "use custom_category_id/custom_category_name instead",
7038
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6559
7039
  "description": "Unique Cato ID for the custom category",
6560
7040
  "isDeprecated": true,
6561
7041
  "name": "custom_categories"
@@ -6634,7 +7114,7 @@
6634
7114
  },
6635
7115
  {
6636
7116
  "deprecationReason": null,
6637
- "description": "For Internet traffic, destination host IP address",
7117
+ "description": "The name of the destination site",
6638
7118
  "isDeprecated": false,
6639
7119
  "name": "dest_site_name"
6640
7120
  },
@@ -6693,7 +7173,7 @@
6693
7173
  "name": "device_posture_profile"
6694
7174
  },
6695
7175
  {
6696
- "deprecationReason": "use device_posture_profile instead",
7176
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
6697
7177
  "description": "Device posture profiles",
6698
7178
  "isDeprecated": true,
6699
7179
  "name": "device_posture_profiles"
@@ -6766,7 +7246,7 @@
6766
7246
  },
6767
7247
  {
6768
7248
  "deprecationReason": null,
6769
- "description": "DLP fail mode",
7249
+ "description": "Describes the behavior when the DLP system encounters a failure",
6770
7250
  "isDeprecated": false,
6771
7251
  "name": "dlp_fail_mode"
6772
7252
  },
@@ -6824,6 +7304,24 @@
6824
7304
  "isDeprecated": false,
6825
7305
  "name": "is_sinkhole"
6826
7306
  },
7307
+ {
7308
+ "deprecationReason": null,
7309
+ "description": "The ID for the endpoint",
7310
+ "isDeprecated": false,
7311
+ "name": "endpoint_id"
7312
+ },
7313
+ {
7314
+ "deprecationReason": null,
7315
+ "description": "The Endpoint Protection Engine that detected the malware",
7316
+ "isDeprecated": false,
7317
+ "name": "epp_engine_type"
7318
+ },
7319
+ {
7320
+ "deprecationReason": null,
7321
+ "description": "The file operation when this event occurred",
7322
+ "isDeprecated": false,
7323
+ "name": "file_operation"
7324
+ },
6827
7325
  {
6828
7326
  "deprecationReason": null,
6829
7327
  "description": null,
@@ -6856,7 +7354,7 @@
6856
7354
  },
6857
7355
  {
6858
7356
  "deprecationReason": null,
6859
- "description": null,
7357
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
6860
7358
  "isDeprecated": false,
6861
7359
  "name": "vendor"
6862
7360
  },
@@ -6897,19 +7395,19 @@
6897
7395
  "name": "recommended_actions"
6898
7396
  },
6899
7397
  {
6900
- "deprecationReason": "use src_pid instead",
7398
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6901
7399
  "description": null,
6902
7400
  "isDeprecated": true,
6903
7401
  "name": "pid"
6904
7402
  },
6905
7403
  {
6906
- "deprecationReason": "use src_process_parent_pid instead",
7404
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6907
7405
  "description": null,
6908
7406
  "isDeprecated": true,
6909
7407
  "name": "parent_pid"
6910
7408
  },
6911
7409
  {
6912
- "deprecationReason": "use src_process_path instead",
7410
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
6913
7411
  "description": null,
6914
7412
  "isDeprecated": true,
6915
7413
  "name": "process_path"
@@ -6926,12 +7424,66 @@
6926
7424
  "isDeprecated": false,
6927
7425
  "name": "out_of_band_access"
6928
7426
  },
7427
+ {
7428
+ "deprecationReason": null,
7429
+ "description": "A Unique ID for the quarantined file",
7430
+ "isDeprecated": false,
7431
+ "name": "quarantine_uuid"
7432
+ },
6929
7433
  {
6930
7434
  "deprecationReason": null,
6931
7435
  "description": null,
6932
7436
  "isDeprecated": false,
6933
7437
  "name": "logged_in_user"
6934
7438
  },
7439
+ {
7440
+ "deprecationReason": null,
7441
+ "description": "The profile assigned to the endpoint upon detection of the malware",
7442
+ "isDeprecated": false,
7443
+ "name": "epp_profile"
7444
+ },
7445
+ {
7446
+ "deprecationReason": null,
7447
+ "description": "Source process ID",
7448
+ "isDeprecated": false,
7449
+ "name": "src_pid"
7450
+ },
7451
+ {
7452
+ "deprecationReason": null,
7453
+ "description": "Source process file path",
7454
+ "isDeprecated": false,
7455
+ "name": "src_process_path"
7456
+ },
7457
+ {
7458
+ "deprecationReason": null,
7459
+ "description": "Source process command line",
7460
+ "isDeprecated": false,
7461
+ "name": "src_process_cmdline"
7462
+ },
7463
+ {
7464
+ "deprecationReason": null,
7465
+ "description": "Source process parent process ID",
7466
+ "isDeprecated": false,
7467
+ "name": "src_process_parent_pid"
7468
+ },
7469
+ {
7470
+ "deprecationReason": null,
7471
+ "description": "Source process parent file path",
7472
+ "isDeprecated": false,
7473
+ "name": "src_process_parent_path"
7474
+ },
7475
+ {
7476
+ "deprecationReason": null,
7477
+ "description": "If policy is set to disinfect, return the result of this action",
7478
+ "isDeprecated": false,
7479
+ "name": "disinfect_result"
7480
+ },
7481
+ {
7482
+ "deprecationReason": null,
7483
+ "description": "Indicate how many processes are part of this event",
7484
+ "isDeprecated": false,
7485
+ "name": "processes_count"
7486
+ },
6935
7487
  {
6936
7488
  "deprecationReason": null,
6937
7489
  "description": "HTTP request method (ie. Get, Post)",
@@ -7006,7 +7558,7 @@
7006
7558
  },
7007
7559
  {
7008
7560
  "deprecationReason": null,
7009
- "description": "Cato App",
7561
+ "description": "Cato application name",
7010
7562
  "isDeprecated": false,
7011
7563
  "name": "cato_app"
7012
7564
  },
@@ -7060,7 +7612,7 @@
7060
7612
  },
7061
7613
  {
7062
7614
  "deprecationReason": null,
7063
- "description": "Tenant Id",
7615
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
7064
7616
  "isDeprecated": false,
7065
7617
  "name": "tenant_id"
7066
7618
  },
@@ -7120,7 +7672,7 @@
7120
7672
  },
7121
7673
  {
7122
7674
  "deprecationReason": null,
7123
- "description": "Data Classifiers",
7675
+ "description": "Defines the scanning methods used by the DLP system",
7124
7676
  "isDeprecated": false,
7125
7677
  "name": "dlp_scan_types"
7126
7678
  },
@@ -7198,7 +7750,7 @@
7198
7750
  },
7199
7751
  {
7200
7752
  "deprecationReason": null,
7201
- "description": "Used Public IP",
7753
+ "description": "Public source IP",
7202
7754
  "isDeprecated": false,
7203
7755
  "name": "public_ip"
7204
7756
  },
@@ -7369,6 +7921,54 @@
7369
7921
  "description": "Device Type",
7370
7922
  "isDeprecated": false,
7371
7923
  "name": "device_type"
7924
+ },
7925
+ {
7926
+ "deprecationReason": null,
7927
+ "description": "Tenant Restriction Rule Name",
7928
+ "isDeprecated": false,
7929
+ "name": "tenant_restriction_rule_name"
7930
+ },
7931
+ {
7932
+ "deprecationReason": null,
7933
+ "description": "Connection Origin",
7934
+ "isDeprecated": false,
7935
+ "name": "connection_origin"
7936
+ },
7937
+ {
7938
+ "deprecationReason": null,
7939
+ "description": "Translated Server IP",
7940
+ "isDeprecated": false,
7941
+ "name": "translated_server_ip"
7942
+ },
7943
+ {
7944
+ "deprecationReason": null,
7945
+ "description": "Translated Client IP",
7946
+ "isDeprecated": false,
7947
+ "name": "translated_client_ip"
7948
+ },
7949
+ {
7950
+ "deprecationReason": null,
7951
+ "description": "IoC Container Name",
7952
+ "isDeprecated": false,
7953
+ "name": "container_name"
7954
+ },
7955
+ {
7956
+ "deprecationReason": null,
7957
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
7958
+ "isDeprecated": false,
7959
+ "name": "correlation_id"
7960
+ },
7961
+ {
7962
+ "deprecationReason": null,
7963
+ "description": "Precedence",
7964
+ "isDeprecated": false,
7965
+ "name": "precedence"
7966
+ },
7967
+ {
7968
+ "deprecationReason": null,
7969
+ "description": "A list of labels providing additional context for the event",
7970
+ "isDeprecated": false,
7971
+ "name": "labels"
7372
7972
  }
7373
7973
  ],
7374
7974
  "fields": null,
@@ -7433,7 +8033,7 @@
7433
8033
  "description": null,
7434
8034
  "enumValues": [
7435
8035
  {
7436
- "deprecationReason": "use src_site_id/src_site_name instead",
8036
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7437
8037
  "description": "Name of site or user initiating the connection",
7438
8038
  "isDeprecated": true,
7439
8039
  "name": "src_site"
@@ -7457,7 +8057,7 @@
7457
8057
  "name": "user_id"
7458
8058
  },
7459
8059
  {
7460
- "deprecationReason": "use dest_site_id/dest_site_name instead",
8060
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7461
8061
  "description": "For WAN traffic, name of destination site or SDP user",
7462
8062
  "isDeprecated": true,
7463
8063
  "name": "dest_site"
@@ -7469,13 +8069,13 @@
7469
8069
  "name": "dest_site_id"
7470
8070
  },
7471
8071
  {
7472
- "deprecationReason": null,
8072
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
7473
8073
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
7474
- "isDeprecated": false,
8074
+ "isDeprecated": true,
7475
8075
  "name": "src_or_dest_site_id"
7476
8076
  },
7477
8077
  {
7478
- "deprecationReason": "use rule_name instead",
8078
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7479
8079
  "description": "Name of security rule related to the event",
7480
8080
  "isDeprecated": true,
7481
8081
  "name": "rule"
@@ -7493,7 +8093,7 @@
7493
8093
  "name": "socket_interface"
7494
8094
  },
7495
8095
  {
7496
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8096
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7497
8097
  "description": "Name for the custom category defined in the Cato Management Application",
7498
8098
  "isDeprecated": true,
7499
8099
  "name": "custom_category"
@@ -7506,7 +8106,7 @@
7506
8106
  },
7507
8107
  {
7508
8108
  "deprecationReason": null,
7509
- "description": "For Internet traffic, destination host port",
8109
+ "description": "Destination port",
7510
8110
  "isDeprecated": false,
7511
8111
  "name": "dest_port"
7512
8112
  },
@@ -7566,7 +8166,7 @@
7566
8166
  },
7567
8167
  {
7568
8168
  "deprecationReason": null,
7569
- "description": "For Internet traffic, destination host IP address",
8169
+ "description": "Destination IP address",
7570
8170
  "isDeprecated": false,
7571
8171
  "name": "dest_ip"
7572
8172
  },
@@ -7643,7 +8243,7 @@
7643
8243
  "name": "configured_host_name"
7644
8244
  },
7645
8245
  {
7646
- "deprecationReason": "use event_id instead",
8246
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
7647
8247
  "description": "Cato Internal-use only",
7648
8248
  "isDeprecated": true,
7649
8249
  "name": "internalId"
@@ -7715,9 +8315,9 @@
7715
8315
  "name": "bgp_error_code"
7716
8316
  },
7717
8317
  {
7718
- "deprecationReason": null,
8318
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
7719
8319
  "description": "Description from Cato Management Application for BGP peer",
7720
- "isDeprecated": false,
8320
+ "isDeprecated": true,
7721
8321
  "name": "bgp_peer_description"
7722
8322
  },
7723
8323
  {
@@ -7782,7 +8382,7 @@
7782
8382
  },
7783
8383
  {
7784
8384
  "deprecationReason": null,
7785
- "description": "Data that measures the latency for a specific link",
8385
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
7786
8386
  "isDeprecated": false,
7787
8387
  "name": "link_health_latency"
7788
8388
  },
@@ -7937,14 +8537,14 @@
7937
8537
  "name": "incident_id"
7938
8538
  },
7939
8539
  {
7940
- "deprecationReason": "use application_id/application_name instead",
8540
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7941
8541
  "description": "For Internet firewall, app for this event",
7942
8542
  "isDeprecated": true,
7943
8543
  "name": "application"
7944
8544
  },
7945
8545
  {
7946
8546
  "deprecationReason": null,
7947
- "description": "Application of the flow",
8547
+ "description": "The name of the application associated with the flow",
7948
8548
  "isDeprecated": false,
7949
8549
  "name": "application_name"
7950
8550
  },
@@ -7967,7 +8567,7 @@
7967
8567
  "name": "socket_interface_id"
7968
8568
  },
7969
8569
  {
7970
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8570
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7971
8571
  "description": "Unique Cato ID for the custom category",
7972
8572
  "isDeprecated": true,
7973
8573
  "name": "custom_categories"
@@ -8046,7 +8646,7 @@
8046
8646
  },
8047
8647
  {
8048
8648
  "deprecationReason": null,
8049
- "description": "For Internet traffic, destination host IP address",
8649
+ "description": "The name of the destination site",
8050
8650
  "isDeprecated": false,
8051
8651
  "name": "dest_site_name"
8052
8652
  },
@@ -8105,7 +8705,7 @@
8105
8705
  "name": "device_posture_profile"
8106
8706
  },
8107
8707
  {
8108
- "deprecationReason": "use device_posture_profile instead",
8708
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
8109
8709
  "description": "Device posture profiles",
8110
8710
  "isDeprecated": true,
8111
8711
  "name": "device_posture_profiles"
@@ -8178,7 +8778,7 @@
8178
8778
  },
8179
8779
  {
8180
8780
  "deprecationReason": null,
8181
- "description": "DLP fail mode",
8781
+ "description": "Describes the behavior when the DLP system encounters a failure",
8182
8782
  "isDeprecated": false,
8183
8783
  "name": "dlp_fail_mode"
8184
8784
  },
@@ -8236,6 +8836,24 @@
8236
8836
  "isDeprecated": false,
8237
8837
  "name": "is_sinkhole"
8238
8838
  },
8839
+ {
8840
+ "deprecationReason": null,
8841
+ "description": "The ID for the endpoint",
8842
+ "isDeprecated": false,
8843
+ "name": "endpoint_id"
8844
+ },
8845
+ {
8846
+ "deprecationReason": null,
8847
+ "description": "The Endpoint Protection Engine that detected the malware",
8848
+ "isDeprecated": false,
8849
+ "name": "epp_engine_type"
8850
+ },
8851
+ {
8852
+ "deprecationReason": null,
8853
+ "description": "The file operation when this event occurred",
8854
+ "isDeprecated": false,
8855
+ "name": "file_operation"
8856
+ },
8239
8857
  {
8240
8858
  "deprecationReason": null,
8241
8859
  "description": null,
@@ -8268,7 +8886,7 @@
8268
8886
  },
8269
8887
  {
8270
8888
  "deprecationReason": null,
8271
- "description": null,
8889
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
8272
8890
  "isDeprecated": false,
8273
8891
  "name": "vendor"
8274
8892
  },
@@ -8309,19 +8927,19 @@
8309
8927
  "name": "recommended_actions"
8310
8928
  },
8311
8929
  {
8312
- "deprecationReason": "use src_pid instead",
8930
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8313
8931
  "description": null,
8314
8932
  "isDeprecated": true,
8315
8933
  "name": "pid"
8316
8934
  },
8317
8935
  {
8318
- "deprecationReason": "use src_process_parent_pid instead",
8936
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8319
8937
  "description": null,
8320
8938
  "isDeprecated": true,
8321
8939
  "name": "parent_pid"
8322
8940
  },
8323
8941
  {
8324
- "deprecationReason": "use src_process_path instead",
8942
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
8325
8943
  "description": null,
8326
8944
  "isDeprecated": true,
8327
8945
  "name": "process_path"
@@ -8338,12 +8956,66 @@
8338
8956
  "isDeprecated": false,
8339
8957
  "name": "out_of_band_access"
8340
8958
  },
8959
+ {
8960
+ "deprecationReason": null,
8961
+ "description": "A Unique ID for the quarantined file",
8962
+ "isDeprecated": false,
8963
+ "name": "quarantine_uuid"
8964
+ },
8341
8965
  {
8342
8966
  "deprecationReason": null,
8343
8967
  "description": null,
8344
8968
  "isDeprecated": false,
8345
8969
  "name": "logged_in_user"
8346
8970
  },
8971
+ {
8972
+ "deprecationReason": null,
8973
+ "description": "The profile assigned to the endpoint upon detection of the malware",
8974
+ "isDeprecated": false,
8975
+ "name": "epp_profile"
8976
+ },
8977
+ {
8978
+ "deprecationReason": null,
8979
+ "description": "Source process ID",
8980
+ "isDeprecated": false,
8981
+ "name": "src_pid"
8982
+ },
8983
+ {
8984
+ "deprecationReason": null,
8985
+ "description": "Source process file path",
8986
+ "isDeprecated": false,
8987
+ "name": "src_process_path"
8988
+ },
8989
+ {
8990
+ "deprecationReason": null,
8991
+ "description": "Source process command line",
8992
+ "isDeprecated": false,
8993
+ "name": "src_process_cmdline"
8994
+ },
8995
+ {
8996
+ "deprecationReason": null,
8997
+ "description": "Source process parent process ID",
8998
+ "isDeprecated": false,
8999
+ "name": "src_process_parent_pid"
9000
+ },
9001
+ {
9002
+ "deprecationReason": null,
9003
+ "description": "Source process parent file path",
9004
+ "isDeprecated": false,
9005
+ "name": "src_process_parent_path"
9006
+ },
9007
+ {
9008
+ "deprecationReason": null,
9009
+ "description": "If policy is set to disinfect, return the result of this action",
9010
+ "isDeprecated": false,
9011
+ "name": "disinfect_result"
9012
+ },
9013
+ {
9014
+ "deprecationReason": null,
9015
+ "description": "Indicate how many processes are part of this event",
9016
+ "isDeprecated": false,
9017
+ "name": "processes_count"
9018
+ },
8347
9019
  {
8348
9020
  "deprecationReason": null,
8349
9021
  "description": "HTTP request method (ie. Get, Post)",
@@ -8418,7 +9090,7 @@
8418
9090
  },
8419
9091
  {
8420
9092
  "deprecationReason": null,
8421
- "description": "Cato App",
9093
+ "description": "Cato application name",
8422
9094
  "isDeprecated": false,
8423
9095
  "name": "cato_app"
8424
9096
  },
@@ -8472,7 +9144,7 @@
8472
9144
  },
8473
9145
  {
8474
9146
  "deprecationReason": null,
8475
- "description": "Tenant Id",
9147
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
8476
9148
  "isDeprecated": false,
8477
9149
  "name": "tenant_id"
8478
9150
  },
@@ -8532,7 +9204,7 @@
8532
9204
  },
8533
9205
  {
8534
9206
  "deprecationReason": null,
8535
- "description": "Data Classifiers",
9207
+ "description": "Defines the scanning methods used by the DLP system",
8536
9208
  "isDeprecated": false,
8537
9209
  "name": "dlp_scan_types"
8538
9210
  },
@@ -8610,7 +9282,7 @@
8610
9282
  },
8611
9283
  {
8612
9284
  "deprecationReason": null,
8613
- "description": "Used Public IP",
9285
+ "description": "Public source IP",
8614
9286
  "isDeprecated": false,
8615
9287
  "name": "public_ip"
8616
9288
  },
@@ -8781,6 +9453,54 @@
8781
9453
  "description": "Device Type",
8782
9454
  "isDeprecated": false,
8783
9455
  "name": "device_type"
9456
+ },
9457
+ {
9458
+ "deprecationReason": null,
9459
+ "description": "Tenant Restriction Rule Name",
9460
+ "isDeprecated": false,
9461
+ "name": "tenant_restriction_rule_name"
9462
+ },
9463
+ {
9464
+ "deprecationReason": null,
9465
+ "description": "Connection Origin",
9466
+ "isDeprecated": false,
9467
+ "name": "connection_origin"
9468
+ },
9469
+ {
9470
+ "deprecationReason": null,
9471
+ "description": "Translated Server IP",
9472
+ "isDeprecated": false,
9473
+ "name": "translated_server_ip"
9474
+ },
9475
+ {
9476
+ "deprecationReason": null,
9477
+ "description": "Translated Client IP",
9478
+ "isDeprecated": false,
9479
+ "name": "translated_client_ip"
9480
+ },
9481
+ {
9482
+ "deprecationReason": null,
9483
+ "description": "IoC Container Name",
9484
+ "isDeprecated": false,
9485
+ "name": "container_name"
9486
+ },
9487
+ {
9488
+ "deprecationReason": null,
9489
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
9490
+ "isDeprecated": false,
9491
+ "name": "correlation_id"
9492
+ },
9493
+ {
9494
+ "deprecationReason": null,
9495
+ "description": "Precedence",
9496
+ "isDeprecated": false,
9497
+ "name": "precedence"
9498
+ },
9499
+ {
9500
+ "deprecationReason": null,
9501
+ "description": "A list of labels providing additional context for the event",
9502
+ "isDeprecated": false,
9503
+ "name": "labels"
8784
9504
  }
8785
9505
  ],
8786
9506
  "fields": null,
@@ -9061,7 +9781,7 @@
9061
9781
  "description": null,
9062
9782
  "enumValues": [
9063
9783
  {
9064
- "deprecationReason": "use src_site_id/src_site_name instead",
9784
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9065
9785
  "description": "Name of site or user initiating the connection",
9066
9786
  "isDeprecated": true,
9067
9787
  "name": "src_site"
@@ -9085,7 +9805,7 @@
9085
9805
  "name": "user_id"
9086
9806
  },
9087
9807
  {
9088
- "deprecationReason": "use dest_site_id/dest_site_name instead",
9808
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9089
9809
  "description": "For WAN traffic, name of destination site or SDP user",
9090
9810
  "isDeprecated": true,
9091
9811
  "name": "dest_site"
@@ -9097,13 +9817,13 @@
9097
9817
  "name": "dest_site_id"
9098
9818
  },
9099
9819
  {
9100
- "deprecationReason": null,
9820
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
9101
9821
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
9102
- "isDeprecated": false,
9822
+ "isDeprecated": true,
9103
9823
  "name": "src_or_dest_site_id"
9104
9824
  },
9105
9825
  {
9106
- "deprecationReason": "use rule_name instead",
9826
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9107
9827
  "description": "Name of security rule related to the event",
9108
9828
  "isDeprecated": true,
9109
9829
  "name": "rule"
@@ -9121,7 +9841,7 @@
9121
9841
  "name": "socket_interface"
9122
9842
  },
9123
9843
  {
9124
- "deprecationReason": "use custom_category_id/custom_category_name instead",
9844
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9125
9845
  "description": "Name for the custom category defined in the Cato Management Application",
9126
9846
  "isDeprecated": true,
9127
9847
  "name": "custom_category"
@@ -9134,7 +9854,7 @@
9134
9854
  },
9135
9855
  {
9136
9856
  "deprecationReason": null,
9137
- "description": "For Internet traffic, destination host port",
9857
+ "description": "Destination port",
9138
9858
  "isDeprecated": false,
9139
9859
  "name": "dest_port"
9140
9860
  },
@@ -9194,7 +9914,7 @@
9194
9914
  },
9195
9915
  {
9196
9916
  "deprecationReason": null,
9197
- "description": "For Internet traffic, destination host IP address",
9917
+ "description": "Destination IP address",
9198
9918
  "isDeprecated": false,
9199
9919
  "name": "dest_ip"
9200
9920
  },
@@ -9271,7 +9991,7 @@
9271
9991
  "name": "configured_host_name"
9272
9992
  },
9273
9993
  {
9274
- "deprecationReason": "use event_id instead",
9994
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
9275
9995
  "description": "Cato Internal-use only",
9276
9996
  "isDeprecated": true,
9277
9997
  "name": "internalId"
@@ -9343,9 +10063,9 @@
9343
10063
  "name": "bgp_error_code"
9344
10064
  },
9345
10065
  {
9346
- "deprecationReason": null,
10066
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
9347
10067
  "description": "Description from Cato Management Application for BGP peer",
9348
- "isDeprecated": false,
10068
+ "isDeprecated": true,
9349
10069
  "name": "bgp_peer_description"
9350
10070
  },
9351
10071
  {
@@ -9410,7 +10130,7 @@
9410
10130
  },
9411
10131
  {
9412
10132
  "deprecationReason": null,
9413
- "description": "Data that measures the latency for a specific link",
10133
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
9414
10134
  "isDeprecated": false,
9415
10135
  "name": "link_health_latency"
9416
10136
  },
@@ -9565,14 +10285,14 @@
9565
10285
  "name": "incident_id"
9566
10286
  },
9567
10287
  {
9568
- "deprecationReason": "use application_id/application_name instead",
10288
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9569
10289
  "description": "For Internet firewall, app for this event",
9570
10290
  "isDeprecated": true,
9571
10291
  "name": "application"
9572
10292
  },
9573
10293
  {
9574
10294
  "deprecationReason": null,
9575
- "description": "Application of the flow",
10295
+ "description": "The name of the application associated with the flow",
9576
10296
  "isDeprecated": false,
9577
10297
  "name": "application_name"
9578
10298
  },
@@ -9595,7 +10315,7 @@
9595
10315
  "name": "socket_interface_id"
9596
10316
  },
9597
10317
  {
9598
- "deprecationReason": "use custom_category_id/custom_category_name instead",
10318
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9599
10319
  "description": "Unique Cato ID for the custom category",
9600
10320
  "isDeprecated": true,
9601
10321
  "name": "custom_categories"
@@ -9674,7 +10394,7 @@
9674
10394
  },
9675
10395
  {
9676
10396
  "deprecationReason": null,
9677
- "description": "For Internet traffic, destination host IP address",
10397
+ "description": "The name of the destination site",
9678
10398
  "isDeprecated": false,
9679
10399
  "name": "dest_site_name"
9680
10400
  },
@@ -9733,7 +10453,7 @@
9733
10453
  "name": "device_posture_profile"
9734
10454
  },
9735
10455
  {
9736
- "deprecationReason": "use device_posture_profile instead",
10456
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
9737
10457
  "description": "Device posture profiles",
9738
10458
  "isDeprecated": true,
9739
10459
  "name": "device_posture_profiles"
@@ -9806,7 +10526,7 @@
9806
10526
  },
9807
10527
  {
9808
10528
  "deprecationReason": null,
9809
- "description": "DLP fail mode",
10529
+ "description": "Describes the behavior when the DLP system encounters a failure",
9810
10530
  "isDeprecated": false,
9811
10531
  "name": "dlp_fail_mode"
9812
10532
  },
@@ -9864,6 +10584,24 @@
9864
10584
  "isDeprecated": false,
9865
10585
  "name": "is_sinkhole"
9866
10586
  },
10587
+ {
10588
+ "deprecationReason": null,
10589
+ "description": "The ID for the endpoint",
10590
+ "isDeprecated": false,
10591
+ "name": "endpoint_id"
10592
+ },
10593
+ {
10594
+ "deprecationReason": null,
10595
+ "description": "The Endpoint Protection Engine that detected the malware",
10596
+ "isDeprecated": false,
10597
+ "name": "epp_engine_type"
10598
+ },
10599
+ {
10600
+ "deprecationReason": null,
10601
+ "description": "The file operation when this event occurred",
10602
+ "isDeprecated": false,
10603
+ "name": "file_operation"
10604
+ },
9867
10605
  {
9868
10606
  "deprecationReason": null,
9869
10607
  "description": null,
@@ -9896,7 +10634,7 @@
9896
10634
  },
9897
10635
  {
9898
10636
  "deprecationReason": null,
9899
- "description": null,
10637
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
9900
10638
  "isDeprecated": false,
9901
10639
  "name": "vendor"
9902
10640
  },
@@ -9937,19 +10675,19 @@
9937
10675
  "name": "recommended_actions"
9938
10676
  },
9939
10677
  {
9940
- "deprecationReason": "use src_pid instead",
10678
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
9941
10679
  "description": null,
9942
10680
  "isDeprecated": true,
9943
10681
  "name": "pid"
9944
10682
  },
9945
10683
  {
9946
- "deprecationReason": "use src_process_parent_pid instead",
10684
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
9947
10685
  "description": null,
9948
10686
  "isDeprecated": true,
9949
10687
  "name": "parent_pid"
9950
10688
  },
9951
10689
  {
9952
- "deprecationReason": "use src_process_path instead",
10690
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
9953
10691
  "description": null,
9954
10692
  "isDeprecated": true,
9955
10693
  "name": "process_path"
@@ -9966,12 +10704,66 @@
9966
10704
  "isDeprecated": false,
9967
10705
  "name": "out_of_band_access"
9968
10706
  },
10707
+ {
10708
+ "deprecationReason": null,
10709
+ "description": "A Unique ID for the quarantined file",
10710
+ "isDeprecated": false,
10711
+ "name": "quarantine_uuid"
10712
+ },
9969
10713
  {
9970
10714
  "deprecationReason": null,
9971
10715
  "description": null,
9972
10716
  "isDeprecated": false,
9973
10717
  "name": "logged_in_user"
9974
10718
  },
10719
+ {
10720
+ "deprecationReason": null,
10721
+ "description": "The profile assigned to the endpoint upon detection of the malware",
10722
+ "isDeprecated": false,
10723
+ "name": "epp_profile"
10724
+ },
10725
+ {
10726
+ "deprecationReason": null,
10727
+ "description": "Source process ID",
10728
+ "isDeprecated": false,
10729
+ "name": "src_pid"
10730
+ },
10731
+ {
10732
+ "deprecationReason": null,
10733
+ "description": "Source process file path",
10734
+ "isDeprecated": false,
10735
+ "name": "src_process_path"
10736
+ },
10737
+ {
10738
+ "deprecationReason": null,
10739
+ "description": "Source process command line",
10740
+ "isDeprecated": false,
10741
+ "name": "src_process_cmdline"
10742
+ },
10743
+ {
10744
+ "deprecationReason": null,
10745
+ "description": "Source process parent process ID",
10746
+ "isDeprecated": false,
10747
+ "name": "src_process_parent_pid"
10748
+ },
10749
+ {
10750
+ "deprecationReason": null,
10751
+ "description": "Source process parent file path",
10752
+ "isDeprecated": false,
10753
+ "name": "src_process_parent_path"
10754
+ },
10755
+ {
10756
+ "deprecationReason": null,
10757
+ "description": "If policy is set to disinfect, return the result of this action",
10758
+ "isDeprecated": false,
10759
+ "name": "disinfect_result"
10760
+ },
10761
+ {
10762
+ "deprecationReason": null,
10763
+ "description": "Indicate how many processes are part of this event",
10764
+ "isDeprecated": false,
10765
+ "name": "processes_count"
10766
+ },
9975
10767
  {
9976
10768
  "deprecationReason": null,
9977
10769
  "description": "HTTP request method (ie. Get, Post)",
@@ -10046,7 +10838,7 @@
10046
10838
  },
10047
10839
  {
10048
10840
  "deprecationReason": null,
10049
- "description": "Cato App",
10841
+ "description": "Cato application name",
10050
10842
  "isDeprecated": false,
10051
10843
  "name": "cato_app"
10052
10844
  },
@@ -10100,7 +10892,7 @@
10100
10892
  },
10101
10893
  {
10102
10894
  "deprecationReason": null,
10103
- "description": "Tenant Id",
10895
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
10104
10896
  "isDeprecated": false,
10105
10897
  "name": "tenant_id"
10106
10898
  },
@@ -10160,7 +10952,7 @@
10160
10952
  },
10161
10953
  {
10162
10954
  "deprecationReason": null,
10163
- "description": "Data Classifiers",
10955
+ "description": "Defines the scanning methods used by the DLP system",
10164
10956
  "isDeprecated": false,
10165
10957
  "name": "dlp_scan_types"
10166
10958
  },
@@ -10238,7 +11030,7 @@
10238
11030
  },
10239
11031
  {
10240
11032
  "deprecationReason": null,
10241
- "description": "Used Public IP",
11033
+ "description": "Public source IP",
10242
11034
  "isDeprecated": false,
10243
11035
  "name": "public_ip"
10244
11036
  },
@@ -10409,6 +11201,54 @@
10409
11201
  "description": "Device Type",
10410
11202
  "isDeprecated": false,
10411
11203
  "name": "device_type"
11204
+ },
11205
+ {
11206
+ "deprecationReason": null,
11207
+ "description": "Tenant Restriction Rule Name",
11208
+ "isDeprecated": false,
11209
+ "name": "tenant_restriction_rule_name"
11210
+ },
11211
+ {
11212
+ "deprecationReason": null,
11213
+ "description": "Connection Origin",
11214
+ "isDeprecated": false,
11215
+ "name": "connection_origin"
11216
+ },
11217
+ {
11218
+ "deprecationReason": null,
11219
+ "description": "Translated Server IP",
11220
+ "isDeprecated": false,
11221
+ "name": "translated_server_ip"
11222
+ },
11223
+ {
11224
+ "deprecationReason": null,
11225
+ "description": "Translated Client IP",
11226
+ "isDeprecated": false,
11227
+ "name": "translated_client_ip"
11228
+ },
11229
+ {
11230
+ "deprecationReason": null,
11231
+ "description": "IoC Container Name",
11232
+ "isDeprecated": false,
11233
+ "name": "container_name"
11234
+ },
11235
+ {
11236
+ "deprecationReason": null,
11237
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
11238
+ "isDeprecated": false,
11239
+ "name": "correlation_id"
11240
+ },
11241
+ {
11242
+ "deprecationReason": null,
11243
+ "description": "Precedence",
11244
+ "isDeprecated": false,
11245
+ "name": "precedence"
11246
+ },
11247
+ {
11248
+ "deprecationReason": null,
11249
+ "description": "A list of labels providing additional context for the event",
11250
+ "isDeprecated": false,
11251
+ "name": "labels"
10412
11252
  }
10413
11253
  ],
10414
11254
  "fields": null,
@@ -10491,7 +11331,7 @@
10491
11331
  "description": null,
10492
11332
  "enumValues": [
10493
11333
  {
10494
- "deprecationReason": "use src_site_id/src_site_name instead",
11334
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10495
11335
  "description": "Name of site or user initiating the connection",
10496
11336
  "isDeprecated": true,
10497
11337
  "name": "src_site"
@@ -10515,7 +11355,7 @@
10515
11355
  "name": "user_id"
10516
11356
  },
10517
11357
  {
10518
- "deprecationReason": "use dest_site_id/dest_site_name instead",
11358
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10519
11359
  "description": "For WAN traffic, name of destination site or SDP user",
10520
11360
  "isDeprecated": true,
10521
11361
  "name": "dest_site"
@@ -10527,13 +11367,13 @@
10527
11367
  "name": "dest_site_id"
10528
11368
  },
10529
11369
  {
10530
- "deprecationReason": null,
11370
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
10531
11371
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
10532
- "isDeprecated": false,
11372
+ "isDeprecated": true,
10533
11373
  "name": "src_or_dest_site_id"
10534
11374
  },
10535
11375
  {
10536
- "deprecationReason": "use rule_name instead",
11376
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10537
11377
  "description": "Name of security rule related to the event",
10538
11378
  "isDeprecated": true,
10539
11379
  "name": "rule"
@@ -10551,7 +11391,7 @@
10551
11391
  "name": "socket_interface"
10552
11392
  },
10553
11393
  {
10554
- "deprecationReason": "use custom_category_id/custom_category_name instead",
11394
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10555
11395
  "description": "Name for the custom category defined in the Cato Management Application",
10556
11396
  "isDeprecated": true,
10557
11397
  "name": "custom_category"
@@ -10564,7 +11404,7 @@
10564
11404
  },
10565
11405
  {
10566
11406
  "deprecationReason": null,
10567
- "description": "For Internet traffic, destination host port",
11407
+ "description": "Destination port",
10568
11408
  "isDeprecated": false,
10569
11409
  "name": "dest_port"
10570
11410
  },
@@ -10624,7 +11464,7 @@
10624
11464
  },
10625
11465
  {
10626
11466
  "deprecationReason": null,
10627
- "description": "For Internet traffic, destination host IP address",
11467
+ "description": "Destination IP address",
10628
11468
  "isDeprecated": false,
10629
11469
  "name": "dest_ip"
10630
11470
  },
@@ -10701,7 +11541,7 @@
10701
11541
  "name": "configured_host_name"
10702
11542
  },
10703
11543
  {
10704
- "deprecationReason": "use event_id instead",
11544
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
10705
11545
  "description": "Cato Internal-use only",
10706
11546
  "isDeprecated": true,
10707
11547
  "name": "internalId"
@@ -10773,9 +11613,9 @@
10773
11613
  "name": "bgp_error_code"
10774
11614
  },
10775
11615
  {
10776
- "deprecationReason": null,
11616
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
10777
11617
  "description": "Description from Cato Management Application for BGP peer",
10778
- "isDeprecated": false,
11618
+ "isDeprecated": true,
10779
11619
  "name": "bgp_peer_description"
10780
11620
  },
10781
11621
  {
@@ -10840,7 +11680,7 @@
10840
11680
  },
10841
11681
  {
10842
11682
  "deprecationReason": null,
10843
- "description": "Data that measures the latency for a specific link",
11683
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
10844
11684
  "isDeprecated": false,
10845
11685
  "name": "link_health_latency"
10846
11686
  },
@@ -10995,14 +11835,14 @@
10995
11835
  "name": "incident_id"
10996
11836
  },
10997
11837
  {
10998
- "deprecationReason": "use application_id/application_name instead",
11838
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10999
11839
  "description": "For Internet firewall, app for this event",
11000
11840
  "isDeprecated": true,
11001
11841
  "name": "application"
11002
11842
  },
11003
11843
  {
11004
11844
  "deprecationReason": null,
11005
- "description": "Application of the flow",
11845
+ "description": "The name of the application associated with the flow",
11006
11846
  "isDeprecated": false,
11007
11847
  "name": "application_name"
11008
11848
  },
@@ -11025,7 +11865,7 @@
11025
11865
  "name": "socket_interface_id"
11026
11866
  },
11027
11867
  {
11028
- "deprecationReason": "use custom_category_id/custom_category_name instead",
11868
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
11029
11869
  "description": "Unique Cato ID for the custom category",
11030
11870
  "isDeprecated": true,
11031
11871
  "name": "custom_categories"
@@ -11104,7 +11944,7 @@
11104
11944
  },
11105
11945
  {
11106
11946
  "deprecationReason": null,
11107
- "description": "For Internet traffic, destination host IP address",
11947
+ "description": "The name of the destination site",
11108
11948
  "isDeprecated": false,
11109
11949
  "name": "dest_site_name"
11110
11950
  },
@@ -11163,7 +12003,7 @@
11163
12003
  "name": "device_posture_profile"
11164
12004
  },
11165
12005
  {
11166
- "deprecationReason": "use device_posture_profile instead",
12006
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
11167
12007
  "description": "Device posture profiles",
11168
12008
  "isDeprecated": true,
11169
12009
  "name": "device_posture_profiles"
@@ -11236,7 +12076,7 @@
11236
12076
  },
11237
12077
  {
11238
12078
  "deprecationReason": null,
11239
- "description": "DLP fail mode",
12079
+ "description": "Describes the behavior when the DLP system encounters a failure",
11240
12080
  "isDeprecated": false,
11241
12081
  "name": "dlp_fail_mode"
11242
12082
  },
@@ -11294,6 +12134,24 @@
11294
12134
  "isDeprecated": false,
11295
12135
  "name": "is_sinkhole"
11296
12136
  },
12137
+ {
12138
+ "deprecationReason": null,
12139
+ "description": "The ID for the endpoint",
12140
+ "isDeprecated": false,
12141
+ "name": "endpoint_id"
12142
+ },
12143
+ {
12144
+ "deprecationReason": null,
12145
+ "description": "The Endpoint Protection Engine that detected the malware",
12146
+ "isDeprecated": false,
12147
+ "name": "epp_engine_type"
12148
+ },
12149
+ {
12150
+ "deprecationReason": null,
12151
+ "description": "The file operation when this event occurred",
12152
+ "isDeprecated": false,
12153
+ "name": "file_operation"
12154
+ },
11297
12155
  {
11298
12156
  "deprecationReason": null,
11299
12157
  "description": null,
@@ -11326,7 +12184,7 @@
11326
12184
  },
11327
12185
  {
11328
12186
  "deprecationReason": null,
11329
- "description": null,
12187
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
11330
12188
  "isDeprecated": false,
11331
12189
  "name": "vendor"
11332
12190
  },
@@ -11367,19 +12225,19 @@
11367
12225
  "name": "recommended_actions"
11368
12226
  },
11369
12227
  {
11370
- "deprecationReason": "use src_pid instead",
12228
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
11371
12229
  "description": null,
11372
12230
  "isDeprecated": true,
11373
12231
  "name": "pid"
11374
12232
  },
11375
12233
  {
11376
- "deprecationReason": "use src_process_parent_pid instead",
12234
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
11377
12235
  "description": null,
11378
12236
  "isDeprecated": true,
11379
12237
  "name": "parent_pid"
11380
12238
  },
11381
12239
  {
11382
- "deprecationReason": "use src_process_path instead",
12240
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
11383
12241
  "description": null,
11384
12242
  "isDeprecated": true,
11385
12243
  "name": "process_path"
@@ -11396,12 +12254,66 @@
11396
12254
  "isDeprecated": false,
11397
12255
  "name": "out_of_band_access"
11398
12256
  },
12257
+ {
12258
+ "deprecationReason": null,
12259
+ "description": "A Unique ID for the quarantined file",
12260
+ "isDeprecated": false,
12261
+ "name": "quarantine_uuid"
12262
+ },
11399
12263
  {
11400
12264
  "deprecationReason": null,
11401
12265
  "description": null,
11402
12266
  "isDeprecated": false,
11403
12267
  "name": "logged_in_user"
11404
12268
  },
12269
+ {
12270
+ "deprecationReason": null,
12271
+ "description": "The profile assigned to the endpoint upon detection of the malware",
12272
+ "isDeprecated": false,
12273
+ "name": "epp_profile"
12274
+ },
12275
+ {
12276
+ "deprecationReason": null,
12277
+ "description": "Source process ID",
12278
+ "isDeprecated": false,
12279
+ "name": "src_pid"
12280
+ },
12281
+ {
12282
+ "deprecationReason": null,
12283
+ "description": "Source process file path",
12284
+ "isDeprecated": false,
12285
+ "name": "src_process_path"
12286
+ },
12287
+ {
12288
+ "deprecationReason": null,
12289
+ "description": "Source process command line",
12290
+ "isDeprecated": false,
12291
+ "name": "src_process_cmdline"
12292
+ },
12293
+ {
12294
+ "deprecationReason": null,
12295
+ "description": "Source process parent process ID",
12296
+ "isDeprecated": false,
12297
+ "name": "src_process_parent_pid"
12298
+ },
12299
+ {
12300
+ "deprecationReason": null,
12301
+ "description": "Source process parent file path",
12302
+ "isDeprecated": false,
12303
+ "name": "src_process_parent_path"
12304
+ },
12305
+ {
12306
+ "deprecationReason": null,
12307
+ "description": "If policy is set to disinfect, return the result of this action",
12308
+ "isDeprecated": false,
12309
+ "name": "disinfect_result"
12310
+ },
12311
+ {
12312
+ "deprecationReason": null,
12313
+ "description": "Indicate how many processes are part of this event",
12314
+ "isDeprecated": false,
12315
+ "name": "processes_count"
12316
+ },
11405
12317
  {
11406
12318
  "deprecationReason": null,
11407
12319
  "description": "HTTP request method (ie. Get, Post)",
@@ -11476,7 +12388,7 @@
11476
12388
  },
11477
12389
  {
11478
12390
  "deprecationReason": null,
11479
- "description": "Cato App",
12391
+ "description": "Cato application name",
11480
12392
  "isDeprecated": false,
11481
12393
  "name": "cato_app"
11482
12394
  },
@@ -11530,7 +12442,7 @@
11530
12442
  },
11531
12443
  {
11532
12444
  "deprecationReason": null,
11533
- "description": "Tenant Id",
12445
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
11534
12446
  "isDeprecated": false,
11535
12447
  "name": "tenant_id"
11536
12448
  },
@@ -11590,7 +12502,7 @@
11590
12502
  },
11591
12503
  {
11592
12504
  "deprecationReason": null,
11593
- "description": "Data Classifiers",
12505
+ "description": "Defines the scanning methods used by the DLP system",
11594
12506
  "isDeprecated": false,
11595
12507
  "name": "dlp_scan_types"
11596
12508
  },
@@ -11668,7 +12580,7 @@
11668
12580
  },
11669
12581
  {
11670
12582
  "deprecationReason": null,
11671
- "description": "Used Public IP",
12583
+ "description": "Public source IP",
11672
12584
  "isDeprecated": false,
11673
12585
  "name": "public_ip"
11674
12586
  },
@@ -11839,6 +12751,54 @@
11839
12751
  "description": "Device Type",
11840
12752
  "isDeprecated": false,
11841
12753
  "name": "device_type"
12754
+ },
12755
+ {
12756
+ "deprecationReason": null,
12757
+ "description": "Tenant Restriction Rule Name",
12758
+ "isDeprecated": false,
12759
+ "name": "tenant_restriction_rule_name"
12760
+ },
12761
+ {
12762
+ "deprecationReason": null,
12763
+ "description": "Connection Origin",
12764
+ "isDeprecated": false,
12765
+ "name": "connection_origin"
12766
+ },
12767
+ {
12768
+ "deprecationReason": null,
12769
+ "description": "Translated Server IP",
12770
+ "isDeprecated": false,
12771
+ "name": "translated_server_ip"
12772
+ },
12773
+ {
12774
+ "deprecationReason": null,
12775
+ "description": "Translated Client IP",
12776
+ "isDeprecated": false,
12777
+ "name": "translated_client_ip"
12778
+ },
12779
+ {
12780
+ "deprecationReason": null,
12781
+ "description": "IoC Container Name",
12782
+ "isDeprecated": false,
12783
+ "name": "container_name"
12784
+ },
12785
+ {
12786
+ "deprecationReason": null,
12787
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
12788
+ "isDeprecated": false,
12789
+ "name": "correlation_id"
12790
+ },
12791
+ {
12792
+ "deprecationReason": null,
12793
+ "description": "Precedence",
12794
+ "isDeprecated": false,
12795
+ "name": "precedence"
12796
+ },
12797
+ {
12798
+ "deprecationReason": null,
12799
+ "description": "A list of labels providing additional context for the event",
12800
+ "isDeprecated": false,
12801
+ "name": "labels"
11842
12802
  }
11843
12803
  ],
11844
12804
  "fields": null,