catocli 1.0.21__py3-none-any.whl → 2.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (139) hide show
  1. catocli/Utils/clidriver.py +112 -25
  2. catocli/Utils/profile_manager.py +188 -0
  3. catocli/Utils/version_checker.py +192 -0
  4. catocli/__init__.py +1 -1
  5. catocli/parsers/configure/__init__.py +115 -0
  6. catocli/parsers/configure/configure.py +307 -0
  7. catocli/parsers/custom/__init__.py +8 -0
  8. catocli/parsers/custom/export_rules/__init__.py +36 -0
  9. catocli/parsers/custom/export_rules/export_rules.py +361 -0
  10. catocli/parsers/custom/import_rules_to_tf/__init__.py +58 -0
  11. catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py +577 -0
  12. catocli/parsers/mutation_admin_addAdmin/README.md +1 -1
  13. catocli/parsers/mutation_hardware/README.md +7 -0
  14. catocli/parsers/mutation_hardware/__init__.py +23 -0
  15. catocli/parsers/mutation_hardware_updateHardwareShipping/README.md +17 -0
  16. catocli/parsers/mutation_site_addBgpPeer/README.md +1 -1
  17. catocli/parsers/mutation_site_addNetworkRange/README.md +1 -1
  18. catocli/parsers/mutation_site_updateBgpPeer/README.md +1 -1
  19. catocli/parsers/mutation_site_updateNetworkRange/README.md +1 -1
  20. catocli/parsers/mutation_sites_addBgpPeer/README.md +1 -1
  21. catocli/parsers/mutation_sites_addNetworkRange/README.md +1 -1
  22. catocli/parsers/mutation_sites_updateBgpPeer/README.md +1 -1
  23. catocli/parsers/mutation_sites_updateNetworkRange/README.md +1 -1
  24. catocli/parsers/query_auditFeed/README.md +1 -1
  25. catocli/parsers/query_catalogs/README.md +19 -0
  26. catocli/parsers/query_catalogs/__init__.py +17 -0
  27. catocli/parsers/query_devices/README.md +19 -0
  28. catocli/parsers/query_devices/__init__.py +17 -0
  29. catocli/parsers/query_eventsFeed/README.md +1 -1
  30. catocli/parsers/query_hardware/README.md +17 -0
  31. catocli/parsers/query_hardware/__init__.py +17 -0
  32. catocli/parsers/query_sandbox/README.md +1 -1
  33. {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/METADATA +1 -1
  34. {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/RECORD +139 -114
  35. {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/top_level.txt +1 -0
  36. graphql_client/api/call_api.py +4 -0
  37. graphql_client/api_client_types.py +4 -3
  38. graphql_client/configuration.py +2 -0
  39. models/mutation.admin.addAdmin.json +130 -0
  40. models/mutation.hardware.updateHardwareShipping.json +2506 -0
  41. models/mutation.policy.appTenantRestriction.addRule.json +11 -11
  42. models/mutation.policy.appTenantRestriction.createPolicyRevision.json +11 -11
  43. models/mutation.policy.appTenantRestriction.discardPolicyRevision.json +11 -11
  44. models/mutation.policy.appTenantRestriction.moveRule.json +11 -11
  45. models/mutation.policy.appTenantRestriction.publishPolicyRevision.json +11 -11
  46. models/mutation.policy.appTenantRestriction.removeRule.json +11 -11
  47. models/mutation.policy.appTenantRestriction.updatePolicy.json +11 -11
  48. models/mutation.policy.appTenantRestriction.updateRule.json +11 -11
  49. models/mutation.policy.dynamicIpAllocation.addRule.json +4 -4
  50. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +4 -4
  51. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +4 -4
  52. models/mutation.policy.dynamicIpAllocation.moveRule.json +4 -4
  53. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +4 -4
  54. models/mutation.policy.dynamicIpAllocation.removeRule.json +4 -4
  55. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +4 -4
  56. models/mutation.policy.dynamicIpAllocation.updateRule.json +4 -4
  57. models/mutation.policy.internetFirewall.addRule.json +63 -63
  58. models/mutation.policy.internetFirewall.createPolicyRevision.json +45 -45
  59. models/mutation.policy.internetFirewall.discardPolicyRevision.json +45 -45
  60. models/mutation.policy.internetFirewall.moveRule.json +45 -45
  61. models/mutation.policy.internetFirewall.publishPolicyRevision.json +45 -45
  62. models/mutation.policy.internetFirewall.removeRule.json +45 -45
  63. models/mutation.policy.internetFirewall.updatePolicy.json +45 -45
  64. models/mutation.policy.internetFirewall.updateRule.json +63 -63
  65. models/mutation.policy.remotePortFwd.addRule.json +5 -5
  66. models/mutation.policy.remotePortFwd.createPolicyRevision.json +5 -5
  67. models/mutation.policy.remotePortFwd.discardPolicyRevision.json +5 -5
  68. models/mutation.policy.remotePortFwd.moveRule.json +5 -5
  69. models/mutation.policy.remotePortFwd.publishPolicyRevision.json +5 -5
  70. models/mutation.policy.remotePortFwd.removeRule.json +5 -5
  71. models/mutation.policy.remotePortFwd.updatePolicy.json +5 -5
  72. models/mutation.policy.remotePortFwd.updateRule.json +5 -5
  73. models/mutation.policy.socketLan.addRule.json +3580 -125
  74. models/mutation.policy.socketLan.createPolicyRevision.json +3580 -125
  75. models/mutation.policy.socketLan.discardPolicyRevision.json +3580 -125
  76. models/mutation.policy.socketLan.moveRule.json +3580 -125
  77. models/mutation.policy.socketLan.publishPolicyRevision.json +3580 -125
  78. models/mutation.policy.socketLan.removeRule.json +3580 -125
  79. models/mutation.policy.socketLan.updatePolicy.json +3580 -125
  80. models/mutation.policy.socketLan.updateRule.json +3580 -125
  81. models/mutation.policy.wanFirewall.addRule.json +77 -77
  82. models/mutation.policy.wanFirewall.createPolicyRevision.json +59 -59
  83. models/mutation.policy.wanFirewall.discardPolicyRevision.json +59 -59
  84. models/mutation.policy.wanFirewall.moveRule.json +59 -59
  85. models/mutation.policy.wanFirewall.publishPolicyRevision.json +59 -59
  86. models/mutation.policy.wanFirewall.removeRule.json +59 -59
  87. models/mutation.policy.wanFirewall.updatePolicy.json +59 -59
  88. models/mutation.policy.wanFirewall.updateRule.json +77 -77
  89. models/mutation.policy.wanNetwork.addRule.json +49 -49
  90. models/mutation.policy.wanNetwork.createPolicyRevision.json +49 -49
  91. models/mutation.policy.wanNetwork.discardPolicyRevision.json +49 -49
  92. models/mutation.policy.wanNetwork.moveRule.json +49 -49
  93. models/mutation.policy.wanNetwork.publishPolicyRevision.json +49 -49
  94. models/mutation.policy.wanNetwork.removeRule.json +49 -49
  95. models/mutation.policy.wanNetwork.updatePolicy.json +49 -49
  96. models/mutation.policy.wanNetwork.updateRule.json +49 -49
  97. models/mutation.site.addBgpPeer.json +2812 -217
  98. models/mutation.site.addNetworkRange.json +114 -0
  99. models/mutation.site.addSocketSite.json +18 -0
  100. models/mutation.site.removeBgpPeer.json +667 -1
  101. models/mutation.site.updateBgpPeer.json +3152 -559
  102. models/mutation.site.updateNetworkRange.json +114 -0
  103. models/mutation.sites.addBgpPeer.json +2812 -217
  104. models/mutation.sites.addNetworkRange.json +114 -0
  105. models/mutation.sites.addSocketSite.json +18 -0
  106. models/mutation.sites.removeBgpPeer.json +667 -1
  107. models/mutation.sites.updateBgpPeer.json +3152 -559
  108. models/mutation.sites.updateNetworkRange.json +114 -0
  109. models/mutation.xdr.addStoryComment.json +2 -2
  110. models/mutation.xdr.analystFeedback.json +182 -42
  111. models/mutation.xdr.deleteStoryComment.json +2 -2
  112. models/query.accountMetrics.json +112 -0
  113. models/query.accountSnapshot.json +62 -0
  114. models/query.admin.json +46 -0
  115. models/query.admins.json +46 -0
  116. models/query.appStats.json +528 -0
  117. models/query.appStatsTimeSeries.json +396 -0
  118. models/query.auditFeed.json +273 -3336
  119. models/query.catalogs.json +9840 -0
  120. models/query.devices.json +15469 -0
  121. models/query.events.json +4606 -4318
  122. models/query.eventsFeed.json +1167 -1095
  123. models/query.eventsTimeSeries.json +3459 -3243
  124. models/query.hardware.json +5730 -0
  125. models/query.hardwareManagement.json +8 -2
  126. models/query.licensing.json +3 -3
  127. models/query.policy.json +3743 -298
  128. models/query.sandbox.json +6 -4
  129. models/query.site.json +1329 -4
  130. models/query.xdr.stories.json +182 -42
  131. models/query.xdr.story.json +182 -42
  132. schema/catolib.py +105 -28
  133. scripts/catolib.py +62 -0
  134. scripts/export_if_rules_to_json.py +188 -0
  135. scripts/export_wf_rules_to_json.py +111 -0
  136. scripts/import_wf_rules_to_tfstate.py +331 -0
  137. {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/LICENSE +0 -0
  138. {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/WHEEL +0 -0
  139. {catocli-1.0.21.dist-info → catocli-2.0.0.dist-info}/entry_points.txt +0 -0
models/query.xdr.stories.json CHANGED
@@ -7461,7 +7461,7 @@
7461
7461
  "responseStr": "site:$siteRef ",
7462
7462
  "type": {
7463
7463
  "definition": {
7464
- "description": null,
7464
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
7465
7465
  "enumValues": null,
7466
7466
  "fields": {
7467
7467
  "id": {
@@ -7705,7 +7705,7 @@
7705
7705
  "responseStr": "user:$userRef ",
7706
7706
  "type": {
7707
7707
  "definition": {
7708
- "description": null,
7708
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
7709
7709
  "enumValues": null,
7710
7710
  "fields": {
7711
7711
  "id": {
@@ -7818,7 +7818,7 @@
7818
7818
  "name": "MergedIncident",
7819
7819
  "possibleTypes": {
7820
7820
  "AnomalyEvents": {
7821
- "description": null,
7821
+ "description": "The `AnomalyEvents` object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.",
7822
7822
  "enumValues": null,
7823
7823
  "fields": {
7824
7824
  "analystFeedback": {
@@ -9456,7 +9456,7 @@
9456
9456
  "responseStr": "site:$siteRef ",
9457
9457
  "type": {
9458
9458
  "definition": {
9459
- "description": null,
9459
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
9460
9460
  "enumValues": null,
9461
9461
  "fields": {
9462
9462
  "id": {
@@ -10755,7 +10755,7 @@
10755
10755
  "responseStr": "user:$userRef ",
10756
10756
  "type": {
10757
10757
  "definition": {
10758
- "description": null,
10758
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
10759
10759
  "enumValues": null,
10760
10760
  "fields": {
10761
10761
  "id": {
@@ -10869,7 +10869,7 @@
10869
10869
  "possibleTypes": null
10870
10870
  },
10871
10871
  "AnomalyStats": {
10872
- "description": null,
10872
+ "description": "The `AnomalyStats` object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.",
10873
10873
  "enumValues": null,
10874
10874
  "fields": {
10875
10875
  "analystFeedback": {
@@ -12507,7 +12507,7 @@
12507
12507
  "responseStr": "site:$siteRef ",
12508
12508
  "type": {
12509
12509
  "definition": {
12510
- "description": null,
12510
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
12511
12511
  "enumValues": null,
12512
12512
  "fields": {
12513
12513
  "id": {
@@ -13806,7 +13806,7 @@
13806
13806
  "responseStr": "user:$userRef ",
13807
13807
  "type": {
13808
13808
  "definition": {
13809
- "description": null,
13809
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
13810
13810
  "enumValues": null,
13811
13811
  "fields": {
13812
13812
  "id": {
@@ -13920,7 +13920,7 @@
13920
13920
  "possibleTypes": null
13921
13921
  },
13922
13922
  "CatoEndpoint": {
13923
- "description": null,
13923
+ "description": "The `CatoEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.",
13924
13924
  "enumValues": null,
13925
13925
  "fields": {
13926
13926
  "alerts": {
@@ -13936,7 +13936,7 @@
13936
13936
  "responseStr": "alerts:$catoEndpointAlert ",
13937
13937
  "type": {
13938
13938
  "definition": {
13939
- "description": null,
13939
+ "description": "The `CatoEndpointAlert` object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.",
13940
13940
  "enumValues": null,
13941
13941
  "fields": {
13942
13942
  "activities": {
@@ -13953,7 +13953,7 @@
13953
13953
  "responseStr": "activities:$catoActivity ",
13954
13954
  "type": {
13955
13955
  "definition": {
13956
- "description": null,
13956
+ "description": "CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.",
13957
13957
  "enumValues": null,
13958
13958
  "fields": {
13959
13959
  "id": {
@@ -14163,6 +14163,26 @@
14163
14163
  },
14164
14164
  "varName": "engineType"
14165
14165
  },
14166
+ "externalIp": {
14167
+ "args": {},
14168
+ "deprecationReason": null,
14169
+ "description": null,
14170
+ "id_str": "stories___items___incident___CatoEndpoint___alerts___externalIp",
14171
+ "isDeprecated": false,
14172
+ "name": "externalIp",
14173
+ "path": "stories.items.incident.CatoEndpoint.alerts.externalIp",
14174
+ "requestStr": "$externalIp:String ",
14175
+ "required": false,
14176
+ "responseStr": "externalIp:$externalIp ",
14177
+ "type": {
14178
+ "kind": [
14179
+ "SCALAR"
14180
+ ],
14181
+ "name": "String",
14182
+ "non_null": false
14183
+ },
14184
+ "varName": "externalIp"
14185
+ },
14166
14186
  "id": {
14167
14187
  "args": {},
14168
14188
  "deprecationReason": null,
@@ -14184,6 +14204,26 @@
14184
14204
  },
14185
14205
  "varName": "id"
14186
14206
  },
14207
+ "localIp": {
14208
+ "args": {},
14209
+ "deprecationReason": null,
14210
+ "description": null,
14211
+ "id_str": "stories___items___incident___CatoEndpoint___alerts___localIp",
14212
+ "isDeprecated": false,
14213
+ "name": "localIp",
14214
+ "path": "stories.items.incident.CatoEndpoint.alerts.localIp",
14215
+ "requestStr": "$localIp:String ",
14216
+ "required": false,
14217
+ "responseStr": "localIp:$localIp ",
14218
+ "type": {
14219
+ "kind": [
14220
+ "SCALAR"
14221
+ ],
14222
+ "name": "String",
14223
+ "non_null": false
14224
+ },
14225
+ "varName": "localIp"
14226
+ },
14187
14227
  "mitreSubTechnique": {
14188
14228
  "alias": "mitreMitreSubTechnique: mitreSubTechnique",
14189
14229
  "args": {},
@@ -14554,7 +14594,7 @@
14554
14594
  "name": "CatoResource",
14555
14595
  "possibleTypes": {
14556
14596
  "CatoFileResource": {
14557
- "description": null,
14597
+ "description": "The `CatoFileResource` is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.",
14558
14598
  "enumValues": null,
14559
14599
  "fields": {
14560
14600
  "createdDateTime": {
@@ -15023,7 +15063,7 @@
15023
15063
  "possibleTypes": null
15024
15064
  },
15025
15065
  "CatoProcessResource": {
15026
- "description": null,
15066
+ "description": "The `CatoProcessResource` is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.",
15027
15067
  "enumValues": null,
15028
15068
  "fields": {
15029
15069
  "createdDateTime": {
@@ -15540,7 +15580,7 @@
15540
15580
  "name": "EndpointUser",
15541
15581
  "possibleTypes": {
15542
15582
  "CatoEndpointUser": {
15543
- "description": null,
15583
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
15544
15584
  "enumValues": null,
15545
15585
  "fields": {
15546
15586
  "id": {
@@ -15595,7 +15635,7 @@
15595
15635
  "possibleTypes": null
15596
15636
  },
15597
15637
  "MicrosoftEndpointUser": {
15598
- "description": null,
15638
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
15599
15639
  "enumValues": null,
15600
15640
  "fields": {
15601
15641
  "accountName": {
@@ -16350,7 +16390,7 @@
16350
16390
  "responseStr": "device:$catoEndpointDeviceDetails ",
16351
16391
  "type": {
16352
16392
  "definition": {
16353
- "description": null,
16393
+ "description": "The `CatoEndpointDeviceDetails` object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.",
16354
16394
  "enumValues": null,
16355
16395
  "fields": {
16356
16396
  "deviceName": {
@@ -16373,6 +16413,26 @@
16373
16413
  },
16374
16414
  "varName": "deviceName"
16375
16415
  },
16416
+ "externalIp": {
16417
+ "args": {},
16418
+ "deprecationReason": null,
16419
+ "description": null,
16420
+ "id_str": "stories___items___incident___CatoEndpoint___device___externalIp",
16421
+ "isDeprecated": false,
16422
+ "name": "externalIp",
16423
+ "path": "stories.items.incident.CatoEndpoint.device.externalIp",
16424
+ "requestStr": "$externalIp:String ",
16425
+ "required": false,
16426
+ "responseStr": "externalIp:$externalIp ",
16427
+ "type": {
16428
+ "kind": [
16429
+ "SCALAR"
16430
+ ],
16431
+ "name": "String",
16432
+ "non_null": false
16433
+ },
16434
+ "varName": "externalIp"
16435
+ },
16376
16436
  "id": {
16377
16437
  "args": {},
16378
16438
  "deprecationReason": null,
@@ -16394,6 +16454,26 @@
16394
16454
  },
16395
16455
  "varName": "id"
16396
16456
  },
16457
+ "localIp": {
16458
+ "args": {},
16459
+ "deprecationReason": null,
16460
+ "description": null,
16461
+ "id_str": "stories___items___incident___CatoEndpoint___device___localIp",
16462
+ "isDeprecated": false,
16463
+ "name": "localIp",
16464
+ "path": "stories.items.incident.CatoEndpoint.device.localIp",
16465
+ "requestStr": "$localIp:String ",
16466
+ "required": false,
16467
+ "responseStr": "localIp:$localIp ",
16468
+ "type": {
16469
+ "kind": [
16470
+ "SCALAR"
16471
+ ],
16472
+ "name": "String",
16473
+ "non_null": false
16474
+ },
16475
+ "varName": "localIp"
16476
+ },
16397
16477
  "loggedOnUsers": {
16398
16478
  "args": {},
16399
16479
  "deprecationReason": null,
@@ -16459,7 +16539,7 @@
16459
16539
  "name": "EndpointUser",
16460
16540
  "possibleTypes": {
16461
16541
  "CatoEndpointUser": {
16462
- "description": null,
16542
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
16463
16543
  "enumValues": null,
16464
16544
  "fields": {
16465
16545
  "id": {
@@ -16514,7 +16594,7 @@
16514
16594
  "possibleTypes": null
16515
16595
  },
16516
16596
  "MicrosoftEndpointUser": {
16517
- "description": null,
16597
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
16518
16598
  "enumValues": null,
16519
16599
  "fields": {
16520
16600
  "accountName": {
@@ -17347,7 +17427,7 @@
17347
17427
  "responseStr": "site:$siteRef ",
17348
17428
  "type": {
17349
17429
  "definition": {
17350
- "description": null,
17430
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
17351
17431
  "enumValues": null,
17352
17432
  "fields": {
17353
17433
  "id": {
@@ -17596,7 +17676,7 @@
17596
17676
  "responseStr": "user:$userRef ",
17597
17677
  "type": {
17598
17678
  "definition": {
17599
- "description": null,
17679
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
17600
17680
  "enumValues": null,
17601
17681
  "fields": {
17602
17682
  "id": {
@@ -17710,7 +17790,7 @@
17710
17790
  "possibleTypes": null
17711
17791
  },
17712
17792
  "MicrosoftEndpoint": {
17713
- "description": null,
17793
+ "description": "The `MicrosoftEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.",
17714
17794
  "enumValues": null,
17715
17795
  "fields": {
17716
17796
  "alerts": {
@@ -17726,7 +17806,7 @@
17726
17806
  "responseStr": "alerts:$microsoftDefenderEndpointAlert ",
17727
17807
  "type": {
17728
17808
  "definition": {
17729
- "description": null,
17809
+ "description": "The `MicrosoftDefenderEndpointAlert` object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.",
17730
17810
  "enumValues": null,
17731
17811
  "fields": {
17732
17812
  "activities": {
@@ -17743,7 +17823,7 @@
17743
17823
  "responseStr": "activities:$microsoftActivity ",
17744
17824
  "type": {
17745
17825
  "definition": {
17746
- "description": null,
17826
+ "description": "The `MicrosoftActivity` object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.",
17747
17827
  "enumValues": null,
17748
17828
  "fields": {
17749
17829
  "action": {
@@ -18348,6 +18428,26 @@
18348
18428
  },
18349
18429
  "varName": "determination"
18350
18430
  },
18431
+ "externalIp": {
18432
+ "args": {},
18433
+ "deprecationReason": null,
18434
+ "description": null,
18435
+ "id_str": "stories___items___incident___MicrosoftEndpoint___alerts___externalIp",
18436
+ "isDeprecated": false,
18437
+ "name": "externalIp",
18438
+ "path": "stories.items.incident.MicrosoftEndpoint.alerts.externalIp",
18439
+ "requestStr": "$externalIp:String ",
18440
+ "required": false,
18441
+ "responseStr": "externalIp:$externalIp ",
18442
+ "type": {
18443
+ "kind": [
18444
+ "SCALAR"
18445
+ ],
18446
+ "name": "String",
18447
+ "non_null": false
18448
+ },
18449
+ "varName": "externalIp"
18450
+ },
18351
18451
  "firstActivityDateTime": {
18352
18452
  "args": {},
18353
18453
  "deprecationReason": null,
@@ -19119,7 +19219,7 @@
19119
19219
  "name": "MicrosoftEndpointResource",
19120
19220
  "possibleTypes": {
19121
19221
  "MicrosoftFileResource": {
19122
- "description": null,
19222
+ "description": "The `MicrosoftFileResource` object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.",
19123
19223
  "enumValues": null,
19124
19224
  "fields": {
19125
19225
  "createdDateTime": {
@@ -19810,7 +19910,7 @@
19810
19910
  "possibleTypes": null
19811
19911
  },
19812
19912
  "MicrosoftProcessResource": {
19813
- "description": null,
19913
+ "description": "The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.",
19814
19914
  "enumValues": null,
19815
19915
  "fields": {
19816
19916
  "createdDateTime": {
@@ -20492,7 +20592,7 @@
20492
20592
  "name": "EndpointUser",
20493
20593
  "possibleTypes": {
20494
20594
  "CatoEndpointUser": {
20495
- "description": null,
20595
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
20496
20596
  "enumValues": null,
20497
20597
  "fields": {
20498
20598
  "id": {
@@ -20547,7 +20647,7 @@
20547
20647
  "possibleTypes": null
20548
20648
  },
20549
20649
  "MicrosoftEndpointUser": {
20550
- "description": null,
20650
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
20551
20651
  "enumValues": null,
20552
20652
  "fields": {
20553
20653
  "accountName": {
@@ -20757,7 +20857,7 @@
20757
20857
  "possibleTypes": null
20758
20858
  },
20759
20859
  "MicrosoftRegistryResource": {
20760
- "description": null,
20860
+ "description": "The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
20761
20861
  "enumValues": null,
20762
20862
  "fields": {
20763
20863
  "createdDateTime": {
@@ -21826,7 +21926,7 @@
21826
21926
  "responseStr": "device:$microsoftDeviceDetails ",
21827
21927
  "type": {
21828
21928
  "definition": {
21829
- "description": null,
21929
+ "description": "The `MicrosoftDeviceDetails` object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.",
21830
21930
  "enumValues": null,
21831
21931
  "fields": {
21832
21932
  "avStatus": {
@@ -21925,6 +22025,26 @@
21925
22025
  },
21926
22026
  "varName": "deviceName"
21927
22027
  },
22028
+ "externalIp": {
22029
+ "args": {},
22030
+ "deprecationReason": null,
22031
+ "description": null,
22032
+ "id_str": "stories___items___incident___MicrosoftEndpoint___device___externalIp",
22033
+ "isDeprecated": false,
22034
+ "name": "externalIp",
22035
+ "path": "stories.items.incident.MicrosoftEndpoint.device.externalIp",
22036
+ "requestStr": "$externalIp:String ",
22037
+ "required": false,
22038
+ "responseStr": "externalIp:$externalIp ",
22039
+ "type": {
22040
+ "kind": [
22041
+ "SCALAR"
22042
+ ],
22043
+ "name": "String",
22044
+ "non_null": false
22045
+ },
22046
+ "varName": "externalIp"
22047
+ },
21928
22048
  "firstSeenDateTime": {
21929
22049
  "args": {},
21930
22050
  "deprecationReason": null,
@@ -22051,6 +22171,26 @@
22051
22171
  },
22052
22172
  "varName": "ipInterfaces"
22053
22173
  },
22174
+ "localIp": {
22175
+ "args": {},
22176
+ "deprecationReason": null,
22177
+ "description": null,
22178
+ "id_str": "stories___items___incident___MicrosoftEndpoint___device___localIp",
22179
+ "isDeprecated": false,
22180
+ "name": "localIp",
22181
+ "path": "stories.items.incident.MicrosoftEndpoint.device.localIp",
22182
+ "requestStr": "$localIp:String ",
22183
+ "required": false,
22184
+ "responseStr": "localIp:$localIp ",
22185
+ "type": {
22186
+ "kind": [
22187
+ "SCALAR"
22188
+ ],
22189
+ "name": "String",
22190
+ "non_null": false
22191
+ },
22192
+ "varName": "localIp"
22193
+ },
22054
22194
  "loggedOnUsers": {
22055
22195
  "args": {},
22056
22196
  "deprecationReason": null,
@@ -22116,7 +22256,7 @@
22116
22256
  "name": "EndpointUser",
22117
22257
  "possibleTypes": {
22118
22258
  "CatoEndpointUser": {
22119
- "description": null,
22259
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
22120
22260
  "enumValues": null,
22121
22261
  "fields": {
22122
22262
  "id": {
@@ -22171,7 +22311,7 @@
22171
22311
  "possibleTypes": null
22172
22312
  },
22173
22313
  "MicrosoftEndpointUser": {
22174
- "description": null,
22314
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
22175
22315
  "enumValues": null,
22176
22316
  "fields": {
22177
22317
  "accountName": {
@@ -23107,7 +23247,7 @@
23107
23247
  "responseStr": "site:$siteRef ",
23108
23248
  "type": {
23109
23249
  "definition": {
23110
- "description": null,
23250
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
23111
23251
  "enumValues": null,
23112
23252
  "fields": {
23113
23253
  "id": {
@@ -23356,7 +23496,7 @@
23356
23496
  "responseStr": "user:$userRef ",
23357
23497
  "type": {
23358
23498
  "definition": {
23359
- "description": null,
23499
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
23360
23500
  "enumValues": null,
23361
23501
  "fields": {
23362
23502
  "id": {
@@ -23470,7 +23610,7 @@
23470
23610
  "possibleTypes": null
23471
23611
  },
23472
23612
  "NetworkXDRIncident": {
23473
- "description": null,
23613
+ "description": "The `NetworkXDRIncident` object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.",
23474
23614
  "enumValues": null,
23475
23615
  "fields": {
23476
23616
  "acknowledged": {
@@ -26375,7 +26515,7 @@
26375
26515
  "responseStr": "site:$siteRef ",
26376
26516
  "type": {
26377
26517
  "definition": {
26378
- "description": null,
26518
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
26379
26519
  "enumValues": null,
26380
26520
  "fields": {
26381
26521
  "id": {
@@ -26686,7 +26826,7 @@
26686
26826
  "responseStr": "user:$userRef ",
26687
26827
  "type": {
26688
26828
  "definition": {
26689
- "description": null,
26829
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
26690
26830
  "enumValues": null,
26691
26831
  "fields": {
26692
26832
  "id": {
@@ -26800,7 +26940,7 @@
26800
26940
  "possibleTypes": null
26801
26941
  },
26802
26942
  "Threat": {
26803
- "description": null,
26943
+ "description": "The \"Threat\" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.",
26804
26944
  "enumValues": null,
26805
26945
  "fields": {
26806
26946
  "analystFeedback": {
@@ -28857,7 +28997,7 @@
28857
28997
  "responseStr": "site:$siteRef ",
28858
28998
  "type": {
28859
28999
  "definition": {
28860
- "description": null,
29000
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
28861
29001
  "enumValues": null,
28862
29002
  "fields": {
28863
29003
  "id": {
@@ -30136,7 +30276,7 @@
30136
30276
  "responseStr": "user:$userRef ",
30137
30277
  "type": {
30138
30278
  "definition": {
30139
- "description": null,
30279
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
30140
30280
  "enumValues": null,
30141
30281
  "fields": {
30142
30282
  "id": {
@@ -30250,7 +30390,7 @@
30250
30390
  "possibleTypes": null
30251
30391
  },
30252
30392
  "ThreatPrevention": {
30253
- "description": null,
30393
+ "description": "The `ThreatPrevention` object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.",
30254
30394
  "enumValues": null,
30255
30395
  "fields": {
30256
30396
  "analystFeedback": {
@@ -31793,7 +31933,7 @@
31793
31933
  "responseStr": "site:$siteRef ",
31794
31934
  "type": {
31795
31935
  "definition": {
31796
- "description": null,
31936
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
31797
31937
  "enumValues": null,
31798
31938
  "fields": {
31799
31939
  "id": {
@@ -33586,7 +33726,7 @@
33586
33726
  "responseStr": "user:$userRef ",
33587
33727
  "type": {
33588
33728
  "definition": {
33589
- "description": null,
33729
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
33590
33730
  "enumValues": null,
33591
33731
  "fields": {
33592
33732
  "id": {