catocli 1.0.19__py3-none-any.whl → 1.0.20__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (100) hide show
  1. catocli/Utils/clidriver.py +6 -0
  2. catocli/__init__.py +1 -1
  3. catocli/parsers/mutation_policy/__init__.py +174 -0
  4. catocli/parsers/mutation_policy_dynamicIpAllocation/README.md +7 -0
  5. catocli/parsers/mutation_policy_dynamicIpAllocation_addRule/README.md +18 -0
  6. catocli/parsers/mutation_policy_dynamicIpAllocation_addSection/README.md +18 -0
  7. catocli/parsers/mutation_policy_dynamicIpAllocation_createPolicyRevision/README.md +18 -0
  8. catocli/parsers/mutation_policy_dynamicIpAllocation_discardPolicyRevision/README.md +18 -0
  9. catocli/parsers/mutation_policy_dynamicIpAllocation_moveRule/README.md +18 -0
  10. catocli/parsers/mutation_policy_dynamicIpAllocation_moveSection/README.md +18 -0
  11. catocli/parsers/mutation_policy_dynamicIpAllocation_publishPolicyRevision/README.md +18 -0
  12. catocli/parsers/mutation_policy_dynamicIpAllocation_removeRule/README.md +18 -0
  13. catocli/parsers/mutation_policy_dynamicIpAllocation_removeSection/README.md +18 -0
  14. catocli/parsers/mutation_policy_dynamicIpAllocation_updatePolicy/README.md +18 -0
  15. catocli/parsers/mutation_policy_dynamicIpAllocation_updateRule/README.md +18 -0
  16. catocli/parsers/mutation_policy_dynamicIpAllocation_updateSection/README.md +18 -0
  17. catocli/parsers/mutation_sandbox/README.md +7 -0
  18. catocli/parsers/mutation_sandbox/__init__.py +37 -0
  19. catocli/parsers/mutation_sandbox_deleteReport/README.md +17 -0
  20. catocli/parsers/mutation_sandbox_uploadFile/README.md +17 -0
  21. catocli/parsers/mutation_site/__init__.py +28 -0
  22. catocli/parsers/mutation_site_addIpsecIkeV2Site/README.md +1 -1
  23. catocli/parsers/mutation_site_addIpsecIkeV2SiteTunnels/README.md +1 -1
  24. catocli/parsers/mutation_site_addSecondaryAwsVSocket/README.md +17 -0
  25. catocli/parsers/mutation_site_addSecondaryAzureVSocket/README.md +17 -0
  26. catocli/parsers/mutation_site_addSocketSite/README.md +1 -1
  27. catocli/parsers/mutation_site_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  28. catocli/parsers/mutation_site_updateSocketInterface/README.md +1 -1
  29. catocli/parsers/mutation_sites/__init__.py +28 -0
  30. catocli/parsers/mutation_sites_addIpsecIkeV2Site/README.md +1 -1
  31. catocli/parsers/mutation_sites_addIpsecIkeV2SiteTunnels/README.md +1 -1
  32. catocli/parsers/mutation_sites_addSecondaryAwsVSocket/README.md +17 -0
  33. catocli/parsers/mutation_sites_addSecondaryAzureVSocket/README.md +17 -0
  34. catocli/parsers/mutation_sites_addSocketSite/README.md +1 -1
  35. catocli/parsers/mutation_sites_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  36. catocli/parsers/mutation_sites_updateSocketInterface/README.md +1 -1
  37. catocli/parsers/mutation_xdr/README.md +7 -0
  38. catocli/parsers/mutation_xdr/__init__.py +51 -0
  39. catocli/parsers/mutation_xdr_addStoryComment/README.md +17 -0
  40. catocli/parsers/mutation_xdr_analystFeedback/README.md +18 -0
  41. catocli/parsers/mutation_xdr_deleteStoryComment/README.md +17 -0
  42. catocli/parsers/query_accountMetrics/README.md +2 -1
  43. catocli/parsers/query_appStatsTimeSeries/README.md +2 -1
  44. catocli/parsers/query_eventsFeed/README.md +1 -1
  45. catocli/parsers/query_eventsTimeSeries/README.md +2 -1
  46. catocli/parsers/query_policy/README.md +2 -1
  47. catocli/parsers/query_sandbox/README.md +17 -0
  48. catocli/parsers/query_sandbox/__init__.py +17 -0
  49. catocli/parsers/query_xdr_story/README.md +1 -1
  50. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/METADATA +1 -1
  51. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/RECORD +100 -50
  52. models/mutation.policy.dynamicIpAllocation.addRule.json +3696 -0
  53. models/mutation.policy.dynamicIpAllocation.addSection.json +1358 -0
  54. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +2175 -0
  55. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +2109 -0
  56. models/mutation.policy.dynamicIpAllocation.moveRule.json +1907 -0
  57. models/mutation.policy.dynamicIpAllocation.moveSection.json +1259 -0
  58. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +2166 -0
  59. models/mutation.policy.dynamicIpAllocation.removeRule.json +1555 -0
  60. models/mutation.policy.dynamicIpAllocation.removeSection.json +958 -0
  61. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +2185 -0
  62. models/mutation.policy.dynamicIpAllocation.updateRule.json +3374 -0
  63. models/mutation.policy.dynamicIpAllocation.updateSection.json +1111 -0
  64. models/mutation.sandbox.deleteReport.json +302 -0
  65. models/mutation.sandbox.uploadFile.json +301 -0
  66. models/mutation.site.addIpsecIkeV2Site.json +57 -0
  67. models/mutation.site.addIpsecIkeV2SiteTunnels.json +222 -0
  68. models/mutation.site.addSecondaryAwsVSocket.json +707 -0
  69. models/mutation.site.addSecondaryAzureVSocket.json +647 -0
  70. models/mutation.site.addSocketSite.json +72 -15
  71. models/mutation.site.updateIpsecIkeV2SiteTunnels.json +222 -0
  72. models/mutation.site.updateNetworkRange.json +3 -3
  73. models/mutation.site.updateSocketInterface.json +126 -18
  74. models/mutation.sites.addIpsecIkeV2Site.json +57 -0
  75. models/mutation.sites.addIpsecIkeV2SiteTunnels.json +222 -0
  76. models/mutation.sites.addSecondaryAwsVSocket.json +707 -0
  77. models/mutation.sites.addSecondaryAzureVSocket.json +647 -0
  78. models/mutation.sites.addSocketSite.json +72 -15
  79. models/mutation.sites.updateIpsecIkeV2SiteTunnels.json +222 -0
  80. models/mutation.sites.updateNetworkRange.json +3 -3
  81. models/mutation.sites.updateSocketInterface.json +126 -18
  82. models/mutation.xdr.addStoryComment.json +622 -0
  83. models/mutation.xdr.analystFeedback.json +28820 -0
  84. models/mutation.xdr.deleteStoryComment.json +622 -0
  85. models/query.accountMetrics.json +341 -0
  86. models/query.accountSnapshot.json +120 -0
  87. models/query.appStatsTimeSeries.json +37 -0
  88. models/query.auditFeed.json +292 -52
  89. models/query.events.json +1196 -236
  90. models/query.eventsFeed.json +292 -52
  91. models/query.eventsTimeSeries.json +941 -184
  92. models/query.policy.json +2047 -156
  93. models/query.sandbox.json +2047 -0
  94. models/query.xdr.stories.json +134 -4
  95. models/query.xdr.story.json +116 -4
  96. schema/catolib.py +3 -4
  97. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/LICENSE +0 -0
  98. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/WHEEL +0 -0
  99. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/entry_points.txt +0 -0
  100. {catocli-1.0.19.dist-info → catocli-1.0.20.dist-info}/top_level.txt +0 -0
models/query.eventsTimeSeries.json CHANGED
@@ -48,7 +48,7 @@
48
48
  "description": null,
49
49
  "enumValues": [
50
50
  {
51
- "deprecationReason": "use src_site_id/src_site_name instead",
51
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
52
52
  "description": "Name of site or user initiating the connection",
53
53
  "isDeprecated": true,
54
54
  "name": "src_site"
@@ -72,7 +72,7 @@
72
72
  "name": "user_id"
73
73
  },
74
74
  {
75
- "deprecationReason": "use dest_site_id/dest_site_name instead",
75
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
76
76
  "description": "For WAN traffic, name of destination site or SDP user",
77
77
  "isDeprecated": true,
78
78
  "name": "dest_site"
@@ -84,13 +84,13 @@
84
84
  "name": "dest_site_id"
85
85
  },
86
86
  {
87
- "deprecationReason": null,
87
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
88
88
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
89
- "isDeprecated": false,
89
+ "isDeprecated": true,
90
90
  "name": "src_or_dest_site_id"
91
91
  },
92
92
  {
93
- "deprecationReason": "use rule_name instead",
93
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
94
94
  "description": "Name of security rule related to the event",
95
95
  "isDeprecated": true,
96
96
  "name": "rule"
@@ -108,7 +108,7 @@
108
108
  "name": "socket_interface"
109
109
  },
110
110
  {
111
- "deprecationReason": "use custom_category_id/custom_category_name instead",
111
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
112
112
  "description": "Name for the custom category defined in the Cato Management Application",
113
113
  "isDeprecated": true,
114
114
  "name": "custom_category"
@@ -121,7 +121,7 @@
121
121
  },
122
122
  {
123
123
  "deprecationReason": null,
124
- "description": "For Internet traffic, destination host port",
124
+ "description": "Destination port",
125
125
  "isDeprecated": false,
126
126
  "name": "dest_port"
127
127
  },
@@ -181,7 +181,7 @@
181
181
  },
182
182
  {
183
183
  "deprecationReason": null,
184
- "description": "For Internet traffic, destination host IP address",
184
+ "description": "Destination IP address",
185
185
  "isDeprecated": false,
186
186
  "name": "dest_ip"
187
187
  },
@@ -258,7 +258,7 @@
258
258
  "name": "configured_host_name"
259
259
  },
260
260
  {
261
- "deprecationReason": "use event_id instead",
261
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
262
262
  "description": "Cato Internal-use only",
263
263
  "isDeprecated": true,
264
264
  "name": "internalId"
@@ -330,9 +330,9 @@
330
330
  "name": "bgp_error_code"
331
331
  },
332
332
  {
333
- "deprecationReason": null,
333
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
334
334
  "description": "Description from Cato Management Application for BGP peer",
335
- "isDeprecated": false,
335
+ "isDeprecated": true,
336
336
  "name": "bgp_peer_description"
337
337
  },
338
338
  {
@@ -397,7 +397,7 @@
397
397
  },
398
398
  {
399
399
  "deprecationReason": null,
400
- "description": "Data that measures the latency for a specific link",
400
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
401
401
  "isDeprecated": false,
402
402
  "name": "link_health_latency"
403
403
  },
@@ -552,14 +552,14 @@
552
552
  "name": "incident_id"
553
553
  },
554
554
  {
555
- "deprecationReason": "use application_id/application_name instead",
555
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
556
556
  "description": "For Internet firewall, app for this event",
557
557
  "isDeprecated": true,
558
558
  "name": "application"
559
559
  },
560
560
  {
561
561
  "deprecationReason": null,
562
- "description": "Application of the flow",
562
+ "description": "The name of the application associated with the flow",
563
563
  "isDeprecated": false,
564
564
  "name": "application_name"
565
565
  },
@@ -582,7 +582,7 @@
582
582
  "name": "socket_interface_id"
583
583
  },
584
584
  {
585
- "deprecationReason": "use custom_category_id/custom_category_name instead",
585
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
586
586
  "description": "Unique Cato ID for the custom category",
587
587
  "isDeprecated": true,
588
588
  "name": "custom_categories"
@@ -661,7 +661,7 @@
661
661
  },
662
662
  {
663
663
  "deprecationReason": null,
664
- "description": "For Internet traffic, destination host IP address",
664
+ "description": "The name of the destination site",
665
665
  "isDeprecated": false,
666
666
  "name": "dest_site_name"
667
667
  },
@@ -720,7 +720,7 @@
720
720
  "name": "device_posture_profile"
721
721
  },
722
722
  {
723
- "deprecationReason": "use device_posture_profile instead",
723
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
724
724
  "description": "Device posture profiles",
725
725
  "isDeprecated": true,
726
726
  "name": "device_posture_profiles"
@@ -793,7 +793,7 @@
793
793
  },
794
794
  {
795
795
  "deprecationReason": null,
796
- "description": "DLP fail mode",
796
+ "description": "Describes the behavior when the DLP system encounters a failure",
797
797
  "isDeprecated": false,
798
798
  "name": "dlp_fail_mode"
799
799
  },
@@ -851,6 +851,24 @@
851
851
  "isDeprecated": false,
852
852
  "name": "is_sinkhole"
853
853
  },
854
+ {
855
+ "deprecationReason": null,
856
+ "description": "The ID for the endpoint",
857
+ "isDeprecated": false,
858
+ "name": "endpoint_id"
859
+ },
860
+ {
861
+ "deprecationReason": null,
862
+ "description": "The Endpoint Protection Engine that detected the malware",
863
+ "isDeprecated": false,
864
+ "name": "epp_engine_type"
865
+ },
866
+ {
867
+ "deprecationReason": null,
868
+ "description": "The file operation when this event occurred",
869
+ "isDeprecated": false,
870
+ "name": "file_operation"
871
+ },
854
872
  {
855
873
  "deprecationReason": null,
856
874
  "description": null,
@@ -883,7 +901,7 @@
883
901
  },
884
902
  {
885
903
  "deprecationReason": null,
886
- "description": null,
904
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
887
905
  "isDeprecated": false,
888
906
  "name": "vendor"
889
907
  },
@@ -924,19 +942,19 @@
924
942
  "name": "recommended_actions"
925
943
  },
926
944
  {
927
- "deprecationReason": "use src_pid instead",
945
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
928
946
  "description": null,
929
947
  "isDeprecated": true,
930
948
  "name": "pid"
931
949
  },
932
950
  {
933
- "deprecationReason": "use src_process_parent_pid instead",
951
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
934
952
  "description": null,
935
953
  "isDeprecated": true,
936
954
  "name": "parent_pid"
937
955
  },
938
956
  {
939
- "deprecationReason": "use src_process_path instead",
957
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
940
958
  "description": null,
941
959
  "isDeprecated": true,
942
960
  "name": "process_path"
@@ -953,12 +971,66 @@
953
971
  "isDeprecated": false,
954
972
  "name": "out_of_band_access"
955
973
  },
974
+ {
975
+ "deprecationReason": null,
976
+ "description": "A Unique ID for the quarantined file",
977
+ "isDeprecated": false,
978
+ "name": "quarantine_uuid"
979
+ },
956
980
  {
957
981
  "deprecationReason": null,
958
982
  "description": null,
959
983
  "isDeprecated": false,
960
984
  "name": "logged_in_user"
961
985
  },
986
+ {
987
+ "deprecationReason": null,
988
+ "description": "The profile assigned to the endpoint upon detection of the malware",
989
+ "isDeprecated": false,
990
+ "name": "epp_profile"
991
+ },
992
+ {
993
+ "deprecationReason": null,
994
+ "description": "Source process ID",
995
+ "isDeprecated": false,
996
+ "name": "src_pid"
997
+ },
998
+ {
999
+ "deprecationReason": null,
1000
+ "description": "Source process file path",
1001
+ "isDeprecated": false,
1002
+ "name": "src_process_path"
1003
+ },
1004
+ {
1005
+ "deprecationReason": null,
1006
+ "description": "Source process command line",
1007
+ "isDeprecated": false,
1008
+ "name": "src_process_cmdline"
1009
+ },
1010
+ {
1011
+ "deprecationReason": null,
1012
+ "description": "Source process parent process ID",
1013
+ "isDeprecated": false,
1014
+ "name": "src_process_parent_pid"
1015
+ },
1016
+ {
1017
+ "deprecationReason": null,
1018
+ "description": "Source process parent file path",
1019
+ "isDeprecated": false,
1020
+ "name": "src_process_parent_path"
1021
+ },
1022
+ {
1023
+ "deprecationReason": null,
1024
+ "description": "If policy is set to disinfect, return the result of this action",
1025
+ "isDeprecated": false,
1026
+ "name": "disinfect_result"
1027
+ },
1028
+ {
1029
+ "deprecationReason": null,
1030
+ "description": "Indicate how many processes are part of this event",
1031
+ "isDeprecated": false,
1032
+ "name": "processes_count"
1033
+ },
962
1034
  {
963
1035
  "deprecationReason": null,
964
1036
  "description": "HTTP request method (ie. Get, Post)",
@@ -1033,7 +1105,7 @@
1033
1105
  },
1034
1106
  {
1035
1107
  "deprecationReason": null,
1036
- "description": "Cato App",
1108
+ "description": "Cato application name",
1037
1109
  "isDeprecated": false,
1038
1110
  "name": "cato_app"
1039
1111
  },
@@ -1087,7 +1159,7 @@
1087
1159
  },
1088
1160
  {
1089
1161
  "deprecationReason": null,
1090
- "description": "Tenant Id",
1162
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1091
1163
  "isDeprecated": false,
1092
1164
  "name": "tenant_id"
1093
1165
  },
@@ -1147,7 +1219,7 @@
1147
1219
  },
1148
1220
  {
1149
1221
  "deprecationReason": null,
1150
- "description": "Data Classifiers",
1222
+ "description": "Defines the scanning methods used by the DLP system",
1151
1223
  "isDeprecated": false,
1152
1224
  "name": "dlp_scan_types"
1153
1225
  },
@@ -1225,7 +1297,7 @@
1225
1297
  },
1226
1298
  {
1227
1299
  "deprecationReason": null,
1228
- "description": "Used Public IP",
1300
+ "description": "Public source IP",
1229
1301
  "isDeprecated": false,
1230
1302
  "name": "public_ip"
1231
1303
  },
@@ -1396,6 +1468,54 @@
1396
1468
  "description": "Device Type",
1397
1469
  "isDeprecated": false,
1398
1470
  "name": "device_type"
1471
+ },
1472
+ {
1473
+ "deprecationReason": null,
1474
+ "description": "Tenant Restriction Rule Name",
1475
+ "isDeprecated": false,
1476
+ "name": "tenant_restriction_rule_name"
1477
+ },
1478
+ {
1479
+ "deprecationReason": null,
1480
+ "description": "Connection Origin",
1481
+ "isDeprecated": false,
1482
+ "name": "connection_origin"
1483
+ },
1484
+ {
1485
+ "deprecationReason": null,
1486
+ "description": "Translated Server IP",
1487
+ "isDeprecated": false,
1488
+ "name": "translated_server_ip"
1489
+ },
1490
+ {
1491
+ "deprecationReason": null,
1492
+ "description": "Translated Client IP",
1493
+ "isDeprecated": false,
1494
+ "name": "translated_client_ip"
1495
+ },
1496
+ {
1497
+ "deprecationReason": null,
1498
+ "description": "IoC Container Name",
1499
+ "isDeprecated": false,
1500
+ "name": "container_name"
1501
+ },
1502
+ {
1503
+ "deprecationReason": null,
1504
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1505
+ "isDeprecated": false,
1506
+ "name": "correlation_id"
1507
+ },
1508
+ {
1509
+ "deprecationReason": null,
1510
+ "description": "Precedence",
1511
+ "isDeprecated": false,
1512
+ "name": "precedence"
1513
+ },
1514
+ {
1515
+ "deprecationReason": null,
1516
+ "description": "A list of labels providing additional context for the event",
1517
+ "isDeprecated": false,
1518
+ "name": "labels"
1399
1519
  }
1400
1520
  ],
1401
1521
  "fields": null,
@@ -1460,7 +1580,7 @@
1460
1580
  "description": null,
1461
1581
  "enumValues": [
1462
1582
  {
1463
- "deprecationReason": "use src_site_id/src_site_name instead",
1583
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1464
1584
  "description": "Name of site or user initiating the connection",
1465
1585
  "isDeprecated": true,
1466
1586
  "name": "src_site"
@@ -1484,7 +1604,7 @@
1484
1604
  "name": "user_id"
1485
1605
  },
1486
1606
  {
1487
- "deprecationReason": "use dest_site_id/dest_site_name instead",
1607
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1488
1608
  "description": "For WAN traffic, name of destination site or SDP user",
1489
1609
  "isDeprecated": true,
1490
1610
  "name": "dest_site"
@@ -1496,13 +1616,13 @@
1496
1616
  "name": "dest_site_id"
1497
1617
  },
1498
1618
  {
1499
- "deprecationReason": null,
1619
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
1500
1620
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
1501
- "isDeprecated": false,
1621
+ "isDeprecated": true,
1502
1622
  "name": "src_or_dest_site_id"
1503
1623
  },
1504
1624
  {
1505
- "deprecationReason": "use rule_name instead",
1625
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1506
1626
  "description": "Name of security rule related to the event",
1507
1627
  "isDeprecated": true,
1508
1628
  "name": "rule"
@@ -1520,7 +1640,7 @@
1520
1640
  "name": "socket_interface"
1521
1641
  },
1522
1642
  {
1523
- "deprecationReason": "use custom_category_id/custom_category_name instead",
1643
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1524
1644
  "description": "Name for the custom category defined in the Cato Management Application",
1525
1645
  "isDeprecated": true,
1526
1646
  "name": "custom_category"
@@ -1533,7 +1653,7 @@
1533
1653
  },
1534
1654
  {
1535
1655
  "deprecationReason": null,
1536
- "description": "For Internet traffic, destination host port",
1656
+ "description": "Destination port",
1537
1657
  "isDeprecated": false,
1538
1658
  "name": "dest_port"
1539
1659
  },
@@ -1593,7 +1713,7 @@
1593
1713
  },
1594
1714
  {
1595
1715
  "deprecationReason": null,
1596
- "description": "For Internet traffic, destination host IP address",
1716
+ "description": "Destination IP address",
1597
1717
  "isDeprecated": false,
1598
1718
  "name": "dest_ip"
1599
1719
  },
@@ -1670,7 +1790,7 @@
1670
1790
  "name": "configured_host_name"
1671
1791
  },
1672
1792
  {
1673
- "deprecationReason": "use event_id instead",
1793
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
1674
1794
  "description": "Cato Internal-use only",
1675
1795
  "isDeprecated": true,
1676
1796
  "name": "internalId"
@@ -1742,9 +1862,9 @@
1742
1862
  "name": "bgp_error_code"
1743
1863
  },
1744
1864
  {
1745
- "deprecationReason": null,
1865
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
1746
1866
  "description": "Description from Cato Management Application for BGP peer",
1747
- "isDeprecated": false,
1867
+ "isDeprecated": true,
1748
1868
  "name": "bgp_peer_description"
1749
1869
  },
1750
1870
  {
@@ -1809,7 +1929,7 @@
1809
1929
  },
1810
1930
  {
1811
1931
  "deprecationReason": null,
1812
- "description": "Data that measures the latency for a specific link",
1932
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
1813
1933
  "isDeprecated": false,
1814
1934
  "name": "link_health_latency"
1815
1935
  },
@@ -1964,14 +2084,14 @@
1964
2084
  "name": "incident_id"
1965
2085
  },
1966
2086
  {
1967
- "deprecationReason": "use application_id/application_name instead",
2087
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1968
2088
  "description": "For Internet firewall, app for this event",
1969
2089
  "isDeprecated": true,
1970
2090
  "name": "application"
1971
2091
  },
1972
2092
  {
1973
2093
  "deprecationReason": null,
1974
- "description": "Application of the flow",
2094
+ "description": "The name of the application associated with the flow",
1975
2095
  "isDeprecated": false,
1976
2096
  "name": "application_name"
1977
2097
  },
@@ -1994,7 +2114,7 @@
1994
2114
  "name": "socket_interface_id"
1995
2115
  },
1996
2116
  {
1997
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2117
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1998
2118
  "description": "Unique Cato ID for the custom category",
1999
2119
  "isDeprecated": true,
2000
2120
  "name": "custom_categories"
@@ -2073,7 +2193,7 @@
2073
2193
  },
2074
2194
  {
2075
2195
  "deprecationReason": null,
2076
- "description": "For Internet traffic, destination host IP address",
2196
+ "description": "The name of the destination site",
2077
2197
  "isDeprecated": false,
2078
2198
  "name": "dest_site_name"
2079
2199
  },
@@ -2132,7 +2252,7 @@
2132
2252
  "name": "device_posture_profile"
2133
2253
  },
2134
2254
  {
2135
- "deprecationReason": "use device_posture_profile instead",
2255
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2136
2256
  "description": "Device posture profiles",
2137
2257
  "isDeprecated": true,
2138
2258
  "name": "device_posture_profiles"
@@ -2205,7 +2325,7 @@
2205
2325
  },
2206
2326
  {
2207
2327
  "deprecationReason": null,
2208
- "description": "DLP fail mode",
2328
+ "description": "Describes the behavior when the DLP system encounters a failure",
2209
2329
  "isDeprecated": false,
2210
2330
  "name": "dlp_fail_mode"
2211
2331
  },
@@ -2263,6 +2383,24 @@
2263
2383
  "isDeprecated": false,
2264
2384
  "name": "is_sinkhole"
2265
2385
  },
2386
+ {
2387
+ "deprecationReason": null,
2388
+ "description": "The ID for the endpoint",
2389
+ "isDeprecated": false,
2390
+ "name": "endpoint_id"
2391
+ },
2392
+ {
2393
+ "deprecationReason": null,
2394
+ "description": "The Endpoint Protection Engine that detected the malware",
2395
+ "isDeprecated": false,
2396
+ "name": "epp_engine_type"
2397
+ },
2398
+ {
2399
+ "deprecationReason": null,
2400
+ "description": "The file operation when this event occurred",
2401
+ "isDeprecated": false,
2402
+ "name": "file_operation"
2403
+ },
2266
2404
  {
2267
2405
  "deprecationReason": null,
2268
2406
  "description": null,
@@ -2295,7 +2433,7 @@
2295
2433
  },
2296
2434
  {
2297
2435
  "deprecationReason": null,
2298
- "description": null,
2436
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
2299
2437
  "isDeprecated": false,
2300
2438
  "name": "vendor"
2301
2439
  },
@@ -2336,19 +2474,19 @@
2336
2474
  "name": "recommended_actions"
2337
2475
  },
2338
2476
  {
2339
- "deprecationReason": "use src_pid instead",
2477
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2340
2478
  "description": null,
2341
2479
  "isDeprecated": true,
2342
2480
  "name": "pid"
2343
2481
  },
2344
2482
  {
2345
- "deprecationReason": "use src_process_parent_pid instead",
2483
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2346
2484
  "description": null,
2347
2485
  "isDeprecated": true,
2348
2486
  "name": "parent_pid"
2349
2487
  },
2350
2488
  {
2351
- "deprecationReason": "use src_process_path instead",
2489
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2352
2490
  "description": null,
2353
2491
  "isDeprecated": true,
2354
2492
  "name": "process_path"
@@ -2365,12 +2503,66 @@
2365
2503
  "isDeprecated": false,
2366
2504
  "name": "out_of_band_access"
2367
2505
  },
2506
+ {
2507
+ "deprecationReason": null,
2508
+ "description": "A Unique ID for the quarantined file",
2509
+ "isDeprecated": false,
2510
+ "name": "quarantine_uuid"
2511
+ },
2368
2512
  {
2369
2513
  "deprecationReason": null,
2370
2514
  "description": null,
2371
2515
  "isDeprecated": false,
2372
2516
  "name": "logged_in_user"
2373
2517
  },
2518
+ {
2519
+ "deprecationReason": null,
2520
+ "description": "The profile assigned to the endpoint upon detection of the malware",
2521
+ "isDeprecated": false,
2522
+ "name": "epp_profile"
2523
+ },
2524
+ {
2525
+ "deprecationReason": null,
2526
+ "description": "Source process ID",
2527
+ "isDeprecated": false,
2528
+ "name": "src_pid"
2529
+ },
2530
+ {
2531
+ "deprecationReason": null,
2532
+ "description": "Source process file path",
2533
+ "isDeprecated": false,
2534
+ "name": "src_process_path"
2535
+ },
2536
+ {
2537
+ "deprecationReason": null,
2538
+ "description": "Source process command line",
2539
+ "isDeprecated": false,
2540
+ "name": "src_process_cmdline"
2541
+ },
2542
+ {
2543
+ "deprecationReason": null,
2544
+ "description": "Source process parent process ID",
2545
+ "isDeprecated": false,
2546
+ "name": "src_process_parent_pid"
2547
+ },
2548
+ {
2549
+ "deprecationReason": null,
2550
+ "description": "Source process parent file path",
2551
+ "isDeprecated": false,
2552
+ "name": "src_process_parent_path"
2553
+ },
2554
+ {
2555
+ "deprecationReason": null,
2556
+ "description": "If policy is set to disinfect, return the result of this action",
2557
+ "isDeprecated": false,
2558
+ "name": "disinfect_result"
2559
+ },
2560
+ {
2561
+ "deprecationReason": null,
2562
+ "description": "Indicate how many processes are part of this event",
2563
+ "isDeprecated": false,
2564
+ "name": "processes_count"
2565
+ },
2374
2566
  {
2375
2567
  "deprecationReason": null,
2376
2568
  "description": "HTTP request method (ie. Get, Post)",
@@ -2445,7 +2637,7 @@
2445
2637
  },
2446
2638
  {
2447
2639
  "deprecationReason": null,
2448
- "description": "Cato App",
2640
+ "description": "Cato application name",
2449
2641
  "isDeprecated": false,
2450
2642
  "name": "cato_app"
2451
2643
  },
@@ -2499,7 +2691,7 @@
2499
2691
  },
2500
2692
  {
2501
2693
  "deprecationReason": null,
2502
- "description": "Tenant Id",
2694
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
2503
2695
  "isDeprecated": false,
2504
2696
  "name": "tenant_id"
2505
2697
  },
@@ -2559,7 +2751,7 @@
2559
2751
  },
2560
2752
  {
2561
2753
  "deprecationReason": null,
2562
- "description": "Data Classifiers",
2754
+ "description": "Defines the scanning methods used by the DLP system",
2563
2755
  "isDeprecated": false,
2564
2756
  "name": "dlp_scan_types"
2565
2757
  },
@@ -2637,7 +2829,7 @@
2637
2829
  },
2638
2830
  {
2639
2831
  "deprecationReason": null,
2640
- "description": "Used Public IP",
2832
+ "description": "Public source IP",
2641
2833
  "isDeprecated": false,
2642
2834
  "name": "public_ip"
2643
2835
  },
@@ -2808,6 +3000,54 @@
2808
3000
  "description": "Device Type",
2809
3001
  "isDeprecated": false,
2810
3002
  "name": "device_type"
3003
+ },
3004
+ {
3005
+ "deprecationReason": null,
3006
+ "description": "Tenant Restriction Rule Name",
3007
+ "isDeprecated": false,
3008
+ "name": "tenant_restriction_rule_name"
3009
+ },
3010
+ {
3011
+ "deprecationReason": null,
3012
+ "description": "Connection Origin",
3013
+ "isDeprecated": false,
3014
+ "name": "connection_origin"
3015
+ },
3016
+ {
3017
+ "deprecationReason": null,
3018
+ "description": "Translated Server IP",
3019
+ "isDeprecated": false,
3020
+ "name": "translated_server_ip"
3021
+ },
3022
+ {
3023
+ "deprecationReason": null,
3024
+ "description": "Translated Client IP",
3025
+ "isDeprecated": false,
3026
+ "name": "translated_client_ip"
3027
+ },
3028
+ {
3029
+ "deprecationReason": null,
3030
+ "description": "IoC Container Name",
3031
+ "isDeprecated": false,
3032
+ "name": "container_name"
3033
+ },
3034
+ {
3035
+ "deprecationReason": null,
3036
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
3037
+ "isDeprecated": false,
3038
+ "name": "correlation_id"
3039
+ },
3040
+ {
3041
+ "deprecationReason": null,
3042
+ "description": "Precedence",
3043
+ "isDeprecated": false,
3044
+ "name": "precedence"
3045
+ },
3046
+ {
3047
+ "deprecationReason": null,
3048
+ "description": "A list of labels providing additional context for the event",
3049
+ "isDeprecated": false,
3050
+ "name": "labels"
2811
3051
  }
2812
3052
  ],
2813
3053
  "fields": null,
@@ -3088,7 +3328,7 @@
3088
3328
  "description": null,
3089
3329
  "enumValues": [
3090
3330
  {
3091
- "deprecationReason": "use src_site_id/src_site_name instead",
3331
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3092
3332
  "description": "Name of site or user initiating the connection",
3093
3333
  "isDeprecated": true,
3094
3334
  "name": "src_site"
@@ -3112,7 +3352,7 @@
3112
3352
  "name": "user_id"
3113
3353
  },
3114
3354
  {
3115
- "deprecationReason": "use dest_site_id/dest_site_name instead",
3355
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3116
3356
  "description": "For WAN traffic, name of destination site or SDP user",
3117
3357
  "isDeprecated": true,
3118
3358
  "name": "dest_site"
@@ -3124,13 +3364,13 @@
3124
3364
  "name": "dest_site_id"
3125
3365
  },
3126
3366
  {
3127
- "deprecationReason": null,
3367
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
3128
3368
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
3129
- "isDeprecated": false,
3369
+ "isDeprecated": true,
3130
3370
  "name": "src_or_dest_site_id"
3131
3371
  },
3132
3372
  {
3133
- "deprecationReason": "use rule_name instead",
3373
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3134
3374
  "description": "Name of security rule related to the event",
3135
3375
  "isDeprecated": true,
3136
3376
  "name": "rule"
@@ -3148,7 +3388,7 @@
3148
3388
  "name": "socket_interface"
3149
3389
  },
3150
3390
  {
3151
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3391
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3152
3392
  "description": "Name for the custom category defined in the Cato Management Application",
3153
3393
  "isDeprecated": true,
3154
3394
  "name": "custom_category"
@@ -3161,7 +3401,7 @@
3161
3401
  },
3162
3402
  {
3163
3403
  "deprecationReason": null,
3164
- "description": "For Internet traffic, destination host port",
3404
+ "description": "Destination port",
3165
3405
  "isDeprecated": false,
3166
3406
  "name": "dest_port"
3167
3407
  },
@@ -3221,7 +3461,7 @@
3221
3461
  },
3222
3462
  {
3223
3463
  "deprecationReason": null,
3224
- "description": "For Internet traffic, destination host IP address",
3464
+ "description": "Destination IP address",
3225
3465
  "isDeprecated": false,
3226
3466
  "name": "dest_ip"
3227
3467
  },
@@ -3298,7 +3538,7 @@
3298
3538
  "name": "configured_host_name"
3299
3539
  },
3300
3540
  {
3301
- "deprecationReason": "use event_id instead",
3541
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
3302
3542
  "description": "Cato Internal-use only",
3303
3543
  "isDeprecated": true,
3304
3544
  "name": "internalId"
@@ -3370,9 +3610,9 @@
3370
3610
  "name": "bgp_error_code"
3371
3611
  },
3372
3612
  {
3373
- "deprecationReason": null,
3613
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
3374
3614
  "description": "Description from Cato Management Application for BGP peer",
3375
- "isDeprecated": false,
3615
+ "isDeprecated": true,
3376
3616
  "name": "bgp_peer_description"
3377
3617
  },
3378
3618
  {
@@ -3437,7 +3677,7 @@
3437
3677
  },
3438
3678
  {
3439
3679
  "deprecationReason": null,
3440
- "description": "Data that measures the latency for a specific link",
3680
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
3441
3681
  "isDeprecated": false,
3442
3682
  "name": "link_health_latency"
3443
3683
  },
@@ -3592,14 +3832,14 @@
3592
3832
  "name": "incident_id"
3593
3833
  },
3594
3834
  {
3595
- "deprecationReason": "use application_id/application_name instead",
3835
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3596
3836
  "description": "For Internet firewall, app for this event",
3597
3837
  "isDeprecated": true,
3598
3838
  "name": "application"
3599
3839
  },
3600
3840
  {
3601
3841
  "deprecationReason": null,
3602
- "description": "Application of the flow",
3842
+ "description": "The name of the application associated with the flow",
3603
3843
  "isDeprecated": false,
3604
3844
  "name": "application_name"
3605
3845
  },
@@ -3622,7 +3862,7 @@
3622
3862
  "name": "socket_interface_id"
3623
3863
  },
3624
3864
  {
3625
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3865
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3626
3866
  "description": "Unique Cato ID for the custom category",
3627
3867
  "isDeprecated": true,
3628
3868
  "name": "custom_categories"
@@ -3701,7 +3941,7 @@
3701
3941
  },
3702
3942
  {
3703
3943
  "deprecationReason": null,
3704
- "description": "For Internet traffic, destination host IP address",
3944
+ "description": "The name of the destination site",
3705
3945
  "isDeprecated": false,
3706
3946
  "name": "dest_site_name"
3707
3947
  },
@@ -3760,7 +4000,7 @@
3760
4000
  "name": "device_posture_profile"
3761
4001
  },
3762
4002
  {
3763
- "deprecationReason": "use device_posture_profile instead",
4003
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
3764
4004
  "description": "Device posture profiles",
3765
4005
  "isDeprecated": true,
3766
4006
  "name": "device_posture_profiles"
@@ -3833,7 +4073,7 @@
3833
4073
  },
3834
4074
  {
3835
4075
  "deprecationReason": null,
3836
- "description": "DLP fail mode",
4076
+ "description": "Describes the behavior when the DLP system encounters a failure",
3837
4077
  "isDeprecated": false,
3838
4078
  "name": "dlp_fail_mode"
3839
4079
  },
@@ -3891,6 +4131,24 @@
3891
4131
  "isDeprecated": false,
3892
4132
  "name": "is_sinkhole"
3893
4133
  },
4134
+ {
4135
+ "deprecationReason": null,
4136
+ "description": "The ID for the endpoint",
4137
+ "isDeprecated": false,
4138
+ "name": "endpoint_id"
4139
+ },
4140
+ {
4141
+ "deprecationReason": null,
4142
+ "description": "The Endpoint Protection Engine that detected the malware",
4143
+ "isDeprecated": false,
4144
+ "name": "epp_engine_type"
4145
+ },
4146
+ {
4147
+ "deprecationReason": null,
4148
+ "description": "The file operation when this event occurred",
4149
+ "isDeprecated": false,
4150
+ "name": "file_operation"
4151
+ },
3894
4152
  {
3895
4153
  "deprecationReason": null,
3896
4154
  "description": null,
@@ -3923,7 +4181,7 @@
3923
4181
  },
3924
4182
  {
3925
4183
  "deprecationReason": null,
3926
- "description": null,
4184
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
3927
4185
  "isDeprecated": false,
3928
4186
  "name": "vendor"
3929
4187
  },
@@ -3964,19 +4222,19 @@
3964
4222
  "name": "recommended_actions"
3965
4223
  },
3966
4224
  {
3967
- "deprecationReason": "use src_pid instead",
4225
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3968
4226
  "description": null,
3969
4227
  "isDeprecated": true,
3970
4228
  "name": "pid"
3971
4229
  },
3972
4230
  {
3973
- "deprecationReason": "use src_process_parent_pid instead",
4231
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3974
4232
  "description": null,
3975
4233
  "isDeprecated": true,
3976
4234
  "name": "parent_pid"
3977
4235
  },
3978
4236
  {
3979
- "deprecationReason": "use src_process_path instead",
4237
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
3980
4238
  "description": null,
3981
4239
  "isDeprecated": true,
3982
4240
  "name": "process_path"
@@ -3993,12 +4251,66 @@
3993
4251
  "isDeprecated": false,
3994
4252
  "name": "out_of_band_access"
3995
4253
  },
4254
+ {
4255
+ "deprecationReason": null,
4256
+ "description": "A Unique ID for the quarantined file",
4257
+ "isDeprecated": false,
4258
+ "name": "quarantine_uuid"
4259
+ },
3996
4260
  {
3997
4261
  "deprecationReason": null,
3998
4262
  "description": null,
3999
4263
  "isDeprecated": false,
4000
4264
  "name": "logged_in_user"
4001
4265
  },
4266
+ {
4267
+ "deprecationReason": null,
4268
+ "description": "The profile assigned to the endpoint upon detection of the malware",
4269
+ "isDeprecated": false,
4270
+ "name": "epp_profile"
4271
+ },
4272
+ {
4273
+ "deprecationReason": null,
4274
+ "description": "Source process ID",
4275
+ "isDeprecated": false,
4276
+ "name": "src_pid"
4277
+ },
4278
+ {
4279
+ "deprecationReason": null,
4280
+ "description": "Source process file path",
4281
+ "isDeprecated": false,
4282
+ "name": "src_process_path"
4283
+ },
4284
+ {
4285
+ "deprecationReason": null,
4286
+ "description": "Source process command line",
4287
+ "isDeprecated": false,
4288
+ "name": "src_process_cmdline"
4289
+ },
4290
+ {
4291
+ "deprecationReason": null,
4292
+ "description": "Source process parent process ID",
4293
+ "isDeprecated": false,
4294
+ "name": "src_process_parent_pid"
4295
+ },
4296
+ {
4297
+ "deprecationReason": null,
4298
+ "description": "Source process parent file path",
4299
+ "isDeprecated": false,
4300
+ "name": "src_process_parent_path"
4301
+ },
4302
+ {
4303
+ "deprecationReason": null,
4304
+ "description": "If policy is set to disinfect, return the result of this action",
4305
+ "isDeprecated": false,
4306
+ "name": "disinfect_result"
4307
+ },
4308
+ {
4309
+ "deprecationReason": null,
4310
+ "description": "Indicate how many processes are part of this event",
4311
+ "isDeprecated": false,
4312
+ "name": "processes_count"
4313
+ },
4002
4314
  {
4003
4315
  "deprecationReason": null,
4004
4316
  "description": "HTTP request method (ie. Get, Post)",
@@ -4073,7 +4385,7 @@
4073
4385
  },
4074
4386
  {
4075
4387
  "deprecationReason": null,
4076
- "description": "Cato App",
4388
+ "description": "Cato application name",
4077
4389
  "isDeprecated": false,
4078
4390
  "name": "cato_app"
4079
4391
  },
@@ -4127,7 +4439,7 @@
4127
4439
  },
4128
4440
  {
4129
4441
  "deprecationReason": null,
4130
- "description": "Tenant Id",
4442
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
4131
4443
  "isDeprecated": false,
4132
4444
  "name": "tenant_id"
4133
4445
  },
@@ -4187,7 +4499,7 @@
4187
4499
  },
4188
4500
  {
4189
4501
  "deprecationReason": null,
4190
- "description": "Data Classifiers",
4502
+ "description": "Defines the scanning methods used by the DLP system",
4191
4503
  "isDeprecated": false,
4192
4504
  "name": "dlp_scan_types"
4193
4505
  },
@@ -4265,7 +4577,7 @@
4265
4577
  },
4266
4578
  {
4267
4579
  "deprecationReason": null,
4268
- "description": "Used Public IP",
4580
+ "description": "Public source IP",
4269
4581
  "isDeprecated": false,
4270
4582
  "name": "public_ip"
4271
4583
  },
@@ -4436,33 +4748,81 @@
4436
4748
  "description": "Device Type",
4437
4749
  "isDeprecated": false,
4438
4750
  "name": "device_type"
4439
- }
4440
- ],
4441
- "fields": null,
4442
- "inputFields": null,
4443
- "interfaces": null,
4444
- "kind": "ENUM",
4445
- "name": "EventFieldName",
4446
- "possibleTypes": null
4447
- },
4448
- "indexType": "enum",
4449
- "kind": [
4450
- "NON_NULL",
4451
- "ENUM"
4452
- ],
4453
- "name": "EventFieldName",
4454
- "non_null": false
4455
- },
4456
- "varName": "fieldName"
4457
- },
4458
- "trend": {
4459
- "defaultValue": null,
4460
- "description": null,
4461
- "id_str": "measures___trend",
4462
- "name": "trend",
4463
- "path": "measures.trend",
4464
- "requestStr": "$trend:Boolean ",
4465
- "required": false,
4751
+ },
4752
+ {
4753
+ "deprecationReason": null,
4754
+ "description": "Tenant Restriction Rule Name",
4755
+ "isDeprecated": false,
4756
+ "name": "tenant_restriction_rule_name"
4757
+ },
4758
+ {
4759
+ "deprecationReason": null,
4760
+ "description": "Connection Origin",
4761
+ "isDeprecated": false,
4762
+ "name": "connection_origin"
4763
+ },
4764
+ {
4765
+ "deprecationReason": null,
4766
+ "description": "Translated Server IP",
4767
+ "isDeprecated": false,
4768
+ "name": "translated_server_ip"
4769
+ },
4770
+ {
4771
+ "deprecationReason": null,
4772
+ "description": "Translated Client IP",
4773
+ "isDeprecated": false,
4774
+ "name": "translated_client_ip"
4775
+ },
4776
+ {
4777
+ "deprecationReason": null,
4778
+ "description": "IoC Container Name",
4779
+ "isDeprecated": false,
4780
+ "name": "container_name"
4781
+ },
4782
+ {
4783
+ "deprecationReason": null,
4784
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
4785
+ "isDeprecated": false,
4786
+ "name": "correlation_id"
4787
+ },
4788
+ {
4789
+ "deprecationReason": null,
4790
+ "description": "Precedence",
4791
+ "isDeprecated": false,
4792
+ "name": "precedence"
4793
+ },
4794
+ {
4795
+ "deprecationReason": null,
4796
+ "description": "A list of labels providing additional context for the event",
4797
+ "isDeprecated": false,
4798
+ "name": "labels"
4799
+ }
4800
+ ],
4801
+ "fields": null,
4802
+ "inputFields": null,
4803
+ "interfaces": null,
4804
+ "kind": "ENUM",
4805
+ "name": "EventFieldName",
4806
+ "possibleTypes": null
4807
+ },
4808
+ "indexType": "enum",
4809
+ "kind": [
4810
+ "NON_NULL",
4811
+ "ENUM"
4812
+ ],
4813
+ "name": "EventFieldName",
4814
+ "non_null": false
4815
+ },
4816
+ "varName": "fieldName"
4817
+ },
4818
+ "trend": {
4819
+ "defaultValue": null,
4820
+ "description": null,
4821
+ "id_str": "measures___trend",
4822
+ "name": "trend",
4823
+ "path": "measures.trend",
4824
+ "requestStr": "$trend:Boolean ",
4825
+ "required": false,
4466
4826
  "responseStr": "trend:$trend ",
4467
4827
  "type": {
4468
4828
  "kind": [
@@ -4510,7 +4870,7 @@
4510
4870
  }
4511
4871
  },
4512
4872
  "deprecationReason": null,
4513
- "description": "BETA",
4873
+ "description": null,
4514
4874
  "fieldTypes": {
4515
4875
  "DimensionData": true,
4516
4876
  "DimensionKey": true,
@@ -4588,7 +4948,7 @@
4588
4948
  "description": null,
4589
4949
  "enumValues": [
4590
4950
  {
4591
- "deprecationReason": "use src_site_id/src_site_name instead",
4951
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4592
4952
  "description": "Name of site or user initiating the connection",
4593
4953
  "isDeprecated": true,
4594
4954
  "name": "src_site"
@@ -4612,7 +4972,7 @@
4612
4972
  "name": "user_id"
4613
4973
  },
4614
4974
  {
4615
- "deprecationReason": "use dest_site_id/dest_site_name instead",
4975
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4616
4976
  "description": "For WAN traffic, name of destination site or SDP user",
4617
4977
  "isDeprecated": true,
4618
4978
  "name": "dest_site"
@@ -4624,13 +4984,13 @@
4624
4984
  "name": "dest_site_id"
4625
4985
  },
4626
4986
  {
4627
- "deprecationReason": null,
4987
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
4628
4988
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
4629
- "isDeprecated": false,
4989
+ "isDeprecated": true,
4630
4990
  "name": "src_or_dest_site_id"
4631
4991
  },
4632
4992
  {
4633
- "deprecationReason": "use rule_name instead",
4993
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4634
4994
  "description": "Name of security rule related to the event",
4635
4995
  "isDeprecated": true,
4636
4996
  "name": "rule"
@@ -4648,7 +5008,7 @@
4648
5008
  "name": "socket_interface"
4649
5009
  },
4650
5010
  {
4651
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5011
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4652
5012
  "description": "Name for the custom category defined in the Cato Management Application",
4653
5013
  "isDeprecated": true,
4654
5014
  "name": "custom_category"
@@ -4661,7 +5021,7 @@
4661
5021
  },
4662
5022
  {
4663
5023
  "deprecationReason": null,
4664
- "description": "For Internet traffic, destination host port",
5024
+ "description": "Destination port",
4665
5025
  "isDeprecated": false,
4666
5026
  "name": "dest_port"
4667
5027
  },
@@ -4721,7 +5081,7 @@
4721
5081
  },
4722
5082
  {
4723
5083
  "deprecationReason": null,
4724
- "description": "For Internet traffic, destination host IP address",
5084
+ "description": "Destination IP address",
4725
5085
  "isDeprecated": false,
4726
5086
  "name": "dest_ip"
4727
5087
  },
@@ -4798,7 +5158,7 @@
4798
5158
  "name": "configured_host_name"
4799
5159
  },
4800
5160
  {
4801
- "deprecationReason": "use event_id instead",
5161
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
4802
5162
  "description": "Cato Internal-use only",
4803
5163
  "isDeprecated": true,
4804
5164
  "name": "internalId"
@@ -4870,9 +5230,9 @@
4870
5230
  "name": "bgp_error_code"
4871
5231
  },
4872
5232
  {
4873
- "deprecationReason": null,
5233
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
4874
5234
  "description": "Description from Cato Management Application for BGP peer",
4875
- "isDeprecated": false,
5235
+ "isDeprecated": true,
4876
5236
  "name": "bgp_peer_description"
4877
5237
  },
4878
5238
  {
@@ -4937,7 +5297,7 @@
4937
5297
  },
4938
5298
  {
4939
5299
  "deprecationReason": null,
4940
- "description": "Data that measures the latency for a specific link",
5300
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
4941
5301
  "isDeprecated": false,
4942
5302
  "name": "link_health_latency"
4943
5303
  },
@@ -5092,14 +5452,14 @@
5092
5452
  "name": "incident_id"
5093
5453
  },
5094
5454
  {
5095
- "deprecationReason": "use application_id/application_name instead",
5455
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5096
5456
  "description": "For Internet firewall, app for this event",
5097
5457
  "isDeprecated": true,
5098
5458
  "name": "application"
5099
5459
  },
5100
5460
  {
5101
5461
  "deprecationReason": null,
5102
- "description": "Application of the flow",
5462
+ "description": "The name of the application associated with the flow",
5103
5463
  "isDeprecated": false,
5104
5464
  "name": "application_name"
5105
5465
  },
@@ -5122,7 +5482,7 @@
5122
5482
  "name": "socket_interface_id"
5123
5483
  },
5124
5484
  {
5125
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5485
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5126
5486
  "description": "Unique Cato ID for the custom category",
5127
5487
  "isDeprecated": true,
5128
5488
  "name": "custom_categories"
@@ -5201,7 +5561,7 @@
5201
5561
  },
5202
5562
  {
5203
5563
  "deprecationReason": null,
5204
- "description": "For Internet traffic, destination host IP address",
5564
+ "description": "The name of the destination site",
5205
5565
  "isDeprecated": false,
5206
5566
  "name": "dest_site_name"
5207
5567
  },
@@ -5260,7 +5620,7 @@
5260
5620
  "name": "device_posture_profile"
5261
5621
  },
5262
5622
  {
5263
- "deprecationReason": "use device_posture_profile instead",
5623
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
5264
5624
  "description": "Device posture profiles",
5265
5625
  "isDeprecated": true,
5266
5626
  "name": "device_posture_profiles"
@@ -5333,7 +5693,7 @@
5333
5693
  },
5334
5694
  {
5335
5695
  "deprecationReason": null,
5336
- "description": "DLP fail mode",
5696
+ "description": "Describes the behavior when the DLP system encounters a failure",
5337
5697
  "isDeprecated": false,
5338
5698
  "name": "dlp_fail_mode"
5339
5699
  },
@@ -5391,6 +5751,24 @@
5391
5751
  "isDeprecated": false,
5392
5752
  "name": "is_sinkhole"
5393
5753
  },
5754
+ {
5755
+ "deprecationReason": null,
5756
+ "description": "The ID for the endpoint",
5757
+ "isDeprecated": false,
5758
+ "name": "endpoint_id"
5759
+ },
5760
+ {
5761
+ "deprecationReason": null,
5762
+ "description": "The Endpoint Protection Engine that detected the malware",
5763
+ "isDeprecated": false,
5764
+ "name": "epp_engine_type"
5765
+ },
5766
+ {
5767
+ "deprecationReason": null,
5768
+ "description": "The file operation when this event occurred",
5769
+ "isDeprecated": false,
5770
+ "name": "file_operation"
5771
+ },
5394
5772
  {
5395
5773
  "deprecationReason": null,
5396
5774
  "description": null,
@@ -5423,7 +5801,7 @@
5423
5801
  },
5424
5802
  {
5425
5803
  "deprecationReason": null,
5426
- "description": null,
5804
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
5427
5805
  "isDeprecated": false,
5428
5806
  "name": "vendor"
5429
5807
  },
@@ -5464,19 +5842,19 @@
5464
5842
  "name": "recommended_actions"
5465
5843
  },
5466
5844
  {
5467
- "deprecationReason": "use src_pid instead",
5845
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5468
5846
  "description": null,
5469
5847
  "isDeprecated": true,
5470
5848
  "name": "pid"
5471
5849
  },
5472
5850
  {
5473
- "deprecationReason": "use src_process_parent_pid instead",
5851
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5474
5852
  "description": null,
5475
5853
  "isDeprecated": true,
5476
5854
  "name": "parent_pid"
5477
5855
  },
5478
5856
  {
5479
- "deprecationReason": "use src_process_path instead",
5857
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
5480
5858
  "description": null,
5481
5859
  "isDeprecated": true,
5482
5860
  "name": "process_path"
@@ -5493,12 +5871,66 @@
5493
5871
  "isDeprecated": false,
5494
5872
  "name": "out_of_band_access"
5495
5873
  },
5874
+ {
5875
+ "deprecationReason": null,
5876
+ "description": "A Unique ID for the quarantined file",
5877
+ "isDeprecated": false,
5878
+ "name": "quarantine_uuid"
5879
+ },
5496
5880
  {
5497
5881
  "deprecationReason": null,
5498
5882
  "description": null,
5499
5883
  "isDeprecated": false,
5500
5884
  "name": "logged_in_user"
5501
5885
  },
5886
+ {
5887
+ "deprecationReason": null,
5888
+ "description": "The profile assigned to the endpoint upon detection of the malware",
5889
+ "isDeprecated": false,
5890
+ "name": "epp_profile"
5891
+ },
5892
+ {
5893
+ "deprecationReason": null,
5894
+ "description": "Source process ID",
5895
+ "isDeprecated": false,
5896
+ "name": "src_pid"
5897
+ },
5898
+ {
5899
+ "deprecationReason": null,
5900
+ "description": "Source process file path",
5901
+ "isDeprecated": false,
5902
+ "name": "src_process_path"
5903
+ },
5904
+ {
5905
+ "deprecationReason": null,
5906
+ "description": "Source process command line",
5907
+ "isDeprecated": false,
5908
+ "name": "src_process_cmdline"
5909
+ },
5910
+ {
5911
+ "deprecationReason": null,
5912
+ "description": "Source process parent process ID",
5913
+ "isDeprecated": false,
5914
+ "name": "src_process_parent_pid"
5915
+ },
5916
+ {
5917
+ "deprecationReason": null,
5918
+ "description": "Source process parent file path",
5919
+ "isDeprecated": false,
5920
+ "name": "src_process_parent_path"
5921
+ },
5922
+ {
5923
+ "deprecationReason": null,
5924
+ "description": "If policy is set to disinfect, return the result of this action",
5925
+ "isDeprecated": false,
5926
+ "name": "disinfect_result"
5927
+ },
5928
+ {
5929
+ "deprecationReason": null,
5930
+ "description": "Indicate how many processes are part of this event",
5931
+ "isDeprecated": false,
5932
+ "name": "processes_count"
5933
+ },
5502
5934
  {
5503
5935
  "deprecationReason": null,
5504
5936
  "description": "HTTP request method (ie. Get, Post)",
@@ -5573,7 +6005,7 @@
5573
6005
  },
5574
6006
  {
5575
6007
  "deprecationReason": null,
5576
- "description": "Cato App",
6008
+ "description": "Cato application name",
5577
6009
  "isDeprecated": false,
5578
6010
  "name": "cato_app"
5579
6011
  },
@@ -5627,7 +6059,7 @@
5627
6059
  },
5628
6060
  {
5629
6061
  "deprecationReason": null,
5630
- "description": "Tenant Id",
6062
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
5631
6063
  "isDeprecated": false,
5632
6064
  "name": "tenant_id"
5633
6065
  },
@@ -5687,7 +6119,7 @@
5687
6119
  },
5688
6120
  {
5689
6121
  "deprecationReason": null,
5690
- "description": "Data Classifiers",
6122
+ "description": "Defines the scanning methods used by the DLP system",
5691
6123
  "isDeprecated": false,
5692
6124
  "name": "dlp_scan_types"
5693
6125
  },
@@ -5765,7 +6197,7 @@
5765
6197
  },
5766
6198
  {
5767
6199
  "deprecationReason": null,
5768
- "description": "Used Public IP",
6200
+ "description": "Public source IP",
5769
6201
  "isDeprecated": false,
5770
6202
  "name": "public_ip"
5771
6203
  },
@@ -5936,6 +6368,54 @@
5936
6368
  "description": "Device Type",
5937
6369
  "isDeprecated": false,
5938
6370
  "name": "device_type"
6371
+ },
6372
+ {
6373
+ "deprecationReason": null,
6374
+ "description": "Tenant Restriction Rule Name",
6375
+ "isDeprecated": false,
6376
+ "name": "tenant_restriction_rule_name"
6377
+ },
6378
+ {
6379
+ "deprecationReason": null,
6380
+ "description": "Connection Origin",
6381
+ "isDeprecated": false,
6382
+ "name": "connection_origin"
6383
+ },
6384
+ {
6385
+ "deprecationReason": null,
6386
+ "description": "Translated Server IP",
6387
+ "isDeprecated": false,
6388
+ "name": "translated_server_ip"
6389
+ },
6390
+ {
6391
+ "deprecationReason": null,
6392
+ "description": "Translated Client IP",
6393
+ "isDeprecated": false,
6394
+ "name": "translated_client_ip"
6395
+ },
6396
+ {
6397
+ "deprecationReason": null,
6398
+ "description": "IoC Container Name",
6399
+ "isDeprecated": false,
6400
+ "name": "container_name"
6401
+ },
6402
+ {
6403
+ "deprecationReason": null,
6404
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
6405
+ "isDeprecated": false,
6406
+ "name": "correlation_id"
6407
+ },
6408
+ {
6409
+ "deprecationReason": null,
6410
+ "description": "Precedence",
6411
+ "isDeprecated": false,
6412
+ "name": "precedence"
6413
+ },
6414
+ {
6415
+ "deprecationReason": null,
6416
+ "description": "A list of labels providing additional context for the event",
6417
+ "isDeprecated": false,
6418
+ "name": "labels"
5939
6419
  }
5940
6420
  ],
5941
6421
  "fields": null,
@@ -6000,7 +6480,7 @@
6000
6480
  "description": null,
6001
6481
  "enumValues": [
6002
6482
  {
6003
- "deprecationReason": "use src_site_id/src_site_name instead",
6483
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6004
6484
  "description": "Name of site or user initiating the connection",
6005
6485
  "isDeprecated": true,
6006
6486
  "name": "src_site"
@@ -6024,7 +6504,7 @@
6024
6504
  "name": "user_id"
6025
6505
  },
6026
6506
  {
6027
- "deprecationReason": "use dest_site_id/dest_site_name instead",
6507
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6028
6508
  "description": "For WAN traffic, name of destination site or SDP user",
6029
6509
  "isDeprecated": true,
6030
6510
  "name": "dest_site"
@@ -6036,13 +6516,13 @@
6036
6516
  "name": "dest_site_id"
6037
6517
  },
6038
6518
  {
6039
- "deprecationReason": null,
6519
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
6040
6520
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
6041
- "isDeprecated": false,
6521
+ "isDeprecated": true,
6042
6522
  "name": "src_or_dest_site_id"
6043
6523
  },
6044
6524
  {
6045
- "deprecationReason": "use rule_name instead",
6525
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6046
6526
  "description": "Name of security rule related to the event",
6047
6527
  "isDeprecated": true,
6048
6528
  "name": "rule"
@@ -6060,7 +6540,7 @@
6060
6540
  "name": "socket_interface"
6061
6541
  },
6062
6542
  {
6063
- "deprecationReason": "use custom_category_id/custom_category_name instead",
6543
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6064
6544
  "description": "Name for the custom category defined in the Cato Management Application",
6065
6545
  "isDeprecated": true,
6066
6546
  "name": "custom_category"
@@ -6073,7 +6553,7 @@
6073
6553
  },
6074
6554
  {
6075
6555
  "deprecationReason": null,
6076
- "description": "For Internet traffic, destination host port",
6556
+ "description": "Destination port",
6077
6557
  "isDeprecated": false,
6078
6558
  "name": "dest_port"
6079
6559
  },
@@ -6133,7 +6613,7 @@
6133
6613
  },
6134
6614
  {
6135
6615
  "deprecationReason": null,
6136
- "description": "For Internet traffic, destination host IP address",
6616
+ "description": "Destination IP address",
6137
6617
  "isDeprecated": false,
6138
6618
  "name": "dest_ip"
6139
6619
  },
@@ -6210,7 +6690,7 @@
6210
6690
  "name": "configured_host_name"
6211
6691
  },
6212
6692
  {
6213
- "deprecationReason": "use event_id instead",
6693
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
6214
6694
  "description": "Cato Internal-use only",
6215
6695
  "isDeprecated": true,
6216
6696
  "name": "internalId"
@@ -6282,9 +6762,9 @@
6282
6762
  "name": "bgp_error_code"
6283
6763
  },
6284
6764
  {
6285
- "deprecationReason": null,
6765
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
6286
6766
  "description": "Description from Cato Management Application for BGP peer",
6287
- "isDeprecated": false,
6767
+ "isDeprecated": true,
6288
6768
  "name": "bgp_peer_description"
6289
6769
  },
6290
6770
  {
@@ -6349,7 +6829,7 @@
6349
6829
  },
6350
6830
  {
6351
6831
  "deprecationReason": null,
6352
- "description": "Data that measures the latency for a specific link",
6832
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
6353
6833
  "isDeprecated": false,
6354
6834
  "name": "link_health_latency"
6355
6835
  },
@@ -6504,14 +6984,14 @@
6504
6984
  "name": "incident_id"
6505
6985
  },
6506
6986
  {
6507
- "deprecationReason": "use application_id/application_name instead",
6987
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6508
6988
  "description": "For Internet firewall, app for this event",
6509
6989
  "isDeprecated": true,
6510
6990
  "name": "application"
6511
6991
  },
6512
6992
  {
6513
6993
  "deprecationReason": null,
6514
- "description": "Application of the flow",
6994
+ "description": "The name of the application associated with the flow",
6515
6995
  "isDeprecated": false,
6516
6996
  "name": "application_name"
6517
6997
  },
@@ -6534,7 +7014,7 @@
6534
7014
  "name": "socket_interface_id"
6535
7015
  },
6536
7016
  {
6537
- "deprecationReason": "use custom_category_id/custom_category_name instead",
7017
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6538
7018
  "description": "Unique Cato ID for the custom category",
6539
7019
  "isDeprecated": true,
6540
7020
  "name": "custom_categories"
@@ -6613,7 +7093,7 @@
6613
7093
  },
6614
7094
  {
6615
7095
  "deprecationReason": null,
6616
- "description": "For Internet traffic, destination host IP address",
7096
+ "description": "The name of the destination site",
6617
7097
  "isDeprecated": false,
6618
7098
  "name": "dest_site_name"
6619
7099
  },
@@ -6672,7 +7152,7 @@
6672
7152
  "name": "device_posture_profile"
6673
7153
  },
6674
7154
  {
6675
- "deprecationReason": "use device_posture_profile instead",
7155
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
6676
7156
  "description": "Device posture profiles",
6677
7157
  "isDeprecated": true,
6678
7158
  "name": "device_posture_profiles"
@@ -6745,7 +7225,7 @@
6745
7225
  },
6746
7226
  {
6747
7227
  "deprecationReason": null,
6748
- "description": "DLP fail mode",
7228
+ "description": "Describes the behavior when the DLP system encounters a failure",
6749
7229
  "isDeprecated": false,
6750
7230
  "name": "dlp_fail_mode"
6751
7231
  },
@@ -6803,6 +7283,24 @@
6803
7283
  "isDeprecated": false,
6804
7284
  "name": "is_sinkhole"
6805
7285
  },
7286
+ {
7287
+ "deprecationReason": null,
7288
+ "description": "The ID for the endpoint",
7289
+ "isDeprecated": false,
7290
+ "name": "endpoint_id"
7291
+ },
7292
+ {
7293
+ "deprecationReason": null,
7294
+ "description": "The Endpoint Protection Engine that detected the malware",
7295
+ "isDeprecated": false,
7296
+ "name": "epp_engine_type"
7297
+ },
7298
+ {
7299
+ "deprecationReason": null,
7300
+ "description": "The file operation when this event occurred",
7301
+ "isDeprecated": false,
7302
+ "name": "file_operation"
7303
+ },
6806
7304
  {
6807
7305
  "deprecationReason": null,
6808
7306
  "description": null,
@@ -6835,7 +7333,7 @@
6835
7333
  },
6836
7334
  {
6837
7335
  "deprecationReason": null,
6838
- "description": null,
7336
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
6839
7337
  "isDeprecated": false,
6840
7338
  "name": "vendor"
6841
7339
  },
@@ -6876,19 +7374,19 @@
6876
7374
  "name": "recommended_actions"
6877
7375
  },
6878
7376
  {
6879
- "deprecationReason": "use src_pid instead",
7377
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6880
7378
  "description": null,
6881
7379
  "isDeprecated": true,
6882
7380
  "name": "pid"
6883
7381
  },
6884
7382
  {
6885
- "deprecationReason": "use src_process_parent_pid instead",
7383
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6886
7384
  "description": null,
6887
7385
  "isDeprecated": true,
6888
7386
  "name": "parent_pid"
6889
7387
  },
6890
7388
  {
6891
- "deprecationReason": "use src_process_path instead",
7389
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
6892
7390
  "description": null,
6893
7391
  "isDeprecated": true,
6894
7392
  "name": "process_path"
@@ -6905,12 +7403,66 @@
6905
7403
  "isDeprecated": false,
6906
7404
  "name": "out_of_band_access"
6907
7405
  },
7406
+ {
7407
+ "deprecationReason": null,
7408
+ "description": "A Unique ID for the quarantined file",
7409
+ "isDeprecated": false,
7410
+ "name": "quarantine_uuid"
7411
+ },
6908
7412
  {
6909
7413
  "deprecationReason": null,
6910
7414
  "description": null,
6911
7415
  "isDeprecated": false,
6912
7416
  "name": "logged_in_user"
6913
7417
  },
7418
+ {
7419
+ "deprecationReason": null,
7420
+ "description": "The profile assigned to the endpoint upon detection of the malware",
7421
+ "isDeprecated": false,
7422
+ "name": "epp_profile"
7423
+ },
7424
+ {
7425
+ "deprecationReason": null,
7426
+ "description": "Source process ID",
7427
+ "isDeprecated": false,
7428
+ "name": "src_pid"
7429
+ },
7430
+ {
7431
+ "deprecationReason": null,
7432
+ "description": "Source process file path",
7433
+ "isDeprecated": false,
7434
+ "name": "src_process_path"
7435
+ },
7436
+ {
7437
+ "deprecationReason": null,
7438
+ "description": "Source process command line",
7439
+ "isDeprecated": false,
7440
+ "name": "src_process_cmdline"
7441
+ },
7442
+ {
7443
+ "deprecationReason": null,
7444
+ "description": "Source process parent process ID",
7445
+ "isDeprecated": false,
7446
+ "name": "src_process_parent_pid"
7447
+ },
7448
+ {
7449
+ "deprecationReason": null,
7450
+ "description": "Source process parent file path",
7451
+ "isDeprecated": false,
7452
+ "name": "src_process_parent_path"
7453
+ },
7454
+ {
7455
+ "deprecationReason": null,
7456
+ "description": "If policy is set to disinfect, return the result of this action",
7457
+ "isDeprecated": false,
7458
+ "name": "disinfect_result"
7459
+ },
7460
+ {
7461
+ "deprecationReason": null,
7462
+ "description": "Indicate how many processes are part of this event",
7463
+ "isDeprecated": false,
7464
+ "name": "processes_count"
7465
+ },
6914
7466
  {
6915
7467
  "deprecationReason": null,
6916
7468
  "description": "HTTP request method (ie. Get, Post)",
@@ -6985,7 +7537,7 @@
6985
7537
  },
6986
7538
  {
6987
7539
  "deprecationReason": null,
6988
- "description": "Cato App",
7540
+ "description": "Cato application name",
6989
7541
  "isDeprecated": false,
6990
7542
  "name": "cato_app"
6991
7543
  },
@@ -7039,7 +7591,7 @@
7039
7591
  },
7040
7592
  {
7041
7593
  "deprecationReason": null,
7042
- "description": "Tenant Id",
7594
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
7043
7595
  "isDeprecated": false,
7044
7596
  "name": "tenant_id"
7045
7597
  },
@@ -7099,7 +7651,7 @@
7099
7651
  },
7100
7652
  {
7101
7653
  "deprecationReason": null,
7102
- "description": "Data Classifiers",
7654
+ "description": "Defines the scanning methods used by the DLP system",
7103
7655
  "isDeprecated": false,
7104
7656
  "name": "dlp_scan_types"
7105
7657
  },
@@ -7177,7 +7729,7 @@
7177
7729
  },
7178
7730
  {
7179
7731
  "deprecationReason": null,
7180
- "description": "Used Public IP",
7732
+ "description": "Public source IP",
7181
7733
  "isDeprecated": false,
7182
7734
  "name": "public_ip"
7183
7735
  },
@@ -7348,6 +7900,54 @@
7348
7900
  "description": "Device Type",
7349
7901
  "isDeprecated": false,
7350
7902
  "name": "device_type"
7903
+ },
7904
+ {
7905
+ "deprecationReason": null,
7906
+ "description": "Tenant Restriction Rule Name",
7907
+ "isDeprecated": false,
7908
+ "name": "tenant_restriction_rule_name"
7909
+ },
7910
+ {
7911
+ "deprecationReason": null,
7912
+ "description": "Connection Origin",
7913
+ "isDeprecated": false,
7914
+ "name": "connection_origin"
7915
+ },
7916
+ {
7917
+ "deprecationReason": null,
7918
+ "description": "Translated Server IP",
7919
+ "isDeprecated": false,
7920
+ "name": "translated_server_ip"
7921
+ },
7922
+ {
7923
+ "deprecationReason": null,
7924
+ "description": "Translated Client IP",
7925
+ "isDeprecated": false,
7926
+ "name": "translated_client_ip"
7927
+ },
7928
+ {
7929
+ "deprecationReason": null,
7930
+ "description": "IoC Container Name",
7931
+ "isDeprecated": false,
7932
+ "name": "container_name"
7933
+ },
7934
+ {
7935
+ "deprecationReason": null,
7936
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
7937
+ "isDeprecated": false,
7938
+ "name": "correlation_id"
7939
+ },
7940
+ {
7941
+ "deprecationReason": null,
7942
+ "description": "Precedence",
7943
+ "isDeprecated": false,
7944
+ "name": "precedence"
7945
+ },
7946
+ {
7947
+ "deprecationReason": null,
7948
+ "description": "A list of labels providing additional context for the event",
7949
+ "isDeprecated": false,
7950
+ "name": "labels"
7351
7951
  }
7352
7952
  ],
7353
7953
  "fields": null,
@@ -7628,7 +8228,7 @@
7628
8228
  "description": null,
7629
8229
  "enumValues": [
7630
8230
  {
7631
- "deprecationReason": "use src_site_id/src_site_name instead",
8231
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7632
8232
  "description": "Name of site or user initiating the connection",
7633
8233
  "isDeprecated": true,
7634
8234
  "name": "src_site"
@@ -7652,7 +8252,7 @@
7652
8252
  "name": "user_id"
7653
8253
  },
7654
8254
  {
7655
- "deprecationReason": "use dest_site_id/dest_site_name instead",
8255
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7656
8256
  "description": "For WAN traffic, name of destination site or SDP user",
7657
8257
  "isDeprecated": true,
7658
8258
  "name": "dest_site"
@@ -7664,13 +8264,13 @@
7664
8264
  "name": "dest_site_id"
7665
8265
  },
7666
8266
  {
7667
- "deprecationReason": null,
8267
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
7668
8268
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
7669
- "isDeprecated": false,
8269
+ "isDeprecated": true,
7670
8270
  "name": "src_or_dest_site_id"
7671
8271
  },
7672
8272
  {
7673
- "deprecationReason": "use rule_name instead",
8273
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7674
8274
  "description": "Name of security rule related to the event",
7675
8275
  "isDeprecated": true,
7676
8276
  "name": "rule"
@@ -7688,7 +8288,7 @@
7688
8288
  "name": "socket_interface"
7689
8289
  },
7690
8290
  {
7691
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8291
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7692
8292
  "description": "Name for the custom category defined in the Cato Management Application",
7693
8293
  "isDeprecated": true,
7694
8294
  "name": "custom_category"
@@ -7701,7 +8301,7 @@
7701
8301
  },
7702
8302
  {
7703
8303
  "deprecationReason": null,
7704
- "description": "For Internet traffic, destination host port",
8304
+ "description": "Destination port",
7705
8305
  "isDeprecated": false,
7706
8306
  "name": "dest_port"
7707
8307
  },
@@ -7761,7 +8361,7 @@
7761
8361
  },
7762
8362
  {
7763
8363
  "deprecationReason": null,
7764
- "description": "For Internet traffic, destination host IP address",
8364
+ "description": "Destination IP address",
7765
8365
  "isDeprecated": false,
7766
8366
  "name": "dest_ip"
7767
8367
  },
@@ -7838,7 +8438,7 @@
7838
8438
  "name": "configured_host_name"
7839
8439
  },
7840
8440
  {
7841
- "deprecationReason": "use event_id instead",
8441
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
7842
8442
  "description": "Cato Internal-use only",
7843
8443
  "isDeprecated": true,
7844
8444
  "name": "internalId"
@@ -7910,9 +8510,9 @@
7910
8510
  "name": "bgp_error_code"
7911
8511
  },
7912
8512
  {
7913
- "deprecationReason": null,
8513
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
7914
8514
  "description": "Description from Cato Management Application for BGP peer",
7915
- "isDeprecated": false,
8515
+ "isDeprecated": true,
7916
8516
  "name": "bgp_peer_description"
7917
8517
  },
7918
8518
  {
@@ -7977,7 +8577,7 @@
7977
8577
  },
7978
8578
  {
7979
8579
  "deprecationReason": null,
7980
- "description": "Data that measures the latency for a specific link",
8580
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
7981
8581
  "isDeprecated": false,
7982
8582
  "name": "link_health_latency"
7983
8583
  },
@@ -8132,14 +8732,14 @@
8132
8732
  "name": "incident_id"
8133
8733
  },
8134
8734
  {
8135
- "deprecationReason": "use application_id/application_name instead",
8735
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
8136
8736
  "description": "For Internet firewall, app for this event",
8137
8737
  "isDeprecated": true,
8138
8738
  "name": "application"
8139
8739
  },
8140
8740
  {
8141
8741
  "deprecationReason": null,
8142
- "description": "Application of the flow",
8742
+ "description": "The name of the application associated with the flow",
8143
8743
  "isDeprecated": false,
8144
8744
  "name": "application_name"
8145
8745
  },
@@ -8162,7 +8762,7 @@
8162
8762
  "name": "socket_interface_id"
8163
8763
  },
8164
8764
  {
8165
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8765
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
8166
8766
  "description": "Unique Cato ID for the custom category",
8167
8767
  "isDeprecated": true,
8168
8768
  "name": "custom_categories"
@@ -8241,7 +8841,7 @@
8241
8841
  },
8242
8842
  {
8243
8843
  "deprecationReason": null,
8244
- "description": "For Internet traffic, destination host IP address",
8844
+ "description": "The name of the destination site",
8245
8845
  "isDeprecated": false,
8246
8846
  "name": "dest_site_name"
8247
8847
  },
@@ -8300,7 +8900,7 @@
8300
8900
  "name": "device_posture_profile"
8301
8901
  },
8302
8902
  {
8303
- "deprecationReason": "use device_posture_profile instead",
8903
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
8304
8904
  "description": "Device posture profiles",
8305
8905
  "isDeprecated": true,
8306
8906
  "name": "device_posture_profiles"
@@ -8373,7 +8973,7 @@
8373
8973
  },
8374
8974
  {
8375
8975
  "deprecationReason": null,
8376
- "description": "DLP fail mode",
8976
+ "description": "Describes the behavior when the DLP system encounters a failure",
8377
8977
  "isDeprecated": false,
8378
8978
  "name": "dlp_fail_mode"
8379
8979
  },
@@ -8431,6 +9031,24 @@
8431
9031
  "isDeprecated": false,
8432
9032
  "name": "is_sinkhole"
8433
9033
  },
9034
+ {
9035
+ "deprecationReason": null,
9036
+ "description": "The ID for the endpoint",
9037
+ "isDeprecated": false,
9038
+ "name": "endpoint_id"
9039
+ },
9040
+ {
9041
+ "deprecationReason": null,
9042
+ "description": "The Endpoint Protection Engine that detected the malware",
9043
+ "isDeprecated": false,
9044
+ "name": "epp_engine_type"
9045
+ },
9046
+ {
9047
+ "deprecationReason": null,
9048
+ "description": "The file operation when this event occurred",
9049
+ "isDeprecated": false,
9050
+ "name": "file_operation"
9051
+ },
8434
9052
  {
8435
9053
  "deprecationReason": null,
8436
9054
  "description": null,
@@ -8463,7 +9081,7 @@
8463
9081
  },
8464
9082
  {
8465
9083
  "deprecationReason": null,
8466
- "description": null,
9084
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
8467
9085
  "isDeprecated": false,
8468
9086
  "name": "vendor"
8469
9087
  },
@@ -8504,19 +9122,19 @@
8504
9122
  "name": "recommended_actions"
8505
9123
  },
8506
9124
  {
8507
- "deprecationReason": "use src_pid instead",
9125
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8508
9126
  "description": null,
8509
9127
  "isDeprecated": true,
8510
9128
  "name": "pid"
8511
9129
  },
8512
9130
  {
8513
- "deprecationReason": "use src_process_parent_pid instead",
9131
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8514
9132
  "description": null,
8515
9133
  "isDeprecated": true,
8516
9134
  "name": "parent_pid"
8517
9135
  },
8518
9136
  {
8519
- "deprecationReason": "use src_process_path instead",
9137
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
8520
9138
  "description": null,
8521
9139
  "isDeprecated": true,
8522
9140
  "name": "process_path"
@@ -8533,12 +9151,66 @@
8533
9151
  "isDeprecated": false,
8534
9152
  "name": "out_of_band_access"
8535
9153
  },
9154
+ {
9155
+ "deprecationReason": null,
9156
+ "description": "A Unique ID for the quarantined file",
9157
+ "isDeprecated": false,
9158
+ "name": "quarantine_uuid"
9159
+ },
8536
9160
  {
8537
9161
  "deprecationReason": null,
8538
9162
  "description": null,
8539
9163
  "isDeprecated": false,
8540
9164
  "name": "logged_in_user"
8541
9165
  },
9166
+ {
9167
+ "deprecationReason": null,
9168
+ "description": "The profile assigned to the endpoint upon detection of the malware",
9169
+ "isDeprecated": false,
9170
+ "name": "epp_profile"
9171
+ },
9172
+ {
9173
+ "deprecationReason": null,
9174
+ "description": "Source process ID",
9175
+ "isDeprecated": false,
9176
+ "name": "src_pid"
9177
+ },
9178
+ {
9179
+ "deprecationReason": null,
9180
+ "description": "Source process file path",
9181
+ "isDeprecated": false,
9182
+ "name": "src_process_path"
9183
+ },
9184
+ {
9185
+ "deprecationReason": null,
9186
+ "description": "Source process command line",
9187
+ "isDeprecated": false,
9188
+ "name": "src_process_cmdline"
9189
+ },
9190
+ {
9191
+ "deprecationReason": null,
9192
+ "description": "Source process parent process ID",
9193
+ "isDeprecated": false,
9194
+ "name": "src_process_parent_pid"
9195
+ },
9196
+ {
9197
+ "deprecationReason": null,
9198
+ "description": "Source process parent file path",
9199
+ "isDeprecated": false,
9200
+ "name": "src_process_parent_path"
9201
+ },
9202
+ {
9203
+ "deprecationReason": null,
9204
+ "description": "If policy is set to disinfect, return the result of this action",
9205
+ "isDeprecated": false,
9206
+ "name": "disinfect_result"
9207
+ },
9208
+ {
9209
+ "deprecationReason": null,
9210
+ "description": "Indicate how many processes are part of this event",
9211
+ "isDeprecated": false,
9212
+ "name": "processes_count"
9213
+ },
8542
9214
  {
8543
9215
  "deprecationReason": null,
8544
9216
  "description": "HTTP request method (ie. Get, Post)",
@@ -8613,7 +9285,7 @@
8613
9285
  },
8614
9286
  {
8615
9287
  "deprecationReason": null,
8616
- "description": "Cato App",
9288
+ "description": "Cato application name",
8617
9289
  "isDeprecated": false,
8618
9290
  "name": "cato_app"
8619
9291
  },
@@ -8667,7 +9339,7 @@
8667
9339
  },
8668
9340
  {
8669
9341
  "deprecationReason": null,
8670
- "description": "Tenant Id",
9342
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
8671
9343
  "isDeprecated": false,
8672
9344
  "name": "tenant_id"
8673
9345
  },
@@ -8727,7 +9399,7 @@
8727
9399
  },
8728
9400
  {
8729
9401
  "deprecationReason": null,
8730
- "description": "Data Classifiers",
9402
+ "description": "Defines the scanning methods used by the DLP system",
8731
9403
  "isDeprecated": false,
8732
9404
  "name": "dlp_scan_types"
8733
9405
  },
@@ -8805,7 +9477,7 @@
8805
9477
  },
8806
9478
  {
8807
9479
  "deprecationReason": null,
8808
- "description": "Used Public IP",
9480
+ "description": "Public source IP",
8809
9481
  "isDeprecated": false,
8810
9482
  "name": "public_ip"
8811
9483
  },
@@ -8976,6 +9648,54 @@
8976
9648
  "description": "Device Type",
8977
9649
  "isDeprecated": false,
8978
9650
  "name": "device_type"
9651
+ },
9652
+ {
9653
+ "deprecationReason": null,
9654
+ "description": "Tenant Restriction Rule Name",
9655
+ "isDeprecated": false,
9656
+ "name": "tenant_restriction_rule_name"
9657
+ },
9658
+ {
9659
+ "deprecationReason": null,
9660
+ "description": "Connection Origin",
9661
+ "isDeprecated": false,
9662
+ "name": "connection_origin"
9663
+ },
9664
+ {
9665
+ "deprecationReason": null,
9666
+ "description": "Translated Server IP",
9667
+ "isDeprecated": false,
9668
+ "name": "translated_server_ip"
9669
+ },
9670
+ {
9671
+ "deprecationReason": null,
9672
+ "description": "Translated Client IP",
9673
+ "isDeprecated": false,
9674
+ "name": "translated_client_ip"
9675
+ },
9676
+ {
9677
+ "deprecationReason": null,
9678
+ "description": "IoC Container Name",
9679
+ "isDeprecated": false,
9680
+ "name": "container_name"
9681
+ },
9682
+ {
9683
+ "deprecationReason": null,
9684
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
9685
+ "isDeprecated": false,
9686
+ "name": "correlation_id"
9687
+ },
9688
+ {
9689
+ "deprecationReason": null,
9690
+ "description": "Precedence",
9691
+ "isDeprecated": false,
9692
+ "name": "precedence"
9693
+ },
9694
+ {
9695
+ "deprecationReason": null,
9696
+ "description": "A list of labels providing additional context for the event",
9697
+ "isDeprecated": false,
9698
+ "name": "labels"
8979
9699
  }
8980
9700
  ],
8981
9701
  "fields": null,
@@ -9066,6 +9786,24 @@
9066
9786
  },
9067
9787
  "varName": "timeFrame"
9068
9788
  },
9789
+ "useDefaultSizeBucket": {
9790
+ "defaultValue": "false",
9791
+ "description": "In case we want to have the default size bucket (from properties)",
9792
+ "id_str": "data___useDefaultSizeBucket",
9793
+ "name": "useDefaultSizeBucket",
9794
+ "path": "data.useDefaultSizeBucket",
9795
+ "requestStr": "$useDefaultSizeBucket:Boolean ",
9796
+ "required": false,
9797
+ "responseStr": "useDefaultSizeBucket:$useDefaultSizeBucket ",
9798
+ "type": {
9799
+ "kind": [
9800
+ "SCALAR"
9801
+ ],
9802
+ "name": "Boolean",
9803
+ "non_null": false
9804
+ },
9805
+ "varName": "useDefaultSizeBucket"
9806
+ },
9069
9807
  "withMissingData": {
9070
9808
  "defaultValue": "false",
9071
9809
  "description": "If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1",
@@ -9207,6 +9945,24 @@
9207
9945
  },
9208
9946
  "varName": "perSecond"
9209
9947
  },
9948
+ "data___useDefaultSizeBucket": {
9949
+ "defaultValue": "false",
9950
+ "description": "In case we want to have the default size bucket (from properties)",
9951
+ "id_str": "data___useDefaultSizeBucket",
9952
+ "name": "useDefaultSizeBucket",
9953
+ "path": "data.useDefaultSizeBucket",
9954
+ "requestStr": "$useDefaultSizeBucket:Boolean ",
9955
+ "required": false,
9956
+ "responseStr": "useDefaultSizeBucket:$useDefaultSizeBucket ",
9957
+ "type": {
9958
+ "kind": [
9959
+ "SCALAR"
9960
+ ],
9961
+ "name": "Boolean",
9962
+ "non_null": false
9963
+ },
9964
+ "varName": "useDefaultSizeBucket"
9965
+ },
9210
9966
  "data___withMissingData": {
9211
9967
  "defaultValue": "false",
9212
9968
  "description": "If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1",
@@ -9699,6 +10455,7 @@
9699
10455
  },
9700
10456
  "perSecond": "Boolean",
9701
10457
  "timeFrame": "TimeFrame",
10458
+ "useDefaultSizeBucket": "Boolean",
9702
10459
  "withMissingData": "Boolean"
9703
10460
  }
9704
10461
  }