catocli 1.0.19__py3-none-any.whl → 1.0.20__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (100) hide show
  1. catocli/Utils/clidriver.py +6 -0
  2. catocli/__init__.py +1 -1
  3. catocli/parsers/mutation_policy/__init__.py +174 -0
  4. catocli/parsers/mutation_policy_dynamicIpAllocation/README.md +7 -0
  5. catocli/parsers/mutation_policy_dynamicIpAllocation_addRule/README.md +18 -0
  6. catocli/parsers/mutation_policy_dynamicIpAllocation_addSection/README.md +18 -0
  7. catocli/parsers/mutation_policy_dynamicIpAllocation_createPolicyRevision/README.md +18 -0
  8. catocli/parsers/mutation_policy_dynamicIpAllocation_discardPolicyRevision/README.md +18 -0
  9. catocli/parsers/mutation_policy_dynamicIpAllocation_moveRule/README.md +18 -0
  10. catocli/parsers/mutation_policy_dynamicIpAllocation_moveSection/README.md +18 -0
  11. catocli/parsers/mutation_policy_dynamicIpAllocation_publishPolicyRevision/README.md +18 -0
  12. catocli/parsers/mutation_policy_dynamicIpAllocation_removeRule/README.md +18 -0
  13. catocli/parsers/mutation_policy_dynamicIpAllocation_removeSection/README.md +18 -0
  14. catocli/parsers/mutation_policy_dynamicIpAllocation_updatePolicy/README.md +18 -0
  15. catocli/parsers/mutation_policy_dynamicIpAllocation_updateRule/README.md +18 -0
  16. catocli/parsers/mutation_policy_dynamicIpAllocation_updateSection/README.md +18 -0
  17. catocli/parsers/mutation_sandbox/README.md +7 -0
  18. catocli/parsers/mutation_sandbox/__init__.py +37 -0
  19. catocli/parsers/mutation_sandbox_deleteReport/README.md +17 -0
  20. catocli/parsers/mutation_sandbox_uploadFile/README.md +17 -0
  21. catocli/parsers/mutation_site/__init__.py +28 -0
  22. catocli/parsers/mutation_site_addIpsecIkeV2Site/README.md +1 -1
  23. catocli/parsers/mutation_site_addIpsecIkeV2SiteTunnels/README.md +1 -1
  24. catocli/parsers/mutation_site_addSecondaryAwsVSocket/README.md +17 -0
  25. catocli/parsers/mutation_site_addSecondaryAzureVSocket/README.md +17 -0
  26. catocli/parsers/mutation_site_addSocketSite/README.md +1 -1
  27. catocli/parsers/mutation_site_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  28. catocli/parsers/mutation_site_updateSocketInterface/README.md +1 -1
  29. catocli/parsers/mutation_sites/__init__.py +28 -0
  30. catocli/parsers/mutation_sites_addIpsecIkeV2Site/README.md +1 -1
  31. catocli/parsers/mutation_sites_addIpsecIkeV2SiteTunnels/README.md +1 -1
  32. catocli/parsers/mutation_sites_addSecondaryAwsVSocket/README.md +17 -0
  33. catocli/parsers/mutation_sites_addSecondaryAzureVSocket/README.md +17 -0
  34. catocli/parsers/mutation_sites_addSocketSite/README.md +1 -1
  35. catocli/parsers/mutation_sites_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  36. catocli/parsers/mutation_sites_updateSocketInterface/README.md +1 -1
  37. catocli/parsers/mutation_xdr/README.md +7 -0
  38. catocli/parsers/mutation_xdr/__init__.py +51 -0
  39. catocli/parsers/mutation_xdr_addStoryComment/README.md +17 -0
  40. catocli/parsers/mutation_xdr_analystFeedback/README.md +18 -0
  41. catocli/parsers/mutation_xdr_deleteStoryComment/README.md +17 -0
  42. catocli/parsers/query_accountMetrics/README.md +2 -1
  43. catocli/parsers/query_appStatsTimeSeries/README.md +2 -1
  44. catocli/parsers/query_eventsFeed/README.md +1 -1
  45. catocli/parsers/query_eventsTimeSeries/README.md +2 -1
  46. catocli/parsers/query_policy/README.md +2 -1
  47. catocli/parsers/query_sandbox/README.md +17 -0
  48. catocli/parsers/query_sandbox/__init__.py +17 -0
  49. catocli/parsers/query_xdr_story/README.md +1 -1
  50. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/METADATA +1 -1
  51. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/RECORD +100 -50
  52. models/mutation.policy.dynamicIpAllocation.addRule.json +3696 -0
  53. models/mutation.policy.dynamicIpAllocation.addSection.json +1358 -0
  54. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +2175 -0
  55. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +2109 -0
  56. models/mutation.policy.dynamicIpAllocation.moveRule.json +1907 -0
  57. models/mutation.policy.dynamicIpAllocation.moveSection.json +1259 -0
  58. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +2166 -0
  59. models/mutation.policy.dynamicIpAllocation.removeRule.json +1555 -0
  60. models/mutation.policy.dynamicIpAllocation.removeSection.json +958 -0
  61. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +2185 -0
  62. models/mutation.policy.dynamicIpAllocation.updateRule.json +3374 -0
  63. models/mutation.policy.dynamicIpAllocation.updateSection.json +1111 -0
  64. models/mutation.sandbox.deleteReport.json +302 -0
  65. models/mutation.sandbox.uploadFile.json +301 -0
  66. models/mutation.site.addIpsecIkeV2Site.json +57 -0
  67. models/mutation.site.addIpsecIkeV2SiteTunnels.json +222 -0
  68. models/mutation.site.addSecondaryAwsVSocket.json +707 -0
  69. models/mutation.site.addSecondaryAzureVSocket.json +647 -0
  70. models/mutation.site.addSocketSite.json +72 -15
  71. models/mutation.site.updateIpsecIkeV2SiteTunnels.json +222 -0
  72. models/mutation.site.updateNetworkRange.json +3 -3
  73. models/mutation.site.updateSocketInterface.json +126 -18
  74. models/mutation.sites.addIpsecIkeV2Site.json +57 -0
  75. models/mutation.sites.addIpsecIkeV2SiteTunnels.json +222 -0
  76. models/mutation.sites.addSecondaryAwsVSocket.json +707 -0
  77. models/mutation.sites.addSecondaryAzureVSocket.json +647 -0
  78. models/mutation.sites.addSocketSite.json +72 -15
  79. models/mutation.sites.updateIpsecIkeV2SiteTunnels.json +222 -0
  80. models/mutation.sites.updateNetworkRange.json +3 -3
  81. models/mutation.sites.updateSocketInterface.json +126 -18
  82. models/mutation.xdr.addStoryComment.json +622 -0
  83. models/mutation.xdr.analystFeedback.json +28820 -0
  84. models/mutation.xdr.deleteStoryComment.json +622 -0
  85. models/query.accountMetrics.json +341 -0
  86. models/query.accountSnapshot.json +120 -0
  87. models/query.appStatsTimeSeries.json +37 -0
  88. models/query.auditFeed.json +292 -52
  89. models/query.events.json +1196 -236
  90. models/query.eventsFeed.json +292 -52
  91. models/query.eventsTimeSeries.json +941 -184
  92. models/query.policy.json +2047 -156
  93. models/query.sandbox.json +2047 -0
  94. models/query.xdr.stories.json +134 -4
  95. models/query.xdr.story.json +116 -4
  96. schema/catolib.py +3 -4
  97. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/LICENSE +0 -0
  98. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/WHEEL +0 -0
  99. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/entry_points.txt +0 -0
  100. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/top_level.txt +0 -0
models/query.eventsFeed.json CHANGED
@@ -382,7 +382,7 @@
382
382
  "description": null,
383
383
  "enumValues": [
384
384
  {
385
- "deprecationReason": "use src_site_id/src_site_name instead",
385
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
386
386
  "description": "Name of site or user initiating the connection",
387
387
  "isDeprecated": true,
388
388
  "name": "src_site"
@@ -406,7 +406,7 @@
406
406
  "name": "user_id"
407
407
  },
408
408
  {
409
- "deprecationReason": "use dest_site_id/dest_site_name instead",
409
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
410
410
  "description": "For WAN traffic, name of destination site or SDP user",
411
411
  "isDeprecated": true,
412
412
  "name": "dest_site"
@@ -418,13 +418,13 @@
418
418
  "name": "dest_site_id"
419
419
  },
420
420
  {
421
- "deprecationReason": null,
421
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
422
422
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
423
- "isDeprecated": false,
423
+ "isDeprecated": true,
424
424
  "name": "src_or_dest_site_id"
425
425
  },
426
426
  {
427
- "deprecationReason": "use rule_name instead",
427
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
428
428
  "description": "Name of security rule related to the event",
429
429
  "isDeprecated": true,
430
430
  "name": "rule"
@@ -442,7 +442,7 @@
442
442
  "name": "socket_interface"
443
443
  },
444
444
  {
445
- "deprecationReason": "use custom_category_id/custom_category_name instead",
445
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
446
446
  "description": "Name for the custom category defined in the Cato Management Application",
447
447
  "isDeprecated": true,
448
448
  "name": "custom_category"
@@ -455,7 +455,7 @@
455
455
  },
456
456
  {
457
457
  "deprecationReason": null,
458
- "description": "For Internet traffic, destination host port",
458
+ "description": "Destination port",
459
459
  "isDeprecated": false,
460
460
  "name": "dest_port"
461
461
  },
@@ -515,7 +515,7 @@
515
515
  },
516
516
  {
517
517
  "deprecationReason": null,
518
- "description": "For Internet traffic, destination host IP address",
518
+ "description": "Destination IP address",
519
519
  "isDeprecated": false,
520
520
  "name": "dest_ip"
521
521
  },
@@ -592,7 +592,7 @@
592
592
  "name": "configured_host_name"
593
593
  },
594
594
  {
595
- "deprecationReason": "use event_id instead",
595
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
596
596
  "description": "Cato Internal-use only",
597
597
  "isDeprecated": true,
598
598
  "name": "internalId"
@@ -664,9 +664,9 @@
664
664
  "name": "bgp_error_code"
665
665
  },
666
666
  {
667
- "deprecationReason": null,
667
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
668
668
  "description": "Description from Cato Management Application for BGP peer",
669
- "isDeprecated": false,
669
+ "isDeprecated": true,
670
670
  "name": "bgp_peer_description"
671
671
  },
672
672
  {
@@ -731,7 +731,7 @@
731
731
  },
732
732
  {
733
733
  "deprecationReason": null,
734
- "description": "Data that measures the latency for a specific link",
734
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
735
735
  "isDeprecated": false,
736
736
  "name": "link_health_latency"
737
737
  },
@@ -886,14 +886,14 @@
886
886
  "name": "incident_id"
887
887
  },
888
888
  {
889
- "deprecationReason": "use application_id/application_name instead",
889
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
890
890
  "description": "For Internet firewall, app for this event",
891
891
  "isDeprecated": true,
892
892
  "name": "application"
893
893
  },
894
894
  {
895
895
  "deprecationReason": null,
896
- "description": "Application of the flow",
896
+ "description": "The name of the application associated with the flow",
897
897
  "isDeprecated": false,
898
898
  "name": "application_name"
899
899
  },
@@ -916,7 +916,7 @@
916
916
  "name": "socket_interface_id"
917
917
  },
918
918
  {
919
- "deprecationReason": "use custom_category_id/custom_category_name instead",
919
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
920
920
  "description": "Unique Cato ID for the custom category",
921
921
  "isDeprecated": true,
922
922
  "name": "custom_categories"
@@ -995,7 +995,7 @@
995
995
  },
996
996
  {
997
997
  "deprecationReason": null,
998
- "description": "For Internet traffic, destination host IP address",
998
+ "description": "The name of the destination site",
999
999
  "isDeprecated": false,
1000
1000
  "name": "dest_site_name"
1001
1001
  },
@@ -1054,7 +1054,7 @@
1054
1054
  "name": "device_posture_profile"
1055
1055
  },
1056
1056
  {
1057
- "deprecationReason": "use device_posture_profile instead",
1057
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
1058
1058
  "description": "Device posture profiles",
1059
1059
  "isDeprecated": true,
1060
1060
  "name": "device_posture_profiles"
@@ -1127,7 +1127,7 @@
1127
1127
  },
1128
1128
  {
1129
1129
  "deprecationReason": null,
1130
- "description": "DLP fail mode",
1130
+ "description": "Describes the behavior when the DLP system encounters a failure",
1131
1131
  "isDeprecated": false,
1132
1132
  "name": "dlp_fail_mode"
1133
1133
  },
@@ -1185,6 +1185,24 @@
1185
1185
  "isDeprecated": false,
1186
1186
  "name": "is_sinkhole"
1187
1187
  },
1188
+ {
1189
+ "deprecationReason": null,
1190
+ "description": "The ID for the endpoint",
1191
+ "isDeprecated": false,
1192
+ "name": "endpoint_id"
1193
+ },
1194
+ {
1195
+ "deprecationReason": null,
1196
+ "description": "The Endpoint Protection Engine that detected the malware",
1197
+ "isDeprecated": false,
1198
+ "name": "epp_engine_type"
1199
+ },
1200
+ {
1201
+ "deprecationReason": null,
1202
+ "description": "The file operation when this event occurred",
1203
+ "isDeprecated": false,
1204
+ "name": "file_operation"
1205
+ },
1188
1206
  {
1189
1207
  "deprecationReason": null,
1190
1208
  "description": null,
@@ -1217,7 +1235,7 @@
1217
1235
  },
1218
1236
  {
1219
1237
  "deprecationReason": null,
1220
- "description": null,
1238
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
1221
1239
  "isDeprecated": false,
1222
1240
  "name": "vendor"
1223
1241
  },
@@ -1258,19 +1276,19 @@
1258
1276
  "name": "recommended_actions"
1259
1277
  },
1260
1278
  {
1261
- "deprecationReason": "use src_pid instead",
1279
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
1262
1280
  "description": null,
1263
1281
  "isDeprecated": true,
1264
1282
  "name": "pid"
1265
1283
  },
1266
1284
  {
1267
- "deprecationReason": "use src_process_parent_pid instead",
1285
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
1268
1286
  "description": null,
1269
1287
  "isDeprecated": true,
1270
1288
  "name": "parent_pid"
1271
1289
  },
1272
1290
  {
1273
- "deprecationReason": "use src_process_path instead",
1291
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
1274
1292
  "description": null,
1275
1293
  "isDeprecated": true,
1276
1294
  "name": "process_path"
@@ -1287,12 +1305,66 @@
1287
1305
  "isDeprecated": false,
1288
1306
  "name": "out_of_band_access"
1289
1307
  },
1308
+ {
1309
+ "deprecationReason": null,
1310
+ "description": "A Unique ID for the quarantined file",
1311
+ "isDeprecated": false,
1312
+ "name": "quarantine_uuid"
1313
+ },
1290
1314
  {
1291
1315
  "deprecationReason": null,
1292
1316
  "description": null,
1293
1317
  "isDeprecated": false,
1294
1318
  "name": "logged_in_user"
1295
1319
  },
1320
+ {
1321
+ "deprecationReason": null,
1322
+ "description": "The profile assigned to the endpoint upon detection of the malware",
1323
+ "isDeprecated": false,
1324
+ "name": "epp_profile"
1325
+ },
1326
+ {
1327
+ "deprecationReason": null,
1328
+ "description": "Source process ID",
1329
+ "isDeprecated": false,
1330
+ "name": "src_pid"
1331
+ },
1332
+ {
1333
+ "deprecationReason": null,
1334
+ "description": "Source process file path",
1335
+ "isDeprecated": false,
1336
+ "name": "src_process_path"
1337
+ },
1338
+ {
1339
+ "deprecationReason": null,
1340
+ "description": "Source process command line",
1341
+ "isDeprecated": false,
1342
+ "name": "src_process_cmdline"
1343
+ },
1344
+ {
1345
+ "deprecationReason": null,
1346
+ "description": "Source process parent process ID",
1347
+ "isDeprecated": false,
1348
+ "name": "src_process_parent_pid"
1349
+ },
1350
+ {
1351
+ "deprecationReason": null,
1352
+ "description": "Source process parent file path",
1353
+ "isDeprecated": false,
1354
+ "name": "src_process_parent_path"
1355
+ },
1356
+ {
1357
+ "deprecationReason": null,
1358
+ "description": "If policy is set to disinfect, return the result of this action",
1359
+ "isDeprecated": false,
1360
+ "name": "disinfect_result"
1361
+ },
1362
+ {
1363
+ "deprecationReason": null,
1364
+ "description": "Indicate how many processes are part of this event",
1365
+ "isDeprecated": false,
1366
+ "name": "processes_count"
1367
+ },
1296
1368
  {
1297
1369
  "deprecationReason": null,
1298
1370
  "description": "HTTP request method (ie. Get, Post)",
@@ -1367,7 +1439,7 @@
1367
1439
  },
1368
1440
  {
1369
1441
  "deprecationReason": null,
1370
- "description": "Cato App",
1442
+ "description": "Cato application name",
1371
1443
  "isDeprecated": false,
1372
1444
  "name": "cato_app"
1373
1445
  },
@@ -1421,7 +1493,7 @@
1421
1493
  },
1422
1494
  {
1423
1495
  "deprecationReason": null,
1424
- "description": "Tenant Id",
1496
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1425
1497
  "isDeprecated": false,
1426
1498
  "name": "tenant_id"
1427
1499
  },
@@ -1481,7 +1553,7 @@
1481
1553
  },
1482
1554
  {
1483
1555
  "deprecationReason": null,
1484
- "description": "Data Classifiers",
1556
+ "description": "Defines the scanning methods used by the DLP system",
1485
1557
  "isDeprecated": false,
1486
1558
  "name": "dlp_scan_types"
1487
1559
  },
@@ -1559,7 +1631,7 @@
1559
1631
  },
1560
1632
  {
1561
1633
  "deprecationReason": null,
1562
- "description": "Used Public IP",
1634
+ "description": "Public source IP",
1563
1635
  "isDeprecated": false,
1564
1636
  "name": "public_ip"
1565
1637
  },
@@ -1730,6 +1802,54 @@
1730
1802
  "description": "Device Type",
1731
1803
  "isDeprecated": false,
1732
1804
  "name": "device_type"
1805
+ },
1806
+ {
1807
+ "deprecationReason": null,
1808
+ "description": "Tenant Restriction Rule Name",
1809
+ "isDeprecated": false,
1810
+ "name": "tenant_restriction_rule_name"
1811
+ },
1812
+ {
1813
+ "deprecationReason": null,
1814
+ "description": "Connection Origin",
1815
+ "isDeprecated": false,
1816
+ "name": "connection_origin"
1817
+ },
1818
+ {
1819
+ "deprecationReason": null,
1820
+ "description": "Translated Server IP",
1821
+ "isDeprecated": false,
1822
+ "name": "translated_server_ip"
1823
+ },
1824
+ {
1825
+ "deprecationReason": null,
1826
+ "description": "Translated Client IP",
1827
+ "isDeprecated": false,
1828
+ "name": "translated_client_ip"
1829
+ },
1830
+ {
1831
+ "deprecationReason": null,
1832
+ "description": "IoC Container Name",
1833
+ "isDeprecated": false,
1834
+ "name": "container_name"
1835
+ },
1836
+ {
1837
+ "deprecationReason": null,
1838
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1839
+ "isDeprecated": false,
1840
+ "name": "correlation_id"
1841
+ },
1842
+ {
1843
+ "deprecationReason": null,
1844
+ "description": "Precedence",
1845
+ "isDeprecated": false,
1846
+ "name": "precedence"
1847
+ },
1848
+ {
1849
+ "deprecationReason": null,
1850
+ "description": "A list of labels providing additional context for the event",
1851
+ "isDeprecated": false,
1852
+ "name": "labels"
1733
1853
  }
1734
1854
  ],
1735
1855
  "fields": null,
@@ -1848,7 +1968,7 @@
1848
1968
  "description": null,
1849
1969
  "enumValues": [
1850
1970
  {
1851
- "deprecationReason": "use src_site_id/src_site_name instead",
1971
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1852
1972
  "description": "Name of site or user initiating the connection",
1853
1973
  "isDeprecated": true,
1854
1974
  "name": "src_site"
@@ -1872,7 +1992,7 @@
1872
1992
  "name": "user_id"
1873
1993
  },
1874
1994
  {
1875
- "deprecationReason": "use dest_site_id/dest_site_name instead",
1995
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1876
1996
  "description": "For WAN traffic, name of destination site or SDP user",
1877
1997
  "isDeprecated": true,
1878
1998
  "name": "dest_site"
@@ -1884,13 +2004,13 @@
1884
2004
  "name": "dest_site_id"
1885
2005
  },
1886
2006
  {
1887
- "deprecationReason": null,
2007
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
1888
2008
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
1889
- "isDeprecated": false,
2009
+ "isDeprecated": true,
1890
2010
  "name": "src_or_dest_site_id"
1891
2011
  },
1892
2012
  {
1893
- "deprecationReason": "use rule_name instead",
2013
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1894
2014
  "description": "Name of security rule related to the event",
1895
2015
  "isDeprecated": true,
1896
2016
  "name": "rule"
@@ -1908,7 +2028,7 @@
1908
2028
  "name": "socket_interface"
1909
2029
  },
1910
2030
  {
1911
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2031
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1912
2032
  "description": "Name for the custom category defined in the Cato Management Application",
1913
2033
  "isDeprecated": true,
1914
2034
  "name": "custom_category"
@@ -1921,7 +2041,7 @@
1921
2041
  },
1922
2042
  {
1923
2043
  "deprecationReason": null,
1924
- "description": "For Internet traffic, destination host port",
2044
+ "description": "Destination port",
1925
2045
  "isDeprecated": false,
1926
2046
  "name": "dest_port"
1927
2047
  },
@@ -1981,7 +2101,7 @@
1981
2101
  },
1982
2102
  {
1983
2103
  "deprecationReason": null,
1984
- "description": "For Internet traffic, destination host IP address",
2104
+ "description": "Destination IP address",
1985
2105
  "isDeprecated": false,
1986
2106
  "name": "dest_ip"
1987
2107
  },
@@ -2058,7 +2178,7 @@
2058
2178
  "name": "configured_host_name"
2059
2179
  },
2060
2180
  {
2061
- "deprecationReason": "use event_id instead",
2181
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
2062
2182
  "description": "Cato Internal-use only",
2063
2183
  "isDeprecated": true,
2064
2184
  "name": "internalId"
@@ -2130,9 +2250,9 @@
2130
2250
  "name": "bgp_error_code"
2131
2251
  },
2132
2252
  {
2133
- "deprecationReason": null,
2253
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
2134
2254
  "description": "Description from Cato Management Application for BGP peer",
2135
- "isDeprecated": false,
2255
+ "isDeprecated": true,
2136
2256
  "name": "bgp_peer_description"
2137
2257
  },
2138
2258
  {
@@ -2197,7 +2317,7 @@
2197
2317
  },
2198
2318
  {
2199
2319
  "deprecationReason": null,
2200
- "description": "Data that measures the latency for a specific link",
2320
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
2201
2321
  "isDeprecated": false,
2202
2322
  "name": "link_health_latency"
2203
2323
  },
@@ -2352,14 +2472,14 @@
2352
2472
  "name": "incident_id"
2353
2473
  },
2354
2474
  {
2355
- "deprecationReason": "use application_id/application_name instead",
2475
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2356
2476
  "description": "For Internet firewall, app for this event",
2357
2477
  "isDeprecated": true,
2358
2478
  "name": "application"
2359
2479
  },
2360
2480
  {
2361
2481
  "deprecationReason": null,
2362
- "description": "Application of the flow",
2482
+ "description": "The name of the application associated with the flow",
2363
2483
  "isDeprecated": false,
2364
2484
  "name": "application_name"
2365
2485
  },
@@ -2382,7 +2502,7 @@
2382
2502
  "name": "socket_interface_id"
2383
2503
  },
2384
2504
  {
2385
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2505
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2386
2506
  "description": "Unique Cato ID for the custom category",
2387
2507
  "isDeprecated": true,
2388
2508
  "name": "custom_categories"
@@ -2461,7 +2581,7 @@
2461
2581
  },
2462
2582
  {
2463
2583
  "deprecationReason": null,
2464
- "description": "For Internet traffic, destination host IP address",
2584
+ "description": "The name of the destination site",
2465
2585
  "isDeprecated": false,
2466
2586
  "name": "dest_site_name"
2467
2587
  },
@@ -2520,7 +2640,7 @@
2520
2640
  "name": "device_posture_profile"
2521
2641
  },
2522
2642
  {
2523
- "deprecationReason": "use device_posture_profile instead",
2643
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2524
2644
  "description": "Device posture profiles",
2525
2645
  "isDeprecated": true,
2526
2646
  "name": "device_posture_profiles"
@@ -2593,7 +2713,7 @@
2593
2713
  },
2594
2714
  {
2595
2715
  "deprecationReason": null,
2596
- "description": "DLP fail mode",
2716
+ "description": "Describes the behavior when the DLP system encounters a failure",
2597
2717
  "isDeprecated": false,
2598
2718
  "name": "dlp_fail_mode"
2599
2719
  },
@@ -2651,6 +2771,24 @@
2651
2771
  "isDeprecated": false,
2652
2772
  "name": "is_sinkhole"
2653
2773
  },
2774
+ {
2775
+ "deprecationReason": null,
2776
+ "description": "The ID for the endpoint",
2777
+ "isDeprecated": false,
2778
+ "name": "endpoint_id"
2779
+ },
2780
+ {
2781
+ "deprecationReason": null,
2782
+ "description": "The Endpoint Protection Engine that detected the malware",
2783
+ "isDeprecated": false,
2784
+ "name": "epp_engine_type"
2785
+ },
2786
+ {
2787
+ "deprecationReason": null,
2788
+ "description": "The file operation when this event occurred",
2789
+ "isDeprecated": false,
2790
+ "name": "file_operation"
2791
+ },
2654
2792
  {
2655
2793
  "deprecationReason": null,
2656
2794
  "description": null,
@@ -2683,7 +2821,7 @@
2683
2821
  },
2684
2822
  {
2685
2823
  "deprecationReason": null,
2686
- "description": null,
2824
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
2687
2825
  "isDeprecated": false,
2688
2826
  "name": "vendor"
2689
2827
  },
@@ -2724,19 +2862,19 @@
2724
2862
  "name": "recommended_actions"
2725
2863
  },
2726
2864
  {
2727
- "deprecationReason": "use src_pid instead",
2865
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2728
2866
  "description": null,
2729
2867
  "isDeprecated": true,
2730
2868
  "name": "pid"
2731
2869
  },
2732
2870
  {
2733
- "deprecationReason": "use src_process_parent_pid instead",
2871
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2734
2872
  "description": null,
2735
2873
  "isDeprecated": true,
2736
2874
  "name": "parent_pid"
2737
2875
  },
2738
2876
  {
2739
- "deprecationReason": "use src_process_path instead",
2877
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2740
2878
  "description": null,
2741
2879
  "isDeprecated": true,
2742
2880
  "name": "process_path"
@@ -2753,12 +2891,66 @@
2753
2891
  "isDeprecated": false,
2754
2892
  "name": "out_of_band_access"
2755
2893
  },
2894
+ {
2895
+ "deprecationReason": null,
2896
+ "description": "A Unique ID for the quarantined file",
2897
+ "isDeprecated": false,
2898
+ "name": "quarantine_uuid"
2899
+ },
2756
2900
  {
2757
2901
  "deprecationReason": null,
2758
2902
  "description": null,
2759
2903
  "isDeprecated": false,
2760
2904
  "name": "logged_in_user"
2761
2905
  },
2906
+ {
2907
+ "deprecationReason": null,
2908
+ "description": "The profile assigned to the endpoint upon detection of the malware",
2909
+ "isDeprecated": false,
2910
+ "name": "epp_profile"
2911
+ },
2912
+ {
2913
+ "deprecationReason": null,
2914
+ "description": "Source process ID",
2915
+ "isDeprecated": false,
2916
+ "name": "src_pid"
2917
+ },
2918
+ {
2919
+ "deprecationReason": null,
2920
+ "description": "Source process file path",
2921
+ "isDeprecated": false,
2922
+ "name": "src_process_path"
2923
+ },
2924
+ {
2925
+ "deprecationReason": null,
2926
+ "description": "Source process command line",
2927
+ "isDeprecated": false,
2928
+ "name": "src_process_cmdline"
2929
+ },
2930
+ {
2931
+ "deprecationReason": null,
2932
+ "description": "Source process parent process ID",
2933
+ "isDeprecated": false,
2934
+ "name": "src_process_parent_pid"
2935
+ },
2936
+ {
2937
+ "deprecationReason": null,
2938
+ "description": "Source process parent file path",
2939
+ "isDeprecated": false,
2940
+ "name": "src_process_parent_path"
2941
+ },
2942
+ {
2943
+ "deprecationReason": null,
2944
+ "description": "If policy is set to disinfect, return the result of this action",
2945
+ "isDeprecated": false,
2946
+ "name": "disinfect_result"
2947
+ },
2948
+ {
2949
+ "deprecationReason": null,
2950
+ "description": "Indicate how many processes are part of this event",
2951
+ "isDeprecated": false,
2952
+ "name": "processes_count"
2953
+ },
2762
2954
  {
2763
2955
  "deprecationReason": null,
2764
2956
  "description": "HTTP request method (ie. Get, Post)",
@@ -2833,7 +3025,7 @@
2833
3025
  },
2834
3026
  {
2835
3027
  "deprecationReason": null,
2836
- "description": "Cato App",
3028
+ "description": "Cato application name",
2837
3029
  "isDeprecated": false,
2838
3030
  "name": "cato_app"
2839
3031
  },
@@ -2887,7 +3079,7 @@
2887
3079
  },
2888
3080
  {
2889
3081
  "deprecationReason": null,
2890
- "description": "Tenant Id",
3082
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
2891
3083
  "isDeprecated": false,
2892
3084
  "name": "tenant_id"
2893
3085
  },
@@ -2947,7 +3139,7 @@
2947
3139
  },
2948
3140
  {
2949
3141
  "deprecationReason": null,
2950
- "description": "Data Classifiers",
3142
+ "description": "Defines the scanning methods used by the DLP system",
2951
3143
  "isDeprecated": false,
2952
3144
  "name": "dlp_scan_types"
2953
3145
  },
@@ -3025,7 +3217,7 @@
3025
3217
  },
3026
3218
  {
3027
3219
  "deprecationReason": null,
3028
- "description": "Used Public IP",
3220
+ "description": "Public source IP",
3029
3221
  "isDeprecated": false,
3030
3222
  "name": "public_ip"
3031
3223
  },
@@ -3196,6 +3388,54 @@
3196
3388
  "description": "Device Type",
3197
3389
  "isDeprecated": false,
3198
3390
  "name": "device_type"
3391
+ },
3392
+ {
3393
+ "deprecationReason": null,
3394
+ "description": "Tenant Restriction Rule Name",
3395
+ "isDeprecated": false,
3396
+ "name": "tenant_restriction_rule_name"
3397
+ },
3398
+ {
3399
+ "deprecationReason": null,
3400
+ "description": "Connection Origin",
3401
+ "isDeprecated": false,
3402
+ "name": "connection_origin"
3403
+ },
3404
+ {
3405
+ "deprecationReason": null,
3406
+ "description": "Translated Server IP",
3407
+ "isDeprecated": false,
3408
+ "name": "translated_server_ip"
3409
+ },
3410
+ {
3411
+ "deprecationReason": null,
3412
+ "description": "Translated Client IP",
3413
+ "isDeprecated": false,
3414
+ "name": "translated_client_ip"
3415
+ },
3416
+ {
3417
+ "deprecationReason": null,
3418
+ "description": "IoC Container Name",
3419
+ "isDeprecated": false,
3420
+ "name": "container_name"
3421
+ },
3422
+ {
3423
+ "deprecationReason": null,
3424
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
3425
+ "isDeprecated": false,
3426
+ "name": "correlation_id"
3427
+ },
3428
+ {
3429
+ "deprecationReason": null,
3430
+ "description": "Precedence",
3431
+ "isDeprecated": false,
3432
+ "name": "precedence"
3433
+ },
3434
+ {
3435
+ "deprecationReason": null,
3436
+ "description": "A list of labels providing additional context for the event",
3437
+ "isDeprecated": false,
3438
+ "name": "labels"
3199
3439
  }
3200
3440
  ],
3201
3441
  "fields": null,