catocli 1.0.19__py3-none-any.whl → 1.0.21__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (166) hide show
  1. catocli/Utils/clidriver.py +6 -0
  2. catocli/__init__.py +1 -1
  3. catocli/parsers/custom/__init__.py +1 -1
  4. catocli/parsers/mutation_admin_addAdmin/README.md +1 -1
  5. catocli/parsers/mutation_admin_updateAdmin/README.md +1 -1
  6. catocli/parsers/mutation_policy/__init__.py +522 -0
  7. catocli/parsers/mutation_policy_dynamicIpAllocation/README.md +7 -0
  8. catocli/parsers/mutation_policy_dynamicIpAllocation_addRule/README.md +18 -0
  9. catocli/parsers/mutation_policy_dynamicIpAllocation_addSection/README.md +18 -0
  10. catocli/parsers/mutation_policy_dynamicIpAllocation_createPolicyRevision/README.md +18 -0
  11. catocli/parsers/mutation_policy_dynamicIpAllocation_discardPolicyRevision/README.md +18 -0
  12. catocli/parsers/mutation_policy_dynamicIpAllocation_moveRule/README.md +18 -0
  13. catocli/parsers/mutation_policy_dynamicIpAllocation_moveSection/README.md +18 -0
  14. catocli/parsers/mutation_policy_dynamicIpAllocation_publishPolicyRevision/README.md +18 -0
  15. catocli/parsers/mutation_policy_dynamicIpAllocation_removeRule/README.md +18 -0
  16. catocli/parsers/mutation_policy_dynamicIpAllocation_removeSection/README.md +18 -0
  17. catocli/parsers/mutation_policy_dynamicIpAllocation_updatePolicy/README.md +18 -0
  18. catocli/parsers/mutation_policy_dynamicIpAllocation_updateRule/README.md +18 -0
  19. catocli/parsers/mutation_policy_dynamicIpAllocation_updateSection/README.md +18 -0
  20. catocli/parsers/mutation_policy_internetFirewall_addRule/README.md +1 -1
  21. catocli/parsers/mutation_policy_internetFirewall_updateRule/README.md +1 -1
  22. catocli/parsers/mutation_policy_socketLan/README.md +7 -0
  23. catocli/parsers/mutation_policy_socketLan_addRule/README.md +18 -0
  24. catocli/parsers/mutation_policy_socketLan_addSection/README.md +18 -0
  25. catocli/parsers/mutation_policy_socketLan_createPolicyRevision/README.md +18 -0
  26. catocli/parsers/mutation_policy_socketLan_discardPolicyRevision/README.md +18 -0
  27. catocli/parsers/mutation_policy_socketLan_moveRule/README.md +18 -0
  28. catocli/parsers/mutation_policy_socketLan_moveSection/README.md +18 -0
  29. catocli/parsers/mutation_policy_socketLan_publishPolicyRevision/README.md +18 -0
  30. catocli/parsers/mutation_policy_socketLan_removeRule/README.md +18 -0
  31. catocli/parsers/mutation_policy_socketLan_removeSection/README.md +18 -0
  32. catocli/parsers/mutation_policy_socketLan_updatePolicy/README.md +18 -0
  33. catocli/parsers/mutation_policy_socketLan_updateRule/README.md +18 -0
  34. catocli/parsers/mutation_policy_socketLan_updateSection/README.md +18 -0
  35. catocli/parsers/mutation_policy_wanNetwork/README.md +7 -0
  36. catocli/parsers/mutation_policy_wanNetwork_addRule/README.md +18 -0
  37. catocli/parsers/mutation_policy_wanNetwork_addSection/README.md +18 -0
  38. catocli/parsers/mutation_policy_wanNetwork_createPolicyRevision/README.md +18 -0
  39. catocli/parsers/mutation_policy_wanNetwork_discardPolicyRevision/README.md +18 -0
  40. catocli/parsers/mutation_policy_wanNetwork_moveRule/README.md +18 -0
  41. catocli/parsers/mutation_policy_wanNetwork_moveSection/README.md +18 -0
  42. catocli/parsers/mutation_policy_wanNetwork_publishPolicyRevision/README.md +18 -0
  43. catocli/parsers/mutation_policy_wanNetwork_removeRule/README.md +18 -0
  44. catocli/parsers/mutation_policy_wanNetwork_removeSection/README.md +18 -0
  45. catocli/parsers/mutation_policy_wanNetwork_updatePolicy/README.md +18 -0
  46. catocli/parsers/mutation_policy_wanNetwork_updateRule/README.md +18 -0
  47. catocli/parsers/mutation_policy_wanNetwork_updateSection/README.md +18 -0
  48. catocli/parsers/mutation_sandbox/README.md +7 -0
  49. catocli/parsers/mutation_sandbox/__init__.py +37 -0
  50. catocli/parsers/mutation_sandbox_deleteReport/README.md +17 -0
  51. catocli/parsers/mutation_sandbox_uploadFile/README.md +17 -0
  52. catocli/parsers/mutation_site/__init__.py +28 -0
  53. catocli/parsers/mutation_site_addIpsecIkeV2Site/README.md +1 -1
  54. catocli/parsers/mutation_site_addIpsecIkeV2SiteTunnels/README.md +1 -1
  55. catocli/parsers/mutation_site_addSecondaryAwsVSocket/README.md +17 -0
  56. catocli/parsers/mutation_site_addSecondaryAzureVSocket/README.md +17 -0
  57. catocli/parsers/mutation_site_addSocketSite/README.md +1 -1
  58. catocli/parsers/mutation_site_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  59. catocli/parsers/mutation_site_updateSocketInterface/README.md +1 -1
  60. catocli/parsers/mutation_sites/__init__.py +28 -0
  61. catocli/parsers/mutation_sites_addIpsecIkeV2Site/README.md +1 -1
  62. catocli/parsers/mutation_sites_addIpsecIkeV2SiteTunnels/README.md +1 -1
  63. catocli/parsers/mutation_sites_addSecondaryAwsVSocket/README.md +17 -0
  64. catocli/parsers/mutation_sites_addSecondaryAzureVSocket/README.md +17 -0
  65. catocli/parsers/mutation_sites_addSocketSite/README.md +1 -1
  66. catocli/parsers/mutation_sites_updateIpsecIkeV2SiteTunnels/README.md +1 -1
  67. catocli/parsers/mutation_sites_updateSocketInterface/README.md +1 -1
  68. catocli/parsers/mutation_xdr/README.md +7 -0
  69. catocli/parsers/mutation_xdr/__init__.py +51 -0
  70. catocli/parsers/mutation_xdr_addStoryComment/README.md +17 -0
  71. catocli/parsers/mutation_xdr_analystFeedback/README.md +18 -0
  72. catocli/parsers/mutation_xdr_deleteStoryComment/README.md +17 -0
  73. catocli/parsers/query_accountMetrics/README.md +2 -1
  74. catocli/parsers/query_appStatsTimeSeries/README.md +2 -1
  75. catocli/parsers/query_eventsFeed/README.md +1 -1
  76. catocli/parsers/query_eventsTimeSeries/README.md +2 -1
  77. catocli/parsers/query_policy/README.md +4 -1
  78. catocli/parsers/query_sandbox/README.md +17 -0
  79. catocli/parsers/query_sandbox/__init__.py +17 -0
  80. catocli/parsers/query_siteLocation/README.md +1 -1
  81. catocli/parsers/query_xdr_story/README.md +1 -1
  82. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/METADATA +1 -1
  83. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/RECORD +166 -66
  84. models/mutation.admin.addAdmin.json +0 -60
  85. models/mutation.admin.updateAdmin.json +0 -57
  86. models/mutation.policy.dynamicIpAllocation.addRule.json +3696 -0
  87. models/mutation.policy.dynamicIpAllocation.addSection.json +1358 -0
  88. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +2175 -0
  89. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +2109 -0
  90. models/mutation.policy.dynamicIpAllocation.moveRule.json +1907 -0
  91. models/mutation.policy.dynamicIpAllocation.moveSection.json +1259 -0
  92. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +2166 -0
  93. models/mutation.policy.dynamicIpAllocation.removeRule.json +1555 -0
  94. models/mutation.policy.dynamicIpAllocation.removeSection.json +958 -0
  95. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +2185 -0
  96. models/mutation.policy.dynamicIpAllocation.updateRule.json +3374 -0
  97. models/mutation.policy.dynamicIpAllocation.updateSection.json +1111 -0
  98. models/mutation.policy.internetFirewall.addRule.json +18 -18
  99. models/mutation.policy.internetFirewall.createPolicyRevision.json +4 -4
  100. models/mutation.policy.internetFirewall.discardPolicyRevision.json +4 -4
  101. models/mutation.policy.internetFirewall.moveRule.json +4 -4
  102. models/mutation.policy.internetFirewall.publishPolicyRevision.json +4 -4
  103. models/mutation.policy.internetFirewall.removeRule.json +4 -4
  104. models/mutation.policy.internetFirewall.updatePolicy.json +4 -4
  105. models/mutation.policy.internetFirewall.updateRule.json +18 -18
  106. models/mutation.policy.socketLan.addRule.json +11266 -0
  107. models/mutation.policy.socketLan.addSection.json +1358 -0
  108. models/mutation.policy.socketLan.createPolicyRevision.json +3926 -0
  109. models/mutation.policy.socketLan.discardPolicyRevision.json +3860 -0
  110. models/mutation.policy.socketLan.moveRule.json +3658 -0
  111. models/mutation.policy.socketLan.moveSection.json +1259 -0
  112. models/mutation.policy.socketLan.publishPolicyRevision.json +3917 -0
  113. models/mutation.policy.socketLan.removeRule.json +3306 -0
  114. models/mutation.policy.socketLan.removeSection.json +958 -0
  115. models/mutation.policy.socketLan.updatePolicy.json +3936 -0
  116. models/mutation.policy.socketLan.updateRule.json +10860 -0
  117. models/mutation.policy.socketLan.updateSection.json +1111 -0
  118. models/mutation.policy.wanNetwork.addRule.json +30614 -0
  119. models/mutation.policy.wanNetwork.addSection.json +1358 -0
  120. models/mutation.policy.wanNetwork.createPolicyRevision.json +8251 -0
  121. models/mutation.policy.wanNetwork.discardPolicyRevision.json +8185 -0
  122. models/mutation.policy.wanNetwork.moveRule.json +7983 -0
  123. models/mutation.policy.wanNetwork.moveSection.json +1259 -0
  124. models/mutation.policy.wanNetwork.publishPolicyRevision.json +8242 -0
  125. models/mutation.policy.wanNetwork.removeRule.json +7631 -0
  126. models/mutation.policy.wanNetwork.removeSection.json +958 -0
  127. models/mutation.policy.wanNetwork.updatePolicy.json +8261 -0
  128. models/mutation.policy.wanNetwork.updateRule.json +30145 -0
  129. models/mutation.policy.wanNetwork.updateSection.json +1111 -0
  130. models/mutation.sandbox.deleteReport.json +302 -0
  131. models/mutation.sandbox.uploadFile.json +301 -0
  132. models/mutation.site.addIpsecIkeV2Site.json +57 -0
  133. models/mutation.site.addIpsecIkeV2SiteTunnels.json +222 -0
  134. models/mutation.site.addSecondaryAwsVSocket.json +707 -0
  135. models/mutation.site.addSecondaryAzureVSocket.json +647 -0
  136. models/mutation.site.addSocketSite.json +72 -15
  137. models/mutation.site.updateIpsecIkeV2SiteTunnels.json +222 -0
  138. models/mutation.site.updateNetworkRange.json +3 -3
  139. models/mutation.site.updateSocketInterface.json +126 -18
  140. models/mutation.sites.addIpsecIkeV2Site.json +57 -0
  141. models/mutation.sites.addIpsecIkeV2SiteTunnels.json +222 -0
  142. models/mutation.sites.addSecondaryAwsVSocket.json +707 -0
  143. models/mutation.sites.addSecondaryAzureVSocket.json +647 -0
  144. models/mutation.sites.addSocketSite.json +72 -15
  145. models/mutation.sites.updateIpsecIkeV2SiteTunnels.json +222 -0
  146. models/mutation.sites.updateNetworkRange.json +3 -3
  147. models/mutation.sites.updateSocketInterface.json +126 -18
  148. models/mutation.xdr.addStoryComment.json +622 -0
  149. models/mutation.xdr.analystFeedback.json +28820 -0
  150. models/mutation.xdr.deleteStoryComment.json +622 -0
  151. models/query.accountMetrics.json +592 -0
  152. models/query.accountSnapshot.json +308 -0
  153. models/query.appStatsTimeSeries.json +37 -0
  154. models/query.auditFeed.json +352 -52
  155. models/query.events.json +1434 -234
  156. models/query.eventsFeed.json +352 -52
  157. models/query.eventsTimeSeries.json +1113 -176
  158. models/query.policy.json +22867 -9389
  159. models/query.sandbox.json +2111 -0
  160. models/query.xdr.stories.json +134 -4
  161. models/query.xdr.story.json +116 -4
  162. schema/catolib.py +4 -5
  163. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/LICENSE +0 -0
  164. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/WHEEL +0 -0
  165. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/entry_points.txt +0 -0
  166. {catocli-1.0.19.dist-info → catocli-1.0.21.dist-info}/top_level.txt +0 -0
models/query.eventsTimeSeries.json CHANGED
@@ -48,7 +48,7 @@
48
48
  "description": null,
49
49
  "enumValues": [
50
50
  {
51
- "deprecationReason": "use src_site_id/src_site_name instead",
51
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
52
52
  "description": "Name of site or user initiating the connection",
53
53
  "isDeprecated": true,
54
54
  "name": "src_site"
@@ -72,7 +72,7 @@
72
72
  "name": "user_id"
73
73
  },
74
74
  {
75
- "deprecationReason": "use dest_site_id/dest_site_name instead",
75
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
76
76
  "description": "For WAN traffic, name of destination site or SDP user",
77
77
  "isDeprecated": true,
78
78
  "name": "dest_site"
@@ -84,13 +84,13 @@
84
84
  "name": "dest_site_id"
85
85
  },
86
86
  {
87
- "deprecationReason": null,
87
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
88
88
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
89
- "isDeprecated": false,
89
+ "isDeprecated": true,
90
90
  "name": "src_or_dest_site_id"
91
91
  },
92
92
  {
93
- "deprecationReason": "use rule_name instead",
93
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
94
94
  "description": "Name of security rule related to the event",
95
95
  "isDeprecated": true,
96
96
  "name": "rule"
@@ -108,7 +108,7 @@
108
108
  "name": "socket_interface"
109
109
  },
110
110
  {
111
- "deprecationReason": "use custom_category_id/custom_category_name instead",
111
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
112
112
  "description": "Name for the custom category defined in the Cato Management Application",
113
113
  "isDeprecated": true,
114
114
  "name": "custom_category"
@@ -121,7 +121,7 @@
121
121
  },
122
122
  {
123
123
  "deprecationReason": null,
124
- "description": "For Internet traffic, destination host port",
124
+ "description": "Destination port",
125
125
  "isDeprecated": false,
126
126
  "name": "dest_port"
127
127
  },
@@ -181,7 +181,7 @@
181
181
  },
182
182
  {
183
183
  "deprecationReason": null,
184
- "description": "For Internet traffic, destination host IP address",
184
+ "description": "Destination IP address",
185
185
  "isDeprecated": false,
186
186
  "name": "dest_ip"
187
187
  },
@@ -258,7 +258,7 @@
258
258
  "name": "configured_host_name"
259
259
  },
260
260
  {
261
- "deprecationReason": "use event_id instead",
261
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
262
262
  "description": "Cato Internal-use only",
263
263
  "isDeprecated": true,
264
264
  "name": "internalId"
@@ -330,9 +330,9 @@
330
330
  "name": "bgp_error_code"
331
331
  },
332
332
  {
333
- "deprecationReason": null,
333
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
334
334
  "description": "Description from Cato Management Application for BGP peer",
335
- "isDeprecated": false,
335
+ "isDeprecated": true,
336
336
  "name": "bgp_peer_description"
337
337
  },
338
338
  {
@@ -397,7 +397,7 @@
397
397
  },
398
398
  {
399
399
  "deprecationReason": null,
400
- "description": "Data that measures the latency for a specific link",
400
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
401
401
  "isDeprecated": false,
402
402
  "name": "link_health_latency"
403
403
  },
@@ -552,14 +552,14 @@
552
552
  "name": "incident_id"
553
553
  },
554
554
  {
555
- "deprecationReason": "use application_id/application_name instead",
555
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
556
556
  "description": "For Internet firewall, app for this event",
557
557
  "isDeprecated": true,
558
558
  "name": "application"
559
559
  },
560
560
  {
561
561
  "deprecationReason": null,
562
- "description": "Application of the flow",
562
+ "description": "The name of the application associated with the flow",
563
563
  "isDeprecated": false,
564
564
  "name": "application_name"
565
565
  },
@@ -582,7 +582,7 @@
582
582
  "name": "socket_interface_id"
583
583
  },
584
584
  {
585
- "deprecationReason": "use custom_category_id/custom_category_name instead",
585
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
586
586
  "description": "Unique Cato ID for the custom category",
587
587
  "isDeprecated": true,
588
588
  "name": "custom_categories"
@@ -661,7 +661,7 @@
661
661
  },
662
662
  {
663
663
  "deprecationReason": null,
664
- "description": "For Internet traffic, destination host IP address",
664
+ "description": "The name of the destination site",
665
665
  "isDeprecated": false,
666
666
  "name": "dest_site_name"
667
667
  },
@@ -720,7 +720,7 @@
720
720
  "name": "device_posture_profile"
721
721
  },
722
722
  {
723
- "deprecationReason": "use device_posture_profile instead",
723
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
724
724
  "description": "Device posture profiles",
725
725
  "isDeprecated": true,
726
726
  "name": "device_posture_profiles"
@@ -793,7 +793,7 @@
793
793
  },
794
794
  {
795
795
  "deprecationReason": null,
796
- "description": "DLP fail mode",
796
+ "description": "Describes the behavior when the DLP system encounters a failure",
797
797
  "isDeprecated": false,
798
798
  "name": "dlp_fail_mode"
799
799
  },
@@ -851,6 +851,24 @@
851
851
  "isDeprecated": false,
852
852
  "name": "is_sinkhole"
853
853
  },
854
+ {
855
+ "deprecationReason": null,
856
+ "description": "The ID for the endpoint",
857
+ "isDeprecated": false,
858
+ "name": "endpoint_id"
859
+ },
860
+ {
861
+ "deprecationReason": null,
862
+ "description": "The Endpoint Protection Engine that detected the malware",
863
+ "isDeprecated": false,
864
+ "name": "epp_engine_type"
865
+ },
866
+ {
867
+ "deprecationReason": null,
868
+ "description": "The file operation when this event occurred",
869
+ "isDeprecated": false,
870
+ "name": "file_operation"
871
+ },
854
872
  {
855
873
  "deprecationReason": null,
856
874
  "description": null,
@@ -883,7 +901,7 @@
883
901
  },
884
902
  {
885
903
  "deprecationReason": null,
886
- "description": null,
904
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
887
905
  "isDeprecated": false,
888
906
  "name": "vendor"
889
907
  },
@@ -924,19 +942,19 @@
924
942
  "name": "recommended_actions"
925
943
  },
926
944
  {
927
- "deprecationReason": "use src_pid instead",
945
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
928
946
  "description": null,
929
947
  "isDeprecated": true,
930
948
  "name": "pid"
931
949
  },
932
950
  {
933
- "deprecationReason": "use src_process_parent_pid instead",
951
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
934
952
  "description": null,
935
953
  "isDeprecated": true,
936
954
  "name": "parent_pid"
937
955
  },
938
956
  {
939
- "deprecationReason": "use src_process_path instead",
957
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
940
958
  "description": null,
941
959
  "isDeprecated": true,
942
960
  "name": "process_path"
@@ -953,12 +971,96 @@
953
971
  "isDeprecated": false,
954
972
  "name": "out_of_band_access"
955
973
  },
974
+ {
975
+ "deprecationReason": null,
976
+ "description": "A Unique ID for the quarantined file",
977
+ "isDeprecated": false,
978
+ "name": "quarantine_uuid"
979
+ },
956
980
  {
957
981
  "deprecationReason": null,
958
982
  "description": null,
959
983
  "isDeprecated": false,
960
984
  "name": "logged_in_user"
961
985
  },
986
+ {
987
+ "deprecationReason": null,
988
+ "description": "The profile assigned to the endpoint upon detection of the malware",
989
+ "isDeprecated": false,
990
+ "name": "epp_profile"
991
+ },
992
+ {
993
+ "deprecationReason": null,
994
+ "description": "Source process ID",
995
+ "isDeprecated": false,
996
+ "name": "src_pid"
997
+ },
998
+ {
999
+ "deprecationReason": null,
1000
+ "description": "Source process file path",
1001
+ "isDeprecated": false,
1002
+ "name": "src_process_path"
1003
+ },
1004
+ {
1005
+ "deprecationReason": null,
1006
+ "description": "Source process command line",
1007
+ "isDeprecated": false,
1008
+ "name": "src_process_cmdline"
1009
+ },
1010
+ {
1011
+ "deprecationReason": null,
1012
+ "description": "Source process parent process ID",
1013
+ "isDeprecated": false,
1014
+ "name": "src_process_parent_pid"
1015
+ },
1016
+ {
1017
+ "deprecationReason": null,
1018
+ "description": "Source process parent file path",
1019
+ "isDeprecated": false,
1020
+ "name": "src_process_parent_path"
1021
+ },
1022
+ {
1023
+ "deprecationReason": null,
1024
+ "description": "The destination process ID",
1025
+ "isDeprecated": false,
1026
+ "name": "dest_pid"
1027
+ },
1028
+ {
1029
+ "deprecationReason": null,
1030
+ "description": "Destination process file path",
1031
+ "isDeprecated": false,
1032
+ "name": "dest_process_path"
1033
+ },
1034
+ {
1035
+ "deprecationReason": null,
1036
+ "description": "Destination process command line",
1037
+ "isDeprecated": false,
1038
+ "name": "dest_process_cmdline"
1039
+ },
1040
+ {
1041
+ "deprecationReason": null,
1042
+ "description": "Destination process parent process ID",
1043
+ "isDeprecated": false,
1044
+ "name": "dest_process_parent_pid"
1045
+ },
1046
+ {
1047
+ "deprecationReason": null,
1048
+ "description": "Destination process parent file path",
1049
+ "isDeprecated": false,
1050
+ "name": "dest_process_parent_path"
1051
+ },
1052
+ {
1053
+ "deprecationReason": null,
1054
+ "description": "If policy is set to disinfect, return the result of this action",
1055
+ "isDeprecated": false,
1056
+ "name": "disinfect_result"
1057
+ },
1058
+ {
1059
+ "deprecationReason": null,
1060
+ "description": "Indicate how many processes are part of this event",
1061
+ "isDeprecated": false,
1062
+ "name": "processes_count"
1063
+ },
962
1064
  {
963
1065
  "deprecationReason": null,
964
1066
  "description": "HTTP request method (ie. Get, Post)",
@@ -1033,7 +1135,7 @@
1033
1135
  },
1034
1136
  {
1035
1137
  "deprecationReason": null,
1036
- "description": "Cato App",
1138
+ "description": "Cato application name",
1037
1139
  "isDeprecated": false,
1038
1140
  "name": "cato_app"
1039
1141
  },
@@ -1087,7 +1189,7 @@
1087
1189
  },
1088
1190
  {
1089
1191
  "deprecationReason": null,
1090
- "description": "Tenant Id",
1192
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1091
1193
  "isDeprecated": false,
1092
1194
  "name": "tenant_id"
1093
1195
  },
@@ -1147,7 +1249,7 @@
1147
1249
  },
1148
1250
  {
1149
1251
  "deprecationReason": null,
1150
- "description": "Data Classifiers",
1252
+ "description": "Defines the scanning methods used by the DLP system",
1151
1253
  "isDeprecated": false,
1152
1254
  "name": "dlp_scan_types"
1153
1255
  },
@@ -1225,7 +1327,7 @@
1225
1327
  },
1226
1328
  {
1227
1329
  "deprecationReason": null,
1228
- "description": "Used Public IP",
1330
+ "description": "Public source IP",
1229
1331
  "isDeprecated": false,
1230
1332
  "name": "public_ip"
1231
1333
  },
@@ -1396,6 +1498,54 @@
1396
1498
  "description": "Device Type",
1397
1499
  "isDeprecated": false,
1398
1500
  "name": "device_type"
1501
+ },
1502
+ {
1503
+ "deprecationReason": null,
1504
+ "description": "Tenant Restriction Rule Name",
1505
+ "isDeprecated": false,
1506
+ "name": "tenant_restriction_rule_name"
1507
+ },
1508
+ {
1509
+ "deprecationReason": null,
1510
+ "description": "Connection Origin",
1511
+ "isDeprecated": false,
1512
+ "name": "connection_origin"
1513
+ },
1514
+ {
1515
+ "deprecationReason": null,
1516
+ "description": "Translated Server IP",
1517
+ "isDeprecated": false,
1518
+ "name": "translated_server_ip"
1519
+ },
1520
+ {
1521
+ "deprecationReason": null,
1522
+ "description": "Translated Client IP",
1523
+ "isDeprecated": false,
1524
+ "name": "translated_client_ip"
1525
+ },
1526
+ {
1527
+ "deprecationReason": null,
1528
+ "description": "IoC Container Name",
1529
+ "isDeprecated": false,
1530
+ "name": "container_name"
1531
+ },
1532
+ {
1533
+ "deprecationReason": null,
1534
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1535
+ "isDeprecated": false,
1536
+ "name": "correlation_id"
1537
+ },
1538
+ {
1539
+ "deprecationReason": null,
1540
+ "description": "Precedence",
1541
+ "isDeprecated": false,
1542
+ "name": "precedence"
1543
+ },
1544
+ {
1545
+ "deprecationReason": null,
1546
+ "description": "A list of labels providing additional context for the event",
1547
+ "isDeprecated": false,
1548
+ "name": "labels"
1399
1549
  }
1400
1550
  ],
1401
1551
  "fields": null,
@@ -1460,7 +1610,7 @@
1460
1610
  "description": null,
1461
1611
  "enumValues": [
1462
1612
  {
1463
- "deprecationReason": "use src_site_id/src_site_name instead",
1613
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1464
1614
  "description": "Name of site or user initiating the connection",
1465
1615
  "isDeprecated": true,
1466
1616
  "name": "src_site"
@@ -1484,7 +1634,7 @@
1484
1634
  "name": "user_id"
1485
1635
  },
1486
1636
  {
1487
- "deprecationReason": "use dest_site_id/dest_site_name instead",
1637
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1488
1638
  "description": "For WAN traffic, name of destination site or SDP user",
1489
1639
  "isDeprecated": true,
1490
1640
  "name": "dest_site"
@@ -1496,13 +1646,13 @@
1496
1646
  "name": "dest_site_id"
1497
1647
  },
1498
1648
  {
1499
- "deprecationReason": null,
1649
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
1500
1650
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
1501
- "isDeprecated": false,
1651
+ "isDeprecated": true,
1502
1652
  "name": "src_or_dest_site_id"
1503
1653
  },
1504
1654
  {
1505
- "deprecationReason": "use rule_name instead",
1655
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1506
1656
  "description": "Name of security rule related to the event",
1507
1657
  "isDeprecated": true,
1508
1658
  "name": "rule"
@@ -1520,7 +1670,7 @@
1520
1670
  "name": "socket_interface"
1521
1671
  },
1522
1672
  {
1523
- "deprecationReason": "use custom_category_id/custom_category_name instead",
1673
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1524
1674
  "description": "Name for the custom category defined in the Cato Management Application",
1525
1675
  "isDeprecated": true,
1526
1676
  "name": "custom_category"
@@ -1533,7 +1683,7 @@
1533
1683
  },
1534
1684
  {
1535
1685
  "deprecationReason": null,
1536
- "description": "For Internet traffic, destination host port",
1686
+ "description": "Destination port",
1537
1687
  "isDeprecated": false,
1538
1688
  "name": "dest_port"
1539
1689
  },
@@ -1593,7 +1743,7 @@
1593
1743
  },
1594
1744
  {
1595
1745
  "deprecationReason": null,
1596
- "description": "For Internet traffic, destination host IP address",
1746
+ "description": "Destination IP address",
1597
1747
  "isDeprecated": false,
1598
1748
  "name": "dest_ip"
1599
1749
  },
@@ -1670,7 +1820,7 @@
1670
1820
  "name": "configured_host_name"
1671
1821
  },
1672
1822
  {
1673
- "deprecationReason": "use event_id instead",
1823
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
1674
1824
  "description": "Cato Internal-use only",
1675
1825
  "isDeprecated": true,
1676
1826
  "name": "internalId"
@@ -1742,9 +1892,9 @@
1742
1892
  "name": "bgp_error_code"
1743
1893
  },
1744
1894
  {
1745
- "deprecationReason": null,
1895
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
1746
1896
  "description": "Description from Cato Management Application for BGP peer",
1747
- "isDeprecated": false,
1897
+ "isDeprecated": true,
1748
1898
  "name": "bgp_peer_description"
1749
1899
  },
1750
1900
  {
@@ -1809,7 +1959,7 @@
1809
1959
  },
1810
1960
  {
1811
1961
  "deprecationReason": null,
1812
- "description": "Data that measures the latency for a specific link",
1962
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
1813
1963
  "isDeprecated": false,
1814
1964
  "name": "link_health_latency"
1815
1965
  },
@@ -1964,14 +2114,14 @@
1964
2114
  "name": "incident_id"
1965
2115
  },
1966
2116
  {
1967
- "deprecationReason": "use application_id/application_name instead",
2117
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1968
2118
  "description": "For Internet firewall, app for this event",
1969
2119
  "isDeprecated": true,
1970
2120
  "name": "application"
1971
2121
  },
1972
2122
  {
1973
2123
  "deprecationReason": null,
1974
- "description": "Application of the flow",
2124
+ "description": "The name of the application associated with the flow",
1975
2125
  "isDeprecated": false,
1976
2126
  "name": "application_name"
1977
2127
  },
@@ -1994,7 +2144,7 @@
1994
2144
  "name": "socket_interface_id"
1995
2145
  },
1996
2146
  {
1997
- "deprecationReason": "use custom_category_id/custom_category_name instead",
2147
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
1998
2148
  "description": "Unique Cato ID for the custom category",
1999
2149
  "isDeprecated": true,
2000
2150
  "name": "custom_categories"
@@ -2073,7 +2223,7 @@
2073
2223
  },
2074
2224
  {
2075
2225
  "deprecationReason": null,
2076
- "description": "For Internet traffic, destination host IP address",
2226
+ "description": "The name of the destination site",
2077
2227
  "isDeprecated": false,
2078
2228
  "name": "dest_site_name"
2079
2229
  },
@@ -2132,7 +2282,7 @@
2132
2282
  "name": "device_posture_profile"
2133
2283
  },
2134
2284
  {
2135
- "deprecationReason": "use device_posture_profile instead",
2285
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2136
2286
  "description": "Device posture profiles",
2137
2287
  "isDeprecated": true,
2138
2288
  "name": "device_posture_profiles"
@@ -2205,7 +2355,7 @@
2205
2355
  },
2206
2356
  {
2207
2357
  "deprecationReason": null,
2208
- "description": "DLP fail mode",
2358
+ "description": "Describes the behavior when the DLP system encounters a failure",
2209
2359
  "isDeprecated": false,
2210
2360
  "name": "dlp_fail_mode"
2211
2361
  },
@@ -2263,6 +2413,24 @@
2263
2413
  "isDeprecated": false,
2264
2414
  "name": "is_sinkhole"
2265
2415
  },
2416
+ {
2417
+ "deprecationReason": null,
2418
+ "description": "The ID for the endpoint",
2419
+ "isDeprecated": false,
2420
+ "name": "endpoint_id"
2421
+ },
2422
+ {
2423
+ "deprecationReason": null,
2424
+ "description": "The Endpoint Protection Engine that detected the malware",
2425
+ "isDeprecated": false,
2426
+ "name": "epp_engine_type"
2427
+ },
2428
+ {
2429
+ "deprecationReason": null,
2430
+ "description": "The file operation when this event occurred",
2431
+ "isDeprecated": false,
2432
+ "name": "file_operation"
2433
+ },
2266
2434
  {
2267
2435
  "deprecationReason": null,
2268
2436
  "description": null,
@@ -2295,7 +2463,7 @@
2295
2463
  },
2296
2464
  {
2297
2465
  "deprecationReason": null,
2298
- "description": null,
2466
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
2299
2467
  "isDeprecated": false,
2300
2468
  "name": "vendor"
2301
2469
  },
@@ -2336,19 +2504,19 @@
2336
2504
  "name": "recommended_actions"
2337
2505
  },
2338
2506
  {
2339
- "deprecationReason": "use src_pid instead",
2507
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2340
2508
  "description": null,
2341
2509
  "isDeprecated": true,
2342
2510
  "name": "pid"
2343
2511
  },
2344
2512
  {
2345
- "deprecationReason": "use src_process_parent_pid instead",
2513
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2346
2514
  "description": null,
2347
2515
  "isDeprecated": true,
2348
2516
  "name": "parent_pid"
2349
2517
  },
2350
2518
  {
2351
- "deprecationReason": "use src_process_path instead",
2519
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2352
2520
  "description": null,
2353
2521
  "isDeprecated": true,
2354
2522
  "name": "process_path"
@@ -2365,12 +2533,96 @@
2365
2533
  "isDeprecated": false,
2366
2534
  "name": "out_of_band_access"
2367
2535
  },
2536
+ {
2537
+ "deprecationReason": null,
2538
+ "description": "A Unique ID for the quarantined file",
2539
+ "isDeprecated": false,
2540
+ "name": "quarantine_uuid"
2541
+ },
2368
2542
  {
2369
2543
  "deprecationReason": null,
2370
2544
  "description": null,
2371
2545
  "isDeprecated": false,
2372
2546
  "name": "logged_in_user"
2373
2547
  },
2548
+ {
2549
+ "deprecationReason": null,
2550
+ "description": "The profile assigned to the endpoint upon detection of the malware",
2551
+ "isDeprecated": false,
2552
+ "name": "epp_profile"
2553
+ },
2554
+ {
2555
+ "deprecationReason": null,
2556
+ "description": "Source process ID",
2557
+ "isDeprecated": false,
2558
+ "name": "src_pid"
2559
+ },
2560
+ {
2561
+ "deprecationReason": null,
2562
+ "description": "Source process file path",
2563
+ "isDeprecated": false,
2564
+ "name": "src_process_path"
2565
+ },
2566
+ {
2567
+ "deprecationReason": null,
2568
+ "description": "Source process command line",
2569
+ "isDeprecated": false,
2570
+ "name": "src_process_cmdline"
2571
+ },
2572
+ {
2573
+ "deprecationReason": null,
2574
+ "description": "Source process parent process ID",
2575
+ "isDeprecated": false,
2576
+ "name": "src_process_parent_pid"
2577
+ },
2578
+ {
2579
+ "deprecationReason": null,
2580
+ "description": "Source process parent file path",
2581
+ "isDeprecated": false,
2582
+ "name": "src_process_parent_path"
2583
+ },
2584
+ {
2585
+ "deprecationReason": null,
2586
+ "description": "The destination process ID",
2587
+ "isDeprecated": false,
2588
+ "name": "dest_pid"
2589
+ },
2590
+ {
2591
+ "deprecationReason": null,
2592
+ "description": "Destination process file path",
2593
+ "isDeprecated": false,
2594
+ "name": "dest_process_path"
2595
+ },
2596
+ {
2597
+ "deprecationReason": null,
2598
+ "description": "Destination process command line",
2599
+ "isDeprecated": false,
2600
+ "name": "dest_process_cmdline"
2601
+ },
2602
+ {
2603
+ "deprecationReason": null,
2604
+ "description": "Destination process parent process ID",
2605
+ "isDeprecated": false,
2606
+ "name": "dest_process_parent_pid"
2607
+ },
2608
+ {
2609
+ "deprecationReason": null,
2610
+ "description": "Destination process parent file path",
2611
+ "isDeprecated": false,
2612
+ "name": "dest_process_parent_path"
2613
+ },
2614
+ {
2615
+ "deprecationReason": null,
2616
+ "description": "If policy is set to disinfect, return the result of this action",
2617
+ "isDeprecated": false,
2618
+ "name": "disinfect_result"
2619
+ },
2620
+ {
2621
+ "deprecationReason": null,
2622
+ "description": "Indicate how many processes are part of this event",
2623
+ "isDeprecated": false,
2624
+ "name": "processes_count"
2625
+ },
2374
2626
  {
2375
2627
  "deprecationReason": null,
2376
2628
  "description": "HTTP request method (ie. Get, Post)",
@@ -2445,7 +2697,7 @@
2445
2697
  },
2446
2698
  {
2447
2699
  "deprecationReason": null,
2448
- "description": "Cato App",
2700
+ "description": "Cato application name",
2449
2701
  "isDeprecated": false,
2450
2702
  "name": "cato_app"
2451
2703
  },
@@ -2499,7 +2751,7 @@
2499
2751
  },
2500
2752
  {
2501
2753
  "deprecationReason": null,
2502
- "description": "Tenant Id",
2754
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
2503
2755
  "isDeprecated": false,
2504
2756
  "name": "tenant_id"
2505
2757
  },
@@ -2559,7 +2811,7 @@
2559
2811
  },
2560
2812
  {
2561
2813
  "deprecationReason": null,
2562
- "description": "Data Classifiers",
2814
+ "description": "Defines the scanning methods used by the DLP system",
2563
2815
  "isDeprecated": false,
2564
2816
  "name": "dlp_scan_types"
2565
2817
  },
@@ -2637,7 +2889,7 @@
2637
2889
  },
2638
2890
  {
2639
2891
  "deprecationReason": null,
2640
- "description": "Used Public IP",
2892
+ "description": "Public source IP",
2641
2893
  "isDeprecated": false,
2642
2894
  "name": "public_ip"
2643
2895
  },
@@ -2808,6 +3060,54 @@
2808
3060
  "description": "Device Type",
2809
3061
  "isDeprecated": false,
2810
3062
  "name": "device_type"
3063
+ },
3064
+ {
3065
+ "deprecationReason": null,
3066
+ "description": "Tenant Restriction Rule Name",
3067
+ "isDeprecated": false,
3068
+ "name": "tenant_restriction_rule_name"
3069
+ },
3070
+ {
3071
+ "deprecationReason": null,
3072
+ "description": "Connection Origin",
3073
+ "isDeprecated": false,
3074
+ "name": "connection_origin"
3075
+ },
3076
+ {
3077
+ "deprecationReason": null,
3078
+ "description": "Translated Server IP",
3079
+ "isDeprecated": false,
3080
+ "name": "translated_server_ip"
3081
+ },
3082
+ {
3083
+ "deprecationReason": null,
3084
+ "description": "Translated Client IP",
3085
+ "isDeprecated": false,
3086
+ "name": "translated_client_ip"
3087
+ },
3088
+ {
3089
+ "deprecationReason": null,
3090
+ "description": "IoC Container Name",
3091
+ "isDeprecated": false,
3092
+ "name": "container_name"
3093
+ },
3094
+ {
3095
+ "deprecationReason": null,
3096
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
3097
+ "isDeprecated": false,
3098
+ "name": "correlation_id"
3099
+ },
3100
+ {
3101
+ "deprecationReason": null,
3102
+ "description": "Precedence",
3103
+ "isDeprecated": false,
3104
+ "name": "precedence"
3105
+ },
3106
+ {
3107
+ "deprecationReason": null,
3108
+ "description": "A list of labels providing additional context for the event",
3109
+ "isDeprecated": false,
3110
+ "name": "labels"
2811
3111
  }
2812
3112
  ],
2813
3113
  "fields": null,
@@ -3088,7 +3388,7 @@
3088
3388
  "description": null,
3089
3389
  "enumValues": [
3090
3390
  {
3091
- "deprecationReason": "use src_site_id/src_site_name instead",
3391
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3092
3392
  "description": "Name of site or user initiating the connection",
3093
3393
  "isDeprecated": true,
3094
3394
  "name": "src_site"
@@ -3112,7 +3412,7 @@
3112
3412
  "name": "user_id"
3113
3413
  },
3114
3414
  {
3115
- "deprecationReason": "use dest_site_id/dest_site_name instead",
3415
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3116
3416
  "description": "For WAN traffic, name of destination site or SDP user",
3117
3417
  "isDeprecated": true,
3118
3418
  "name": "dest_site"
@@ -3124,13 +3424,13 @@
3124
3424
  "name": "dest_site_id"
3125
3425
  },
3126
3426
  {
3127
- "deprecationReason": null,
3427
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
3128
3428
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
3129
- "isDeprecated": false,
3429
+ "isDeprecated": true,
3130
3430
  "name": "src_or_dest_site_id"
3131
3431
  },
3132
3432
  {
3133
- "deprecationReason": "use rule_name instead",
3433
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3134
3434
  "description": "Name of security rule related to the event",
3135
3435
  "isDeprecated": true,
3136
3436
  "name": "rule"
@@ -3148,7 +3448,7 @@
3148
3448
  "name": "socket_interface"
3149
3449
  },
3150
3450
  {
3151
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3451
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3152
3452
  "description": "Name for the custom category defined in the Cato Management Application",
3153
3453
  "isDeprecated": true,
3154
3454
  "name": "custom_category"
@@ -3161,7 +3461,7 @@
3161
3461
  },
3162
3462
  {
3163
3463
  "deprecationReason": null,
3164
- "description": "For Internet traffic, destination host port",
3464
+ "description": "Destination port",
3165
3465
  "isDeprecated": false,
3166
3466
  "name": "dest_port"
3167
3467
  },
@@ -3221,7 +3521,7 @@
3221
3521
  },
3222
3522
  {
3223
3523
  "deprecationReason": null,
3224
- "description": "For Internet traffic, destination host IP address",
3524
+ "description": "Destination IP address",
3225
3525
  "isDeprecated": false,
3226
3526
  "name": "dest_ip"
3227
3527
  },
@@ -3298,7 +3598,7 @@
3298
3598
  "name": "configured_host_name"
3299
3599
  },
3300
3600
  {
3301
- "deprecationReason": "use event_id instead",
3601
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
3302
3602
  "description": "Cato Internal-use only",
3303
3603
  "isDeprecated": true,
3304
3604
  "name": "internalId"
@@ -3370,9 +3670,9 @@
3370
3670
  "name": "bgp_error_code"
3371
3671
  },
3372
3672
  {
3373
- "deprecationReason": null,
3673
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
3374
3674
  "description": "Description from Cato Management Application for BGP peer",
3375
- "isDeprecated": false,
3675
+ "isDeprecated": true,
3376
3676
  "name": "bgp_peer_description"
3377
3677
  },
3378
3678
  {
@@ -3437,7 +3737,7 @@
3437
3737
  },
3438
3738
  {
3439
3739
  "deprecationReason": null,
3440
- "description": "Data that measures the latency for a specific link",
3740
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
3441
3741
  "isDeprecated": false,
3442
3742
  "name": "link_health_latency"
3443
3743
  },
@@ -3592,14 +3892,14 @@
3592
3892
  "name": "incident_id"
3593
3893
  },
3594
3894
  {
3595
- "deprecationReason": "use application_id/application_name instead",
3895
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3596
3896
  "description": "For Internet firewall, app for this event",
3597
3897
  "isDeprecated": true,
3598
3898
  "name": "application"
3599
3899
  },
3600
3900
  {
3601
3901
  "deprecationReason": null,
3602
- "description": "Application of the flow",
3902
+ "description": "The name of the application associated with the flow",
3603
3903
  "isDeprecated": false,
3604
3904
  "name": "application_name"
3605
3905
  },
@@ -3622,7 +3922,7 @@
3622
3922
  "name": "socket_interface_id"
3623
3923
  },
3624
3924
  {
3625
- "deprecationReason": "use custom_category_id/custom_category_name instead",
3925
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
3626
3926
  "description": "Unique Cato ID for the custom category",
3627
3927
  "isDeprecated": true,
3628
3928
  "name": "custom_categories"
@@ -3701,7 +4001,7 @@
3701
4001
  },
3702
4002
  {
3703
4003
  "deprecationReason": null,
3704
- "description": "For Internet traffic, destination host IP address",
4004
+ "description": "The name of the destination site",
3705
4005
  "isDeprecated": false,
3706
4006
  "name": "dest_site_name"
3707
4007
  },
@@ -3760,7 +4060,7 @@
3760
4060
  "name": "device_posture_profile"
3761
4061
  },
3762
4062
  {
3763
- "deprecationReason": "use device_posture_profile instead",
4063
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
3764
4064
  "description": "Device posture profiles",
3765
4065
  "isDeprecated": true,
3766
4066
  "name": "device_posture_profiles"
@@ -3833,7 +4133,7 @@
3833
4133
  },
3834
4134
  {
3835
4135
  "deprecationReason": null,
3836
- "description": "DLP fail mode",
4136
+ "description": "Describes the behavior when the DLP system encounters a failure",
3837
4137
  "isDeprecated": false,
3838
4138
  "name": "dlp_fail_mode"
3839
4139
  },
@@ -3891,6 +4191,24 @@
3891
4191
  "isDeprecated": false,
3892
4192
  "name": "is_sinkhole"
3893
4193
  },
4194
+ {
4195
+ "deprecationReason": null,
4196
+ "description": "The ID for the endpoint",
4197
+ "isDeprecated": false,
4198
+ "name": "endpoint_id"
4199
+ },
4200
+ {
4201
+ "deprecationReason": null,
4202
+ "description": "The Endpoint Protection Engine that detected the malware",
4203
+ "isDeprecated": false,
4204
+ "name": "epp_engine_type"
4205
+ },
4206
+ {
4207
+ "deprecationReason": null,
4208
+ "description": "The file operation when this event occurred",
4209
+ "isDeprecated": false,
4210
+ "name": "file_operation"
4211
+ },
3894
4212
  {
3895
4213
  "deprecationReason": null,
3896
4214
  "description": null,
@@ -3923,7 +4241,7 @@
3923
4241
  },
3924
4242
  {
3925
4243
  "deprecationReason": null,
3926
- "description": null,
4244
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
3927
4245
  "isDeprecated": false,
3928
4246
  "name": "vendor"
3929
4247
  },
@@ -3964,19 +4282,19 @@
3964
4282
  "name": "recommended_actions"
3965
4283
  },
3966
4284
  {
3967
- "deprecationReason": "use src_pid instead",
4285
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3968
4286
  "description": null,
3969
4287
  "isDeprecated": true,
3970
4288
  "name": "pid"
3971
4289
  },
3972
4290
  {
3973
- "deprecationReason": "use src_process_parent_pid instead",
4291
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
3974
4292
  "description": null,
3975
4293
  "isDeprecated": true,
3976
4294
  "name": "parent_pid"
3977
4295
  },
3978
4296
  {
3979
- "deprecationReason": "use src_process_path instead",
4297
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
3980
4298
  "description": null,
3981
4299
  "isDeprecated": true,
3982
4300
  "name": "process_path"
@@ -3993,6 +4311,12 @@
3993
4311
  "isDeprecated": false,
3994
4312
  "name": "out_of_band_access"
3995
4313
  },
4314
+ {
4315
+ "deprecationReason": null,
4316
+ "description": "A Unique ID for the quarantined file",
4317
+ "isDeprecated": false,
4318
+ "name": "quarantine_uuid"
4319
+ },
3996
4320
  {
3997
4321
  "deprecationReason": null,
3998
4322
  "description": null,
@@ -4001,61 +4325,139 @@
4001
4325
  },
4002
4326
  {
4003
4327
  "deprecationReason": null,
4004
- "description": "HTTP request method (ie. Get, Post)",
4328
+ "description": "The profile assigned to the endpoint upon detection of the malware",
4005
4329
  "isDeprecated": false,
4006
- "name": "http_request_method"
4330
+ "name": "epp_profile"
4007
4331
  },
4008
4332
  {
4009
4333
  "deprecationReason": null,
4010
- "description": "XFF HTTP header indicates the original IP address for the connections",
4334
+ "description": "Source process ID",
4011
4335
  "isDeprecated": false,
4012
- "name": "xff"
4336
+ "name": "src_pid"
4013
4337
  },
4014
4338
  {
4015
4339
  "deprecationReason": null,
4016
- "description": "Domain queried in the DNS request",
4340
+ "description": "Source process file path",
4017
4341
  "isDeprecated": false,
4018
- "name": "dns_query"
4342
+ "name": "src_process_path"
4019
4343
  },
4020
4344
  {
4021
4345
  "deprecationReason": null,
4022
- "description": "Name defined for the public API Key in the Cato Management Application",
4346
+ "description": "Source process command line",
4023
4347
  "isDeprecated": false,
4024
- "name": "key_name"
4348
+ "name": "src_process_cmdline"
4025
4349
  },
4026
4350
  {
4027
4351
  "deprecationReason": null,
4028
- "description": null,
4352
+ "description": "Source process parent process ID",
4029
4353
  "isDeprecated": false,
4030
- "name": "api_type"
4354
+ "name": "src_process_parent_pid"
4031
4355
  },
4032
4356
  {
4033
4357
  "deprecationReason": null,
4034
- "description": null,
4358
+ "description": "Source process parent file path",
4035
4359
  "isDeprecated": false,
4036
- "name": "api_name"
4360
+ "name": "src_process_parent_path"
4037
4361
  },
4038
4362
  {
4039
4363
  "deprecationReason": null,
4040
- "description": "Related Apps",
4364
+ "description": "The destination process ID",
4041
4365
  "isDeprecated": false,
4042
- "name": "app_stack"
4366
+ "name": "dest_pid"
4043
4367
  },
4044
4368
  {
4045
4369
  "deprecationReason": null,
4046
- "description": "TLS Inspection rule name",
4370
+ "description": "Destination process file path",
4047
4371
  "isDeprecated": false,
4048
- "name": "tls_rule_name"
4372
+ "name": "dest_process_path"
4049
4373
  },
4050
4374
  {
4051
4375
  "deprecationReason": null,
4052
- "description": "TLS Certificate Error",
4376
+ "description": "Destination process command line",
4053
4377
  "isDeprecated": false,
4054
- "name": "tls_certificate_error"
4378
+ "name": "dest_process_cmdline"
4055
4379
  },
4056
4380
  {
4057
4381
  "deprecationReason": null,
4058
- "description": "TLS Version",
4382
+ "description": "Destination process parent process ID",
4383
+ "isDeprecated": false,
4384
+ "name": "dest_process_parent_pid"
4385
+ },
4386
+ {
4387
+ "deprecationReason": null,
4388
+ "description": "Destination process parent file path",
4389
+ "isDeprecated": false,
4390
+ "name": "dest_process_parent_path"
4391
+ },
4392
+ {
4393
+ "deprecationReason": null,
4394
+ "description": "If policy is set to disinfect, return the result of this action",
4395
+ "isDeprecated": false,
4396
+ "name": "disinfect_result"
4397
+ },
4398
+ {
4399
+ "deprecationReason": null,
4400
+ "description": "Indicate how many processes are part of this event",
4401
+ "isDeprecated": false,
4402
+ "name": "processes_count"
4403
+ },
4404
+ {
4405
+ "deprecationReason": null,
4406
+ "description": "HTTP request method (ie. Get, Post)",
4407
+ "isDeprecated": false,
4408
+ "name": "http_request_method"
4409
+ },
4410
+ {
4411
+ "deprecationReason": null,
4412
+ "description": "XFF HTTP header indicates the original IP address for the connections",
4413
+ "isDeprecated": false,
4414
+ "name": "xff"
4415
+ },
4416
+ {
4417
+ "deprecationReason": null,
4418
+ "description": "Domain queried in the DNS request",
4419
+ "isDeprecated": false,
4420
+ "name": "dns_query"
4421
+ },
4422
+ {
4423
+ "deprecationReason": null,
4424
+ "description": "Name defined for the public API Key in the Cato Management Application",
4425
+ "isDeprecated": false,
4426
+ "name": "key_name"
4427
+ },
4428
+ {
4429
+ "deprecationReason": null,
4430
+ "description": null,
4431
+ "isDeprecated": false,
4432
+ "name": "api_type"
4433
+ },
4434
+ {
4435
+ "deprecationReason": null,
4436
+ "description": null,
4437
+ "isDeprecated": false,
4438
+ "name": "api_name"
4439
+ },
4440
+ {
4441
+ "deprecationReason": null,
4442
+ "description": "Related Apps",
4443
+ "isDeprecated": false,
4444
+ "name": "app_stack"
4445
+ },
4446
+ {
4447
+ "deprecationReason": null,
4448
+ "description": "TLS Inspection rule name",
4449
+ "isDeprecated": false,
4450
+ "name": "tls_rule_name"
4451
+ },
4452
+ {
4453
+ "deprecationReason": null,
4454
+ "description": "TLS Certificate Error",
4455
+ "isDeprecated": false,
4456
+ "name": "tls_certificate_error"
4457
+ },
4458
+ {
4459
+ "deprecationReason": null,
4460
+ "description": "TLS Version",
4059
4461
  "isDeprecated": false,
4060
4462
  "name": "tls_version"
4061
4463
  },
@@ -4073,7 +4475,7 @@
4073
4475
  },
4074
4476
  {
4075
4477
  "deprecationReason": null,
4076
- "description": "Cato App",
4478
+ "description": "Cato application name",
4077
4479
  "isDeprecated": false,
4078
4480
  "name": "cato_app"
4079
4481
  },
@@ -4127,7 +4529,7 @@
4127
4529
  },
4128
4530
  {
4129
4531
  "deprecationReason": null,
4130
- "description": "Tenant Id",
4532
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
4131
4533
  "isDeprecated": false,
4132
4534
  "name": "tenant_id"
4133
4535
  },
@@ -4187,7 +4589,7 @@
4187
4589
  },
4188
4590
  {
4189
4591
  "deprecationReason": null,
4190
- "description": "Data Classifiers",
4592
+ "description": "Defines the scanning methods used by the DLP system",
4191
4593
  "isDeprecated": false,
4192
4594
  "name": "dlp_scan_types"
4193
4595
  },
@@ -4265,7 +4667,7 @@
4265
4667
  },
4266
4668
  {
4267
4669
  "deprecationReason": null,
4268
- "description": "Used Public IP",
4670
+ "description": "Public source IP",
4269
4671
  "isDeprecated": false,
4270
4672
  "name": "public_ip"
4271
4673
  },
@@ -4436,6 +4838,54 @@
4436
4838
  "description": "Device Type",
4437
4839
  "isDeprecated": false,
4438
4840
  "name": "device_type"
4841
+ },
4842
+ {
4843
+ "deprecationReason": null,
4844
+ "description": "Tenant Restriction Rule Name",
4845
+ "isDeprecated": false,
4846
+ "name": "tenant_restriction_rule_name"
4847
+ },
4848
+ {
4849
+ "deprecationReason": null,
4850
+ "description": "Connection Origin",
4851
+ "isDeprecated": false,
4852
+ "name": "connection_origin"
4853
+ },
4854
+ {
4855
+ "deprecationReason": null,
4856
+ "description": "Translated Server IP",
4857
+ "isDeprecated": false,
4858
+ "name": "translated_server_ip"
4859
+ },
4860
+ {
4861
+ "deprecationReason": null,
4862
+ "description": "Translated Client IP",
4863
+ "isDeprecated": false,
4864
+ "name": "translated_client_ip"
4865
+ },
4866
+ {
4867
+ "deprecationReason": null,
4868
+ "description": "IoC Container Name",
4869
+ "isDeprecated": false,
4870
+ "name": "container_name"
4871
+ },
4872
+ {
4873
+ "deprecationReason": null,
4874
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
4875
+ "isDeprecated": false,
4876
+ "name": "correlation_id"
4877
+ },
4878
+ {
4879
+ "deprecationReason": null,
4880
+ "description": "Precedence",
4881
+ "isDeprecated": false,
4882
+ "name": "precedence"
4883
+ },
4884
+ {
4885
+ "deprecationReason": null,
4886
+ "description": "A list of labels providing additional context for the event",
4887
+ "isDeprecated": false,
4888
+ "name": "labels"
4439
4889
  }
4440
4890
  ],
4441
4891
  "fields": null,
@@ -4510,7 +4960,7 @@
4510
4960
  }
4511
4961
  },
4512
4962
  "deprecationReason": null,
4513
- "description": "BETA",
4963
+ "description": null,
4514
4964
  "fieldTypes": {
4515
4965
  "DimensionData": true,
4516
4966
  "DimensionKey": true,
@@ -4588,7 +5038,7 @@
4588
5038
  "description": null,
4589
5039
  "enumValues": [
4590
5040
  {
4591
- "deprecationReason": "use src_site_id/src_site_name instead",
5041
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4592
5042
  "description": "Name of site or user initiating the connection",
4593
5043
  "isDeprecated": true,
4594
5044
  "name": "src_site"
@@ -4612,7 +5062,7 @@
4612
5062
  "name": "user_id"
4613
5063
  },
4614
5064
  {
4615
- "deprecationReason": "use dest_site_id/dest_site_name instead",
5065
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4616
5066
  "description": "For WAN traffic, name of destination site or SDP user",
4617
5067
  "isDeprecated": true,
4618
5068
  "name": "dest_site"
@@ -4624,13 +5074,13 @@
4624
5074
  "name": "dest_site_id"
4625
5075
  },
4626
5076
  {
4627
- "deprecationReason": null,
5077
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
4628
5078
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
4629
- "isDeprecated": false,
5079
+ "isDeprecated": true,
4630
5080
  "name": "src_or_dest_site_id"
4631
5081
  },
4632
5082
  {
4633
- "deprecationReason": "use rule_name instead",
5083
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4634
5084
  "description": "Name of security rule related to the event",
4635
5085
  "isDeprecated": true,
4636
5086
  "name": "rule"
@@ -4648,7 +5098,7 @@
4648
5098
  "name": "socket_interface"
4649
5099
  },
4650
5100
  {
4651
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5101
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
4652
5102
  "description": "Name for the custom category defined in the Cato Management Application",
4653
5103
  "isDeprecated": true,
4654
5104
  "name": "custom_category"
@@ -4661,7 +5111,7 @@
4661
5111
  },
4662
5112
  {
4663
5113
  "deprecationReason": null,
4664
- "description": "For Internet traffic, destination host port",
5114
+ "description": "Destination port",
4665
5115
  "isDeprecated": false,
4666
5116
  "name": "dest_port"
4667
5117
  },
@@ -4721,7 +5171,7 @@
4721
5171
  },
4722
5172
  {
4723
5173
  "deprecationReason": null,
4724
- "description": "For Internet traffic, destination host IP address",
5174
+ "description": "Destination IP address",
4725
5175
  "isDeprecated": false,
4726
5176
  "name": "dest_ip"
4727
5177
  },
@@ -4798,7 +5248,7 @@
4798
5248
  "name": "configured_host_name"
4799
5249
  },
4800
5250
  {
4801
- "deprecationReason": "use event_id instead",
5251
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
4802
5252
  "description": "Cato Internal-use only",
4803
5253
  "isDeprecated": true,
4804
5254
  "name": "internalId"
@@ -4870,9 +5320,9 @@
4870
5320
  "name": "bgp_error_code"
4871
5321
  },
4872
5322
  {
4873
- "deprecationReason": null,
5323
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
4874
5324
  "description": "Description from Cato Management Application for BGP peer",
4875
- "isDeprecated": false,
5325
+ "isDeprecated": true,
4876
5326
  "name": "bgp_peer_description"
4877
5327
  },
4878
5328
  {
@@ -4937,7 +5387,7 @@
4937
5387
  },
4938
5388
  {
4939
5389
  "deprecationReason": null,
4940
- "description": "Data that measures the latency for a specific link",
5390
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
4941
5391
  "isDeprecated": false,
4942
5392
  "name": "link_health_latency"
4943
5393
  },
@@ -5092,14 +5542,14 @@
5092
5542
  "name": "incident_id"
5093
5543
  },
5094
5544
  {
5095
- "deprecationReason": "use application_id/application_name instead",
5545
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5096
5546
  "description": "For Internet firewall, app for this event",
5097
5547
  "isDeprecated": true,
5098
5548
  "name": "application"
5099
5549
  },
5100
5550
  {
5101
5551
  "deprecationReason": null,
5102
- "description": "Application of the flow",
5552
+ "description": "The name of the application associated with the flow",
5103
5553
  "isDeprecated": false,
5104
5554
  "name": "application_name"
5105
5555
  },
@@ -5122,7 +5572,7 @@
5122
5572
  "name": "socket_interface_id"
5123
5573
  },
5124
5574
  {
5125
- "deprecationReason": "use custom_category_id/custom_category_name instead",
5575
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
5126
5576
  "description": "Unique Cato ID for the custom category",
5127
5577
  "isDeprecated": true,
5128
5578
  "name": "custom_categories"
@@ -5201,7 +5651,7 @@
5201
5651
  },
5202
5652
  {
5203
5653
  "deprecationReason": null,
5204
- "description": "For Internet traffic, destination host IP address",
5654
+ "description": "The name of the destination site",
5205
5655
  "isDeprecated": false,
5206
5656
  "name": "dest_site_name"
5207
5657
  },
@@ -5260,7 +5710,7 @@
5260
5710
  "name": "device_posture_profile"
5261
5711
  },
5262
5712
  {
5263
- "deprecationReason": "use device_posture_profile instead",
5713
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
5264
5714
  "description": "Device posture profiles",
5265
5715
  "isDeprecated": true,
5266
5716
  "name": "device_posture_profiles"
@@ -5333,7 +5783,7 @@
5333
5783
  },
5334
5784
  {
5335
5785
  "deprecationReason": null,
5336
- "description": "DLP fail mode",
5786
+ "description": "Describes the behavior when the DLP system encounters a failure",
5337
5787
  "isDeprecated": false,
5338
5788
  "name": "dlp_fail_mode"
5339
5789
  },
@@ -5391,6 +5841,24 @@
5391
5841
  "isDeprecated": false,
5392
5842
  "name": "is_sinkhole"
5393
5843
  },
5844
+ {
5845
+ "deprecationReason": null,
5846
+ "description": "The ID for the endpoint",
5847
+ "isDeprecated": false,
5848
+ "name": "endpoint_id"
5849
+ },
5850
+ {
5851
+ "deprecationReason": null,
5852
+ "description": "The Endpoint Protection Engine that detected the malware",
5853
+ "isDeprecated": false,
5854
+ "name": "epp_engine_type"
5855
+ },
5856
+ {
5857
+ "deprecationReason": null,
5858
+ "description": "The file operation when this event occurred",
5859
+ "isDeprecated": false,
5860
+ "name": "file_operation"
5861
+ },
5394
5862
  {
5395
5863
  "deprecationReason": null,
5396
5864
  "description": null,
@@ -5423,7 +5891,7 @@
5423
5891
  },
5424
5892
  {
5425
5893
  "deprecationReason": null,
5426
- "description": null,
5894
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
5427
5895
  "isDeprecated": false,
5428
5896
  "name": "vendor"
5429
5897
  },
@@ -5464,19 +5932,19 @@
5464
5932
  "name": "recommended_actions"
5465
5933
  },
5466
5934
  {
5467
- "deprecationReason": "use src_pid instead",
5935
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5468
5936
  "description": null,
5469
5937
  "isDeprecated": true,
5470
5938
  "name": "pid"
5471
5939
  },
5472
5940
  {
5473
- "deprecationReason": "use src_process_parent_pid instead",
5941
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
5474
5942
  "description": null,
5475
5943
  "isDeprecated": true,
5476
5944
  "name": "parent_pid"
5477
5945
  },
5478
5946
  {
5479
- "deprecationReason": "use src_process_path instead",
5947
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
5480
5948
  "description": null,
5481
5949
  "isDeprecated": true,
5482
5950
  "name": "process_path"
@@ -5493,12 +5961,96 @@
5493
5961
  "isDeprecated": false,
5494
5962
  "name": "out_of_band_access"
5495
5963
  },
5964
+ {
5965
+ "deprecationReason": null,
5966
+ "description": "A Unique ID for the quarantined file",
5967
+ "isDeprecated": false,
5968
+ "name": "quarantine_uuid"
5969
+ },
5496
5970
  {
5497
5971
  "deprecationReason": null,
5498
5972
  "description": null,
5499
5973
  "isDeprecated": false,
5500
5974
  "name": "logged_in_user"
5501
5975
  },
5976
+ {
5977
+ "deprecationReason": null,
5978
+ "description": "The profile assigned to the endpoint upon detection of the malware",
5979
+ "isDeprecated": false,
5980
+ "name": "epp_profile"
5981
+ },
5982
+ {
5983
+ "deprecationReason": null,
5984
+ "description": "Source process ID",
5985
+ "isDeprecated": false,
5986
+ "name": "src_pid"
5987
+ },
5988
+ {
5989
+ "deprecationReason": null,
5990
+ "description": "Source process file path",
5991
+ "isDeprecated": false,
5992
+ "name": "src_process_path"
5993
+ },
5994
+ {
5995
+ "deprecationReason": null,
5996
+ "description": "Source process command line",
5997
+ "isDeprecated": false,
5998
+ "name": "src_process_cmdline"
5999
+ },
6000
+ {
6001
+ "deprecationReason": null,
6002
+ "description": "Source process parent process ID",
6003
+ "isDeprecated": false,
6004
+ "name": "src_process_parent_pid"
6005
+ },
6006
+ {
6007
+ "deprecationReason": null,
6008
+ "description": "Source process parent file path",
6009
+ "isDeprecated": false,
6010
+ "name": "src_process_parent_path"
6011
+ },
6012
+ {
6013
+ "deprecationReason": null,
6014
+ "description": "The destination process ID",
6015
+ "isDeprecated": false,
6016
+ "name": "dest_pid"
6017
+ },
6018
+ {
6019
+ "deprecationReason": null,
6020
+ "description": "Destination process file path",
6021
+ "isDeprecated": false,
6022
+ "name": "dest_process_path"
6023
+ },
6024
+ {
6025
+ "deprecationReason": null,
6026
+ "description": "Destination process command line",
6027
+ "isDeprecated": false,
6028
+ "name": "dest_process_cmdline"
6029
+ },
6030
+ {
6031
+ "deprecationReason": null,
6032
+ "description": "Destination process parent process ID",
6033
+ "isDeprecated": false,
6034
+ "name": "dest_process_parent_pid"
6035
+ },
6036
+ {
6037
+ "deprecationReason": null,
6038
+ "description": "Destination process parent file path",
6039
+ "isDeprecated": false,
6040
+ "name": "dest_process_parent_path"
6041
+ },
6042
+ {
6043
+ "deprecationReason": null,
6044
+ "description": "If policy is set to disinfect, return the result of this action",
6045
+ "isDeprecated": false,
6046
+ "name": "disinfect_result"
6047
+ },
6048
+ {
6049
+ "deprecationReason": null,
6050
+ "description": "Indicate how many processes are part of this event",
6051
+ "isDeprecated": false,
6052
+ "name": "processes_count"
6053
+ },
5502
6054
  {
5503
6055
  "deprecationReason": null,
5504
6056
  "description": "HTTP request method (ie. Get, Post)",
@@ -5573,7 +6125,7 @@
5573
6125
  },
5574
6126
  {
5575
6127
  "deprecationReason": null,
5576
- "description": "Cato App",
6128
+ "description": "Cato application name",
5577
6129
  "isDeprecated": false,
5578
6130
  "name": "cato_app"
5579
6131
  },
@@ -5627,7 +6179,7 @@
5627
6179
  },
5628
6180
  {
5629
6181
  "deprecationReason": null,
5630
- "description": "Tenant Id",
6182
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
5631
6183
  "isDeprecated": false,
5632
6184
  "name": "tenant_id"
5633
6185
  },
@@ -5687,7 +6239,7 @@
5687
6239
  },
5688
6240
  {
5689
6241
  "deprecationReason": null,
5690
- "description": "Data Classifiers",
6242
+ "description": "Defines the scanning methods used by the DLP system",
5691
6243
  "isDeprecated": false,
5692
6244
  "name": "dlp_scan_types"
5693
6245
  },
@@ -5765,7 +6317,7 @@
5765
6317
  },
5766
6318
  {
5767
6319
  "deprecationReason": null,
5768
- "description": "Used Public IP",
6320
+ "description": "Public source IP",
5769
6321
  "isDeprecated": false,
5770
6322
  "name": "public_ip"
5771
6323
  },
@@ -5936,6 +6488,54 @@
5936
6488
  "description": "Device Type",
5937
6489
  "isDeprecated": false,
5938
6490
  "name": "device_type"
6491
+ },
6492
+ {
6493
+ "deprecationReason": null,
6494
+ "description": "Tenant Restriction Rule Name",
6495
+ "isDeprecated": false,
6496
+ "name": "tenant_restriction_rule_name"
6497
+ },
6498
+ {
6499
+ "deprecationReason": null,
6500
+ "description": "Connection Origin",
6501
+ "isDeprecated": false,
6502
+ "name": "connection_origin"
6503
+ },
6504
+ {
6505
+ "deprecationReason": null,
6506
+ "description": "Translated Server IP",
6507
+ "isDeprecated": false,
6508
+ "name": "translated_server_ip"
6509
+ },
6510
+ {
6511
+ "deprecationReason": null,
6512
+ "description": "Translated Client IP",
6513
+ "isDeprecated": false,
6514
+ "name": "translated_client_ip"
6515
+ },
6516
+ {
6517
+ "deprecationReason": null,
6518
+ "description": "IoC Container Name",
6519
+ "isDeprecated": false,
6520
+ "name": "container_name"
6521
+ },
6522
+ {
6523
+ "deprecationReason": null,
6524
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
6525
+ "isDeprecated": false,
6526
+ "name": "correlation_id"
6527
+ },
6528
+ {
6529
+ "deprecationReason": null,
6530
+ "description": "Precedence",
6531
+ "isDeprecated": false,
6532
+ "name": "precedence"
6533
+ },
6534
+ {
6535
+ "deprecationReason": null,
6536
+ "description": "A list of labels providing additional context for the event",
6537
+ "isDeprecated": false,
6538
+ "name": "labels"
5939
6539
  }
5940
6540
  ],
5941
6541
  "fields": null,
@@ -6000,7 +6600,7 @@
6000
6600
  "description": null,
6001
6601
  "enumValues": [
6002
6602
  {
6003
- "deprecationReason": "use src_site_id/src_site_name instead",
6603
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6004
6604
  "description": "Name of site or user initiating the connection",
6005
6605
  "isDeprecated": true,
6006
6606
  "name": "src_site"
@@ -6024,7 +6624,7 @@
6024
6624
  "name": "user_id"
6025
6625
  },
6026
6626
  {
6027
- "deprecationReason": "use dest_site_id/dest_site_name instead",
6627
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6028
6628
  "description": "For WAN traffic, name of destination site or SDP user",
6029
6629
  "isDeprecated": true,
6030
6630
  "name": "dest_site"
@@ -6036,13 +6636,13 @@
6036
6636
  "name": "dest_site_id"
6037
6637
  },
6038
6638
  {
6039
- "deprecationReason": null,
6639
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
6040
6640
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
6041
- "isDeprecated": false,
6641
+ "isDeprecated": true,
6042
6642
  "name": "src_or_dest_site_id"
6043
6643
  },
6044
6644
  {
6045
- "deprecationReason": "use rule_name instead",
6645
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6046
6646
  "description": "Name of security rule related to the event",
6047
6647
  "isDeprecated": true,
6048
6648
  "name": "rule"
@@ -6060,7 +6660,7 @@
6060
6660
  "name": "socket_interface"
6061
6661
  },
6062
6662
  {
6063
- "deprecationReason": "use custom_category_id/custom_category_name instead",
6663
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6064
6664
  "description": "Name for the custom category defined in the Cato Management Application",
6065
6665
  "isDeprecated": true,
6066
6666
  "name": "custom_category"
@@ -6073,7 +6673,7 @@
6073
6673
  },
6074
6674
  {
6075
6675
  "deprecationReason": null,
6076
- "description": "For Internet traffic, destination host port",
6676
+ "description": "Destination port",
6077
6677
  "isDeprecated": false,
6078
6678
  "name": "dest_port"
6079
6679
  },
@@ -6133,7 +6733,7 @@
6133
6733
  },
6134
6734
  {
6135
6735
  "deprecationReason": null,
6136
- "description": "For Internet traffic, destination host IP address",
6736
+ "description": "Destination IP address",
6137
6737
  "isDeprecated": false,
6138
6738
  "name": "dest_ip"
6139
6739
  },
@@ -6210,7 +6810,7 @@
6210
6810
  "name": "configured_host_name"
6211
6811
  },
6212
6812
  {
6213
- "deprecationReason": "use event_id instead",
6813
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
6214
6814
  "description": "Cato Internal-use only",
6215
6815
  "isDeprecated": true,
6216
6816
  "name": "internalId"
@@ -6282,9 +6882,9 @@
6282
6882
  "name": "bgp_error_code"
6283
6883
  },
6284
6884
  {
6285
- "deprecationReason": null,
6885
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
6286
6886
  "description": "Description from Cato Management Application for BGP peer",
6287
- "isDeprecated": false,
6887
+ "isDeprecated": true,
6288
6888
  "name": "bgp_peer_description"
6289
6889
  },
6290
6890
  {
@@ -6349,7 +6949,7 @@
6349
6949
  },
6350
6950
  {
6351
6951
  "deprecationReason": null,
6352
- "description": "Data that measures the latency for a specific link",
6952
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
6353
6953
  "isDeprecated": false,
6354
6954
  "name": "link_health_latency"
6355
6955
  },
@@ -6504,14 +7104,14 @@
6504
7104
  "name": "incident_id"
6505
7105
  },
6506
7106
  {
6507
- "deprecationReason": "use application_id/application_name instead",
7107
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6508
7108
  "description": "For Internet firewall, app for this event",
6509
7109
  "isDeprecated": true,
6510
7110
  "name": "application"
6511
7111
  },
6512
7112
  {
6513
7113
  "deprecationReason": null,
6514
- "description": "Application of the flow",
7114
+ "description": "The name of the application associated with the flow",
6515
7115
  "isDeprecated": false,
6516
7116
  "name": "application_name"
6517
7117
  },
@@ -6534,7 +7134,7 @@
6534
7134
  "name": "socket_interface_id"
6535
7135
  },
6536
7136
  {
6537
- "deprecationReason": "use custom_category_id/custom_category_name instead",
7137
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
6538
7138
  "description": "Unique Cato ID for the custom category",
6539
7139
  "isDeprecated": true,
6540
7140
  "name": "custom_categories"
@@ -6613,7 +7213,7 @@
6613
7213
  },
6614
7214
  {
6615
7215
  "deprecationReason": null,
6616
- "description": "For Internet traffic, destination host IP address",
7216
+ "description": "The name of the destination site",
6617
7217
  "isDeprecated": false,
6618
7218
  "name": "dest_site_name"
6619
7219
  },
@@ -6672,7 +7272,7 @@
6672
7272
  "name": "device_posture_profile"
6673
7273
  },
6674
7274
  {
6675
- "deprecationReason": "use device_posture_profile instead",
7275
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
6676
7276
  "description": "Device posture profiles",
6677
7277
  "isDeprecated": true,
6678
7278
  "name": "device_posture_profiles"
@@ -6745,7 +7345,7 @@
6745
7345
  },
6746
7346
  {
6747
7347
  "deprecationReason": null,
6748
- "description": "DLP fail mode",
7348
+ "description": "Describes the behavior when the DLP system encounters a failure",
6749
7349
  "isDeprecated": false,
6750
7350
  "name": "dlp_fail_mode"
6751
7351
  },
@@ -6803,6 +7403,24 @@
6803
7403
  "isDeprecated": false,
6804
7404
  "name": "is_sinkhole"
6805
7405
  },
7406
+ {
7407
+ "deprecationReason": null,
7408
+ "description": "The ID for the endpoint",
7409
+ "isDeprecated": false,
7410
+ "name": "endpoint_id"
7411
+ },
7412
+ {
7413
+ "deprecationReason": null,
7414
+ "description": "The Endpoint Protection Engine that detected the malware",
7415
+ "isDeprecated": false,
7416
+ "name": "epp_engine_type"
7417
+ },
7418
+ {
7419
+ "deprecationReason": null,
7420
+ "description": "The file operation when this event occurred",
7421
+ "isDeprecated": false,
7422
+ "name": "file_operation"
7423
+ },
6806
7424
  {
6807
7425
  "deprecationReason": null,
6808
7426
  "description": null,
@@ -6835,7 +7453,7 @@
6835
7453
  },
6836
7454
  {
6837
7455
  "deprecationReason": null,
6838
- "description": null,
7456
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
6839
7457
  "isDeprecated": false,
6840
7458
  "name": "vendor"
6841
7459
  },
@@ -6876,19 +7494,19 @@
6876
7494
  "name": "recommended_actions"
6877
7495
  },
6878
7496
  {
6879
- "deprecationReason": "use src_pid instead",
7497
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6880
7498
  "description": null,
6881
7499
  "isDeprecated": true,
6882
7500
  "name": "pid"
6883
7501
  },
6884
7502
  {
6885
- "deprecationReason": "use src_process_parent_pid instead",
7503
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
6886
7504
  "description": null,
6887
7505
  "isDeprecated": true,
6888
7506
  "name": "parent_pid"
6889
7507
  },
6890
7508
  {
6891
- "deprecationReason": "use src_process_path instead",
7509
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
6892
7510
  "description": null,
6893
7511
  "isDeprecated": true,
6894
7512
  "name": "process_path"
@@ -6905,12 +7523,96 @@
6905
7523
  "isDeprecated": false,
6906
7524
  "name": "out_of_band_access"
6907
7525
  },
7526
+ {
7527
+ "deprecationReason": null,
7528
+ "description": "A Unique ID for the quarantined file",
7529
+ "isDeprecated": false,
7530
+ "name": "quarantine_uuid"
7531
+ },
6908
7532
  {
6909
7533
  "deprecationReason": null,
6910
7534
  "description": null,
6911
7535
  "isDeprecated": false,
6912
7536
  "name": "logged_in_user"
6913
7537
  },
7538
+ {
7539
+ "deprecationReason": null,
7540
+ "description": "The profile assigned to the endpoint upon detection of the malware",
7541
+ "isDeprecated": false,
7542
+ "name": "epp_profile"
7543
+ },
7544
+ {
7545
+ "deprecationReason": null,
7546
+ "description": "Source process ID",
7547
+ "isDeprecated": false,
7548
+ "name": "src_pid"
7549
+ },
7550
+ {
7551
+ "deprecationReason": null,
7552
+ "description": "Source process file path",
7553
+ "isDeprecated": false,
7554
+ "name": "src_process_path"
7555
+ },
7556
+ {
7557
+ "deprecationReason": null,
7558
+ "description": "Source process command line",
7559
+ "isDeprecated": false,
7560
+ "name": "src_process_cmdline"
7561
+ },
7562
+ {
7563
+ "deprecationReason": null,
7564
+ "description": "Source process parent process ID",
7565
+ "isDeprecated": false,
7566
+ "name": "src_process_parent_pid"
7567
+ },
7568
+ {
7569
+ "deprecationReason": null,
7570
+ "description": "Source process parent file path",
7571
+ "isDeprecated": false,
7572
+ "name": "src_process_parent_path"
7573
+ },
7574
+ {
7575
+ "deprecationReason": null,
7576
+ "description": "The destination process ID",
7577
+ "isDeprecated": false,
7578
+ "name": "dest_pid"
7579
+ },
7580
+ {
7581
+ "deprecationReason": null,
7582
+ "description": "Destination process file path",
7583
+ "isDeprecated": false,
7584
+ "name": "dest_process_path"
7585
+ },
7586
+ {
7587
+ "deprecationReason": null,
7588
+ "description": "Destination process command line",
7589
+ "isDeprecated": false,
7590
+ "name": "dest_process_cmdline"
7591
+ },
7592
+ {
7593
+ "deprecationReason": null,
7594
+ "description": "Destination process parent process ID",
7595
+ "isDeprecated": false,
7596
+ "name": "dest_process_parent_pid"
7597
+ },
7598
+ {
7599
+ "deprecationReason": null,
7600
+ "description": "Destination process parent file path",
7601
+ "isDeprecated": false,
7602
+ "name": "dest_process_parent_path"
7603
+ },
7604
+ {
7605
+ "deprecationReason": null,
7606
+ "description": "If policy is set to disinfect, return the result of this action",
7607
+ "isDeprecated": false,
7608
+ "name": "disinfect_result"
7609
+ },
7610
+ {
7611
+ "deprecationReason": null,
7612
+ "description": "Indicate how many processes are part of this event",
7613
+ "isDeprecated": false,
7614
+ "name": "processes_count"
7615
+ },
6914
7616
  {
6915
7617
  "deprecationReason": null,
6916
7618
  "description": "HTTP request method (ie. Get, Post)",
@@ -6985,7 +7687,7 @@
6985
7687
  },
6986
7688
  {
6987
7689
  "deprecationReason": null,
6988
- "description": "Cato App",
7690
+ "description": "Cato application name",
6989
7691
  "isDeprecated": false,
6990
7692
  "name": "cato_app"
6991
7693
  },
@@ -7039,7 +7741,7 @@
7039
7741
  },
7040
7742
  {
7041
7743
  "deprecationReason": null,
7042
- "description": "Tenant Id",
7744
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
7043
7745
  "isDeprecated": false,
7044
7746
  "name": "tenant_id"
7045
7747
  },
@@ -7099,7 +7801,7 @@
7099
7801
  },
7100
7802
  {
7101
7803
  "deprecationReason": null,
7102
- "description": "Data Classifiers",
7804
+ "description": "Defines the scanning methods used by the DLP system",
7103
7805
  "isDeprecated": false,
7104
7806
  "name": "dlp_scan_types"
7105
7807
  },
@@ -7177,7 +7879,7 @@
7177
7879
  },
7178
7880
  {
7179
7881
  "deprecationReason": null,
7180
- "description": "Used Public IP",
7882
+ "description": "Public source IP",
7181
7883
  "isDeprecated": false,
7182
7884
  "name": "public_ip"
7183
7885
  },
@@ -7348,6 +8050,54 @@
7348
8050
  "description": "Device Type",
7349
8051
  "isDeprecated": false,
7350
8052
  "name": "device_type"
8053
+ },
8054
+ {
8055
+ "deprecationReason": null,
8056
+ "description": "Tenant Restriction Rule Name",
8057
+ "isDeprecated": false,
8058
+ "name": "tenant_restriction_rule_name"
8059
+ },
8060
+ {
8061
+ "deprecationReason": null,
8062
+ "description": "Connection Origin",
8063
+ "isDeprecated": false,
8064
+ "name": "connection_origin"
8065
+ },
8066
+ {
8067
+ "deprecationReason": null,
8068
+ "description": "Translated Server IP",
8069
+ "isDeprecated": false,
8070
+ "name": "translated_server_ip"
8071
+ },
8072
+ {
8073
+ "deprecationReason": null,
8074
+ "description": "Translated Client IP",
8075
+ "isDeprecated": false,
8076
+ "name": "translated_client_ip"
8077
+ },
8078
+ {
8079
+ "deprecationReason": null,
8080
+ "description": "IoC Container Name",
8081
+ "isDeprecated": false,
8082
+ "name": "container_name"
8083
+ },
8084
+ {
8085
+ "deprecationReason": null,
8086
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
8087
+ "isDeprecated": false,
8088
+ "name": "correlation_id"
8089
+ },
8090
+ {
8091
+ "deprecationReason": null,
8092
+ "description": "Precedence",
8093
+ "isDeprecated": false,
8094
+ "name": "precedence"
8095
+ },
8096
+ {
8097
+ "deprecationReason": null,
8098
+ "description": "A list of labels providing additional context for the event",
8099
+ "isDeprecated": false,
8100
+ "name": "labels"
7351
8101
  }
7352
8102
  ],
7353
8103
  "fields": null,
@@ -7628,7 +8378,7 @@
7628
8378
  "description": null,
7629
8379
  "enumValues": [
7630
8380
  {
7631
- "deprecationReason": "use src_site_id/src_site_name instead",
8381
+ "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7632
8382
  "description": "Name of site or user initiating the connection",
7633
8383
  "isDeprecated": true,
7634
8384
  "name": "src_site"
@@ -7652,7 +8402,7 @@
7652
8402
  "name": "user_id"
7653
8403
  },
7654
8404
  {
7655
- "deprecationReason": "use dest_site_id/dest_site_name instead",
8405
+ "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7656
8406
  "description": "For WAN traffic, name of destination site or SDP user",
7657
8407
  "isDeprecated": true,
7658
8408
  "name": "dest_site"
@@ -7664,13 +8414,13 @@
7664
8414
  "name": "dest_site_id"
7665
8415
  },
7666
8416
  {
7667
- "deprecationReason": null,
8417
+ "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
7668
8418
  "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
7669
- "isDeprecated": false,
8419
+ "isDeprecated": true,
7670
8420
  "name": "src_or_dest_site_id"
7671
8421
  },
7672
8422
  {
7673
- "deprecationReason": "use rule_name instead",
8423
+ "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7674
8424
  "description": "Name of security rule related to the event",
7675
8425
  "isDeprecated": true,
7676
8426
  "name": "rule"
@@ -7688,7 +8438,7 @@
7688
8438
  "name": "socket_interface"
7689
8439
  },
7690
8440
  {
7691
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8441
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
7692
8442
  "description": "Name for the custom category defined in the Cato Management Application",
7693
8443
  "isDeprecated": true,
7694
8444
  "name": "custom_category"
@@ -7701,7 +8451,7 @@
7701
8451
  },
7702
8452
  {
7703
8453
  "deprecationReason": null,
7704
- "description": "For Internet traffic, destination host port",
8454
+ "description": "Destination port",
7705
8455
  "isDeprecated": false,
7706
8456
  "name": "dest_port"
7707
8457
  },
@@ -7761,7 +8511,7 @@
7761
8511
  },
7762
8512
  {
7763
8513
  "deprecationReason": null,
7764
- "description": "For Internet traffic, destination host IP address",
8514
+ "description": "Destination IP address",
7765
8515
  "isDeprecated": false,
7766
8516
  "name": "dest_ip"
7767
8517
  },
@@ -7838,7 +8588,7 @@
7838
8588
  "name": "configured_host_name"
7839
8589
  },
7840
8590
  {
7841
- "deprecationReason": "use event_id instead",
8591
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
7842
8592
  "description": "Cato Internal-use only",
7843
8593
  "isDeprecated": true,
7844
8594
  "name": "internalId"
@@ -7910,9 +8660,9 @@
7910
8660
  "name": "bgp_error_code"
7911
8661
  },
7912
8662
  {
7913
- "deprecationReason": null,
8663
+ "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
7914
8664
  "description": "Description from Cato Management Application for BGP peer",
7915
- "isDeprecated": false,
8665
+ "isDeprecated": true,
7916
8666
  "name": "bgp_peer_description"
7917
8667
  },
7918
8668
  {
@@ -7977,7 +8727,7 @@
7977
8727
  },
7978
8728
  {
7979
8729
  "deprecationReason": null,
7980
- "description": "Data that measures the latency for a specific link",
8730
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
7981
8731
  "isDeprecated": false,
7982
8732
  "name": "link_health_latency"
7983
8733
  },
@@ -8132,14 +8882,14 @@
8132
8882
  "name": "incident_id"
8133
8883
  },
8134
8884
  {
8135
- "deprecationReason": "use application_id/application_name instead",
8885
+ "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
8136
8886
  "description": "For Internet firewall, app for this event",
8137
8887
  "isDeprecated": true,
8138
8888
  "name": "application"
8139
8889
  },
8140
8890
  {
8141
8891
  "deprecationReason": null,
8142
- "description": "Application of the flow",
8892
+ "description": "The name of the application associated with the flow",
8143
8893
  "isDeprecated": false,
8144
8894
  "name": "application_name"
8145
8895
  },
@@ -8162,7 +8912,7 @@
8162
8912
  "name": "socket_interface_id"
8163
8913
  },
8164
8914
  {
8165
- "deprecationReason": "use custom_category_id/custom_category_name instead",
8915
+ "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
8166
8916
  "description": "Unique Cato ID for the custom category",
8167
8917
  "isDeprecated": true,
8168
8918
  "name": "custom_categories"
@@ -8241,7 +8991,7 @@
8241
8991
  },
8242
8992
  {
8243
8993
  "deprecationReason": null,
8244
- "description": "For Internet traffic, destination host IP address",
8994
+ "description": "The name of the destination site",
8245
8995
  "isDeprecated": false,
8246
8996
  "name": "dest_site_name"
8247
8997
  },
@@ -8300,7 +9050,7 @@
8300
9050
  "name": "device_posture_profile"
8301
9051
  },
8302
9052
  {
8303
- "deprecationReason": "use device_posture_profile instead",
9053
+ "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
8304
9054
  "description": "Device posture profiles",
8305
9055
  "isDeprecated": true,
8306
9056
  "name": "device_posture_profiles"
@@ -8373,7 +9123,7 @@
8373
9123
  },
8374
9124
  {
8375
9125
  "deprecationReason": null,
8376
- "description": "DLP fail mode",
9126
+ "description": "Describes the behavior when the DLP system encounters a failure",
8377
9127
  "isDeprecated": false,
8378
9128
  "name": "dlp_fail_mode"
8379
9129
  },
@@ -8431,6 +9181,24 @@
8431
9181
  "isDeprecated": false,
8432
9182
  "name": "is_sinkhole"
8433
9183
  },
9184
+ {
9185
+ "deprecationReason": null,
9186
+ "description": "The ID for the endpoint",
9187
+ "isDeprecated": false,
9188
+ "name": "endpoint_id"
9189
+ },
9190
+ {
9191
+ "deprecationReason": null,
9192
+ "description": "The Endpoint Protection Engine that detected the malware",
9193
+ "isDeprecated": false,
9194
+ "name": "epp_engine_type"
9195
+ },
9196
+ {
9197
+ "deprecationReason": null,
9198
+ "description": "The file operation when this event occurred",
9199
+ "isDeprecated": false,
9200
+ "name": "file_operation"
9201
+ },
8434
9202
  {
8435
9203
  "deprecationReason": null,
8436
9204
  "description": null,
@@ -8463,7 +9231,7 @@
8463
9231
  },
8464
9232
  {
8465
9233
  "deprecationReason": null,
8466
- "description": null,
9234
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
8467
9235
  "isDeprecated": false,
8468
9236
  "name": "vendor"
8469
9237
  },
@@ -8504,19 +9272,19 @@
8504
9272
  "name": "recommended_actions"
8505
9273
  },
8506
9274
  {
8507
- "deprecationReason": "use src_pid instead",
9275
+ "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8508
9276
  "description": null,
8509
9277
  "isDeprecated": true,
8510
9278
  "name": "pid"
8511
9279
  },
8512
9280
  {
8513
- "deprecationReason": "use src_process_parent_pid instead",
9281
+ "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
8514
9282
  "description": null,
8515
9283
  "isDeprecated": true,
8516
9284
  "name": "parent_pid"
8517
9285
  },
8518
9286
  {
8519
- "deprecationReason": "use src_process_path instead",
9287
+ "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
8520
9288
  "description": null,
8521
9289
  "isDeprecated": true,
8522
9290
  "name": "process_path"
@@ -8533,12 +9301,96 @@
8533
9301
  "isDeprecated": false,
8534
9302
  "name": "out_of_band_access"
8535
9303
  },
9304
+ {
9305
+ "deprecationReason": null,
9306
+ "description": "A Unique ID for the quarantined file",
9307
+ "isDeprecated": false,
9308
+ "name": "quarantine_uuid"
9309
+ },
8536
9310
  {
8537
9311
  "deprecationReason": null,
8538
9312
  "description": null,
8539
9313
  "isDeprecated": false,
8540
9314
  "name": "logged_in_user"
8541
9315
  },
9316
+ {
9317
+ "deprecationReason": null,
9318
+ "description": "The profile assigned to the endpoint upon detection of the malware",
9319
+ "isDeprecated": false,
9320
+ "name": "epp_profile"
9321
+ },
9322
+ {
9323
+ "deprecationReason": null,
9324
+ "description": "Source process ID",
9325
+ "isDeprecated": false,
9326
+ "name": "src_pid"
9327
+ },
9328
+ {
9329
+ "deprecationReason": null,
9330
+ "description": "Source process file path",
9331
+ "isDeprecated": false,
9332
+ "name": "src_process_path"
9333
+ },
9334
+ {
9335
+ "deprecationReason": null,
9336
+ "description": "Source process command line",
9337
+ "isDeprecated": false,
9338
+ "name": "src_process_cmdline"
9339
+ },
9340
+ {
9341
+ "deprecationReason": null,
9342
+ "description": "Source process parent process ID",
9343
+ "isDeprecated": false,
9344
+ "name": "src_process_parent_pid"
9345
+ },
9346
+ {
9347
+ "deprecationReason": null,
9348
+ "description": "Source process parent file path",
9349
+ "isDeprecated": false,
9350
+ "name": "src_process_parent_path"
9351
+ },
9352
+ {
9353
+ "deprecationReason": null,
9354
+ "description": "The destination process ID",
9355
+ "isDeprecated": false,
9356
+ "name": "dest_pid"
9357
+ },
9358
+ {
9359
+ "deprecationReason": null,
9360
+ "description": "Destination process file path",
9361
+ "isDeprecated": false,
9362
+ "name": "dest_process_path"
9363
+ },
9364
+ {
9365
+ "deprecationReason": null,
9366
+ "description": "Destination process command line",
9367
+ "isDeprecated": false,
9368
+ "name": "dest_process_cmdline"
9369
+ },
9370
+ {
9371
+ "deprecationReason": null,
9372
+ "description": "Destination process parent process ID",
9373
+ "isDeprecated": false,
9374
+ "name": "dest_process_parent_pid"
9375
+ },
9376
+ {
9377
+ "deprecationReason": null,
9378
+ "description": "Destination process parent file path",
9379
+ "isDeprecated": false,
9380
+ "name": "dest_process_parent_path"
9381
+ },
9382
+ {
9383
+ "deprecationReason": null,
9384
+ "description": "If policy is set to disinfect, return the result of this action",
9385
+ "isDeprecated": false,
9386
+ "name": "disinfect_result"
9387
+ },
9388
+ {
9389
+ "deprecationReason": null,
9390
+ "description": "Indicate how many processes are part of this event",
9391
+ "isDeprecated": false,
9392
+ "name": "processes_count"
9393
+ },
8542
9394
  {
8543
9395
  "deprecationReason": null,
8544
9396
  "description": "HTTP request method (ie. Get, Post)",
@@ -8613,7 +9465,7 @@
8613
9465
  },
8614
9466
  {
8615
9467
  "deprecationReason": null,
8616
- "description": "Cato App",
9468
+ "description": "Cato application name",
8617
9469
  "isDeprecated": false,
8618
9470
  "name": "cato_app"
8619
9471
  },
@@ -8667,7 +9519,7 @@
8667
9519
  },
8668
9520
  {
8669
9521
  "deprecationReason": null,
8670
- "description": "Tenant Id",
9522
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
8671
9523
  "isDeprecated": false,
8672
9524
  "name": "tenant_id"
8673
9525
  },
@@ -8727,7 +9579,7 @@
8727
9579
  },
8728
9580
  {
8729
9581
  "deprecationReason": null,
8730
- "description": "Data Classifiers",
9582
+ "description": "Defines the scanning methods used by the DLP system",
8731
9583
  "isDeprecated": false,
8732
9584
  "name": "dlp_scan_types"
8733
9585
  },
@@ -8805,7 +9657,7 @@
8805
9657
  },
8806
9658
  {
8807
9659
  "deprecationReason": null,
8808
- "description": "Used Public IP",
9660
+ "description": "Public source IP",
8809
9661
  "isDeprecated": false,
8810
9662
  "name": "public_ip"
8811
9663
  },
@@ -8976,6 +9828,54 @@
8976
9828
  "description": "Device Type",
8977
9829
  "isDeprecated": false,
8978
9830
  "name": "device_type"
9831
+ },
9832
+ {
9833
+ "deprecationReason": null,
9834
+ "description": "Tenant Restriction Rule Name",
9835
+ "isDeprecated": false,
9836
+ "name": "tenant_restriction_rule_name"
9837
+ },
9838
+ {
9839
+ "deprecationReason": null,
9840
+ "description": "Connection Origin",
9841
+ "isDeprecated": false,
9842
+ "name": "connection_origin"
9843
+ },
9844
+ {
9845
+ "deprecationReason": null,
9846
+ "description": "Translated Server IP",
9847
+ "isDeprecated": false,
9848
+ "name": "translated_server_ip"
9849
+ },
9850
+ {
9851
+ "deprecationReason": null,
9852
+ "description": "Translated Client IP",
9853
+ "isDeprecated": false,
9854
+ "name": "translated_client_ip"
9855
+ },
9856
+ {
9857
+ "deprecationReason": null,
9858
+ "description": "IoC Container Name",
9859
+ "isDeprecated": false,
9860
+ "name": "container_name"
9861
+ },
9862
+ {
9863
+ "deprecationReason": null,
9864
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
9865
+ "isDeprecated": false,
9866
+ "name": "correlation_id"
9867
+ },
9868
+ {
9869
+ "deprecationReason": null,
9870
+ "description": "Precedence",
9871
+ "isDeprecated": false,
9872
+ "name": "precedence"
9873
+ },
9874
+ {
9875
+ "deprecationReason": null,
9876
+ "description": "A list of labels providing additional context for the event",
9877
+ "isDeprecated": false,
9878
+ "name": "labels"
8979
9879
  }
8980
9880
  ],
8981
9881
  "fields": null,
@@ -9066,6 +9966,24 @@
9066
9966
  },
9067
9967
  "varName": "timeFrame"
9068
9968
  },
9969
+ "useDefaultSizeBucket": {
9970
+ "defaultValue": "false",
9971
+ "description": "In case we want to have the default size bucket (from properties)",
9972
+ "id_str": "data___useDefaultSizeBucket",
9973
+ "name": "useDefaultSizeBucket",
9974
+ "path": "data.useDefaultSizeBucket",
9975
+ "requestStr": "$useDefaultSizeBucket:Boolean ",
9976
+ "required": false,
9977
+ "responseStr": "useDefaultSizeBucket:$useDefaultSizeBucket ",
9978
+ "type": {
9979
+ "kind": [
9980
+ "SCALAR"
9981
+ ],
9982
+ "name": "Boolean",
9983
+ "non_null": false
9984
+ },
9985
+ "varName": "useDefaultSizeBucket"
9986
+ },
9069
9987
  "withMissingData": {
9070
9988
  "defaultValue": "false",
9071
9989
  "description": "If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1",
@@ -9207,6 +10125,24 @@
9207
10125
  },
9208
10126
  "varName": "perSecond"
9209
10127
  },
10128
+ "data___useDefaultSizeBucket": {
10129
+ "defaultValue": "false",
10130
+ "description": "In case we want to have the default size bucket (from properties)",
10131
+ "id_str": "data___useDefaultSizeBucket",
10132
+ "name": "useDefaultSizeBucket",
10133
+ "path": "data.useDefaultSizeBucket",
10134
+ "requestStr": "$useDefaultSizeBucket:Boolean ",
10135
+ "required": false,
10136
+ "responseStr": "useDefaultSizeBucket:$useDefaultSizeBucket ",
10137
+ "type": {
10138
+ "kind": [
10139
+ "SCALAR"
10140
+ ],
10141
+ "name": "Boolean",
10142
+ "non_null": false
10143
+ },
10144
+ "varName": "useDefaultSizeBucket"
10145
+ },
9210
10146
  "data___withMissingData": {
9211
10147
  "defaultValue": "false",
9212
10148
  "description": "If false, the data field will be set to '0' for buckets with no reported data. Otherwise it will be set to -1",
@@ -9699,6 +10635,7 @@
9699
10635
  },
9700
10636
  "perSecond": "Boolean",
9701
10637
  "timeFrame": "TimeFrame",
10638
+ "useDefaultSizeBucket": "Boolean",
9702
10639
  "withMissingData": "Boolean"
9703
10640
  }
9704
10641
  }