catocli 1.0.19__py3-none-any.whl → 1.0.21__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (166) hide show
  1. catocli/Utils/clidriver.py +6 -0
  2. catocli/__init__.py +1 -1
  3. catocli/parsers/custom/__init__.py +1 -1
  4. catocli/parsers/mutation_admin_addAdmin/README.md +1 -1
  5. catocli/parsers/mutation_admin_updateAdmin/README.md +1 -1
  6. catocli/parsers/mutation_policy/__init__.py +522 -0
  7. catocli/parsers/mutation_policy_dynamicIpAllocation/README.md +7 -0
  8. catocli/parsers/mutation_policy_dynamicIpAllocation_addRule/README.md +18 -0
  9. catocli/parsers/mutation_policy_dynamicIpAllocation_addSection/README.md +18 -0
  10. catocli/parsers/mutation_policy_dynamicIpAllocation_createPolicyRevision/README.md +18 -0
  11. catocli/parsers/mutation_policy_dynamicIpAllocation_discardPolicyRevision/README.md +18 -0
  12. catocli/parsers/mutation_policy_dynamicIpAllocation_moveRule/README.md +18 -0
  13. catocli/parsers/mutation_policy_dynamicIpAllocation_moveSection/README.md +18 -0
  14. catocli/parsers/mutation_policy_dynamicIpAllocation_publishPolicyRevision/README.md +18 -0
  15. catocli/parsers/mutation_policy_dynamicIpAllocation_removeRule/README.md +18 -0
  16. catocli/parsers/mutation_policy_dynamicIpAllocation_removeSection/README.md +18 -0
  17. catocli/parsers/mutation_policy_dynamicIpAllocation_updatePolicy/README.md +18 -0
  18. catocli/parsers/mutation_policy_dynamicIpAllocation_updateRule/README.md +18 -0
  19. catocli/parsers/mutation_policy_dynamicIpAllocation_updateSection/README.md +18 -0
  20. catocli/parsers/mutation_policy_internetFirewall_addRule/README.md +1 -1
  21. catocli/parsers/mutation_policy_internetFirewall_updateRule/README.md +1 -1
  22. catocli/parsers/mutation_policy_socketLan/README.md +7 -0
  23. catocli/parsers/mutation_policy_socketLan_addRule/README.md +18 -0
  24. catocli/parsers/mutation_policy_socketLan_addSection/README.md +18 -0
  25. catocli/parsers/mutation_policy_socketLan_createPolicyRevision/README.md +18 -0
  26. catocli/parsers/mutation_policy_socketLan_discardPolicyRevision/README.md +18 -0
  27. catocli/parsers/mutation_policy_socketLan_moveRule/README.md +18 -0
  28. catocli/parsers/mutation_policy_socketLan_moveSection/README.md +18 -0
  29. catocli/parsers/mutation_policy_socketLan_publishPolicyRevision/README.md +18 -0
  30. catocli/parsers/mutation_policy_socketLan_removeRule/README.md +18 -0
  31. catocli/parsers/mutation_policy_socketLan_removeSection/README.md +18 -0
  32. catocli/parsers/mutation_policy_socketLan_updatePolicy/README.md +18 -0
  33. catocli/parsers/mutation_policy_socketLan_updateRule/README.md +18 -0
  34. catocli/parsers/mutation_policy_socketLan_updateSection/README.md +18 -0
  35. catocli/parsers/mutation_policy_wanNetwork/README.md +7 -0
  36. catocli/parsers/mutation_policy_wanNetwork_addRule/README.md +18 -0
  37. catocli/parsers/mutation_policy_wanNetwork_addSection/README.md +18 -0
  38. catocli/parsers/mutation_policy_wanNetwork_createPolicyRevision/README.md +18 -0
  39. catocli/parsers/mutation_policy_wanNetwork_discardPolicyRevision/README.md +18 -0
  40. catocli/parsers/mutation_policy_wanNetwork_moveRule/README.md +18 -0
  41. catocli/parsers/mutation_policy_wanNetwork_moveSection/README.md +18 -0
  42. catocli/parsers/mutation_policy_wanNetwork_publishPolicyRevision/README.md +18 -0
  43. catocli/parsers/mutation_policy_wanNetwork_removeRule/README.md +18 -0
  44. catocli/parsers/mutation_policy_wanNetwork_removeSection/README.md +18 -0
  45. catocli/parsers/mutation_policy_wanNetwork_updatePolicy/README.md +18 -0
  46. catocli/parsers/mutation_policy_wanNetwork_updateRule/README.md +18 -0
  47. catocli/parsers/mutation_policy_wanNetwork_updateSection/README.md +18 -0
  48. catocli/parsers/mutation_sandbox/README.md +7 -0
  49. catocli/parsers/mutation_sandbox/__init__.py +37 -0
  50. catocli/parsers/mutation_sandbox_deleteReport/README.md +17 -0
  51. catocli/parsers/mutation_sandbox_uploadFile/README.md +17 -0
  52. catocli/parsers/mutation_site/__init__.py +28 -0
  53. catocli/parsers/mutation_site_addIpsecIkeV2Site/README.md +1 -1
  54. catocli/parsers/mutation_site_addIpsecIkeV2SiteTunnels/README.md +1 -1
  55. catocli/parsers/mutation_site_addSecondaryAwsVSocket/README.md +17 -0
  56. catocli/parsers/mutation_site_addSecondaryAzureVSocket/README.md +17 -0
  57. catocli/parsers/mutation_site_addSocketSite/README.md +1 -1
  58. catocli/parsers/mutation_site_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  59. catocli/parsers/mutation_site_updateSocketInterface/README.md +1 -1
  60. catocli/parsers/mutation_sites/__init__.py +28 -0
  61. catocli/parsers/mutation_sites_addIpsecIkeV2Site/README.md +1 -1
  62. catocli/parsers/mutation_sites_addIpsecIkeV2SiteTunnels/README.md +1 -1
  63. catocli/parsers/mutation_sites_addSecondaryAwsVSocket/README.md +17 -0
  64. catocli/parsers/mutation_sites_addSecondaryAzureVSocket/README.md +17 -0
  65. catocli/parsers/mutation_sites_addSocketSite/README.md +1 -1
  66. catocli/parsers/mutation_sites_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  67. catocli/parsers/mutation_sites_updateSocketInterface/README.md +1 -1
  68. catocli/parsers/mutation_xdr/README.md +7 -0
  69. catocli/parsers/mutation_xdr/__init__.py +51 -0
  70. catocli/parsers/mutation_xdr_addStoryComment/README.md +17 -0
  71. catocli/parsers/mutation_xdr_analystFeedback/README.md +18 -0
  72. catocli/parsers/mutation_xdr_deleteStoryComment/README.md +17 -0
  73. catocli/parsers/query_accountMetrics/README.md +2 -1
  74. catocli/parsers/query_appStatsTimeSeries/README.md +2 -1
  75. catocli/parsers/query_eventsFeed/README.md +1 -1
  76. catocli/parsers/query_eventsTimeSeries/README.md +2 -1
  77. catocli/parsers/query_policy/README.md +4 -1
  78. catocli/parsers/query_sandbox/README.md +17 -0
  79. catocli/parsers/query_sandbox/__init__.py +17 -0
  80. catocli/parsers/query_siteLocation/README.md +1 -1
  81. catocli/parsers/query_xdr_story/README.md +1 -1
  82. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/METADATA +1 -1
  83. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/RECORD +166 -66
  84. models/mutation.admin.addAdmin.json +0 -60
  85. models/mutation.admin.updateAdmin.json +0 -57
  86. models/mutation.policy.dynamicIpAllocation.addRule.json +3696 -0
  87. models/mutation.policy.dynamicIpAllocation.addSection.json +1358 -0
  88. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +2175 -0
  89. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +2109 -0
  90. models/mutation.policy.dynamicIpAllocation.moveRule.json +1907 -0
  91. models/mutation.policy.dynamicIpAllocation.moveSection.json +1259 -0
  92. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +2166 -0
  93. models/mutation.policy.dynamicIpAllocation.removeRule.json +1555 -0
  94. models/mutation.policy.dynamicIpAllocation.removeSection.json +958 -0
  95. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +2185 -0
  96. models/mutation.policy.dynamicIpAllocation.updateRule.json +3374 -0
  97. models/mutation.policy.dynamicIpAllocation.updateSection.json +1111 -0
  98. models/mutation.policy.internetFirewall.addRule.json +18 -18
  99. models/mutation.policy.internetFirewall.createPolicyRevision.json +4 -4
  100. models/mutation.policy.internetFirewall.discardPolicyRevision.json +4 -4
  101. models/mutation.policy.internetFirewall.moveRule.json +4 -4
  102. models/mutation.policy.internetFirewall.publishPolicyRevision.json +4 -4
  103. models/mutation.policy.internetFirewall.removeRule.json +4 -4
  104. models/mutation.policy.internetFirewall.updatePolicy.json +4 -4
  105. models/mutation.policy.internetFirewall.updateRule.json +18 -18
  106. models/mutation.policy.socketLan.addRule.json +11266 -0
  107. models/mutation.policy.socketLan.addSection.json +1358 -0
  108. models/mutation.policy.socketLan.createPolicyRevision.json +3926 -0
  109. models/mutation.policy.socketLan.discardPolicyRevision.json +3860 -0
  110. models/mutation.policy.socketLan.moveRule.json +3658 -0
  111. models/mutation.policy.socketLan.moveSection.json +1259 -0
  112. models/mutation.policy.socketLan.publishPolicyRevision.json +3917 -0
  113. models/mutation.policy.socketLan.removeRule.json +3306 -0
  114. models/mutation.policy.socketLan.removeSection.json +958 -0
  115. models/mutation.policy.socketLan.updatePolicy.json +3936 -0
  116. models/mutation.policy.socketLan.updateRule.json +10860 -0
  117. models/mutation.policy.socketLan.updateSection.json +1111 -0
  118. models/mutation.policy.wanNetwork.addRule.json +30614 -0
  119. models/mutation.policy.wanNetwork.addSection.json +1358 -0
  120. models/mutation.policy.wanNetwork.createPolicyRevision.json +8251 -0
  121. models/mutation.policy.wanNetwork.discardPolicyRevision.json +8185 -0
  122. models/mutation.policy.wanNetwork.moveRule.json +7983 -0
  123. models/mutation.policy.wanNetwork.moveSection.json +1259 -0
  124. models/mutation.policy.wanNetwork.publishPolicyRevision.json +8242 -0
  125. models/mutation.policy.wanNetwork.removeRule.json +7631 -0
  126. models/mutation.policy.wanNetwork.removeSection.json +958 -0
  127. models/mutation.policy.wanNetwork.updatePolicy.json +8261 -0
  128. models/mutation.policy.wanNetwork.updateRule.json +30145 -0
  129. models/mutation.policy.wanNetwork.updateSection.json +1111 -0
  130. models/mutation.sandbox.deleteReport.json +302 -0
  131. models/mutation.sandbox.uploadFile.json +301 -0
  132. models/mutation.site.addIpsecIkeV2Site.json +57 -0
  133. models/mutation.site.addIpsecIkeV2SiteTunnels.json +222 -0
  134. models/mutation.site.addSecondaryAwsVSocket.json +707 -0
  135. models/mutation.site.addSecondaryAzureVSocket.json +647 -0
  136. models/mutation.site.addSocketSite.json +72 -15
  137. models/mutation.site.updateIpsecIkeV2SiteTunnels.json +222 -0
  138. models/mutation.site.updateNetworkRange.json +3 -3
  139. models/mutation.site.updateSocketInterface.json +126 -18
  140. models/mutation.sites.addIpsecIkeV2Site.json +57 -0
  141. models/mutation.sites.addIpsecIkeV2SiteTunnels.json +222 -0
  142. models/mutation.sites.addSecondaryAwsVSocket.json +707 -0
  143. models/mutation.sites.addSecondaryAzureVSocket.json +647 -0
  144. models/mutation.sites.addSocketSite.json +72 -15
  145. models/mutation.sites.updateIpsecIkeV2SiteTunnels.json +222 -0
  146. models/mutation.sites.updateNetworkRange.json +3 -3
  147. models/mutation.sites.updateSocketInterface.json +126 -18
  148. models/mutation.xdr.addStoryComment.json +622 -0
  149. models/mutation.xdr.analystFeedback.json +28820 -0
  150. models/mutation.xdr.deleteStoryComment.json +622 -0
  151. models/query.accountMetrics.json +592 -0
  152. models/query.accountSnapshot.json +308 -0
  153. models/query.appStatsTimeSeries.json +37 -0
  154. models/query.auditFeed.json +352 -52
  155. models/query.events.json +1434 -234
  156. models/query.eventsFeed.json +352 -52
  157. models/query.eventsTimeSeries.json +1113 -176
  158. models/query.policy.json +22867 -9389
  159. models/query.sandbox.json +2111 -0
  160. models/query.xdr.stories.json +134 -4
  161. models/query.xdr.story.json +116 -4
  162. schema/catolib.py +4 -5
  163. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/LICENSE +0 -0
  164. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/WHEEL +0 -0
  165. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/entry_points.txt +0 -0
  166. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/top_level.txt +0 -0
models/query.events.json CHANGED
@@ -48,7 +48,7 @@
48
48
  "description": null,
49
49
  "enumValues": [
50
50
  {
51
- "deprecationReason": "use src_site_id/src_site_name instead",
51
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
52
52
  "description": "Name of site or user initiating the connection",
53
53
  "isDeprecated": true,
54
54
  "name": "src_site"
@@ -72,7 +72,7 @@
72
72
  "name": "user_id"
73
73
  },
74
74
  {
75
- "deprecationReason": "use dest_site_id/dest_site_name instead",
75
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
76
76
  "description": "For WAN traffic, name of destination site or SDP user",
77
77
  "isDeprecated": true,
78
78
  "name": "dest_site"
@@ -84,13 +84,13 @@
84
84
  "name": "dest_site_id"
85
85
  },
86
86
  {
87
- "deprecationReason": null,
87
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
88
88
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
89
- "isDeprecated": false,
89
+ "isDeprecated": true,
90
90
  "name": "src_or_dest_site_id"
91
91
  },
92
92
  {
93
- "deprecationReason": "use rule_name instead",
93
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
94
94
  "description": "Name of security rule related to the event",
95
95
  "isDeprecated": true,
96
96
  "name": "rule"
@@ -108,7 +108,7 @@
108
108
  "name": "socket_interface"
109
109
  },
110
110
  {
111
- "deprecationReason": "use custom_category_id/custom_category_name instead",
111
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
112
112
  "description": "Name for the custom category defined in the Cato Management Application",
113
113
  "isDeprecated": true,
114
114
  "name": "custom_category"
@@ -121,7 +121,7 @@
121
121
  },
122
122
  {
123
123
  "deprecationReason": null,
124
- "description": "For Internet traffic, destination host port",
124
+ "description": "Destination port",
125
125
  "isDeprecated": false,
126
126
  "name": "dest_port"
127
127
  },
@@ -181,7 +181,7 @@
181
181
  },
182
182
  {
183
183
  "deprecationReason": null,
184
- "description": "For Internet traffic, destination host IP address",
184
+ "description": "Destination IP address",
185
185
  "isDeprecated": false,
186
186
  "name": "dest_ip"
187
187
  },
@@ -258,7 +258,7 @@
258
258
  "name": "configured_host_name"
259
259
  },
260
260
  {
261
- "deprecationReason": "use event_id instead",
261
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
262
262
  "description": "Cato Internal-use only",
263
263
  "isDeprecated": true,
264
264
  "name": "internalId"
@@ -330,9 +330,9 @@
330
330
  "name": "bgp_error_code"
331
331
  },
332
332
  {
333
- "deprecationReason": null,
333
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
334
334
  "description": "Description from Cato Management Application for BGP peer",
335
- "isDeprecated": false,
335
+ "isDeprecated": true,
336
336
  "name": "bgp_peer_description"
337
337
  },
338
338
  {
@@ -397,7 +397,7 @@
397
397
  },
398
398
  {
399
399
  "deprecationReason": null,
400
- "description": "Data that measures the latency for a specific link",
400
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
401
401
  "isDeprecated": false,
402
402
  "name": "link_health_latency"
403
403
  },
@@ -552,14 +552,14 @@
552
552
  "name": "incident_id"
553
553
  },
554
554
  {
555
- "deprecationReason": "use application_id/application_name instead",
555
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
556
556
  "description": "For Internet firewall, app for this event",
557
557
  "isDeprecated": true,
558
558
  "name": "application"
559
559
  },
560
560
  {
561
561
  "deprecationReason": null,
562
- "description": "Application of the flow",
562
+ "description": "The name of the application associated with the flow",
563
563
  "isDeprecated": false,
564
564
  "name": "application_name"
565
565
  },
@@ -582,7 +582,7 @@
582
582
  "name": "socket_interface_id"
583
583
  },
584
584
  {
585
- "deprecationReason": "use custom_category_id/custom_category_name instead",
585
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
586
586
  "description": "Unique Cato ID for the custom category",
587
587
  "isDeprecated": true,
588
588
  "name": "custom_categories"
@@ -661,7 +661,7 @@
661
661
  },
662
662
  {
663
663
  "deprecationReason": null,
664
- "description": "For Internet traffic, destination host IP address",
664
+ "description": "The name of the destination site",
665
665
  "isDeprecated": false,
666
666
  "name": "dest_site_name"
667
667
  },
@@ -720,7 +720,7 @@
720
720
  "name": "device_posture_profile"
721
721
  },
722
722
  {
723
- "deprecationReason": "use device_posture_profile instead",
723
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
724
724
  "description": "Device posture profiles",
725
725
  "isDeprecated": true,
726
726
  "name": "device_posture_profiles"
@@ -793,7 +793,7 @@
793
793
  },
794
794
  {
795
795
  "deprecationReason": null,
796
- "description": "DLP fail mode",
796
+ "description": "Describes the behavior when the DLP system encounters a failure",
797
797
  "isDeprecated": false,
798
798
  "name": "dlp_fail_mode"
799
799
  },
@@ -851,6 +851,24 @@
851
851
  "isDeprecated": false,
852
852
  "name": "is_sinkhole"
853
853
  },
854
+ {
855
+ "deprecationReason": null,
856
+ "description": "The ID for the endpoint",
857
+ "isDeprecated": false,
858
+ "name": "endpoint_id"
859
+ },
860
+ {
861
+ "deprecationReason": null,
862
+ "description": "The Endpoint Protection Engine that detected the malware",
863
+ "isDeprecated": false,
864
+ "name": "epp_engine_type"
865
+ },
866
+ {
867
+ "deprecationReason": null,
868
+ "description": "The file operation when this event occurred",
869
+ "isDeprecated": false,
870
+ "name": "file_operation"
871
+ },
854
872
  {
855
873
  "deprecationReason": null,
856
874
  "description": null,
@@ -883,7 +901,7 @@
883
901
  },
884
902
  {
885
903
  "deprecationReason": null,
886
- "description": null,
904
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
887
905
  "isDeprecated": false,
888
906
  "name": "vendor"
889
907
  },
@@ -924,19 +942,19 @@
924
942
  "name": "recommended_actions"
925
943
  },
926
944
  {
927
- "deprecationReason": "use src_pid instead",
945
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
928
946
  "description": null,
929
947
  "isDeprecated": true,
930
948
  "name": "pid"
931
949
  },
932
950
  {
933
- "deprecationReason": "use src_process_parent_pid instead",
951
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
934
952
  "description": null,
935
953
  "isDeprecated": true,
936
954
  "name": "parent_pid"
937
955
  },
938
956
  {
939
- "deprecationReason": "use src_process_path instead",
957
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
940
958
  "description": null,
941
959
  "isDeprecated": true,
942
960
  "name": "process_path"
@@ -953,12 +971,96 @@
953
971
  "isDeprecated": false,
954
972
  "name": "out_of_band_access"
955
973
  },
974
+ {
975
+ "deprecationReason": null,
976
+ "description": "A Unique ID for the quarantined file",
977
+ "isDeprecated": false,
978
+ "name": "quarantine_uuid"
979
+ },
956
980
  {
957
981
  "deprecationReason": null,
958
982
  "description": null,
959
983
  "isDeprecated": false,
960
984
  "name": "logged_in_user"
961
985
  },
986
+ {
987
+ "deprecationReason": null,
988
+ "description": "The profile assigned to the endpoint upon detection of the malware",
989
+ "isDeprecated": false,
990
+ "name": "epp_profile"
991
+ },
992
+ {
993
+ "deprecationReason": null,
994
+ "description": "Source process ID",
995
+ "isDeprecated": false,
996
+ "name": "src_pid"
997
+ },
998
+ {
999
+ "deprecationReason": null,
1000
+ "description": "Source process file path",
1001
+ "isDeprecated": false,
1002
+ "name": "src_process_path"
1003
+ },
1004
+ {
1005
+ "deprecationReason": null,
1006
+ "description": "Source process command line",
1007
+ "isDeprecated": false,
1008
+ "name": "src_process_cmdline"
1009
+ },
1010
+ {
1011
+ "deprecationReason": null,
1012
+ "description": "Source process parent process ID",
1013
+ "isDeprecated": false,
1014
+ "name": "src_process_parent_pid"
1015
+ },
1016
+ {
1017
+ "deprecationReason": null,
1018
+ "description": "Source process parent file path",
1019
+ "isDeprecated": false,
1020
+ "name": "src_process_parent_path"
1021
+ },
1022
+ {
1023
+ "deprecationReason": null,
1024
+ "description": "The destination process ID",
1025
+ "isDeprecated": false,
1026
+ "name": "dest_pid"
1027
+ },
1028
+ {
1029
+ "deprecationReason": null,
1030
+ "description": "Destination process file path",
1031
+ "isDeprecated": false,
1032
+ "name": "dest_process_path"
1033
+ },
1034
+ {
1035
+ "deprecationReason": null,
1036
+ "description": "Destination process command line",
1037
+ "isDeprecated": false,
1038
+ "name": "dest_process_cmdline"
1039
+ },
1040
+ {
1041
+ "deprecationReason": null,
1042
+ "description": "Destination process parent process ID",
1043
+ "isDeprecated": false,
1044
+ "name": "dest_process_parent_pid"
1045
+ },
1046
+ {
1047
+ "deprecationReason": null,
1048
+ "description": "Destination process parent file path",
1049
+ "isDeprecated": false,
1050
+ "name": "dest_process_parent_path"
1051
+ },
1052
+ {
1053
+ "deprecationReason": null,
1054
+ "description": "If policy is set to disinfect, return the result of this action",
1055
+ "isDeprecated": false,
1056
+ "name": "disinfect_result"
1057
+ },
1058
+ {
1059
+ "deprecationReason": null,
1060
+ "description": "Indicate how many processes are part of this event",
1061
+ "isDeprecated": false,
1062
+ "name": "processes_count"
1063
+ },
962
1064
  {
963
1065
  "deprecationReason": null,
964
1066
  "description": "HTTP request method (ie. Get, Post)",
@@ -1033,7 +1135,7 @@
1033
1135
  },
1034
1136
  {
1035
1137
  "deprecationReason": null,
1036
- "description": "Cato App",
1138
+ "description": "Cato application name",
1037
1139
  "isDeprecated": false,
1038
1140
  "name": "cato_app"
1039
1141
  },
@@ -1087,7 +1189,7 @@
1087
1189
  },
1088
1190
  {
1089
1191
  "deprecationReason": null,
1090
- "description": "Tenant Id",
1192
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1091
1193
  "isDeprecated": false,
1092
1194
  "name": "tenant_id"
1093
1195
  },
@@ -1147,7 +1249,7 @@
1147
1249
  },
1148
1250
  {
1149
1251
  "deprecationReason": null,
1150
- "description": "Data Classifiers",
1252
+ "description": "Defines the scanning methods used by the DLP system",
1151
1253
  "isDeprecated": false,
1152
1254
  "name": "dlp_scan_types"
1153
1255
  },
@@ -1225,7 +1327,7 @@
1225
1327
  },
1226
1328
  {
1227
1329
  "deprecationReason": null,
1228
- "description": "Used Public IP",
1330
+ "description": "Public source IP",
1229
1331
  "isDeprecated": false,
1230
1332
  "name": "public_ip"
1231
1333
  },
@@ -1396,6 +1498,54 @@
1396
1498
  "description": "Device Type",
1397
1499
  "isDeprecated": false,
1398
1500
  "name": "device_type"
1501
+ },
1502
+ {
1503
+ "deprecationReason": null,
1504
+ "description": "Tenant Restriction Rule Name",
1505
+ "isDeprecated": false,
1506
+ "name": "tenant_restriction_rule_name"
1507
+ },
1508
+ {
1509
+ "deprecationReason": null,
1510
+ "description": "Connection Origin",
1511
+ "isDeprecated": false,
1512
+ "name": "connection_origin"
1513
+ },
1514
+ {
1515
+ "deprecationReason": null,
1516
+ "description": "Translated Server IP",
1517
+ "isDeprecated": false,
1518
+ "name": "translated_server_ip"
1519
+ },
1520
+ {
1521
+ "deprecationReason": null,
1522
+ "description": "Translated Client IP",
1523
+ "isDeprecated": false,
1524
+ "name": "translated_client_ip"
1525
+ },
1526
+ {
1527
+ "deprecationReason": null,
1528
+ "description": "IoC Container Name",
1529
+ "isDeprecated": false,
1530
+ "name": "container_name"
1531
+ },
1532
+ {
1533
+ "deprecationReason": null,
1534
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1535
+ "isDeprecated": false,
1536
+ "name": "correlation_id"
1537
+ },
1538
+ {
1539
+ "deprecationReason": null,
1540
+ "description": "Precedence",
1541
+ "isDeprecated": false,
1542
+ "name": "precedence"
1543
+ },
1544
+ {
1545
+ "deprecationReason": null,
1546
+ "description": "A list of labels providing additional context for the event",
1547
+ "isDeprecated": false,
1548
+ "name": "labels"
1399
1549
  }
1400
1550
  ],
1401
1551
  "fields": null,
@@ -1460,7 +1610,7 @@
1460
1610
  "description": null,
1461
1611
  "enumValues": [
1462
1612
  {
1463
- "deprecationReason": "use src_site_id/src_site_name instead",
1613
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1464
1614
  "description": "Name of site or user initiating the connection",
1465
1615
  "isDeprecated": true,
1466
1616
  "name": "src_site"
@@ -1484,7 +1634,7 @@
1484
1634
  "name": "user_id"
1485
1635
  },
1486
1636
  {
1487
- "deprecationReason": "use dest_site_id/dest_site_name instead",
1637
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1488
1638
  "description": "For WAN traffic, name of destination site or SDP user",
1489
1639
  "isDeprecated": true,
1490
1640
  "name": "dest_site"
@@ -1496,13 +1646,13 @@
1496
1646
  "name": "dest_site_id"
1497
1647
  },
1498
1648
  {
1499
- "deprecationReason": null,
1649
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
1500
1650
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
1501
- "isDeprecated": false,
1651
+ "isDeprecated": true,
1502
1652
  "name": "src_or_dest_site_id"
1503
1653
  },
1504
1654
  {
1505
- "deprecationReason": "use rule_name instead",
1655
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1506
1656
  "description": "Name of security rule related to the event",
1507
1657
  "isDeprecated": true,
1508
1658
  "name": "rule"
@@ -1520,7 +1670,7 @@
1520
1670
  "name": "socket_interface"
1521
1671
  },
1522
1672
  {
1523
- "deprecationReason": "use custom_category_id/custom_category_name instead",
1673
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1524
1674
  "description": "Name for the custom category defined in the Cato Management Application",
1525
1675
  "isDeprecated": true,
1526
1676
  "name": "custom_category"
@@ -1533,7 +1683,7 @@
1533
1683
  },
1534
1684
  {
1535
1685
  "deprecationReason": null,
1536
- "description": "For Internet traffic, destination host port",
1686
+ "description": "Destination port",
1537
1687
  "isDeprecated": false,
1538
1688
  "name": "dest_port"
1539
1689
  },
@@ -1593,7 +1743,7 @@
1593
1743
  },
1594
1744
  {
1595
1745
  "deprecationReason": null,
1596
- "description": "For Internet traffic, destination host IP address",
1746
+ "description": "Destination IP address",
1597
1747
  "isDeprecated": false,
1598
1748
  "name": "dest_ip"
1599
1749
  },
@@ -1670,7 +1820,7 @@
1670
1820
  "name": "configured_host_name"
1671
1821
  },
1672
1822
  {
1673
- "deprecationReason": "use event_id instead",
1823
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
1674
1824
  "description": "Cato Internal-use only",
1675
1825
  "isDeprecated": true,
1676
1826
  "name": "internalId"
@@ -1742,9 +1892,9 @@
1742
1892
  "name": "bgp_error_code"
1743
1893
  },
1744
1894
  {
1745
- "deprecationReason": null,
1895
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
1746
1896
  "description": "Description from Cato Management Application for BGP peer",
1747
- "isDeprecated": false,
1897
+ "isDeprecated": true,
1748
1898
  "name": "bgp_peer_description"
1749
1899
  },
1750
1900
  {
@@ -1809,7 +1959,7 @@
1809
1959
  },
1810
1960
  {
1811
1961
  "deprecationReason": null,
1812
- "description": "Data that measures the latency for a specific link",
1962
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
1813
1963
  "isDeprecated": false,
1814
1964
  "name": "link_health_latency"
1815
1965
  },
@@ -1964,14 +2114,14 @@
1964
2114
  "name": "incident_id"
1965
2115
  },
1966
2116
  {
1967
- "deprecationReason": "use application_id/application_name instead",
2117
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1968
2118
  "description": "For Internet firewall, app for this event",
1969
2119
  "isDeprecated": true,
1970
2120
  "name": "application"
1971
2121
  },
1972
2122
  {
1973
2123
  "deprecationReason": null,
1974
- "description": "Application of the flow",
2124
+ "description": "The name of the application associated with the flow",
1975
2125
  "isDeprecated": false,
1976
2126
  "name": "application_name"
1977
2127
  },
@@ -1994,7 +2144,7 @@
1994
2144
  "name": "socket_interface_id"
1995
2145
  },
1996
2146
  {
1997
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2147
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1998
2148
  "description": "Unique Cato ID for the custom category",
1999
2149
  "isDeprecated": true,
2000
2150
  "name": "custom_categories"
@@ -2073,7 +2223,7 @@
2073
2223
  },
2074
2224
  {
2075
2225
  "deprecationReason": null,
2076
- "description": "For Internet traffic, destination host IP address",
2226
+ "description": "The name of the destination site",
2077
2227
  "isDeprecated": false,
2078
2228
  "name": "dest_site_name"
2079
2229
  },
@@ -2132,7 +2282,7 @@
2132
2282
  "name": "device_posture_profile"
2133
2283
  },
2134
2284
  {
2135
- "deprecationReason": "use device_posture_profile instead",
2285
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2136
2286
  "description": "Device posture profiles",
2137
2287
  "isDeprecated": true,
2138
2288
  "name": "device_posture_profiles"
@@ -2205,7 +2355,7 @@
2205
2355
  },
2206
2356
  {
2207
2357
  "deprecationReason": null,
2208
- "description": "DLP fail mode",
2358
+ "description": "Describes the behavior when the DLP system encounters a failure",
2209
2359
  "isDeprecated": false,
2210
2360
  "name": "dlp_fail_mode"
2211
2361
  },
@@ -2263,6 +2413,24 @@
2263
2413
  "isDeprecated": false,
2264
2414
  "name": "is_sinkhole"
2265
2415
  },
2416
+ {
2417
+ "deprecationReason": null,
2418
+ "description": "The ID for the endpoint",
2419
+ "isDeprecated": false,
2420
+ "name": "endpoint_id"
2421
+ },
2422
+ {
2423
+ "deprecationReason": null,
2424
+ "description": "The Endpoint Protection Engine that detected the malware",
2425
+ "isDeprecated": false,
2426
+ "name": "epp_engine_type"
2427
+ },
2428
+ {
2429
+ "deprecationReason": null,
2430
+ "description": "The file operation when this event occurred",
2431
+ "isDeprecated": false,
2432
+ "name": "file_operation"
2433
+ },
2266
2434
  {
2267
2435
  "deprecationReason": null,
2268
2436
  "description": null,
@@ -2295,7 +2463,7 @@
2295
2463
  },
2296
2464
  {
2297
2465
  "deprecationReason": null,
2298
- "description": null,
2466
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
2299
2467
  "isDeprecated": false,
2300
2468
  "name": "vendor"
2301
2469
  },
@@ -2336,19 +2504,19 @@
2336
2504
  "name": "recommended_actions"
2337
2505
  },
2338
2506
  {
2339
- "deprecationReason": "use src_pid instead",
2507
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2340
2508
  "description": null,
2341
2509
  "isDeprecated": true,
2342
2510
  "name": "pid"
2343
2511
  },
2344
2512
  {
2345
- "deprecationReason": "use src_process_parent_pid instead",
2513
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2346
2514
  "description": null,
2347
2515
  "isDeprecated": true,
2348
2516
  "name": "parent_pid"
2349
2517
  },
2350
2518
  {
2351
- "deprecationReason": "use src_process_path instead",
2519
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2352
2520
  "description": null,
2353
2521
  "isDeprecated": true,
2354
2522
  "name": "process_path"
@@ -2365,12 +2533,96 @@
2365
2533
  "isDeprecated": false,
2366
2534
  "name": "out_of_band_access"
2367
2535
  },
2536
+ {
2537
+ "deprecationReason": null,
2538
+ "description": "A Unique ID for the quarantined file",
2539
+ "isDeprecated": false,
2540
+ "name": "quarantine_uuid"
2541
+ },
2368
2542
  {
2369
2543
  "deprecationReason": null,
2370
2544
  "description": null,
2371
2545
  "isDeprecated": false,
2372
2546
  "name": "logged_in_user"
2373
2547
  },
2548
+ {
2549
+ "deprecationReason": null,
2550
+ "description": "The profile assigned to the endpoint upon detection of the malware",
2551
+ "isDeprecated": false,
2552
+ "name": "epp_profile"
2553
+ },
2554
+ {
2555
+ "deprecationReason": null,
2556
+ "description": "Source process ID",
2557
+ "isDeprecated": false,
2558
+ "name": "src_pid"
2559
+ },
2560
+ {
2561
+ "deprecationReason": null,
2562
+ "description": "Source process file path",
2563
+ "isDeprecated": false,
2564
+ "name": "src_process_path"
2565
+ },
2566
+ {
2567
+ "deprecationReason": null,
2568
+ "description": "Source process command line",
2569
+ "isDeprecated": false,
2570
+ "name": "src_process_cmdline"
2571
+ },
2572
+ {
2573
+ "deprecationReason": null,
2574
+ "description": "Source process parent process ID",
2575
+ "isDeprecated": false,
2576
+ "name": "src_process_parent_pid"
2577
+ },
2578
+ {
2579
+ "deprecationReason": null,
2580
+ "description": "Source process parent file path",
2581
+ "isDeprecated": false,
2582
+ "name": "src_process_parent_path"
2583
+ },
2584
+ {
2585
+ "deprecationReason": null,
2586
+ "description": "The destination process ID",
2587
+ "isDeprecated": false,
2588
+ "name": "dest_pid"
2589
+ },
2590
+ {
2591
+ "deprecationReason": null,
2592
+ "description": "Destination process file path",
2593
+ "isDeprecated": false,
2594
+ "name": "dest_process_path"
2595
+ },
2596
+ {
2597
+ "deprecationReason": null,
2598
+ "description": "Destination process command line",
2599
+ "isDeprecated": false,
2600
+ "name": "dest_process_cmdline"
2601
+ },
2602
+ {
2603
+ "deprecationReason": null,
2604
+ "description": "Destination process parent process ID",
2605
+ "isDeprecated": false,
2606
+ "name": "dest_process_parent_pid"
2607
+ },
2608
+ {
2609
+ "deprecationReason": null,
2610
+ "description": "Destination process parent file path",
2611
+ "isDeprecated": false,
2612
+ "name": "dest_process_parent_path"
2613
+ },
2614
+ {
2615
+ "deprecationReason": null,
2616
+ "description": "If policy is set to disinfect, return the result of this action",
2617
+ "isDeprecated": false,
2618
+ "name": "disinfect_result"
2619
+ },
2620
+ {
2621
+ "deprecationReason": null,
2622
+ "description": "Indicate how many processes are part of this event",
2623
+ "isDeprecated": false,
2624
+ "name": "processes_count"
2625
+ },
2374
2626
  {
2375
2627
  "deprecationReason": null,
2376
2628
  "description": "HTTP request method (ie. Get, Post)",
@@ -2445,7 +2697,7 @@
2445
2697
  },
2446
2698
  {
2447
2699
  "deprecationReason": null,
2448
- "description": "Cato App",
2700
+ "description": "Cato application name",
2449
2701
  "isDeprecated": false,
2450
2702
  "name": "cato_app"
2451
2703
  },
@@ -2499,7 +2751,7 @@
2499
2751
  },
2500
2752
  {
2501
2753
  "deprecationReason": null,
2502
- "description": "Tenant Id",
2754
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
2503
2755
  "isDeprecated": false,
2504
2756
  "name": "tenant_id"
2505
2757
  },
@@ -2559,7 +2811,7 @@
2559
2811
  },
2560
2812
  {
2561
2813
  "deprecationReason": null,
2562
- "description": "Data Classifiers",
2814
+ "description": "Defines the scanning methods used by the DLP system",
2563
2815
  "isDeprecated": false,
2564
2816
  "name": "dlp_scan_types"
2565
2817
  },
@@ -2637,7 +2889,7 @@
2637
2889
  },
2638
2890
  {
2639
2891
  "deprecationReason": null,
2640
- "description": "Used Public IP",
2892
+ "description": "Public source IP",
2641
2893
  "isDeprecated": false,
2642
2894
  "name": "public_ip"
2643
2895
  },
@@ -2808,6 +3060,54 @@
2808
3060
  "description": "Device Type",
2809
3061
  "isDeprecated": false,
2810
3062
  "name": "device_type"
3063
+ },
3064
+ {
3065
+ "deprecationReason": null,
3066
+ "description": "Tenant Restriction Rule Name",
3067
+ "isDeprecated": false,
3068
+ "name": "tenant_restriction_rule_name"
3069
+ },
3070
+ {
3071
+ "deprecationReason": null,
3072
+ "description": "Connection Origin",
3073
+ "isDeprecated": false,
3074
+ "name": "connection_origin"
3075
+ },
3076
+ {
3077
+ "deprecationReason": null,
3078
+ "description": "Translated Server IP",
3079
+ "isDeprecated": false,
3080
+ "name": "translated_server_ip"
3081
+ },
3082
+ {
3083
+ "deprecationReason": null,
3084
+ "description": "Translated Client IP",
3085
+ "isDeprecated": false,
3086
+ "name": "translated_client_ip"
3087
+ },
3088
+ {
3089
+ "deprecationReason": null,
3090
+ "description": "IoC Container Name",
3091
+ "isDeprecated": false,
3092
+ "name": "container_name"
3093
+ },
3094
+ {
3095
+ "deprecationReason": null,
3096
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
3097
+ "isDeprecated": false,
3098
+ "name": "correlation_id"
3099
+ },
3100
+ {
3101
+ "deprecationReason": null,
3102
+ "description": "Precedence",
3103
+ "isDeprecated": false,
3104
+ "name": "precedence"
3105
+ },
3106
+ {
3107
+ "deprecationReason": null,
3108
+ "description": "A list of labels providing additional context for the event",
3109
+ "isDeprecated": false,
3110
+ "name": "labels"
2811
3111
  }
2812
3112
  ],
2813
3113
  "fields": null,
@@ -3088,7 +3388,7 @@
3088
3388
  "description": null,
3089
3389
  "enumValues": [
3090
3390
  {
3091
- "deprecationReason": "use src_site_id/src_site_name instead",
3391
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3092
3392
  "description": "Name of site or user initiating the connection",
3093
3393
  "isDeprecated": true,
3094
3394
  "name": "src_site"
@@ -3112,7 +3412,7 @@
3112
3412
  "name": "user_id"
3113
3413
  },
3114
3414
  {
3115
- "deprecationReason": "use dest_site_id/dest_site_name instead",
3415
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3116
3416
  "description": "For WAN traffic, name of destination site or SDP user",
3117
3417
  "isDeprecated": true,
3118
3418
  "name": "dest_site"
@@ -3124,13 +3424,13 @@
3124
3424
  "name": "dest_site_id"
3125
3425
  },
3126
3426
  {
3127
- "deprecationReason": null,
3427
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
3128
3428
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
3129
- "isDeprecated": false,
3429
+ "isDeprecated": true,
3130
3430
  "name": "src_or_dest_site_id"
3131
3431
  },
3132
3432
  {
3133
- "deprecationReason": "use rule_name instead",
3433
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3134
3434
  "description": "Name of security rule related to the event",
3135
3435
  "isDeprecated": true,
3136
3436
  "name": "rule"
@@ -3148,7 +3448,7 @@
3148
3448
  "name": "socket_interface"
3149
3449
  },
3150
3450
  {
3151
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3451
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3152
3452
  "description": "Name for the custom category defined in the Cato Management Application",
3153
3453
  "isDeprecated": true,
3154
3454
  "name": "custom_category"
@@ -3161,7 +3461,7 @@
3161
3461
  },
3162
3462
  {
3163
3463
  "deprecationReason": null,
3164
- "description": "For Internet traffic, destination host port",
3464
+ "description": "Destination port",
3165
3465
  "isDeprecated": false,
3166
3466
  "name": "dest_port"
3167
3467
  },
@@ -3221,7 +3521,7 @@
3221
3521
  },
3222
3522
  {
3223
3523
  "deprecationReason": null,
3224
- "description": "For Internet traffic, destination host IP address",
3524
+ "description": "Destination IP address",
3225
3525
  "isDeprecated": false,
3226
3526
  "name": "dest_ip"
3227
3527
  },
@@ -3298,7 +3598,7 @@
3298
3598
  "name": "configured_host_name"
3299
3599
  },
3300
3600
  {
3301
- "deprecationReason": "use event_id instead",
3601
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
3302
3602
  "description": "Cato Internal-use only",
3303
3603
  "isDeprecated": true,
3304
3604
  "name": "internalId"
@@ -3370,9 +3670,9 @@
3370
3670
  "name": "bgp_error_code"
3371
3671
  },
3372
3672
  {
3373
- "deprecationReason": null,
3673
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
3374
3674
  "description": "Description from Cato Management Application for BGP peer",
3375
- "isDeprecated": false,
3675
+ "isDeprecated": true,
3376
3676
  "name": "bgp_peer_description"
3377
3677
  },
3378
3678
  {
@@ -3437,7 +3737,7 @@
3437
3737
  },
3438
3738
  {
3439
3739
  "deprecationReason": null,
3440
- "description": "Data that measures the latency for a specific link",
3740
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
3441
3741
  "isDeprecated": false,
3442
3742
  "name": "link_health_latency"
3443
3743
  },
@@ -3592,14 +3892,14 @@
3592
3892
  "name": "incident_id"
3593
3893
  },
3594
3894
  {
3595
- "deprecationReason": "use application_id/application_name instead",
3895
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3596
3896
  "description": "For Internet firewall, app for this event",
3597
3897
  "isDeprecated": true,
3598
3898
  "name": "application"
3599
3899
  },
3600
3900
  {
3601
3901
  "deprecationReason": null,
3602
- "description": "Application of the flow",
3902
+ "description": "The name of the application associated with the flow",
3603
3903
  "isDeprecated": false,
3604
3904
  "name": "application_name"
3605
3905
  },
@@ -3622,7 +3922,7 @@
3622
3922
  "name": "socket_interface_id"
3623
3923
  },
3624
3924
  {
3625
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3925
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3626
3926
  "description": "Unique Cato ID for the custom category",
3627
3927
  "isDeprecated": true,
3628
3928
  "name": "custom_categories"
@@ -3701,7 +4001,7 @@
3701
4001
  },
3702
4002
  {
3703
4003
  "deprecationReason": null,
3704
- "description": "For Internet traffic, destination host IP address",
4004
+ "description": "The name of the destination site",
3705
4005
  "isDeprecated": false,
3706
4006
  "name": "dest_site_name"
3707
4007
  },
@@ -3760,7 +4060,7 @@
3760
4060
  "name": "device_posture_profile"
3761
4061
  },
3762
4062
  {
3763
- "deprecationReason": "use device_posture_profile instead",
4063
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
3764
4064
  "description": "Device posture profiles",
3765
4065
  "isDeprecated": true,
3766
4066
  "name": "device_posture_profiles"
@@ -3833,7 +4133,7 @@
3833
4133
  },
3834
4134
  {
3835
4135
  "deprecationReason": null,
3836
- "description": "DLP fail mode",
4136
+ "description": "Describes the behavior when the DLP system encounters a failure",
3837
4137
  "isDeprecated": false,
3838
4138
  "name": "dlp_fail_mode"
3839
4139
  },
@@ -3891,6 +4191,24 @@
3891
4191
  "isDeprecated": false,
3892
4192
  "name": "is_sinkhole"
3893
4193
  },
4194
+ {
4195
+ "deprecationReason": null,
4196
+ "description": "The ID for the endpoint",
4197
+ "isDeprecated": false,
4198
+ "name": "endpoint_id"
4199
+ },
4200
+ {
4201
+ "deprecationReason": null,
4202
+ "description": "The Endpoint Protection Engine that detected the malware",
4203
+ "isDeprecated": false,
4204
+ "name": "epp_engine_type"
4205
+ },
4206
+ {
4207
+ "deprecationReason": null,
4208
+ "description": "The file operation when this event occurred",
4209
+ "isDeprecated": false,
4210
+ "name": "file_operation"
4211
+ },
3894
4212
  {
3895
4213
  "deprecationReason": null,
3896
4214
  "description": null,
@@ -3923,7 +4241,7 @@
3923
4241
  },
3924
4242
  {
3925
4243
  "deprecationReason": null,
3926
- "description": null,
4244
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
3927
4245
  "isDeprecated": false,
3928
4246
  "name": "vendor"
3929
4247
  },
@@ -3964,19 +4282,19 @@
3964
4282
  "name": "recommended_actions"
3965
4283
  },
3966
4284
  {
3967
- "deprecationReason": "use src_pid instead",
4285
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3968
4286
  "description": null,
3969
4287
  "isDeprecated": true,
3970
4288
  "name": "pid"
3971
4289
  },
3972
4290
  {
3973
- "deprecationReason": "use src_process_parent_pid instead",
4291
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3974
4292
  "description": null,
3975
4293
  "isDeprecated": true,
3976
4294
  "name": "parent_pid"
3977
4295
  },
3978
4296
  {
3979
- "deprecationReason": "use src_process_path instead",
4297
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
3980
4298
  "description": null,
3981
4299
  "isDeprecated": true,
3982
4300
  "name": "process_path"
@@ -3993,6 +4311,12 @@
3993
4311
  "isDeprecated": false,
3994
4312
  "name": "out_of_band_access"
3995
4313
  },
4314
+ {
4315
+ "deprecationReason": null,
4316
+ "description": "A Unique ID for the quarantined file",
4317
+ "isDeprecated": false,
4318
+ "name": "quarantine_uuid"
4319
+ },
3996
4320
  {
3997
4321
  "deprecationReason": null,
3998
4322
  "description": null,
@@ -4001,61 +4325,139 @@
4001
4325
  },
4002
4326
  {
4003
4327
  "deprecationReason": null,
4004
- "description": "HTTP request method (ie. Get, Post)",
4328
+ "description": "The profile assigned to the endpoint upon detection of the malware",
4005
4329
  "isDeprecated": false,
4006
- "name": "http_request_method"
4330
+ "name": "epp_profile"
4007
4331
  },
4008
4332
  {
4009
4333
  "deprecationReason": null,
4010
- "description": "XFF HTTP header indicates the original IP address for the connections",
4334
+ "description": "Source process ID",
4011
4335
  "isDeprecated": false,
4012
- "name": "xff"
4336
+ "name": "src_pid"
4013
4337
  },
4014
4338
  {
4015
4339
  "deprecationReason": null,
4016
- "description": "Domain queried in the DNS request",
4340
+ "description": "Source process file path",
4017
4341
  "isDeprecated": false,
4018
- "name": "dns_query"
4342
+ "name": "src_process_path"
4019
4343
  },
4020
4344
  {
4021
4345
  "deprecationReason": null,
4022
- "description": "Name defined for the public API Key in the Cato Management Application",
4346
+ "description": "Source process command line",
4023
4347
  "isDeprecated": false,
4024
- "name": "key_name"
4348
+ "name": "src_process_cmdline"
4025
4349
  },
4026
4350
  {
4027
4351
  "deprecationReason": null,
4028
- "description": null,
4352
+ "description": "Source process parent process ID",
4029
4353
  "isDeprecated": false,
4030
- "name": "api_type"
4354
+ "name": "src_process_parent_pid"
4031
4355
  },
4032
4356
  {
4033
4357
  "deprecationReason": null,
4034
- "description": null,
4358
+ "description": "Source process parent file path",
4035
4359
  "isDeprecated": false,
4036
- "name": "api_name"
4360
+ "name": "src_process_parent_path"
4037
4361
  },
4038
4362
  {
4039
4363
  "deprecationReason": null,
4040
- "description": "Related Apps",
4364
+ "description": "The destination process ID",
4041
4365
  "isDeprecated": false,
4042
- "name": "app_stack"
4366
+ "name": "dest_pid"
4043
4367
  },
4044
4368
  {
4045
4369
  "deprecationReason": null,
4046
- "description": "TLS Inspection rule name",
4370
+ "description": "Destination process file path",
4047
4371
  "isDeprecated": false,
4048
- "name": "tls_rule_name"
4372
+ "name": "dest_process_path"
4049
4373
  },
4050
4374
  {
4051
4375
  "deprecationReason": null,
4052
- "description": "TLS Certificate Error",
4376
+ "description": "Destination process command line",
4053
4377
  "isDeprecated": false,
4054
- "name": "tls_certificate_error"
4378
+ "name": "dest_process_cmdline"
4055
4379
  },
4056
4380
  {
4057
4381
  "deprecationReason": null,
4058
- "description": "TLS Version",
4382
+ "description": "Destination process parent process ID",
4383
+ "isDeprecated": false,
4384
+ "name": "dest_process_parent_pid"
4385
+ },
4386
+ {
4387
+ "deprecationReason": null,
4388
+ "description": "Destination process parent file path",
4389
+ "isDeprecated": false,
4390
+ "name": "dest_process_parent_path"
4391
+ },
4392
+ {
4393
+ "deprecationReason": null,
4394
+ "description": "If policy is set to disinfect, return the result of this action",
4395
+ "isDeprecated": false,
4396
+ "name": "disinfect_result"
4397
+ },
4398
+ {
4399
+ "deprecationReason": null,
4400
+ "description": "Indicate how many processes are part of this event",
4401
+ "isDeprecated": false,
4402
+ "name": "processes_count"
4403
+ },
4404
+ {
4405
+ "deprecationReason": null,
4406
+ "description": "HTTP request method (ie. Get, Post)",
4407
+ "isDeprecated": false,
4408
+ "name": "http_request_method"
4409
+ },
4410
+ {
4411
+ "deprecationReason": null,
4412
+ "description": "XFF HTTP header indicates the original IP address for the connections",
4413
+ "isDeprecated": false,
4414
+ "name": "xff"
4415
+ },
4416
+ {
4417
+ "deprecationReason": null,
4418
+ "description": "Domain queried in the DNS request",
4419
+ "isDeprecated": false,
4420
+ "name": "dns_query"
4421
+ },
4422
+ {
4423
+ "deprecationReason": null,
4424
+ "description": "Name defined for the public API Key in the Cato Management Application",
4425
+ "isDeprecated": false,
4426
+ "name": "key_name"
4427
+ },
4428
+ {
4429
+ "deprecationReason": null,
4430
+ "description": null,
4431
+ "isDeprecated": false,
4432
+ "name": "api_type"
4433
+ },
4434
+ {
4435
+ "deprecationReason": null,
4436
+ "description": null,
4437
+ "isDeprecated": false,
4438
+ "name": "api_name"
4439
+ },
4440
+ {
4441
+ "deprecationReason": null,
4442
+ "description": "Related Apps",
4443
+ "isDeprecated": false,
4444
+ "name": "app_stack"
4445
+ },
4446
+ {
4447
+ "deprecationReason": null,
4448
+ "description": "TLS Inspection rule name",
4449
+ "isDeprecated": false,
4450
+ "name": "tls_rule_name"
4451
+ },
4452
+ {
4453
+ "deprecationReason": null,
4454
+ "description": "TLS Certificate Error",
4455
+ "isDeprecated": false,
4456
+ "name": "tls_certificate_error"
4457
+ },
4458
+ {
4459
+ "deprecationReason": null,
4460
+ "description": "TLS Version",
4059
4461
  "isDeprecated": false,
4060
4462
  "name": "tls_version"
4061
4463
  },
@@ -4073,7 +4475,7 @@
4073
4475
  },
4074
4476
  {
4075
4477
  "deprecationReason": null,
4076
- "description": "Cato App",
4478
+ "description": "Cato application name",
4077
4479
  "isDeprecated": false,
4078
4480
  "name": "cato_app"
4079
4481
  },
@@ -4127,7 +4529,7 @@
4127
4529
  },
4128
4530
  {
4129
4531
  "deprecationReason": null,
4130
- "description": "Tenant Id",
4532
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
4131
4533
  "isDeprecated": false,
4132
4534
  "name": "tenant_id"
4133
4535
  },
@@ -4187,7 +4589,7 @@
4187
4589
  },
4188
4590
  {
4189
4591
  "deprecationReason": null,
4190
- "description": "Data Classifiers",
4592
+ "description": "Defines the scanning methods used by the DLP system",
4191
4593
  "isDeprecated": false,
4192
4594
  "name": "dlp_scan_types"
4193
4595
  },
@@ -4265,7 +4667,7 @@
4265
4667
  },
4266
4668
  {
4267
4669
  "deprecationReason": null,
4268
- "description": "Used Public IP",
4670
+ "description": "Public source IP",
4269
4671
  "isDeprecated": false,
4270
4672
  "name": "public_ip"
4271
4673
  },
@@ -4436,6 +4838,54 @@
4436
4838
  "description": "Device Type",
4437
4839
  "isDeprecated": false,
4438
4840
  "name": "device_type"
4841
+ },
4842
+ {
4843
+ "deprecationReason": null,
4844
+ "description": "Tenant Restriction Rule Name",
4845
+ "isDeprecated": false,
4846
+ "name": "tenant_restriction_rule_name"
4847
+ },
4848
+ {
4849
+ "deprecationReason": null,
4850
+ "description": "Connection Origin",
4851
+ "isDeprecated": false,
4852
+ "name": "connection_origin"
4853
+ },
4854
+ {
4855
+ "deprecationReason": null,
4856
+ "description": "Translated Server IP",
4857
+ "isDeprecated": false,
4858
+ "name": "translated_server_ip"
4859
+ },
4860
+ {
4861
+ "deprecationReason": null,
4862
+ "description": "Translated Client IP",
4863
+ "isDeprecated": false,
4864
+ "name": "translated_client_ip"
4865
+ },
4866
+ {
4867
+ "deprecationReason": null,
4868
+ "description": "IoC Container Name",
4869
+ "isDeprecated": false,
4870
+ "name": "container_name"
4871
+ },
4872
+ {
4873
+ "deprecationReason": null,
4874
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
4875
+ "isDeprecated": false,
4876
+ "name": "correlation_id"
4877
+ },
4878
+ {
4879
+ "deprecationReason": null,
4880
+ "description": "Precedence",
4881
+ "isDeprecated": false,
4882
+ "name": "precedence"
4883
+ },
4884
+ {
4885
+ "deprecationReason": null,
4886
+ "description": "A list of labels providing additional context for the event",
4887
+ "isDeprecated": false,
4888
+ "name": "labels"
4439
4889
  }
4440
4890
  ],
4441
4891
  "fields": null,
@@ -4518,7 +4968,7 @@
4518
4968
  "description": null,
4519
4969
  "enumValues": [
4520
4970
  {
4521
- "deprecationReason": "use src_site_id/src_site_name instead",
4971
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4522
4972
  "description": "Name of site or user initiating the connection",
4523
4973
  "isDeprecated": true,
4524
4974
  "name": "src_site"
@@ -4542,7 +4992,7 @@
4542
4992
  "name": "user_id"
4543
4993
  },
4544
4994
  {
4545
- "deprecationReason": "use dest_site_id/dest_site_name instead",
4995
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4546
4996
  "description": "For WAN traffic, name of destination site or SDP user",
4547
4997
  "isDeprecated": true,
4548
4998
  "name": "dest_site"
@@ -4554,13 +5004,13 @@
4554
5004
  "name": "dest_site_id"
4555
5005
  },
4556
5006
  {
4557
- "deprecationReason": null,
5007
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
4558
5008
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
4559
- "isDeprecated": false,
5009
+ "isDeprecated": true,
4560
5010
  "name": "src_or_dest_site_id"
4561
5011
  },
4562
5012
  {
4563
- "deprecationReason": "use rule_name instead",
5013
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4564
5014
  "description": "Name of security rule related to the event",
4565
5015
  "isDeprecated": true,
4566
5016
  "name": "rule"
@@ -4578,7 +5028,7 @@
4578
5028
  "name": "socket_interface"
4579
5029
  },
4580
5030
  {
4581
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5031
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4582
5032
  "description": "Name for the custom category defined in the Cato Management Application",
4583
5033
  "isDeprecated": true,
4584
5034
  "name": "custom_category"
@@ -4591,7 +5041,7 @@
4591
5041
  },
4592
5042
  {
4593
5043
  "deprecationReason": null,
4594
- "description": "For Internet traffic, destination host port",
5044
+ "description": "Destination port",
4595
5045
  "isDeprecated": false,
4596
5046
  "name": "dest_port"
4597
5047
  },
@@ -4651,7 +5101,7 @@
4651
5101
  },
4652
5102
  {
4653
5103
  "deprecationReason": null,
4654
- "description": "For Internet traffic, destination host IP address",
5104
+ "description": "Destination IP address",
4655
5105
  "isDeprecated": false,
4656
5106
  "name": "dest_ip"
4657
5107
  },
@@ -4728,7 +5178,7 @@
4728
5178
  "name": "configured_host_name"
4729
5179
  },
4730
5180
  {
4731
- "deprecationReason": "use event_id instead",
5181
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
4732
5182
  "description": "Cato Internal-use only",
4733
5183
  "isDeprecated": true,
4734
5184
  "name": "internalId"
@@ -4800,9 +5250,9 @@
4800
5250
  "name": "bgp_error_code"
4801
5251
  },
4802
5252
  {
4803
- "deprecationReason": null,
5253
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
4804
5254
  "description": "Description from Cato Management Application for BGP peer",
4805
- "isDeprecated": false,
5255
+ "isDeprecated": true,
4806
5256
  "name": "bgp_peer_description"
4807
5257
  },
4808
5258
  {
@@ -4867,7 +5317,7 @@
4867
5317
  },
4868
5318
  {
4869
5319
  "deprecationReason": null,
4870
- "description": "Data that measures the latency for a specific link",
5320
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
4871
5321
  "isDeprecated": false,
4872
5322
  "name": "link_health_latency"
4873
5323
  },
@@ -5022,14 +5472,14 @@
5022
5472
  "name": "incident_id"
5023
5473
  },
5024
5474
  {
5025
- "deprecationReason": "use application_id/application_name instead",
5475
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5026
5476
  "description": "For Internet firewall, app for this event",
5027
5477
  "isDeprecated": true,
5028
5478
  "name": "application"
5029
5479
  },
5030
5480
  {
5031
5481
  "deprecationReason": null,
5032
- "description": "Application of the flow",
5482
+ "description": "The name of the application associated with the flow",
5033
5483
  "isDeprecated": false,
5034
5484
  "name": "application_name"
5035
5485
  },
@@ -5052,7 +5502,7 @@
5052
5502
  "name": "socket_interface_id"
5053
5503
  },
5054
5504
  {
5055
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5505
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5056
5506
  "description": "Unique Cato ID for the custom category",
5057
5507
  "isDeprecated": true,
5058
5508
  "name": "custom_categories"
@@ -5131,7 +5581,7 @@
5131
5581
  },
5132
5582
  {
5133
5583
  "deprecationReason": null,
5134
- "description": "For Internet traffic, destination host IP address",
5584
+ "description": "The name of the destination site",
5135
5585
  "isDeprecated": false,
5136
5586
  "name": "dest_site_name"
5137
5587
  },
@@ -5190,7 +5640,7 @@
5190
5640
  "name": "device_posture_profile"
5191
5641
  },
5192
5642
  {
5193
- "deprecationReason": "use device_posture_profile instead",
5643
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
5194
5644
  "description": "Device posture profiles",
5195
5645
  "isDeprecated": true,
5196
5646
  "name": "device_posture_profiles"
@@ -5263,7 +5713,7 @@
5263
5713
  },
5264
5714
  {
5265
5715
  "deprecationReason": null,
5266
- "description": "DLP fail mode",
5716
+ "description": "Describes the behavior when the DLP system encounters a failure",
5267
5717
  "isDeprecated": false,
5268
5718
  "name": "dlp_fail_mode"
5269
5719
  },
@@ -5321,6 +5771,24 @@
5321
5771
  "isDeprecated": false,
5322
5772
  "name": "is_sinkhole"
5323
5773
  },
5774
+ {
5775
+ "deprecationReason": null,
5776
+ "description": "The ID for the endpoint",
5777
+ "isDeprecated": false,
5778
+ "name": "endpoint_id"
5779
+ },
5780
+ {
5781
+ "deprecationReason": null,
5782
+ "description": "The Endpoint Protection Engine that detected the malware",
5783
+ "isDeprecated": false,
5784
+ "name": "epp_engine_type"
5785
+ },
5786
+ {
5787
+ "deprecationReason": null,
5788
+ "description": "The file operation when this event occurred",
5789
+ "isDeprecated": false,
5790
+ "name": "file_operation"
5791
+ },
5324
5792
  {
5325
5793
  "deprecationReason": null,
5326
5794
  "description": null,
@@ -5353,7 +5821,7 @@
5353
5821
  },
5354
5822
  {
5355
5823
  "deprecationReason": null,
5356
- "description": null,
5824
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
5357
5825
  "isDeprecated": false,
5358
5826
  "name": "vendor"
5359
5827
  },
@@ -5394,19 +5862,19 @@
5394
5862
  "name": "recommended_actions"
5395
5863
  },
5396
5864
  {
5397
- "deprecationReason": "use src_pid instead",
5865
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5398
5866
  "description": null,
5399
5867
  "isDeprecated": true,
5400
5868
  "name": "pid"
5401
5869
  },
5402
5870
  {
5403
- "deprecationReason": "use src_process_parent_pid instead",
5871
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5404
5872
  "description": null,
5405
5873
  "isDeprecated": true,
5406
5874
  "name": "parent_pid"
5407
5875
  },
5408
5876
  {
5409
- "deprecationReason": "use src_process_path instead",
5877
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
5410
5878
  "description": null,
5411
5879
  "isDeprecated": true,
5412
5880
  "name": "process_path"
@@ -5423,12 +5891,96 @@
5423
5891
  "isDeprecated": false,
5424
5892
  "name": "out_of_band_access"
5425
5893
  },
5894
+ {
5895
+ "deprecationReason": null,
5896
+ "description": "A Unique ID for the quarantined file",
5897
+ "isDeprecated": false,
5898
+ "name": "quarantine_uuid"
5899
+ },
5426
5900
  {
5427
5901
  "deprecationReason": null,
5428
5902
  "description": null,
5429
5903
  "isDeprecated": false,
5430
5904
  "name": "logged_in_user"
5431
5905
  },
5906
+ {
5907
+ "deprecationReason": null,
5908
+ "description": "The profile assigned to the endpoint upon detection of the malware",
5909
+ "isDeprecated": false,
5910
+ "name": "epp_profile"
5911
+ },
5912
+ {
5913
+ "deprecationReason": null,
5914
+ "description": "Source process ID",
5915
+ "isDeprecated": false,
5916
+ "name": "src_pid"
5917
+ },
5918
+ {
5919
+ "deprecationReason": null,
5920
+ "description": "Source process file path",
5921
+ "isDeprecated": false,
5922
+ "name": "src_process_path"
5923
+ },
5924
+ {
5925
+ "deprecationReason": null,
5926
+ "description": "Source process command line",
5927
+ "isDeprecated": false,
5928
+ "name": "src_process_cmdline"
5929
+ },
5930
+ {
5931
+ "deprecationReason": null,
5932
+ "description": "Source process parent process ID",
5933
+ "isDeprecated": false,
5934
+ "name": "src_process_parent_pid"
5935
+ },
5936
+ {
5937
+ "deprecationReason": null,
5938
+ "description": "Source process parent file path",
5939
+ "isDeprecated": false,
5940
+ "name": "src_process_parent_path"
5941
+ },
5942
+ {
5943
+ "deprecationReason": null,
5944
+ "description": "The destination process ID",
5945
+ "isDeprecated": false,
5946
+ "name": "dest_pid"
5947
+ },
5948
+ {
5949
+ "deprecationReason": null,
5950
+ "description": "Destination process file path",
5951
+ "isDeprecated": false,
5952
+ "name": "dest_process_path"
5953
+ },
5954
+ {
5955
+ "deprecationReason": null,
5956
+ "description": "Destination process command line",
5957
+ "isDeprecated": false,
5958
+ "name": "dest_process_cmdline"
5959
+ },
5960
+ {
5961
+ "deprecationReason": null,
5962
+ "description": "Destination process parent process ID",
5963
+ "isDeprecated": false,
5964
+ "name": "dest_process_parent_pid"
5965
+ },
5966
+ {
5967
+ "deprecationReason": null,
5968
+ "description": "Destination process parent file path",
5969
+ "isDeprecated": false,
5970
+ "name": "dest_process_parent_path"
5971
+ },
5972
+ {
5973
+ "deprecationReason": null,
5974
+ "description": "If policy is set to disinfect, return the result of this action",
5975
+ "isDeprecated": false,
5976
+ "name": "disinfect_result"
5977
+ },
5978
+ {
5979
+ "deprecationReason": null,
5980
+ "description": "Indicate how many processes are part of this event",
5981
+ "isDeprecated": false,
5982
+ "name": "processes_count"
5983
+ },
5432
5984
  {
5433
5985
  "deprecationReason": null,
5434
5986
  "description": "HTTP request method (ie. Get, Post)",
@@ -5503,7 +6055,7 @@
5503
6055
  },
5504
6056
  {
5505
6057
  "deprecationReason": null,
5506
- "description": "Cato App",
6058
+ "description": "Cato application name",
5507
6059
  "isDeprecated": false,
5508
6060
  "name": "cato_app"
5509
6061
  },
@@ -5557,7 +6109,7 @@
5557
6109
  },
5558
6110
  {
5559
6111
  "deprecationReason": null,
5560
- "description": "Tenant Id",
6112
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
5561
6113
  "isDeprecated": false,
5562
6114
  "name": "tenant_id"
5563
6115
  },
@@ -5617,7 +6169,7 @@
5617
6169
  },
5618
6170
  {
5619
6171
  "deprecationReason": null,
5620
- "description": "Data Classifiers",
6172
+ "description": "Defines the scanning methods used by the DLP system",
5621
6173
  "isDeprecated": false,
5622
6174
  "name": "dlp_scan_types"
5623
6175
  },
@@ -5695,7 +6247,7 @@
5695
6247
  },
5696
6248
  {
5697
6249
  "deprecationReason": null,
5698
- "description": "Used Public IP",
6250
+ "description": "Public source IP",
5699
6251
  "isDeprecated": false,
5700
6252
  "name": "public_ip"
5701
6253
  },
@@ -5866,6 +6418,54 @@
5866
6418
  "description": "Device Type",
5867
6419
  "isDeprecated": false,
5868
6420
  "name": "device_type"
6421
+ },
6422
+ {
6423
+ "deprecationReason": null,
6424
+ "description": "Tenant Restriction Rule Name",
6425
+ "isDeprecated": false,
6426
+ "name": "tenant_restriction_rule_name"
6427
+ },
6428
+ {
6429
+ "deprecationReason": null,
6430
+ "description": "Connection Origin",
6431
+ "isDeprecated": false,
6432
+ "name": "connection_origin"
6433
+ },
6434
+ {
6435
+ "deprecationReason": null,
6436
+ "description": "Translated Server IP",
6437
+ "isDeprecated": false,
6438
+ "name": "translated_server_ip"
6439
+ },
6440
+ {
6441
+ "deprecationReason": null,
6442
+ "description": "Translated Client IP",
6443
+ "isDeprecated": false,
6444
+ "name": "translated_client_ip"
6445
+ },
6446
+ {
6447
+ "deprecationReason": null,
6448
+ "description": "IoC Container Name",
6449
+ "isDeprecated": false,
6450
+ "name": "container_name"
6451
+ },
6452
+ {
6453
+ "deprecationReason": null,
6454
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
6455
+ "isDeprecated": false,
6456
+ "name": "correlation_id"
6457
+ },
6458
+ {
6459
+ "deprecationReason": null,
6460
+ "description": "Precedence",
6461
+ "isDeprecated": false,
6462
+ "name": "precedence"
6463
+ },
6464
+ {
6465
+ "deprecationReason": null,
6466
+ "description": "A list of labels providing additional context for the event",
6467
+ "isDeprecated": false,
6468
+ "name": "labels"
5869
6469
  }
5870
6470
  ],
5871
6471
  "fields": null,
@@ -5966,7 +6566,7 @@
5966
6566
  }
5967
6567
  },
5968
6568
  "deprecationReason": null,
5969
- "description": "BETA",
6569
+ "description": null,
5970
6570
  "fieldTypes": {
5971
6571
  "EventsRecord": true
5972
6572
  },
@@ -6021,7 +6621,7 @@
6021
6621
  "description": null,
6022
6622
  "enumValues": [
6023
6623
  {
6024
- "deprecationReason": "use src_site_id/src_site_name instead",
6624
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6025
6625
  "description": "Name of site or user initiating the connection",
6026
6626
  "isDeprecated": true,
6027
6627
  "name": "src_site"
@@ -6045,7 +6645,7 @@
6045
6645
  "name": "user_id"
6046
6646
  },
6047
6647
  {
6048
- "deprecationReason": "use dest_site_id/dest_site_name instead",
6648
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6049
6649
  "description": "For WAN traffic, name of destination site or SDP user",
6050
6650
  "isDeprecated": true,
6051
6651
  "name": "dest_site"
@@ -6057,13 +6657,13 @@
6057
6657
  "name": "dest_site_id"
6058
6658
  },
6059
6659
  {
6060
- "deprecationReason": null,
6660
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
6061
6661
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
6062
- "isDeprecated": false,
6662
+ "isDeprecated": true,
6063
6663
  "name": "src_or_dest_site_id"
6064
6664
  },
6065
6665
  {
6066
- "deprecationReason": "use rule_name instead",
6666
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6067
6667
  "description": "Name of security rule related to the event",
6068
6668
  "isDeprecated": true,
6069
6669
  "name": "rule"
@@ -6081,7 +6681,7 @@
6081
6681
  "name": "socket_interface"
6082
6682
  },
6083
6683
  {
6084
- "deprecationReason": "use custom_category_id/custom_category_name instead",
6684
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6085
6685
  "description": "Name for the custom category defined in the Cato Management Application",
6086
6686
  "isDeprecated": true,
6087
6687
  "name": "custom_category"
@@ -6094,7 +6694,7 @@
6094
6694
  },
6095
6695
  {
6096
6696
  "deprecationReason": null,
6097
- "description": "For Internet traffic, destination host port",
6697
+ "description": "Destination port",
6098
6698
  "isDeprecated": false,
6099
6699
  "name": "dest_port"
6100
6700
  },
@@ -6154,7 +6754,7 @@
6154
6754
  },
6155
6755
  {
6156
6756
  "deprecationReason": null,
6157
- "description": "For Internet traffic, destination host IP address",
6757
+ "description": "Destination IP address",
6158
6758
  "isDeprecated": false,
6159
6759
  "name": "dest_ip"
6160
6760
  },
@@ -6231,7 +6831,7 @@
6231
6831
  "name": "configured_host_name"
6232
6832
  },
6233
6833
  {
6234
- "deprecationReason": "use event_id instead",
6834
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
6235
6835
  "description": "Cato Internal-use only",
6236
6836
  "isDeprecated": true,
6237
6837
  "name": "internalId"
@@ -6303,9 +6903,9 @@
6303
6903
  "name": "bgp_error_code"
6304
6904
  },
6305
6905
  {
6306
- "deprecationReason": null,
6906
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
6307
6907
  "description": "Description from Cato Management Application for BGP peer",
6308
- "isDeprecated": false,
6908
+ "isDeprecated": true,
6309
6909
  "name": "bgp_peer_description"
6310
6910
  },
6311
6911
  {
@@ -6370,7 +6970,7 @@
6370
6970
  },
6371
6971
  {
6372
6972
  "deprecationReason": null,
6373
- "description": "Data that measures the latency for a specific link",
6973
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
6374
6974
  "isDeprecated": false,
6375
6975
  "name": "link_health_latency"
6376
6976
  },
@@ -6525,14 +7125,14 @@
6525
7125
  "name": "incident_id"
6526
7126
  },
6527
7127
  {
6528
- "deprecationReason": "use application_id/application_name instead",
7128
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6529
7129
  "description": "For Internet firewall, app for this event",
6530
7130
  "isDeprecated": true,
6531
7131
  "name": "application"
6532
7132
  },
6533
7133
  {
6534
7134
  "deprecationReason": null,
6535
- "description": "Application of the flow",
7135
+ "description": "The name of the application associated with the flow",
6536
7136
  "isDeprecated": false,
6537
7137
  "name": "application_name"
6538
7138
  },
@@ -6555,7 +7155,7 @@
6555
7155
  "name": "socket_interface_id"
6556
7156
  },
6557
7157
  {
6558
- "deprecationReason": "use custom_category_id/custom_category_name instead",
7158
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6559
7159
  "description": "Unique Cato ID for the custom category",
6560
7160
  "isDeprecated": true,
6561
7161
  "name": "custom_categories"
@@ -6634,7 +7234,7 @@
6634
7234
  },
6635
7235
  {
6636
7236
  "deprecationReason": null,
6637
- "description": "For Internet traffic, destination host IP address",
7237
+ "description": "The name of the destination site",
6638
7238
  "isDeprecated": false,
6639
7239
  "name": "dest_site_name"
6640
7240
  },
@@ -6693,7 +7293,7 @@
6693
7293
  "name": "device_posture_profile"
6694
7294
  },
6695
7295
  {
6696
- "deprecationReason": "use device_posture_profile instead",
7296
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
6697
7297
  "description": "Device posture profiles",
6698
7298
  "isDeprecated": true,
6699
7299
  "name": "device_posture_profiles"
@@ -6766,7 +7366,7 @@
6766
7366
  },
6767
7367
  {
6768
7368
  "deprecationReason": null,
6769
- "description": "DLP fail mode",
7369
+ "description": "Describes the behavior when the DLP system encounters a failure",
6770
7370
  "isDeprecated": false,
6771
7371
  "name": "dlp_fail_mode"
6772
7372
  },
@@ -6824,6 +7424,24 @@
6824
7424
  "isDeprecated": false,
6825
7425
  "name": "is_sinkhole"
6826
7426
  },
7427
+ {
7428
+ "deprecationReason": null,
7429
+ "description": "The ID for the endpoint",
7430
+ "isDeprecated": false,
7431
+ "name": "endpoint_id"
7432
+ },
7433
+ {
7434
+ "deprecationReason": null,
7435
+ "description": "The Endpoint Protection Engine that detected the malware",
7436
+ "isDeprecated": false,
7437
+ "name": "epp_engine_type"
7438
+ },
7439
+ {
7440
+ "deprecationReason": null,
7441
+ "description": "The file operation when this event occurred",
7442
+ "isDeprecated": false,
7443
+ "name": "file_operation"
7444
+ },
6827
7445
  {
6828
7446
  "deprecationReason": null,
6829
7447
  "description": null,
@@ -6856,7 +7474,7 @@
6856
7474
  },
6857
7475
  {
6858
7476
  "deprecationReason": null,
6859
- "description": null,
7477
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
6860
7478
  "isDeprecated": false,
6861
7479
  "name": "vendor"
6862
7480
  },
@@ -6897,19 +7515,19 @@
6897
7515
  "name": "recommended_actions"
6898
7516
  },
6899
7517
  {
6900
- "deprecationReason": "use src_pid instead",
7518
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6901
7519
  "description": null,
6902
7520
  "isDeprecated": true,
6903
7521
  "name": "pid"
6904
7522
  },
6905
7523
  {
6906
- "deprecationReason": "use src_process_parent_pid instead",
7524
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6907
7525
  "description": null,
6908
7526
  "isDeprecated": true,
6909
7527
  "name": "parent_pid"
6910
7528
  },
6911
7529
  {
6912
- "deprecationReason": "use src_process_path instead",
7530
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
6913
7531
  "description": null,
6914
7532
  "isDeprecated": true,
6915
7533
  "name": "process_path"
@@ -6926,12 +7544,96 @@
6926
7544
  "isDeprecated": false,
6927
7545
  "name": "out_of_band_access"
6928
7546
  },
7547
+ {
7548
+ "deprecationReason": null,
7549
+ "description": "A Unique ID for the quarantined file",
7550
+ "isDeprecated": false,
7551
+ "name": "quarantine_uuid"
7552
+ },
6929
7553
  {
6930
7554
  "deprecationReason": null,
6931
7555
  "description": null,
6932
7556
  "isDeprecated": false,
6933
7557
  "name": "logged_in_user"
6934
7558
  },
7559
+ {
7560
+ "deprecationReason": null,
7561
+ "description": "The profile assigned to the endpoint upon detection of the malware",
7562
+ "isDeprecated": false,
7563
+ "name": "epp_profile"
7564
+ },
7565
+ {
7566
+ "deprecationReason": null,
7567
+ "description": "Source process ID",
7568
+ "isDeprecated": false,
7569
+ "name": "src_pid"
7570
+ },
7571
+ {
7572
+ "deprecationReason": null,
7573
+ "description": "Source process file path",
7574
+ "isDeprecated": false,
7575
+ "name": "src_process_path"
7576
+ },
7577
+ {
7578
+ "deprecationReason": null,
7579
+ "description": "Source process command line",
7580
+ "isDeprecated": false,
7581
+ "name": "src_process_cmdline"
7582
+ },
7583
+ {
7584
+ "deprecationReason": null,
7585
+ "description": "Source process parent process ID",
7586
+ "isDeprecated": false,
7587
+ "name": "src_process_parent_pid"
7588
+ },
7589
+ {
7590
+ "deprecationReason": null,
7591
+ "description": "Source process parent file path",
7592
+ "isDeprecated": false,
7593
+ "name": "src_process_parent_path"
7594
+ },
7595
+ {
7596
+ "deprecationReason": null,
7597
+ "description": "The destination process ID",
7598
+ "isDeprecated": false,
7599
+ "name": "dest_pid"
7600
+ },
7601
+ {
7602
+ "deprecationReason": null,
7603
+ "description": "Destination process file path",
7604
+ "isDeprecated": false,
7605
+ "name": "dest_process_path"
7606
+ },
7607
+ {
7608
+ "deprecationReason": null,
7609
+ "description": "Destination process command line",
7610
+ "isDeprecated": false,
7611
+ "name": "dest_process_cmdline"
7612
+ },
7613
+ {
7614
+ "deprecationReason": null,
7615
+ "description": "Destination process parent process ID",
7616
+ "isDeprecated": false,
7617
+ "name": "dest_process_parent_pid"
7618
+ },
7619
+ {
7620
+ "deprecationReason": null,
7621
+ "description": "Destination process parent file path",
7622
+ "isDeprecated": false,
7623
+ "name": "dest_process_parent_path"
7624
+ },
7625
+ {
7626
+ "deprecationReason": null,
7627
+ "description": "If policy is set to disinfect, return the result of this action",
7628
+ "isDeprecated": false,
7629
+ "name": "disinfect_result"
7630
+ },
7631
+ {
7632
+ "deprecationReason": null,
7633
+ "description": "Indicate how many processes are part of this event",
7634
+ "isDeprecated": false,
7635
+ "name": "processes_count"
7636
+ },
6935
7637
  {
6936
7638
  "deprecationReason": null,
6937
7639
  "description": "HTTP request method (ie. Get, Post)",
@@ -7006,7 +7708,7 @@
7006
7708
  },
7007
7709
  {
7008
7710
  "deprecationReason": null,
7009
- "description": "Cato App",
7711
+ "description": "Cato application name",
7010
7712
  "isDeprecated": false,
7011
7713
  "name": "cato_app"
7012
7714
  },
@@ -7060,7 +7762,7 @@
7060
7762
  },
7061
7763
  {
7062
7764
  "deprecationReason": null,
7063
- "description": "Tenant Id",
7765
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
7064
7766
  "isDeprecated": false,
7065
7767
  "name": "tenant_id"
7066
7768
  },
@@ -7120,7 +7822,7 @@
7120
7822
  },
7121
7823
  {
7122
7824
  "deprecationReason": null,
7123
- "description": "Data Classifiers",
7825
+ "description": "Defines the scanning methods used by the DLP system",
7124
7826
  "isDeprecated": false,
7125
7827
  "name": "dlp_scan_types"
7126
7828
  },
@@ -7198,7 +7900,7 @@
7198
7900
  },
7199
7901
  {
7200
7902
  "deprecationReason": null,
7201
- "description": "Used Public IP",
7903
+ "description": "Public source IP",
7202
7904
  "isDeprecated": false,
7203
7905
  "name": "public_ip"
7204
7906
  },
@@ -7369,6 +8071,54 @@
7369
8071
  "description": "Device Type",
7370
8072
  "isDeprecated": false,
7371
8073
  "name": "device_type"
8074
+ },
8075
+ {
8076
+ "deprecationReason": null,
8077
+ "description": "Tenant Restriction Rule Name",
8078
+ "isDeprecated": false,
8079
+ "name": "tenant_restriction_rule_name"
8080
+ },
8081
+ {
8082
+ "deprecationReason": null,
8083
+ "description": "Connection Origin",
8084
+ "isDeprecated": false,
8085
+ "name": "connection_origin"
8086
+ },
8087
+ {
8088
+ "deprecationReason": null,
8089
+ "description": "Translated Server IP",
8090
+ "isDeprecated": false,
8091
+ "name": "translated_server_ip"
8092
+ },
8093
+ {
8094
+ "deprecationReason": null,
8095
+ "description": "Translated Client IP",
8096
+ "isDeprecated": false,
8097
+ "name": "translated_client_ip"
8098
+ },
8099
+ {
8100
+ "deprecationReason": null,
8101
+ "description": "IoC Container Name",
8102
+ "isDeprecated": false,
8103
+ "name": "container_name"
8104
+ },
8105
+ {
8106
+ "deprecationReason": null,
8107
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
8108
+ "isDeprecated": false,
8109
+ "name": "correlation_id"
8110
+ },
8111
+ {
8112
+ "deprecationReason": null,
8113
+ "description": "Precedence",
8114
+ "isDeprecated": false,
8115
+ "name": "precedence"
8116
+ },
8117
+ {
8118
+ "deprecationReason": null,
8119
+ "description": "A list of labels providing additional context for the event",
8120
+ "isDeprecated": false,
8121
+ "name": "labels"
7372
8122
  }
7373
8123
  ],
7374
8124
  "fields": null,
@@ -7433,7 +8183,7 @@
7433
8183
  "description": null,
7434
8184
  "enumValues": [
7435
8185
  {
7436
- "deprecationReason": "use src_site_id/src_site_name instead",
8186
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7437
8187
  "description": "Name of site or user initiating the connection",
7438
8188
  "isDeprecated": true,
7439
8189
  "name": "src_site"
@@ -7457,7 +8207,7 @@
7457
8207
  "name": "user_id"
7458
8208
  },
7459
8209
  {
7460
- "deprecationReason": "use dest_site_id/dest_site_name instead",
8210
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7461
8211
  "description": "For WAN traffic, name of destination site or SDP user",
7462
8212
  "isDeprecated": true,
7463
8213
  "name": "dest_site"
@@ -7469,13 +8219,13 @@
7469
8219
  "name": "dest_site_id"
7470
8220
  },
7471
8221
  {
7472
- "deprecationReason": null,
8222
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
7473
8223
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
7474
- "isDeprecated": false,
8224
+ "isDeprecated": true,
7475
8225
  "name": "src_or_dest_site_id"
7476
8226
  },
7477
8227
  {
7478
- "deprecationReason": "use rule_name instead",
8228
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7479
8229
  "description": "Name of security rule related to the event",
7480
8230
  "isDeprecated": true,
7481
8231
  "name": "rule"
@@ -7493,7 +8243,7 @@
7493
8243
  "name": "socket_interface"
7494
8244
  },
7495
8245
  {
7496
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8246
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7497
8247
  "description": "Name for the custom category defined in the Cato Management Application",
7498
8248
  "isDeprecated": true,
7499
8249
  "name": "custom_category"
@@ -7506,7 +8256,7 @@
7506
8256
  },
7507
8257
  {
7508
8258
  "deprecationReason": null,
7509
- "description": "For Internet traffic, destination host port",
8259
+ "description": "Destination port",
7510
8260
  "isDeprecated": false,
7511
8261
  "name": "dest_port"
7512
8262
  },
@@ -7566,7 +8316,7 @@
7566
8316
  },
7567
8317
  {
7568
8318
  "deprecationReason": null,
7569
- "description": "For Internet traffic, destination host IP address",
8319
+ "description": "Destination IP address",
7570
8320
  "isDeprecated": false,
7571
8321
  "name": "dest_ip"
7572
8322
  },
@@ -7643,7 +8393,7 @@
7643
8393
  "name": "configured_host_name"
7644
8394
  },
7645
8395
  {
7646
- "deprecationReason": "use event_id instead",
8396
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
7647
8397
  "description": "Cato Internal-use only",
7648
8398
  "isDeprecated": true,
7649
8399
  "name": "internalId"
@@ -7715,9 +8465,9 @@
7715
8465
  "name": "bgp_error_code"
7716
8466
  },
7717
8467
  {
7718
- "deprecationReason": null,
8468
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
7719
8469
  "description": "Description from Cato Management Application for BGP peer",
7720
- "isDeprecated": false,
8470
+ "isDeprecated": true,
7721
8471
  "name": "bgp_peer_description"
7722
8472
  },
7723
8473
  {
@@ -7782,7 +8532,7 @@
7782
8532
  },
7783
8533
  {
7784
8534
  "deprecationReason": null,
7785
- "description": "Data that measures the latency for a specific link",
8535
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
7786
8536
  "isDeprecated": false,
7787
8537
  "name": "link_health_latency"
7788
8538
  },
@@ -7937,14 +8687,14 @@
7937
8687
  "name": "incident_id"
7938
8688
  },
7939
8689
  {
7940
- "deprecationReason": "use application_id/application_name instead",
8690
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7941
8691
  "description": "For Internet firewall, app for this event",
7942
8692
  "isDeprecated": true,
7943
8693
  "name": "application"
7944
8694
  },
7945
8695
  {
7946
8696
  "deprecationReason": null,
7947
- "description": "Application of the flow",
8697
+ "description": "The name of the application associated with the flow",
7948
8698
  "isDeprecated": false,
7949
8699
  "name": "application_name"
7950
8700
  },
@@ -7967,7 +8717,7 @@
7967
8717
  "name": "socket_interface_id"
7968
8718
  },
7969
8719
  {
7970
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8720
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7971
8721
  "description": "Unique Cato ID for the custom category",
7972
8722
  "isDeprecated": true,
7973
8723
  "name": "custom_categories"
@@ -8046,7 +8796,7 @@
8046
8796
  },
8047
8797
  {
8048
8798
  "deprecationReason": null,
8049
- "description": "For Internet traffic, destination host IP address",
8799
+ "description": "The name of the destination site",
8050
8800
  "isDeprecated": false,
8051
8801
  "name": "dest_site_name"
8052
8802
  },
@@ -8105,7 +8855,7 @@
8105
8855
  "name": "device_posture_profile"
8106
8856
  },
8107
8857
  {
8108
- "deprecationReason": "use device_posture_profile instead",
8858
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
8109
8859
  "description": "Device posture profiles",
8110
8860
  "isDeprecated": true,
8111
8861
  "name": "device_posture_profiles"
@@ -8178,7 +8928,7 @@
8178
8928
  },
8179
8929
  {
8180
8930
  "deprecationReason": null,
8181
- "description": "DLP fail mode",
8931
+ "description": "Describes the behavior when the DLP system encounters a failure",
8182
8932
  "isDeprecated": false,
8183
8933
  "name": "dlp_fail_mode"
8184
8934
  },
@@ -8236,6 +8986,24 @@
8236
8986
  "isDeprecated": false,
8237
8987
  "name": "is_sinkhole"
8238
8988
  },
8989
+ {
8990
+ "deprecationReason": null,
8991
+ "description": "The ID for the endpoint",
8992
+ "isDeprecated": false,
8993
+ "name": "endpoint_id"
8994
+ },
8995
+ {
8996
+ "deprecationReason": null,
8997
+ "description": "The Endpoint Protection Engine that detected the malware",
8998
+ "isDeprecated": false,
8999
+ "name": "epp_engine_type"
9000
+ },
9001
+ {
9002
+ "deprecationReason": null,
9003
+ "description": "The file operation when this event occurred",
9004
+ "isDeprecated": false,
9005
+ "name": "file_operation"
9006
+ },
8239
9007
  {
8240
9008
  "deprecationReason": null,
8241
9009
  "description": null,
@@ -8268,7 +9036,7 @@
8268
9036
  },
8269
9037
  {
8270
9038
  "deprecationReason": null,
8271
- "description": null,
9039
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
8272
9040
  "isDeprecated": false,
8273
9041
  "name": "vendor"
8274
9042
  },
@@ -8309,40 +9077,124 @@
8309
9077
  "name": "recommended_actions"
8310
9078
  },
8311
9079
  {
8312
- "deprecationReason": "use src_pid instead",
9080
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8313
9081
  "description": null,
8314
9082
  "isDeprecated": true,
8315
9083
  "name": "pid"
8316
9084
  },
8317
9085
  {
8318
- "deprecationReason": "use src_process_parent_pid instead",
9086
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8319
9087
  "description": null,
8320
9088
  "isDeprecated": true,
8321
9089
  "name": "parent_pid"
8322
9090
  },
8323
9091
  {
8324
- "deprecationReason": "use src_process_path instead",
9092
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
8325
9093
  "description": null,
8326
9094
  "isDeprecated": true,
8327
9095
  "name": "process_path"
8328
9096
  },
8329
9097
  {
8330
9098
  "deprecationReason": null,
8331
- "description": null,
9099
+ "description": null,
9100
+ "isDeprecated": false,
9101
+ "name": "failure_reason"
9102
+ },
9103
+ {
9104
+ "deprecationReason": null,
9105
+ "description": null,
9106
+ "isDeprecated": false,
9107
+ "name": "out_of_band_access"
9108
+ },
9109
+ {
9110
+ "deprecationReason": null,
9111
+ "description": "A Unique ID for the quarantined file",
9112
+ "isDeprecated": false,
9113
+ "name": "quarantine_uuid"
9114
+ },
9115
+ {
9116
+ "deprecationReason": null,
9117
+ "description": null,
9118
+ "isDeprecated": false,
9119
+ "name": "logged_in_user"
9120
+ },
9121
+ {
9122
+ "deprecationReason": null,
9123
+ "description": "The profile assigned to the endpoint upon detection of the malware",
9124
+ "isDeprecated": false,
9125
+ "name": "epp_profile"
9126
+ },
9127
+ {
9128
+ "deprecationReason": null,
9129
+ "description": "Source process ID",
9130
+ "isDeprecated": false,
9131
+ "name": "src_pid"
9132
+ },
9133
+ {
9134
+ "deprecationReason": null,
9135
+ "description": "Source process file path",
9136
+ "isDeprecated": false,
9137
+ "name": "src_process_path"
9138
+ },
9139
+ {
9140
+ "deprecationReason": null,
9141
+ "description": "Source process command line",
9142
+ "isDeprecated": false,
9143
+ "name": "src_process_cmdline"
9144
+ },
9145
+ {
9146
+ "deprecationReason": null,
9147
+ "description": "Source process parent process ID",
9148
+ "isDeprecated": false,
9149
+ "name": "src_process_parent_pid"
9150
+ },
9151
+ {
9152
+ "deprecationReason": null,
9153
+ "description": "Source process parent file path",
9154
+ "isDeprecated": false,
9155
+ "name": "src_process_parent_path"
9156
+ },
9157
+ {
9158
+ "deprecationReason": null,
9159
+ "description": "The destination process ID",
9160
+ "isDeprecated": false,
9161
+ "name": "dest_pid"
9162
+ },
9163
+ {
9164
+ "deprecationReason": null,
9165
+ "description": "Destination process file path",
9166
+ "isDeprecated": false,
9167
+ "name": "dest_process_path"
9168
+ },
9169
+ {
9170
+ "deprecationReason": null,
9171
+ "description": "Destination process command line",
9172
+ "isDeprecated": false,
9173
+ "name": "dest_process_cmdline"
9174
+ },
9175
+ {
9176
+ "deprecationReason": null,
9177
+ "description": "Destination process parent process ID",
8332
9178
  "isDeprecated": false,
8333
- "name": "failure_reason"
9179
+ "name": "dest_process_parent_pid"
8334
9180
  },
8335
9181
  {
8336
9182
  "deprecationReason": null,
8337
- "description": null,
9183
+ "description": "Destination process parent file path",
8338
9184
  "isDeprecated": false,
8339
- "name": "out_of_band_access"
9185
+ "name": "dest_process_parent_path"
8340
9186
  },
8341
9187
  {
8342
9188
  "deprecationReason": null,
8343
- "description": null,
9189
+ "description": "If policy is set to disinfect, return the result of this action",
8344
9190
  "isDeprecated": false,
8345
- "name": "logged_in_user"
9191
+ "name": "disinfect_result"
9192
+ },
9193
+ {
9194
+ "deprecationReason": null,
9195
+ "description": "Indicate how many processes are part of this event",
9196
+ "isDeprecated": false,
9197
+ "name": "processes_count"
8346
9198
  },
8347
9199
  {
8348
9200
  "deprecationReason": null,
@@ -8418,7 +9270,7 @@
8418
9270
  },
8419
9271
  {
8420
9272
  "deprecationReason": null,
8421
- "description": "Cato App",
9273
+ "description": "Cato application name",
8422
9274
  "isDeprecated": false,
8423
9275
  "name": "cato_app"
8424
9276
  },
@@ -8472,7 +9324,7 @@
8472
9324
  },
8473
9325
  {
8474
9326
  "deprecationReason": null,
8475
- "description": "Tenant Id",
9327
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
8476
9328
  "isDeprecated": false,
8477
9329
  "name": "tenant_id"
8478
9330
  },
@@ -8532,7 +9384,7 @@
8532
9384
  },
8533
9385
  {
8534
9386
  "deprecationReason": null,
8535
- "description": "Data Classifiers",
9387
+ "description": "Defines the scanning methods used by the DLP system",
8536
9388
  "isDeprecated": false,
8537
9389
  "name": "dlp_scan_types"
8538
9390
  },
@@ -8610,7 +9462,7 @@
8610
9462
  },
8611
9463
  {
8612
9464
  "deprecationReason": null,
8613
- "description": "Used Public IP",
9465
+ "description": "Public source IP",
8614
9466
  "isDeprecated": false,
8615
9467
  "name": "public_ip"
8616
9468
  },
@@ -8781,6 +9633,54 @@
8781
9633
  "description": "Device Type",
8782
9634
  "isDeprecated": false,
8783
9635
  "name": "device_type"
9636
+ },
9637
+ {
9638
+ "deprecationReason": null,
9639
+ "description": "Tenant Restriction Rule Name",
9640
+ "isDeprecated": false,
9641
+ "name": "tenant_restriction_rule_name"
9642
+ },
9643
+ {
9644
+ "deprecationReason": null,
9645
+ "description": "Connection Origin",
9646
+ "isDeprecated": false,
9647
+ "name": "connection_origin"
9648
+ },
9649
+ {
9650
+ "deprecationReason": null,
9651
+ "description": "Translated Server IP",
9652
+ "isDeprecated": false,
9653
+ "name": "translated_server_ip"
9654
+ },
9655
+ {
9656
+ "deprecationReason": null,
9657
+ "description": "Translated Client IP",
9658
+ "isDeprecated": false,
9659
+ "name": "translated_client_ip"
9660
+ },
9661
+ {
9662
+ "deprecationReason": null,
9663
+ "description": "IoC Container Name",
9664
+ "isDeprecated": false,
9665
+ "name": "container_name"
9666
+ },
9667
+ {
9668
+ "deprecationReason": null,
9669
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
9670
+ "isDeprecated": false,
9671
+ "name": "correlation_id"
9672
+ },
9673
+ {
9674
+ "deprecationReason": null,
9675
+ "description": "Precedence",
9676
+ "isDeprecated": false,
9677
+ "name": "precedence"
9678
+ },
9679
+ {
9680
+ "deprecationReason": null,
9681
+ "description": "A list of labels providing additional context for the event",
9682
+ "isDeprecated": false,
9683
+ "name": "labels"
8784
9684
  }
8785
9685
  ],
8786
9686
  "fields": null,
@@ -9061,7 +9961,7 @@
9061
9961
  "description": null,
9062
9962
  "enumValues": [
9063
9963
  {
9064
- "deprecationReason": "use src_site_id/src_site_name instead",
9964
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9065
9965
  "description": "Name of site or user initiating the connection",
9066
9966
  "isDeprecated": true,
9067
9967
  "name": "src_site"
@@ -9085,7 +9985,7 @@
9085
9985
  "name": "user_id"
9086
9986
  },
9087
9987
  {
9088
- "deprecationReason": "use dest_site_id/dest_site_name instead",
9988
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9089
9989
  "description": "For WAN traffic, name of destination site or SDP user",
9090
9990
  "isDeprecated": true,
9091
9991
  "name": "dest_site"
@@ -9097,13 +9997,13 @@
9097
9997
  "name": "dest_site_id"
9098
9998
  },
9099
9999
  {
9100
- "deprecationReason": null,
10000
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
9101
10001
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
9102
- "isDeprecated": false,
10002
+ "isDeprecated": true,
9103
10003
  "name": "src_or_dest_site_id"
9104
10004
  },
9105
10005
  {
9106
- "deprecationReason": "use rule_name instead",
10006
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9107
10007
  "description": "Name of security rule related to the event",
9108
10008
  "isDeprecated": true,
9109
10009
  "name": "rule"
@@ -9121,7 +10021,7 @@
9121
10021
  "name": "socket_interface"
9122
10022
  },
9123
10023
  {
9124
- "deprecationReason": "use custom_category_id/custom_category_name instead",
10024
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9125
10025
  "description": "Name for the custom category defined in the Cato Management Application",
9126
10026
  "isDeprecated": true,
9127
10027
  "name": "custom_category"
@@ -9134,7 +10034,7 @@
9134
10034
  },
9135
10035
  {
9136
10036
  "deprecationReason": null,
9137
- "description": "For Internet traffic, destination host port",
10037
+ "description": "Destination port",
9138
10038
  "isDeprecated": false,
9139
10039
  "name": "dest_port"
9140
10040
  },
@@ -9194,7 +10094,7 @@
9194
10094
  },
9195
10095
  {
9196
10096
  "deprecationReason": null,
9197
- "description": "For Internet traffic, destination host IP address",
10097
+ "description": "Destination IP address",
9198
10098
  "isDeprecated": false,
9199
10099
  "name": "dest_ip"
9200
10100
  },
@@ -9271,7 +10171,7 @@
9271
10171
  "name": "configured_host_name"
9272
10172
  },
9273
10173
  {
9274
- "deprecationReason": "use event_id instead",
10174
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
9275
10175
  "description": "Cato Internal-use only",
9276
10176
  "isDeprecated": true,
9277
10177
  "name": "internalId"
@@ -9343,9 +10243,9 @@
9343
10243
  "name": "bgp_error_code"
9344
10244
  },
9345
10245
  {
9346
- "deprecationReason": null,
10246
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
9347
10247
  "description": "Description from Cato Management Application for BGP peer",
9348
- "isDeprecated": false,
10248
+ "isDeprecated": true,
9349
10249
  "name": "bgp_peer_description"
9350
10250
  },
9351
10251
  {
@@ -9410,7 +10310,7 @@
9410
10310
  },
9411
10311
  {
9412
10312
  "deprecationReason": null,
9413
- "description": "Data that measures the latency for a specific link",
10313
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
9414
10314
  "isDeprecated": false,
9415
10315
  "name": "link_health_latency"
9416
10316
  },
@@ -9565,14 +10465,14 @@
9565
10465
  "name": "incident_id"
9566
10466
  },
9567
10467
  {
9568
- "deprecationReason": "use application_id/application_name instead",
10468
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9569
10469
  "description": "For Internet firewall, app for this event",
9570
10470
  "isDeprecated": true,
9571
10471
  "name": "application"
9572
10472
  },
9573
10473
  {
9574
10474
  "deprecationReason": null,
9575
- "description": "Application of the flow",
10475
+ "description": "The name of the application associated with the flow",
9576
10476
  "isDeprecated": false,
9577
10477
  "name": "application_name"
9578
10478
  },
@@ -9595,7 +10495,7 @@
9595
10495
  "name": "socket_interface_id"
9596
10496
  },
9597
10497
  {
9598
- "deprecationReason": "use custom_category_id/custom_category_name instead",
10498
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
9599
10499
  "description": "Unique Cato ID for the custom category",
9600
10500
  "isDeprecated": true,
9601
10501
  "name": "custom_categories"
@@ -9674,7 +10574,7 @@
9674
10574
  },
9675
10575
  {
9676
10576
  "deprecationReason": null,
9677
- "description": "For Internet traffic, destination host IP address",
10577
+ "description": "The name of the destination site",
9678
10578
  "isDeprecated": false,
9679
10579
  "name": "dest_site_name"
9680
10580
  },
@@ -9733,7 +10633,7 @@
9733
10633
  "name": "device_posture_profile"
9734
10634
  },
9735
10635
  {
9736
- "deprecationReason": "use device_posture_profile instead",
10636
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
9737
10637
  "description": "Device posture profiles",
9738
10638
  "isDeprecated": true,
9739
10639
  "name": "device_posture_profiles"
@@ -9806,7 +10706,7 @@
9806
10706
  },
9807
10707
  {
9808
10708
  "deprecationReason": null,
9809
- "description": "DLP fail mode",
10709
+ "description": "Describes the behavior when the DLP system encounters a failure",
9810
10710
  "isDeprecated": false,
9811
10711
  "name": "dlp_fail_mode"
9812
10712
  },
@@ -9864,6 +10764,24 @@
9864
10764
  "isDeprecated": false,
9865
10765
  "name": "is_sinkhole"
9866
10766
  },
10767
+ {
10768
+ "deprecationReason": null,
10769
+ "description": "The ID for the endpoint",
10770
+ "isDeprecated": false,
10771
+ "name": "endpoint_id"
10772
+ },
10773
+ {
10774
+ "deprecationReason": null,
10775
+ "description": "The Endpoint Protection Engine that detected the malware",
10776
+ "isDeprecated": false,
10777
+ "name": "epp_engine_type"
10778
+ },
10779
+ {
10780
+ "deprecationReason": null,
10781
+ "description": "The file operation when this event occurred",
10782
+ "isDeprecated": false,
10783
+ "name": "file_operation"
10784
+ },
9867
10785
  {
9868
10786
  "deprecationReason": null,
9869
10787
  "description": null,
@@ -9896,7 +10814,7 @@
9896
10814
  },
9897
10815
  {
9898
10816
  "deprecationReason": null,
9899
- "description": null,
10817
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
9900
10818
  "isDeprecated": false,
9901
10819
  "name": "vendor"
9902
10820
  },
@@ -9937,19 +10855,19 @@
9937
10855
  "name": "recommended_actions"
9938
10856
  },
9939
10857
  {
9940
- "deprecationReason": "use src_pid instead",
10858
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
9941
10859
  "description": null,
9942
10860
  "isDeprecated": true,
9943
10861
  "name": "pid"
9944
10862
  },
9945
10863
  {
9946
- "deprecationReason": "use src_process_parent_pid instead",
10864
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
9947
10865
  "description": null,
9948
10866
  "isDeprecated": true,
9949
10867
  "name": "parent_pid"
9950
10868
  },
9951
10869
  {
9952
- "deprecationReason": "use src_process_path instead",
10870
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
9953
10871
  "description": null,
9954
10872
  "isDeprecated": true,
9955
10873
  "name": "process_path"
@@ -9966,12 +10884,96 @@
9966
10884
  "isDeprecated": false,
9967
10885
  "name": "out_of_band_access"
9968
10886
  },
10887
+ {
10888
+ "deprecationReason": null,
10889
+ "description": "A Unique ID for the quarantined file",
10890
+ "isDeprecated": false,
10891
+ "name": "quarantine_uuid"
10892
+ },
9969
10893
  {
9970
10894
  "deprecationReason": null,
9971
10895
  "description": null,
9972
10896
  "isDeprecated": false,
9973
10897
  "name": "logged_in_user"
9974
10898
  },
10899
+ {
10900
+ "deprecationReason": null,
10901
+ "description": "The profile assigned to the endpoint upon detection of the malware",
10902
+ "isDeprecated": false,
10903
+ "name": "epp_profile"
10904
+ },
10905
+ {
10906
+ "deprecationReason": null,
10907
+ "description": "Source process ID",
10908
+ "isDeprecated": false,
10909
+ "name": "src_pid"
10910
+ },
10911
+ {
10912
+ "deprecationReason": null,
10913
+ "description": "Source process file path",
10914
+ "isDeprecated": false,
10915
+ "name": "src_process_path"
10916
+ },
10917
+ {
10918
+ "deprecationReason": null,
10919
+ "description": "Source process command line",
10920
+ "isDeprecated": false,
10921
+ "name": "src_process_cmdline"
10922
+ },
10923
+ {
10924
+ "deprecationReason": null,
10925
+ "description": "Source process parent process ID",
10926
+ "isDeprecated": false,
10927
+ "name": "src_process_parent_pid"
10928
+ },
10929
+ {
10930
+ "deprecationReason": null,
10931
+ "description": "Source process parent file path",
10932
+ "isDeprecated": false,
10933
+ "name": "src_process_parent_path"
10934
+ },
10935
+ {
10936
+ "deprecationReason": null,
10937
+ "description": "The destination process ID",
10938
+ "isDeprecated": false,
10939
+ "name": "dest_pid"
10940
+ },
10941
+ {
10942
+ "deprecationReason": null,
10943
+ "description": "Destination process file path",
10944
+ "isDeprecated": false,
10945
+ "name": "dest_process_path"
10946
+ },
10947
+ {
10948
+ "deprecationReason": null,
10949
+ "description": "Destination process command line",
10950
+ "isDeprecated": false,
10951
+ "name": "dest_process_cmdline"
10952
+ },
10953
+ {
10954
+ "deprecationReason": null,
10955
+ "description": "Destination process parent process ID",
10956
+ "isDeprecated": false,
10957
+ "name": "dest_process_parent_pid"
10958
+ },
10959
+ {
10960
+ "deprecationReason": null,
10961
+ "description": "Destination process parent file path",
10962
+ "isDeprecated": false,
10963
+ "name": "dest_process_parent_path"
10964
+ },
10965
+ {
10966
+ "deprecationReason": null,
10967
+ "description": "If policy is set to disinfect, return the result of this action",
10968
+ "isDeprecated": false,
10969
+ "name": "disinfect_result"
10970
+ },
10971
+ {
10972
+ "deprecationReason": null,
10973
+ "description": "Indicate how many processes are part of this event",
10974
+ "isDeprecated": false,
10975
+ "name": "processes_count"
10976
+ },
9975
10977
  {
9976
10978
  "deprecationReason": null,
9977
10979
  "description": "HTTP request method (ie. Get, Post)",
@@ -10046,7 +11048,7 @@
10046
11048
  },
10047
11049
  {
10048
11050
  "deprecationReason": null,
10049
- "description": "Cato App",
11051
+ "description": "Cato application name",
10050
11052
  "isDeprecated": false,
10051
11053
  "name": "cato_app"
10052
11054
  },
@@ -10100,7 +11102,7 @@
10100
11102
  },
10101
11103
  {
10102
11104
  "deprecationReason": null,
10103
- "description": "Tenant Id",
11105
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
10104
11106
  "isDeprecated": false,
10105
11107
  "name": "tenant_id"
10106
11108
  },
@@ -10160,7 +11162,7 @@
10160
11162
  },
10161
11163
  {
10162
11164
  "deprecationReason": null,
10163
- "description": "Data Classifiers",
11165
+ "description": "Defines the scanning methods used by the DLP system",
10164
11166
  "isDeprecated": false,
10165
11167
  "name": "dlp_scan_types"
10166
11168
  },
@@ -10238,7 +11240,7 @@
10238
11240
  },
10239
11241
  {
10240
11242
  "deprecationReason": null,
10241
- "description": "Used Public IP",
11243
+ "description": "Public source IP",
10242
11244
  "isDeprecated": false,
10243
11245
  "name": "public_ip"
10244
11246
  },
@@ -10409,6 +11411,54 @@
10409
11411
  "description": "Device Type",
10410
11412
  "isDeprecated": false,
10411
11413
  "name": "device_type"
11414
+ },
11415
+ {
11416
+ "deprecationReason": null,
11417
+ "description": "Tenant Restriction Rule Name",
11418
+ "isDeprecated": false,
11419
+ "name": "tenant_restriction_rule_name"
11420
+ },
11421
+ {
11422
+ "deprecationReason": null,
11423
+ "description": "Connection Origin",
11424
+ "isDeprecated": false,
11425
+ "name": "connection_origin"
11426
+ },
11427
+ {
11428
+ "deprecationReason": null,
11429
+ "description": "Translated Server IP",
11430
+ "isDeprecated": false,
11431
+ "name": "translated_server_ip"
11432
+ },
11433
+ {
11434
+ "deprecationReason": null,
11435
+ "description": "Translated Client IP",
11436
+ "isDeprecated": false,
11437
+ "name": "translated_client_ip"
11438
+ },
11439
+ {
11440
+ "deprecationReason": null,
11441
+ "description": "IoC Container Name",
11442
+ "isDeprecated": false,
11443
+ "name": "container_name"
11444
+ },
11445
+ {
11446
+ "deprecationReason": null,
11447
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
11448
+ "isDeprecated": false,
11449
+ "name": "correlation_id"
11450
+ },
11451
+ {
11452
+ "deprecationReason": null,
11453
+ "description": "Precedence",
11454
+ "isDeprecated": false,
11455
+ "name": "precedence"
11456
+ },
11457
+ {
11458
+ "deprecationReason": null,
11459
+ "description": "A list of labels providing additional context for the event",
11460
+ "isDeprecated": false,
11461
+ "name": "labels"
10412
11462
  }
10413
11463
  ],
10414
11464
  "fields": null,
@@ -10491,7 +11541,7 @@
10491
11541
  "description": null,
10492
11542
  "enumValues": [
10493
11543
  {
10494
- "deprecationReason": "use src_site_id/src_site_name instead",
11544
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10495
11545
  "description": "Name of site or user initiating the connection",
10496
11546
  "isDeprecated": true,
10497
11547
  "name": "src_site"
@@ -10515,7 +11565,7 @@
10515
11565
  "name": "user_id"
10516
11566
  },
10517
11567
  {
10518
- "deprecationReason": "use dest_site_id/dest_site_name instead",
11568
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10519
11569
  "description": "For WAN traffic, name of destination site or SDP user",
10520
11570
  "isDeprecated": true,
10521
11571
  "name": "dest_site"
@@ -10527,13 +11577,13 @@
10527
11577
  "name": "dest_site_id"
10528
11578
  },
10529
11579
  {
10530
- "deprecationReason": null,
11580
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
10531
11581
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
10532
- "isDeprecated": false,
11582
+ "isDeprecated": true,
10533
11583
  "name": "src_or_dest_site_id"
10534
11584
  },
10535
11585
  {
10536
- "deprecationReason": "use rule_name instead",
11586
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10537
11587
  "description": "Name of security rule related to the event",
10538
11588
  "isDeprecated": true,
10539
11589
  "name": "rule"
@@ -10551,7 +11601,7 @@
10551
11601
  "name": "socket_interface"
10552
11602
  },
10553
11603
  {
10554
- "deprecationReason": "use custom_category_id/custom_category_name instead",
11604
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10555
11605
  "description": "Name for the custom category defined in the Cato Management Application",
10556
11606
  "isDeprecated": true,
10557
11607
  "name": "custom_category"
@@ -10564,7 +11614,7 @@
10564
11614
  },
10565
11615
  {
10566
11616
  "deprecationReason": null,
10567
- "description": "For Internet traffic, destination host port",
11617
+ "description": "Destination port",
10568
11618
  "isDeprecated": false,
10569
11619
  "name": "dest_port"
10570
11620
  },
@@ -10624,7 +11674,7 @@
10624
11674
  },
10625
11675
  {
10626
11676
  "deprecationReason": null,
10627
- "description": "For Internet traffic, destination host IP address",
11677
+ "description": "Destination IP address",
10628
11678
  "isDeprecated": false,
10629
11679
  "name": "dest_ip"
10630
11680
  },
@@ -10701,7 +11751,7 @@
10701
11751
  "name": "configured_host_name"
10702
11752
  },
10703
11753
  {
10704
- "deprecationReason": "use event_id instead",
11754
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
10705
11755
  "description": "Cato Internal-use only",
10706
11756
  "isDeprecated": true,
10707
11757
  "name": "internalId"
@@ -10773,9 +11823,9 @@
10773
11823
  "name": "bgp_error_code"
10774
11824
  },
10775
11825
  {
10776
- "deprecationReason": null,
11826
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
10777
11827
  "description": "Description from Cato Management Application for BGP peer",
10778
- "isDeprecated": false,
11828
+ "isDeprecated": true,
10779
11829
  "name": "bgp_peer_description"
10780
11830
  },
10781
11831
  {
@@ -10840,7 +11890,7 @@
10840
11890
  },
10841
11891
  {
10842
11892
  "deprecationReason": null,
10843
- "description": "Data that measures the latency for a specific link",
11893
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
10844
11894
  "isDeprecated": false,
10845
11895
  "name": "link_health_latency"
10846
11896
  },
@@ -10995,14 +12045,14 @@
10995
12045
  "name": "incident_id"
10996
12046
  },
10997
12047
  {
10998
- "deprecationReason": "use application_id/application_name instead",
12048
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
10999
12049
  "description": "For Internet firewall, app for this event",
11000
12050
  "isDeprecated": true,
11001
12051
  "name": "application"
11002
12052
  },
11003
12053
  {
11004
12054
  "deprecationReason": null,
11005
- "description": "Application of the flow",
12055
+ "description": "The name of the application associated with the flow",
11006
12056
  "isDeprecated": false,
11007
12057
  "name": "application_name"
11008
12058
  },
@@ -11025,7 +12075,7 @@
11025
12075
  "name": "socket_interface_id"
11026
12076
  },
11027
12077
  {
11028
- "deprecationReason": "use custom_category_id/custom_category_name instead",
12078
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
11029
12079
  "description": "Unique Cato ID for the custom category",
11030
12080
  "isDeprecated": true,
11031
12081
  "name": "custom_categories"
@@ -11104,7 +12154,7 @@
11104
12154
  },
11105
12155
  {
11106
12156
  "deprecationReason": null,
11107
- "description": "For Internet traffic, destination host IP address",
12157
+ "description": "The name of the destination site",
11108
12158
  "isDeprecated": false,
11109
12159
  "name": "dest_site_name"
11110
12160
  },
@@ -11163,7 +12213,7 @@
11163
12213
  "name": "device_posture_profile"
11164
12214
  },
11165
12215
  {
11166
- "deprecationReason": "use device_posture_profile instead",
12216
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
11167
12217
  "description": "Device posture profiles",
11168
12218
  "isDeprecated": true,
11169
12219
  "name": "device_posture_profiles"
@@ -11236,7 +12286,7 @@
11236
12286
  },
11237
12287
  {
11238
12288
  "deprecationReason": null,
11239
- "description": "DLP fail mode",
12289
+ "description": "Describes the behavior when the DLP system encounters a failure",
11240
12290
  "isDeprecated": false,
11241
12291
  "name": "dlp_fail_mode"
11242
12292
  },
@@ -11294,6 +12344,24 @@
11294
12344
  "isDeprecated": false,
11295
12345
  "name": "is_sinkhole"
11296
12346
  },
12347
+ {
12348
+ "deprecationReason": null,
12349
+ "description": "The ID for the endpoint",
12350
+ "isDeprecated": false,
12351
+ "name": "endpoint_id"
12352
+ },
12353
+ {
12354
+ "deprecationReason": null,
12355
+ "description": "The Endpoint Protection Engine that detected the malware",
12356
+ "isDeprecated": false,
12357
+ "name": "epp_engine_type"
12358
+ },
12359
+ {
12360
+ "deprecationReason": null,
12361
+ "description": "The file operation when this event occurred",
12362
+ "isDeprecated": false,
12363
+ "name": "file_operation"
12364
+ },
11297
12365
  {
11298
12366
  "deprecationReason": null,
11299
12367
  "description": null,
@@ -11326,7 +12394,7 @@
11326
12394
  },
11327
12395
  {
11328
12396
  "deprecationReason": null,
11329
- "description": null,
12397
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
11330
12398
  "isDeprecated": false,
11331
12399
  "name": "vendor"
11332
12400
  },
@@ -11367,19 +12435,19 @@
11367
12435
  "name": "recommended_actions"
11368
12436
  },
11369
12437
  {
11370
- "deprecationReason": "use src_pid instead",
12438
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
11371
12439
  "description": null,
11372
12440
  "isDeprecated": true,
11373
12441
  "name": "pid"
11374
12442
  },
11375
12443
  {
11376
- "deprecationReason": "use src_process_parent_pid instead",
12444
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
11377
12445
  "description": null,
11378
12446
  "isDeprecated": true,
11379
12447
  "name": "parent_pid"
11380
12448
  },
11381
12449
  {
11382
- "deprecationReason": "use src_process_path instead",
12450
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
11383
12451
  "description": null,
11384
12452
  "isDeprecated": true,
11385
12453
  "name": "process_path"
@@ -11396,12 +12464,96 @@
11396
12464
  "isDeprecated": false,
11397
12465
  "name": "out_of_band_access"
11398
12466
  },
12467
+ {
12468
+ "deprecationReason": null,
12469
+ "description": "A Unique ID for the quarantined file",
12470
+ "isDeprecated": false,
12471
+ "name": "quarantine_uuid"
12472
+ },
11399
12473
  {
11400
12474
  "deprecationReason": null,
11401
12475
  "description": null,
11402
12476
  "isDeprecated": false,
11403
12477
  "name": "logged_in_user"
11404
12478
  },
12479
+ {
12480
+ "deprecationReason": null,
12481
+ "description": "The profile assigned to the endpoint upon detection of the malware",
12482
+ "isDeprecated": false,
12483
+ "name": "epp_profile"
12484
+ },
12485
+ {
12486
+ "deprecationReason": null,
12487
+ "description": "Source process ID",
12488
+ "isDeprecated": false,
12489
+ "name": "src_pid"
12490
+ },
12491
+ {
12492
+ "deprecationReason": null,
12493
+ "description": "Source process file path",
12494
+ "isDeprecated": false,
12495
+ "name": "src_process_path"
12496
+ },
12497
+ {
12498
+ "deprecationReason": null,
12499
+ "description": "Source process command line",
12500
+ "isDeprecated": false,
12501
+ "name": "src_process_cmdline"
12502
+ },
12503
+ {
12504
+ "deprecationReason": null,
12505
+ "description": "Source process parent process ID",
12506
+ "isDeprecated": false,
12507
+ "name": "src_process_parent_pid"
12508
+ },
12509
+ {
12510
+ "deprecationReason": null,
12511
+ "description": "Source process parent file path",
12512
+ "isDeprecated": false,
12513
+ "name": "src_process_parent_path"
12514
+ },
12515
+ {
12516
+ "deprecationReason": null,
12517
+ "description": "The destination process ID",
12518
+ "isDeprecated": false,
12519
+ "name": "dest_pid"
12520
+ },
12521
+ {
12522
+ "deprecationReason": null,
12523
+ "description": "Destination process file path",
12524
+ "isDeprecated": false,
12525
+ "name": "dest_process_path"
12526
+ },
12527
+ {
12528
+ "deprecationReason": null,
12529
+ "description": "Destination process command line",
12530
+ "isDeprecated": false,
12531
+ "name": "dest_process_cmdline"
12532
+ },
12533
+ {
12534
+ "deprecationReason": null,
12535
+ "description": "Destination process parent process ID",
12536
+ "isDeprecated": false,
12537
+ "name": "dest_process_parent_pid"
12538
+ },
12539
+ {
12540
+ "deprecationReason": null,
12541
+ "description": "Destination process parent file path",
12542
+ "isDeprecated": false,
12543
+ "name": "dest_process_parent_path"
12544
+ },
12545
+ {
12546
+ "deprecationReason": null,
12547
+ "description": "If policy is set to disinfect, return the result of this action",
12548
+ "isDeprecated": false,
12549
+ "name": "disinfect_result"
12550
+ },
12551
+ {
12552
+ "deprecationReason": null,
12553
+ "description": "Indicate how many processes are part of this event",
12554
+ "isDeprecated": false,
12555
+ "name": "processes_count"
12556
+ },
11405
12557
  {
11406
12558
  "deprecationReason": null,
11407
12559
  "description": "HTTP request method (ie. Get, Post)",
@@ -11476,7 +12628,7 @@
11476
12628
  },
11477
12629
  {
11478
12630
  "deprecationReason": null,
11479
- "description": "Cato App",
12631
+ "description": "Cato application name",
11480
12632
  "isDeprecated": false,
11481
12633
  "name": "cato_app"
11482
12634
  },
@@ -11530,7 +12682,7 @@
11530
12682
  },
11531
12683
  {
11532
12684
  "deprecationReason": null,
11533
- "description": "Tenant Id",
12685
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
11534
12686
  "isDeprecated": false,
11535
12687
  "name": "tenant_id"
11536
12688
  },
@@ -11590,7 +12742,7 @@
11590
12742
  },
11591
12743
  {
11592
12744
  "deprecationReason": null,
11593
- "description": "Data Classifiers",
12745
+ "description": "Defines the scanning methods used by the DLP system",
11594
12746
  "isDeprecated": false,
11595
12747
  "name": "dlp_scan_types"
11596
12748
  },
@@ -11668,7 +12820,7 @@
11668
12820
  },
11669
12821
  {
11670
12822
  "deprecationReason": null,
11671
- "description": "Used Public IP",
12823
+ "description": "Public source IP",
11672
12824
  "isDeprecated": false,
11673
12825
  "name": "public_ip"
11674
12826
  },
@@ -11839,6 +12991,54 @@
11839
12991
  "description": "Device Type",
11840
12992
  "isDeprecated": false,
11841
12993
  "name": "device_type"
12994
+ },
12995
+ {
12996
+ "deprecationReason": null,
12997
+ "description": "Tenant Restriction Rule Name",
12998
+ "isDeprecated": false,
12999
+ "name": "tenant_restriction_rule_name"
13000
+ },
13001
+ {
13002
+ "deprecationReason": null,
13003
+ "description": "Connection Origin",
13004
+ "isDeprecated": false,
13005
+ "name": "connection_origin"
13006
+ },
13007
+ {
13008
+ "deprecationReason": null,
13009
+ "description": "Translated Server IP",
13010
+ "isDeprecated": false,
13011
+ "name": "translated_server_ip"
13012
+ },
13013
+ {
13014
+ "deprecationReason": null,
13015
+ "description": "Translated Client IP",
13016
+ "isDeprecated": false,
13017
+ "name": "translated_client_ip"
13018
+ },
13019
+ {
13020
+ "deprecationReason": null,
13021
+ "description": "IoC Container Name",
13022
+ "isDeprecated": false,
13023
+ "name": "container_name"
13024
+ },
13025
+ {
13026
+ "deprecationReason": null,
13027
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
13028
+ "isDeprecated": false,
13029
+ "name": "correlation_id"
13030
+ },
13031
+ {
13032
+ "deprecationReason": null,
13033
+ "description": "Precedence",
13034
+ "isDeprecated": false,
13035
+ "name": "precedence"
13036
+ },
13037
+ {
13038
+ "deprecationReason": null,
13039
+ "description": "A list of labels providing additional context for the event",
13040
+ "isDeprecated": false,
13041
+ "name": "labels"
11842
13042
  }
11843
13043
  ],
11844
13044
  "fields": null,