catocli 1.0.21__py3-none-any.whl → 2.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of catocli might be problematic. Click here for more details.
- catocli/Utils/clidriver.py +112 -25
- catocli/Utils/profile_manager.py +188 -0
- catocli/Utils/version_checker.py +192 -0
- catocli/__init__.py +1 -1
- catocli/parsers/configure/__init__.py +115 -0
- catocli/parsers/configure/configure.py +307 -0
- catocli/parsers/custom/__init__.py +8 -0
- catocli/parsers/custom/export_rules/__init__.py +36 -0
- catocli/parsers/custom/export_rules/export_rules.py +361 -0
- catocli/parsers/custom/import_rules_to_tf/__init__.py +58 -0
- catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py +577 -0
- catocli/parsers/mutation_admin_addAdmin/README.md +1 -1
- catocli/parsers/mutation_hardware/README.md +7 -0
- catocli/parsers/mutation_hardware/__init__.py +23 -0
- catocli/parsers/mutation_hardware_updateHardwareShipping/README.md +17 -0
- catocli/parsers/mutation_site_addBgpPeer/README.md +1 -1
- catocli/parsers/mutation_site_addNetworkRange/README.md +1 -1
- catocli/parsers/mutation_site_updateBgpPeer/README.md +1 -1
- catocli/parsers/mutation_site_updateNetworkRange/README.md +1 -1
- catocli/parsers/mutation_sites_addBgpPeer/README.md +1 -1
- catocli/parsers/mutation_sites_addNetworkRange/README.md +1 -1
- catocli/parsers/mutation_sites_updateBgpPeer/README.md +1 -1
- catocli/parsers/mutation_sites_updateNetworkRange/README.md +1 -1
- catocli/parsers/query_auditFeed/README.md +1 -1
- catocli/parsers/query_catalogs/README.md +19 -0
- catocli/parsers/query_catalogs/__init__.py +17 -0
- catocli/parsers/query_devices/README.md +19 -0
- catocli/parsers/query_devices/__init__.py +17 -0
- catocli/parsers/query_eventsFeed/README.md +1 -1
- catocli/parsers/query_hardware/README.md +17 -0
- catocli/parsers/query_hardware/__init__.py +17 -0
- catocli/parsers/query_sandbox/README.md +1 -1
- {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/METADATA +1 -1
- {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/RECORD +139 -114
- {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/top_level.txt +1 -0
- graphql_client/api/call_api.py +4 -0
- graphql_client/api_client_types.py +4 -3
- graphql_client/configuration.py +2 -0
- models/mutation.admin.addAdmin.json +130 -0
- models/mutation.hardware.updateHardwareShipping.json +2506 -0
- models/mutation.policy.appTenantRestriction.addRule.json +11 -11
- models/mutation.policy.appTenantRestriction.createPolicyRevision.json +11 -11
- models/mutation.policy.appTenantRestriction.discardPolicyRevision.json +11 -11
- models/mutation.policy.appTenantRestriction.moveRule.json +11 -11
- models/mutation.policy.appTenantRestriction.publishPolicyRevision.json +11 -11
- models/mutation.policy.appTenantRestriction.removeRule.json +11 -11
- models/mutation.policy.appTenantRestriction.updatePolicy.json +11 -11
- models/mutation.policy.appTenantRestriction.updateRule.json +11 -11
- models/mutation.policy.dynamicIpAllocation.addRule.json +4 -4
- models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +4 -4
- models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +4 -4
- models/mutation.policy.dynamicIpAllocation.moveRule.json +4 -4
- models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +4 -4
- models/mutation.policy.dynamicIpAllocation.removeRule.json +4 -4
- models/mutation.policy.dynamicIpAllocation.updatePolicy.json +4 -4
- models/mutation.policy.dynamicIpAllocation.updateRule.json +4 -4
- models/mutation.policy.internetFirewall.addRule.json +63 -63
- models/mutation.policy.internetFirewall.createPolicyRevision.json +45 -45
- models/mutation.policy.internetFirewall.discardPolicyRevision.json +45 -45
- models/mutation.policy.internetFirewall.moveRule.json +45 -45
- models/mutation.policy.internetFirewall.publishPolicyRevision.json +45 -45
- models/mutation.policy.internetFirewall.removeRule.json +45 -45
- models/mutation.policy.internetFirewall.updatePolicy.json +45 -45
- models/mutation.policy.internetFirewall.updateRule.json +63 -63
- models/mutation.policy.remotePortFwd.addRule.json +5 -5
- models/mutation.policy.remotePortFwd.createPolicyRevision.json +5 -5
- models/mutation.policy.remotePortFwd.discardPolicyRevision.json +5 -5
- models/mutation.policy.remotePortFwd.moveRule.json +5 -5
- models/mutation.policy.remotePortFwd.publishPolicyRevision.json +5 -5
- models/mutation.policy.remotePortFwd.removeRule.json +5 -5
- models/mutation.policy.remotePortFwd.updatePolicy.json +5 -5
- models/mutation.policy.remotePortFwd.updateRule.json +5 -5
- models/mutation.policy.socketLan.addRule.json +3580 -125
- models/mutation.policy.socketLan.createPolicyRevision.json +3580 -125
- models/mutation.policy.socketLan.discardPolicyRevision.json +3580 -125
- models/mutation.policy.socketLan.moveRule.json +3580 -125
- models/mutation.policy.socketLan.publishPolicyRevision.json +3580 -125
- models/mutation.policy.socketLan.removeRule.json +3580 -125
- models/mutation.policy.socketLan.updatePolicy.json +3580 -125
- models/mutation.policy.socketLan.updateRule.json +3580 -125
- models/mutation.policy.wanFirewall.addRule.json +77 -77
- models/mutation.policy.wanFirewall.createPolicyRevision.json +59 -59
- models/mutation.policy.wanFirewall.discardPolicyRevision.json +59 -59
- models/mutation.policy.wanFirewall.moveRule.json +59 -59
- models/mutation.policy.wanFirewall.publishPolicyRevision.json +59 -59
- models/mutation.policy.wanFirewall.removeRule.json +59 -59
- models/mutation.policy.wanFirewall.updatePolicy.json +59 -59
- models/mutation.policy.wanFirewall.updateRule.json +77 -77
- models/mutation.policy.wanNetwork.addRule.json +49 -49
- models/mutation.policy.wanNetwork.createPolicyRevision.json +49 -49
- models/mutation.policy.wanNetwork.discardPolicyRevision.json +49 -49
- models/mutation.policy.wanNetwork.moveRule.json +49 -49
- models/mutation.policy.wanNetwork.publishPolicyRevision.json +49 -49
- models/mutation.policy.wanNetwork.removeRule.json +49 -49
- models/mutation.policy.wanNetwork.updatePolicy.json +49 -49
- models/mutation.policy.wanNetwork.updateRule.json +49 -49
- models/mutation.site.addBgpPeer.json +2812 -217
- models/mutation.site.addNetworkRange.json +114 -0
- models/mutation.site.addSocketSite.json +18 -0
- models/mutation.site.removeBgpPeer.json +667 -1
- models/mutation.site.updateBgpPeer.json +3152 -559
- models/mutation.site.updateNetworkRange.json +114 -0
- models/mutation.sites.addBgpPeer.json +2812 -217
- models/mutation.sites.addNetworkRange.json +114 -0
- models/mutation.sites.addSocketSite.json +18 -0
- models/mutation.sites.removeBgpPeer.json +667 -1
- models/mutation.sites.updateBgpPeer.json +3152 -559
- models/mutation.sites.updateNetworkRange.json +114 -0
- models/mutation.xdr.addStoryComment.json +2 -2
- models/mutation.xdr.analystFeedback.json +182 -42
- models/mutation.xdr.deleteStoryComment.json +2 -2
- models/query.accountMetrics.json +112 -0
- models/query.accountSnapshot.json +62 -0
- models/query.admin.json +46 -0
- models/query.admins.json +46 -0
- models/query.appStats.json +528 -0
- models/query.appStatsTimeSeries.json +396 -0
- models/query.auditFeed.json +273 -3336
- models/query.catalogs.json +9840 -0
- models/query.devices.json +15469 -0
- models/query.events.json +4606 -4318
- models/query.eventsFeed.json +1167 -1095
- models/query.eventsTimeSeries.json +3459 -3243
- models/query.hardware.json +5730 -0
- models/query.hardwareManagement.json +8 -2
- models/query.licensing.json +3 -3
- models/query.policy.json +3743 -298
- models/query.sandbox.json +6 -4
- models/query.site.json +1329 -4
- models/query.xdr.stories.json +182 -42
- models/query.xdr.story.json +182 -42
- schema/catolib.py +105 -28
- scripts/catolib.py +62 -0
- scripts/export_if_rules_to_json.py +188 -0
- scripts/export_wf_rules_to_json.py +111 -0
- scripts/import_wf_rules_to_tfstate.py +331 -0
- {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/LICENSE +0 -0
- {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/WHEEL +0 -0
- {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/entry_points.txt +0 -0
|
@@ -2108,7 +2108,7 @@
|
|
|
2108
2108
|
"responseStr": "site:$siteRef ",
|
|
2109
2109
|
"type": {
|
|
2110
2110
|
"definition": {
|
|
2111
|
-
"description":
|
|
2111
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
2112
2112
|
"enumValues": null,
|
|
2113
2113
|
"fields": {
|
|
2114
2114
|
"id": {
|
|
@@ -2352,7 +2352,7 @@
|
|
|
2352
2352
|
"responseStr": "user:$userRef ",
|
|
2353
2353
|
"type": {
|
|
2354
2354
|
"definition": {
|
|
2355
|
-
"description":
|
|
2355
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
2356
2356
|
"enumValues": null,
|
|
2357
2357
|
"fields": {
|
|
2358
2358
|
"id": {
|
|
@@ -2465,7 +2465,7 @@
|
|
|
2465
2465
|
"name": "MergedIncident",
|
|
2466
2466
|
"possibleTypes": {
|
|
2467
2467
|
"AnomalyEvents": {
|
|
2468
|
-
"description":
|
|
2468
|
+
"description": "The `AnomalyEvents` object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.",
|
|
2469
2469
|
"enumValues": null,
|
|
2470
2470
|
"fields": {
|
|
2471
2471
|
"analystFeedback": {
|
|
@@ -4103,7 +4103,7 @@
|
|
|
4103
4103
|
"responseStr": "site:$siteRef ",
|
|
4104
4104
|
"type": {
|
|
4105
4105
|
"definition": {
|
|
4106
|
-
"description":
|
|
4106
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
4107
4107
|
"enumValues": null,
|
|
4108
4108
|
"fields": {
|
|
4109
4109
|
"id": {
|
|
@@ -5402,7 +5402,7 @@
|
|
|
5402
5402
|
"responseStr": "user:$userRef ",
|
|
5403
5403
|
"type": {
|
|
5404
5404
|
"definition": {
|
|
5405
|
-
"description":
|
|
5405
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
5406
5406
|
"enumValues": null,
|
|
5407
5407
|
"fields": {
|
|
5408
5408
|
"id": {
|
|
@@ -5516,7 +5516,7 @@
|
|
|
5516
5516
|
"possibleTypes": null
|
|
5517
5517
|
},
|
|
5518
5518
|
"AnomalyStats": {
|
|
5519
|
-
"description":
|
|
5519
|
+
"description": "The `AnomalyStats` object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.",
|
|
5520
5520
|
"enumValues": null,
|
|
5521
5521
|
"fields": {
|
|
5522
5522
|
"analystFeedback": {
|
|
@@ -7154,7 +7154,7 @@
|
|
|
7154
7154
|
"responseStr": "site:$siteRef ",
|
|
7155
7155
|
"type": {
|
|
7156
7156
|
"definition": {
|
|
7157
|
-
"description":
|
|
7157
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
7158
7158
|
"enumValues": null,
|
|
7159
7159
|
"fields": {
|
|
7160
7160
|
"id": {
|
|
@@ -8453,7 +8453,7 @@
|
|
|
8453
8453
|
"responseStr": "user:$userRef ",
|
|
8454
8454
|
"type": {
|
|
8455
8455
|
"definition": {
|
|
8456
|
-
"description":
|
|
8456
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
8457
8457
|
"enumValues": null,
|
|
8458
8458
|
"fields": {
|
|
8459
8459
|
"id": {
|
|
@@ -8567,7 +8567,7 @@
|
|
|
8567
8567
|
"possibleTypes": null
|
|
8568
8568
|
},
|
|
8569
8569
|
"CatoEndpoint": {
|
|
8570
|
-
"description":
|
|
8570
|
+
"description": "The `CatoEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.",
|
|
8571
8571
|
"enumValues": null,
|
|
8572
8572
|
"fields": {
|
|
8573
8573
|
"alerts": {
|
|
@@ -8583,7 +8583,7 @@
|
|
|
8583
8583
|
"responseStr": "alerts:$catoEndpointAlert ",
|
|
8584
8584
|
"type": {
|
|
8585
8585
|
"definition": {
|
|
8586
|
-
"description":
|
|
8586
|
+
"description": "The `CatoEndpointAlert` object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.",
|
|
8587
8587
|
"enumValues": null,
|
|
8588
8588
|
"fields": {
|
|
8589
8589
|
"activities": {
|
|
@@ -8600,7 +8600,7 @@
|
|
|
8600
8600
|
"responseStr": "activities:$catoActivity ",
|
|
8601
8601
|
"type": {
|
|
8602
8602
|
"definition": {
|
|
8603
|
-
"description":
|
|
8603
|
+
"description": "CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.",
|
|
8604
8604
|
"enumValues": null,
|
|
8605
8605
|
"fields": {
|
|
8606
8606
|
"id": {
|
|
@@ -8810,6 +8810,26 @@
|
|
|
8810
8810
|
},
|
|
8811
8811
|
"varName": "engineType"
|
|
8812
8812
|
},
|
|
8813
|
+
"externalIp": {
|
|
8814
|
+
"args": {},
|
|
8815
|
+
"deprecationReason": null,
|
|
8816
|
+
"description": null,
|
|
8817
|
+
"id_str": "analystFeedback___story___incident___CatoEndpoint___alerts___externalIp",
|
|
8818
|
+
"isDeprecated": false,
|
|
8819
|
+
"name": "externalIp",
|
|
8820
|
+
"path": "analystFeedback.story.incident.CatoEndpoint.alerts.externalIp",
|
|
8821
|
+
"requestStr": "$externalIp:String ",
|
|
8822
|
+
"required": false,
|
|
8823
|
+
"responseStr": "externalIp:$externalIp ",
|
|
8824
|
+
"type": {
|
|
8825
|
+
"kind": [
|
|
8826
|
+
"SCALAR"
|
|
8827
|
+
],
|
|
8828
|
+
"name": "String",
|
|
8829
|
+
"non_null": false
|
|
8830
|
+
},
|
|
8831
|
+
"varName": "externalIp"
|
|
8832
|
+
},
|
|
8813
8833
|
"id": {
|
|
8814
8834
|
"args": {},
|
|
8815
8835
|
"deprecationReason": null,
|
|
@@ -8831,6 +8851,26 @@
|
|
|
8831
8851
|
},
|
|
8832
8852
|
"varName": "id"
|
|
8833
8853
|
},
|
|
8854
|
+
"localIp": {
|
|
8855
|
+
"args": {},
|
|
8856
|
+
"deprecationReason": null,
|
|
8857
|
+
"description": null,
|
|
8858
|
+
"id_str": "analystFeedback___story___incident___CatoEndpoint___alerts___localIp",
|
|
8859
|
+
"isDeprecated": false,
|
|
8860
|
+
"name": "localIp",
|
|
8861
|
+
"path": "analystFeedback.story.incident.CatoEndpoint.alerts.localIp",
|
|
8862
|
+
"requestStr": "$localIp:String ",
|
|
8863
|
+
"required": false,
|
|
8864
|
+
"responseStr": "localIp:$localIp ",
|
|
8865
|
+
"type": {
|
|
8866
|
+
"kind": [
|
|
8867
|
+
"SCALAR"
|
|
8868
|
+
],
|
|
8869
|
+
"name": "String",
|
|
8870
|
+
"non_null": false
|
|
8871
|
+
},
|
|
8872
|
+
"varName": "localIp"
|
|
8873
|
+
},
|
|
8834
8874
|
"mitreSubTechnique": {
|
|
8835
8875
|
"alias": "mitreMitreSubTechnique: mitreSubTechnique",
|
|
8836
8876
|
"args": {},
|
|
@@ -9201,7 +9241,7 @@
|
|
|
9201
9241
|
"name": "CatoResource",
|
|
9202
9242
|
"possibleTypes": {
|
|
9203
9243
|
"CatoFileResource": {
|
|
9204
|
-
"description":
|
|
9244
|
+
"description": "The `CatoFileResource` is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.",
|
|
9205
9245
|
"enumValues": null,
|
|
9206
9246
|
"fields": {
|
|
9207
9247
|
"createdDateTime": {
|
|
@@ -9670,7 +9710,7 @@
|
|
|
9670
9710
|
"possibleTypes": null
|
|
9671
9711
|
},
|
|
9672
9712
|
"CatoProcessResource": {
|
|
9673
|
-
"description":
|
|
9713
|
+
"description": "The `CatoProcessResource` is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.",
|
|
9674
9714
|
"enumValues": null,
|
|
9675
9715
|
"fields": {
|
|
9676
9716
|
"createdDateTime": {
|
|
@@ -10187,7 +10227,7 @@
|
|
|
10187
10227
|
"name": "EndpointUser",
|
|
10188
10228
|
"possibleTypes": {
|
|
10189
10229
|
"CatoEndpointUser": {
|
|
10190
|
-
"description":
|
|
10230
|
+
"description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
|
|
10191
10231
|
"enumValues": null,
|
|
10192
10232
|
"fields": {
|
|
10193
10233
|
"id": {
|
|
@@ -10242,7 +10282,7 @@
|
|
|
10242
10282
|
"possibleTypes": null
|
|
10243
10283
|
},
|
|
10244
10284
|
"MicrosoftEndpointUser": {
|
|
10245
|
-
"description":
|
|
10285
|
+
"description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
|
|
10246
10286
|
"enumValues": null,
|
|
10247
10287
|
"fields": {
|
|
10248
10288
|
"accountName": {
|
|
@@ -10997,7 +11037,7 @@
|
|
|
10997
11037
|
"responseStr": "device:$catoEndpointDeviceDetails ",
|
|
10998
11038
|
"type": {
|
|
10999
11039
|
"definition": {
|
|
11000
|
-
"description":
|
|
11040
|
+
"description": "The `CatoEndpointDeviceDetails` object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.",
|
|
11001
11041
|
"enumValues": null,
|
|
11002
11042
|
"fields": {
|
|
11003
11043
|
"deviceName": {
|
|
@@ -11020,6 +11060,26 @@
|
|
|
11020
11060
|
},
|
|
11021
11061
|
"varName": "deviceName"
|
|
11022
11062
|
},
|
|
11063
|
+
"externalIp": {
|
|
11064
|
+
"args": {},
|
|
11065
|
+
"deprecationReason": null,
|
|
11066
|
+
"description": null,
|
|
11067
|
+
"id_str": "analystFeedback___story___incident___CatoEndpoint___device___externalIp",
|
|
11068
|
+
"isDeprecated": false,
|
|
11069
|
+
"name": "externalIp",
|
|
11070
|
+
"path": "analystFeedback.story.incident.CatoEndpoint.device.externalIp",
|
|
11071
|
+
"requestStr": "$externalIp:String ",
|
|
11072
|
+
"required": false,
|
|
11073
|
+
"responseStr": "externalIp:$externalIp ",
|
|
11074
|
+
"type": {
|
|
11075
|
+
"kind": [
|
|
11076
|
+
"SCALAR"
|
|
11077
|
+
],
|
|
11078
|
+
"name": "String",
|
|
11079
|
+
"non_null": false
|
|
11080
|
+
},
|
|
11081
|
+
"varName": "externalIp"
|
|
11082
|
+
},
|
|
11023
11083
|
"id": {
|
|
11024
11084
|
"args": {},
|
|
11025
11085
|
"deprecationReason": null,
|
|
@@ -11041,6 +11101,26 @@
|
|
|
11041
11101
|
},
|
|
11042
11102
|
"varName": "id"
|
|
11043
11103
|
},
|
|
11104
|
+
"localIp": {
|
|
11105
|
+
"args": {},
|
|
11106
|
+
"deprecationReason": null,
|
|
11107
|
+
"description": null,
|
|
11108
|
+
"id_str": "analystFeedback___story___incident___CatoEndpoint___device___localIp",
|
|
11109
|
+
"isDeprecated": false,
|
|
11110
|
+
"name": "localIp",
|
|
11111
|
+
"path": "analystFeedback.story.incident.CatoEndpoint.device.localIp",
|
|
11112
|
+
"requestStr": "$localIp:String ",
|
|
11113
|
+
"required": false,
|
|
11114
|
+
"responseStr": "localIp:$localIp ",
|
|
11115
|
+
"type": {
|
|
11116
|
+
"kind": [
|
|
11117
|
+
"SCALAR"
|
|
11118
|
+
],
|
|
11119
|
+
"name": "String",
|
|
11120
|
+
"non_null": false
|
|
11121
|
+
},
|
|
11122
|
+
"varName": "localIp"
|
|
11123
|
+
},
|
|
11044
11124
|
"loggedOnUsers": {
|
|
11045
11125
|
"args": {},
|
|
11046
11126
|
"deprecationReason": null,
|
|
@@ -11106,7 +11186,7 @@
|
|
|
11106
11186
|
"name": "EndpointUser",
|
|
11107
11187
|
"possibleTypes": {
|
|
11108
11188
|
"CatoEndpointUser": {
|
|
11109
|
-
"description":
|
|
11189
|
+
"description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
|
|
11110
11190
|
"enumValues": null,
|
|
11111
11191
|
"fields": {
|
|
11112
11192
|
"id": {
|
|
@@ -11161,7 +11241,7 @@
|
|
|
11161
11241
|
"possibleTypes": null
|
|
11162
11242
|
},
|
|
11163
11243
|
"MicrosoftEndpointUser": {
|
|
11164
|
-
"description":
|
|
11244
|
+
"description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
|
|
11165
11245
|
"enumValues": null,
|
|
11166
11246
|
"fields": {
|
|
11167
11247
|
"accountName": {
|
|
@@ -11994,7 +12074,7 @@
|
|
|
11994
12074
|
"responseStr": "site:$siteRef ",
|
|
11995
12075
|
"type": {
|
|
11996
12076
|
"definition": {
|
|
11997
|
-
"description":
|
|
12077
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
11998
12078
|
"enumValues": null,
|
|
11999
12079
|
"fields": {
|
|
12000
12080
|
"id": {
|
|
@@ -12243,7 +12323,7 @@
|
|
|
12243
12323
|
"responseStr": "user:$userRef ",
|
|
12244
12324
|
"type": {
|
|
12245
12325
|
"definition": {
|
|
12246
|
-
"description":
|
|
12326
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
12247
12327
|
"enumValues": null,
|
|
12248
12328
|
"fields": {
|
|
12249
12329
|
"id": {
|
|
@@ -12357,7 +12437,7 @@
|
|
|
12357
12437
|
"possibleTypes": null
|
|
12358
12438
|
},
|
|
12359
12439
|
"MicrosoftEndpoint": {
|
|
12360
|
-
"description":
|
|
12440
|
+
"description": "The `MicrosoftEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.",
|
|
12361
12441
|
"enumValues": null,
|
|
12362
12442
|
"fields": {
|
|
12363
12443
|
"alerts": {
|
|
@@ -12373,7 +12453,7 @@
|
|
|
12373
12453
|
"responseStr": "alerts:$microsoftDefenderEndpointAlert ",
|
|
12374
12454
|
"type": {
|
|
12375
12455
|
"definition": {
|
|
12376
|
-
"description":
|
|
12456
|
+
"description": "The `MicrosoftDefenderEndpointAlert` object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.",
|
|
12377
12457
|
"enumValues": null,
|
|
12378
12458
|
"fields": {
|
|
12379
12459
|
"activities": {
|
|
@@ -12390,7 +12470,7 @@
|
|
|
12390
12470
|
"responseStr": "activities:$microsoftActivity ",
|
|
12391
12471
|
"type": {
|
|
12392
12472
|
"definition": {
|
|
12393
|
-
"description":
|
|
12473
|
+
"description": "The `MicrosoftActivity` object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.",
|
|
12394
12474
|
"enumValues": null,
|
|
12395
12475
|
"fields": {
|
|
12396
12476
|
"action": {
|
|
@@ -12995,6 +13075,26 @@
|
|
|
12995
13075
|
},
|
|
12996
13076
|
"varName": "determination"
|
|
12997
13077
|
},
|
|
13078
|
+
"externalIp": {
|
|
13079
|
+
"args": {},
|
|
13080
|
+
"deprecationReason": null,
|
|
13081
|
+
"description": null,
|
|
13082
|
+
"id_str": "analystFeedback___story___incident___MicrosoftEndpoint___alerts___externalIp",
|
|
13083
|
+
"isDeprecated": false,
|
|
13084
|
+
"name": "externalIp",
|
|
13085
|
+
"path": "analystFeedback.story.incident.MicrosoftEndpoint.alerts.externalIp",
|
|
13086
|
+
"requestStr": "$externalIp:String ",
|
|
13087
|
+
"required": false,
|
|
13088
|
+
"responseStr": "externalIp:$externalIp ",
|
|
13089
|
+
"type": {
|
|
13090
|
+
"kind": [
|
|
13091
|
+
"SCALAR"
|
|
13092
|
+
],
|
|
13093
|
+
"name": "String",
|
|
13094
|
+
"non_null": false
|
|
13095
|
+
},
|
|
13096
|
+
"varName": "externalIp"
|
|
13097
|
+
},
|
|
12998
13098
|
"firstActivityDateTime": {
|
|
12999
13099
|
"args": {},
|
|
13000
13100
|
"deprecationReason": null,
|
|
@@ -13766,7 +13866,7 @@
|
|
|
13766
13866
|
"name": "MicrosoftEndpointResource",
|
|
13767
13867
|
"possibleTypes": {
|
|
13768
13868
|
"MicrosoftFileResource": {
|
|
13769
|
-
"description":
|
|
13869
|
+
"description": "The `MicrosoftFileResource` object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.",
|
|
13770
13870
|
"enumValues": null,
|
|
13771
13871
|
"fields": {
|
|
13772
13872
|
"createdDateTime": {
|
|
@@ -14457,7 +14557,7 @@
|
|
|
14457
14557
|
"possibleTypes": null
|
|
14458
14558
|
},
|
|
14459
14559
|
"MicrosoftProcessResource": {
|
|
14460
|
-
"description":
|
|
14560
|
+
"description": "The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.",
|
|
14461
14561
|
"enumValues": null,
|
|
14462
14562
|
"fields": {
|
|
14463
14563
|
"createdDateTime": {
|
|
@@ -15139,7 +15239,7 @@
|
|
|
15139
15239
|
"name": "EndpointUser",
|
|
15140
15240
|
"possibleTypes": {
|
|
15141
15241
|
"CatoEndpointUser": {
|
|
15142
|
-
"description":
|
|
15242
|
+
"description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
|
|
15143
15243
|
"enumValues": null,
|
|
15144
15244
|
"fields": {
|
|
15145
15245
|
"id": {
|
|
@@ -15194,7 +15294,7 @@
|
|
|
15194
15294
|
"possibleTypes": null
|
|
15195
15295
|
},
|
|
15196
15296
|
"MicrosoftEndpointUser": {
|
|
15197
|
-
"description":
|
|
15297
|
+
"description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
|
|
15198
15298
|
"enumValues": null,
|
|
15199
15299
|
"fields": {
|
|
15200
15300
|
"accountName": {
|
|
@@ -15404,7 +15504,7 @@
|
|
|
15404
15504
|
"possibleTypes": null
|
|
15405
15505
|
},
|
|
15406
15506
|
"MicrosoftRegistryResource": {
|
|
15407
|
-
"description":
|
|
15507
|
+
"description": "The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
|
|
15408
15508
|
"enumValues": null,
|
|
15409
15509
|
"fields": {
|
|
15410
15510
|
"createdDateTime": {
|
|
@@ -16473,7 +16573,7 @@
|
|
|
16473
16573
|
"responseStr": "device:$microsoftDeviceDetails ",
|
|
16474
16574
|
"type": {
|
|
16475
16575
|
"definition": {
|
|
16476
|
-
"description":
|
|
16576
|
+
"description": "The `MicrosoftDeviceDetails` object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.",
|
|
16477
16577
|
"enumValues": null,
|
|
16478
16578
|
"fields": {
|
|
16479
16579
|
"avStatus": {
|
|
@@ -16572,6 +16672,26 @@
|
|
|
16572
16672
|
},
|
|
16573
16673
|
"varName": "deviceName"
|
|
16574
16674
|
},
|
|
16675
|
+
"externalIp": {
|
|
16676
|
+
"args": {},
|
|
16677
|
+
"deprecationReason": null,
|
|
16678
|
+
"description": null,
|
|
16679
|
+
"id_str": "analystFeedback___story___incident___MicrosoftEndpoint___device___externalIp",
|
|
16680
|
+
"isDeprecated": false,
|
|
16681
|
+
"name": "externalIp",
|
|
16682
|
+
"path": "analystFeedback.story.incident.MicrosoftEndpoint.device.externalIp",
|
|
16683
|
+
"requestStr": "$externalIp:String ",
|
|
16684
|
+
"required": false,
|
|
16685
|
+
"responseStr": "externalIp:$externalIp ",
|
|
16686
|
+
"type": {
|
|
16687
|
+
"kind": [
|
|
16688
|
+
"SCALAR"
|
|
16689
|
+
],
|
|
16690
|
+
"name": "String",
|
|
16691
|
+
"non_null": false
|
|
16692
|
+
},
|
|
16693
|
+
"varName": "externalIp"
|
|
16694
|
+
},
|
|
16575
16695
|
"firstSeenDateTime": {
|
|
16576
16696
|
"args": {},
|
|
16577
16697
|
"deprecationReason": null,
|
|
@@ -16698,6 +16818,26 @@
|
|
|
16698
16818
|
},
|
|
16699
16819
|
"varName": "ipInterfaces"
|
|
16700
16820
|
},
|
|
16821
|
+
"localIp": {
|
|
16822
|
+
"args": {},
|
|
16823
|
+
"deprecationReason": null,
|
|
16824
|
+
"description": null,
|
|
16825
|
+
"id_str": "analystFeedback___story___incident___MicrosoftEndpoint___device___localIp",
|
|
16826
|
+
"isDeprecated": false,
|
|
16827
|
+
"name": "localIp",
|
|
16828
|
+
"path": "analystFeedback.story.incident.MicrosoftEndpoint.device.localIp",
|
|
16829
|
+
"requestStr": "$localIp:String ",
|
|
16830
|
+
"required": false,
|
|
16831
|
+
"responseStr": "localIp:$localIp ",
|
|
16832
|
+
"type": {
|
|
16833
|
+
"kind": [
|
|
16834
|
+
"SCALAR"
|
|
16835
|
+
],
|
|
16836
|
+
"name": "String",
|
|
16837
|
+
"non_null": false
|
|
16838
|
+
},
|
|
16839
|
+
"varName": "localIp"
|
|
16840
|
+
},
|
|
16701
16841
|
"loggedOnUsers": {
|
|
16702
16842
|
"args": {},
|
|
16703
16843
|
"deprecationReason": null,
|
|
@@ -16763,7 +16903,7 @@
|
|
|
16763
16903
|
"name": "EndpointUser",
|
|
16764
16904
|
"possibleTypes": {
|
|
16765
16905
|
"CatoEndpointUser": {
|
|
16766
|
-
"description":
|
|
16906
|
+
"description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
|
|
16767
16907
|
"enumValues": null,
|
|
16768
16908
|
"fields": {
|
|
16769
16909
|
"id": {
|
|
@@ -16818,7 +16958,7 @@
|
|
|
16818
16958
|
"possibleTypes": null
|
|
16819
16959
|
},
|
|
16820
16960
|
"MicrosoftEndpointUser": {
|
|
16821
|
-
"description":
|
|
16961
|
+
"description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
|
|
16822
16962
|
"enumValues": null,
|
|
16823
16963
|
"fields": {
|
|
16824
16964
|
"accountName": {
|
|
@@ -17754,7 +17894,7 @@
|
|
|
17754
17894
|
"responseStr": "site:$siteRef ",
|
|
17755
17895
|
"type": {
|
|
17756
17896
|
"definition": {
|
|
17757
|
-
"description":
|
|
17897
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
17758
17898
|
"enumValues": null,
|
|
17759
17899
|
"fields": {
|
|
17760
17900
|
"id": {
|
|
@@ -18003,7 +18143,7 @@
|
|
|
18003
18143
|
"responseStr": "user:$userRef ",
|
|
18004
18144
|
"type": {
|
|
18005
18145
|
"definition": {
|
|
18006
|
-
"description":
|
|
18146
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
18007
18147
|
"enumValues": null,
|
|
18008
18148
|
"fields": {
|
|
18009
18149
|
"id": {
|
|
@@ -18117,7 +18257,7 @@
|
|
|
18117
18257
|
"possibleTypes": null
|
|
18118
18258
|
},
|
|
18119
18259
|
"NetworkXDRIncident": {
|
|
18120
|
-
"description":
|
|
18260
|
+
"description": "The `NetworkXDRIncident` object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.",
|
|
18121
18261
|
"enumValues": null,
|
|
18122
18262
|
"fields": {
|
|
18123
18263
|
"acknowledged": {
|
|
@@ -21022,7 +21162,7 @@
|
|
|
21022
21162
|
"responseStr": "site:$siteRef ",
|
|
21023
21163
|
"type": {
|
|
21024
21164
|
"definition": {
|
|
21025
|
-
"description":
|
|
21165
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
21026
21166
|
"enumValues": null,
|
|
21027
21167
|
"fields": {
|
|
21028
21168
|
"id": {
|
|
@@ -21333,7 +21473,7 @@
|
|
|
21333
21473
|
"responseStr": "user:$userRef ",
|
|
21334
21474
|
"type": {
|
|
21335
21475
|
"definition": {
|
|
21336
|
-
"description":
|
|
21476
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
21337
21477
|
"enumValues": null,
|
|
21338
21478
|
"fields": {
|
|
21339
21479
|
"id": {
|
|
@@ -21447,7 +21587,7 @@
|
|
|
21447
21587
|
"possibleTypes": null
|
|
21448
21588
|
},
|
|
21449
21589
|
"Threat": {
|
|
21450
|
-
"description":
|
|
21590
|
+
"description": "The \"Threat\" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.",
|
|
21451
21591
|
"enumValues": null,
|
|
21452
21592
|
"fields": {
|
|
21453
21593
|
"analystFeedback": {
|
|
@@ -23504,7 +23644,7 @@
|
|
|
23504
23644
|
"responseStr": "site:$siteRef ",
|
|
23505
23645
|
"type": {
|
|
23506
23646
|
"definition": {
|
|
23507
|
-
"description":
|
|
23647
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
23508
23648
|
"enumValues": null,
|
|
23509
23649
|
"fields": {
|
|
23510
23650
|
"id": {
|
|
@@ -24783,7 +24923,7 @@
|
|
|
24783
24923
|
"responseStr": "user:$userRef ",
|
|
24784
24924
|
"type": {
|
|
24785
24925
|
"definition": {
|
|
24786
|
-
"description":
|
|
24926
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
24787
24927
|
"enumValues": null,
|
|
24788
24928
|
"fields": {
|
|
24789
24929
|
"id": {
|
|
@@ -24897,7 +25037,7 @@
|
|
|
24897
25037
|
"possibleTypes": null
|
|
24898
25038
|
},
|
|
24899
25039
|
"ThreatPrevention": {
|
|
24900
|
-
"description":
|
|
25040
|
+
"description": "The `ThreatPrevention` object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.",
|
|
24901
25041
|
"enumValues": null,
|
|
24902
25042
|
"fields": {
|
|
24903
25043
|
"analystFeedback": {
|
|
@@ -26440,7 +26580,7 @@
|
|
|
26440
26580
|
"responseStr": "site:$siteRef ",
|
|
26441
26581
|
"type": {
|
|
26442
26582
|
"definition": {
|
|
26443
|
-
"description":
|
|
26583
|
+
"description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
|
|
26444
26584
|
"enumValues": null,
|
|
26445
26585
|
"fields": {
|
|
26446
26586
|
"id": {
|
|
@@ -28233,7 +28373,7 @@
|
|
|
28233
28373
|
"responseStr": "user:$userRef ",
|
|
28234
28374
|
"type": {
|
|
28235
28375
|
"definition": {
|
|
28236
|
-
"description":
|
|
28376
|
+
"description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
|
|
28237
28377
|
"enumValues": null,
|
|
28238
28378
|
"fields": {
|
|
28239
28379
|
"id": {
|